* Adding visual captchas for register and login.
* Adding audio wav file for Captcha using espeak.
* Lots of captcha fixes.
- Removed login captchas.
- Added settings to disable captchas, and change difficulty.
- Captchas can only be checked / used once, front end gives a new one on
failure.
- Added front end button for regenerating captcha.
- Added a disabled / pause button audio playing.
* Some more fixes.
* Remove extra jwt claims (for user settings)
- The JWT token only contains the issuer, and your user id now.
- Now only a page refresh is necessary to pick up your settings on all
clients, including theme, language, etc.
- GetSiteResponse now gives you your user and settings if logged in.
- Fixes#773
* Remove extra comment line, I tested nsfw
* Adding a todo to add a User_::readSafe()
* secure the `EditPost` API endpoint
* Check user is moderator in BanFromCommunity
* secure the `EditComment` API endpoint
* pass orig `read` prob when not explicitly updating it.
* Block random users from adding mods.
* use cleaner logic from `EditPost`
* prevent editing a community by a mod from transfering ownership to them
* secure `read` action in `EditPrivateMessage`
* Add check in UserMention
* only let the indended recipient mark as read
* simplify booleans to satisfy clippy
* requested changes + cargo +nightly fmt
* fix to pass federation tests for deleting comments and posts
Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
More fixes
- fixed docker builds
- fixed mentions regex test
- fixed DATABASE_URL stuff
- change schema path in diesel.toml
Address review comments
- add jsonb column back into activity table
- remove authors field from cargo.toml
- adjust LEMMY_DATABASE_URL env var usage
- rename all occurences of LEMMY_DATABASE_URL to DATABASE_URL
Decouple utils and db
Split code into cargo workspaces
Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/67
* One pass at materialized views, only about 30% faster, not good.
* Before merging master to test out bans.
* DB Rework working, still need more testing.
* Fixing accidental addadmin bug from asonix async merge.
* Fixing the comment delete trigger
* Some more DB additions.
- Adding a hot_rank desc, published desc index to post_aggregates_fast.
- Removed WITH CTE queries in favor of direct selects (since CTEs cant
use indexes)
* Removing some unecessary indexes.
* Some more DB optimizings
- Changing the fast_id pkeys to just ids on the fast tables.
- Removing the private_message_fast, since the view contains no aggregates.
- Comment and post voting now no longer pull from the views, they update the counts directly.
* Adding community_agg_view and post_agg_views Credit: eiknat.
* Adding user and comment_view migrations. (comment_view still broken)
* Adding more views. Credit Eiknat.
* Asyncify more
* I guess these changed
* Clean PR a bit
* Convert more away from failure error
* config changes for testing federation
* It was DNS
So actix-web's client relies on TRust DNS Resolver to figure out
where to send data, but TRust DNS Resolver seems to not play nice
with docker, which expressed itself as not resolving the name to
an IP address _the first time_ when making a request. The fix was
literally to make the request again (which I limited to 3 times
total, and not exceeding the request timeout in total)
* Only retry for connecterror
Since TRust DNS Resolver was causing ConnectError::Timeout,
this change limits the retry to only this error, returning
immediately for any other error
* Use http sig norm 0.4.0-alpha for actix-web 3.0 support
* Blocking function, retry http requests
* cargo +nightly fmt
* Only create one pictrs dir
* Don't yarn build
* cargo +nightly fmt
- Advanced code migrations now disable then re-enable triggers.
Brings run time down to < 15 seconds, no need to thread them.
- Changing ap_ids and actor_ids in migrations to a fake url,
so it doesn't break XsdAnyUri in activitystreams.
- HTTP and APUB clients can now send live updating messages to websocket
clients
- Rate limiting now affects both HTTP and websockets
- Rate limiting / Websocket logic is now moved into the API Perform
functions.
- TODO This broke getting current online users, but that will have to
wait for the perform trait to be made async.
- Fixes#446
- Creating an activity table.
- Adding some federation-related columns to the user_ and community
tables.
- Generating the actor_id and keys in code, updating the tables.