Commit graph

39 commits

Author SHA1 Message Date
ryexandra
29037b4995
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
2020-07-14 09:17:25 -04:00
bb3e29e5c4 Make reads from activitypub objects immutable 2020-07-13 15:56:58 +02:00
nutomic
80aef61aed Split code into cargo workspaces (#67)
More fixes

- fixed docker builds
- fixed mentions regex test
- fixed DATABASE_URL stuff
- change schema path in diesel.toml

Address review comments

- add jsonb column back into activity table
- remove authors field from cargo.toml
- adjust LEMMY_DATABASE_URL env var usage
- rename all occurences of LEMMY_DATABASE_URL to DATABASE_URL

Decouple utils and db

Split code into cargo workspaces

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/67
2020-07-10 18:15:41 +00:00
c9338027f2 Migrate user and group to new activitystreams library 2020-07-08 18:01:04 +02:00
a074564458
Federation async (#848)
* Asyncify more

* I guess these changed

* Clean PR a bit

* Convert more away from failure error

* config changes for testing federation

* It was DNS

So actix-web's client relies on TRust DNS Resolver to figure out
where to send data, but TRust DNS Resolver seems to not play nice
with docker, which expressed itself as not resolving the name to
an IP address _the first time_ when making a request. The fix was
literally to make the request again (which I limited to 3 times
total, and not exceeding the request timeout in total)

* Only retry for connecterror

Since TRust DNS Resolver was causing ConnectError::Timeout,
this change limits the retry to only this error, returning
immediately for any other error

* Use http sig norm 0.4.0-alpha for actix-web 3.0 support

* Blocking function, retry http requests

* cargo +nightly fmt

* Only create one pictrs dir

* Don't yarn build

* cargo +nightly fmt
2020-07-01 08:54:29 -04:00
c1ef766125 migrate follow 2020-06-03 21:44:14 +02:00
3999e0485e migrate tombstone 2020-06-03 17:10:16 +02:00
a9af247f1e Merge branch 'federated_embeds' into federation 2020-05-25 16:15:23 -04:00
d1aca27126 Use activitystreams-ext 2020-05-18 18:15:26 +02:00
9e61c3be94 Rework imports 2020-05-16 20:04:17 +02:00
020b9b8cdd Post thumbnail and user icons federating. 2020-05-15 20:23:20 -04:00
13ca47a3b4 Use ActorType for sign/verify, instead of passing raw privatekey/actor_id 2020-05-14 17:17:40 +02:00
11acc7225e Add helper function for Activity::create() 2020-05-14 14:26:44 +02:00
b8b2398d32 Adding undo follow community. 2020-05-03 22:41:45 -04:00
a09c818746 Adding federated mod remove actions. 2020-05-03 10:00:59 -04:00
5366797a4b Add undos for delete community, post, and comment. 2020-05-01 15:01:29 -04:00
2f1cd9976d Adding federated community, comment, and post deletes.
- Unit tests added too.
- No undeletes working yet.
2020-05-01 10:07:38 -04:00
c43f06124a Address comments, implement delete for posts and comments 2020-04-29 16:51:25 +02:00
0c0c683986 Implement deleting communities 2020-04-28 19:46:25 +02:00
3b62f58dd2 Adding federated post and comment likes. 2020-04-28 00:16:02 -04:00
70060c27b2 Adding activity table inserts. 2020-04-27 18:17:02 -04:00
3ce0618362 Making a trait function for follow and accept. 2020-04-26 13:20:42 -04:00
b5a5b307a0 Adding get_public_key_ext() to ActorType trait. 2020-04-24 22:34:51 -04:00
8a25f0f816 Use an associated type instead of Generic. 2020-04-24 17:30:27 -04:00
d846740839 Some more cleanup. 2020-04-24 15:55:54 -04:00
66a2c4a2c3 Some fed fixes. 2020-04-24 10:04:36 -04:00
c5ced6fa5e Added documentation for most functions 2020-04-17 17:33:55 +02:00
fc951d9295 Added comments about how to federate additional post/user fields 2020-04-12 16:53:55 +02:00
17d3d2492c Federate actor public keys 2020-04-10 15:50:40 +02:00
61c560c12c Get users federated 2020-04-07 23:02:32 +02:00
cfe0d9c9c2 Upgraded to latest activitystreams 2020-03-18 20:16:17 -05:00
5043a52b88 Serve post data in apub format, some cleanup 2020-03-16 19:19:04 +01:00
05735b31c0 Remove boilerplate code 2020-03-16 18:30:25 +01:00
54172bd322 updated to activitystreams 0.4.0-alpha.3 2020-03-12 01:01:25 +01:00
91ae9a9d49 Revert "pull in activitypub library"
This reverts commit a52a954eb4.
2020-03-05 11:32:29 +01:00
7cdf167e4b pull in activitypub library 2020-02-29 12:42:44 +01:00
dff8b947bb Trying to add r2d2 connection pooling to websockets. 2020-01-12 10:31:51 -05:00
4361f48b98 Make various functions async 2020-01-11 13:50:07 +01:00
Lyra
34def84d43 Add correct ActivityPub types conversion for Community and Post. 2019-12-27 17:25:20 +01:00