* Able to authenticate user against IndieAuth. For #1273
* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272
* Add migration to remove access tokens from user
* Add authenticated bool to user for display purposes
* Add indieauth modal and auth flair to display names. For #1273
* Validate URLs and display errors
* Renames, cleanups
* Handle relative auth endpoint paths. Add error handling for missing redirects.
* Disallow using display names in use by registered users. Closes#1810
* Verify code verifier via code challenge on callback
* Use relative path to authorization_endpoint
* Post-rebase fixes
* Use a timestamp instead of a bool for authenticated
* Propertly handle and display error in modal
* Use auth'ed timestamp to derive authenticated flag to display in chat
* Fediverse chat auth via OTP
* Increase validity time just in case
* Add fediverse auth into auth modal
* Text, validation, cleanup updates for fedi auth
* Fix typo
* Remove unused images
* Remove unused file
* Add chat display name to auth modal text
* Able to authenticate user against IndieAuth. For #1273
* WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272
* Add migration to remove access tokens from user
* Add authenticated bool to user for display purposes
* Add indieauth modal and auth flair to display names. For #1273
* Validate URLs and display errors
* Renames, cleanups
* Handle relative auth endpoint paths. Add error handling for missing redirects.
* Disallow using display names in use by registered users. Closes#1810
* Verify code verifier via code challenge on callback
* Use relative path to authorization_endpoint
* Post-rebase fixes
* Use a timestamp instead of a bool for authenticated
* Propertly handle and display error in modal
* Use auth'ed timestamp to derive authenticated flag to display in chat
* don't redirect unless a URL is present
avoids redirecting to `undefined` if there was an error
* improve error message if owncast server URL isn't set
* fix IndieAuth PKCE implementation
use SHA256 instead of SHA1, generates a longer code verifier (must be 43-128 chars long), fixes URL-safe SHA256 encoding
* return real profile data for IndieAuth response
* check the code verifier in the IndieAuth server
* Linting
* Add new chat settings modal anad split up indieauth ui
* Remove logging error
* Update the IndieAuth modal UI. For #1273
* Add IndieAuth repsonse error checking
* Disable IndieAuth client if server URL is not set.
* Add explicit error messages for specific error types
* Fix bad logic
* Return OAuth-keyed error responses for indieauth server
* Display IndieAuth error in plain text with link to return to main page
* Remove redundant check
* Add additional detail to error
* Hide IndieAuth details behind disclosure details
* Break out migration into two steps because some people have been runing dev in production
* Add auth option to user dropdown
Co-authored-by: Aaron Parecki <aaron@parecki.com>
* Support webfinger requests for the live account. Closes https://github.com/owncast/owncast/issues/1193
* Support for actor requests. Returns response for live actor. Closes https://github.com/owncast/owncast/issues/1203
* Handle follow and unfollow requests. Closes
https://github.com/owncast/owncast/issues/1191 and https://github.com/owncast/owncast/issues/1205 and https://github.com/owncast/owncast/issues/1206 and https://github.com/owncast/owncast/issues/1194
* Add basic support for sending out text activities. For https://github.com/owncast/owncast/issues/1192
* Some error handling and passing of dynamic local account names.
* Add hardcoded example image attachment to test post
* Centralize the map of accounts and inboxes
* No longer disable the preview generator based on YP toggle
* Send a federated message to followers when stream starts. For https://github.com/owncast/owncast/issues/1192
* Placeholder for attaching tags
* Add image description
* Save and get to outbox persistence. Return using outbox endpoint for actor
* Pass payloads to be handled through the gochan
* Handle undo follow requests explitly, not all undo requests
* Add API for manually sending simple federated messages. Closes#1215
* Verify inbox requests. Closes#1321
* Add route to fetch a single AP object by ID. For #1329
* Add responses to fediverse nodeinfo requests
* Set and get federation config values for admin
* Handle host-meta requests
* Do not send out message if disabled. Use saved go live message.
* Require AP-compatible content types for AP-related requests
* Rename ap models to apmodels for clarity
* Change how content type matching takes place.
* io -> ioutil
* Add stub delete activity callback
* Handle likes and announces to surface engagement in chat. Part of #1229
* Append url to go live posts
* Do not require specific content types for nodeinfo requests
* Add follow engagement chat message via AP
* add owncast user-agent to requests
* Set note visibility to public (for now)
* Fix saving/fetching a single object
* Add support for x-nodeinfo2 responses
* Point to the dev admin branch for ap
* Bundle in dev admin for testing
* Add error logging
* Add AP middleware back
* Point to the new external compatible logo endpoint
* Clean up more AP logging to help testing
* Tweak go live text and link hashtags
* Fix bug in fetching init time
* Send update actor activities when server details/profile is updated
* Add federation config overview to web client config
* Add additional actor properties
* Make the AP middleware checking more flexible when looking at types
* First pass at remote fediverse follow flow. For #1371
* Added a basic AP actor followers endpoint
* WIP client followers API
* Add profile-page reference to webfinger response
* Add aliases to webfinger response
* Fix content-type returned to be expected activitypub+json
* First pass at followers api
* Point at local dev copy of go-fed/activity
* Add custom toot Hashtag objects to posts
* Store additional user details to followers table
* Fix AP followers endpoint. Closes#1204
* Add owncast hashtag as an invisible tag to go live posts
* Reject AP requests when it is disabled
* Add actor util for generating full account user from person object
* Verify inbox requests before performing any other work
* Accept actor update requests
* Fix linter errors in federation branch
* Migrate AP SQL to sqlc for type safe queries
* Use the @unclearParadigm REST parameter helper
* Fix verifying post ID on AP engagement
* WIP privacy/request approval
* Style the remote follow modal
* First pass at a followers list component w/ mock data. #1370
* Revert "Use the @unclearParadigm REST parameter helper"
This reverts commit c8af8a413f.
* Fix get followers API
* Add support for requiring approval. Closes https://github.com/owncast/owncast/issues/1208
* Handle Applications as Actors partly for PeerTube support
* add temp todo list
* check route on load, this might change later
* style followers
* account for just 1 tab case
* Remove mock data. Allow showing follow button even when there are no external actions defined
* Point to actual followers API
* Support fallback img for follower views
* Remove duplicate verification. Add some additional verbose logging
* Bundle dev admin
* Add type to host-meta webfinger template response
* Tweak remote follow modal content
* WIP federation followers refactor
* Do not send pointer to middleware
* Update admin
* Add setting for toggling displaying fediverse engagement. Closes#1404
* Add in-development admin
* Do not enable cors on admin followers api
* Add db migration for updating messages table
* Enable empty string go live messages to disable
* Remove debug messages
* Rework some ActivityPub handling.
Create new Actor->Person handling.
Create new Actor->Service handling.
Add engagement handlers to send chat events and store event objects.
Store inbound activities to new ap_inbound_activities table.
* Support federated engagement events.
Store them in the messages table and surface them via chat events.
* Support federated event engatement in the chat
* Tweak web UI followers handling
* Point go.mod at remote fork instead of local
* Update admin
* Merged in develop. Couple fixes
* Update dev admin
* Update fedi engagement posts.
- Fix incorrect action text.
- Add action icons.
* Set public as to instead of cc for ap msg
* Updated styling for federated actions in chat
* Add support for blocking federated domains. Closes#1209
* Force checking of https in verify step
* Update dev admin
* Return user scopes in chat history api. Closes#1586
* Update dev admin
* Add AP outbound request worker pool. Closes#1571
* Disable (temporarily?) owncast tag on AP posts
* Consolidate creating activity+notes in outbound AP messages
* Add inbox worker pool. Closes#1570
* Update dev admin bundle
* Clean up some logs
* Re-enable inbound verfication
* Save full IRI to outbox instead of path
* Reject if full IRI is not found in outbox
* Use full ActivityPub user account in chat event
* Fix and expand follower APIs
- Add missing IDs to AP follower endpoints
- Split AP follower endpoints into initial request and pages.
- Support pagination in AP requests.
* Include IRI in error message
* Hide chat toggle when chat is hidden. Closes#1606
* Updates to followers pagination
* Set default go live message
* Remove log
* indirect -> direct import
* Updates for inbound federated event handling.
- Keep track of existing events and reject duplicates.
- Change what is sent to chat for surfing federated engagement.
- Keep track if outbound events are automated "go live" events or not.
* Update chat federated engagement.
* Update dev admin.
* Move from being a person to a bot (service). Closes#1619
* Only set server init date if not already set
* Only save notes to outbox able
* Rework private-mode followers/approvals
* API for returning a list of federated actions for #1573
* Fix too-small follower cells and jumpy tabs. Closes#1616 and closes#1516
* Fix shortcuts getting fired on inputs. Fixes#1489 and #1201
* Add spinner, autoclose + other fixes to follow modal. Fixes#1593
* Fix fetching a single object by IRI
* SendFederationMessage -> SendFederatedMessage
* Autolink and create tag objects from manual posts. Closes#1620
* Update dev admin bundle
* Handle engagement from non-automated/live posts
* Reject federated engagement actions if they do not match a local post
* Update dev admin bundle
* A bunch of cleanup
* Fix unused assignments and logic
* Remove unused function
* Add content warning and sentive content flag if stream is NSFW. Closes#1624
* Disable fetching objects by IRI when in private mode. Closes#1623
* Update the error message of the remote follow dialog. closes#1622
* Update dev admin
* Fix NREs throwing in test content
* Fix query that wasn't properly filtering out hidden messages
* Test against user being disabled instead of message visibility
* Fix automated test NRE
* Update comment
* Adjust federated engagement chat views. Closes#1617
* Add additional index to users table
* Add support for removing followers/requests. Closes#1630
* Reject federated actions from blocked actors. #1631
* Use fallback avatar if it fails to load. Closes#1635
* Fix styling of follower list. Closes#1636
* Add basic blurb stating they should follow the server. Closes#1641
* Update dev admin
* Set default go live message in migration. Closes#1642
* Reset the messages table on 0.0.11 schema migration
* Fix js error with moderation actions. Closes#1621
* Add a bit more clarification on follow modal. Closes#1599
* Remove todos
* Split out actor and domain blocking checks
* Check for errors on default values being set
* Clean up actor rejection due to being blocked
* Update dev admin
* Add colon to error to make it easier to read
* Remove markdown rendering of go live message. Reorganize text. Remove content warning. Closes#1645
* Break out the sort+render messages logic so it can be fired on visibility change. Closes#1643
* Do not send profile updates if federation is disabled
* Save follow references to inbound activities table
* Update dev admin
* Add blocked actor test
* Remove the overloaded term of Follow from social links
* Fix test running in memory only
* Remove "just" in engagement messags
* Replace star with heart for like action.
* Update dev admin
* Explicitly set cc as public
* Remove overly using the stream name in fediverse engagement messages
* Some federated/follow UI tweaks
* Remove explicit cc and bcc as they are not required
* Explicitly set the audience
* Remove extra margin
* Add Join Fediverse button to follow modal. Closes#1651
* Do not allow multiple follows to send multiple events. Closes#1650
* Give events a min height
* Do not allow old posts to be liked/shared. Closes#1652
* Remove value from log message
* Alert followers on private mode toggle
* Ignore clicks to follow button if disabled
* Remove underline from action buttons
* Add moderator icon to join message
* Update admin
* Post-merge remove unused var
* Remove pointing at feature branch
Co-authored-by: Ginger Wong <omqmail@gmail.com>
* APIs for querying and executing an update in place.
For #924
* Use the process pid to query systemd for status
* Use parent pid and invocation ID to guess if running from systemd
* Stream cmd output to client + report errors
* Update comment to refer to INVOCATION_ID
* - mock detect when user turns into moderator
- add moderator indicator to display on messages and username changer
* also mock moderator flag in message payload about user to display indicator
* add some menu looking icons and a menu of actions
* WIP chat moderators
* Add support for admin promoting a user to moderator
* WIP-
open a more info panel of user+message info; add some a11y to buttons
* style the details panel
* adjust positioning of menus
* Merge fixes. ChatClient->Client ChatServer->Server
* Remove moderator bool placeholders to use real state
* Support inline hiding of messages by moderators
* Support inline banning of chat users
* Cleanup linter warnings
* Puppeteer tests fail after typing take place
* Manually resolve conflicts in chat between moderator feature and develop
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* add public func to lookup a ChatClient by its clientId
* add facility to send a system message directly to a user
* add clientId field to UserEvent
* implement simple http endpoint to send a message to a user
* let mux handle new directSystemMessageToUser endpoint
* add ClientId to UserEvents across the codebase
* render body of system-message to client
* add clientId to Chat-Message
* add tests showing how url-parsing should work
* add simple rest endpoint helpers for parameter-parsing and easy routing
* use newly added rest-endpoint helper to rout to Client-Messaging controller
* use safe "ReadRestUrlParameter" to parse ClientId
* remove empty HandleFunc in router
* set Header directly to prevent built-in (platform-dependent) canonicalization to kick in
* fix typo in "Parameter" message
* remove debug-logging of HTTP headers in REST-helpers
* convert to uint32 to prevent overruns when converting to wraptype uint later on
* resolve linter-ouchies
* resolve linter potential nil-deref warning
* document the SendSystemMessageToClient endpoint in swaggerdoc
* remove clientId assignment causing potential nil dereference in userDisabledEvent-case
as the clientId isn't relevant here anyway
* make findClientById private, so its not accessible outside of core/chat
* remove redundant string type hint
* Update PR based on linter requirements
Co-authored-by: Raffael Rehberger <raffael@rtrace.io>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Expand the linters and types of warnings to improve consistency and safety
* Fail lint workflow if there are errors
* golint has been replaced by revive
* Hand-pick some of the default exclude list
* Ignore error when trying to delete preview gif
* Ignore linter warning opening playlist path
* Rename user field Id -> ID
* A bunch of renames to address linter warnings
* Rename ChatClient -> Client per linter suggestion best practice
* Rename ChatServer -> Server per linter suggestion best practice
* More linter warning fixes
* Add missing comments to all exported functions and properties
* properly pass the messagesOnly to chat
* use actual username if embed is not messageonly
* mv embed chat to chat-overlay
* add new embed chat page
* fix router
* secure random number for non-secure application!
* add chat enable/disable functionality
* add username form
add customStyles
* mv overlay css
* add style for embed chat
style cleanup
* rm username form from chat overlay
* refactoring
* css cleanup
css adjust
* minor cleanup
* mark the embed chats as readonly and readwrite
* replace 301 redirects with 307
* add redirect for the cached address
* set insatnce name in chat
- Explicitly add wildcard CORS header within the middleware.
- Accept all OPTIONS preflight requests within the middlware.
- Add success tests for the OPTIONS request.
- Add failure tests for GET requests.
* First pass at chat user registration and validation
* Disable chat if the user is disabled/blocked or the server hits max connections
* Handle dropping sockets if chat is disabled
* Fix origin in automated chat test
* Work for updated chat moderation
* Chat message markdown rendering and fix tests
* Put /api/chat behind a chat user access token. Closes#1085
* Reject blocked username changes
* More WIP moderation
* Defer configuring chat until we know if it is enabled. Closes#1135
* chat user blocking. Closes#1096
* Add tests around user access for #1096
* Add external integration chat message API + update integration auth middleware to pass along integration name. Closes#1092
* Delete old chat messages from db as to not hold on to excessive data. Closes#1152
* Add schema migration for messages. Closes#1155
* Commit updated API documentation
* Add chat load test
* Shared db mutex and db optimizations
* Simplify past display name handling
* Use a new test db for each test run
* Wire up the external messages actions + add tests for them
* Move access tokens to be actual users
* Run message pruning at launch + fix comparison
* Do not return API users in disabled users response
* Fix incorrect highlighting. Closes#1160
* Consolidate user table statements
* Set the max process connection limit to 70% of maximum
* Fix wrong old display name being returned in name change event
* Delete the old chat server files
* Wire back up the webhooks
* Remove unused
* Invalidate user cache on changes
* Do not send rendered body as RawBody
* Some cleanup
* Standardize names for external API users to ExternalAPIUser
* Do not log token
* Checkout branch when building admin for testing
* Bundle in dev admin for testing
* Some cleanup
* Cleanup js logs
* Cleanup and standardize event names
* Clean up some logging
* Update API spec. Closes#1133
* Commit updated API documentation
* Change paths to be better named
* Commit updated API documentation
* Update admin bundle
* Fix duplicate event name
* Rename scope var
* Update admin bundle
* Move connected clients controller into admin package
* Fix collecting usernames for autocomplete purposes
* No longer generate username when it is empty
* Sort clients and users by timestamp
* Move file to admin controller package
* Swap, so the comments stay correct
Co-authored-by: Jannik <jannik@outlook.com>
* Use explicit type alias
Co-authored-by: Jannik <jannik@outlook.com>
* Remove commented code.
Co-authored-by: Jannik <jannik@outlook.com>
* Cleanup test
* Remove some extra logging
* Add some clarity
* Update dev instance of admin for testing
* Consolidate lines
Co-authored-by: Jannik <jannik@outlook.com>
* Remove commented unused vars
Co-authored-by: Jannik <jannik@outlook.com>
* Until needed do not return IP address with client list
* Fix typo of wrong var
* Typo led to a bad test. Fix typo and fix test.
* Guard against the socket reconnecting on error if previously set to shutdown
* Do not log access tokens
* Return success message on enable/disable user
* Clean up some inactionable error messages. Sent ban message. Sort banned users.
* fix styling for when chat is completely disabled
* Unused
* guard against nil clients
* Update dev admin bundle
* Do not unhide messages when unblocking user just to be safe. Send removal action from the controller
* Add convinience function for getting active connections for a single user
* Lock db on these mutations
* Cleanup force disconnect using GetClientsForUser and capture client reference explicitly
* No longer re-showing banned user messages for safety. Removing this test.
* Remove no longer needed comment
* Tweaks to forbidden username handling.
- Standardize naming to not use "block" but "forbidden" instead.
- Pass array over the wire instead of string.
- Add API test
- Fix default list incorrectly being appended to custom list.
* Logging cleanup
* Update dev admin bundle
* Add an artificial delay in order to visually see message being hidden when testing
* Remove the user cache as it is a premature optimization
* When connected to chat let the user know their current user details to sync the username in the UI
* On connected send current display name back to client.
- Move name change out of chat component.
- Add additional event type constants.
* Fix broken workflow due to typo
* Troubleshoot workflow
* Bump htm from 3.0.4 to 3.1.0 in /build/javascript (#1181)
* Bump htm from 3.0.4 to 3.1.0 in /build/javascript
Bumps [htm](https://github.com/developit/htm) from 3.0.4 to 3.1.0.
- [Release notes](https://github.com/developit/htm/releases)
- [Commits](https://github.com/developit/htm/compare/3.0.4...3.1.0)
---
updated-dependencies:
- dependency-name: htm
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Run npm run build and update libraries
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
* Commit updated Javascript packages
* Re-send current user info when a rejected name change takes place
* All socket writes should be through the send chan and not directly
* Seed the random generator
* Add keys and indexes to users table
* a util to generate consistent emoji markup
* console clean up
* mod tidy
* Commit updated API documentation
* Handle the max payload size of a socket message.
- Only close socket if x2 greater than the max size.
- Send the user a message if a message is too large.
- Surface the max size in bytes in the config.
* Update admin bundle
* Force all events to be sent in their own socket message and do not concatinate in a single message
* Update chat embed to register for access token
* Use a different access token for embed chat
* Update the chat message bubble background color to be bolder
* add base tag to open links in new window, closes#1220
* Support text input of :emoji: in chat (#1190)
* Initial implementation of emoji injection
* fix bookkeeping with multiple emoji
* make the emoji lookup case-insensitive
* try another solution for Caretposition
* add title to emojis
minor refactoring
* bind moji injection to InputKeyUp
* simplify the code
replace all found emojis
* inject emoji if the modifer is released earlier
* more efficient emoji tag search
* use json emoji.emoji as url
* use createEmojiMarkup()
* move emojify() to chat.js
* emojify on paste
* cleanup emoji titles in paste
* update inputText in InputKeyup
* mark emoji titles with 2*zwnj
this way paste cleanup will not interfere with text which include zwnj
* emoji should not change the inputText
* Do not show join messages when chat is offline. Closes#1224
- Show stream starting/ending messages in chat.
- When stream starts show everyone the welcome message.
* Force scrolling chat to bottom after history is populated regardless of scroll position. Closes https://github.com/owncast/owncast/issues/1222
* use maxSocketPayloadSize to calculate total bytes of message payload (#1221)
* utilize maxSocketPayloadSize from config; update chatInput to calculate based on that value instead of text value; remove usage of inputText for counting
* add a buffer to account for entire websocket payload for message char counting; trim nbsp;'s from ends of messages when calculating count
Co-authored-by: Gabe Kangas <gabek@real-ity.com>
Co-authored-by: Owncast <owncast@owncast.online>
Co-authored-by: Jannik <jannik@outlook.com>
Co-authored-by: Ginger Wong <omqmail@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Meisam <39205857+MFTabriz@users.noreply.github.com>
* Fix#981 Use -webserverip to set http listen address
* use 0.0.0.0 as default http listen address
* add Admin REST API for setting http listen address
* full input validation of port and IP
