Commit graph

106 commits

Author SHA1 Message Date
Gabe Kangas
a450e62397
Optionally disable chat rate limiter and add optional chat slur/language filter (#3681)
* feat(chat): basic profanity filter. For #3139

* feat(chat): add setting for disabling chat spam protection. Closes #3523

* feat(chat): wire up the new chat slur filter to admin and chat. Closes #3139
2024-04-09 22:25:41 -07:00
Gabe Kangas
1b14800c7d
fix(api): protect emoji delete api from path traversal exploit 2024-01-20 20:30:29 -08:00
Gabe Kangas
56eb2a4785
chore(lint): silence linter warnings 2023-10-21 09:46:45 -07:00
Gabe Kangas
169c11596c
feat(chat): add support for chat part messages. Closes #3201 (#3291) 2023-09-10 10:58:11 -07:00
Shreyas
062de79920
Block Private URLs at serverurl API endpoint (#3295)
* Block Private URLs at `serverurl` API endpoint

* Block Private URLs at `serverurl` with `net/netip`
2023-09-06 20:28:15 -07:00
mrsoong
b0c50fb8e5
Fixed localhost IP ban (#3183) 2023-07-17 19:06:58 +00:00
Gabe Kangas
9b44ff107f
fix(api): validate stream key payload. Closes #3082 2023-06-13 13:05:43 -07:00
Gabe Kangas
af82d05421
fix(api): explicitly disable caching on api responses 2023-06-05 08:52:00 -07:00
Gabe Kangas
cd458630ec
Support using the custom video serving endpoint even if you don't use object storage (#2924)
* feat(video): refactor video serving endpoint

It can now be used without an object storage provider. Closes #2785

* fix: remove debug log
2023-05-30 14:05:24 -07:00
Gabe Kangas
15dc718e61
feat: add support for robots.txt disabling search indexing (#2929)
* feat: add support for robots.txt

Can toggle disabling search engine indexing. Closes #2684

* fix: unexport ts const
2023-05-30 11:09:51 -07:00
Gabe Kangas
85e7af3d5f
Update to Go 1.20 + run better align (#2927)
* chore(go): update go version to 1.20. Closes #2185

* chore(go): run better align against project

To optimize struct field order. Closes #2870

* chore(go): update CI jobs to use Go 1.20

* fix(go): linter warnings for Go 1.20 update
2023-05-30 10:31:43 -07:00
Gabe Kangas
a3e890ff7a
Fix linter errors to reflect update to Go 1.20 2023-05-28 12:38:51 -07:00
Pranav Joglekar
07c5cabfe8
Trigger the title updated webhook event whenever a title is changed (#2823)
* wip: trigger the title updated webhook event whenever a title is changed

* Commit updated API documentation

* fix: add STREAM_TITLE_CHANGED to list of valid events

* feat: Add support for STREAM_TITLE_CHANGED webhook event on admin dashboard

* fix: transmit webhook event after stream has changed to fix race conditions where older title was sent

---------

Co-authored-by: Owncast <owncast@owncast.online>
2023-03-28 11:34:00 -07:00
Gabe Kangas
23a721857f
Do not support stream key UI or any persisted stream keys when overridden via cli flag. Closes #2749 2023-02-27 17:08:52 -08:00
Gabe Kangas
19c228eaf6
Allow adding custom javascript to the page. Closes #2604 2023-01-18 22:38:24 -08:00
Michael David Kuckuk
59e5cfefd4
Remove twitter notification configuration (#2598) 2023-01-17 13:20:29 -08:00
Gabe Kangas
3819335090
Return error when data not found in logo upload API 2022-12-28 15:21:26 -08:00
Gabe Kangas
0ebb968074
Handle subdirectories of emoji in copying, fetching and deleting. For #1916 2022-12-16 20:23:58 -08:00
Philipp
dc54dfe363
Feature: emoji editor (#2411)
* Custom emoji editor: implement backend

This reuses the logo upload code

* Implement emoji edit admin interface

Again reuse base64 logic from the logo upload

* Allow toggling between uploaded and default emojis

* Add route that always serves uploaded emojis

This is needed for the admin emoji interface,
as otherwise the emojis will 404 if custom emojis are disabled

* Fix linter warnings

* Remove custom/uploaded emoji logic

* Reset timer after emoji deletion

* Setup: copy built-in emojis to emoji directory
2022-12-12 08:40:43 -08:00
Meisam
a7080a1fc1
validate response of federation APIs (#2408)
* validate json responses

* update deps

* tmp disable header check

* log all the webfinger fails

refactor and filter more malformed requests

* don't set incorrect serverURL strings

* test failing through admin api

* fix server url in fedi tests

* check response.text

* validate json/xml response of all apis

test Content-Type of api response and cleanup

* improve logs

* fix rebase

* cleanup json parser in api tests

* mark the api tests performed by admin

* Separate check for reading and format of serverURL

* test /federation/user/ with wrong username in ci
2022-12-10 21:10:10 -08:00
Gabe Kangas
c4dc802941 Make stream keys objects with comment instead of string slice 2022-11-29 16:05:44 -08:00
Gabe Kangas
c9e3ccad45 API + Data changes to support split up of stream keys and admin passwords 2022-11-29 16:05:44 -08:00
Gabe Kangas
813f8692f0
Support color customization from the admin (#2338)
* Add user-customizable theming. Closes #1915

* Prettified Code!

* Add user-customizable theming. Closes #1915

* Add explicit color for page content background

* Prettified Code!

Co-authored-by: gabek <gabek@users.noreply.github.com>
2022-11-12 20:26:55 -08:00
Gabe Kangas
c844e98a19
Merge remote-tracking branch 'origin/develop' into webv2 2022-10-12 16:52:05 -07:00
Florian Lehner
203f669ca8
preallocate memory (#2201)
**What this PR does / why we need it:**

Preallocate memory instead of enforcing an incremental growth. This will result in less work for the garbage collector.
2022-10-12 16:37:26 -07:00
Gabe Kangas
681067ab93
Add custom offline message+api. Part of #1901 2022-08-09 22:09:43 -07:00
Gabe Kangas
68414445c2
Add support for changing user color in name modal. Closes #1805 2022-08-09 19:56:45 -07:00
Gabe Kangas
b08393295f
Add option to hide viewer count. Closes #1939 2022-06-26 00:46:55 -07:00
Gabe Kangas
78c6189c02
First pass at bundling web app into service. Working. 2022-06-19 15:32:42 -07:00
funkyhippo
a500a5f975
Add terminations to error repsonses in API. (#1872) 2022-04-23 13:19:17 -07:00
Gabe Kangas
e46f8e2a66
Troubleshoot misskey follows
Store the original follow request object and use it for approvals.
Closes #1690
2022-04-08 13:33:30 -07:00
Gabe Kangas
1e19e2a50e
Surface the % of players represented in metrics 2022-03-27 16:27:38 -07:00
Gabe Kangas
410b413b84
Add stream health overview collection + apis 2022-03-24 23:07:05 -07:00
Gabe Kangas
4a17f30da8
Outbound live stream notifications (#1663)
* First pass at browser, discord, twilio notifications

* Commit updated Javascript packages

* Remove twilio notification support

* Email notifications/smtp support

* Fix Firefox notification support, remove chrome checks

* WIP more email work

* Add support for twitter notifications

* Add stream title to discord and twitter notifications

* Update notification registration modal

* Fix hide/show email section

* Commit updated API documentation

* Commit updated Javascript packages

* Fix post-rebase missing var

* Remove unused var

* Handle unsubscribe errors for browser push

* Standardize email config prop names

* Allow overriding go live email template

* Some notifications cleanup

* Commit updated Javascript packages

* Remove email/smtp/mailjet support

* Remove more references to email notifications

Co-authored-by: Owncast <owncast@owncast.online>
2022-03-18 13:33:23 -07:00
Gabe Kangas
d1e39c4c1e
Force uniqueness with previews and logos on the fediverse. Closes #1777 and closes #1776 2022-03-17 13:22:44 -07:00
Gabe Kangas
6479220e78
Expand upon playback metrics 2022-03-16 22:49:27 -07:00
Gabe Kangas
babbcecc9c
Stream performance metrics (#1785)
* WIP playback metrics

* Playback metrics collecting + APIs. Closes #793

* Cleanup console messages

* Update test

* Increase browser test timeout

* Update browser tests to not fail
2022-03-16 17:34:44 -07:00
Gabe Kangas
e0a75d5d54
Add support for established chat user mode. #1587 (#1681)
* Add support for established user mode. #1587

* Tweak tests

* Tweak tests

* Update test

* Fix test.
2022-03-06 23:26:24 -08:00
Gabe Kangas
19b9a8bdf6
Add support for IP-based bans (#1703)
* Add support for IP-based bans. Closes #1534

* Linter cleanup
2022-03-06 20:34:49 -08:00
Gabe Kangas
78c27ddbdd
Add an icon for bot messages. Closes #1172 (#1729) 2022-03-06 20:09:55 -08:00
Gabe Kangas
1ed1cc01eb
Persist time series viewer metrics (#1752)
* WIP persisting time series viewer metrics. Closes #1478

* Remove unused var, move around initial collection
2022-03-06 19:43:57 -08:00
Gabe Kangas
98fce01b52
Add support for active viewer details API. Closes #1477 (#1747) 2022-03-06 17:31:47 -08:00
Gabe Kangas
5e6bc50b59
Handle pagination for the federated actions & followers responses (#1731)
* Add pagination for admin social list

* Use Paginated API for followers tab on frontend
2022-03-06 17:18:51 -08:00
Gabe Kangas
d24ddc2b0a
Add support for and use socket host override. (#1682)
* Add support for and use socket host override. Closes #1378

* Fix embeds with the new websocket constructor
2022-03-06 17:11:51 -08:00
Gabe Kangas
d5a6267b1f
Add support to disable chat join messages. Closes #1582 (#1743) 2022-03-05 22:34:06 -08:00
Gabe Kangas
7f41b2df7c
Strip any trailing slash when saving server URL 2022-01-20 17:07:15 -08:00
Gabe Kangas
3b0dafba9a
Return error in API response. Return all fields in message+user query 2022-01-18 15:38:23 -08:00
Gabe Kangas
045a0a2afd
Social features / ActivityPub federation (#1629)
* Support webfinger requests for the live account. Closes https://github.com/owncast/owncast/issues/1193

* Support for actor requests. Returns response for live actor. Closes https://github.com/owncast/owncast/issues/1203

* Handle follow and unfollow requests. Closes
https://github.com/owncast/owncast/issues/1191 and https://github.com/owncast/owncast/issues/1205 and https://github.com/owncast/owncast/issues/1206 and https://github.com/owncast/owncast/issues/1194

* Add basic support for sending out text activities. For https://github.com/owncast/owncast/issues/1192

* Some error handling and passing of dynamic local account names.

* Add hardcoded example image attachment to test post

* Centralize the map of accounts and inboxes

* No longer disable the preview generator based on YP toggle

* Send a federated message to followers when stream starts. For https://github.com/owncast/owncast/issues/1192

* Placeholder for attaching tags

* Add image description

* Save and get to outbox persistence. Return using outbox endpoint for actor

* Pass payloads to be handled through the gochan

* Handle undo follow requests explitly, not all undo requests

* Add API for manually sending simple federated messages. Closes #1215

* Verify inbox requests. Closes #1321

* Add route to fetch a single AP object by ID. For #1329

* Add responses to fediverse nodeinfo requests

* Set and get federation config values for admin

* Handle host-meta requests

* Do not send out message if disabled. Use saved go live message.

* Require AP-compatible content types for AP-related requests

* Rename ap models to apmodels for clarity

* Change how content type matching takes place.

* io -> ioutil

* Add stub delete activity callback

* Handle likes and announces to surface engagement in chat. Part of #1229

* Append url to go live posts

* Do not require specific content types for nodeinfo requests

* Add follow engagement chat message via AP

* add owncast user-agent to requests

* Set note visibility to public (for now)

* Fix saving/fetching a single object

* Add support for x-nodeinfo2 responses

* Point to the dev admin branch for ap

* Bundle in dev admin for testing

* Add error logging

* Add AP middleware back

* Point to the new external compatible logo endpoint

* Clean up more AP logging to help testing

* Tweak go live text and link hashtags

* Fix bug in fetching init time

* Send update actor activities when server details/profile is updated

* Add federation config overview to web client config

* Add additional actor properties

* Make the AP middleware checking more flexible when looking at types

* First pass at remote fediverse follow flow. For #1371

* Added a basic AP actor followers endpoint

* WIP client followers API

* Add profile-page reference to webfinger response

* Add aliases to webfinger response

* Fix content-type returned to be expected activitypub+json

* First pass at followers api

* Point at local dev copy of go-fed/activity

* Add custom toot Hashtag objects to posts

* Store additional user details to followers table

* Fix AP followers endpoint. Closes #1204

* Add owncast hashtag as an invisible tag to go live posts

* Reject AP requests when it is disabled

* Add actor util for generating full account user from person object

* Verify inbox requests before performing any other work

* Accept actor update requests

* Fix linter errors in federation branch

* Migrate AP SQL to sqlc for type safe queries

* Use the @unclearParadigm REST parameter helper

* Fix verifying post ID on AP engagement

* WIP privacy/request approval

* Style the remote follow modal

* First pass at a followers list component w/ mock data. #1370

* Revert "Use the @unclearParadigm REST parameter helper"

This reverts commit c8af8a413f.

* Fix get followers API

* Add support for requiring approval. Closes https://github.com/owncast/owncast/issues/1208

* Handle Applications as Actors partly for PeerTube support

* add temp todo list

* check route on load, this might change later

* style followers

* account for just 1 tab case

* Remove mock data. Allow showing follow button even when there are no external actions defined

* Point to actual followers API

* Support fallback img for follower views

* Remove duplicate verification. Add some additional verbose logging

* Bundle dev admin

* Add type to host-meta webfinger template response

* Tweak remote follow modal content

* WIP federation followers refactor

* Do not send pointer to middleware

* Update admin

* Add setting for toggling displaying fediverse engagement. Closes #1404

* Add in-development admin

* Do not enable cors on admin followers api

* Add db migration for updating messages table

* Enable empty string go live messages to disable

* Remove debug messages

* Rework some ActivityPub handling.

Create new Actor->Person handling.
Create new Actor->Service handling.
Add engagement handlers to send chat events and store event objects.
Store inbound activities to new ap_inbound_activities table.

* Support federated engagement events.

Store them in the messages table and surface them via chat events.

* Support federated event engatement in the chat

* Tweak web UI followers handling

* Point go.mod at remote fork instead of local

* Update admin

* Merged in develop. Couple fixes

* Update dev admin

* Update fedi engagement posts.

- Fix incorrect action text.
- Add action icons.

* Set public as to instead of cc for ap msg

* Updated styling for federated actions in chat

* Add support for blocking federated domains. Closes #1209

* Force checking of https in verify step

* Update dev admin

* Return user scopes in chat history api. Closes #1586

* Update dev admin

* Add AP outbound request worker pool. Closes #1571

* Disable (temporarily?) owncast tag on AP posts

* Consolidate creating activity+notes in outbound AP messages

* Add inbox worker pool. Closes #1570

* Update dev admin bundle

* Clean up some logs

* Re-enable inbound verfication

* Save full IRI to outbox instead of path

* Reject if full IRI is not found in outbox

* Use full ActivityPub user account in chat event

* Fix and expand follower APIs

- Add missing IDs to AP follower endpoints
- Split AP follower endpoints into initial request and pages.
- Support pagination in AP requests.

* Include IRI in error message

* Hide chat toggle when chat is hidden. Closes #1606

* Updates to followers pagination

* Set default go live message

* Remove log

* indirect -> direct import

* Updates for inbound federated event handling.

- Keep track of existing events and reject duplicates.
- Change what is sent to chat for surfing federated engagement.
- Keep track if outbound events are automated "go live" events or not.

* Update chat federated engagement.

* Update dev admin.

* Move from being a person to a bot (service). Closes #1619

* Only set server init date if not already set

* Only save notes to outbox able

* Rework private-mode followers/approvals

* API for returning a list of federated actions for #1573

* Fix too-small follower cells and jumpy tabs. Closes #1616 and closes #1516

* Fix shortcuts getting fired on inputs. Fixes #1489 and #1201

* Add spinner, autoclose + other fixes to follow modal. Fixes #1593

* Fix fetching a single object by IRI

* SendFederationMessage -> SendFederatedMessage

* Autolink and create tag objects from manual posts. Closes #1620

* Update dev admin bundle

* Handle engagement from non-automated/live posts

* Reject federated engagement actions if they do not match a local post

* Update dev admin bundle

* A bunch of cleanup

* Fix unused assignments and logic

* Remove unused function

* Add content warning and sentive content flag if stream is NSFW. Closes #1624

* Disable fetching objects by IRI when in private mode. Closes #1623

* Update the error message of the remote follow dialog. closes #1622

* Update dev admin

* Fix NREs throwing in test content

* Fix query that wasn't properly filtering out hidden messages

* Test against user being disabled instead of message visibility

* Fix automated test NRE

* Update comment

* Adjust federated engagement chat views. Closes #1617

* Add additional index to users table

* Add support for removing followers/requests. Closes #1630

* Reject federated actions from blocked actors. #1631

* Use fallback avatar if it fails to load. Closes #1635

* Fix styling of follower list. Closes #1636

* Add basic blurb stating they should follow the server. Closes #1641

* Update dev admin

* Set default go live message in migration. Closes #1642

* Reset the messages table on 0.0.11 schema migration

* Fix js error with moderation actions. Closes #1621

* Add a bit more clarification on follow modal. Closes #1599

* Remove todos

* Split out actor and domain blocking checks

* Check for errors on default values being set

* Clean up actor rejection due to being blocked

* Update dev admin

* Add colon to error to make it easier to read

* Remove markdown rendering of go live message. Reorganize text. Remove content warning. Closes #1645

* Break out the sort+render messages logic so it can be fired on visibility change. Closes #1643

* Do not send profile updates if federation is disabled

* Save follow references to inbound activities table

* Update dev admin

* Add blocked actor test

* Remove the overloaded term of Follow from social links

* Fix test running in memory only

* Remove "just" in engagement messags

* Replace star with heart for like action.

* Update dev admin

* Explicitly set cc as public

* Remove overly using the stream name in fediverse engagement messages

* Some federated/follow UI tweaks

* Remove explicit cc and bcc as they are not required

* Explicitly set the audience

* Remove extra margin

* Add Join Fediverse button to follow modal. Closes #1651

* Do not allow multiple follows to send multiple events. Closes #1650

* Give events a min height

* Do not allow old posts to be liked/shared. Closes #1652

* Remove value from log message

* Alert followers on private mode toggle

* Ignore clicks to follow button if disabled

* Remove underline from action buttons

* Add moderator icon to join message

* Update admin

* Post-merge remove unused var

* Remove pointing at feature branch

Co-authored-by: Ginger Wong <omqmail@gmail.com>
2022-01-12 13:53:10 -08:00
Jannik
d3cfc40b5c
feat: add custom username suggestions pool (#1644)
*  add custom username suggestions pool

* 🚸 add minimum of 10 suggested usernames until custom pool is used
2022-01-12 10:18:08 -08:00
Gabe Kangas
83eb9229ad
Auto updater APIs (#1523)
* APIs for querying and executing an update in place.

For #924

* Use the process pid to query systemd for status

* Use parent pid and invocation ID to guess if running from systemd

* Stream cmd output to client + report errors

* Update comment to refer to INVOCATION_ID
2021-11-30 13:15:18 -08:00