Commit graph

79 commits

Author SHA1 Message Date
Dessalines
49bd28e2d4
Adding visual captchas for register and login. (#1027)
* Adding visual captchas for register and login.

* Adding audio wav file for Captcha using espeak.

* Lots of captcha fixes.

- Removed login captchas.
- Added settings to disable captchas, and change difficulty.
- Captchas can only be checked / used once, front end gives a new one on
  failure.
- Added front end button for regenerating captcha.
- Added a disabled / pause button audio playing.

* Some more fixes.
2020-07-29 09:02:46 -04:00
Dessalines
d1342afe93
Remove extra jwt claims (for user settings) (#1025)
* Remove extra jwt claims (for user settings)

- The JWT token only contains the issuer, and your user id now.
- Now only a page refresh is necessary to pick up your settings on all
  clients, including theme, language, etc.
- GetSiteResponse now gives you your user and settings if logged in.
- Fixes #773

* Remove extra comment line, I tested nsfw

* Adding a todo to add a User_::readSafe()
2020-07-27 09:23:08 -04:00
59da2976ab Some more API cleanup.
- Extracted methods for is_mod_or_admin, and is_admin.
- Removed admins from GetPostResponse and GetCommunityResponse.
- Some cleanup.
2020-07-22 14:20:08 -04:00
fd96dfdb5e Added comment delete, remove, read. 2020-07-20 21:37:44 -04:00
ca7d2feedb Some GetUserDetails cleanup. 2020-07-20 15:32:15 -04:00
a67f46bec5 EditUserMention changed to MarkUserMentionAsRead. 2020-07-20 10:56:40 -04:00
0a28ffb9c4 Private message delete and read extracted. 2020-07-20 00:29:44 -04:00
Dessalines
9f36fd50b4
GetSite fixes. Fixes #975 (#978) 2020-07-15 10:00:55 -04:00
Dessalines
cc0ae6343c
Fixing user mention reading. (#968) 2020-07-14 12:12:04 -04:00
ryexandra
29037b4995
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
2020-07-14 09:17:25 -04:00
nutomic
80aef61aed Split code into cargo workspaces (#67)
More fixes

- fixed docker builds
- fixed mentions regex test
- fixed DATABASE_URL stuff
- change schema path in diesel.toml

Address review comments

- add jsonb column back into activity table
- remove authors field from cargo.toml
- adjust LEMMY_DATABASE_URL env var usage
- rename all occurences of LEMMY_DATABASE_URL to DATABASE_URL

Decouple utils and db

Split code into cargo workspaces

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/67
2020-07-10 18:15:41 +00:00
Dessalines
961d65c0ee
Remove button for avatars. Fixes #755 (#924) 2020-07-09 20:04:09 -04:00
Dessalines
f4565d0603
Remove materialized views. (#908)
* One pass at materialized views, only about 30% faster, not good.

* Before merging master to test out bans.

* DB Rework working, still need more testing.

* Fixing accidental addadmin bug from asonix async merge.

* Fixing the comment delete trigger

* Some more DB additions.

- Adding a hot_rank desc, published desc index to post_aggregates_fast.
- Removed WITH CTE queries in favor of direct selects (since CTEs cant
  use indexes)

* Removing some unecessary indexes.

* Some more DB optimizings

- Changing the fast_id pkeys to just ids on the fast tables.
- Removing the private_message_fast, since the view contains no aggregates.
- Comment and post voting now no longer pull from the views, they update the counts directly.

* Adding community_agg_view and post_agg_views Credit: eiknat.

* Adding user and comment_view migrations. (comment_view still broken)

* Adding more views. Credit Eiknat.
2020-07-07 10:54:44 -04:00
cd007febef Merge branch 'master' into federation 2020-07-01 09:04:26 -04:00
a074564458
Federation async (#848)
* Asyncify more

* I guess these changed

* Clean PR a bit

* Convert more away from failure error

* config changes for testing federation

* It was DNS

So actix-web's client relies on TRust DNS Resolver to figure out
where to send data, but TRust DNS Resolver seems to not play nice
with docker, which expressed itself as not resolving the name to
an IP address _the first time_ when making a request. The fix was
literally to make the request again (which I limited to 3 times
total, and not exceeding the request timeout in total)

* Only retry for connecterror

Since TRust DNS Resolver was causing ConnectError::Timeout,
this change limits the retry to only this error, returning
immediately for any other error

* Use http sig norm 0.4.0-alpha for actix-web 3.0 support

* Blocking function, retry http requests

* cargo +nightly fmt

* Only create one pictrs dir

* Don't yarn build

* cargo +nightly fmt
2020-07-01 08:54:29 -04:00
c239a5f0e5 Fixing ban user bug. Fixes #876 2020-07-01 08:22:41 -04:00
86dc50f9f0 Some fixes to federation.
- Advanced code migrations now disable then re-enable triggers.
  Brings run time down to < 15 seconds, no need to thread them.
- Changing ap_ids and actor_ids in migrations to a fake url,
  so it doesn't break XsdAnyUri in activitystreams.
2020-06-26 21:12:41 -04:00
0f1a8ec928 Merge branch 'master' into federation 2020-06-09 14:01:26 +02:00
Dessalines
29fc3681b9
Validate register usernames on the back-end. Fixes #716 (#750)
* Validate register usernames on the back-end. Fixes #716

* Changing name to is_valid_username
2020-05-28 14:07:36 -04:00
9e61c3be94 Rework imports 2020-05-16 20:04:17 +02:00
15f1920b25 Federated private messages. 2020-05-05 22:06:24 -04:00
66a2c4a2c3 Some fed fixes. 2020-04-24 10:04:36 -04:00
f0026065f5 Merge branch 'master' into federation_merge_from_master_1 2020-04-21 10:25:29 -04:00
ac43b86b60 Change RateLimit to act as a middleware 2020-04-19 22:59:07 -05:00
f300c67a4d Adding websocket notification system.
- HTTP and APUB clients can now send live updating messages to websocket
  clients
- Rate limiting now affects both HTTP and websockets
- Rate limiting / Websocket logic is now moved into the API Perform
  functions.
- TODO This broke getting current online users, but that will have to
  wait for the perform trait to be made async.
- Fixes #446
2020-04-19 18:08:25 -04:00
5284dc0c52 Simplify signing code 2020-04-19 13:44:44 +02:00
8daf72278d Add http signature to outgoing apub requests 2020-04-18 20:54:20 +02:00
61815bce2e Adding live reloading of config.hjson changes through UI.
- https://stackoverflow.com/questions/61159698/update-re-initialize-a-var-defined-in-lazy-static/61161271#61161271
- https://stackoverflow.com/questions/29654927/how-do-i-assign-a-string-to-a-mutable-static-variable/47181804#47181804
2020-04-11 14:06:04 -04:00
b7103a7e14 Store remote communities/posts in db, federate posts! 2020-04-07 18:47:19 +02:00
56947e7710 Removing community name unique constraint. Removing useless fedi_name column from user_table. 2020-04-07 10:54:15 -04:00
85ea1046f0 Adding post and comment ap_id columns. 2020-04-03 20:04:57 -04:00
9197b39ed6 Federation DB Changes.
- Creating an activity table.
- Adding some federation-related columns to the user_ and community
  tables.
- Generating the actor_id and keys in code, updating the tables.
2020-04-03 00:12:05 -04:00
76bf71162e Automatic instance setup based on config variables (fixes #404) 2020-03-29 00:13:13 +01:00
62ab68d317 Adding full logging. 2020-03-13 11:08:42 -04:00
ac280782b2 Iframely and pictshare backend mostly done. 2020-03-07 18:31:13 -05:00
876d311706 Remove email from GetUserDetails when not same user. Fixes #579 2020-03-05 15:46:33 -05:00
ee2038a75a Returning specific slurs from slur filter on failure. Fixes #463 2020-02-02 22:51:54 -05:00
8036474dda Starting to work on user message scope. 2020-01-31 20:02:20 -05:00
ac1d5f2b86 Done merging http-api and private_message 2020-01-23 19:17:42 -05:00
253bc3e0af Adding private messaging, and matrix user ids.
- Fixes #244
2020-01-22 16:38:16 -05:00
f1035dacc2 working! 2020-01-18 14:26:04 +01:00
8604c1d257 Fixing error when email already exists. Fixes #427 2020-01-17 20:34:16 -05:00
dff8b947bb Trying to add r2d2 connection pooling to websockets. 2020-01-12 10:31:51 -05:00
5b42dc3393 Adding show_avatar user setting, and option to send notifications to inbox.
- Fixes #254
- Fixes #394
2020-01-02 16:55:54 -05:00
d08e09fbdc Apply changes suggested by cargo clippy (fixes #395) 2020-01-02 12:30:00 +01:00
f5a13717ea Adding change password and email address from user settings.
- Fixes #384
- Fixes #385
2020-01-01 15:46:14 -05:00
a4428528e3 Adding user avatars / icons. Requires pictshare.
- Fixes #188
2019-12-29 15:39:48 -05:00
d57b2d4865 Fixing non-existent user profile viewing.
- Fixes #381
2019-12-28 20:58:01 -05:00
cf3ae15ee9 Implement config (fixes #351) 2019-12-27 17:28:44 +01:00
fca8e6a0a9 Adding some site oriented settings.
- Adding option to close registration. Fixes #350
- Adding option to disable showing NSFW buttons. Fixes #364
- Adding option to disable downvotes. Fixes #239
2019-12-11 12:21:47 -08:00