Commit graph

38 commits

Author SHA1 Message Date
Meisam
43560cc65b
fix webfinger responses according to the specs (#2397)
* webfinger query with no resource should get 400

* check valid webfinger query

* test webfinger query

... without acct: or with wrong server

* add test for invalid user query from webfinger

* reorder the tests to decouple from state

cleanup
2022-12-07 16:26:06 -08:00
Gabe Kangas
0ecaf11a25
Merge remote-tracking branch 'origin/develop' into webv2 2022-11-29 16:37:29 -08:00
Gabe Kangas
12838949f8
Update tests to reflect new defaults 2022-11-22 12:44:21 -08:00
Gabe Kangas
3a401991cf
Explicitly set AP post as public. Closes #2112 2022-11-14 20:16:45 -08:00
John Regan
9978882b6b
activitypub: ensure Undo request has valid type (#2317) 2022-11-11 11:13:55 -08:00
Gabe Kangas
c3722256fb
Explicitly set AP post as public. Closes #2112 2022-10-28 23:25:26 -07:00
Gabe Kangas
d12f25f556
Merge branch 'develop' into webv2 2022-08-09 14:14:45 -07:00
Gabe Kangas
0a48492462
Remove unused query 2022-08-04 13:25:02 -07:00
Gabe Kangas
b2b77f5eb9
Fix creating table indexes 2022-08-03 10:31:14 -07:00
Gabe Kangas
643b54037b
Do not log inactionable error. Closes #1992 2022-08-02 12:44:24 -07:00
Gabe Kangas
506d1fa4cf
Merge remote-tracking branch 'origin/develop' into webv2 2022-07-11 21:21:07 -07:00
Gabe Kangas
2d44f86035
Add additional information to key verification error 2022-07-06 21:46:03 -07:00
Gabe Kangas
18a184eeb7
Use bundled images instead of old webroot files 2022-06-20 22:10:55 -07:00
tobi
05a134c64e
[bugfix] Fix http signatures trying to derive actor (#1956)
* add GetResolvedPublicKeyFromIRI

* verify public key using key not actor w/key

* try most common algos first

* try stated algo first

* make sure not to try an algo twice

* return errors per algorithm

* linting
2022-06-18 15:29:10 -07:00
Gabe Kangas
0f4aab24a8
Tweaks for sig verify error message 2022-06-11 15:17:43 -07:00
Andreas Nedbal
fd271b1f81
Remove doubled paragraphs around stream title in AP outbox (#1927) 2022-05-25 13:51:36 -07:00
Meisam
32ac156588
rm empty strings from services in nodeinfo (#1924) 2022-05-24 09:57:38 -07:00
Meisam
10cdf3d9b8
Add “services” and “metadata” to NodeInfo/2.0 (#1922)
* add services to nodeinfo/2.0

* add metadata to Nodeinfo/2.0
2022-05-23 19:35:29 -07:00
Meisam
d0ea430f98
fix the server name (#1907)
the name should match ^[a-z0-9-]+$
2022-05-15 20:07:34 -07:00
Gabe Kangas
b378728eba
Add mediaType to federated attachments + fix image description. For #1840 2022-04-27 16:35:36 -07:00
Gabe Kangas
a082cf3a77
Fediverse-based authentication (#1846)
* Able to authenticate user against IndieAuth. For #1273

* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272

* Add migration to remove access tokens from user

* Add authenticated bool to user for display purposes

* Add indieauth modal and auth flair to display names. For #1273

* Validate URLs and display errors

* Renames, cleanups

* Handle relative auth endpoint paths. Add error handling for missing redirects.

* Disallow using display names in use by registered users. Closes #1810

* Verify code verifier via code challenge on callback

* Use relative path to authorization_endpoint

* Post-rebase fixes

* Use a timestamp instead of a bool for authenticated

* Propertly handle and display error in modal

* Use auth'ed timestamp to derive authenticated flag to display in chat

* Fediverse chat auth via OTP

* Increase validity time just in case

* Add fediverse auth into auth modal

* Text, validation, cleanup updates for fedi auth

* Fix typo

* Remove unused images

* Remove unused file

* Add chat display name to auth modal text
2022-04-22 17:23:14 -07:00
Gabe Kangas
e46f8e2a66
Troubleshoot misskey follows
Store the original follow request object and use it for approvals.
Closes #1690
2022-04-08 13:33:30 -07:00
Gabe Kangas
9b2ef76773
Move CreateSignedRequest to the activitypub/crypto package 2022-04-07 13:44:36 -07:00
Gabe Kangas
4e415f7257
CC->TO because Mastodon cares for visibility 2022-03-18 13:01:11 -07:00
Gabe Kangas
d1e39c4c1e
Force uniqueness with previews and logos on the fediverse. Closes #1777 and closes #1776 2022-03-17 13:22:44 -07:00
Gabe Kangas
5e6bc50b59
Handle pagination for the federated actions & followers responses (#1731)
* Add pagination for admin social list

* Use Paginated API for followers tab on frontend
2022-03-06 17:18:51 -08:00
Gabe Kangas
6796998124
Remove unnecessary var data in log messages. Closes #1640 2022-02-25 15:22:52 -08:00
Gabe Kangas
b084d68fb1
Clean up and consolidate AP actor resolution logic
- Consolidate Person, Service and Application to adhere to a single
  interface type.
- Add additional error checking around actor properties.
- Remove redundant IRI->Actor resolution callbacks and use only the ones
  in the ResolveIRI method.
2022-02-10 11:49:21 -08:00
Gabe Kangas
65f0673dba
Add a sanity check to make sure the actor IRI exists 2022-01-30 13:14:56 -08:00
Gabe Kangas
4e76fff0d0
Add support for resolving Application actors and fix error handling with failed resolution. Fixes #1710 2022-01-30 11:44:17 -08:00
Gabe Kangas
bd14b70679
Fix janky hashtag detection. Closes #1686 2022-01-20 20:01:05 -08:00
Gabe Kangas
bb3bbc0eaf
Demote error level 2022-01-20 17:33:42 -08:00
Gabe Kangas
a471707a54
Fix misskey-specific error of existing-but-null avatar. Closes #1689 2022-01-20 14:56:04 -08:00
Gabe Kangas
9a875722b1
Add server URL to profile data. Closes https://github.com/owncast/owncast/issues/1675 2022-01-17 20:01:58 -08:00
Gabe Kangas
01d83064da
Make acct webfinger prefix optional. Closes #1662" 2022-01-12 19:56:55 -08:00
Gabe Kangas
9eecf1c902
Handle create requests but immediately throw an error that we ignore them 2022-01-12 18:42:33 -08:00
Gabe Kangas
24a57f9076
Small cleanup 2022-01-12 15:16:24 -08:00
Gabe Kangas
045a0a2afd
Social features / ActivityPub federation (#1629)
* Support webfinger requests for the live account. Closes https://github.com/owncast/owncast/issues/1193

* Support for actor requests. Returns response for live actor. Closes https://github.com/owncast/owncast/issues/1203

* Handle follow and unfollow requests. Closes
https://github.com/owncast/owncast/issues/1191 and https://github.com/owncast/owncast/issues/1205 and https://github.com/owncast/owncast/issues/1206 and https://github.com/owncast/owncast/issues/1194

* Add basic support for sending out text activities. For https://github.com/owncast/owncast/issues/1192

* Some error handling and passing of dynamic local account names.

* Add hardcoded example image attachment to test post

* Centralize the map of accounts and inboxes

* No longer disable the preview generator based on YP toggle

* Send a federated message to followers when stream starts. For https://github.com/owncast/owncast/issues/1192

* Placeholder for attaching tags

* Add image description

* Save and get to outbox persistence. Return using outbox endpoint for actor

* Pass payloads to be handled through the gochan

* Handle undo follow requests explitly, not all undo requests

* Add API for manually sending simple federated messages. Closes #1215

* Verify inbox requests. Closes #1321

* Add route to fetch a single AP object by ID. For #1329

* Add responses to fediverse nodeinfo requests

* Set and get federation config values for admin

* Handle host-meta requests

* Do not send out message if disabled. Use saved go live message.

* Require AP-compatible content types for AP-related requests

* Rename ap models to apmodels for clarity

* Change how content type matching takes place.

* io -> ioutil

* Add stub delete activity callback

* Handle likes and announces to surface engagement in chat. Part of #1229

* Append url to go live posts

* Do not require specific content types for nodeinfo requests

* Add follow engagement chat message via AP

* add owncast user-agent to requests

* Set note visibility to public (for now)

* Fix saving/fetching a single object

* Add support for x-nodeinfo2 responses

* Point to the dev admin branch for ap

* Bundle in dev admin for testing

* Add error logging

* Add AP middleware back

* Point to the new external compatible logo endpoint

* Clean up more AP logging to help testing

* Tweak go live text and link hashtags

* Fix bug in fetching init time

* Send update actor activities when server details/profile is updated

* Add federation config overview to web client config

* Add additional actor properties

* Make the AP middleware checking more flexible when looking at types

* First pass at remote fediverse follow flow. For #1371

* Added a basic AP actor followers endpoint

* WIP client followers API

* Add profile-page reference to webfinger response

* Add aliases to webfinger response

* Fix content-type returned to be expected activitypub+json

* First pass at followers api

* Point at local dev copy of go-fed/activity

* Add custom toot Hashtag objects to posts

* Store additional user details to followers table

* Fix AP followers endpoint. Closes #1204

* Add owncast hashtag as an invisible tag to go live posts

* Reject AP requests when it is disabled

* Add actor util for generating full account user from person object

* Verify inbox requests before performing any other work

* Accept actor update requests

* Fix linter errors in federation branch

* Migrate AP SQL to sqlc for type safe queries

* Use the @unclearParadigm REST parameter helper

* Fix verifying post ID on AP engagement

* WIP privacy/request approval

* Style the remote follow modal

* First pass at a followers list component w/ mock data. #1370

* Revert "Use the @unclearParadigm REST parameter helper"

This reverts commit c8af8a413f.

* Fix get followers API

* Add support for requiring approval. Closes https://github.com/owncast/owncast/issues/1208

* Handle Applications as Actors partly for PeerTube support

* add temp todo list

* check route on load, this might change later

* style followers

* account for just 1 tab case

* Remove mock data. Allow showing follow button even when there are no external actions defined

* Point to actual followers API

* Support fallback img for follower views

* Remove duplicate verification. Add some additional verbose logging

* Bundle dev admin

* Add type to host-meta webfinger template response

* Tweak remote follow modal content

* WIP federation followers refactor

* Do not send pointer to middleware

* Update admin

* Add setting for toggling displaying fediverse engagement. Closes #1404

* Add in-development admin

* Do not enable cors on admin followers api

* Add db migration for updating messages table

* Enable empty string go live messages to disable

* Remove debug messages

* Rework some ActivityPub handling.

Create new Actor->Person handling.
Create new Actor->Service handling.
Add engagement handlers to send chat events and store event objects.
Store inbound activities to new ap_inbound_activities table.

* Support federated engagement events.

Store them in the messages table and surface them via chat events.

* Support federated event engatement in the chat

* Tweak web UI followers handling

* Point go.mod at remote fork instead of local

* Update admin

* Merged in develop. Couple fixes

* Update dev admin

* Update fedi engagement posts.

- Fix incorrect action text.
- Add action icons.

* Set public as to instead of cc for ap msg

* Updated styling for federated actions in chat

* Add support for blocking federated domains. Closes #1209

* Force checking of https in verify step

* Update dev admin

* Return user scopes in chat history api. Closes #1586

* Update dev admin

* Add AP outbound request worker pool. Closes #1571

* Disable (temporarily?) owncast tag on AP posts

* Consolidate creating activity+notes in outbound AP messages

* Add inbox worker pool. Closes #1570

* Update dev admin bundle

* Clean up some logs

* Re-enable inbound verfication

* Save full IRI to outbox instead of path

* Reject if full IRI is not found in outbox

* Use full ActivityPub user account in chat event

* Fix and expand follower APIs

- Add missing IDs to AP follower endpoints
- Split AP follower endpoints into initial request and pages.
- Support pagination in AP requests.

* Include IRI in error message

* Hide chat toggle when chat is hidden. Closes #1606

* Updates to followers pagination

* Set default go live message

* Remove log

* indirect -> direct import

* Updates for inbound federated event handling.

- Keep track of existing events and reject duplicates.
- Change what is sent to chat for surfing federated engagement.
- Keep track if outbound events are automated "go live" events or not.

* Update chat federated engagement.

* Update dev admin.

* Move from being a person to a bot (service). Closes #1619

* Only set server init date if not already set

* Only save notes to outbox able

* Rework private-mode followers/approvals

* API for returning a list of federated actions for #1573

* Fix too-small follower cells and jumpy tabs. Closes #1616 and closes #1516

* Fix shortcuts getting fired on inputs. Fixes #1489 and #1201

* Add spinner, autoclose + other fixes to follow modal. Fixes #1593

* Fix fetching a single object by IRI

* SendFederationMessage -> SendFederatedMessage

* Autolink and create tag objects from manual posts. Closes #1620

* Update dev admin bundle

* Handle engagement from non-automated/live posts

* Reject federated engagement actions if they do not match a local post

* Update dev admin bundle

* A bunch of cleanup

* Fix unused assignments and logic

* Remove unused function

* Add content warning and sentive content flag if stream is NSFW. Closes #1624

* Disable fetching objects by IRI when in private mode. Closes #1623

* Update the error message of the remote follow dialog. closes #1622

* Update dev admin

* Fix NREs throwing in test content

* Fix query that wasn't properly filtering out hidden messages

* Test against user being disabled instead of message visibility

* Fix automated test NRE

* Update comment

* Adjust federated engagement chat views. Closes #1617

* Add additional index to users table

* Add support for removing followers/requests. Closes #1630

* Reject federated actions from blocked actors. #1631

* Use fallback avatar if it fails to load. Closes #1635

* Fix styling of follower list. Closes #1636

* Add basic blurb stating they should follow the server. Closes #1641

* Update dev admin

* Set default go live message in migration. Closes #1642

* Reset the messages table on 0.0.11 schema migration

* Fix js error with moderation actions. Closes #1621

* Add a bit more clarification on follow modal. Closes #1599

* Remove todos

* Split out actor and domain blocking checks

* Check for errors on default values being set

* Clean up actor rejection due to being blocked

* Update dev admin

* Add colon to error to make it easier to read

* Remove markdown rendering of go live message. Reorganize text. Remove content warning. Closes #1645

* Break out the sort+render messages logic so it can be fired on visibility change. Closes #1643

* Do not send profile updates if federation is disabled

* Save follow references to inbound activities table

* Update dev admin

* Add blocked actor test

* Remove the overloaded term of Follow from social links

* Fix test running in memory only

* Remove "just" in engagement messags

* Replace star with heart for like action.

* Update dev admin

* Explicitly set cc as public

* Remove overly using the stream name in fediverse engagement messages

* Some federated/follow UI tweaks

* Remove explicit cc and bcc as they are not required

* Explicitly set the audience

* Remove extra margin

* Add Join Fediverse button to follow modal. Closes #1651

* Do not allow multiple follows to send multiple events. Closes #1650

* Give events a min height

* Do not allow old posts to be liked/shared. Closes #1652

* Remove value from log message

* Alert followers on private mode toggle

* Ignore clicks to follow button if disabled

* Remove underline from action buttons

* Add moderator icon to join message

* Update admin

* Post-merge remove unused var

* Remove pointing at feature branch

Co-authored-by: Ginger Wong <omqmail@gmail.com>
2022-01-12 13:53:10 -08:00