Merge branch 'remove_settings_and_secret_singletons_squashed'

ansible/templates/config.hjson

@@ -16,8 +16,6 @@
   hostname: "{{ domain }}"
   # the port where lemmy should listen for incoming requests
   port: 8536
-  # json web token for authorization between server and client
-  jwt_secret: "{{ jwt_password }}"
   # whether tls is required for activitypub. only disable this for debugging, never for producion.
   tls_enabled: true
   # address where pictrs is available

config/config.hjson

@@ -33,8 +33,6 @@
   port: 8536
   # whether tls is required for activitypub. only disable this for debugging, never for producion.
   tls_enabled: true
-  # json web token for authorization between server and client
-  jwt_secret: "changeme"
   # address where pictrs is available
   pictrs_url: "http://pictrs:8080"
   # maximum length of local community and user names

crates/api/src/comment.rs

@@ -32,7 +32,8 @@ impl Perform for MarkCommentAsRead {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<CommentResponse, LemmyError> {
     let data: &MarkCommentAsRead = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let comment_id = data.comment_id;
     let orig_comment = blocking(context.pool(), move |conn| {
@@ -88,7 +89,8 @@ impl Perform for SaveComment {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<CommentResponse, LemmyError> {
     let data: &SaveComment = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let comment_saved_form = CommentSavedForm {
       comment_id: data.comment_id,
@@ -132,7 +134,8 @@ impl Perform for CreateCommentLike {
     websocket_id: Option<ConnectionId>,
   ) -> Result<CommentResponse, LemmyError> {
     let data: &CreateCommentLike = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let mut recipient_ids = Vec::<LocalUserId>::new();
 

crates/api/src/comment_report.rs

@@ -32,7 +32,8 @@ impl Perform for CreateCommentReport {
     websocket_id: Option<ConnectionId>,
   ) -> Result<CreateCommentReportResponse, LemmyError> {
     let data: &CreateCommentReport = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // check size of report and check for whitespace
     let reason = data.reason.trim();
@@ -96,7 +97,8 @@ impl Perform for ResolveCommentReport {
     websocket_id: Option<ConnectionId>,
   ) -> Result<ResolveCommentReportResponse, LemmyError> {
     let data: &ResolveCommentReport = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let report_id = data.report_id;
     let report = blocking(context.pool(), move |conn| {
@@ -149,7 +151,8 @@ impl Perform for ListCommentReports {
     websocket_id: Option<ConnectionId>,
   ) -> Result<ListCommentReportsResponse, LemmyError> {
     let data: &ListCommentReports = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let person_id = local_user_view.person.id;
     let community_id = data.community;

crates/api/src/community.rs

@@ -53,7 +53,8 @@ impl Perform for FollowCommunity {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<CommunityResponse, LemmyError> {
     let data: &FollowCommunity = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let community_id = data.community_id;
     let community = blocking(context.pool(), move |conn| {
@@ -121,7 +122,8 @@ impl Perform for BlockCommunity {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<BlockCommunityResponse, LemmyError> {
     let data: &BlockCommunity = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let community_id = data.community_id;
     let person_id = local_user_view.person.id;
@@ -181,7 +183,8 @@ impl Perform for BanFromCommunity {
     websocket_id: Option<ConnectionId>,
   ) -> Result<BanFromCommunityResponse, LemmyError> {
     let data: &BanFromCommunity = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let community_id = data.community_id;
     let banned_person_id = data.person_id;
@@ -314,7 +317,8 @@ impl Perform for AddModToCommunity {
     websocket_id: Option<ConnectionId>,
   ) -> Result<AddModToCommunityResponse, LemmyError> {
     let data: &AddModToCommunity = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let community_id = data.community_id;
 
@@ -397,7 +401,8 @@ impl Perform for TransferCommunity {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetCommunityResponse, LemmyError> {
     let data: &TransferCommunity = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let site_creator_id = blocking(context.pool(), move |conn| {
       Site::read(conn, 1).map(|s| s.creator_id)

crates/api/src/lib.rs

@@ -188,16 +188,23 @@ pub(crate) fn captcha_as_wav_base64(captcha: &Captcha) -> String {
 #[cfg(test)]
 mod tests {
   use lemmy_api_common::check_validator_time;
-  use lemmy_db_queries::{establish_unpooled_connection, source::local_user::LocalUser_, Crud};
+  use lemmy_db_queries::{
+    establish_unpooled_connection,
+    source::{local_user::LocalUser_, secret::Secret_},
+    Crud,
+  };
   use lemmy_db_schema::source::{
     local_user::{LocalUser, LocalUserForm},
     person::{Person, PersonForm},
+    secret::Secret,
   };
-  use lemmy_utils::claims::Claims;
+  use lemmy_utils::{claims::Claims, settings::structs::Settings};
 
   #[test]
   fn test_should_not_validate_user_token_after_password_change() {
     let conn = establish_unpooled_connection();
+    let secret = Secret::init(&conn).unwrap();
+    let settings = Settings::init().unwrap();
 
     let new_person = PersonForm {
       name: "Gerry9812".into(),
@@ -214,8 +221,13 @@ mod tests {
 
     let inserted_local_user = LocalUser::create(&conn, &local_user_form).unwrap();
 
-    let jwt = Claims::jwt(inserted_local_user.id.0).unwrap();
+    let jwt = Claims::jwt(
-    let claims = Claims::decode(&jwt).unwrap().claims;
+      inserted_local_user.id.0,
+      &secret.jwt_secret,
+      &settings.hostname,
+    )
+    .unwrap();
+    let claims = Claims::decode(&jwt, &secret.jwt_secret).unwrap().claims;
     let check = check_validator_time(&inserted_local_user.validator_time, &claims);
     assert!(check.is_ok());
 

crates/api/src/local_user.rs

@@ -61,7 +61,6 @@ use lemmy_utils::{
   claims::Claims,
   email::send_email,
   location_info,
-  settings::structs::Settings,
   utils::{generate_random_string, is_valid_display_name, is_valid_matrix_id, naive_from_unix},
   ApiError,
   ConnectionId,
@@ -104,7 +103,11 @@ impl Perform for Login {
 
     // Return the jwt
     Ok(LoginResponse {
-      jwt: Claims::jwt(local_user_view.local_user.id.0)?,
+      jwt: Claims::jwt(
+        local_user_view.local_user.id.0,
+        &context.secret().jwt_secret,
+        &context.settings().hostname,
+      )?,
     })
   }
 }
@@ -118,7 +121,7 @@ impl Perform for GetCaptcha {
     context: &Data<LemmyContext>,
     _websocket_id: Option<ConnectionId>,
   ) -> Result<Self::Response, LemmyError> {
-    let captcha_settings = Settings::get().captcha;
+    let captcha_settings = context.settings().captcha;
 
     if !captcha_settings.enabled {
       return Ok(GetCaptchaResponse { ok: None });
@@ -164,7 +167,8 @@ impl Perform for SaveUserSettings {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<LoginResponse, LemmyError> {
     let data: &SaveUserSettings = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
     let banner = diesel_option_overwrite_to_url(&data.banner)?;
@@ -181,7 +185,10 @@ impl Perform for SaveUserSettings {
     }
 
     if let Some(Some(display_name)) = &display_name {
-      if !is_valid_display_name(display_name.trim()) {
+      if !is_valid_display_name(
+        display_name.trim(),
+        context.settings().actor_name_max_length,
+      ) {
         return Err(ApiError::err("invalid_username").into());
       }
     }
@@ -269,7 +276,11 @@ impl Perform for SaveUserSettings {
 
     // Return the jwt
     Ok(LoginResponse {
-      jwt: Claims::jwt(updated_local_user.id.0)?,
+      jwt: Claims::jwt(
+        updated_local_user.id.0,
+        &context.secret().jwt_secret,
+        &context.settings().hostname,
+      )?,
     })
   }
 }
@@ -284,7 +295,8 @@ impl Perform for ChangePassword {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<LoginResponse, LemmyError> {
     let data: &ChangePassword = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     password_length_check(&data.new_password)?;
 
@@ -312,7 +324,11 @@ impl Perform for ChangePassword {
 
     // Return the jwt
     Ok(LoginResponse {
-      jwt: Claims::jwt(updated_local_user.id.0)?,
+      jwt: Claims::jwt(
+        updated_local_user.id.0,
+        &context.secret().jwt_secret,
+        &context.settings().hostname,
+      )?,
     })
   }
 }
@@ -327,7 +343,8 @@ impl Perform for AddAdmin {
     websocket_id: Option<ConnectionId>,
   ) -> Result<AddAdminResponse, LemmyError> {
     let data: &AddAdmin = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Make sure user is an admin
     is_admin(&local_user_view)?;
@@ -389,7 +406,8 @@ impl Perform for BanPerson {
     websocket_id: Option<ConnectionId>,
   ) -> Result<BanPersonResponse, LemmyError> {
     let data: &BanPerson = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Make sure user is an admin
     is_admin(&local_user_view)?;
@@ -481,7 +499,8 @@ impl Perform for BlockPerson {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<BlockPersonResponse, LemmyError> {
     let data: &BlockPerson = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let target_id = data.person_id;
     let person_id = local_user_view.person.id;
@@ -534,7 +553,8 @@ impl Perform for GetReplies {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetRepliesResponse, LemmyError> {
     let data: &GetReplies = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let sort: Option<SortType> = from_opt_str_to_opt_enum(&data.sort);
 
@@ -571,7 +591,8 @@ impl Perform for GetPersonMentions {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetPersonMentionsResponse, LemmyError> {
     let data: &GetPersonMentions = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let sort: Option<SortType> = from_opt_str_to_opt_enum(&data.sort);
 
@@ -605,7 +626,8 @@ impl Perform for MarkPersonMentionAsRead {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<PersonMentionResponse, LemmyError> {
     let data: &MarkPersonMentionAsRead = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let person_mention_id = data.person_mention_id;
     let read_person_mention = blocking(context.pool(), move |conn| {
@@ -648,7 +670,8 @@ impl Perform for MarkAllAsRead {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetRepliesResponse, LemmyError> {
     let data: &MarkAllAsRead = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let person_id = local_user_view.person.id;
     let replies = blocking(context.pool(), move |conn| {
@@ -727,9 +750,15 @@ impl Perform for PasswordReset {
     // TODO no i18n support here.
     let email = &local_user_view.local_user.email.expect("email");
     let subject = &format!("Password reset for {}", local_user_view.person.name);
-    let hostname = &Settings::get().get_protocol_and_hostname();
+    let protocol_and_hostname = &context.settings().get_protocol_and_hostname();
-    let html = &format!("<h1>Password Reset Request for {}</h1><br><a href={}/password_change/{}>Click here to reset your password</a>", local_user_view.person.name, hostname, &token);
+    let html = &format!("<h1>Password Reset Request for {}</h1><br><a href={}/password_change/{}>Click here to reset your password</a>", local_user_view.person.name, protocol_and_hostname, &token);
-    send_email(subject, email, &local_user_view.person.name, html)
+    send_email(
+      subject,
+      email,
+      &local_user_view.person.name,
+      html,
+      &context.settings(),
+    )
     .map_err(|e| ApiError::err(&e))?;
 
     Ok(PasswordResetResponse {})
@@ -771,7 +800,11 @@ impl Perform for PasswordChange {
 
     // Return the jwt
     Ok(LoginResponse {
-      jwt: Claims::jwt(updated_local_user.id.0)?,
+      jwt: Claims::jwt(
+        updated_local_user.id.0,
+        &context.secret().jwt_secret,
+        &context.settings().hostname,
+      )?,
     })
   }
 }
@@ -786,7 +819,8 @@ impl Perform for GetReportCount {
     websocket_id: Option<ConnectionId>,
   ) -> Result<GetReportCountResponse, LemmyError> {
     let data: &GetReportCount = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let person_id = local_user_view.person.id;
     let community_id = data.community;

crates/api/src/post.rs

@@ -38,7 +38,8 @@ impl Perform for CreatePostLike {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PostResponse, LemmyError> {
     let data: &CreatePostLike = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Don't do a downvote if site has downvotes disabled
     check_downvotes_enabled(data.score, context.pool()).await?;
@@ -120,7 +121,8 @@ impl Perform for LockPost {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PostResponse, LemmyError> {
     let data: &LockPost = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let post_id = data.post_id;
     let orig_post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??;
@@ -186,7 +188,8 @@ impl Perform for StickyPost {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PostResponse, LemmyError> {
     let data: &StickyPost = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let post_id = data.post_id;
     let orig_post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??;
@@ -256,7 +259,8 @@ impl Perform for SavePost {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<PostResponse, LemmyError> {
     let data: &SavePost = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let post_saved_form = PostSavedForm {
       post_id: data.post_id,

crates/api/src/post_report.rs

@@ -39,7 +39,8 @@ impl Perform for CreatePostReport {
     websocket_id: Option<ConnectionId>,
   ) -> Result<CreatePostReportResponse, LemmyError> {
     let data: &CreatePostReport = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // check size of report and check for whitespace
     let reason = data.reason.trim();
@@ -105,7 +106,8 @@ impl Perform for ResolvePostReport {
     websocket_id: Option<ConnectionId>,
   ) -> Result<ResolvePostReportResponse, LemmyError> {
     let data: &ResolvePostReport = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let report_id = data.report_id;
     let report = blocking(context.pool(), move |conn| {
@@ -157,7 +159,8 @@ impl Perform for ListPostReports {
     websocket_id: Option<ConnectionId>,
   ) -> Result<ListPostReportsResponse, LemmyError> {
     let data: &ListPostReports = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let person_id = local_user_view.person.id;
     let community_id = data.community;

crates/api/src/private_message.rs

@@ -20,7 +20,8 @@ impl Perform for MarkPrivateMessageAsRead {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PrivateMessageResponse, LemmyError> {
     let data: &MarkPrivateMessageAsRead = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Checking permissions
     let private_message_id = data.private_message_id;

crates/api/src/site.rs

@@ -151,7 +151,8 @@ impl Perform for Search {
   ) -> Result<SearchResponse, LemmyError> {
     let data: &Search = self;
 
-    let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
     let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw);
     let show_bot_accounts = local_user_view
@@ -180,7 +181,7 @@ impl Perform for Search {
     let community_actor_id = data
       .community_name
       .as_ref()
-      .map(|t| build_actor_id_from_shortname(EndpointType::Community, t).ok())
+      .map(|t| build_actor_id_from_shortname(EndpointType::Community, t, &context.settings()).ok())
       .unwrap_or(None);
     let creator_id = data.creator_id;
     match search_type {
@@ -384,7 +385,8 @@ impl Perform for ResolveObject {
     context: &Data<LemmyContext>,
     _websocket_id: Option<ConnectionId>,
   ) -> Result<ResolveObjectResponse, LemmyError> {
-    let local_user_view = get_local_user_view_from_jwt_opt(&self.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt_opt(&self.auth, context.pool(), context.secret()).await?;
     let res = search_by_apub_id(&self.q, context)
       .await
       .map_err(|_| ApiError::err("couldnt_find_object"))?;
@@ -443,7 +445,8 @@ impl Perform for TransferSite {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetSiteResponse, LemmyError> {
     let data: &TransferSite = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     is_admin(&local_user_view)?;
 
@@ -480,7 +483,12 @@ impl Perform for TransferSite {
     admins.insert(0, creator_person);
 
     let banned = blocking(context.pool(), move |conn| PersonViewSafe::banned(conn)).await??;
-    let federated_instances = build_federated_instances(context.pool()).await?;
+    let federated_instances = build_federated_instances(
+      context.pool(),
+      &context.settings().federation,
+      &context.settings().hostname,
+    )
+    .await?;
 
     Ok(GetSiteResponse {
       site_view: Some(site_view),
@@ -504,7 +512,8 @@ impl Perform for GetSiteConfig {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetSiteConfigResponse, LemmyError> {
     let data: &GetSiteConfig = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Only let admins read this
     is_admin(&local_user_view)?;
@@ -525,7 +534,8 @@ impl Perform for SaveSiteConfig {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetSiteConfigResponse, LemmyError> {
     let data: &SaveSiteConfig = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Only let admins read this
     is_admin(&local_user_view)?;

crates/api/src/websocket.rs

@@ -17,7 +17,8 @@ impl Perform for UserJoin {
     websocket_id: Option<ConnectionId>,
   ) -> Result<UserJoinResponse, LemmyError> {
     let data: &UserJoin = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     if let Some(ws_id) = websocket_id {
       context.chat_server().do_send(JoinUserRoom {

crates/api_common/src/lib.rs

@@ -25,6 +25,7 @@ use lemmy_db_schema::{
     person_block::PersonBlock,
     person_mention::{PersonMention, PersonMentionForm},
     post::{Post, PostRead, PostReadForm},
+    secret::Secret,
     site::Site,
   },
   CommunityId,
@@ -40,7 +41,7 @@ use lemmy_db_views_actor::{
 use lemmy_utils::{
   claims::Claims,
   email::send_email,
-  settings::structs::Settings,
+  settings::structs::{FederationConfig, Settings},
   utils::MentionData,
   ApiError,
   LemmyError,
@@ -71,9 +72,19 @@ pub async fn send_local_notifs(
   post: Post,
   pool: &DbPool,
   do_send_email: bool,
+  settings: &Settings,
 ) -> Result<Vec<LocalUserId>, LemmyError> {
+  let settings = settings.to_owned();
   let ids = blocking(pool, move |conn| {
-    do_send_local_notifs(conn, &mentions, &comment, &person, &post, do_send_email)
+    do_send_local_notifs(
+      conn,
+      &mentions,
+      &comment,
+      &person,
+      &post,
+      do_send_email,
+      &settings,
+    )
   })
   .await?;
 
@@ -87,13 +98,14 @@ fn do_send_local_notifs(
   person: &Person,
   post: &Post,
   do_send_email: bool,
+  settings: &Settings,
 ) -> Vec<LocalUserId> {
   let mut recipient_ids = Vec::new();
 
   // Send the local mentions
   for mention in mentions
     .iter()
-    .filter(|m| m.is_local() && m.name.ne(&person.name))
+    .filter(|m| m.is_local(&settings.hostname) && m.name.ne(&person.name))
     .collect::<Vec<&MentionData>>()
   {
     if let Ok(mention_user_view) = LocalUserView::read_from_name(conn, &mention.name) {
@@ -119,6 +131,7 @@ fn do_send_local_notifs(
           "Mentioned by",
           "Person Mention",
           &comment.content,
+          settings,
         )
       }
     }
@@ -141,6 +154,7 @@ fn do_send_local_notifs(
                 "Reply from",
                 "Comment Reply",
                 &comment.content,
+                settings,
               )
             }
           }
@@ -159,6 +173,7 @@ fn do_send_local_notifs(
               "Reply from",
               "Post Reply",
               &comment.content,
+              settings,
             )
           }
         }
@@ -173,6 +188,7 @@ pub fn send_email_to_user(
   subject_text: &str,
   body_text: &str,
   comment_content: &str,
+  settings: &Settings,
 ) {
   if local_user_view.person.banned || !local_user_view.local_user.send_notifications_to_email {
     return;
@@ -181,18 +197,22 @@ pub fn send_email_to_user(
   if let Some(user_email) = &local_user_view.local_user.email {
     let subject = &format!(
       "{} - {} {}",
-      subject_text,
+      subject_text, settings.hostname, local_user_view.person.name,
-      Settings::get().hostname,
-      local_user_view.person.name,
     );
     let html = &format!(
       "<h1>{}</h1><br><div>{} - {}</div><br><a href={}/inbox>inbox</a>",
       body_text,
       local_user_view.person.name,
       comment_content,
-      Settings::get().get_protocol_and_hostname()
+      settings.get_protocol_and_hostname()
     );
-    match send_email(subject, user_email, &local_user_view.person.name, html) {
+    match send_email(
+      subject,
+      user_email,
+      &local_user_view.person.name,
+      html,
+      settings,
+    ) {
       Ok(_o) => _o,
       Err(e) => error!("{}", e),
     };
@@ -244,8 +264,9 @@ pub async fn mark_post_as_read(
 pub async fn get_local_user_view_from_jwt(
   jwt: &str,
   pool: &DbPool,
+  secret: &Secret,
 ) -> Result<LocalUserView, LemmyError> {
-  let claims = Claims::decode(jwt)
+  let claims = Claims::decode(jwt, &secret.jwt_secret)
     .map_err(|_| ApiError::err("not_logged_in"))?
     .claims;
   let local_user_id = LocalUserId(claims.sub);
@@ -282,9 +303,10 @@ pub fn check_validator_time(
 pub async fn get_local_user_view_from_jwt_opt(
   jwt: &Option<String>,
   pool: &DbPool,
+  secret: &Secret,
 ) -> Result<Option<LocalUserView>, LemmyError> {
   match jwt {
-    Some(jwt) => Ok(Some(get_local_user_view_from_jwt(jwt, pool).await?)),
+    Some(jwt) => Ok(Some(get_local_user_view_from_jwt(jwt, pool, secret).await?)),
     None => Ok(None),
   }
 }
@@ -292,8 +314,9 @@ pub async fn get_local_user_view_from_jwt_opt(
 pub async fn get_local_user_settings_view_from_jwt(
   jwt: &str,
   pool: &DbPool,
+  secret: &Secret,
 ) -> Result<LocalUserSettingsView, LemmyError> {
-  let claims = Claims::decode(jwt)
+  let claims = Claims::decode(jwt, &secret.jwt_secret)
     .map_err(|_| ApiError::err("not_logged_in"))?
     .claims;
   let local_user_id = LocalUserId(claims.sub);
@@ -314,10 +337,11 @@ pub async fn get_local_user_settings_view_from_jwt(
 pub async fn get_local_user_settings_view_from_jwt_opt(
   jwt: &Option<String>,
   pool: &DbPool,
+  secret: &Secret,
 ) -> Result<Option<LocalUserSettingsView>, LemmyError> {
   match jwt {
     Some(jwt) => Ok(Some(
-      get_local_user_settings_view_from_jwt(jwt, pool).await?,
+      get_local_user_settings_view_from_jwt(jwt, pool, secret).await?,
     )),
     None => Ok(None),
   }
@@ -387,15 +411,18 @@ pub async fn collect_moderated_communities(
 
 pub async fn build_federated_instances(
   pool: &DbPool,
+  federation_config: &FederationConfig,
+  hostname: &str,
 ) -> Result<Option<FederatedInstances>, LemmyError> {
-  if Settings::get().federation.enabled {
+  let federation = federation_config.to_owned();
+  if federation.enabled {
     let distinct_communities = blocking(pool, move |conn| {
       Community::distinct_federated_communities(conn)
     })
     .await??;
 
-    let allowed = Settings::get().federation.allowed_instances;
+    let allowed = federation.allowed_instances;
-    let blocked = Settings::get().federation.blocked_instances;
+    let blocked = federation.blocked_instances;
 
     let mut linked = distinct_communities
       .iter()
@@ -407,7 +434,7 @@ pub async fn build_federated_instances(
     }
 
     if let Some(blocked) = blocked.as_ref() {
-      linked.retain(|a| !blocked.contains(a) && !a.eq(&Settings::get().hostname));
+      linked.retain(|a| !blocked.contains(a) && !a.eq(hostname));
     }
 
     // Sort and remove dupes

crates/api_crud/src/comment/create.rs

@@ -40,9 +40,11 @@ impl PerformCrud for CreateComment {
     websocket_id: Option<ConnectionId>,
   ) -> Result<CommentResponse, LemmyError> {
     let data: &CreateComment = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
-    let content_slurs_removed = remove_slurs(&data.content.to_owned());
+    let content_slurs_removed =
+      remove_slurs(&data.content.to_owned(), &context.settings().slur_regex());
 
     // Check for a community ban
     let post_id = data.post_id;
@@ -91,10 +93,15 @@ impl PerformCrud for CreateComment {
 
     // Necessary to update the ap_id
     let inserted_comment_id = inserted_comment.id;
+    let protocol_and_hostname = context.settings().get_protocol_and_hostname();
+
     let updated_comment: Comment =
       blocking(context.pool(), move |conn| -> Result<Comment, LemmyError> {
-        let apub_id =
+        let apub_id = generate_apub_endpoint(
-          generate_apub_endpoint(EndpointType::Comment, &inserted_comment_id.to_string())?;
+          EndpointType::Comment,
+          &inserted_comment_id.to_string(),
+          &protocol_and_hostname,
+        )?;
         Ok(Comment::update_ap_id(conn, inserted_comment_id, apub_id)?)
       })
       .await?
@@ -118,6 +125,7 @@ impl PerformCrud for CreateComment {
       post,
       context.pool(),
       true,
+      &context.settings(),
     )
     .await?;
 

crates/api_crud/src/comment/delete.rs

@@ -25,7 +25,8 @@ impl PerformCrud for DeleteComment {
     websocket_id: Option<ConnectionId>,
   ) -> Result<CommentResponse, LemmyError> {
     let data: &DeleteComment = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let comment_id = data.comment_id;
     let orig_comment = blocking(context.pool(), move |conn| {
@@ -76,6 +77,7 @@ impl PerformCrud for DeleteComment {
       post,
       context.pool(),
       false,
+      &context.settings(),
     )
     .await?;
 
@@ -102,7 +104,8 @@ impl PerformCrud for RemoveComment {
     websocket_id: Option<ConnectionId>,
   ) -> Result<CommentResponse, LemmyError> {
     let data: &RemoveComment = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let comment_id = data.comment_id;
     let orig_comment = blocking(context.pool(), move |conn| {
@@ -169,6 +172,7 @@ impl PerformCrud for RemoveComment {
       post,
       context.pool(),
       false,
+      &context.settings(),
     )
     .await?;
 

crates/api_crud/src/comment/read.rs

@@ -17,7 +17,8 @@ impl PerformCrud for GetComments {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetCommentsResponse, LemmyError> {
     let data: &GetComments = self;
-    let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
     let show_bot_accounts = local_user_view
       .as_ref()
@@ -31,7 +32,7 @@ impl PerformCrud for GetComments {
     let community_actor_id = data
       .community_name
       .as_ref()
-      .map(|t| build_actor_id_from_shortname(EndpointType::Community, t).ok())
+      .map(|t| build_actor_id_from_shortname(EndpointType::Community, t, &context.settings()).ok())
       .unwrap_or(None);
     let saved_only = data.saved_only;
     let page = data.page;

crates/api_crud/src/comment/update.rs

@@ -32,7 +32,8 @@ impl PerformCrud for EditComment {
     websocket_id: Option<ConnectionId>,
   ) -> Result<CommentResponse, LemmyError> {
     let data: &EditComment = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let comment_id = data.comment_id;
     let orig_comment = blocking(context.pool(), move |conn| {
@@ -54,7 +55,8 @@ impl PerformCrud for EditComment {
     }
 
     // Do the update
-    let content_slurs_removed = remove_slurs(&data.content.to_owned());
+    let content_slurs_removed =
+      remove_slurs(&data.content.to_owned(), &context.settings().slur_regex());
     let comment_id = data.comment_id;
     let updated_comment = blocking(context.pool(), move |conn| {
       Comment::update_content(conn, comment_id, &content_slurs_removed)
@@ -81,6 +83,7 @@ impl PerformCrud for EditComment {
       orig_comment.post,
       context.pool(),
       false,
+      &context.settings(),
     )
     .await?;
 

crates/api_crud/src/community/create.rs

@@ -45,23 +45,28 @@ impl PerformCrud for CreateCommunity {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<CommunityResponse, LemmyError> {
     let data: &CreateCommunity = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let site = blocking(context.pool(), move |conn| Site::read(conn, 0)).await??;
     if site.community_creation_admin_only && is_admin(&local_user_view).is_err() {
       return Err(ApiError::err("only_admins_can_create_communities").into());
     }
 
-    check_slurs(&data.name)?;
+    check_slurs(&data.name, &context.settings().slur_regex())?;
-    check_slurs(&data.title)?;
+    check_slurs(&data.title, &context.settings().slur_regex())?;
-    check_slurs_opt(&data.description)?;
+    check_slurs_opt(&data.description, &context.settings().slur_regex())?;
 
-    if !is_valid_actor_name(&data.name) {
+    if !is_valid_actor_name(&data.name, context.settings().actor_name_max_length) {
       return Err(ApiError::err("invalid_community_name").into());
     }
 
     // Double check for duplicate community actor_ids
-    let community_actor_id = generate_apub_endpoint(EndpointType::Community, &data.name)?;
+    let community_actor_id = generate_apub_endpoint(
+      EndpointType::Community,
+      &data.name,
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let actor_id_cloned = community_actor_id.to_owned();
     let community_dupe = blocking(context.pool(), move |conn| {
       Community::read_from_apub_id(conn, &actor_id_cloned)

crates/api_crud/src/community/delete.rs

@@ -21,7 +21,8 @@ impl PerformCrud for DeleteCommunity {
     websocket_id: Option<ConnectionId>,
   ) -> Result<CommunityResponse, LemmyError> {
     let data: &DeleteCommunity = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Fetch the community mods
     let community_id = data.community_id;
@@ -75,7 +76,8 @@ impl PerformCrud for RemoveCommunity {
     websocket_id: Option<ConnectionId>,
   ) -> Result<CommunityResponse, LemmyError> {
     let data: &RemoveCommunity = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Verify its an admin (only an admin can remove a community)
     is_admin(&local_user_view)?;

crates/api_crud/src/community/read.rs

@@ -27,14 +27,16 @@ impl PerformCrud for GetCommunity {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetCommunityResponse, LemmyError> {
     let data: &GetCommunity = self;
-    let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
     let person_id = local_user_view.map(|u| u.person.id);
 
     let community_id = match data.id {
       Some(id) => id,
       None => {
         let name = data.name.to_owned().unwrap_or_else(|| "main".to_string());
-        let community_actor_id = build_actor_id_from_shortname(EndpointType::Community, &name)?;
+        let community_actor_id =
+          build_actor_id_from_shortname(EndpointType::Community, &name, &context.settings())?;
 
         blocking(context.pool(), move |conn| {
           Community::read_from_apub_id(conn, &community_actor_id)
@@ -89,7 +91,8 @@ impl PerformCrud for ListCommunities {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<ListCommunitiesResponse, LemmyError> {
     let data: &ListCommunities = self;
-    let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
     let person_id = local_user_view.to_owned().map(|l| l.person.id);
 

crates/api_crud/src/community/update.rs

@@ -26,10 +26,11 @@ impl PerformCrud for EditCommunity {
     websocket_id: Option<ConnectionId>,
   ) -> Result<CommunityResponse, LemmyError> {
     let data: &EditCommunity = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
-    check_slurs_opt(&data.title)?;
+    check_slurs_opt(&data.title, &context.settings().slur_regex())?;
-    check_slurs_opt(&data.description)?;
+    check_slurs_opt(&data.description, &context.settings().slur_regex())?;
 
     // Verify its a mod (only mods can edit it)
     let community_id = data.community_id;

crates/api_crud/src/post/create.rs

@@ -38,10 +38,12 @@ impl PerformCrud for CreatePost {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PostResponse, LemmyError> {
     let data: &CreatePost = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
-    check_slurs(&data.name)?;
+    let slur_regex = &context.settings().slur_regex();
-    check_slurs_opt(&data.body)?;
+    check_slurs(&data.name, slur_regex)?;
+    check_slurs_opt(&data.body, slur_regex)?;
 
     if !is_valid_post_title(&data.name) {
       return Err(ApiError::err("invalid_post_title").into());
@@ -51,7 +53,8 @@ impl PerformCrud for CreatePost {
 
     // Fetch post links and pictrs cached image
     let data_url = data.url.as_ref();
-    let (metadata_res, pictrs_thumbnail) = fetch_site_data(context.client(), data_url).await;
+    let (metadata_res, pictrs_thumbnail) =
+      fetch_site_data(context.client(), &context.settings(), data_url).await;
     let (embed_title, embed_description, embed_html) = metadata_res
       .map(|u| (u.title, u.description, u.html))
       .unwrap_or((None, None, None));
@@ -85,8 +88,13 @@ impl PerformCrud for CreatePost {
       };
 
     let inserted_post_id = inserted_post.id;
+    let protocol_and_hostname = context.settings().get_protocol_and_hostname();
     let updated_post = blocking(context.pool(), move |conn| -> Result<Post, LemmyError> {
-      let apub_id = generate_apub_endpoint(EndpointType::Post, &inserted_post_id.to_string())?;
+      let apub_id = generate_apub_endpoint(
+        EndpointType::Post,
+        &inserted_post_id.to_string(),
+        &protocol_and_hostname,
+      )?;
       Ok(Post::update_ap_id(conn, inserted_post_id, apub_id)?)
     })
     .await?

crates/api_crud/src/post/delete.rs

@@ -23,7 +23,8 @@ impl PerformCrud for DeletePost {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PostResponse, LemmyError> {
     let data: &DeletePost = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let post_id = data.post_id;
     let orig_post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??;
@@ -83,7 +84,8 @@ impl PerformCrud for RemovePost {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PostResponse, LemmyError> {
     let data: &RemovePost = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     let post_id = data.post_id;
     let orig_post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??;

crates/api_crud/src/post/read.rs

@@ -24,7 +24,8 @@ impl PerformCrud for GetPost {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetPostResponse, LemmyError> {
     let data: &GetPost = self;
-    let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
     let show_bot_accounts = local_user_view
       .as_ref()
@@ -112,7 +113,8 @@ impl PerformCrud for GetPosts {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetPostsResponse, LemmyError> {
     let data: &GetPosts = self;
-    let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
     let person_id = local_user_view.to_owned().map(|l| l.person.id);
 
@@ -133,7 +135,7 @@ impl PerformCrud for GetPosts {
     let community_actor_id = data
       .community_name
       .as_ref()
-      .map(|t| build_actor_id_from_shortname(EndpointType::Community, t).ok())
+      .map(|t| build_actor_id_from_shortname(EndpointType::Community, t, &context.settings()).ok())
       .unwrap_or(None);
     let saved_only = data.saved_only;
 

crates/api_crud/src/post/update.rs

@@ -23,10 +23,12 @@ impl PerformCrud for EditPost {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PostResponse, LemmyError> {
     let data: &EditPost = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
-    check_slurs_opt(&data.name)?;
+    let slur_regex = &context.settings().slur_regex();
-    check_slurs_opt(&data.body)?;
+    check_slurs_opt(&data.name, slur_regex)?;
+    check_slurs_opt(&data.body, slur_regex)?;
 
     if let Some(name) = &data.name {
       if !is_valid_post_title(name) {
@@ -51,7 +53,8 @@ impl PerformCrud for EditPost {
 
     // Fetch post links and Pictrs cached image
     let data_url = data.url.as_ref();
-    let (metadata_res, pictrs_thumbnail) = fetch_site_data(context.client(), data_url).await;
+    let (metadata_res, pictrs_thumbnail) =
+      fetch_site_data(context.client(), &context.settings(), data_url).await;
     let (embed_title, embed_description, embed_html) = metadata_res
       .map(|u| (u.title, u.description, u.html))
       .unwrap_or((None, None, None));

crates/api_crud/src/private_message/create.rs

@@ -31,9 +31,11 @@ impl PerformCrud for CreatePrivateMessage {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PrivateMessageResponse, LemmyError> {
     let data: &CreatePrivateMessage = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
-    let content_slurs_removed = remove_slurs(&data.content.to_owned());
+    let content_slurs_removed =
+      remove_slurs(&data.content.to_owned(), &context.settings().slur_regex());
 
     check_person_block(local_user_view.person.id, data.recipient_id, context.pool()).await?;
 
@@ -56,12 +58,14 @@ impl PerformCrud for CreatePrivateMessage {
     };
 
     let inserted_private_message_id = inserted_private_message.id;
+    let protocol_and_hostname = context.settings().get_protocol_and_hostname();
     let updated_private_message = blocking(
       context.pool(),
       move |conn| -> Result<PrivateMessage, LemmyError> {
         let apub_id = generate_apub_endpoint(
           EndpointType::PrivateMessage,
           &inserted_private_message_id.to_string(),
+          &protocol_and_hostname,
         )?;
         Ok(PrivateMessage::update_ap_id(
           conn,
@@ -101,6 +105,7 @@ impl PerformCrud for CreatePrivateMessage {
         "Private Message from",
         "Private Message",
         &content_slurs_removed,
+        &context.settings(),
       );
     }
 

crates/api_crud/src/private_message/delete.rs

@@ -24,7 +24,8 @@ impl PerformCrud for DeletePrivateMessage {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PrivateMessageResponse, LemmyError> {
     let data: &DeletePrivateMessage = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Checking permissions
     let private_message_id = data.private_message_id;

crates/api_crud/src/private_message/read.rs

@@ -20,7 +20,8 @@ impl PerformCrud for GetPrivateMessages {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<PrivateMessagesResponse, LemmyError> {
     let data: &GetPrivateMessages = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
     let person_id = local_user_view.person.id;
 
     let page = data.page;

crates/api_crud/src/private_message/update.rs

@@ -24,7 +24,8 @@ impl PerformCrud for EditPrivateMessage {
     websocket_id: Option<ConnectionId>,
   ) -> Result<PrivateMessageResponse, LemmyError> {
     let data: &EditPrivateMessage = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Checking permissions
     let private_message_id = data.private_message_id;
@@ -37,7 +38,7 @@ impl PerformCrud for EditPrivateMessage {
     }
 
     // Doing the update
-    let content_slurs_removed = remove_slurs(&data.content);
+    let content_slurs_removed = remove_slurs(&data.content, &context.settings().slur_regex());
     let private_message_id = data.private_message_id;
     let updated_private_message = blocking(context.pool(), move |conn| {
       PrivateMessage::update_content(conn, private_message_id, &content_slurs_removed)

crates/api_crud/src/site/create.rs

@@ -39,10 +39,11 @@ impl PerformCrud for CreateSite {
       return Err(ApiError::err("site_already_exists").into());
     };
 
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
-    check_slurs(&data.name)?;
+    check_slurs(&data.name, &context.settings().slur_regex())?;
-    check_slurs_opt(&data.description)?;
+    check_slurs_opt(&data.description, &context.settings().slur_regex())?;
 
     // Make sure user is an admin
     is_admin(&local_user_view)?;

crates/api_crud/src/site/read.rs

@@ -15,7 +15,7 @@ use lemmy_db_views_actor::{
   person_block_view::PersonBlockView,
   person_view::PersonViewSafe,
 };
-use lemmy_utils::{settings::structs::Settings, version, ApiError, ConnectionId, LemmyError};
+use lemmy_utils::{version, ApiError, ConnectionId, LemmyError};
 use lemmy_websocket::{messages::GetUsersOnline, LemmyContext};
 use log::info;
 
@@ -34,7 +34,7 @@ impl PerformCrud for GetSite {
       Ok(site_view) => Some(site_view),
       // If the site isn't created yet, check the setup
       Err(_) => {
-        if let Some(setup) = Settings::get().setup.as_ref() {
+        if let Some(setup) = context.settings().setup.as_ref() {
           let register = Register {
             username: setup.admin_username.to_owned(),
             email: setup.admin_email.to_owned(),
@@ -91,7 +91,8 @@ impl PerformCrud for GetSite {
 
     // Build the local user
     let my_user = if let Some(local_user_view) =
-      get_local_user_settings_view_from_jwt_opt(&data.auth, context.pool()).await?
+      get_local_user_settings_view_from_jwt_opt(&data.auth, context.pool(), context.secret())
+        .await?
     {
       let person_id = local_user_view.person.id;
       let follows = blocking(context.pool(), move |conn| {
@@ -131,7 +132,12 @@ impl PerformCrud for GetSite {
       None
     };
 
-    let federated_instances = build_federated_instances(context.pool()).await?;
+    let federated_instances = build_federated_instances(
+      context.pool(),
+      &context.settings().federation,
+      &context.settings().hostname,
+    )
+    .await?;
 
     Ok(GetSiteResponse {
       site_view,

crates/api_crud/src/site/update.rs

@@ -30,10 +30,11 @@ impl PerformCrud for EditSite {
     websocket_id: Option<ConnectionId>,
   ) -> Result<SiteResponse, LemmyError> {
     let data: &EditSite = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
-    check_slurs_opt(&data.name)?;
+    check_slurs_opt(&data.name, &context.settings().slur_regex())?;
-    check_slurs_opt(&data.description)?;
+    check_slurs_opt(&data.description, &context.settings().slur_regex())?;
 
     // Make sure user is an admin
     is_admin(&local_user_view)?;

crates/api_crud/src/user/create.rs

@@ -29,7 +29,6 @@ use lemmy_db_views_actor::person_view::PersonViewSafe;
 use lemmy_utils::{
   apub::generate_actor_keypair,
   claims::Claims,
-  settings::structs::Settings,
   utils::{check_slurs, is_valid_actor_name},
   ApiError,
   ConnectionId,
@@ -69,7 +68,7 @@ impl PerformCrud for Register {
     .await??;
 
     // If its not the admin, check the captcha
-    if !no_admins && Settings::get().captcha.enabled {
+    if !no_admins && context.settings().captcha.enabled {
       let check = context
         .chat_server()
         .send(CheckCaptcha {
@@ -88,13 +87,17 @@ impl PerformCrud for Register {
       }
     }
 
-    check_slurs(&data.username)?;
+    check_slurs(&data.username, &context.settings().slur_regex())?;
 
     let actor_keypair = generate_actor_keypair()?;
-    if !is_valid_actor_name(&data.username) {
+    if !is_valid_actor_name(&data.username, context.settings().actor_name_max_length) {
       return Err(ApiError::err("invalid_username").into());
     }
-    let actor_id = generate_apub_endpoint(EndpointType::Person, &data.username)?;
+    let actor_id = generate_apub_endpoint(
+      EndpointType::Person,
+      &data.username,
+      &context.settings().get_protocol_and_hostname(),
+    )?;
 
     // We have to create both a person, and local_user
 
@@ -164,6 +167,7 @@ impl PerformCrud for Register {
     let main_community_keypair = generate_actor_keypair()?;
 
     // Create the main community if it doesn't exist
+    let protocol_and_hostname = context.settings().get_protocol_and_hostname();
     let main_community = match blocking(context.pool(), move |conn| {
       Community::read(conn, CommunityId(2))
     })
@@ -172,7 +176,11 @@ impl PerformCrud for Register {
       Ok(c) => c,
       Err(_e) => {
         let default_community_name = "main";
-        let actor_id = generate_apub_endpoint(EndpointType::Community, default_community_name)?;
+        let actor_id = generate_apub_endpoint(
+          EndpointType::Community,
+          default_community_name,
+          &protocol_and_hostname,
+        )?;
         let community_form = CommunityForm {
           name: default_community_name.to_string(),
           title: "The Default Community".to_string(),
@@ -219,7 +227,11 @@ impl PerformCrud for Register {
 
     // Return the jwt
     Ok(LoginResponse {
-      jwt: Claims::jwt(inserted_local_user.id.0)?,
+      jwt: Claims::jwt(
+        inserted_local_user.id.0,
+        &context.secret().jwt_secret,
+        &context.settings().hostname,
+      )?,
     })
   }
 }

crates/api_crud/src/user/delete.rs

@@ -17,7 +17,8 @@ impl PerformCrud for DeleteAccount {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<LoginResponse, LemmyError> {
     let data: &DeleteAccount = self;
-    let local_user_view = get_local_user_view_from_jwt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
 
     // Verify the password
     let valid: bool = verify(

crates/api_crud/src/user/read.rs

@@ -22,7 +22,8 @@ impl PerformCrud for GetPersonDetails {
     _websocket_id: Option<ConnectionId>,
   ) -> Result<GetPersonDetailsResponse, LemmyError> {
     let data: &GetPersonDetails = self;
-    let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool()).await?;
+    let local_user_view =
+      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
     let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw);
     let show_bot_accounts = local_user_view
@@ -41,7 +42,8 @@ impl PerformCrud for GetPersonDetails {
           .username
           .to_owned()
           .unwrap_or_else(|| "admin".to_string());
-        let actor_id = build_actor_id_from_shortname(EndpointType::Person, &name)?;
+        let actor_id =
+          build_actor_id_from_shortname(EndpointType::Person, &name, &context.settings())?;
 
         let person = blocking(context.pool(), move |conn| {
           Person::read_from_apub_id(conn, &actor_id)

crates/apub/src/activities/comment/create_or_update.rs

@@ -57,7 +57,10 @@ impl CreateOrUpdateComment {
     })
     .await??;
 
-    let id = generate_activity_id(kind.clone())?;
+    let id = generate_activity_id(
+      kind.clone(),
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let maa = collect_non_local_mentions(comment, &community, context).await?;
 
     let create_or_update = CreateOrUpdateComment {
@@ -87,7 +90,7 @@ impl ActivityHandler for CreateOrUpdateComment {
     let community = extract_community(&self.cc, context, request_counter).await?;
     let community_id = ObjectId::new(community.actor_id());
 
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_person_in_community(&self.actor, &community_id, context, request_counter).await?;
     verify_domains_match(self.actor.inner(), self.object.id_unchecked())?;
     // TODO: should add a check that the correct community is in cc (probably needs changes to

crates/apub/src/activities/comment/mod.rs

@@ -14,13 +14,11 @@ use lemmy_db_schema::{
 };
 use lemmy_utils::{
   request::{retry, RecvError},
-  settings::structs::Settings,
   utils::{scrape_text_for_mentions, MentionData},
   LemmyError,
 };
 use lemmy_websocket::LemmyContext;
 use log::debug;
-use reqwest::Client;
 use url::Url;
 
 pub mod create_or_update;
@@ -41,7 +39,16 @@ async fn get_notif_recipients(
   // anyway.
   // TODO: for compatibility with other projects, it would be much better to read this from cc or tags
   let mentions = scrape_text_for_mentions(&comment.content);
-  send_local_notifs(mentions, comment.clone(), actor, post, context.pool(), true).await
+  send_local_notifs(
+    mentions,
+    comment.clone(),
+    actor,
+    post,
+    context.pool(),
+    true,
+    &context.settings(),
+  )
+  .await
 }
 
 pub struct MentionsAndAddresses {
@@ -70,12 +77,12 @@ pub async fn collect_non_local_mentions(
   let mentions = scrape_text_for_mentions(&comment.content)
     .into_iter()
     // Filter only the non-local ones
-    .filter(|m| !m.is_local())
+    .filter(|m| !m.is_local(&context.settings().hostname))
     .collect::<Vec<MentionData>>();
 
   for mention in &mentions {
     // TODO should it be fetching it every time?
-    if let Ok(actor_id) = fetch_webfinger_url(mention, context.client()).await {
+    if let Ok(actor_id) = fetch_webfinger_url(mention, context).await {
       let actor_id: ObjectId<Person> = ObjectId::new(actor_id);
       debug!("mention actor_id: {}", actor_id);
       addressed_ccs.push(actor_id.to_owned().to_string().parse()?);
@@ -120,17 +127,20 @@ async fn get_comment_parent_creator(
 
 /// Turns a person id like `@name@example.com` into an apub ID, like `https://example.com/user/name`,
 /// using webfinger.
-async fn fetch_webfinger_url(mention: &MentionData, client: &Client) -> Result<Url, LemmyError> {
+async fn fetch_webfinger_url(
+  mention: &MentionData,
+  context: &LemmyContext,
+) -> Result<Url, LemmyError> {
   let fetch_url = format!(
     "{}://{}/.well-known/webfinger?resource=acct:{}@{}",
-    Settings::get().get_protocol_string(),
+    context.settings().get_protocol_string(),
     mention.domain,
     mention.name,
     mention.domain
   );
   debug!("Fetching webfinger url: {}", &fetch_url);
 
-  let response = retry(|| client.get(&fetch_url).send()).await?;
+  let response = retry(|| context.client().get(&fetch_url).send()).await?;
 
   let res: WebfingerResponse = response
     .json()

crates/apub/src/activities/community/add_mod.rs

@@ -55,7 +55,10 @@ impl AddMod {
     actor: &Person,
     context: &LemmyContext,
   ) -> Result<(), LemmyError> {
-    let id = generate_activity_id(AddType::Add)?;
+    let id = generate_activity_id(
+      AddType::Add,
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let add = AddMod {
       actor: ObjectId::new(actor.actor_id()),
       to: [PublicUrl::Public],
@@ -81,7 +84,7 @@ impl ActivityHandler for AddMod {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_person_in_community(&self.actor, &self.cc[0], context, request_counter).await?;
     verify_mod_action(&self.actor, self.cc[0].clone(), context).await?;
     verify_add_remove_moderator_target(&self.target, &self.cc[0])?;

crates/apub/src/activities/community/announce.rs

@@ -84,7 +84,10 @@ impl AnnounceActivity {
       object,
       cc: vec![community.followers_url()],
       kind: AnnounceType::Announce,
-      id: generate_activity_id(&AnnounceType::Announce)?,
+      id: generate_activity_id(
+        &AnnounceType::Announce,
+        &context.settings().get_protocol_and_hostname(),
+      )?,
       context: lemmy_context(),
       unparsed: Default::default(),
     };
@@ -100,7 +103,7 @@ impl ActivityHandler for AnnounceActivity {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_community(&self.actor, context, request_counter).await?;
     self.object.verify(context, request_counter).await?;
     Ok(())

crates/apub/src/activities/community/block_user.rs

@@ -56,6 +56,7 @@ impl BlockUserFromCommunity {
     community: &Community,
     target: &Person,
     actor: &Person,
+    context: &LemmyContext,
   ) -> Result<BlockUserFromCommunity, LemmyError> {
     Ok(BlockUserFromCommunity {
       actor: ObjectId::new(actor.actor_id()),
@@ -63,7 +64,10 @@ impl BlockUserFromCommunity {
       object: ObjectId::new(target.actor_id()),
       cc: [ObjectId::new(community.actor_id())],
       kind: BlockType::Block,
-      id: generate_activity_id(BlockType::Block)?,
+      id: generate_activity_id(
+        BlockType::Block,
+        &context.settings().get_protocol_and_hostname(),
+      )?,
       context: lemmy_context(),
       unparsed: Default::default(),
     })
@@ -75,7 +79,7 @@ impl BlockUserFromCommunity {
     actor: &Person,
     context: &LemmyContext,
   ) -> Result<(), LemmyError> {
-    let block = BlockUserFromCommunity::new(community, target, actor)?;
+    let block = BlockUserFromCommunity::new(community, target, actor, context)?;
     let block_id = block.id.clone();
 
     let activity = AnnouncableActivities::BlockUserFromCommunity(block);
@@ -91,7 +95,7 @@ impl ActivityHandler for BlockUserFromCommunity {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_person_in_community(&self.actor, &self.cc[0], context, request_counter).await?;
     verify_mod_action(&self.actor, self.cc[0].clone(), context).await?;
     Ok(())

crates/apub/src/activities/community/mod.rs

@@ -1,7 +1,7 @@
 use crate::{check_is_apub_id_valid, CommunityType};
 use itertools::Itertools;
 use lemmy_db_schema::source::community::Community;
-use lemmy_utils::{settings::structs::Settings, LemmyError};
+use lemmy_utils::LemmyError;
 use lemmy_websocket::LemmyContext;
 use url::Url;
 
@@ -19,14 +19,16 @@ async fn list_community_follower_inboxes(
 ) -> Result<Vec<Url>, LemmyError> {
   Ok(
     vec![
-      community.get_follower_inboxes(context.pool()).await?,
+      community
+        .get_follower_inboxes(context.pool(), &context.settings())
+        .await?,
       additional_inboxes,
     ]
     .iter()
     .flatten()
     .unique()
-    .filter(|inbox| inbox.host_str() != Some(&Settings::get().hostname))
+    .filter(|inbox| inbox.host_str() != Some(&context.settings().hostname))
-    .filter(|inbox| check_is_apub_id_valid(inbox, false).is_ok())
+    .filter(|inbox| check_is_apub_id_valid(inbox, false, &context.settings()).is_ok())
     .map(|inbox| inbox.to_owned())
     .collect(),
   )

crates/apub/src/activities/community/remove_mod.rs

@@ -57,7 +57,10 @@ impl RemoveMod {
     actor: &Person,
     context: &LemmyContext,
   ) -> Result<(), LemmyError> {
-    let id = generate_activity_id(RemoveType::Remove)?;
+    let id = generate_activity_id(
+      RemoveType::Remove,
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let remove = RemoveMod {
       actor: ObjectId::new(actor.actor_id()),
       to: [PublicUrl::Public],
@@ -83,7 +86,7 @@ impl ActivityHandler for RemoveMod {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     if let Some(target) = &self.target {
       verify_person_in_community(&self.actor, &self.cc[0], context, request_counter).await?;
       verify_mod_action(&self.actor, self.cc[0].clone(), context).await?;

crates/apub/src/activities/community/undo_block_user.rs

@@ -52,9 +52,12 @@ impl UndoBlockUserFromCommunity {
     actor: &Person,
     context: &LemmyContext,
   ) -> Result<(), LemmyError> {
-    let block = BlockUserFromCommunity::new(community, target, actor)?;
+    let block = BlockUserFromCommunity::new(community, target, actor, context)?;
 
-    let id = generate_activity_id(UndoType::Undo)?;
+    let id = generate_activity_id(
+      UndoType::Undo,
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let undo = UndoBlockUserFromCommunity {
       actor: ObjectId::new(actor.actor_id()),
       to: [PublicUrl::Public],
@@ -79,7 +82,7 @@ impl ActivityHandler for UndoBlockUserFromCommunity {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_person_in_community(&self.actor, &self.cc[0], context, request_counter).await?;
     verify_mod_action(&self.actor, self.cc[0].clone(), context).await?;
     self.object.verify(context, request_counter).await?;

crates/apub/src/activities/community/update.rs

@@ -55,7 +55,10 @@ impl UpdateCommunity {
     actor: &Person,
     context: &LemmyContext,
   ) -> Result<(), LemmyError> {
-    let id = generate_activity_id(UpdateType::Update)?;
+    let id = generate_activity_id(
+      UpdateType::Update,
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let update = UpdateCommunity {
       actor: ObjectId::new(actor.actor_id()),
       to: [PublicUrl::Public],
@@ -79,7 +82,7 @@ impl ActivityHandler for UpdateCommunity {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_person_in_community(&self.actor, &self.cc[0], context, request_counter).await?;
     verify_mod_action(&self.actor, self.cc[0].clone(), context).await?;
     Ok(())
@@ -96,8 +99,12 @@ impl ActivityHandler for UpdateCommunity {
     })
     .await??;
 
-    let updated_community =
+    let updated_community = Group::from_apub_to_form(
-      Group::from_apub_to_form(&self.object, &community.actor_id.clone().into()).await?;
+      &self.object,
+      &community.actor_id.clone().into(),
+      &context.settings(),
+    )
+    .await?;
     let cf = CommunityForm {
       name: updated_community.name,
       title: updated_community.title,

crates/apub/src/activities/deletion/delete.rs

@@ -87,7 +87,7 @@ impl ActivityHandler for Delete {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_delete_activity(
       &self.object,
       self,
@@ -138,6 +138,7 @@ impl Delete {
     community: &Community,
     object_id: Url,
     summary: Option<String>,
+    context: &LemmyContext,
   ) -> Result<Delete, LemmyError> {
     Ok(Delete {
       actor: ObjectId::new(actor.actor_id()),
@@ -146,7 +147,10 @@ impl Delete {
       cc: [ObjectId::new(community.actor_id())],
       kind: DeleteType::Delete,
       summary,
-      id: generate_activity_id(DeleteType::Delete)?,
+      id: generate_activity_id(
+        DeleteType::Delete,
+        &context.settings().get_protocol_and_hostname(),
+      )?,
       context: lemmy_context(),
       unparsed: Default::default(),
     })
@@ -158,7 +162,7 @@ impl Delete {
     summary: Option<String>,
     context: &LemmyContext,
   ) -> Result<(), LemmyError> {
-    let delete = Delete::new(actor, community, object_id, summary)?;
+    let delete = Delete::new(actor, community, object_id, summary, context)?;
     let delete_id = delete.id.clone();
 
     let activity = AnnouncableActivities::Delete(delete);

crates/apub/src/activities/deletion/undo_delete.rs

@@ -59,7 +59,7 @@ impl ActivityHandler for UndoDelete {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     self.object.verify(context, request_counter).await?;
     verify_delete_activity(
       &self.object.object,
@@ -106,9 +106,12 @@ impl UndoDelete {
     summary: Option<String>,
     context: &LemmyContext,
   ) -> Result<(), LemmyError> {
-    let object = Delete::new(actor, community, object_id, summary)?;
+    let object = Delete::new(actor, community, object_id, summary, context)?;
 
-    let id = generate_activity_id(UndoType::Undo)?;
+    let id = generate_activity_id(
+      UndoType::Undo,
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let undo = UndoDelete {
       actor: ObjectId::new(actor.actor_id()),
       to: [PublicUrl::Public],

crates/apub/src/activities/following/accept.rs

@@ -61,7 +61,10 @@ impl AcceptFollowCommunity {
       to: ObjectId::new(person.actor_id()),
       object: follow,
       kind: AcceptType::Accept,
-      id: generate_activity_id(AcceptType::Accept)?,
+      id: generate_activity_id(
+        AcceptType::Accept,
+        &context.settings().get_protocol_and_hostname(),
+      )?,
       context: lemmy_context(),
       unparsed: Default::default(),
     };
@@ -77,7 +80,7 @@ impl ActivityHandler for AcceptFollowCommunity {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_urls_match(self.to.inner(), self.object.actor())?;
     verify_urls_match(self.actor(), self.object.to.inner())?;
     verify_community(&self.actor, context, request_counter).await?;

crates/apub/src/activities/following/follow.rs

@@ -48,13 +48,17 @@ impl FollowCommunity {
   pub(in crate::activities::following) fn new(
     actor: &Person,
     community: &Community,
+    context: &LemmyContext,
   ) -> Result<FollowCommunity, LemmyError> {
     Ok(FollowCommunity {
       actor: ObjectId::new(actor.actor_id()),
       to: ObjectId::new(community.actor_id()),
       object: ObjectId::new(community.actor_id()),
       kind: FollowType::Follow,
-      id: generate_activity_id(FollowType::Follow)?,
+      id: generate_activity_id(
+        FollowType::Follow,
+        &context.settings().get_protocol_and_hostname(),
+      )?,
       context: lemmy_context(),
       unparsed: Default::default(),
     })
@@ -74,7 +78,7 @@ impl FollowCommunity {
     })
     .await?;
 
-    let follow = FollowCommunity::new(actor, community)?;
+    let follow = FollowCommunity::new(actor, community, context)?;
     let inbox = vec![community.inbox_url.clone().into()];
     send_activity_new(context, &follow, &follow.id, actor, inbox, true).await
   }
@@ -87,7 +91,7 @@ impl ActivityHandler for FollowCommunity {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_urls_match(self.to.inner(), self.object.inner())?;
     verify_person(&self.actor, context, request_counter).await?;
     Ok(())

crates/apub/src/activities/following/undo.rs

@@ -49,13 +49,16 @@ impl UndoFollowCommunity {
     community: &Community,
     context: &LemmyContext,
   ) -> Result<(), LemmyError> {
-    let object = FollowCommunity::new(actor, community)?;
+    let object = FollowCommunity::new(actor, community, context)?;
     let undo = UndoFollowCommunity {
       actor: ObjectId::new(actor.actor_id()),
       to: ObjectId::new(community.actor_id()),
       object,
       kind: UndoType::Undo,
-      id: generate_activity_id(UndoType::Undo)?,
+      id: generate_activity_id(
+        UndoType::Undo,
+        &context.settings().get_protocol_and_hostname(),
+      )?,
       context: lemmy_context(),
       unparsed: Default::default(),
     };
@@ -71,7 +74,7 @@ impl ActivityHandler for UndoFollowCommunity {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_urls_match(self.to.inner(), self.object.object.inner())?;
     verify_urls_match(self.actor(), self.object.actor())?;
     verify_person(&self.actor, context, request_counter).await?;

crates/apub/src/activities/mod.rs

@@ -91,8 +91,8 @@ async fn verify_community(
   Ok(())
 }
 
-fn verify_activity(activity: &dyn ActivityFields) -> Result<(), LemmyError> {
+fn verify_activity(activity: &dyn ActivityFields, settings: &Settings) -> Result<(), LemmyError> {
-  check_is_apub_id_valid(activity.actor(), false)?;
+  check_is_apub_id_valid(activity.actor(), false, settings)?;
   verify_domains_match(activity.id_unchecked(), activity.actor())?;
   Ok(())
 }
@@ -146,13 +146,13 @@ fn verify_add_remove_moderator_target(
 
 /// Generate a unique ID for an activity, in the format:
 /// `http(s)://example.com/receive/create/202daf0a-1489-45df-8d2e-c8a3173fed36`
-fn generate_activity_id<T>(kind: T) -> Result<Url, ParseError>
+fn generate_activity_id<T>(kind: T, protocol_and_hostname: &str) -> Result<Url, ParseError>
 where
   T: ToString,
 {
   let id = format!(
     "{}/activities/{}/{}",
-    Settings::get().get_protocol_and_hostname(),
+    protocol_and_hostname,
     kind.to_string().to_lowercase(),
     Uuid::new_v4()
   );

crates/apub/src/activities/post/create_or_update.rs

@@ -59,7 +59,10 @@ impl CreateOrUpdatePost {
     })
     .await??;
 
-    let id = generate_activity_id(kind.clone())?;
+    let id = generate_activity_id(
+      kind.clone(),
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let create_or_update = CreateOrUpdatePost {
       actor: ObjectId::new(actor.actor_id()),
       to: [PublicUrl::Public],
@@ -83,7 +86,7 @@ impl ActivityHandler for CreateOrUpdatePost {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     let community = self.cc[0].dereference(context, request_counter).await?;
     verify_person_in_community(&self.actor, &self.cc[0], context, request_counter).await?;
     match self.kind {

crates/apub/src/activities/private_message/create_or_update.rs

@@ -42,7 +42,10 @@ impl CreateOrUpdatePrivateMessage {
     let recipient =
       blocking(context.pool(), move |conn| Person::read(conn, recipient_id)).await??;
 
-    let id = generate_activity_id(kind.clone())?;
+    let id = generate_activity_id(
+      kind.clone(),
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let create_or_update = CreateOrUpdatePrivateMessage {
       context: lemmy_context(),
       id: id.clone(),
@@ -63,7 +66,7 @@ impl ActivityHandler for CreateOrUpdatePrivateMessage {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_person(&self.actor, context, request_counter).await?;
     verify_domains_match(self.actor.inner(), self.object.id_unchecked())?;
     self.object.verify(context, request_counter).await?;

crates/apub/src/activities/private_message/delete.rs

@@ -39,13 +39,17 @@ impl DeletePrivateMessage {
   pub(in crate::activities::private_message) fn new(
     actor: &Person,
     pm: &PrivateMessage,
+    context: &LemmyContext,
   ) -> Result<DeletePrivateMessage, LemmyError> {
     Ok(DeletePrivateMessage {
       actor: ObjectId::new(actor.actor_id()),
       to: ObjectId::new(actor.actor_id()),
       object: pm.ap_id.clone().into(),
       kind: DeleteType::Delete,
-      id: generate_activity_id(DeleteType::Delete)?,
+      id: generate_activity_id(
+        DeleteType::Delete,
+        &context.settings().get_protocol_and_hostname(),
+      )?,
       context: lemmy_context(),
       unparsed: Default::default(),
     })
@@ -55,7 +59,7 @@ impl DeletePrivateMessage {
     pm: &PrivateMessage,
     context: &LemmyContext,
   ) -> Result<(), LemmyError> {
-    let delete = DeletePrivateMessage::new(actor, pm)?;
+    let delete = DeletePrivateMessage::new(actor, pm, context)?;
     let delete_id = delete.id.clone();
 
     let recipient_id = pm.recipient_id;
@@ -73,7 +77,7 @@ impl ActivityHandler for DeletePrivateMessage {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_person(&self.actor, context, request_counter).await?;
     verify_domains_match(self.actor.inner(), &self.object)?;
     Ok(())

crates/apub/src/activities/private_message/undo_delete.rs

@@ -50,8 +50,11 @@ impl UndoDeletePrivateMessage {
     let recipient =
       blocking(context.pool(), move |conn| Person::read(conn, recipient_id)).await??;
 
-    let object = DeletePrivateMessage::new(actor, pm)?;
+    let object = DeletePrivateMessage::new(actor, pm, context)?;
-    let id = generate_activity_id(UndoType::Undo)?;
+    let id = generate_activity_id(
+      UndoType::Undo,
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let undo = UndoDeletePrivateMessage {
       actor: ObjectId::new(actor.actor_id()),
       to: ObjectId::new(recipient.actor_id()),
@@ -73,7 +76,7 @@ impl ActivityHandler for UndoDeletePrivateMessage {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_person(&self.actor, context, request_counter).await?;
     verify_urls_match(self.actor(), self.object.actor())?;
     verify_domains_match(self.actor(), &self.object.object)?;

crates/apub/src/activities/send/community.rs

@@ -4,7 +4,7 @@ use lemmy_api_common::blocking;
 use lemmy_db_queries::DbPool;
 use lemmy_db_schema::source::community::Community;
 use lemmy_db_views_actor::community_follower_view::CommunityFollowerView;
-use lemmy_utils::LemmyError;
+use lemmy_utils::{settings::structs::Settings, LemmyError};
 use url::Url;
 
 impl ActorType for Community {
@@ -40,7 +40,11 @@ impl CommunityType for Community {
   }
 
   /// For a given community, returns the inboxes of all followers.
-  async fn get_follower_inboxes(&self, pool: &DbPool) -> Result<Vec<Url>, LemmyError> {
+  async fn get_follower_inboxes(
+    &self,
+    pool: &DbPool,
+    settings: &Settings,
+  ) -> Result<Vec<Url>, LemmyError> {
     let id = self.id;
 
     let follows = blocking(pool, move |conn| {
@@ -54,7 +58,7 @@ impl CommunityType for Community {
       .map(|i| i.into_inner())
       .unique()
       // Don't send to blocked instances
-      .filter(|inbox| check_is_apub_id_valid(inbox, false).is_ok())
+      .filter(|inbox| check_is_apub_id_valid(inbox, false, settings).is_ok())
       .collect();
 
     Ok(inboxes)

crates/apub/src/activities/undo_remove.rs

@@ -43,7 +43,7 @@ impl ActivityHandler for UndoRemovePostCommentOrCommunity {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     self.object.verify(context, request_counter).await?;
 
     verify_delete_activity(

crates/apub/src/activities/voting/undo_vote.rs

@@ -64,8 +64,11 @@ impl UndoVote {
     })
     .await??;
 
-    let object = Vote::new(object, actor, &community, kind.clone())?;
+    let object = Vote::new(object, actor, &community, kind.clone(), context)?;
-    let id = generate_activity_id(UndoType::Undo)?;
+    let id = generate_activity_id(
+      UndoType::Undo,
+      &context.settings().get_protocol_and_hostname(),
+    )?;
     let undo_vote = UndoVote {
       actor: ObjectId::new(actor.actor_id()),
       to: [PublicUrl::Public],
@@ -88,7 +91,7 @@ impl ActivityHandler for UndoVote {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_person_in_community(&self.actor, &self.cc[0], context, request_counter).await?;
     verify_urls_match(self.actor(), self.object.actor())?;
     self.object.verify(context, request_counter).await?;

crates/apub/src/activities/voting/vote.rs

@@ -77,6 +77,7 @@ impl Vote {
     actor: &Person,
     community: &Community,
     kind: VoteType,
+    context: &LemmyContext,
   ) -> Result<Vote, LemmyError> {
     Ok(Vote {
       actor: ObjectId::new(actor.actor_id()),
@@ -84,7 +85,7 @@ impl Vote {
       object: ObjectId::new(object.ap_id()),
       cc: [ObjectId::new(community.actor_id())],
       kind: kind.clone(),
-      id: generate_activity_id(kind)?,
+      id: generate_activity_id(kind, &context.settings().get_protocol_and_hostname())?,
       context: lemmy_context(),
       unparsed: Default::default(),
     })
@@ -101,7 +102,7 @@ impl Vote {
       Community::read(conn, community_id)
     })
     .await??;
-    let vote = Vote::new(object, actor, &community, kind)?;
+    let vote = Vote::new(object, actor, &community, kind, context)?;
     let vote_id = vote.id.clone();
 
     let activity = AnnouncableActivities::Vote(vote);
@@ -116,7 +117,7 @@ impl ActivityHandler for Vote {
     context: &LemmyContext,
     request_counter: &mut i32,
   ) -> Result<(), LemmyError> {
-    verify_activity(self)?;
+    verify_activity(self, &context.settings())?;
     verify_person_in_community(&self.actor, &self.cc[0], context, request_counter).await?;
     Ok(())
   }

crates/apub/src/activity_queue.rs

@@ -16,7 +16,7 @@ use background_jobs::{
   WorkerConfig,
 };
 use lemmy_db_schema::source::community::Community;
-use lemmy_utils::{location_info, settings::structs::Settings, LemmyError};
+use lemmy_utils::{location_info, LemmyError};
 use lemmy_websocket::LemmyContext;
 use log::{info, warn};
 use reqwest::Client;
@@ -56,7 +56,7 @@ pub(crate) async fn send_activity_new<T>(
 where
   T: Serialize,
 {
-  if !Settings::get().federation.enabled || inboxes.is_empty() {
+  if !context.settings().federation.enabled || inboxes.is_empty() {
     return Ok(());
   }
 
@@ -64,7 +64,7 @@ where
 
   // Don't send anything to ourselves
   // TODO: this should be a debug assert
-  let hostname = Settings::get().get_hostname_without_port()?;
+  let hostname = context.settings().get_hostname_without_port()?;
   let inboxes: Vec<&Url> = inboxes
     .iter()
     .filter(|i| i.domain().expect("valid inbox url") != hostname)

crates/apub/src/fetcher/community.rs

@@ -73,8 +73,13 @@ pub(crate) async fn fetch_community_outbox(
   outbox: &Url,
   recursion_counter: &mut i32,
 ) -> Result<(), LemmyError> {
-  let outbox =
+  let outbox = fetch_remote_object::<OrderedCollection>(
-    fetch_remote_object::<OrderedCollection>(context.client(), outbox, recursion_counter).await?;
+    context.client(),
+    &context.settings(),
+    outbox,
+    recursion_counter,
+  )
+  .await?;
   let outbox_activities = outbox.items().context(location_info!())?.clone();
   let mut outbox_activities = outbox_activities.many().context(location_info!())?;
   if outbox_activities.len() > 20 {
@@ -98,8 +103,12 @@ async fn fetch_community_mods(
   recursion_counter: &mut i32,
 ) -> Result<Vec<Url>, LemmyError> {
   if let Some(mods_url) = &group.moderators {
-    let mods =
+    let mods = fetch_remote_object::<OrderedCollection>(
-      fetch_remote_object::<OrderedCollection>(context.client(), mods_url, recursion_counter)
+      context.client(),
+      &context.settings(),
+      mods_url,
+      recursion_counter,
+    )
     .await?;
     let mods = mods
       .items()

crates/apub/src/fetcher/fetch.rs

@@ -1,6 +1,6 @@
 use crate::{check_is_apub_id_valid, APUB_JSON_CONTENT_TYPE};
 use anyhow::anyhow;
-use lemmy_utils::{request::retry, LemmyError};
+use lemmy_utils::{request::retry, settings::structs::Settings, LemmyError};
 use log::info;
 use reqwest::Client;
 use serde::Deserialize;
@@ -18,6 +18,7 @@ static MAX_REQUEST_NUMBER: i32 = 25;
 /// timeouts etc.
 pub(in crate::fetcher) async fn fetch_remote_object<Response>(
   client: &Client,
+  settings: &Settings,
   url: &Url,
   recursion_counter: &mut i32,
 ) -> Result<Response, LemmyError>
@@ -28,7 +29,7 @@ where
   if *recursion_counter > MAX_REQUEST_NUMBER {
     return Err(anyhow!("Maximum recursion depth reached").into());
   }
-  check_is_apub_id_valid(url, false)?;
+  check_is_apub_id_valid(url, false, settings)?;
 
   let timeout = Duration::from_secs(60);
 

crates/apub/src/fetcher/objects.rs

@@ -0,0 +1,107 @@
+use crate::{
+  fetcher::fetch::fetch_remote_object,
+  objects::{comment::Note, post::Page, FromApub},
+  PostOrComment,
+};
+use anyhow::anyhow;
+use diesel::result::Error::NotFound;
+use lemmy_api_common::blocking;
+use lemmy_db_queries::{ApubObject, Crud};
+use lemmy_db_schema::source::{comment::Comment, post::Post};
+use lemmy_utils::LemmyError;
+use lemmy_websocket::LemmyContext;
+use log::debug;
+use url::Url;
+
+/// Gets a post by its apub ID. If it exists locally, it is returned directly. Otherwise it is
+/// pulled from its apub ID, inserted and returned.
+///
+/// The parent community is also pulled if necessary. Comments are not pulled.
+pub(crate) async fn get_or_fetch_and_insert_post(
+  post_ap_id: &Url,
+  context: &LemmyContext,
+  recursion_counter: &mut i32,
+) -> Result<Post, LemmyError> {
+  let post_ap_id_owned = post_ap_id.to_owned();
+  let post = blocking(context.pool(), move |conn| {
+    Post::read_from_apub_id(conn, &post_ap_id_owned.into())
+  })
+  .await?;
+
+  match post {
+    Ok(p) => Ok(p),
+    Err(NotFound {}) => {
+      debug!("Fetching and creating remote post: {}", post_ap_id);
+      let page = fetch_remote_object::<Page>(
+        context.client(),
+        &context.settings(),
+        post_ap_id,
+        recursion_counter,
+      )
+      .await?;
+      let post = Post::from_apub(&page, context, post_ap_id, recursion_counter).await?;
+
+      Ok(post)
+    }
+    Err(e) => Err(e.into()),
+  }
+}
+
+/// Gets a comment by its apub ID. If it exists locally, it is returned directly. Otherwise it is
+/// pulled from its apub ID, inserted and returned.
+///
+/// The parent community, post and comment are also pulled if necessary.
+pub(crate) async fn get_or_fetch_and_insert_comment(
+  comment_ap_id: &Url,
+  context: &LemmyContext,
+  recursion_counter: &mut i32,
+) -> Result<Comment, LemmyError> {
+  let comment_ap_id_owned = comment_ap_id.to_owned();
+  let comment = blocking(context.pool(), move |conn| {
+    Comment::read_from_apub_id(conn, &comment_ap_id_owned.into())
+  })
+  .await?;
+
+  match comment {
+    Ok(p) => Ok(p),
+    Err(NotFound {}) => {
+      debug!(
+        "Fetching and creating remote comment and its parents: {}",
+        comment_ap_id
+      );
+      let comment = fetch_remote_object::<Note>(
+        context.client(),
+        &context.settings(),
+        comment_ap_id,
+        recursion_counter,
+      )
+      .await?;
+      let comment = Comment::from_apub(&comment, context, comment_ap_id, recursion_counter).await?;
+
+      let post_id = comment.post_id;
+      let post = blocking(context.pool(), move |conn| Post::read(conn, post_id)).await??;
+      if post.locked {
+        return Err(anyhow!("Post is locked").into());
+      }
+
+      Ok(comment)
+    }
+    Err(e) => Err(e.into()),
+  }
+}
+
+pub(crate) async fn get_or_fetch_and_insert_post_or_comment(
+  ap_id: &Url,
+  context: &LemmyContext,
+  recursion_counter: &mut i32,
+) -> Result<PostOrComment, LemmyError> {
+  Ok(
+    match get_or_fetch_and_insert_post(ap_id, context, recursion_counter).await {
+      Ok(p) => PostOrComment::Post(Box::new(p)),
+      Err(_) => {
+        let c = get_or_fetch_and_insert_comment(ap_id, context, recursion_counter).await?;
+        PostOrComment::Comment(Box::new(c))
+      }
+    },
+  )
+}

crates/apub/src/fetcher/person.rs

@@ -0,0 +1,80 @@
+use crate::{
+  fetcher::{fetch::fetch_remote_object, is_deleted, should_refetch_actor},
+  objects::{person::Person as ApubPerson, FromApub},
+};
+use anyhow::anyhow;
+use diesel::result::Error::NotFound;
+use lemmy_api_common::blocking;
+use lemmy_db_queries::{source::person::Person_, ApubObject};
+use lemmy_db_schema::source::person::Person;
+use lemmy_utils::LemmyError;
+use lemmy_websocket::LemmyContext;
+use log::debug;
+use url::Url;
+
+/// Get a person from its apub ID.
+///
+/// If it exists locally and `!should_refetch_actor()`, it is returned directly from the database.
+/// Otherwise it is fetched from the remote instance, stored and returned.
+pub(crate) async fn get_or_fetch_and_upsert_person(
+  apub_id: &Url,
+  context: &LemmyContext,
+  recursion_counter: &mut i32,
+) -> Result<Person, LemmyError> {
+  let apub_id_owned = apub_id.to_owned();
+  let person = blocking(context.pool(), move |conn| {
+    Person::read_from_apub_id(conn, &apub_id_owned.into())
+  })
+  .await?;
+
+  match person {
+    // If its older than a day, re-fetch it
+    Ok(u) if !u.local && should_refetch_actor(u.last_refreshed_at) => {
+      debug!("Fetching and updating from remote person: {}", apub_id);
+      let person = fetch_remote_object::<ApubPerson>(
+        context.client(),
+        &context.settings(),
+        apub_id,
+        recursion_counter,
+      )
+      .await;
+
+      if is_deleted(&person) {
+        // TODO: use Person::update_deleted() once implemented
+        blocking(context.pool(), move |conn| {
+          Person::delete_account(conn, u.id)
+        })
+        .await??;
+        return Err(anyhow!("Person was deleted by remote instance").into());
+      } else if person.is_err() {
+        return Ok(u);
+      }
+
+      let person = Person::from_apub(&person?, context, apub_id, recursion_counter).await?;
+
+      let person_id = person.id;
+      blocking(context.pool(), move |conn| {
+        Person::mark_as_updated(conn, person_id)
+      })
+      .await??;
+
+      Ok(person)
+    }
+    Ok(u) => Ok(u),
+    Err(NotFound {}) => {
+      debug!("Fetching and creating remote person: {}", apub_id);
+      let person = fetch_remote_object::<ApubPerson>(
+        context.client(),
+        &context.settings(),
+        apub_id,
+        recursion_counter,
+      )
+      .await?;
+
+      let person = Person::from_apub(&person, context, apub_id, recursion_counter).await?;
+
+      Ok(person)
+    }
+    Err(e) => Err(e.into()),
+  }
+}

crates/apub/src/fetcher/search.rs

@@ -45,7 +45,14 @@ pub async fn search_by_apub_id(
       // remote actor, use webfinger to resolve url
       if name.contains('@') {
         let (name, domain) = name.splitn(2, '@').collect_tuple().expect("invalid query");
-        webfinger_resolve_actor(name, domain, kind, context.client()).await?
+        webfinger_resolve_actor(
+          name,
+          domain,
+          kind,
+          context.client(),
+          context.settings().get_protocol_string(),
+        )
+        .await?
       }
       // local actor, read from database and return
       else {

crates/apub/src/http/mod.rs

@@ -23,7 +23,7 @@ use lemmy_api_common::blocking;
 use lemmy_apub_lib::{ActivityFields, ActivityHandler};
 use lemmy_db_queries::{source::activity::Activity_, DbPool};
 use lemmy_db_schema::source::activity::Activity;
-use lemmy_utils::{location_info, settings::structs::Settings, LemmyError};
+use lemmy_utils::{location_info, LemmyError};
 use lemmy_websocket::LemmyContext;
 use log::{info, trace};
 use serde::{Deserialize, Serialize};
@@ -98,10 +98,10 @@ where
   if is_activity_already_known(context.pool(), activity.id_unchecked()).await? {
     return Ok(HttpResponse::Ok().finish());
   }
-  check_is_apub_id_valid(activity.actor(), false)?;
+  check_is_apub_id_valid(activity.actor(), false, &context.settings())?;
   info!("Verifying activity {}", activity.id_unchecked().to_string());
   activity.verify(context, request_counter).await?;
-  assert_activity_not_local(&activity)?;
+  assert_activity_not_local(&activity, &context.settings().hostname)?;
 
   // Log the activity, so we avoid receiving and parsing it twice. Note that this could still happen
   // if we receive the same activity twice in very quick succession.
@@ -151,7 +151,7 @@ pub(crate) async fn get_activity(
   info: web::Path<ActivityQuery>,
   context: web::Data<LemmyContext>,
 ) -> Result<HttpResponse<Body>, LemmyError> {
-  let settings = Settings::get();
+  let settings = context.settings();
   let activity_id = Url::parse(&format!(
     "{}/activities/{}/{}",
     settings.get_protocol_and_hostname(),
@@ -187,10 +187,13 @@ pub(crate) async fn is_activity_already_known(
   }
 }
 
-fn assert_activity_not_local<T: Debug + ActivityFields>(activity: &T) -> Result<(), LemmyError> {
+fn assert_activity_not_local<T: Debug + ActivityFields>(
+  activity: &T,
+  hostname: &str,
+) -> Result<(), LemmyError> {
   let activity_domain = activity.id_unchecked().domain().context(location_info!())?;
 
-  if activity_domain == Settings::get().hostname {
+  if activity_domain == hostname {
     return Err(
       anyhow!(
         "Error: received activity which was sent by local instance: {:?}",

crates/apub/src/http/routes.rs

@@ -24,9 +24,9 @@ use sha2::{Digest, Sha256};
 static APUB_JSON_CONTENT_TYPE_LONG: &str =
   "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"";
 
-pub fn config(cfg: &mut web::ServiceConfig) {
+pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) {
-  if Settings::get().federation.enabled {
+  if settings.federation.enabled {
-    println!("federation enabled, host is {}", Settings::get().hostname);
+    println!("federation enabled, host is {}", settings.hostname);
     let digest_verifier = VerifyDigest::new(Sha256::new());
 
     let header_guard_accept = guard::Any(guard::Header("Accept", APUB_JSON_CONTENT_TYPE))

crates/apub/src/lib.rs

@@ -37,8 +37,8 @@ static APUB_JSON_CONTENT_TYPE: &str = "application/activity+json";
 pub(crate) fn check_is_apub_id_valid(
   apub_id: &Url,
   use_strict_allowlist: bool,
+  settings: &Settings,
 ) -> Result<(), LemmyError> {
-  let settings = Settings::get();
   let domain = apub_id.domain().context(location_info!())?.to_string();
   let local_instance = settings.get_hostname_without_port()?;
 
@@ -62,22 +62,22 @@ pub(crate) fn check_is_apub_id_valid(
     return Err(anyhow!("invalid hostname {}: {}", host, apub_id).into());
   }
 
-  if apub_id.scheme() != Settings::get().get_protocol_string() {
+  if apub_id.scheme() != settings.get_protocol_string() {
     return Err(anyhow!("invalid apub id scheme {}: {}", apub_id.scheme(), apub_id).into());
   }
 
   // TODO: might be good to put the part above in one method, and below in another
   //       (which only gets called in apub::objects)
   //        -> no that doesnt make sense, we still need the code below for blocklist and strict allowlist
-  if let Some(blocked) = Settings::get().federation.blocked_instances {
+  if let Some(blocked) = settings.to_owned().federation.blocked_instances {
     if blocked.contains(&domain) {
       return Err(anyhow!("{} is in federation blocklist", domain).into());
     }
   }
 
-  if let Some(mut allowed) = Settings::get().federation.allowed_instances {
+  if let Some(mut allowed) = settings.to_owned().federation.allowed_instances {
     // Only check allowlist if this is a community, or strict allowlist is enabled.
-    let strict_allowlist = Settings::get().federation.strict_allowlist;
+    let strict_allowlist = settings.to_owned().federation.strict_allowlist;
     if use_strict_allowlist || strict_allowlist {
       // need to allow this explicitly because apub receive might contain objects from our local
       // instance.
@@ -128,7 +128,11 @@ trait ActorType {
 #[async_trait::async_trait(?Send)]
 pub trait CommunityType {
   fn followers_url(&self) -> Url;
-  async fn get_follower_inboxes(&self, pool: &DbPool) -> Result<Vec<Url>, LemmyError>;
+  async fn get_follower_inboxes(
+    &self,
+    pool: &DbPool,
+    settings: &Settings,
+  ) -> Result<Vec<Url>, LemmyError>;
 }
 
 pub enum EndpointType {
@@ -160,12 +164,9 @@ fn generate_apub_endpoint_for_domain(
 pub fn generate_apub_endpoint(
   endpoint_type: EndpointType,
   name: &str,
+  protocol_and_hostname: &str,
 ) -> Result<DbUrl, ParseError> {
-  generate_apub_endpoint_for_domain(
+  generate_apub_endpoint_for_domain(endpoint_type, name, protocol_and_hostname)
-    endpoint_type,
-    name,
-    &Settings::get().get_protocol_and_hostname(),
-  )
 }
 
 pub fn generate_followers_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
@@ -200,6 +201,7 @@ fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError> {
 pub fn build_actor_id_from_shortname(
   endpoint_type: EndpointType,
   short_name: &str,
+  settings: &Settings,
 ) -> Result<DbUrl, ParseError> {
   let split = short_name.split('@').collect::<Vec<&str>>();
 
@@ -207,9 +209,9 @@ pub fn build_actor_id_from_shortname(
 
   // If there's no @, its local
   let domain = if split.len() == 1 {
-    Settings::get().get_protocol_and_hostname()
+    settings.get_protocol_and_hostname()
   } else {
-    format!("{}://{}", Settings::get().get_protocol_string(), split[1])
+    format!("{}://{}", settings.get_protocol_string(), split[1])
   };
 
   generate_apub_endpoint_for_domain(endpoint_type, name, &domain)

crates/apub/src/objects/comment.rs

@@ -222,7 +222,7 @@ impl FromApub for Comment {
     }
 
     let content = &note.source.content;
-    let content_slurs_removed = remove_slurs(content);
+    let content_slurs_removed = remove_slurs(content, &context.settings().slur_regex());
 
     let form = CommentForm {
       creator_id: creator.id,

crates/apub/src/objects/community.rs

@@ -24,6 +24,7 @@ use lemmy_db_schema::{
   source::community::{Community, CommunityForm},
 };
 use lemmy_utils::{
+  settings::structs::Settings,
   utils::{check_slurs, check_slurs_opt, convert_datetime, markdown_to_html},
   LemmyError,
 };
@@ -74,6 +75,7 @@ impl Group {
   pub(crate) async fn from_apub_to_form(
     group: &Group,
     expected_domain: &Url,
+    settings: &Settings,
   ) -> Result<CommunityForm, LemmyError> {
     let actor_id = Some(group.id(expected_domain)?.clone().into());
     let name = group.preferred_username.clone();
@@ -81,9 +83,10 @@ impl Group {
     let description = group.source.clone().map(|s| s.content);
     let shared_inbox = group.endpoints.shared_inbox.clone().map(|s| s.into());
 
-    check_slurs(&name)?;
+    let slur_regex = &settings.slur_regex();
-    check_slurs(&title)?;
+    check_slurs(&name, slur_regex)?;
-    check_slurs_opt(&description)?;
+    check_slurs(&title, slur_regex)?;
+    check_slurs_opt(&description, slur_regex)?;
 
     Ok(CommunityForm {
       name,
@@ -175,7 +178,7 @@ impl FromApub for Community {
     expected_domain: &Url,
     request_counter: &mut i32,
   ) -> Result<Community, LemmyError> {
-    let form = Group::from_apub_to_form(group, expected_domain).await?;
+    let form = Group::from_apub_to_form(group, expected_domain, &context.settings()).await?;
 
     let community = blocking(context.pool(), move |conn| Community::upsert(conn, &form)).await??;
     update_community_mods(group, &community, context, request_counter).await?;

crates/apub/src/objects/person.rs

@@ -150,10 +150,12 @@ impl FromApub for DbPerson {
       UserTypes::Service => true,
     };
 
-    check_slurs(&name)?;
+    let slur_regex = &context.settings().slur_regex();
-    check_slurs_opt(&display_name)?;
+    check_slurs(&name, slur_regex)?;
-    check_slurs_opt(&bio)?;
+    check_slurs_opt(&display_name, slur_regex)?;
-    check_is_apub_id_valid(&person.id, false)?;
+    check_slurs_opt(&bio, slur_regex)?;
+
+    check_is_apub_id_valid(&person.id, false, &context.settings())?;
 
     let person_form = PersonForm {
       name,

crates/apub/src/objects/post.rs

@@ -100,7 +100,7 @@ impl Page {
   ) -> Result<(), LemmyError> {
     let community = extract_community(&self.to, context, request_counter).await?;
 
-    check_slurs(&self.name)?;
+    check_slurs(&self.name, &context.settings().slur_regex())?;
     verify_domains_match(self.attributed_to.inner(), &self.id)?;
     verify_person_in_community(
       &self.attributed_to,
@@ -191,7 +191,7 @@ impl FromApub for Post {
 
     let thumbnail_url: Option<Url> = page.image.clone().map(|i| i.url);
     let (metadata_res, pictrs_thumbnail) = if let Some(url) = &page.url {
-      fetch_site_data(context.client(), Some(url)).await
+      fetch_site_data(context.client(), &context.settings(), Some(url)).await
     } else {
       (None, thumbnail_url)
     };
@@ -199,7 +199,10 @@ impl FromApub for Post {
       .map(|u| (u.title, u.description, u.html))
       .unwrap_or((None, None, None));
 
-    let body_slurs_removed = page.source.as_ref().map(|s| remove_slurs(&s.content));
+    let body_slurs_removed = page
+      .source
+      .as_ref()
+      .map(|s| remove_slurs(&s.content, &context.settings().slur_regex()));
     let form = PostForm {
       name: page.name.clone(),
       url: page.url.clone().map(|u| u.into()),

crates/apub_lib/src/webfinger.rs

@@ -1,7 +1,6 @@
 use anyhow::anyhow;
 use lemmy_utils::{
   request::{retry, RecvError},
-  settings::structs::Settings,
   LemmyError,
 };
 use log::debug;
@@ -38,6 +37,7 @@ pub async fn webfinger_resolve_actor(
   domain: &str,
   webfinger_type: WebfingerType,
   client: &Client,
+  protocol_string: &str,
 ) -> Result<Url, LemmyError> {
   let webfinger_type = match webfinger_type {
     WebfingerType::Person => "acct",
@@ -45,11 +45,7 @@ pub async fn webfinger_resolve_actor(
   };
   let fetch_url = format!(
     "{}://{}/.well-known/webfinger?resource={}:{}@{}",
-    Settings::get().get_protocol_string(),
+    protocol_string, domain, webfinger_type, name, domain
-    domain,
-    webfinger_type,
-    name,
-    domain
   );
   debug!("Fetching webfinger url: {}", &fetch_url);
 

crates/db_queries/src/source/mod.rs

@@ -12,4 +12,5 @@ pub mod person_mention;
 pub mod post;
 pub mod post_report;
 pub mod private_message;
+pub mod secret;
 pub mod site;

crates/db_queries/src/source/secret.rs

@@ -0,0 +1,19 @@
+use diesel::{result::Error, *};
+use lemmy_db_schema::source::secret::Secret;
+
+pub trait Secret_ {
+  fn init(conn: &PgConnection) -> Result<Secret, Error>;
+}
+
+impl Secret_ for Secret {
+  /// Initialize the Secrets from the DB.
+  /// Warning: You should only call this once.
+  fn init(conn: &PgConnection) -> Result<Secret, Error> {
+    read_secrets(conn)
+  }
+}
+
+fn read_secrets(conn: &PgConnection) -> Result<Secret, Error> {
+  use lemmy_db_schema::schema::secret::dsl::*;
+  secret.first::<Secret>(conn)
+}

crates/db_schema/src/schema.rs

@@ -551,6 +551,13 @@ table! {
     }
 }
 
+table! {
+  secret(id) {
+    id -> Int4,
+    jwt_secret -> Varchar,
+  }
+}
+
 joinable!(comment_alias_1 -> person_alias_1 (creator_id));
 joinable!(comment -> comment_alias_1 (parent_id));
 joinable!(person_mention -> person_alias_1 (recipient_id));

crates/db_schema/src/source/mod.rs

@@ -12,4 +12,5 @@ pub mod person_mention;
 pub mod post;
 pub mod post_report;
 pub mod private_message;
+pub mod secret;
 pub mod site;

crates/db_schema/src/source/secret.rs

@@ -0,0 +1,8 @@
+use crate::schema::secret;
+
+#[derive(Queryable, Identifiable, Clone)]
+#[table_name = "secret"]
+pub struct Secret {
+  pub id: i32,
+  pub jwt_secret: String,
+}

crates/routes/src/feeds.rs

@@ -19,12 +19,7 @@ use lemmy_db_views::{
   site_view::SiteView,
 };
 use lemmy_db_views_actor::person_mention_view::{PersonMentionQueryBuilder, PersonMentionView};
-use lemmy_utils::{
+use lemmy_utils::{claims::Claims, utils::markdown_to_html, LemmyError};
-  claims::Claims,
-  settings::structs::Settings,
-  utils::markdown_to_html,
-  LemmyError,
-};
 use lemmy_websocket::LemmyContext;
 use rss::{
   extension::dublincore::DublinCoreExtensionBuilder,
@@ -98,7 +93,7 @@ async fn get_feed_data(
   })
   .await??;
 
-  let items = create_post_items(posts)?;
+  let items = create_post_items(posts, &context.settings().get_protocol_and_hostname())?;
 
   let mut channel_builder = ChannelBuilder::default();
   channel_builder
@@ -108,7 +103,7 @@ async fn get_feed_data(
       site_view.site.name,
       listing_type.to_string()
     ))
-    .link(Settings::get().get_protocol_and_hostname())
+    .link(context.settings().get_protocol_and_hostname())
     .items(items);
 
   if let Some(site_desc) = site_view.site.description {
@@ -141,11 +136,20 @@ async fn get_feed(
     _ => return Err(ErrorBadRequest(LemmyError::from(anyhow!("wrong_type")))),
   };
 
+  let jwt_secret = context.secret().jwt_secret.to_owned();
+  let protocol_and_hostname = context.settings().get_protocol_and_hostname();
+
   let builder = blocking(context.pool(), move |conn| match request_type {
-    RequestType::User => get_feed_user(conn, &sort_type, param),
+    RequestType::User => get_feed_user(conn, &sort_type, &param, &protocol_and_hostname),
-    RequestType::Community => get_feed_community(conn, &sort_type, param),
+    RequestType::Community => get_feed_community(conn, &sort_type, &param, &protocol_and_hostname),
-    RequestType::Front => get_feed_front(conn, &sort_type, param),
+    RequestType::Front => get_feed_front(
-    RequestType::Inbox => get_feed_inbox(conn, param),
+      conn,
+      &jwt_secret,
+      &sort_type,
+      &param,
+      &protocol_and_hostname,
+    ),
+    RequestType::Inbox => get_feed_inbox(conn, &jwt_secret, &param, &protocol_and_hostname),
   })
   .await?
   .map_err(ErrorBadRequest)?;
@@ -170,10 +174,11 @@ fn get_sort_type(info: web::Query<Params>) -> Result<SortType, ParseError> {
 fn get_feed_user(
   conn: &PgConnection,
   sort_type: &SortType,
-  user_name: String,
+  user_name: &str,
+  protocol_and_hostname: &str,
 ) -> Result<ChannelBuilder, LemmyError> {
   let site_view = SiteView::read(conn)?;
-  let person = Person::find_by_name(conn, &user_name)?;
+  let person = Person::find_by_name(conn, user_name)?;
 
   let posts = PostQueryBuilder::create(conn)
     .listing_type(ListingType::All)
@@ -181,7 +186,7 @@ fn get_feed_user(
     .creator_id(person.id)
     .list()?;
 
-  let items = create_post_items(posts)?;
+  let items = create_post_items(posts, protocol_and_hostname)?;
 
   let mut channel_builder = ChannelBuilder::default();
   channel_builder
@@ -196,10 +201,11 @@ fn get_feed_user(
 fn get_feed_community(
   conn: &PgConnection,
   sort_type: &SortType,
-  community_name: String,
+  community_name: &str,
+  protocol_and_hostname: &str,
 ) -> Result<ChannelBuilder, LemmyError> {
   let site_view = SiteView::read(conn)?;
-  let community = Community::read_from_name(conn, &community_name)?;
+  let community = Community::read_from_name(conn, community_name)?;
 
   let posts = PostQueryBuilder::create(conn)
     .listing_type(ListingType::All)
@@ -207,7 +213,7 @@ fn get_feed_community(
     .community_id(community.id)
     .list()?;
 
-  let items = create_post_items(posts)?;
+  let items = create_post_items(posts, protocol_and_hostname)?;
 
   let mut channel_builder = ChannelBuilder::default();
   channel_builder
@@ -225,31 +231,30 @@ fn get_feed_community(
 
 fn get_feed_front(
   conn: &PgConnection,
+  jwt_secret: &str,
   sort_type: &SortType,
-  jwt: String,
+  jwt: &str,
+  protocol_and_hostname: &str,
 ) -> Result<ChannelBuilder, LemmyError> {
   let site_view = SiteView::read(conn)?;
-  let local_user_id = LocalUserId(Claims::decode(&jwt)?.claims.sub);
+  let local_user_id = LocalUserId(Claims::decode(jwt, jwt_secret)?.claims.sub);
   let local_user = LocalUser::read(conn, local_user_id)?;
-  let person_id = local_user.person_id;
-  let show_bot_accounts = local_user.show_bot_accounts;
-  let show_read_posts = local_user.show_read_posts;
 
   let posts = PostQueryBuilder::create(conn)
     .listing_type(ListingType::Subscribed)
-    .my_person_id(person_id)
+    .my_person_id(local_user.person_id)
-    .show_bot_accounts(show_bot_accounts)
+    .show_bot_accounts(local_user.show_bot_accounts)
-    .show_read_posts(show_read_posts)
+    .show_read_posts(local_user.show_read_posts)
     .sort(*sort_type)
     .list()?;
 
-  let items = create_post_items(posts)?;
+  let items = create_post_items(posts, protocol_and_hostname)?;
 
   let mut channel_builder = ChannelBuilder::default();
   channel_builder
     .namespaces(RSS_NAMESPACE.to_owned())
     .title(&format!("{} - Subscribed", site_view.site.name))
-    .link(Settings::get().get_protocol_and_hostname())
+    .link(protocol_and_hostname)
     .items(items);
 
   if let Some(site_desc) = site_view.site.description {
@@ -259,9 +264,14 @@ fn get_feed_front(
   Ok(channel_builder)
 }
 
-fn get_feed_inbox(conn: &PgConnection, jwt: String) -> Result<ChannelBuilder, LemmyError> {
+fn get_feed_inbox(
+  conn: &PgConnection,
+  jwt_secret: &str,
+  jwt: &str,
+  protocol_and_hostname: &str,
+) -> Result<ChannelBuilder, LemmyError> {
   let site_view = SiteView::read(conn)?;
-  let local_user_id = LocalUserId(Claims::decode(&jwt)?.claims.sub);
+  let local_user_id = LocalUserId(Claims::decode(jwt, jwt_secret)?.claims.sub);
   let local_user = LocalUser::read(conn, local_user_id)?;
   let person_id = local_user.person_id;
   let show_bot_accounts = local_user.show_bot_accounts;
@@ -281,16 +291,13 @@ fn get_feed_inbox(conn: &PgConnection, jwt: String) -> Result<ChannelBuilder, Le
     .sort(sort)
     .list()?;
 
-  let items = create_reply_and_mention_items(replies, mentions)?;
+  let items = create_reply_and_mention_items(replies, mentions, protocol_and_hostname)?;
 
   let mut channel_builder = ChannelBuilder::default();
   channel_builder
     .namespaces(RSS_NAMESPACE.to_owned())
     .title(&format!("{} - Inbox", site_view.site.name))
-    .link(format!(
+    .link(format!("{}/inbox", protocol_and_hostname,))
-      "{}/inbox",
-      Settings::get().get_protocol_and_hostname()
-    ))
     .items(items);
 
   if let Some(site_desc) = site_view.site.description {
@@ -303,21 +310,21 @@ fn get_feed_inbox(conn: &PgConnection, jwt: String) -> Result<ChannelBuilder, Le
 fn create_reply_and_mention_items(
   replies: Vec<CommentView>,
   mentions: Vec<PersonMentionView>,
+  protocol_and_hostname: &str,
 ) -> Result<Vec<Item>, LemmyError> {
   let mut reply_items: Vec<Item> = replies
     .iter()
     .map(|r| {
       let reply_url = format!(
         "{}/post/{}/comment/{}",
-        Settings::get().get_protocol_and_hostname(),
+        protocol_and_hostname, r.post.id, r.comment.id
-        r.post.id,
-        r.comment.id
       );
       build_item(
         &r.creator.name,
         &r.comment.published,
         &reply_url,
         &r.comment.content,
+        protocol_and_hostname,
       )
     })
     .collect::<Result<Vec<Item>, LemmyError>>()?;
@@ -327,15 +334,14 @@ fn create_reply_and_mention_items(
     .map(|m| {
       let mention_url = format!(
         "{}/post/{}/comment/{}",
-        Settings::get().get_protocol_and_hostname(),
+        protocol_and_hostname, m.post.id, m.comment.id
-        m.post.id,
-        m.comment.id
       );
       build_item(
         &m.creator.name,
         &m.comment.published,
         &mention_url,
         &m.comment.content,
+        protocol_and_hostname,
       )
     })
     .collect::<Result<Vec<Item>, LemmyError>>()?;
@@ -349,14 +355,11 @@ fn build_item(
   published: &NaiveDateTime,
   url: &str,
   content: &str,
+  protocol_and_hostname: &str,
 ) -> Result<Item, LemmyError> {
   let mut i = ItemBuilder::default();
   i.title(format!("Reply from {}", creator_name));
-  let author_url = format!(
+  let author_url = format!("{}/u/{}", protocol_and_hostname, creator_name);
-    "{}/u/{}",
-    Settings::get().get_protocol_and_hostname(),
-    creator_name
-  );
   i.author(format!(
     "/u/{} <a href=\"{}\">(link)</a>",
     creator_name, author_url
@@ -377,7 +380,10 @@ fn build_item(
   Ok(i.build().map_err(|e| anyhow!(e))?)
 }
 
-fn create_post_items(posts: Vec<PostView>) -> Result<Vec<Item>, LemmyError> {
+fn create_post_items(
+  posts: Vec<PostView>,
+  protocol_and_hostname: &str,
+) -> Result<Vec<Item>, LemmyError> {
   let mut items: Vec<Item> = Vec::new();
 
   for p in posts {
@@ -391,11 +397,7 @@ fn create_post_items(posts: Vec<PostView>) -> Result<Vec<Item>, LemmyError> {
     let dt = DateTime::<Utc>::from_utc(p.post.published, Utc);
     i.pub_date(dt.to_rfc2822());
 
-    let post_url = format!(
+    let post_url = format!("{}/post/{}", protocol_and_hostname, p.post.id);
-      "{}/post/{}",
-      Settings::get().get_protocol_and_hostname(),
-      p.post.id
-    );
     i.link(post_url.to_owned());
     i.comments(post_url.to_owned());
     let guid = GuidBuilder::default()
@@ -405,11 +407,7 @@ fn create_post_items(posts: Vec<PostView>) -> Result<Vec<Item>, LemmyError> {
       .map_err(|e| anyhow!(e))?;
     i.guid(guid);
 
-    let community_url = format!(
+    let community_url = format!("{}/c/{}", protocol_and_hostname, p.community.name);
-      "{}/c/{}",
-      Settings::get().get_protocol_and_hostname(),
-      p.community.name
-    );
 
     // TODO add images
     let mut description = format!("submitted by <a href=\"{}\">{}</a> to <a href=\"{}\">{}</a><br>{} points | <a href=\"{}\">{} comments</a>",

crates/routes/src/images.rs

@@ -2,7 +2,8 @@ use actix_http::http::header::ACCEPT_ENCODING;
 use actix_web::{body::BodyStream, http::StatusCode, web::Data, *};
 use anyhow::anyhow;
 use awc::Client;
-use lemmy_utils::{claims::Claims, rate_limit::RateLimit, settings::structs::Settings, LemmyError};
+use lemmy_utils::{claims::Claims, rate_limit::RateLimit, LemmyError};
+use lemmy_websocket::LemmyContext;
 use serde::{Deserialize, Serialize};
 use std::time::Duration;
 
@@ -46,17 +47,21 @@ async fn upload(
   req: HttpRequest,
   body: web::Payload,
   client: web::Data<Client>,
+  context: web::Data<LemmyContext>,
 ) -> Result<HttpResponse, Error> {
   // TODO: check rate limit here
   let jwt = req
     .cookie("jwt")
     .expect("No auth header for picture upload");
 
-  if Claims::decode(jwt.value()).is_err() {
+  if Claims::decode(jwt.value(), &context.secret().jwt_secret).is_err() {
     return Ok(HttpResponse::Unauthorized().finish());
   };
 
-  let mut client_req = client.request_from(format!("{}/image", pictrs_url()?), req.head());
+  let mut client_req = client.request_from(
+    format!("{}/image", pictrs_url(context.settings().pictrs_url)?),
+    req.head(),
+  );
   // remove content-encoding header so that pictrs doesnt send gzipped response
   client_req.headers_mut().remove(ACCEPT_ENCODING);
 
@@ -79,17 +84,28 @@ async fn full_res(
   web::Query(params): web::Query<PictrsParams>,
   req: HttpRequest,
   client: web::Data<Client>,
+  context: web::Data<LemmyContext>,
 ) -> Result<HttpResponse, Error> {
   let name = &filename.into_inner();
 
   // If there are no query params, the URL is original
+  let pictrs_url_settings = context.settings().pictrs_url;
   let url = if params.format.is_none() && params.thumbnail.is_none() {
-    format!("{}/image/original/{}", pictrs_url()?, name,)
+    format!(
+      "{}/image/original/{}",
+      pictrs_url(pictrs_url_settings)?,
+      name,
+    )
   } else {
     // Use jpg as a default when none is given
     let format = params.format.unwrap_or_else(|| "jpg".to_string());
 
-    let mut url = format!("{}/image/process.{}?src={}", pictrs_url()?, format, name,);
+    let mut url = format!(
+      "{}/image/process.{}?src={}",
+      pictrs_url(pictrs_url_settings)?,
+      format,
+      name,
+    );
 
     if let Some(size) = params.thumbnail {
       url = format!("{}&thumbnail={}", url, size,);
@@ -135,10 +151,16 @@ async fn delete(
   components: web::Path<(String, String)>,
   req: HttpRequest,
   client: web::Data<Client>,
+  context: web::Data<LemmyContext>,
 ) -> Result<HttpResponse, Error> {
   let (token, file) = components.into_inner();
 
-  let url = format!("{}/image/delete/{}/{}", pictrs_url()?, &token, &file);
+  let url = format!(
+    "{}/image/delete/{}/{}",
+    pictrs_url(context.settings().pictrs_url)?,
+    &token,
+    &file
+  );
 
   let mut client_req = client.request_from(url, req.head());
   client_req.headers_mut().remove(ACCEPT_ENCODING);
@@ -156,8 +178,6 @@ async fn delete(
   Ok(HttpResponse::build(res.status()).body(BodyStream::new(res)))
 }
 
-fn pictrs_url() -> Result<String, LemmyError> {
+fn pictrs_url(pictrs_url: Option<String>) -> Result<String, LemmyError> {
-  Settings::get()
+  pictrs_url.ok_or_else(|| anyhow!("images_disabled").into())
-    .pictrs_url
-    .ok_or_else(|| anyhow!("images_disabled").into())
 }

crates/routes/src/nodeinfo.rs

@@ -2,7 +2,7 @@ use actix_web::{body::Body, error::ErrorBadRequest, *};
 use anyhow::anyhow;
 use lemmy_api_common::blocking;
 use lemmy_db_views::site_view::SiteView;
-use lemmy_utils::{settings::structs::Settings, version, LemmyError};
+use lemmy_utils::{version, LemmyError};
 use lemmy_websocket::LemmyContext;
 use serde::{Deserialize, Serialize};
 use url::Url;
@@ -13,13 +13,15 @@ pub fn config(cfg: &mut web::ServiceConfig) {
     .route("/.well-known/nodeinfo", web::get().to(node_info_well_known));
 }
 
-async fn node_info_well_known() -> Result<HttpResponse<Body>, LemmyError> {
+async fn node_info_well_known(
+  context: web::Data<LemmyContext>,
+) -> Result<HttpResponse<Body>, LemmyError> {
   let node_info = NodeInfoWellKnown {
     links: NodeInfoWellKnownLinks {
       rel: Url::parse("http://nodeinfo.diaspora.software/ns/schema/2.0")?,
       href: Url::parse(&format!(
         "{}/nodeinfo/2.0.json",
-        Settings::get().get_protocol_and_hostname()
+        &context.settings().get_protocol_and_hostname(),
       ))?,
     },
   };
@@ -31,7 +33,7 @@ async fn node_info(context: web::Data<LemmyContext>) -> Result<HttpResponse, Err
     .await?
     .map_err(|_| ErrorBadRequest(LemmyError::from(anyhow!("not_found"))))?;
 
-  let protocols = if Settings::get().federation.enabled {
+  let protocols = if context.settings().federation.enabled {
     vec!["activitypub".to_string()]
   } else {
     vec![]

crates/routes/src/webfinger.rs

@@ -4,12 +4,7 @@ use lemmy_api_common::blocking;
 use lemmy_apub_lib::webfinger::{WebfingerLink, WebfingerResponse};
 use lemmy_db_queries::source::{community::Community_, person::Person_};
 use lemmy_db_schema::source::{community::Community, person::Person};
-use lemmy_utils::{
+use lemmy_utils::{settings::structs::Settings, LemmyError};
-  settings::structs::Settings,
-  LemmyError,
-  WEBFINGER_COMMUNITY_REGEX,
-  WEBFINGER_USERNAME_REGEX,
-};
 use lemmy_websocket::LemmyContext;
 use serde::Deserialize;
 
@@ -18,8 +13,8 @@ struct Params {
   resource: String,
 }
 
-pub fn config(cfg: &mut web::ServiceConfig) {
+pub fn config(cfg: &mut web::ServiceConfig, settings: &Settings) {
-  if Settings::get().federation.enabled {
+  if settings.federation.enabled {
     cfg.route(
       ".well-known/webfinger",
       web::get().to(get_webfinger_response),
@@ -37,12 +32,16 @@ async fn get_webfinger_response(
   info: Query<Params>,
   context: web::Data<LemmyContext>,
 ) -> Result<HttpResponse, Error> {
-  let community_regex_parsed = WEBFINGER_COMMUNITY_REGEX
+  let community_regex_parsed = context
+    .settings()
+    .webfinger_community_regex()
     .captures(&info.resource)
     .map(|c| c.get(1))
     .flatten();
 
-  let username_regex_parsed = WEBFINGER_USERNAME_REGEX
+  let username_regex_parsed = context
+    .settings()
+    .webfinger_username_regex()
     .captures(&info.resource)
     .map(|c| c.get(1))
     .flatten();

crates/utils/Cargo.toml

@@ -35,7 +35,7 @@ strum_macros = "0.21.1"
 futures = "0.3.16"
 diesel = "1.4.7"
 http = "0.2.4"
-jsonwebtoken = "7.2.0"
 deser-hjson = "1.0.2"
 smart-default = "0.6.0"
 webpage = { version = "1.3.0", default-features = false, features = ["serde"] }
+jsonwebtoken = "7.2.0"

crates/utils/src/claims.rs

@@ -1,4 +1,4 @@
-use crate::settings::structs::Settings;
+use crate::LemmyError;
 use chrono::Utc;
 use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, TokenData, Validation};
 use serde::{Deserialize, Serialize};
@@ -15,28 +15,23 @@ pub struct Claims {
 }
 
 impl Claims {
-  pub fn decode(jwt: &str) -> Result<TokenData<Claims>, jsonwebtoken::errors::Error> {
+  pub fn decode(jwt: &str, jwt_secret: &str) -> Result<TokenData<Claims>, LemmyError> {
     let v = Validation {
       validate_exp: false,
       ..Validation::default()
     };
-    decode::<Claims>(
+    let key = DecodingKey::from_secret(jwt_secret.as_ref());
-      jwt,
+    Ok(decode::<Claims>(jwt, &key, &v)?)
-      &DecodingKey::from_secret(Settings::get().jwt_secret.as_ref()),
-      &v,
-    )
   }
 
-  pub fn jwt(local_user_id: i32) -> Result<Jwt, jsonwebtoken::errors::Error> {
+  pub fn jwt(local_user_id: i32, jwt_secret: &str, hostname: &str) -> Result<Jwt, LemmyError> {
     let my_claims = Claims {
       sub: local_user_id,
-      iss: Settings::get().hostname,
+      iss: hostname.to_string(),
       iat: Utc::now().timestamp(),
     };
-    encode(
+
-      &Header::default(),
+    let key = EncodingKey::from_secret(jwt_secret.as_ref());
-      &my_claims,
+    Ok(encode(&Header::default(), &my_claims, &key)?)
-      &EncodingKey::from_secret(Settings::get().jwt_secret.as_ref()),
-    )
   }
 }

crates/utils/src/email.rs

@@ -18,9 +18,10 @@ pub fn send_email(
   to_email: &str,
   to_username: &str,
   html: &str,
+  settings: &Settings,
 ) -> Result<(), String> {
-  let email_config = Settings::get().email.ok_or("no_email_setup")?;
+  let email_config = settings.email.to_owned().ok_or("no_email_setup")?;
-  let domain = Settings::get().hostname;
+  let domain = settings.hostname.to_owned();
 
   let (smtp_server, smtp_port) = {
     let email_and_port = email_config.smtp_server.split(':').collect::<Vec<&str>>();

crates/utils/src/lib.rs

@@ -6,20 +6,19 @@ extern crate strum_macros;
 extern crate smart_default;
 
 pub mod apub;
-pub mod claims;
 pub mod email;
 pub mod rate_limit;
 pub mod request;
 pub mod settings;
 
+pub mod claims;
 #[cfg(test)]
 mod test;
 pub mod utils;
 pub mod version;
 
-use crate::settings::structs::Settings;
 use http::StatusCode;
-use regex::Regex;
+
 use std::fmt;
 use thiserror::Error;
 
@@ -88,16 +87,3 @@ impl actix_web::error::ResponseError for LemmyError {
     }
   }
 }
-
-lazy_static! {
-  pub static ref WEBFINGER_COMMUNITY_REGEX: Regex = Regex::new(&format!(
-    "^group:([a-z0-9_]{{3,}})@{}$",
-    Settings::get().hostname
-  ))
-  .expect("compile webfinger regex");
-  pub static ref WEBFINGER_USERNAME_REGEX: Regex = Regex::new(&format!(
-    "^acct:([a-z0-9_]{{3,}})@{}$",
-    Settings::get().hostname
-  ))
-  .expect("compile webfinger regex");
-}

crates/utils/src/rate_limit/mod.rs

@@ -1,9 +1,4 @@
-use crate::{
+use crate::{settings::structs::RateLimitConfig, utils::get_ip, IpAddr, LemmyError};
-  settings::structs::{RateLimitConfig, Settings},
-  utils::get_ip,
-  IpAddr,
-  LemmyError,
-};
 use actix_web::dev::{Service, ServiceRequest, ServiceResponse, Transform};
 use futures::future::{ok, Ready};
 use rate_limiter::{RateLimitType, RateLimiter};
@@ -22,11 +17,13 @@ pub struct RateLimit {
   // it might be reasonable to use a std::sync::Mutex here, since we don't need to lock this
   // across await points
   pub rate_limiter: Arc<Mutex<RateLimiter>>,
+  pub rate_limit_config: RateLimitConfig,
 }
 
 #[derive(Debug, Clone)]
 pub struct RateLimited {
   rate_limiter: Arc<Mutex<RateLimiter>>,
+  rate_limit_config: RateLimitConfig,
   type_: RateLimitType,
 }
 
@@ -55,6 +52,7 @@ impl RateLimit {
   fn kind(&self, type_: RateLimitType) -> RateLimited {
     RateLimited {
       rate_limiter: self.rate_limiter.clone(),
+      rate_limit_config: self.rate_limit_config.clone(),
       type_,
     }
   }
@@ -71,7 +69,7 @@ impl RateLimited {
   {
     // Does not need to be blocking because the RwLock in settings never held across await points,
     // and the operation here locks only long enough to clone
-    let rate_limit: RateLimitConfig = Settings::get().rate_limit.unwrap_or_default();
+    let rate_limit = self.rate_limit_config;
 
     // before
     {

crates/utils/src/request.rs

@@ -120,9 +120,10 @@ pub(crate) struct PictrsFile {
 
 pub(crate) async fn fetch_pictrs(
   client: &Client,
+  settings: &Settings,
   image_url: &Url,
 ) -> Result<PictrsResponse, LemmyError> {
-  if let Some(pictrs_url) = Settings::get().pictrs_url {
+  if let Some(pictrs_url) = settings.pictrs_url.to_owned() {
     is_image_content_type(client, image_url).await?;
 
     let fetch_url = format!(
@@ -152,6 +153,7 @@ pub(crate) async fn fetch_pictrs(
 /// Returns the SiteMetadata, and a Pictrs URL, if there is a picture associated
 pub async fn fetch_site_data(
   client: &Client,
+  settings: &Settings,
   url: Option<&Url>,
 ) -> (Option<SiteMetadata>, Option<Url>) {
   match &url {
@@ -166,16 +168,16 @@ pub async fn fetch_site_data(
         Some(metadata_res) => match &metadata_res.image {
           // Metadata, with image
           // Try to generate a small thumbnail if there's a full sized one from post-links
-          Some(metadata_image) => fetch_pictrs(client, metadata_image)
+          Some(metadata_image) => fetch_pictrs(client, settings, metadata_image)
             .await
             .map(|r| r.files[0].file.to_owned()),
           // Metadata, but no image
-          None => fetch_pictrs(client, url)
+          None => fetch_pictrs(client, settings, url)
             .await
             .map(|r| r.files[0].file.to_owned()),
         },
         // No metadata, try to fetch the URL as an image
-        None => fetch_pictrs(client, url)
+        None => fetch_pictrs(client, settings, url)
           .await
           .map(|r| r.files[0].file.to_owned()),
       };
@@ -185,7 +187,7 @@ pub async fn fetch_site_data(
         .map(|p| {
           Url::parse(&format!(
             "{}/pictrs/image/{}",
-            Settings::get().get_protocol_and_hostname(),
+            settings.get_protocol_and_hostname(),
             p
           ))
           .ok()

crates/utils/src/settings/mod.rs

@@ -1,6 +1,7 @@
 use crate::{location_info, settings::structs::Settings, LemmyError};
 use anyhow::{anyhow, Context};
 use deser_hjson::from_str;
+use regex::{Regex, RegexBuilder};
 use std::{env, fs, io::Error, sync::RwLock};
 
 pub mod structs;
@@ -17,14 +18,25 @@ impl Settings {
   ///
   /// Note: The env var `LEMMY_DATABASE_URL` is parsed in
   /// `lemmy_db_queries/src/lib.rs::get_database_url_from_env()`
-  fn init() -> Result<Self, LemmyError> {
+  /// Warning: Only call this once.
+  pub fn init() -> Result<Self, LemmyError> {
     // Read the config file
-    let config = from_str::<Settings>(&Self::read_config_file()?)?;
+    let mut config = from_str::<Settings>(&Self::read_config_file()?)?;
 
     if config.hostname == "unset" {
       return Err(anyhow!("Hostname variable is not set!").into());
     }
 
+    // Initialize the regexes
+    config.webfinger_community_regex = Some(
+      Regex::new(&format!("^group:([a-z0-9_]{{3,}})@{}$", config.hostname))
+        .expect("compile webfinger regex"),
+    );
+    config.webfinger_username_regex = Some(
+      Regex::new(&format!("^acct:([a-z0-9_]{{3,}})@{}$", config.hostname))
+        .expect("compile webfinger regex"),
+    );
+
     Ok(config)
   }
 
@@ -92,4 +104,30 @@ impl Settings {
 
     Ok(Self::read_config_file()?)
   }
+
+  pub fn webfinger_community_regex(&self) -> Regex {
+    self
+      .webfinger_community_regex
+      .to_owned()
+      .expect("compile webfinger regex")
+  }
+
+  pub fn webfinger_username_regex(&self) -> Regex {
+    self
+      .webfinger_username_regex
+      .to_owned()
+      .expect("compile webfinger regex")
+  }
+
+  pub fn slur_regex(&self) -> Regex {
+    let mut slurs = r"(fag(g|got|tard)?\b|cock\s?sucker(s|ing)?|ni((g{2,}|q)+|[gq]{2,})[e3r]+(s|z)?|mudslime?s?|kikes?|\bspi(c|k)s?\b|\bchinks?|gooks?|bitch(es|ing|y)?|whor(es?|ing)|\btr(a|@)nn?(y|ies?)|\b(b|re|r)tard(ed)?s?)".to_string();
+    if let Some(additional_slurs) = &self.additional_slurs {
+      slurs.push('|');
+      slurs.push_str(additional_slurs);
+    };
+    RegexBuilder::new(&slurs)
+      .case_insensitive(true)
+      .build()
+      .expect("compile regex")
+  }
 }

crates/utils/src/settings/structs.rs

@@ -1,3 +1,4 @@
+use regex::Regex;
 use serde::Deserialize;
 use std::net::{IpAddr, Ipv4Addr};
 
@@ -24,14 +25,18 @@ pub struct Settings {
   pub port: u16,
   #[default(true)]
   pub tls_enabled: bool,
-  #[default("changeme")]
-  pub jwt_secret: String,
   #[default(None)]
   pub pictrs_url: Option<String>,
   #[default(None)]
   pub additional_slurs: Option<String>,
   #[default(20)]
   pub actor_name_max_length: usize,
+  #[default(None)]
+  #[serde(skip)]
+  pub webfinger_community_regex: Option<Regex>,
+  #[default(None)]
+  #[serde(skip)]
+  pub webfinger_username_regex: Option<Regex>,
 }
 
 #[derive(Debug, Deserialize, Clone, SmartDefault)]

crates/utils/src/test.rs

@@ -1,4 +1,6 @@
-use crate::utils::{
+use crate::{
+  settings::structs::Settings,
+  utils::{
     is_valid_actor_name,
     is_valid_display_name,
     is_valid_matrix_id,
@@ -7,6 +9,7 @@ use crate::utils::{
     scrape_text_for_mentions,
     slur_check,
     slurs_vec_to_str,
+  },
 };
 
 #[test]
@@ -21,23 +24,28 @@ fn test_mentions_regex() {
 
 #[test]
 fn test_valid_actor_name() {
-  assert!(is_valid_actor_name("Hello_98"));
+  let actor_name_max_length = Settings::init().unwrap().actor_name_max_length;
-  assert!(is_valid_actor_name("ten"));
+  assert!(is_valid_actor_name("Hello_98", actor_name_max_length));
-  assert!(!is_valid_actor_name("Hello-98"));
+  assert!(is_valid_actor_name("ten", actor_name_max_length));
-  assert!(!is_valid_actor_name("a"));
+  assert!(!is_valid_actor_name("Hello-98", actor_name_max_length));
-  assert!(!is_valid_actor_name(""));
+  assert!(!is_valid_actor_name("a", actor_name_max_length));
+  assert!(!is_valid_actor_name("", actor_name_max_length));
 }
 
 #[test]
 fn test_valid_display_name() {
-  assert!(is_valid_display_name("hello @there"));
+  let actor_name_max_length = Settings::init().unwrap().actor_name_max_length;
-  assert!(!is_valid_display_name("@hello there"));
+  assert!(is_valid_display_name("hello @there", actor_name_max_length));
+  assert!(!is_valid_display_name(
+    "@hello there",
+    actor_name_max_length
+  ));
 
   // Make sure zero-space with an @ doesn't work
-  assert!(!is_valid_display_name(&format!(
+  assert!(!is_valid_display_name(
-    "{}@my name is",
+    &format!("{}@my name is", '\u{200b}'),
-    '\u{200b}'
+    actor_name_max_length
-  )));
+  ));
 }
 
 #[test]
@@ -57,11 +65,12 @@ fn test_valid_matrix_id() {
 
 #[test]
 fn test_slur_filter() {
+  let slur_regex = Settings::init().unwrap().slur_regex();
   let test =
       "faggot test kike tranny cocksucker retardeds. Capitalized Niggerz. This is a bunch of other safe text.";
   let slur_free = "No slurs here";
   assert_eq!(
-      remove_slurs(test),
+      remove_slurs(test, &slur_regex),
       "*removed* test *removed* *removed* *removed* *removed*. Capitalized *removed*. This is a bunch of other safe text."
         .to_string()
     );
@@ -76,9 +85,9 @@ fn test_slur_filter() {
   ];
   let has_slurs_err_str = "No slurs - Niggerz, cocksucker, faggot, kike, retardeds, tranny";
 
-  assert_eq!(slur_check(test), Err(has_slurs_vec));
+  assert_eq!(slur_check(test, &slur_regex), Err(has_slurs_vec));
-  assert_eq!(slur_check(slur_free), Ok(()));
+  assert_eq!(slur_check(slur_free, &slur_regex), Ok(()));
-  if let Err(slur_vec) = slur_check(test) {
+  if let Err(slur_vec) = slur_check(test, &slur_regex) {
     assert_eq!(&slurs_vec_to_str(slur_vec), has_slurs_err_str);
   }
 }

crates/utils/src/utils.rs

@@ -1,22 +1,13 @@
-use crate::{settings::structs::Settings, ApiError, IpAddr};
+use crate::{ApiError, IpAddr};
 use actix_web::dev::ConnectionInfo;
 use chrono::{DateTime, FixedOffset, NaiveDateTime};
 use itertools::Itertools;
 use rand::{distributions::Alphanumeric, thread_rng, Rng};
-use regex::{Regex, RegexBuilder};
+use regex::Regex;
 use url::Url;
 
 lazy_static! {
   static ref EMAIL_REGEX: Regex = Regex::new(r"^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$").expect("compile regex");
-  static ref SLUR_REGEX: Regex = {
-    let mut slurs = r"(fag(g|got|tard)?\b|cock\s?sucker(s|ing)?|ni((g{2,}|q)+|[gq]{2,})[e3r]+(s|z)?|mudslime?s?|kikes?|\bspi(c|k)s?\b|\bchinks?|gooks?|bitch(es|ing|y)?|whor(es?|ing)|\btr(a|@)nn?(y|ies?)|\b(b|re|r)tard(ed)?s?)".to_string();
-    if let Some(additional_slurs) = Settings::get().additional_slurs {
-        slurs.push('|');
-        slurs.push_str(&additional_slurs);
-    };
-    RegexBuilder::new(&slurs).case_insensitive(true).build().expect("compile regex")
-  };
-
 
   static ref USERNAME_MATCHES_REGEX: Regex = Regex::new(r"/u/[a-zA-Z][0-9a-zA-Z_]*").expect("compile regex");
   // TODO keep this old one, it didn't work with port well tho
@@ -37,12 +28,12 @@ pub fn convert_datetime(datetime: NaiveDateTime) -> DateTime<FixedOffset> {
   DateTime::<FixedOffset>::from_utc(datetime, FixedOffset::east(0))
 }
 
-pub fn remove_slurs(test: &str) -> String {
+pub fn remove_slurs(test: &str, slur_regex: &Regex) -> String {
-  SLUR_REGEX.replace_all(test, "*removed*").to_string()
+  slur_regex.replace_all(test, "*removed*").to_string()
 }
 
-pub(crate) fn slur_check(test: &str) -> Result<(), Vec<&str>> {
+pub(crate) fn slur_check<'a>(test: &'a str, slur_regex: &'a Regex) -> Result<(), Vec<&'a str>> {
-  let mut matches: Vec<&str> = SLUR_REGEX.find_iter(test).map(|mat| mat.as_str()).collect();
+  let mut matches: Vec<&str> = slur_regex.find_iter(test).map(|mat| mat.as_str()).collect();
 
   // Unique
   matches.sort_unstable();
@@ -55,17 +46,17 @@ pub(crate) fn slur_check(test: &str) -> Result<(), Vec<&str>> {
   }
 }
 
-pub fn check_slurs(text: &str) -> Result<(), ApiError> {
+pub fn check_slurs(text: &str, slur_regex: &Regex) -> Result<(), ApiError> {
-  if let Err(slurs) = slur_check(text) {
+  if let Err(slurs) = slur_check(text, slur_regex) {
     Err(ApiError::err(&slurs_vec_to_str(slurs)))
   } else {
     Ok(())
   }
 }
 
-pub fn check_slurs_opt(text: &Option<String>) -> Result<(), ApiError> {
+pub fn check_slurs_opt(text: &Option<String>, slur_regex: &Regex) -> Result<(), ApiError> {
   match text {
-    Some(t) => check_slurs(t),
+    Some(t) => check_slurs(t, slur_regex),
     None => Ok(()),
   }
 }
@@ -96,8 +87,8 @@ pub struct MentionData {
 }
 
 impl MentionData {
-  pub fn is_local(&self) -> bool {
+  pub fn is_local(&self, hostname: &str) -> bool {
-    Settings::get().hostname.eq(&self.domain)
+    hostname.eq(&self.domain)
   }
   pub fn full_name(&self) -> String {
     format!("@{}@{}", &self.name, &self.domain)
@@ -115,17 +106,16 @@ pub fn scrape_text_for_mentions(text: &str) -> Vec<MentionData> {
   out.into_iter().unique().collect()
 }
 
-pub fn is_valid_actor_name(name: &str) -> bool {
+pub fn is_valid_actor_name(name: &str, actor_name_max_length: usize) -> bool {
-  name.chars().count() <= Settings::get().actor_name_max_length
+  name.chars().count() <= actor_name_max_length && VALID_ACTOR_NAME_REGEX.is_match(name)
-    && VALID_ACTOR_NAME_REGEX.is_match(name)
 }
 
 // Can't do a regex here, reverse lookarounds not supported
-pub fn is_valid_display_name(name: &str) -> bool {
+pub fn is_valid_display_name(name: &str, actor_name_max_length: usize) -> bool {
   !name.starts_with('@')
     && !name.starts_with('\u{200b}')
     && name.chars().count() >= 3
-    && name.chars().count() <= Settings::get().actor_name_max_length
+    && name.chars().count() <= actor_name_max_length
 }
 
 pub fn is_valid_matrix_id(matrix_id: &str) -> bool {

crates/websocket/src/chat_server.rs

@@ -14,10 +14,11 @@ use diesel::{
   PgConnection,
 };
 use lemmy_api_common::{comment::*, post::*};
-use lemmy_db_schema::{CommunityId, LocalUserId, PostId};
+use lemmy_db_schema::{source::secret::Secret, CommunityId, LocalUserId, PostId};
 use lemmy_utils::{
   location_info,
   rate_limit::RateLimit,
+  settings::structs::Settings,
   ApiError,
   ConnectionId,
   IpAddr,
@@ -71,6 +72,12 @@ pub struct ChatServer {
   /// The DB Pool
   pub(super) pool: Pool<ConnectionManager<PgConnection>>,
 
+  /// The Settings
+  pub(super) settings: Settings,
+
+  /// The Secrets
+  pub(super) secret: Secret,
+
   /// Rate limiting based on rate type and IP addr
   pub(super) rate_limiter: RateLimit,
 
@@ -95,6 +102,7 @@ pub struct SessionInfo {
 /// And manages available rooms. Peers send messages to other peers in same
 /// room through `ChatServer`.
 impl ChatServer {
+  #![allow(clippy::too_many_arguments)]
   pub fn startup(
     pool: Pool<ConnectionManager<PgConnection>>,
     rate_limiter: RateLimit,
@@ -102,6 +110,8 @@ impl ChatServer {
     message_handler_crud: MessageHandlerCrudType,
     client: Client,
     activity_queue: QueueHandle,
+    settings: Settings,
+    secret: Secret,
   ) -> ChatServer {
     ChatServer {
       sessions: HashMap::new(),
@@ -117,6 +127,8 @@ impl ChatServer {
       message_handler_crud,
       client,
       activity_queue,
+      settings,
+      secret,
     }
   }
 
@@ -452,6 +464,8 @@ impl ChatServer {
       chat_server: ctx.address(),
       client: self.client.to_owned(),
       activity_queue: self.activity_queue.to_owned(),
+      settings: self.settings.to_owned(),
+      secret: self.secret.to_owned(),
     };
     let message_handler_crud = self.message_handler_crud;
     let message_handler = self.message_handler;

crates/websocket/src/lib.rs

@@ -5,7 +5,8 @@ use crate::chat_server::ChatServer;
 use actix::Addr;
 use background_jobs::QueueHandle;
 use lemmy_db_queries::DbPool;
-use lemmy_utils::LemmyError;
+use lemmy_db_schema::source::secret::Secret;
+use lemmy_utils::{settings::structs::Settings, LemmyError};
 use reqwest::Client;
 use serde::Serialize;
 
@@ -20,6 +21,8 @@ pub struct LemmyContext {
   pub chat_server: Addr<ChatServer>,
   pub client: Client,
   pub activity_queue: QueueHandle,
+  pub settings: Settings,
+  pub secret: Secret,
 }
 
 impl LemmyContext {
@@ -28,12 +31,16 @@ impl LemmyContext {
     chat_server: Addr<ChatServer>,
     client: Client,
     activity_queue: QueueHandle,
+    settings: Settings,
+    secret: Secret,
   ) -> LemmyContext {
     LemmyContext {
       pool,
       chat_server,
       client,
       activity_queue,
+      settings,
+      secret,
     }
   }
   pub fn pool(&self) -> &DbPool {
@@ -48,6 +55,13 @@ impl LemmyContext {
   pub fn activity_queue(&self) -> &QueueHandle {
     &self.activity_queue
   }
+  pub fn settings(&self) -> Settings {
+    // TODO hacky solution to be able to hotload the settings.
+    Settings::get()
+  }
+  pub fn secret(&self) -> &Secret {
+    &self.secret
+  }
 }
 
 impl Clone for LemmyContext {
@@ -57,6 +71,8 @@ impl Clone for LemmyContext {
       chat_server: self.chat_server.clone(),
       client: self.client.clone(),
       activity_queue: self.activity_queue.clone(),
+      settings: self.settings.clone(),
+      secret: self.secret.clone(),
     }
   }
 }

docker/federation/lemmy_alpha.hjson

@@ -2,7 +2,6 @@
   hostname: lemmy-alpha:8541
   port: 8541
   tls_enabled: false
-  jwt_secret: changeme
   setup: {
     admin_username: lemmy_alpha
     admin_password: lemmylemmy

docker/federation/lemmy_beta.hjson

@@ -2,7 +2,6 @@
   hostname: lemmy-beta:8551
   port: 8551
   tls_enabled: false
-  jwt_secret: changeme
   setup: {
     admin_username: lemmy_beta
     admin_password: lemmylemmy

docker/federation/lemmy_delta.hjson

@@ -2,7 +2,6 @@
   hostname: lemmy-delta:8571
   port: 8571
   tls_enabled: false
-  jwt_secret: changeme
   setup: {
     admin_username: lemmy_delta
     admin_password: lemmylemmy

docker/federation/lemmy_epsilon.hjson

@@ -2,7 +2,6 @@
   hostname: lemmy-epsilon:8581
   port: 8581
   tls_enabled: false
-  jwt_secret: changeme
   setup: {
     admin_username: lemmy_epsilon
     admin_password: lemmylemmy

docker/federation/lemmy_gamma.hjson

@@ -2,7 +2,6 @@
   hostname: lemmy-gamma:8561
   port: 8561
   tls_enabled: false
-  jwt_secret: changeme
   setup: {
     admin_username: lemmy_gamma
     admin_password: lemmylemmy

docker/lemmy.hjson

@@ -17,8 +17,6 @@
   bind: "0.0.0.0"
   # port where lemmy should listen for incoming requests
   port: 8536
-  # json web token for authorization between server and client
-  jwt_secret: "changeme"
   # settings related to the postgresql database
   # address where pictrs is available
   pictrs_url: "http://pictrs:8080"

migrations/2021-09-20-112945_jwt-secret/down.sql

@@ -0,0 +1 @@
+drop table secret;