Commit graph

74 commits

Author SHA1 Message Date
cc2c7db9fe Add security checks and slur checks for activitypub inbox 2020-08-06 15:01:42 +02:00
233aa34d54 Verify ID of received apub objects against domain allowlist etc 2020-08-05 14:18:08 +02:00
9a004c4535 Update activitystreams to 0.7.0-alpha.3 (from crates.io) 2020-08-01 15:25:17 +02:00
8ad4378960 Disable ID domain check in FromApub until we figure it out properly 2020-07-29 13:58:39 +02:00
a85873d294 Take correct community uri in shared_inbox, rename fetch_remote* methods 2020-07-29 13:46:11 +02:00
ced3cbde73 Merge branch 'main' into inbox-refactoring-dessalines 2020-07-28 18:55:50 -04:00
494fcfdb8f Add helper function to generate proper activity IDs 2020-07-28 19:23:16 +02:00
1ed63e99d9 Fix post thumbnail_url to use full urls. Fixes #632 2020-07-28 11:42:40 -04:00
Dessalines
6e4599411b
Adding inferno-helmet to fix page titles. Fixes #1028 (#1030) 2020-07-27 11:54:42 -04:00
Dessalines
c066915b8e
Federate sticky flag dessalines (#1021)
* Federate sticky flag (ref #1018)

* Adding tests for federated sticky and lock.

* Changing test to make sure it returns the correct locked error.

Co-authored-by: Felix Ableitner <me@nutomic.com>
2020-07-27 11:42:15 -04:00
b03a2d7995 Ran cargo fmt. 2020-07-19 12:26:23 -04:00
nutomic
77a2a5eb01 Update activitystreams library to latest version (#71)
Merge branch 'main' into more-upgrade-apub-3

Update activitystreams library to latest version

Remove remaining usages of old activitystreams library

Migrate community inbox and user inbox

Migrate private message

Migrate post

Migrate community activities

Migrate extensions to new activitystreams library

Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev>
Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/71
2020-07-17 21:11:07 +00:00
2d4c41d2be Convert comments to new apub lib (including comment activities) 2020-07-15 18:26:37 +02:00
ef8118f40f migrate post to new apub lib 2020-07-15 18:03:09 +02:00
ryexandra
29037b4995
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
2020-07-14 09:17:25 -04:00
bb3e29e5c4 Make reads from activitypub objects immutable 2020-07-13 15:56:58 +02:00
nutomic
80aef61aed Split code into cargo workspaces (#67)
More fixes

- fixed docker builds
- fixed mentions regex test
- fixed DATABASE_URL stuff
- change schema path in diesel.toml

Address review comments

- add jsonb column back into activity table
- remove authors field from cargo.toml
- adjust LEMMY_DATABASE_URL env var usage
- rename all occurences of LEMMY_DATABASE_URL to DATABASE_URL

Decouple utils and db

Split code into cargo workspaces

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/67
2020-07-10 18:15:41 +00:00
c9338027f2 Migrate user and group to new activitystreams library 2020-07-08 18:01:04 +02:00
a074564458
Federation async (#848)
* Asyncify more

* I guess these changed

* Clean PR a bit

* Convert more away from failure error

* config changes for testing federation

* It was DNS

So actix-web's client relies on TRust DNS Resolver to figure out
where to send data, but TRust DNS Resolver seems to not play nice
with docker, which expressed itself as not resolving the name to
an IP address _the first time_ when making a request. The fix was
literally to make the request again (which I limited to 3 times
total, and not exceeding the request timeout in total)

* Only retry for connecterror

Since TRust DNS Resolver was causing ConnectError::Timeout,
this change limits the retry to only this error, returning
immediately for any other error

* Use http sig norm 0.4.0-alpha for actix-web 3.0 support

* Blocking function, retry http requests

* cargo +nightly fmt

* Only create one pictrs dir

* Don't yarn build

* cargo +nightly fmt
2020-07-01 08:54:29 -04:00
3999e0485e migrate tombstone 2020-06-03 17:10:16 +02:00
1aa30d855e address review comments 2020-06-01 16:48:07 +02:00
f3aba6da92 fix comment notifications 2020-05-30 20:05:42 +02:00
c34cc46c2d get it working (mostly) 2020-05-30 19:44:50 +02:00
8f9bd1fef7 get some more things working 2020-05-28 15:20:12 +02:00
ce0a37cdf1 get it working (mostly) 2020-05-28 13:51:48 +02:00
cac7011d53 move logic to sharedinbox 2020-05-28 13:44:52 +02:00
5753c4feaa Let community announce posts 2020-05-28 13:15:51 +02:00
a9af247f1e Merge branch 'federated_embeds' into federation 2020-05-25 16:15:23 -04:00
d1aca27126 Use activitystreams-ext 2020-05-18 18:15:26 +02:00
f15c3b4e1e Merge branch 'yerba_rework-imports' into federation 2020-05-16 21:09:26 -04:00
9e61c3be94 Rework imports 2020-05-16 20:04:17 +02:00
f88180650d Adding federated embeds via the preview field. 2020-05-15 23:40:36 -04:00
020b9b8cdd Post thumbnail and user icons federating. 2020-05-15 20:23:20 -04:00
Dessalines
940dc73f28 Federated mentions. Fixes #681 (#717)
* Federated mentions. Fixes #681

* Changing some todos, adding comments.
2020-05-15 12:36:11 -04:00
13ca47a3b4 Use ActorType for sign/verify, instead of passing raw privatekey/actor_id 2020-05-14 17:17:40 +02:00
11acc7225e Add helper function for Activity::create() 2020-05-14 14:26:44 +02:00
7485f1a5b4 Federate nsfw/locked info for posts 2020-05-05 02:09:27 +02:00
fab22e3d8a Add federated comment and post undo like. 2020-05-03 20:34:04 -04:00
dfc9637230 Merge branch 'federation' into federated_remove_actions 2020-05-03 13:27:53 -04:00
211ef795e9 Some additional notes, reorg. 2020-05-03 10:22:25 -04:00
a09c818746 Adding federated mod remove actions. 2020-05-03 10:00:59 -04:00
5366797a4b Add undos for delete community, post, and comment. 2020-05-01 15:01:29 -04:00
2f1cd9976d Adding federated community, comment, and post deletes.
- Unit tests added too.
- No undeletes working yet.
2020-05-01 10:07:38 -04:00
770dcbdc49 wip: add former_type to tombstone 2020-04-29 21:10:50 +02:00
c43f06124a Address comments, implement delete for posts and comments 2020-04-29 16:51:25 +02:00
0c0c683986 Implement deleting communities 2020-04-28 19:46:25 +02:00
3b62f58dd2 Adding federated post and comment likes. 2020-04-28 00:16:02 -04:00
9721b77317 1/3rd done with post likes 2020-04-27 22:47:26 -04:00
70060c27b2 Adding activity table inserts. 2020-04-27 18:17:02 -04:00
22abbebd41 Lots of additions to federation.
- Added a shared inbox.
- Added federated comments, comment updates, and tests.
- Abstracted ap object sends into a common trait.
2020-04-27 12:57:00 -04:00