* Able to authenticate user against IndieAuth. For #1273
* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272
* Add migration to remove access tokens from user
* Add authenticated bool to user for display purposes
* Add indieauth modal and auth flair to display names. For #1273
* Validate URLs and display errors
* Renames, cleanups
* Handle relative auth endpoint paths. Add error handling for missing redirects.
* Disallow using display names in use by registered users. Closes#1810
* Verify code verifier via code challenge on callback
* Use relative path to authorization_endpoint
* Post-rebase fixes
* Use a timestamp instead of a bool for authenticated
* Propertly handle and display error in modal
* Use auth'ed timestamp to derive authenticated flag to display in chat
* Fediverse chat auth via OTP
* Increase validity time just in case
* Add fediverse auth into auth modal
* Text, validation, cleanup updates for fedi auth
* Fix typo
* Remove unused images
* Remove unused file
* Add chat display name to auth modal text
* Able to authenticate user against IndieAuth. For #1273
* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272
* Add migration to remove access tokens from user
* Add authenticated bool to user for display purposes
* Add indieauth modal and auth flair to display names. For #1273
* Validate URLs and display errors
* Renames, cleanups
* Handle relative auth endpoint paths. Add error handling for missing redirects.
* Disallow using display names in use by registered users. Closes#1810
* Verify code verifier via code challenge on callback
* Use relative path to authorization_endpoint
* Post-rebase fixes
* Use a timestamp instead of a bool for authenticated
* Propertly handle and display error in modal
* Use auth'ed timestamp to derive authenticated flag to display in chat
* don't redirect unless a URL is present
avoids redirecting to `undefined` if there was an error
* improve error message if owncast server URL isn't set
* fix IndieAuth PKCE implementation
use SHA256 instead of SHA1, generates a longer code verifier (must be 43-128 chars long), fixes URL-safe SHA256 encoding
* return real profile data for IndieAuth response
* check the code verifier in the IndieAuth server
* Linting
* Add new chat settings modal anad split up indieauth ui
* Remove logging error
* Update the IndieAuth modal UI. For #1273
* Add IndieAuth repsonse error checking
* Disable IndieAuth client if server URL is not set.
* Add explicit error messages for specific error types
* Fix bad logic
* Return OAuth-keyed error responses for indieauth server
* Display IndieAuth error in plain text with link to return to main page
* Remove redundant check
* Add additional detail to error
* Hide IndieAuth details behind disclosure details
* Break out migration into two steps because some people have been runing dev in production
* Add auth option to user dropdown
Co-authored-by: Aaron Parecki <aaron@parecki.com>
* Support webfinger requests for the live account. Closes https://github.com/owncast/owncast/issues/1193
* Support for actor requests. Returns response for live actor. Closes https://github.com/owncast/owncast/issues/1203
* Handle follow and unfollow requests. Closes
https://github.com/owncast/owncast/issues/1191 and https://github.com/owncast/owncast/issues/1205 and https://github.com/owncast/owncast/issues/1206 and https://github.com/owncast/owncast/issues/1194
* Add basic support for sending out text activities. For https://github.com/owncast/owncast/issues/1192
* Some error handling and passing of dynamic local account names.
* Add hardcoded example image attachment to test post
* Centralize the map of accounts and inboxes
* No longer disable the preview generator based on YP toggle
* Send a federated message to followers when stream starts. For https://github.com/owncast/owncast/issues/1192
* Placeholder for attaching tags
* Add image description
* Save and get to outbox persistence. Return using outbox endpoint for actor
* Pass payloads to be handled through the gochan
* Handle undo follow requests explitly, not all undo requests
* Add API for manually sending simple federated messages. Closes#1215
* Verify inbox requests. Closes#1321
* Add route to fetch a single AP object by ID. For #1329
* Add responses to fediverse nodeinfo requests
* Set and get federation config values for admin
* Handle host-meta requests
* Do not send out message if disabled. Use saved go live message.
* Require AP-compatible content types for AP-related requests
* Rename ap models to apmodels for clarity
* Change how content type matching takes place.
* io -> ioutil
* Add stub delete activity callback
* Handle likes and announces to surface engagement in chat. Part of #1229
* Append url to go live posts
* Do not require specific content types for nodeinfo requests
* Add follow engagement chat message via AP
* add owncast user-agent to requests
* Set note visibility to public (for now)
* Fix saving/fetching a single object
* Add support for x-nodeinfo2 responses
* Point to the dev admin branch for ap
* Bundle in dev admin for testing
* Add error logging
* Add AP middleware back
* Point to the new external compatible logo endpoint
* Clean up more AP logging to help testing
* Tweak go live text and link hashtags
* Fix bug in fetching init time
* Send update actor activities when server details/profile is updated
* Add federation config overview to web client config
* Add additional actor properties
* Make the AP middleware checking more flexible when looking at types
* First pass at remote fediverse follow flow. For #1371
* Added a basic AP actor followers endpoint
* WIP client followers API
* Add profile-page reference to webfinger response
* Add aliases to webfinger response
* Fix content-type returned to be expected activitypub+json
* First pass at followers api
* Point at local dev copy of go-fed/activity
* Add custom toot Hashtag objects to posts
* Store additional user details to followers table
* Fix AP followers endpoint. Closes#1204
* Add owncast hashtag as an invisible tag to go live posts
* Reject AP requests when it is disabled
* Add actor util for generating full account user from person object
* Verify inbox requests before performing any other work
* Accept actor update requests
* Fix linter errors in federation branch
* Migrate AP SQL to sqlc for type safe queries
* Use the @unclearParadigm REST parameter helper
* Fix verifying post ID on AP engagement
* WIP privacy/request approval
* Style the remote follow modal
* First pass at a followers list component w/ mock data. #1370
* Revert "Use the @unclearParadigm REST parameter helper"
This reverts commit c8af8a413f.
* Fix get followers API
* Add support for requiring approval. Closes https://github.com/owncast/owncast/issues/1208
* Handle Applications as Actors partly for PeerTube support
* add temp todo list
* check route on load, this might change later
* style followers
* account for just 1 tab case
* Remove mock data. Allow showing follow button even when there are no external actions defined
* Point to actual followers API
* Support fallback img for follower views
* Remove duplicate verification. Add some additional verbose logging
* Bundle dev admin
* Add type to host-meta webfinger template response
* Tweak remote follow modal content
* WIP federation followers refactor
* Do not send pointer to middleware
* Update admin
* Add setting for toggling displaying fediverse engagement. Closes#1404
* Add in-development admin
* Do not enable cors on admin followers api
* Add db migration for updating messages table
* Enable empty string go live messages to disable
* Remove debug messages
* Rework some ActivityPub handling.
Create new Actor->Person handling.
Create new Actor->Service handling.
Add engagement handlers to send chat events and store event objects.
Store inbound activities to new ap_inbound_activities table.
* Support federated engagement events.
Store them in the messages table and surface them via chat events.
* Support federated event engatement in the chat
* Tweak web UI followers handling
* Point go.mod at remote fork instead of local
* Update admin
* Merged in develop. Couple fixes
* Update dev admin
* Update fedi engagement posts.
- Fix incorrect action text.
- Add action icons.
* Set public as to instead of cc for ap msg
* Updated styling for federated actions in chat
* Add support for blocking federated domains. Closes#1209
* Force checking of https in verify step
* Update dev admin
* Return user scopes in chat history api. Closes#1586
* Update dev admin
* Add AP outbound request worker pool. Closes#1571
* Disable (temporarily?) owncast tag on AP posts
* Consolidate creating activity+notes in outbound AP messages
* Add inbox worker pool. Closes#1570
* Update dev admin bundle
* Clean up some logs
* Re-enable inbound verfication
* Save full IRI to outbox instead of path
* Reject if full IRI is not found in outbox
* Use full ActivityPub user account in chat event
* Fix and expand follower APIs
- Add missing IDs to AP follower endpoints
- Split AP follower endpoints into initial request and pages.
- Support pagination in AP requests.
* Include IRI in error message
* Hide chat toggle when chat is hidden. Closes#1606
* Updates to followers pagination
* Set default go live message
* Remove log
* indirect -> direct import
* Updates for inbound federated event handling.
- Keep track of existing events and reject duplicates.
- Change what is sent to chat for surfing federated engagement.
- Keep track if outbound events are automated "go live" events or not.
* Update chat federated engagement.
* Update dev admin.
* Move from being a person to a bot (service). Closes#1619
* Only set server init date if not already set
* Only save notes to outbox able
* Rework private-mode followers/approvals
* API for returning a list of federated actions for #1573
* Fix too-small follower cells and jumpy tabs. Closes#1616 and closes#1516
* Fix shortcuts getting fired on inputs. Fixes#1489 and #1201
* Add spinner, autoclose + other fixes to follow modal. Fixes#1593
* Fix fetching a single object by IRI
* SendFederationMessage -> SendFederatedMessage
* Autolink and create tag objects from manual posts. Closes#1620
* Update dev admin bundle
* Handle engagement from non-automated/live posts
* Reject federated engagement actions if they do not match a local post
* Update dev admin bundle
* A bunch of cleanup
* Fix unused assignments and logic
* Remove unused function
* Add content warning and sentive content flag if stream is NSFW. Closes#1624
* Disable fetching objects by IRI when in private mode. Closes#1623
* Update the error message of the remote follow dialog. closes#1622
* Update dev admin
* Fix NREs throwing in test content
* Fix query that wasn't properly filtering out hidden messages
* Test against user being disabled instead of message visibility
* Fix automated test NRE
* Update comment
* Adjust federated engagement chat views. Closes#1617
* Add additional index to users table
* Add support for removing followers/requests. Closes#1630
* Reject federated actions from blocked actors. #1631
* Use fallback avatar if it fails to load. Closes#1635
* Fix styling of follower list. Closes#1636
* Add basic blurb stating they should follow the server. Closes#1641
* Update dev admin
* Set default go live message in migration. Closes#1642
* Reset the messages table on 0.0.11 schema migration
* Fix js error with moderation actions. Closes#1621
* Add a bit more clarification on follow modal. Closes#1599
* Remove todos
* Split out actor and domain blocking checks
* Check for errors on default values being set
* Clean up actor rejection due to being blocked
* Update dev admin
* Add colon to error to make it easier to read
* Remove markdown rendering of go live message. Reorganize text. Remove content warning. Closes#1645
* Break out the sort+render messages logic so it can be fired on visibility change. Closes#1643
* Do not send profile updates if federation is disabled
* Save follow references to inbound activities table
* Update dev admin
* Add blocked actor test
* Remove the overloaded term of Follow from social links
* Fix test running in memory only
* Remove "just" in engagement messags
* Replace star with heart for like action.
* Update dev admin
* Explicitly set cc as public
* Remove overly using the stream name in fediverse engagement messages
* Some federated/follow UI tweaks
* Remove explicit cc and bcc as they are not required
* Explicitly set the audience
* Remove extra margin
* Add Join Fediverse button to follow modal. Closes#1651
* Do not allow multiple follows to send multiple events. Closes#1650
* Give events a min height
* Do not allow old posts to be liked/shared. Closes#1652
* Remove value from log message
* Alert followers on private mode toggle
* Ignore clicks to follow button if disabled
* Remove underline from action buttons
* Add moderator icon to join message
* Update admin
* Post-merge remove unused var
* Remove pointing at feature branch
Co-authored-by: Ginger Wong <omqmail@gmail.com>
* APIs for querying and executing an update in place.
For #924
* Use the process pid to query systemd for status
* Use parent pid and invocation ID to guess if running from systemd
* Stream cmd output to client + report errors
* Update comment to refer to INVOCATION_ID
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* - mock detect when user turns into moderator
- add moderator indicator to display on messages and username changer
* also mock moderator flag in message payload about user to display indicator
* add some menu looking icons and a menu of actions
* WIP chat moderators
* Add support for admin promoting a user to moderator
* WIP-
open a more info panel of user+message info; add some a11y to buttons
* style the details panel
* adjust positioning of menus
* Merge fixes. ChatClient->Client ChatServer->Server
* Remove moderator bool placeholders to use real state
* Support inline hiding of messages by moderators
* Support inline banning of chat users
* Cleanup linter warnings
* Puppeteer tests fail after typing take place
* Manually resolve conflicts in chat between moderator feature and develop
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Replace pkger with go:embed for bundling the admin. Closes#844
* Remove references to pkged.go
* Point tests to use an updated version of Go
* Add comment to new exported function
* Cleanup
* Add a dummy pkged.go to alert people to stop using it.
* Add simple browser test to make sure the admin is available and renders
* Don't panic
* Embed bot/scraper metadata template.
Add browser test to validate the rendering of this template.
* Use embedded offline.ts segment
* Remove placeholder thumbnail as its unnecessary
* Remove copying the static directory into the release
* Cleanup
* Replace pkger with go:embed for bundling the admin. Closes#844
* Remove references to pkged.go
* Point tests to use an updated version of Go
* Add comment to new exported function
* Cleanup
* Add a dummy pkged.go to alert people to stop using it.
* Add simple browser test to make sure the admin is available and renders
* Don't panic
* add public func to lookup a ChatClient by its clientId
* add facility to send a system message directly to a user
* add clientId field to UserEvent
* implement simple http endpoint to send a message to a user
* let mux handle new directSystemMessageToUser endpoint
* add ClientId to UserEvents across the codebase
* render body of system-message to client
* add clientId to Chat-Message
* add tests showing how url-parsing should work
* add simple rest endpoint helpers for parameter-parsing and easy routing
* use newly added rest-endpoint helper to rout to Client-Messaging controller
* use safe "ReadRestUrlParameter" to parse ClientId
* remove empty HandleFunc in router
* set Header directly to prevent built-in (platform-dependent) canonicalization to kick in
* fix typo in "Parameter" message
* remove debug-logging of HTTP headers in REST-helpers
* convert to uint32 to prevent overruns when converting to wraptype uint later on
* resolve linter-ouchies
* resolve linter potential nil-deref warning
* document the SendSystemMessageToClient endpoint in swaggerdoc
* remove clientId assignment causing potential nil dereference in userDisabledEvent-case
as the clientId isn't relevant here anyway
* make findClientById private, so its not accessible outside of core/chat
* remove redundant string type hint
* Update PR based on linter requirements
Co-authored-by: Raffael Rehberger <raffael@rtrace.io>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Expand the linters and types of warnings to improve consistency and safety
* Fail lint workflow if there are errors
* golint has been replaced by revive
* Hand-pick some of the default exclude list
* Ignore error when trying to delete preview gif
* Ignore linter warning opening playlist path
* Rename user field Id -> ID
* A bunch of renames to address linter warnings
* Rename ChatClient -> Client per linter suggestion best practice
* Rename ChatServer -> Server per linter suggestion best practice
* More linter warning fixes
* Add missing comments to all exported functions and properties
