Commit graph

175 commits

Author SHA1 Message Date
Dessalines
bc523abd62
Add a simple linked instances page. Fixes #1070 (#1071)
* Add a simple linked instances page. Fixes #1070

* Changing allowed_instances to federated_instances.
2020-08-11 10:58:32 -04:00
nutomic
3da47352be Remove usage of Option::unwrap() in activitypub code (#80)
Remove remaining usages of unwrap() from activitypub code

Remove most usage of Option::unwrap() from activitypub code

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80
2020-08-11 14:31:05 +00:00
221db1bd1b Add email overwrite on user settings save. Fixes #1069
- Also add get_user_secure to other locations.
2020-08-08 22:36:29 -04:00
eiknat
492e8ad655 user_view: add fn to return sanitized fields 2020-08-07 22:43:33 -04:00
0cc49e6ca9 Merge branch 'main' into federation-authorisation 2020-08-07 15:19:08 +02:00
313f315896 Various adjustments after review 2020-08-06 21:44:47 +02:00
cc2c7db9fe Add security checks and slur checks for activitypub inbox 2020-08-06 15:01:42 +02:00
Dessalines
464ea862b1
Preferred usernames, banners and icons. (#1055)
* Re-organizing federation tests. #746 #1040

* Adding federation support for user bios. Fixes #992

* Adding icons, banners, and preferred usernames.

- Added optional community icons, and community banners.
- Added user banners.
- Added Site icon and banner, with custom favicon.
- Set up preferred usernames. Fixes #1017
- Added an additional post sort: Active
  - Hot rank now uses the published time.
  - Active uses the most recent comment time, and is default.
- DB Migration was required to add all these fields to the views.
- Added transfercommunity helper function.
- Removed title column from communities page.
- Abstracted an image-upload-form.tsx, and a banner-icon-header.tsx
- Fixes #899

* Some navbar fixes.

* Fixing css

* Some fixes.

- Showing correct user icon and banner after save without page reload.
- Abstracting diesel update overwrite.
- Adding some docs.

* Adding @ when a user doesn't have a preferred username.
2020-08-05 12:03:46 -04:00
nutomic
76cd6ac6bc Add more checks in inbox, plus some refactoring (#76)
Merge branch 'main' into more-inbox-permissions

Move check_community_ban() into helper function

Move slur check into helper functions

Move Claims::decode and site ban check into helper function

Note: this changes behaviour in that site ban is checked in more
places now. we could easily add a boolean parameter
check_for_site_ban to get the previous behaviour back

Rewrite user_inbox and community_inbox in the same way as shared_inbox

Add check against instance allowlist etc in shared_inbox

Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev>
Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/76
2020-08-04 14:39:55 +00:00
andor0
b6411aba7a
Migrate from failure to anyhow and thiserror (#1042)
* Migrate from failure to anyhow and thiserror

* Replace 'format_err!' to 'anyhow!'
2020-08-01 14:04:42 +00:00
Azriel Lector
1acb51105a
Add user bios (#1043)
* Add user bios

* Version v0.7.35

* Add domain name change instructions to docs. (#1044)

* Add domain name change instructions to docs.

* Changing docker execs to docker-compose execs

* Set maxLength to user bio and render as md

* Fix bio updating after SaveUserSetting

Co-authored-by: Dessalines <tyhou13@gmx.com>
Co-authored-by: Dessalines <dessalines@users.noreply.github.com>
2020-07-30 21:08:13 -04:00
cee72065e9 Merge branch 'main' into inbox-refactoring 2020-07-29 15:41:05 +02:00
Dessalines
49bd28e2d4
Adding visual captchas for register and login. (#1027)
* Adding visual captchas for register and login.

* Adding audio wav file for Captcha using espeak.

* Lots of captcha fixes.

- Removed login captchas.
- Added settings to disable captchas, and change difficulty.
- Captchas can only be checked / used once, front end gives a new one on
  failure.
- Added front end button for regenerating captcha.
- Added a disabled / pause button audio playing.

* Some more fixes.
2020-07-29 09:02:46 -04:00
e605d58888 Merge branch 'main' into inbox-refactoring-merge 2020-07-28 12:08:28 -04:00
1ed7c59491 Refactor inbox, simplify and split into multiple files 2020-07-28 14:41:15 +02:00
Dessalines
d1342afe93
Remove extra jwt claims (for user settings) (#1025)
* Remove extra jwt claims (for user settings)

- The JWT token only contains the issuer, and your user id now.
- Now only a page refresh is necessary to pick up your settings on all
  clients, including theme, language, etc.
- GetSiteResponse now gives you your user and settings if logged in.
- Fixes #773

* Remove extra comment line, I tested nsfw

* Adding a todo to add a User_::readSafe()
2020-07-27 09:23:08 -04:00
59da2976ab Some more API cleanup.
- Extracted methods for is_mod_or_admin, and is_admin.
- Removed admins from GetPostResponse and GetCommunityResponse.
- Some cleanup.
2020-07-22 14:20:08 -04:00
b6a6d52a92 Merge branch 'main' into api_edit_separation 2020-07-22 13:47:52 -04:00
5e5063cbdd Adding some helper functions. 2020-07-21 13:52:57 -04:00
f81a7ad9ab Adding form_id to comment creates and edits.
- This adds a form_id to CreateComment, EditComment, and CommentResponse
- This is so any front end clients can add a randomly generated string,
  and know which comment they submitted, is the one they're getting
  back.
- This gets rid of all the weird complicated logic in handleFinished(),
  and should stop the comment forms getting cleared once and for all.
2020-07-21 10:56:41 -04:00
4b6a762a56 Added an is_mod_or_admin function to Community 2020-07-21 10:15:17 -04:00
Dessalines
55ce7b1339
Adding version to GetSite. Fixes #1001 (#1002)
* Adding version to GetSite. Fixes #1001

* Removing version.ts file
2020-07-21 13:20:23 +00:00
2eac037408 Adding post delete, remove, lock, and sticky. 2020-07-20 23:46:36 -04:00
fd96dfdb5e Added comment delete, remove, read. 2020-07-20 21:37:44 -04:00
ca7d2feedb Some GetUserDetails cleanup. 2020-07-20 15:32:15 -04:00
9bc6698f58 Added community delete and remove. 2020-07-20 13:37:39 -04:00
a67f46bec5 EditUserMention changed to MarkUserMentionAsRead. 2020-07-20 10:56:40 -04:00
0a28ffb9c4 Private message delete and read extracted. 2020-07-20 00:29:44 -04:00
eiknat
03758a4f92
validate post URLs on the backend (#990)
* added serverside url validation

* api.post: use if let instead of is_some

also add "invalid_url" to en.json

Co-authored-by: John Doe <dhas8m@protonmail.com>
2020-07-17 18:46:59 -04:00
Dessalines
9f36fd50b4
GetSite fixes. Fixes #975 (#978) 2020-07-15 10:00:55 -04:00
Dessalines
fc15276c10
Don't allow duplicate community names in API. #957 (#974) 2020-07-15 09:55:38 -04:00
Dessalines
78cb306c07
Don't allow community name editing. Fixes #964 (#973) 2020-07-15 09:53:52 -04:00
Dessalines
cc0ae6343c
Fixing user mention reading. (#968) 2020-07-14 12:12:04 -04:00
ryexandra
29037b4995
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
2020-07-14 09:17:25 -04:00
Dessalines
7556f8615f
Adding a community_name option to GetPosts /post/list . Fixes #800 (#942) 2020-07-13 09:50:13 -04:00
Tony Antonov
8d24659892
Forbid users to use empty titles for posts (#930)
- Add a regex that checks if string contains anything but whitespace
- Check for whitespace-only titles on post creation and edit
- Trim whitespace from titles before saving
- Add frontend validation to title
2020-07-10 21:15:53 -04:00
nutomic
80aef61aed Split code into cargo workspaces (#67)
More fixes

- fixed docker builds
- fixed mentions regex test
- fixed DATABASE_URL stuff
- change schema path in diesel.toml

Address review comments

- add jsonb column back into activity table
- remove authors field from cargo.toml
- adjust LEMMY_DATABASE_URL env var usage
- rename all occurences of LEMMY_DATABASE_URL to DATABASE_URL

Decouple utils and db

Split code into cargo workspaces

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/67
2020-07-10 18:15:41 +00:00
Dessalines
961d65c0ee
Remove button for avatars. Fixes #755 (#924) 2020-07-09 20:04:09 -04:00
Dessalines
f4565d0603
Remove materialized views. (#908)
* One pass at materialized views, only about 30% faster, not good.

* Before merging master to test out bans.

* DB Rework working, still need more testing.

* Fixing accidental addadmin bug from asonix async merge.

* Fixing the comment delete trigger

* Some more DB additions.

- Adding a hot_rank desc, published desc index to post_aggregates_fast.
- Removed WITH CTE queries in favor of direct selects (since CTEs cant
  use indexes)

* Removing some unecessary indexes.

* Some more DB optimizings

- Changing the fast_id pkeys to just ids on the fast tables.
- Removing the private_message_fast, since the view contains no aggregates.
- Comment and post voting now no longer pull from the views, they update the counts directly.

* Adding community_agg_view and post_agg_views Credit: eiknat.

* Adding user and comment_view migrations. (comment_view still broken)

* Adding more views. Credit Eiknat.
2020-07-07 10:54:44 -04:00
cd007febef Merge branch 'master' into federation 2020-07-01 09:04:26 -04:00
a074564458
Federation async (#848)
* Asyncify more

* I guess these changed

* Clean PR a bit

* Convert more away from failure error

* config changes for testing federation

* It was DNS

So actix-web's client relies on TRust DNS Resolver to figure out
where to send data, but TRust DNS Resolver seems to not play nice
with docker, which expressed itself as not resolving the name to
an IP address _the first time_ when making a request. The fix was
literally to make the request again (which I limited to 3 times
total, and not exceeding the request timeout in total)

* Only retry for connecterror

Since TRust DNS Resolver was causing ConnectError::Timeout,
this change limits the retry to only this error, returning
immediately for any other error

* Use http sig norm 0.4.0-alpha for actix-web 3.0 support

* Blocking function, retry http requests

* cargo +nightly fmt

* Only create one pictrs dir

* Don't yarn build

* cargo +nightly fmt
2020-07-01 08:54:29 -04:00
c239a5f0e5 Fixing ban user bug. Fixes #876 2020-07-01 08:22:41 -04:00
86dc50f9f0 Some fixes to federation.
- Advanced code migrations now disable then re-enable triggers.
  Brings run time down to < 15 seconds, no need to thread them.
- Changing ap_ids and actor_ids in migrations to a fake url,
  so it doesn't break XsdAnyUri in activitystreams.
2020-06-26 21:12:41 -04:00
dc94e58cbf Merge branch 'master' into federation_merge_from_master_2 2020-06-23 21:11:38 -04:00
96c9f801a9 Merge branch 'master' of https://github.com/makigi-io/makigi into makigi-io-master 2020-06-22 14:52:46 -04:00
Ernest
8e1e9a521a Edit community name validation, translations #823 2020-06-22 09:23:54 +02:00
Ernest
4247df4295 Community name validation 2020-06-20 11:33:23 +02:00
4cf1f080bf Adding delete picture via pict-rs delete tokens. Fixes #505 2020-06-10 22:47:06 -04:00
2fbd44c59d Adding pictrs thumbnail caching for urls and embeds. 2020-06-10 18:22:57 -04:00
0f1a8ec928 Merge branch 'master' into federation 2020-06-09 14:01:26 +02:00