Commit graph

465 commits

Author SHA1 Message Date
Blackle Morisanchetto
1f8ecf1c15
[bugfix] Fix issue where the 'favourited' field of a notification's status is always false (#779) 2022-08-30 11:42:52 +02:00
Blackle Morisanchetto
3ce26a60f8
[bugfix] Use reblogged status in notification, instead of wrapper status (#775) 2022-08-29 11:06:37 +02:00
tobi
969c194fcd
[bugfix] Relax outgoing http request queue (#760)
* add request queue trace logging

* fix  misleading wording

* implement request slots per host per method

* undo formatting change (?)

* remove gratuitous trace logging

* rename done -> release
avoids confusion with ctx.Done
2022-08-27 12:00:19 +02:00
Blackle Morisanchetto
54f6caed65
[bugfix] Status visibility + excludeReplies fixes (#769)
* Fix some bugs when viewing a user's posts: include their self-replies (threads) even when excludeReplies is set, and use in_reply_to_uri instead of in_reply_to_id to filter out replies

* Assign values to InReplyToURI when creating statuses. Add index and update old statuses with a migration
2022-08-27 11:35:31 +02:00
Blackle Morisanchetto
e9b5ba0502
[bugfix] Check the length of form.MediaIDs instead of just checking for null (#766) 2022-08-26 17:37:51 +02:00
tobi
79fb8bad04
[feature] Allow footnotes in markdown, use <br> instead of \n (#767)
* allow markdown footnotes + hard line breaks

* don't keep whitespace w/minify (unnecessary now)

* test markdown a bit more
2022-08-26 13:28:06 +02:00
tobi
2fe3a2b5b8
[bugfix] Fix boost of boost issue (#764) 2022-08-23 10:46:10 +02:00
tobi
b96533ca8f
[bugfix] Fix loss of account info on export/import, add tests (#759)
* start adding additional tests

* use random database address for in-memory sqlite

* add more fields to account export
2022-08-22 11:21:36 +02:00
tobi
570fa7c359
[bugfix] Fix potential dereference of accounts on own instance (#757)
* add GetAccountByUsernameDomain

* simplify search

* add escape to not deref accounts on own domain

* check if local + we have account by ap uri
2022-08-20 21:47:19 +01:00
tobi
586ebb5059
return after redirects to web representation (#755) 2022-08-16 19:50:26 +01:00
tobi
ac6ed3d939
[chore] Update bun / sqlite versions; update gtsmodels (#754)
* upstep bun and sqlite versions

* allow specific columns to be updated in the db

* only update necessary columns for user

* bit tidier

* only update necessary fields of media_attachment

* only update relevant instance fields

* update tests

* update only specific account columns

* use bool pointers on gtsmodels
includes attachment, status, account, user

* update columns more selectively

* test all default fields on new account insert

* updating remaining bools on gtsmodels

* initialize pointer fields when extracting AP emoji

* copy bools properly

* add copyBoolPtr convenience function + test it

* initialize false bool ptrs a bit more neatly
2022-08-15 11:35:05 +01:00
tobi
9a9702c964
[bugfix] Check orientation when reading width/height of images (#749) 2022-08-10 15:54:15 +02:00
tobi
91c8d5d20d
[bugfix] Fix thumbnails not taking exif rotation into account (#746)
* use disintegration/imaging instead of nfnt/resize

* update tests

* use disintegration lib for thumbing (if necessary)
2022-08-10 14:05:14 +02:00
tobi
117888cf59
[feature] Add first iteration of a user panel at /user (#736)
* start work on user panel

* parse source first before checking if empty form

* newline

* set avi + header nicely

* add posts settings

* render signin a bit nicer on mobile

* return OK json on successful change

* return unauthorized on bad password

* clarify message on insecure password

* make login a bit prettier

* add alt text + border round image previews

* add logout button

* add password change

* styling updates

* redirect /auth/edit to /user

* update tests

* fix validation tests

* better labels, link to more info

* make submit button generic component

* move submit button inside forms

* add autocomplete labels to password fields

* fix indentation (thx eslint)

* update eslintrc

* eslint: no-unescaped-entities

* initial deduplication between user and admin panel

* add default status/post format setting

* user panel styling for inputs

* update user panel styling, include normalize css

* add placeholder text

* input padding

Co-authored-by: f0x <f0x@cthu.lu>
2022-08-08 10:40:51 +02:00
tobi
879b4abde7
[bugfix] Markdown formatting updates (#743)
* add minify dependency specifically for markdown

* rearrange markdown formatting

* update markdown tests
2022-08-07 18:19:16 +02:00
tobi
f5689a9e5f
[feature] Let accounts set default status format, and use this when processing new statuses (#739)
* add post_format to acct & use it when making post

* update swagger docs

* add status_format updating to frontend

* fix up tests

* post_format => status_format

* add status_format to account validation
2022-08-06 12:09:21 +02:00
tobi
3ab3f58342
[bugfix] Parse source first before checking if empty form (#738) 2022-08-05 12:30:47 +02:00
Artémis
4fdbef04b4
[feature] Implemented notification clear (#720)
* Implemented notification clear

* Added the cache clear mechanism

* added multi user check test
2022-08-01 11:13:49 +02:00
tobi
8fdc9ed552
serve HEAD requests via the fileserver (#735) 2022-07-30 13:42:47 +01:00
tobi
fc81e6443a
[bugfix] remove <= 0 expires_in from oauth token response (#731)
* remove <= 0 expired_in from oauth token response

* go fmt
2022-07-28 16:43:42 +02:00
tobi
8106b69856
[feature] add 'state' oauth2 param to /oauth/authorize (#730) 2022-07-28 16:43:27 +02:00
tobi
7ca5bac7c6
[bugfix] Fix Toot CLI media attachments not working properly (#726) 2022-07-22 13:43:51 +02:00
tobi
73b8839c5d
[bugfix] Make /api/v2/media more compatible with masto API (#724)
* update docs

* make api version into a path param

* update tests

* workaround to unset URL if using v2 of api

* make some fields into pointers
2022-07-22 12:48:19 +02:00
tobi
40f91d052c
[chore] Update image/video size defaults to mastodon's (#723) 2022-07-20 12:25:06 +02:00
tobi
c84384e660
[bugfix] html escape special characters in text instead of totally removing them (#719)
* remove minify dependency

* tidy up some tests

* remove pre + postformat funcs

* rework sanitization + formatting

* update tests

* add some more markdown tests
2022-07-19 15:21:17 +02:00
kim
098dbe6ff4
[chore] use our own logging implementation (#716)
* first commit

Signed-off-by: kim <grufwub@gmail.com>

* replace logging with our own log library

Signed-off-by: kim <grufwub@gmail.com>

* fix imports

Signed-off-by: kim <grufwub@gmail.com>

* fix log imports

Signed-off-by: kim <grufwub@gmail.com>

* add license text

Signed-off-by: kim <grufwub@gmail.com>

* fix package import cycle between config and log package

Signed-off-by: kim <grufwub@gmail.com>

* fix empty kv.Fields{} being passed to WithFields()

Signed-off-by: kim <grufwub@gmail.com>

* fix uses of log.WithFields() with whitespace issues and empty slices

Signed-off-by: kim <grufwub@gmail.com>

* *linter related grumbling*

Signed-off-by: kim <grufwub@gmail.com>

* gofmt the codebase! also fix more log.WithFields() formatting issues

Signed-off-by: kim <grufwub@gmail.com>

* update testrig code to match new changes

Signed-off-by: kim <grufwub@gmail.com>

* fix error wrapping in non fmt.Errorf function

Signed-off-by: kim <grufwub@gmail.com>

* add benchmarking of log.Caller() vs non-cached

Signed-off-by: kim <grufwub@gmail.com>

* fix syslog tests, add standard build tags to test runner to ensure consistency

Signed-off-by: kim <grufwub@gmail.com>

* make syslog tests more robust

Signed-off-by: kim <grufwub@gmail.com>

* fix caller depth arithmatic (is that how you spell it?)

Signed-off-by: kim <grufwub@gmail.com>

* update to use unkeyed fields in kv.Field{} instances

Signed-off-by: kim <grufwub@gmail.com>

* update go-kv library

Signed-off-by: kim <grufwub@gmail.com>

* update libraries list

Signed-off-by: kim <grufwub@gmail.com>

* fuck you linter get nerfed

Signed-off-by: kim <grufwub@gmail.com>

Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
2022-07-19 10:47:55 +02:00
tobi
59be7466f3
[bugfix] Markdown format fixes (#718)
* just sanitize markdown, don't minify or escape

* tidy tests, add one for inline code

* add another test, it works!
2022-07-19 10:41:16 +02:00
tobi
c3b6a5b0f9
[feature] Implement cache-control and etags for static assets (#711)
* start working on etag stuff

* add + use cache middleware

* generate etags on the fly

* remove unused field

* clean up filepath

* add license headers to cache files

* add attachgroup function to router interface

* move cache into web module

* rename a couple things

* remove attachStaticFS function from router

* rename + tidy up a few things

* mount assets filesystem

* create assetsFileInfoCache

* update comment

* simplify hash

* fix string fmt

* skip last mod chk, prefer strong etags w/long cache

* move base handler to its own file
this matches the modules in the api folder

* generate new etag if file was modified

* wrap strong etag in quotation marks as per spec

* clarify logic in avatar search

* make hashing a little niftier
2022-07-18 12:55:06 +02:00
tobi
ab03318b7a
[chore] move dialer inside new (#715)
* move dialer inside new, use default resolver

* instantiate resolver
2022-07-18 11:25:26 +02:00
tobi
839c4346ad
[performance] Add long cache-control max age to fileserver (#710) 2022-07-15 13:23:04 +02:00
tobi
6418307c64
[feature] Add back/next buttons to profiles for paging through statuses (#708)
* add GetAccountWebStatuses to db

* add WebStatusesGet func to processor

* don't add limit to next/prev links if 0

* take query params for next/prev statuses

* add separate next + prev links for convenience

* show 'nothing here' message if no statuses exist

* add back / next links to profiles

* allow paging down only

* go fmt ./...

* 'recent public toots' -> 'latest public toots'
2022-07-13 09:57:47 +02:00
kim
6934ae378a
[chore] improved router logging, recovery and error handling (#705)
* move panic recovery to logging middleware, improve logging + panic recovery logic

Signed-off-by: kim <grufwub@gmail.com>

* remove dead code

Signed-off-by: kim <grufwub@gmail.com>

* remove skip paths code

Signed-off-by: kim <grufwub@gmail.com>

* re-enable log quoting

Signed-off-by: kim <grufwub@gmail.com>

* use human-friendly bytesize in logging body size

Signed-off-by: kim <grufwub@gmail.com>

* only disable quoting in debug builds

Signed-off-by: kim <grufwub@gmail.com>

* use logrus level instead of debug.DEBUG() to enable/disable quoting

Signed-off-by: kim <grufwub@gmail.com>

* shutup linter

Signed-off-by: kim <grufwub@gmail.com>

* fix instance tests

Signed-off-by: kim <grufwub@gmail.com>

* fix gin test contexts created with missing engine HTML renderer

Signed-off-by: kim <grufwub@gmail.com>

* add note regarding not logging query parameters

Signed-off-by: kim <grufwub@gmail.com>

* better explain 'DisableQuoting' logic

Signed-off-by: kim <grufwub@gmail.com>

* add license text

Signed-off-by: kim <grufwub@gmail.com>
2022-07-12 08:32:20 +01:00
tobi
a465cefb8c
[performance] Add new index to fix slow web profile queries (#706)
* start adding new index migration

* fix up index
2022-07-11 12:52:12 +01:00
kim
7cc40302a5
[chore] consolidate caching libraries (#704)
* add miekg/dns dependency

* set/validate accountDomain

* move finger to dereferencer

* totally break GetRemoteAccount

* start reworking finger func a bit

* start reworking getRemoteAccount a bit

* move mention parts to namestring

* rework webfingerget

* use util function to extract webfinger parts

* use accountDomain

* rework finger again, final form

* just a real nasty commit, the worst

* remove refresh from account

* use new ASRepToAccount signature

* fix incorrect debug call

* fix for new getRemoteAccount

* rework GetRemoteAccount

* start updating tests to remove repetition

* break a lot of tests
Move shared test logic into the testrig,
rather than having it scattered all over
the place. This allows us to just mock
the transport controller once, and have
all tests use it (unless they need not to
for some other reason).

* fix up tests to use main mock httpclient

* webfinger only if necessary

* cheeky linting with the lads

* update mentionName regex
recognize instance accounts

* don't finger instance accounts

* test webfinger part extraction

* increase default worker count to 4 per cpu

* don't repeat regex parsing

* final search for discovered accountDomain

* be more permissive in namestring lookup

* add more extraction tests

* simplify GetParseMentionFunc

* skip long search if local account

* fix broken test

* consolidate to all use same caching libraries

Signed-off-by: kim <grufwub@gmail.com>

* perform more caching in the database layer

Signed-off-by: kim <grufwub@gmail.com>

* remove ASNote cache

Signed-off-by: kim <grufwub@gmail.com>

* update cache library, improve db tracing hooks

Signed-off-by: kim <grufwub@gmail.com>

* return ErrNoEntries if no account status IDs found, small formatting changes

Signed-off-by: kim <grufwub@gmail.com>

* fix tests, thanks tobi!

Signed-off-by: kim <grufwub@gmail.com>

Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
2022-07-10 17:18:21 +02:00
kim
e75d742afe
[chore] Improve panic handling (#700)
* add miekg/dns dependency

* set/validate accountDomain

* move finger to dereferencer

* totally break GetRemoteAccount

* start reworking finger func a bit

* start reworking getRemoteAccount a bit

* move mention parts to namestring

* rework webfingerget

* use util function to extract webfinger parts

* use accountDomain

* rework finger again, final form

* just a real nasty commit, the worst

* remove refresh from account

* use new ASRepToAccount signature

* fix incorrect debug call

* fix for new getRemoteAccount

* rework GetRemoteAccount

* start updating tests to remove repetition

* break a lot of tests
Move shared test logic into the testrig,
rather than having it scattered all over
the place. This allows us to just mock
the transport controller once, and have
all tests use it (unless they need not to
for some other reason).

* fix up tests to use main mock httpclient

* webfinger only if necessary

* cheeky linting with the lads

* update mentionName regex
recognize instance accounts

* don't finger instance accounts

* test webfinger part extraction

* increase default worker count to 4 per cpu

* don't repeat regex parsing

* final search for discovered accountDomain

* be more permissive in namestring lookup

* add more extraction tests

* simplify GetParseMentionFunc

* skip long search if local account

* fix broken test

* panics get logged at error level, now include stacktrace

Signed-off-by: kim <grufwub@gmail.com>

Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
2022-07-08 12:01:44 +02:00
tobi
81dd4f3660
[bugfix] Fix footer info fields not wrapping (#694)
* flex-wrap footer items

* add testrig instance entry with more info set
2022-07-05 16:44:58 +02:00
tobi
b61b000e0a
[bugfix] Fix incorrect domain showing in profiles (#693)
* use instance account_domain in profile

* add instance account_domain field
2022-07-05 14:03:44 +02:00
tobi
4a69651a7c
[bugfix] Visibility fixes (#687)
* test self boost

* only CC to public when necessary
2022-07-04 15:41:20 +02:00
f0x52
c6d1b82f48
[chore] configure instance.Version for testrig (#659)
* configure instance.Version for testrig

* update instancepatch tests

Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
2022-07-03 12:27:32 +02:00
tobi
de4d75246c
[chore] Update pruneOneLocal to use ctx (#684)
* update pruneOneLocal to use ctx

* update test
2022-07-03 12:18:59 +02:00
Dominik Süß
9d0df426da
[feature] S3 support (#674)
* feat: vendor minio client

* feat: introduce storage package with s3 support

* feat: serve s3 files directly

this saves a lot of bandwith as the files are fetched from the object
store directly

* fix: use explicit local storage in tests

* feat: integrate s3 storage with the main server

* fix: add s3 config to cli tests

* docs: explicitly set values in example config

also adds license header to the storage package

* fix: use better http status code on s3 redirect

HTTP 302 Found is the best fit, as it signifies that the resource
requested was found but not under its presumed URL

307/TemporaryRedirect would mean that this resource is usually located
here, not in this case

303/SeeOther indicates that the redirection does not link to the
requested resource but to another page

* refactor: use context in storage driver interface
2022-07-03 12:08:30 +02:00
tobi
664713ddd4
[bugfix] Make hashtag regex work with non-ascii characters (#682) 2022-07-03 11:03:03 +02:00
tobi
9e7d022a06
[feature] Cleanup unattached local media (#680)
* add localUnattached db function

* add parseOlderThan util function

* add pruneunusedlocalattachments to media manager

* add unusedlocal pruning to schedule + admin call

* set number of days to keep as a const

* fix test
2022-06-30 12:22:10 +02:00
tobi
07620acc0e
[feature] Use default instance thumbnail if instance account header not set (#672) 2022-06-26 12:33:11 +02:00
tobi
68736efd20
[feature] add configuration to /api/v1/instance response (#670)
* add configuration object to api instance model

* regenerate swagger docs

* add func to return all supported mimes for media

* add instance configuration to api serialization

* fix json tags

* update instance endpoint tests

* fix typeutils tests

* final regen of swagger docs

* omitempty instance configuration
2022-06-26 10:58:45 +02:00
ugla
3e4e57d554
[bugfix] disallow following or blocking yoursel (#667)
Closes #664
2022-06-25 11:14:05 +02:00
tobi
0846b76e93
[bugfix] Fix 404 on status delete redraft (#668)
* add unattach function to media processor

* call delete or unattach appropriately
unattach from client api, delete from federated api

* typo fix
2022-06-24 17:17:40 +02:00
tobi
7eacbd064b
[bugfix] allow setting empty email via instance patch (#665) 2022-06-24 10:43:21 +02:00
tobi
5f00d4980b
[feature] Implement /api/v1/instance/peers endpoint (#660)
* add missing license headers

* start adding instance peers get

* rename domainblock.go

* embed domain in domainblock so it can be reused

* update swagger docs

* add test instances to db

* update tests

* add/update instancepeersget

* update domain model

* add getinstancepeers to db

* instance-expose-peers, instance-expose-suspended

* add auth checks for both current filters

* attach endpoint to router

* include public comment

* obfuscate domain if required

* go mod tidy

* update swagger docs

* remove unnecessary comment

* return 'flat' peerlist if no query params provided
2022-06-23 16:54:54 +02:00
f0x52
7c6c0cd547
[frontend] Profile pages upgrade (#640)
* fix css indentation

* profile styling update

* update status styling to match profile

* empty header fix

* generate random avatars for thread views

* appease the linter gods

* upgrade deps

* turn profile accent into border + $bg background

* upgrade deps

* small accessibility tweaks

Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
2022-06-21 10:48:42 +02:00
tobi
8c7945fb78
[bugfix] Account self finger fix (#658)
* check only 1 of status/account when search by uri

* don't try to resolve local uris when searching
2022-06-20 14:11:36 +02:00
tobi
610395d5a5
[chore] make tests more cacheable by avoiding time.Now() (#656) 2022-06-19 17:10:24 +02:00
Mara Sophie Grosch
c48266c459
[bugfix] for the second accounts.note_raw migration (#653) 2022-06-16 19:39:57 +02:00
Mara Sophie Grosch
0e12ee0aa1
postgres locale: fix accounts.note_raw migration (#651)
Database migration 20220506110822_add_account_raw_note.go has some error
handling code to detect some error messages as "ok", but only done for
english error messages. This commit adds a check for the specific error
code, which should be locale agnostic.
2022-06-16 11:22:51 +02:00
tobi
13e4bbdbfa
[chore] Duplicated media cleanup (#649)
* add migration to clean up duplicated media

* use /tmp/gotosocial for testrig storage path

* defer remove storage tempdir

* skip if not attached to status or status not found

* log errors at error level

* only log delete as else clause if successful

* just return nil on down

* reword delete logic a little bit

* check if storage base path is defined

* check for status id more thoroughly

* don't log error if just no rows

* go fmt

* break statusIDLoop when found

* break currentlyUsedLoop when found
2022-06-14 17:00:57 +01:00
tobi
da2386bab1
[chore] Fix testrig emoji bug (#646)
* fix teeny tiny bug in testrig

* Update test case
2022-06-11 16:41:34 +02:00
tobi
7f9925afe5
[chore] Refactor thread dereference a bit for clarity (#647)
* refactor thread dereference a bit for clarity

* lint for the lint gods
2022-06-11 16:25:41 +02:00
tobi
cf5c6d724d
[chore] Validate/set account domain (#619)
* add miekg/dns dependency

* set/validate accountDomain
2022-06-11 11:09:31 +02:00
tobi
dfdc473cef
[chore] Webfinger rework (#627)
* move finger to dereferencer

* totally break GetRemoteAccount

* start reworking finger func a bit

* start reworking getRemoteAccount a bit

* move mention parts to namestring

* rework webfingerget

* use util function to extract webfinger parts

* use accountDomain

* rework finger again, final form

* just a real nasty commit, the worst

* remove refresh from account

* use new ASRepToAccount signature

* fix incorrect debug call

* fix for new getRemoteAccount

* rework GetRemoteAccount

* start updating tests to remove repetition

* break a lot of tests
Move shared test logic into the testrig,
rather than having it scattered all over
the place. This allows us to just mock
the transport controller once, and have
all tests use it (unless they need not to
for some other reason).

* fix up tests to use main mock httpclient

* webfinger only if necessary

* cheeky linting with the lads

* update mentionName regex
recognize instance accounts

* don't finger instance accounts

* test webfinger part extraction

* increase default worker count to 4 per cpu

* don't repeat regex parsing

* final search for discovered accountDomain

* be more permissive in namestring lookup

* add more extraction tests

* simplify GetParseMentionFunc

* skip long search if local account

* fix broken test
2022-06-11 11:01:34 +02:00
tobi
694a490589
[feature] Add created_at and error_description to /oauth/token endpoint (#645)
* start fiddling about with oauth server

* start returning more helpful errors from oauth

* test helpful(ish) token errors

* add missing license header
2022-06-11 10:39:39 +02:00
tobi
2385b51d58
[bugfix] Make accounts media_only query also work with pg (#643) 2022-06-10 10:56:49 +02:00
tobi
5864954e2e
[bugfix] Fix domain blocks get regression (#642)
* fix domain blocks get regression

* add missing license text headers
2022-06-09 13:28:15 +02:00
f0x52
b43f9ceca9
[frontend] Restructure Frontend Sources (#634)
* 🐸restructure frontend stuff, include admin and future user panel in main repo, properly deduplicate bundles for css+js across uses

* rename bundled to dist, caught by gitignore

* re-include status.css for profile template

* default to localhost

* serve frontend panels

* add todo message for abstraction

* refactor oauth registration flow

* oauth restructure

* update footer template

* change panel routes

* remove superfluous css imports

* write bundle to disk from test server, use forked budo-express

* wrap all page content in container

for robustness with addons etc injection other elements in body

* update documentation, goreleaser, Dockerfile

* update template meta tags

* add AGPL-3.0+ license header everywhere

* only attach update listener on EventEmitter

* cleaner config for various frontend bundles

* fix bundler script paths

* Merge commit 'd191931932b9293ce1be44ed08a1e69b9fcc1e25'

* fix up dockerfile, goreleaser

* go mod tidy

* add uglifyify

* move status hide/show js to frontend bundle

* fix stylesheet color( func regressions

* update contributing docs for new build path

* update goreleaser + docker building

* resolve dependency paths properly

* update package name

* use api errorhandler

Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
2022-06-09 12:51:19 +02:00
tobi
1ede54ddf6
[feature] More consistent API error handling (#637)
* update templates

* start reworking api error handling

* update template

* return AP status at web endpoint if negotiated

* start making api error handling much more consistent

* update account endpoints to new error handling

* use new api error handling in admin endpoints

* go fmt ./...

* use api error logic in app

* use generic error handling in auth

* don't export generic error handler

* don't defer clearing session

* user nicer error handling on oidc callback handler

* tidy up the sign in handler

* tidy up the token handler

* use nicer error handling in blocksget

* auth emojis endpoint

* fix up remaining api endpoints

* fix whoopsie during login flow

* regenerate swagger docs

* change http error logging to debug
2022-06-08 20:38:03 +02:00
kim
91c0ed863a
[bugfix] #621: add weak type handing to mapstructure decode (#625)
* Drone sig (#623)

* accept weakly typed input on mapstructure decode i.e. .UnmarshalMap()

Signed-off-by: kim <grufwub@gmail.com>

* add envparsing script to test for panics during environment variable parsing

Signed-off-by: kim <grufwub@gmail.com>

* add envparsing.sh script to drone commands

Signed-off-by: kim <grufwub@gmail.com>

* update drone signature

Co-authored-by: kim <grufwub@gmail.com>

* compare expected with output

* update expected output of envparsing

* update expected output to correct value

* use viper's unmarshal function instead
There were problems with marshalling
string slices from viper into the st.config
struct with the other function. Now, we
can use viper's unmarshal function and pass
in the custom decoder config that we need
as a hook. This ensures that we marshal
string slices from viper into our config
struct correctly.

Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
2022-06-08 20:28:28 +02:00
tobi
6f6e89e271
[feature] Add paging via Link header for notifications and account statuses (#629)
* test link headers

* page get account statuses properly

* page get notifications

* add util func for packaging timeline responses

* return timelined stuff from accountstatusesget

* rename timeline response

* use new convenience function

* go fmt
2022-06-08 20:22:49 +02:00
tobi
f3b44426f4
[bugfix] Update time marshalling format to provide 3 digits of ms (#630) 2022-06-04 20:03:01 +02:00
tobi
327d3f001f
[feature] Start adding advanced configuration options, starting with samesite (#628)
* fix incorrect port being used for db

* start adding advanced config flags

* use samesite lax by default
2022-06-03 15:40:38 +02:00
kim
43ac0cdb9c
[chore] Global server configuration overhaul (#575)
* move config flag names and usage to config package, rewrite config package to use global Configuration{} struct

Signed-off-by: kim <grufwub@gmail.com>

* improved code comment

Signed-off-by: kim <grufwub@gmail.com>

* linter

Signed-off-by: kim <grufwub@gmail.com>

* fix unmarshaling

Signed-off-by: kim <grufwub@gmail.com>

* remove kim's custom go compiler changes

Signed-off-by: kim <grufwub@gmail.com>

* generate setter and flag-name functions, implement these in codebase

Signed-off-by: kim <grufwub@gmail.com>

* update deps

Signed-off-by: kim <grufwub@gmail.com>

* small change

Signed-off-by: kim <grufwub@gmail.com>

* appease the linter...

Signed-off-by: kim <grufwub@gmail.com>

* move configuration into ConfigState structure, ensure reloading to/from viper settings to keep in sync

Signed-off-by: kim <grufwub@gmail.com>

* lint

Signed-off-by: kim <grufwub@gmail.com>

* update code comments

Signed-off-by: kim <grufwub@gmail.com>

* fix merge issue

Signed-off-by: kim <grufwub@gmail.com>

* fix merge issue

Signed-off-by: kim <grufwub@gmail.com>

* improved version string (removes time + go version)

Signed-off-by: kim <grufwub@gmail.com>

* fix version string build to pass test script + consolidate logic in func

Signed-off-by: kim <grufwub@gmail.com>

* add license text, update config.Defaults comment

Signed-off-by: kim <grufwub@gmail.com>

* add license text to generated config helpers file

Signed-off-by: kim <grufwub@gmail.com>

* defer unlock on config.Set___(), to ensure unlocked on panic

Signed-off-by: kim <grufwub@gmail.com>

* make it more obvious which cmd flags are being attached

Signed-off-by: kim <grufwub@gmail.com>
2022-05-30 14:41:24 +02:00
tobi
ae5402ada6
[chore] Mastodon api fixups (#617)
* don't omitempty on description

* don't omitempty on any fields

* add ms to timestamp format

* don't omitempty on text_url

* rearrange attachment fields a bit

* just give URL again as attachment text url

* update tests

* fix accidental replace
2022-05-28 18:59:55 +01:00
tobi
2b11d4b7b0
[bugfix] Add accept: application/activity+json to dereferencer (#611)
* add Accept application/activity+json to transport

* add application/activity+json comma-separated
2022-05-27 20:09:57 +01:00
tobi
73d5766572
[chore] Debug failed account get (#612) 2022-05-27 16:44:33 +02:00
tobi
dc8cc7e364
[chore] Add test for dereferencing Owncast service account (#613) 2022-05-27 16:35:35 +02:00
tobi
1cdc163276
[performance] Don't retry/backoff invalid http requests that will never succeed (#609)
* add httpguts (ew)

* add ValidateRequest err wrapping logic

* don't retry on unrecoverable errors

* i am very clever
2022-05-26 13:38:41 +02:00
tobi
0f01f72db0
[performance] Bump default workers to CPUs * 2 (#608)
* add license text to workers.go
* bump default workers to maxprocs*2
2022-05-26 11:51:59 +02:00
tobi
5668ce1ec7
[bugfix] Fix HTML escaping in instance title (#607)
* move caption sanitization -> sanitize.go

* use sanitizeplaintext rather than removehtml

* rename sanitizecaption to sanitizeplaintext

* avoid removing html twice from statuses

* unexport remoteHTML
it's no longer used outside the text package so this
makes it less confusing

* test instance PATCH
2022-05-26 11:37:13 +02:00
tobi
f848aaa81f
[security] Set SameSite to strict instead of browser default (#606) 2022-05-25 18:08:12 +02:00
tobi
a54efa09f9
[chore] Serialize times as UTC ISO8601 instead of RFC3339 (#602)
* add time util to mimic utc ISO8601

* use ISO8601 when serializing to frontend

* update test notification
2022-05-24 17:21:27 +01:00
tobi
196d542e4a
[bugfix] Don't serialize instance account if not set (#603)
* omit contactAccount from json if not set

* test instance serialization
2022-05-24 17:20:13 +01:00
tobi
2d748a68ae
[bugfix] Only search remote if protocol is http(s) (#601) 2022-05-24 13:38:11 +02:00
tobi
21557c92d9
[bugfix] Set refetch to true in iterateDescendants (#600) 2022-05-24 11:00:37 +02:00
tobi
f0c9f4169b
[bugfix] Fix multiple dereferences of boosted status causing media duplication (#589)
* add some announces to test models

* start on announce test logic

* test federatingDB.Announce

* change signature of GetRemoteStatus

* remove 'refresh' logic and replace it with refetch

* go fmt

* remove timeline manager from processor test

* make zork created at determinate

* test get account statuses

* test get + serialize zork

* make account keys determinate

* make admin accountCreate time determinate

* test account to as

* init test config before test log

* test status to frontend

* remove daft Within check

* hack around a bit

* use index of slice
2022-05-23 16:40:03 +01:00
tobi
f5a4f4321a
[bugfix] Fix error extracting status content: no content found (#598)
* don't return error if no content found in Activity

* add test for content extraction

* go fmt
2022-05-23 16:12:46 +01:00
tobi
a09e101931
[bugfix] If status URL is empty, use URI instead and don't log unnecessary error (#597)
* test parse status with no URL

* if no status URL is available, use the URI instead
2022-05-23 16:10:48 +01:00
tobi
469da93678
[security] Check all involved IRIs during block checking (#593)
* tidy up context keys, add otherInvolvedIRIs

* add ReplyToable interface

* skip block check if we own the requesting domain

* add block check for other involved IRIs

* use cacheable status fetch

* remove unused ContextActivity

* remove unused ContextActivity

* add helper for unique URIs

* check through CCs and clean slice

* add GetAccountIDForStatusURI

* add GetAccountIDForAccountURI

* check blocks on involved account

* add statuses to tests

* add some blocked tests

* go fmt

* extract Tos as well as CCs

* test PostInboxRequestBodyHook

* add some more testActivities

* deduplicate involvedAccountIDs

* go fmt

* use cacheable db functions, remove new functions
2022-05-23 11:46:50 +02:00
Adelie Paull
caa0cde0e0
[feature] implement custom_emojis endpoint (#563)
* implement custom_emojis api endpoint

* add tests for getting custom emoji out of the database and converting to api emoji

* change sort direction of emoji query

* change logging level and initialize array with known length as per kim's suggestions

* add continue to lessen risk of making a malformed struct during conversion from db to api emojis
2022-05-20 10:34:36 +02:00
tobi
62d4d756d3
[bugfix] Stop some statuses from being home timelined when they shouldn't be (#585)
* recursively check timelineability of parent status

* check following status creator

* add tests for hometimelineability (whew)

* add test with mix of public + unlocked vis
2022-05-18 22:23:49 +01:00
tobi
b2810fedf2
[bugfix] Clean up boosts of status when the status itself is deleted (#579)
* move status wiping logic to fromcommon.go

* delete reblogs of status when a status is deleted

* add admin boost of zork to test model

* update tests to make them more determinate

* Merge branch 'main' into status_reblog_cleanup

* move status wiping logic to fromcommon.go

* delete reblogs of status when a status is deleted

* add admin boost of zork to test model

* update tests to make them more determinate

* Merge branch 'main' into status_reblog_cleanup

* test status delete via client api

* go fmt
2022-05-18 22:13:03 +01:00
tobi
f4b0d76cd4
[performance] Add further indexes to mitigate laggy queries (#586)
* start adding more indexes as a migration

* update sqlite version
2022-05-18 15:58:26 +01:00
tobi
5ef41ba3f2
[chore] Timeline test updates (#578)
* add admin boost of zork to test model

* update tests to make them more determinate

* remove printf call
2022-05-16 18:48:59 +02:00
tobi
b915a41811
[feature] Basic config validation (#562)
* add optional config validation

* clarify that host and protocol are required

* add validation for host and protocol

* pass prerunArgs as a struct (validate by default)
2022-05-16 14:13:19 +02:00
tobi
b143877995
[feature] Unused avatar and header cleanup (#574)
* rename + tidy up remote pruning

* fix media attachment account join
see https://bun.uptrace.dev/guide/golang-orm.html#table-relationships

* update logging to new function name

* add get avatars and headers to bun

* add pruneallmeta function

* don't set uncached since we're deleting anyway

* fix totalPruned being in wrong place

* test pruning meta

* go fmt ./...

* rename mediaprune

* add meta pruning to routine mediaprune

* tidy up cleanup job scheduling

* rename adminmediaremoteprune

* update mediacleanup to use renamed prune func

* update swagger docs a little bit

* reuse cancel + context
2022-05-15 15:45:04 +01:00
Sashanoraa
6e947ff266
[feature] Media cleanup endpoint (#560)
Adds an admin endpoint to trigger a remote media cleanup.

Fixed #348

Signed-off-by: Sashanoraa <sasha@noraa.gay>
2022-05-15 14:52:46 +02:00
kim
223025fc27
[security] transport.Controller{} and transport.Transport{} security and performance improvements (#564)
* cache transports in controller by privkey-generated pubkey, add retry logic to transport requests

Signed-off-by: kim <grufwub@gmail.com>

* update code comments, defer mutex unlocks

Signed-off-by: kim <grufwub@gmail.com>

* add count to 'performing request' log message

Signed-off-by: kim <grufwub@gmail.com>

* reduce repeated conversions of same url.URL object

Signed-off-by: kim <grufwub@gmail.com>

* move worker.Worker to concurrency subpackage, add WorkQueue type, limit transport http client use by WorkQueue

Signed-off-by: kim <grufwub@gmail.com>

* fix security advisories regarding max outgoing conns, max rsp body size

- implemented by a new httpclient.Client{} that wraps an underlying
  client with a queue to limit connections, and limit reader wrapping
  a response body with a configured maximum size
- update pub.HttpClient args passed around to be this new httpclient.Client{}

Signed-off-by: kim <grufwub@gmail.com>

* add httpclient tests, move ip validation to separate package + change mechanism

Signed-off-by: kim <grufwub@gmail.com>

* fix merge conflicts

Signed-off-by: kim <grufwub@gmail.com>

* use singular mutex in transport rather than separate signer mus

Signed-off-by: kim <grufwub@gmail.com>

* improved useragent string

Signed-off-by: kim <grufwub@gmail.com>

* add note regarding missing test

Signed-off-by: kim <grufwub@gmail.com>

* remove useragent field from transport (instead store in controller)

Signed-off-by: kim <grufwub@gmail.com>

* shutup linter

Signed-off-by: kim <grufwub@gmail.com>

* reset other signing headers on each loop iteration

Signed-off-by: kim <grufwub@gmail.com>

* respect request ctx during retry-backoff sleep period

Signed-off-by: kim <grufwub@gmail.com>

* use external pkg with docs explaining performance "hack"

Signed-off-by: kim <grufwub@gmail.com>

* use http package constants instead of string method literals

Signed-off-by: kim <grufwub@gmail.com>

* add license file headers

Signed-off-by: kim <grufwub@gmail.com>

* update code comment to match new func names

Signed-off-by: kim <grufwub@gmail.com>

* updates to user-agent string

Signed-off-by: kim <grufwub@gmail.com>

* update signed testrig models to fit with new transport logic (instead uses separate signer now)

Signed-off-by: kim <grufwub@gmail.com>

* fuck you linter

Signed-off-by: kim <grufwub@gmail.com>
2022-05-15 11:16:43 +02:00
kim
4ac508f037
[chore] Update LE server to use copy of main http.Server{} to maintain server timeouts etc (#571)
* update LE server to use copy of main HTTP server to maintain server timeouts etc

Signed-off-by: kim <grufwub@gmail.com>

* shutup linter

Signed-off-by: kim <grufwub@gmail.com>
2022-05-15 11:10:55 +02:00
kim
9f2a2abe42
[bugfix] update syslog tests to listen/connect specifically to ipv4 loopback (#561)
Signed-off-by: kim <grufwub@gmail.com>
2022-05-13 13:35:41 +02:00
tobi
898d256511
[bugfix] Fix server trying to listen twice on same address when l.e. enabled (#557) 2022-05-12 11:35:36 +02:00
tobi
8e30671a62
[bugfix] Add account raw note fix (#556)
* hack the latest migration to fix psql issue

* add new migration to fix previous migration

* adjust query
2022-05-11 19:27:25 +02:00
Eamonn O'Brien-Strain
b24b71c0a4
[feature] Include password strength in error message when password strength is too low (#550)
* When password validation fails, return how close to enough entropy it has.

* Shorter version of low-strength password error message
2022-05-09 10:31:46 +02:00
tobi
5004e0a9da
[bugfix] Fix remote media pruning failing if media already gone (#548)
* fix error check of prune to allow missing files

* update go-store library, add test for pruning item with db entry but no file

Signed-off-by: kim <grufwub@gmail.com>

* remove now-unneccessary error check

Signed-off-by: kim <grufwub@gmail.com>

Co-authored-by: kim <grufwub@gmail.com>
2022-05-08 18:49:45 +01:00