Commit graph

62 commits

Author SHA1 Message Date
nutomic
76cd6ac6bc Add more checks in inbox, plus some refactoring (#76)
Merge branch 'main' into more-inbox-permissions

Move check_community_ban() into helper function

Move slur check into helper functions

Move Claims::decode and site ban check into helper function

Note: this changes behaviour in that site ban is checked in more
places now. we could easily add a boolean parameter
check_for_site_ban to get the previous behaviour back

Rewrite user_inbox and community_inbox in the same way as shared_inbox

Add check against instance allowlist etc in shared_inbox

Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev>
Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/76
2020-08-04 14:39:55 +00:00
Dessalines
d1342afe93
Remove extra jwt claims (for user settings) (#1025)
* Remove extra jwt claims (for user settings)

- The JWT token only contains the issuer, and your user id now.
- Now only a page refresh is necessary to pick up your settings on all
  clients, including theme, language, etc.
- GetSiteResponse now gives you your user and settings if logged in.
- Fixes #773

* Remove extra comment line, I tested nsfw

* Adding a todo to add a User_::readSafe()
2020-07-27 09:23:08 -04:00
59da2976ab Some more API cleanup.
- Extracted methods for is_mod_or_admin, and is_admin.
- Removed admins from GetPostResponse and GetCommunityResponse.
- Some cleanup.
2020-07-22 14:20:08 -04:00
5e5063cbdd Adding some helper functions. 2020-07-21 13:52:57 -04:00
4b6a762a56 Added an is_mod_or_admin function to Community 2020-07-21 10:15:17 -04:00
fd96dfdb5e Added comment delete, remove, read. 2020-07-20 21:37:44 -04:00
9bc6698f58 Added community delete and remove. 2020-07-20 13:37:39 -04:00
Dessalines
fc15276c10
Don't allow duplicate community names in API. #957 (#974) 2020-07-15 09:55:38 -04:00
Dessalines
78cb306c07
Don't allow community name editing. Fixes #964 (#973) 2020-07-15 09:53:52 -04:00
ryexandra
29037b4995
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
2020-07-14 09:17:25 -04:00
nutomic
80aef61aed Split code into cargo workspaces (#67)
More fixes

- fixed docker builds
- fixed mentions regex test
- fixed DATABASE_URL stuff
- change schema path in diesel.toml

Address review comments

- add jsonb column back into activity table
- remove authors field from cargo.toml
- adjust LEMMY_DATABASE_URL env var usage
- rename all occurences of LEMMY_DATABASE_URL to DATABASE_URL

Decouple utils and db

Split code into cargo workspaces

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/67
2020-07-10 18:15:41 +00:00
a074564458
Federation async (#848)
* Asyncify more

* I guess these changed

* Clean PR a bit

* Convert more away from failure error

* config changes for testing federation

* It was DNS

So actix-web's client relies on TRust DNS Resolver to figure out
where to send data, but TRust DNS Resolver seems to not play nice
with docker, which expressed itself as not resolving the name to
an IP address _the first time_ when making a request. The fix was
literally to make the request again (which I limited to 3 times
total, and not exceeding the request timeout in total)

* Only retry for connecterror

Since TRust DNS Resolver was causing ConnectError::Timeout,
this change limits the retry to only this error, returning
immediately for any other error

* Use http sig norm 0.4.0-alpha for actix-web 3.0 support

* Blocking function, retry http requests

* cargo +nightly fmt

* Only create one pictrs dir

* Don't yarn build

* cargo +nightly fmt
2020-07-01 08:54:29 -04:00
dc94e58cbf Merge branch 'master' into federation_merge_from_master_2 2020-06-23 21:11:38 -04:00
Ernest
8e1e9a521a Edit community name validation, translations #823 2020-06-22 09:23:54 +02:00
Ernest
4247df4295 Community name validation 2020-06-20 11:33:23 +02:00
9e61c3be94 Rework imports 2020-05-16 20:04:17 +02:00
b177cbce1d Renaming ignore to unfollow in followable trait. 2020-05-04 14:26:16 -04:00
b8b2398d32 Adding undo follow community. 2020-05-03 22:41:45 -04:00
a09c818746 Adding federated mod remove actions. 2020-05-03 10:00:59 -04:00
5366797a4b Add undos for delete community, post, and comment. 2020-05-01 15:01:29 -04:00
2f1cd9976d Adding federated community, comment, and post deletes.
- Unit tests added too.
- No undeletes working yet.
2020-05-01 10:07:38 -04:00
c43f06124a Address comments, implement delete for posts and comments 2020-04-29 16:51:25 +02:00
0c0c683986 Implement deleting communities 2020-04-28 19:46:25 +02:00
70060c27b2 Adding activity table inserts. 2020-04-27 18:17:02 -04:00
3ce0618362 Making a trait function for follow and accept. 2020-04-26 13:20:42 -04:00
66a2c4a2c3 Some fed fixes. 2020-04-24 10:04:36 -04:00
f0026065f5 Merge branch 'master' into federation_merge_from_master_1 2020-04-21 10:25:29 -04:00
ac43b86b60 Change RateLimit to act as a middleware 2020-04-19 22:59:07 -05:00
f300c67a4d Adding websocket notification system.
- HTTP and APUB clients can now send live updating messages to websocket
  clients
- Rate limiting now affects both HTTP and websockets
- Rate limiting / Websocket logic is now moved into the API Perform
  functions.
- TODO This broke getting current online users, but that will have to
  wait for the perform trait to be made async.
- Fixes #446
2020-04-19 18:08:25 -04:00
5284dc0c52 Simplify signing code 2020-04-19 13:44:44 +02:00
8daf72278d Add http signature to outgoing apub requests 2020-04-18 20:54:20 +02:00
fcf1c65fc1 Front end federation names and links for users, posts, and communities. 2020-04-14 19:18:13 -04:00
19c8461397 Implemented follow/accept 2020-04-14 17:37:23 +02:00
b7103a7e14 Store remote communities/posts in db, federate posts! 2020-04-07 18:47:19 +02:00
cb7059f832 Move and rename some functions 2020-04-03 18:32:09 +02:00
6a7a262912 Merge branch 'federation_add_fed_columns' of https://yerbamate.dev/dessalines/lemmy into federation 2020-04-03 07:24:46 +02:00
96c3621a80 Share list of communities over apub, some refactoring 2020-04-03 07:02:43 +02:00
9197b39ed6 Federation DB Changes.
- Creating an activity table.
- Adding some federation-related columns to the user_ and community
  tables.
- Generating the actor_id and keys in code, updating the tables.
2020-04-03 00:12:05 -04:00
390b204272 Rewrite federation settings 2020-03-18 22:09:00 +01:00
8ebcc7ac02 Implemented basics for post federation, plus a bunch of other stuff 2020-03-14 22:03:05 +01:00
5896a9d251 Move apub related code from websocket into api package 2020-03-14 13:15:23 +01:00
d932acad16 Merge branch 'federation' into dev_1 2020-02-05 12:51:03 -05:00
ee2038a75a Returning specific slurs from slur filter on failure. Fixes #463 2020-02-02 22:51:54 -05:00
8036474dda Starting to work on user message scope. 2020-01-31 20:02:20 -05:00
f1035dacc2 working! 2020-01-18 14:26:04 +01:00
eaf548b5db Merge branch 'master' into federation 2020-01-14 16:30:54 +01:00
dff8b947bb Trying to add r2d2 connection pooling to websockets. 2020-01-12 10:31:51 -05:00
e09a035373 Merge branch 'master' into federation 2020-01-02 19:22:23 +01:00
d08e09fbdc Apply changes suggested by cargo clippy (fixes #395) 2020-01-02 12:30:00 +01:00
581f36d6ef Implementing very basic federation including test setup 2019-12-30 13:31:54 +01:00