Commit graph

19 commits

Author SHA1 Message Date
ryexandra
29037b4995
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
2020-07-14 09:17:25 -04:00
bb3e29e5c4 Make reads from activitypub objects immutable 2020-07-13 15:56:58 +02:00
nutomic
80aef61aed Split code into cargo workspaces (#67)
More fixes

- fixed docker builds
- fixed mentions regex test
- fixed DATABASE_URL stuff
- change schema path in diesel.toml

Address review comments

- add jsonb column back into activity table
- remove authors field from cargo.toml
- adjust LEMMY_DATABASE_URL env var usage
- rename all occurences of LEMMY_DATABASE_URL to DATABASE_URL

Decouple utils and db

Split code into cargo workspaces

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/67
2020-07-10 18:15:41 +00:00
c9338027f2 Migrate user and group to new activitystreams library 2020-07-08 18:01:04 +02:00
a074564458
Federation async (#848)
* Asyncify more

* I guess these changed

* Clean PR a bit

* Convert more away from failure error

* config changes for testing federation

* It was DNS

So actix-web's client relies on TRust DNS Resolver to figure out
where to send data, but TRust DNS Resolver seems to not play nice
with docker, which expressed itself as not resolving the name to
an IP address _the first time_ when making a request. The fix was
literally to make the request again (which I limited to 3 times
total, and not exceeding the request timeout in total)

* Only retry for connecterror

Since TRust DNS Resolver was causing ConnectError::Timeout,
this change limits the retry to only this error, returning
immediately for any other error

* Use http sig norm 0.4.0-alpha for actix-web 3.0 support

* Blocking function, retry http requests

* cargo +nightly fmt

* Only create one pictrs dir

* Don't yarn build

* cargo +nightly fmt
2020-07-01 08:54:29 -04:00
9e61c3be94 Rework imports 2020-05-16 20:04:17 +02:00
13ca47a3b4 Use ActorType for sign/verify, instead of passing raw privatekey/actor_id 2020-05-14 17:17:40 +02:00
11acc7225e Add helper function for Activity::create() 2020-05-14 14:26:44 +02:00
a1ad21ec56 remove outdated comments 2020-05-14 13:23:56 +02:00
15f1920b25 Federated private messages. 2020-05-05 22:06:24 -04:00
70060c27b2 Adding activity table inserts. 2020-04-27 18:17:02 -04:00
22abbebd41 Lots of additions to federation.
- Added a shared inbox.
- Added federated comments, comment updates, and tests.
- Abstracted ap object sends into a common trait.
2020-04-27 12:57:00 -04:00
d846740839 Some more cleanup. 2020-04-24 15:55:54 -04:00
66a2c4a2c3 Some fed fixes. 2020-04-24 10:04:36 -04:00
7117b5ce32 Verifyt http signatures 2020-04-19 19:35:40 +02:00
b1b97db11a Implement instance whitelist 2020-04-17 19:34:18 +02:00
c5ced6fa5e Added documentation for most functions 2020-04-17 17:33:55 +02:00
8908c8b184 Some code cleanup and better logging 2020-04-17 16:55:28 +02:00
9a85f1b25f Send activities to correct inbox, seperate community/user inboxes 2020-04-15 20:12:25 +02:00