mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2024-12-23 08:36:29 +00:00
Merge branch 'release/2.0.7' into 'stable'
Release/2.0.7 See merge request pleroma/secteam/pleroma!8
This commit is contained in:
commit
f891e2b2f1
20 changed files with 339 additions and 121 deletions
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -3,6 +3,20 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
|
|
||||||
|
## [2.0.7] - 2020-06-13
|
||||||
|
|
||||||
|
### Security
|
||||||
|
- Fix potential DoSes exploiting atom leaks in rich media parser and the `UserAllowListPolicy` MRF policy
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- CSP: not allowing images/media from every host when mediaproxy is disabled
|
||||||
|
- CSP: not adding mediaproxy base url to image/media hosts
|
||||||
|
- StaticFE missing the CSS file
|
||||||
|
|
||||||
|
### Upgrade notes
|
||||||
|
|
||||||
|
1. Restart Pleroma
|
||||||
|
|
||||||
## [2.0.6] - 2020-06-09
|
## [2.0.6] - 2020-06-09
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
|
@ -1483,14 +1483,12 @@ config :pleroma, :config_description, [
|
||||||
# %{
|
# %{
|
||||||
# group: :pleroma,
|
# group: :pleroma,
|
||||||
# key: :mrf_user_allowlist,
|
# key: :mrf_user_allowlist,
|
||||||
# type: :group,
|
# type: :map,
|
||||||
# description:
|
# description:
|
||||||
# "The keys in this section are the domain names that the policy should apply to." <>
|
# "The keys in this section are the domain names that the policy should apply to." <>
|
||||||
# " Each key should be assigned a list of users that should be allowed through by their ActivityPub ID",
|
# " Each key should be assigned a list of users that should be allowed through by their ActivityPub ID",
|
||||||
# children: [
|
|
||||||
# ["example.org": ["https://example.org/users/admin"]],
|
|
||||||
# suggestions: [
|
# suggestions: [
|
||||||
# ["example.org": ["https://example.org/users/admin"]]
|
# %{"example.org" => ["https://example.org/users/admin"]}
|
||||||
# ]
|
# ]
|
||||||
# ]
|
# ]
|
||||||
# },
|
# },
|
||||||
|
|
|
@ -133,8 +133,9 @@ their ActivityPub ID.
|
||||||
An example:
|
An example:
|
||||||
|
|
||||||
```elixir
|
```elixir
|
||||||
config :pleroma, :mrf_user_allowlist,
|
config :pleroma, :mrf_user_allowlist, %{
|
||||||
"example.org": ["https://example.org/users/admin"]
|
"example.org" => ["https://example.org/users/admin"]
|
||||||
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
#### :mrf_object_age
|
#### :mrf_object_age
|
||||||
|
|
|
@ -4,9 +4,10 @@
|
||||||
|
|
||||||
defmodule Pleroma.Config.DeprecationWarnings do
|
defmodule Pleroma.Config.DeprecationWarnings do
|
||||||
require Logger
|
require Logger
|
||||||
|
alias Pleroma.Config
|
||||||
|
|
||||||
def check_hellthread_threshold do
|
def check_hellthread_threshold do
|
||||||
if Pleroma.Config.get([:mrf_hellthread, :threshold]) do
|
if Config.get([:mrf_hellthread, :threshold]) do
|
||||||
Logger.warn("""
|
Logger.warn("""
|
||||||
!!!DEPRECATION WARNING!!!
|
!!!DEPRECATION WARNING!!!
|
||||||
You are using the old configuration mechanism for the hellthread filter. Please check config.md.
|
You are using the old configuration mechanism for the hellthread filter. Please check config.md.
|
||||||
|
@ -14,7 +15,29 @@ defmodule Pleroma.Config.DeprecationWarnings do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def mrf_user_allowlist do
|
||||||
|
config = Config.get(:mrf_user_allowlist)
|
||||||
|
|
||||||
|
if config && Enum.any?(config, fn {k, _} -> is_atom(k) end) do
|
||||||
|
rewritten =
|
||||||
|
Enum.reduce(Config.get(:mrf_user_allowlist), Map.new(), fn {k, v}, acc ->
|
||||||
|
Map.put(acc, to_string(k), v)
|
||||||
|
end)
|
||||||
|
|
||||||
|
Config.put(:mrf_user_allowlist, rewritten)
|
||||||
|
|
||||||
|
Logger.error("""
|
||||||
|
!!!DEPRECATION WARNING!!!
|
||||||
|
As of Pleroma 2.0.7, the `mrf_user_allowlist` setting changed of format.
|
||||||
|
Pleroma 2.1 will remove support for the old format. Please change your configuration to match this:
|
||||||
|
|
||||||
|
config :pleroma, :mrf_user_allowlist, #{inspect(rewritten, pretty: true)}
|
||||||
|
""")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def warn do
|
def warn do
|
||||||
check_hellthread_threshold()
|
check_hellthread_threshold()
|
||||||
|
mrf_user_allowlist()
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -20,4 +20,9 @@ defmodule Pleroma.Constants do
|
||||||
"deleted_activity_id"
|
"deleted_activity_id"
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const(static_only_files,
|
||||||
|
do:
|
||||||
|
~w(index.html robots.txt static static-fe finmoji emoji packs sounds images instance sw.js sw-pleroma.js favicon.png schemas doc)
|
||||||
|
)
|
||||||
end
|
end
|
||||||
|
|
|
@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
||||||
sources = get_proxy_and_attachment_sources()
|
sources = get_proxy_and_attachment_sources()
|
||||||
{[img_src, sources], [media_src, sources]}
|
{[img_src, sources], [media_src, sources]}
|
||||||
else
|
else
|
||||||
{img_src, media_src}
|
{[img_src, " https:"], [media_src, " https:"]}
|
||||||
end
|
end
|
||||||
|
|
||||||
connect_src = ["connect-src 'self' ", static_url, ?\s, websocket_url]
|
connect_src = ["connect-src 'self' ", static_url, ?\s, websocket_url]
|
||||||
|
@ -113,6 +113,10 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
||||||
add_source(acc, host)
|
add_source(acc, host)
|
||||||
end)
|
end)
|
||||||
|
|
||||||
|
media_proxy_base_url =
|
||||||
|
if Config.get([:media_proxy, :base_url]),
|
||||||
|
do: URI.parse(Config.get([:media_proxy, :base_url])).host
|
||||||
|
|
||||||
upload_base_url =
|
upload_base_url =
|
||||||
if Config.get([Pleroma.Upload, :base_url]),
|
if Config.get([Pleroma.Upload, :base_url]),
|
||||||
do: URI.parse(Config.get([Pleroma.Upload, :base_url])).host
|
do: URI.parse(Config.get([Pleroma.Upload, :base_url])).host
|
||||||
|
@ -122,6 +126,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
||||||
do: URI.parse(Config.get([Pleroma.Uploaders.S3, :public_endpoint])).host
|
do: URI.parse(Config.get([Pleroma.Uploaders.S3, :public_endpoint])).host
|
||||||
|
|
||||||
[]
|
[]
|
||||||
|
|> add_source(media_proxy_base_url)
|
||||||
|> add_source(upload_base_url)
|
|> add_source(upload_base_url)
|
||||||
|> add_source(s3_endpoint)
|
|> add_source(s3_endpoint)
|
||||||
|> add_source(media_proxy_whitelist)
|
|> add_source(media_proxy_whitelist)
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Plugs.InstanceStatic do
|
defmodule Pleroma.Plugs.InstanceStatic do
|
||||||
|
require Pleroma.Constants
|
||||||
|
|
||||||
@moduledoc """
|
@moduledoc """
|
||||||
This is a shim to call `Plug.Static` but with runtime `from` configuration.
|
This is a shim to call `Plug.Static` but with runtime `from` configuration.
|
||||||
|
|
||||||
|
@ -21,9 +23,6 @@ defmodule Pleroma.Plugs.InstanceStatic do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@only ~w(index.html robots.txt static emoji packs sounds images instance favicon.png sw.js
|
|
||||||
sw-pleroma.js)
|
|
||||||
|
|
||||||
def init(opts) do
|
def init(opts) do
|
||||||
opts
|
opts
|
||||||
|> Keyword.put(:from, "__unconfigured_instance_static_plug")
|
|> Keyword.put(:from, "__unconfigured_instance_static_plug")
|
||||||
|
@ -31,7 +30,7 @@ defmodule Pleroma.Plugs.InstanceStatic do
|
||||||
|> Plug.Static.init()
|
|> Plug.Static.init()
|
||||||
end
|
end
|
||||||
|
|
||||||
for only <- @only do
|
for only <- Pleroma.Constants.static_only_files() do
|
||||||
at = Plug.Router.Utils.split("/")
|
at = Plug.Router.Utils.split("/")
|
||||||
|
|
||||||
def call(%{request_path: "/" <> unquote(only) <> _} = conn, opts) do
|
def call(%{request_path: "/" <> unquote(only) <> _} = conn, opts) do
|
||||||
|
|
|
@ -24,7 +24,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.UserAllowListPolicy do
|
||||||
|
|
||||||
allow_list =
|
allow_list =
|
||||||
Config.get(
|
Config.get(
|
||||||
[:mrf_user_allowlist, String.to_atom(actor_info.host)],
|
[:mrf_user_allowlist, actor_info.host],
|
||||||
[]
|
[]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,8 @@
|
||||||
defmodule Pleroma.Web.Endpoint do
|
defmodule Pleroma.Web.Endpoint do
|
||||||
use Phoenix.Endpoint, otp_app: :pleroma
|
use Phoenix.Endpoint, otp_app: :pleroma
|
||||||
|
|
||||||
|
require Pleroma.Constants
|
||||||
|
|
||||||
socket("/socket", Pleroma.Web.UserSocket)
|
socket("/socket", Pleroma.Web.UserSocket)
|
||||||
|
|
||||||
plug(Pleroma.Plugs.SetLocalePlug)
|
plug(Pleroma.Plugs.SetLocalePlug)
|
||||||
|
@ -34,8 +36,7 @@ defmodule Pleroma.Web.Endpoint do
|
||||||
Plug.Static,
|
Plug.Static,
|
||||||
at: "/",
|
at: "/",
|
||||||
from: :pleroma,
|
from: :pleroma,
|
||||||
only:
|
only: Pleroma.Constants.static_only_files(),
|
||||||
~w(index.html robots.txt static finmoji emoji packs sounds images instance sw.js sw-pleroma.js favicon.png schemas doc),
|
|
||||||
# credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
|
# credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
|
||||||
gzip: true,
|
gzip: true,
|
||||||
cache_control_for_etags: @static_cache_control,
|
cache_control_for_etags: @static_cache_control,
|
||||||
|
|
|
@ -307,8 +307,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
|
||||||
page_url_data = URI.parse(page_url)
|
page_url_data = URI.parse(page_url)
|
||||||
|
|
||||||
page_url_data =
|
page_url_data =
|
||||||
if rich_media[:url] != nil do
|
if is_binary(rich_media["url"]) do
|
||||||
URI.merge(page_url_data, URI.parse(rich_media[:url]))
|
URI.merge(page_url_data, URI.parse(rich_media["url"]))
|
||||||
else
|
else
|
||||||
page_url_data
|
page_url_data
|
||||||
end
|
end
|
||||||
|
@ -316,11 +316,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
|
||||||
page_url = page_url_data |> to_string
|
page_url = page_url_data |> to_string
|
||||||
|
|
||||||
image_url =
|
image_url =
|
||||||
if rich_media[:image] != nil do
|
if is_binary(rich_media["image"]) do
|
||||||
URI.merge(page_url_data, URI.parse(rich_media[:image]))
|
URI.merge(page_url_data, URI.parse(rich_media["image"]))
|
||||||
|> to_string
|
|> to_string
|
||||||
else
|
|
||||||
nil
|
|
||||||
end
|
end
|
||||||
|
|
||||||
%{
|
%{
|
||||||
|
@ -329,8 +327,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
|
||||||
provider_url: page_url_data.scheme <> "://" <> page_url_data.host,
|
provider_url: page_url_data.scheme <> "://" <> page_url_data.host,
|
||||||
url: page_url,
|
url: page_url,
|
||||||
image: image_url |> MediaProxy.url(),
|
image: image_url |> MediaProxy.url(),
|
||||||
title: rich_media[:title] || "",
|
title: rich_media["title"] || "",
|
||||||
description: rich_media[:description] || "",
|
description: rich_media["description"] || "",
|
||||||
pleroma: %{
|
pleroma: %{
|
||||||
opengraph: rich_media
|
opengraph: rich_media
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,7 +9,7 @@ defmodule Pleroma.Web.RichMedia.Helpers do
|
||||||
alias Pleroma.Object
|
alias Pleroma.Object
|
||||||
alias Pleroma.Web.RichMedia.Parser
|
alias Pleroma.Web.RichMedia.Parser
|
||||||
|
|
||||||
@spec validate_page_url(any()) :: :ok | :error
|
@spec validate_page_url(URI.t() | binary()) :: :ok | :error
|
||||||
defp validate_page_url(page_url) when is_binary(page_url) do
|
defp validate_page_url(page_url) when is_binary(page_url) do
|
||||||
validate_tld = Application.get_env(:auto_linker, :opts)[:validate_tld]
|
validate_tld = Application.get_env(:auto_linker, :opts)[:validate_tld]
|
||||||
|
|
||||||
|
@ -18,8 +18,8 @@ defmodule Pleroma.Web.RichMedia.Helpers do
|
||||||
|> parse_uri(page_url)
|
|> parse_uri(page_url)
|
||||||
end
|
end
|
||||||
|
|
||||||
defp validate_page_url(%URI{host: host, scheme: scheme, authority: authority})
|
defp validate_page_url(%URI{host: host, scheme: "https", authority: authority})
|
||||||
when scheme == "https" and not is_nil(authority) do
|
when is_binary(authority) do
|
||||||
cond do
|
cond do
|
||||||
host in Config.get([:rich_media, :ignore_hosts], []) ->
|
host in Config.get([:rich_media, :ignore_hosts], []) ->
|
||||||
:error
|
:error
|
||||||
|
|
|
@ -83,7 +83,7 @@ defmodule Pleroma.Web.RichMedia.Parser do
|
||||||
html
|
html
|
||||||
|> parse_html()
|
|> parse_html()
|
||||||
|> maybe_parse()
|
|> maybe_parse()
|
||||||
|> Map.put(:url, url)
|
|> Map.put("url", url)
|
||||||
|> clean_parsed_data()
|
|> clean_parsed_data()
|
||||||
|> check_parsed_data()
|
|> check_parsed_data()
|
||||||
rescue
|
rescue
|
||||||
|
@ -103,8 +103,8 @@ defmodule Pleroma.Web.RichMedia.Parser do
|
||||||
end)
|
end)
|
||||||
end
|
end
|
||||||
|
|
||||||
defp check_parsed_data(%{title: title} = data)
|
defp check_parsed_data(%{"title" => title} = data)
|
||||||
when is_binary(title) and byte_size(title) > 0 do
|
when is_binary(title) and title != "" do
|
||||||
{:ok, data}
|
{:ok, data}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -115,11 +115,7 @@ defmodule Pleroma.Web.RichMedia.Parser do
|
||||||
defp clean_parsed_data(data) do
|
defp clean_parsed_data(data) do
|
||||||
data
|
data
|
||||||
|> Enum.reject(fn {key, val} ->
|
|> Enum.reject(fn {key, val} ->
|
||||||
with {:ok, _} <- Jason.encode(%{key => val}) do
|
not match?({:ok, _}, Jason.encode(%{key => val}))
|
||||||
false
|
|
||||||
else
|
|
||||||
_ -> true
|
|
||||||
end
|
|
||||||
end)
|
end)
|
||||||
|> Map.new()
|
|> Map.new()
|
||||||
end
|
end
|
||||||
|
|
|
@ -29,19 +29,19 @@ defmodule Pleroma.Web.RichMedia.Parsers.MetaTagsParser do
|
||||||
{_tag, attributes, _children} = html_node
|
{_tag, attributes, _children} = html_node
|
||||||
|
|
||||||
data =
|
data =
|
||||||
Enum.into(attributes, %{}, fn {name, value} ->
|
Map.new(attributes, fn {name, value} ->
|
||||||
{name, String.trim_leading(value, "#{prefix}:")}
|
{name, String.trim_leading(value, "#{prefix}:")}
|
||||||
end)
|
end)
|
||||||
|
|
||||||
%{String.to_atom(data[key_name]) => data[value_name]}
|
%{data[key_name] => data[value_name]}
|
||||||
end
|
end
|
||||||
|
|
||||||
defp maybe_put_title(%{title: _} = meta, _), do: meta
|
defp maybe_put_title(%{"title" => _} = meta, _), do: meta
|
||||||
|
|
||||||
defp maybe_put_title(meta, html) when meta != %{} do
|
defp maybe_put_title(meta, html) when meta != %{} do
|
||||||
case get_page_title(html) do
|
case get_page_title(html) do
|
||||||
"" -> meta
|
"" -> meta
|
||||||
title -> Map.put_new(meta, :title, title)
|
title -> Map.put_new(meta, "title", title)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
defmodule Pleroma.Web.RichMedia.Parsers.OEmbed do
|
defmodule Pleroma.Web.RichMedia.Parsers.OEmbed do
|
||||||
def parse(html, _data) do
|
def parse(html, _data) do
|
||||||
with elements = [_ | _] <- get_discovery_data(html),
|
with elements = [_ | _] <- get_discovery_data(html),
|
||||||
{:ok, oembed_url} <- get_oembed_url(elements),
|
oembed_url when is_binary(oembed_url) <- get_oembed_url(elements),
|
||||||
{:ok, oembed_data} <- get_oembed_data(oembed_url) do
|
{:ok, oembed_data} <- get_oembed_data(oembed_url) do
|
||||||
{:ok, oembed_data}
|
{:ok, oembed_data}
|
||||||
else
|
else
|
||||||
|
@ -17,19 +17,13 @@ defmodule Pleroma.Web.RichMedia.Parsers.OEmbed do
|
||||||
html |> Floki.find("link[type='application/json+oembed']")
|
html |> Floki.find("link[type='application/json+oembed']")
|
||||||
end
|
end
|
||||||
|
|
||||||
defp get_oembed_url(nodes) do
|
defp get_oembed_url([{"link", attributes, _children} | _]) do
|
||||||
{"link", attributes, _children} = nodes |> hd()
|
Enum.find_value(attributes, fn {k, v} -> if k == "href", do: v end)
|
||||||
|
|
||||||
{:ok, Enum.into(attributes, %{})["href"]}
|
|
||||||
end
|
end
|
||||||
|
|
||||||
defp get_oembed_data(url) do
|
defp get_oembed_data(url) do
|
||||||
{:ok, %Tesla.Env{body: json}} = Pleroma.HTTP.get(url, [], adapter: [pool: :media])
|
with {:ok, %Tesla.Env{body: json}} <- Pleroma.HTTP.get(url, [], adapter: [pool: :media]) do
|
||||||
|
Jason.decode(json)
|
||||||
{:ok, data} = Jason.decode(json)
|
end
|
||||||
|
|
||||||
data = data |> Map.new(fn {k, v} -> {String.to_atom(k), v} end)
|
|
||||||
|
|
||||||
{:ok, data}
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
<meta name="viewport" content="width=device-width,initial-scale=1,minimal-ui" />
|
<meta name="viewport" content="width=device-width,initial-scale=1,minimal-ui" />
|
||||||
<title><%= Pleroma.Config.get([:instance, :name]) %></title>
|
<title><%= Pleroma.Config.get([:instance, :name]) %></title>
|
||||||
<%= Phoenix.HTML.raw(assigns[:meta] || "") %>
|
<%= Phoenix.HTML.raw(assigns[:meta] || "") %>
|
||||||
<link rel="stylesheet" href="/static/static-fe.css">
|
<link rel="stylesheet" href="/static-fe/static-fe.css">
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<div class="container">
|
<div class="container">
|
||||||
|
|
2
mix.exs
2
mix.exs
|
@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
|
||||||
def project do
|
def project do
|
||||||
[
|
[
|
||||||
app: :pleroma,
|
app: :pleroma,
|
||||||
version: version("2.0.6"),
|
version: version("2.0.7"),
|
||||||
elixir: "~> 1.8",
|
elixir: "~> 1.8",
|
||||||
elixirc_paths: elixirc_paths(Mix.env()),
|
elixirc_paths: elixirc_paths(Mix.env()),
|
||||||
compilers: [:phoenix, :gettext] ++ Mix.compilers(),
|
compilers: [:phoenix, :gettext] ++ Mix.compilers(),
|
||||||
|
|
183
priv/static/static-fe/static-fe.css
Normal file
183
priv/static/static-fe/static-fe.css
Normal file
|
@ -0,0 +1,183 @@
|
||||||
|
body {
|
||||||
|
background-color: #282c37;
|
||||||
|
font-family: sans-serif;
|
||||||
|
color: white;
|
||||||
|
}
|
||||||
|
|
||||||
|
main {
|
||||||
|
margin: 50px auto;
|
||||||
|
max-width: 960px;
|
||||||
|
padding: 40px;
|
||||||
|
background-color: #313543;
|
||||||
|
border-radius: 4px;
|
||||||
|
}
|
||||||
|
|
||||||
|
header {
|
||||||
|
margin: 50px auto;
|
||||||
|
max-width: 960px;
|
||||||
|
padding: 40px;
|
||||||
|
background-color: #313543;
|
||||||
|
border-radius: 4px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activity {
|
||||||
|
border-radius: 4px;
|
||||||
|
padding: 1em;
|
||||||
|
padding-bottom: 2em;
|
||||||
|
margin-bottom: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.avatar {
|
||||||
|
cursor: pointer;
|
||||||
|
}
|
||||||
|
|
||||||
|
.avatar img {
|
||||||
|
float: left;
|
||||||
|
border-radius: 4px;
|
||||||
|
margin-right: 4px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activity-content img, video, audio {
|
||||||
|
padding: 1em;
|
||||||
|
max-width: 800px;
|
||||||
|
max-height: 800px;
|
||||||
|
}
|
||||||
|
|
||||||
|
#selected {
|
||||||
|
background-color: #1b2735;
|
||||||
|
}
|
||||||
|
|
||||||
|
.counts dt, .counts dd {
|
||||||
|
float: left;
|
||||||
|
margin-left: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
a {
|
||||||
|
color: white;
|
||||||
|
}
|
||||||
|
|
||||||
|
.h-card {
|
||||||
|
min-height: 48px;
|
||||||
|
margin-bottom: 8px;
|
||||||
|
}
|
||||||
|
|
||||||
|
header a, .h-card a {
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
header a:hover, .h-card a:hover {
|
||||||
|
text-decoration: underline;
|
||||||
|
}
|
||||||
|
|
||||||
|
.display-name {
|
||||||
|
padding-top: 4px;
|
||||||
|
display: block;
|
||||||
|
text-overflow: ellipsis;
|
||||||
|
overflow: hidden;
|
||||||
|
color: white;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* keep emoji from being hilariously huge */
|
||||||
|
.display-name img {
|
||||||
|
max-height: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.display-name .nickname {
|
||||||
|
padding-top: 4px;
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.nickname:hover {
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.pull-right {
|
||||||
|
float: right;
|
||||||
|
}
|
||||||
|
|
||||||
|
.collapse {
|
||||||
|
margin: 0;
|
||||||
|
width: auto;
|
||||||
|
}
|
||||||
|
|
||||||
|
h1 {
|
||||||
|
margin: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
h2 {
|
||||||
|
color: #9baec8;
|
||||||
|
font-weight: normal;
|
||||||
|
font-size: 20px;
|
||||||
|
margin-bottom: 40px;
|
||||||
|
}
|
||||||
|
|
||||||
|
form {
|
||||||
|
width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
input {
|
||||||
|
box-sizing: border-box;
|
||||||
|
width: 100%;
|
||||||
|
padding: 10px;
|
||||||
|
margin-top: 20px;
|
||||||
|
background-color: rgba(0,0,0,.1);
|
||||||
|
color: white;
|
||||||
|
border: 0;
|
||||||
|
border-bottom: 2px solid #9baec8;
|
||||||
|
font-size: 14px;
|
||||||
|
}
|
||||||
|
|
||||||
|
input:focus {
|
||||||
|
border-bottom: 2px solid #4b8ed8;
|
||||||
|
}
|
||||||
|
|
||||||
|
input[type="checkbox"] {
|
||||||
|
width: auto;
|
||||||
|
}
|
||||||
|
|
||||||
|
button {
|
||||||
|
box-sizing: border-box;
|
||||||
|
width: 100%;
|
||||||
|
color: white;
|
||||||
|
background-color: #419bdd;
|
||||||
|
border-radius: 4px;
|
||||||
|
border: none;
|
||||||
|
padding: 10px;
|
||||||
|
margin-top: 30px;
|
||||||
|
text-transform: uppercase;
|
||||||
|
font-weight: 500;
|
||||||
|
font-size: 16px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.alert-danger {
|
||||||
|
box-sizing: border-box;
|
||||||
|
width: 100%;
|
||||||
|
color: #D8000C;
|
||||||
|
background-color: #FFD2D2;
|
||||||
|
border-radius: 4px;
|
||||||
|
border: none;
|
||||||
|
padding: 10px;
|
||||||
|
margin-top: 20px;
|
||||||
|
font-weight: 500;
|
||||||
|
font-size: 16px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.alert-info {
|
||||||
|
box-sizing: border-box;
|
||||||
|
width: 100%;
|
||||||
|
color: #00529B;
|
||||||
|
background-color: #BDE5F8;
|
||||||
|
border-radius: 4px;
|
||||||
|
border: none;
|
||||||
|
padding: 10px;
|
||||||
|
margin-top: 20px;
|
||||||
|
font-weight: 500;
|
||||||
|
font-size: 16px;
|
||||||
|
}
|
||||||
|
|
||||||
|
img.emoji {
|
||||||
|
width: 32px;
|
||||||
|
height: 32px;
|
||||||
|
padding: 0;
|
||||||
|
vertical-align: middle;
|
||||||
|
}
|
|
@ -17,14 +17,14 @@ defmodule Pleroma.Web.ActivityPub.MRF.UserAllowListPolicyTest do
|
||||||
|
|
||||||
test "pass filter if allow list isn't empty and user in allow list" do
|
test "pass filter if allow list isn't empty and user in allow list" do
|
||||||
actor = insert(:user)
|
actor = insert(:user)
|
||||||
Pleroma.Config.put([:mrf_user_allowlist, :localhost], [actor.ap_id, "test-ap-id"])
|
Pleroma.Config.put([:mrf_user_allowlist], %{"localhost" => [actor.ap_id, "test-ap-id"]})
|
||||||
message = %{"actor" => actor.ap_id}
|
message = %{"actor" => actor.ap_id}
|
||||||
assert UserAllowListPolicy.filter(message) == {:ok, message}
|
assert UserAllowListPolicy.filter(message) == {:ok, message}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "rejected if allow list isn't empty and user not in allow list" do
|
test "rejected if allow list isn't empty and user not in allow list" do
|
||||||
actor = insert(:user)
|
actor = insert(:user)
|
||||||
Pleroma.Config.put([:mrf_user_allowlist, :localhost], ["test-ap-id"])
|
Pleroma.Config.put([:mrf_user_allowlist], %{"localhost" => ["test-ap-id"]})
|
||||||
message = %{"actor" => actor.ap_id}
|
message = %{"actor" => actor.ap_id}
|
||||||
assert UserAllowListPolicy.filter(message) == {:reject, nil}
|
assert UserAllowListPolicy.filter(message) == {:reject, nil}
|
||||||
end
|
end
|
||||||
|
|
|
@ -60,19 +60,19 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
|
||||||
test "doesn't just add a title" do
|
test "doesn't just add a title" do
|
||||||
assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/non-ogp") ==
|
assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/non-ogp") ==
|
||||||
{:error,
|
{:error,
|
||||||
"Found metadata was invalid or incomplete: %{url: \"http://example.com/non-ogp\"}"}
|
"Found metadata was invalid or incomplete: %{\"url\" => \"http://example.com/non-ogp\"}"}
|
||||||
end
|
end
|
||||||
|
|
||||||
test "parses ogp" do
|
test "parses ogp" do
|
||||||
assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/ogp") ==
|
assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/ogp") ==
|
||||||
{:ok,
|
{:ok,
|
||||||
%{
|
%{
|
||||||
image: "http://ia.media-imdb.com/images/rock.jpg",
|
"image" => "http://ia.media-imdb.com/images/rock.jpg",
|
||||||
title: "The Rock",
|
"title" => "The Rock",
|
||||||
description:
|
"description" =>
|
||||||
"Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
|
"Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
|
||||||
type: "video.movie",
|
"type" => "video.movie",
|
||||||
url: "http://example.com/ogp"
|
"url" => "http://example.com/ogp"
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -80,12 +80,12 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
|
||||||
assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/ogp-missing-title") ==
|
assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/ogp-missing-title") ==
|
||||||
{:ok,
|
{:ok,
|
||||||
%{
|
%{
|
||||||
image: "http://ia.media-imdb.com/images/rock.jpg",
|
"image" => "http://ia.media-imdb.com/images/rock.jpg",
|
||||||
title: "The Rock (1996)",
|
"title" => "The Rock (1996)",
|
||||||
description:
|
"description" =>
|
||||||
"Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
|
"Directed by Michael Bay. With Sean Connery, Nicolas Cage, Ed Harris, John Spencer.",
|
||||||
type: "video.movie",
|
"type" => "video.movie",
|
||||||
url: "http://example.com/ogp-missing-title"
|
"url" => "http://example.com/ogp-missing-title"
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -93,12 +93,12 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
|
||||||
assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/twitter-card") ==
|
assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/twitter-card") ==
|
||||||
{:ok,
|
{:ok,
|
||||||
%{
|
%{
|
||||||
card: "summary",
|
"card" => "summary",
|
||||||
site: "@flickr",
|
"site" => "@flickr",
|
||||||
image: "https://farm6.staticflickr.com/5510/14338202952_93595258ff_z.jpg",
|
"image" => "https://farm6.staticflickr.com/5510/14338202952_93595258ff_z.jpg",
|
||||||
title: "Small Island Developing States Photo Submission",
|
"title" => "Small Island Developing States Photo Submission",
|
||||||
description: "View the album on Flickr.",
|
"description" => "View the album on Flickr.",
|
||||||
url: "http://example.com/twitter-card"
|
"url" => "http://example.com/twitter-card"
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -106,27 +106,28 @@ defmodule Pleroma.Web.RichMedia.ParserTest do
|
||||||
assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/oembed") ==
|
assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/oembed") ==
|
||||||
{:ok,
|
{:ok,
|
||||||
%{
|
%{
|
||||||
author_name: "bees",
|
"author_name" => "bees",
|
||||||
author_url: "https://www.flickr.com/photos/bees/",
|
"author_url" => "https://www.flickr.com/photos/bees/",
|
||||||
cache_age: 3600,
|
"cache_age" => 3600,
|
||||||
flickr_type: "photo",
|
"flickr_type" => "photo",
|
||||||
height: "768",
|
"height" => "768",
|
||||||
html:
|
"html" =>
|
||||||
"<a data-flickr-embed=\"true\" href=\"https://www.flickr.com/photos/bees/2362225867/\" title=\"Bacon Lollys by bees, on Flickr\"><img src=\"https://farm4.staticflickr.com/3040/2362225867_4a87ab8baf_b.jpg\" width=\"1024\" height=\"768\" alt=\"Bacon Lollys\"></a><script async src=\"https://embedr.flickr.com/assets/client-code.js\" charset=\"utf-8\"></script>",
|
"<a data-flickr-embed=\"true\" href=\"https://www.flickr.com/photos/bees/2362225867/\" title=\"Bacon Lollys by bees, on Flickr\"><img src=\"https://farm4.staticflickr.com/3040/2362225867_4a87ab8baf_b.jpg\" width=\"1024\" height=\"768\" alt=\"Bacon Lollys\"></a><script async src=\"https://embedr.flickr.com/assets/client-code.js\" charset=\"utf-8\"></script>",
|
||||||
license: "All Rights Reserved",
|
"license" => "All Rights Reserved",
|
||||||
license_id: 0,
|
"license_id" => 0,
|
||||||
provider_name: "Flickr",
|
"provider_name" => "Flickr",
|
||||||
provider_url: "https://www.flickr.com/",
|
"provider_url" => "https://www.flickr.com/",
|
||||||
thumbnail_height: 150,
|
"thumbnail_height" => 150,
|
||||||
thumbnail_url: "https://farm4.staticflickr.com/3040/2362225867_4a87ab8baf_q.jpg",
|
"thumbnail_url" =>
|
||||||
thumbnail_width: 150,
|
"https://farm4.staticflickr.com/3040/2362225867_4a87ab8baf_q.jpg",
|
||||||
title: "Bacon Lollys",
|
"thumbnail_width" => 150,
|
||||||
type: "photo",
|
"title" => "Bacon Lollys",
|
||||||
url: "http://example.com/oembed",
|
"type" => "photo",
|
||||||
version: "1.0",
|
"url" => "http://example.com/oembed",
|
||||||
web_page: "https://www.flickr.com/photos/bees/2362225867/",
|
"version" => "1.0",
|
||||||
web_page_short_url: "https://flic.kr/p/4AK2sc",
|
"web_page" => "https://www.flickr.com/photos/bees/2362225867/",
|
||||||
width: "1024"
|
"web_page_short_url" => "https://flic.kr/p/4AK2sc",
|
||||||
|
"width" => "1024"
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -19,11 +19,11 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do
|
||||||
assert TwitterCard.parse(html, %{}) ==
|
assert TwitterCard.parse(html, %{}) ==
|
||||||
{:ok,
|
{:ok,
|
||||||
%{
|
%{
|
||||||
"app:id:googleplay": "com.nytimes.android",
|
"app:id:googleplay" => "com.nytimes.android",
|
||||||
"app:name:googleplay": "NYTimes",
|
"app:name:googleplay" => "NYTimes",
|
||||||
"app:url:googleplay": "nytimes://reader/id/100000006583622",
|
"app:url:googleplay" => "nytimes://reader/id/100000006583622",
|
||||||
site: nil,
|
"site" => nil,
|
||||||
title:
|
"title" =>
|
||||||
"She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database. - The New York Times"
|
"She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database. - The New York Times"
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
|
@ -36,15 +36,15 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do
|
||||||
assert TwitterCard.parse(html, %{}) ==
|
assert TwitterCard.parse(html, %{}) ==
|
||||||
{:ok,
|
{:ok,
|
||||||
%{
|
%{
|
||||||
card: "summary_large_image",
|
"card" => "summary_large_image",
|
||||||
description:
|
"description" =>
|
||||||
"With little oversight, the N.Y.P.D. has been using powerful surveillance technology on photos of children and teenagers.",
|
"With little oversight, the N.Y.P.D. has been using powerful surveillance technology on photos of children and teenagers.",
|
||||||
image:
|
"image" =>
|
||||||
"https://static01.nyt.com/images/2019/08/01/nyregion/01nypd-juveniles-promo/01nypd-juveniles-promo-videoSixteenByNineJumbo1600.jpg",
|
"https://static01.nyt.com/images/2019/08/01/nyregion/01nypd-juveniles-promo/01nypd-juveniles-promo-videoSixteenByNineJumbo1600.jpg",
|
||||||
"image:alt": "",
|
"image:alt" => "",
|
||||||
title:
|
"title" =>
|
||||||
"She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database.",
|
"She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database.",
|
||||||
url:
|
"url" =>
|
||||||
"https://www.nytimes.com/2019/08/01/nyregion/nypd-facial-recognition-children-teenagers.html"
|
"https://www.nytimes.com/2019/08/01/nyregion/nypd-facial-recognition-children-teenagers.html"
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
|
@ -57,19 +57,19 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do
|
||||||
assert TwitterCard.parse(html, %{}) ==
|
assert TwitterCard.parse(html, %{}) ==
|
||||||
{:ok,
|
{:ok,
|
||||||
%{
|
%{
|
||||||
"app:id:googleplay": "com.nytimes.android",
|
"app:id:googleplay" => "com.nytimes.android",
|
||||||
"app:name:googleplay": "NYTimes",
|
"app:name:googleplay" => "NYTimes",
|
||||||
"app:url:googleplay": "nytimes://reader/id/100000006583622",
|
"app:url:googleplay" => "nytimes://reader/id/100000006583622",
|
||||||
card: "summary_large_image",
|
"card" => "summary_large_image",
|
||||||
description:
|
"description" =>
|
||||||
"With little oversight, the N.Y.P.D. has been using powerful surveillance technology on photos of children and teenagers.",
|
"With little oversight, the N.Y.P.D. has been using powerful surveillance technology on photos of children and teenagers.",
|
||||||
image:
|
"image" =>
|
||||||
"https://static01.nyt.com/images/2019/08/01/nyregion/01nypd-juveniles-promo/01nypd-juveniles-promo-videoSixteenByNineJumbo1600.jpg",
|
"https://static01.nyt.com/images/2019/08/01/nyregion/01nypd-juveniles-promo/01nypd-juveniles-promo-videoSixteenByNineJumbo1600.jpg",
|
||||||
"image:alt": "",
|
"image:alt" => "",
|
||||||
site: nil,
|
"site" => nil,
|
||||||
title:
|
"title" =>
|
||||||
"She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database.",
|
"She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database.",
|
||||||
url:
|
"url" =>
|
||||||
"https://www.nytimes.com/2019/08/01/nyregion/nypd-facial-recognition-children-teenagers.html"
|
"https://www.nytimes.com/2019/08/01/nyregion/nypd-facial-recognition-children-teenagers.html"
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
|
@ -86,11 +86,11 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do
|
||||||
assert TwitterCard.parse(html, %{}) ==
|
assert TwitterCard.parse(html, %{}) ==
|
||||||
{:ok,
|
{:ok,
|
||||||
%{
|
%{
|
||||||
site: "@atlasobscura",
|
"site" => "@atlasobscura",
|
||||||
title:
|
"title" =>
|
||||||
"The Missing Grave of Margaret Corbin, Revolutionary War Veteran - Atlas Obscura",
|
"The Missing Grave of Margaret Corbin, Revolutionary War Veteran - Atlas Obscura",
|
||||||
card: "summary_large_image",
|
"card" => "summary_large_image",
|
||||||
image: image_path
|
"image" => image_path
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -102,12 +102,12 @@ defmodule Pleroma.Web.RichMedia.Parsers.TwitterCardTest do
|
||||||
assert TwitterCard.parse(html, %{}) ==
|
assert TwitterCard.parse(html, %{}) ==
|
||||||
{:ok,
|
{:ok,
|
||||||
%{
|
%{
|
||||||
site: nil,
|
"site" => nil,
|
||||||
title:
|
"title" =>
|
||||||
"She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database. - The New York Times",
|
"She Was Arrested at 14. Then Her Photo Went to a Facial Recognition Database. - The New York Times",
|
||||||
"app:id:googleplay": "com.nytimes.android",
|
"app:id:googleplay" => "com.nytimes.android",
|
||||||
"app:name:googleplay": "NYTimes",
|
"app:name:googleplay" => "NYTimes",
|
||||||
"app:url:googleplay": "nytimes://reader/id/100000006583622"
|
"app:url:googleplay" => "nytimes://reader/id/100000006583622"
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue