Commit graph

91 commits

Author SHA1 Message Date
ryexandra
29037b4995
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint

* Check user is moderator in BanFromCommunity

* secure the `EditComment` API endpoint

* pass orig `read` prob when not explicitly updating it.

* Block random users from adding mods.

* use cleaner logic from `EditPost`

* prevent editing a community by a mod from transfering ownership to them

* secure `read` action in `EditPrivateMessage`

* Add check in UserMention

* only let the indended recipient mark as read

* simplify booleans to satisfy clippy

* requested changes + cargo +nightly fmt

* fix to pass federation tests for deleting comments and posts

Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
2020-07-14 09:17:25 -04:00
bb3e29e5c4 Make reads from activitypub objects immutable 2020-07-13 15:56:58 +02:00
nutomic
80aef61aed Split code into cargo workspaces (#67)
More fixes

- fixed docker builds
- fixed mentions regex test
- fixed DATABASE_URL stuff
- change schema path in diesel.toml

Address review comments

- add jsonb column back into activity table
- remove authors field from cargo.toml
- adjust LEMMY_DATABASE_URL env var usage
- rename all occurences of LEMMY_DATABASE_URL to DATABASE_URL

Decouple utils and db

Split code into cargo workspaces

Co-authored-by: Felix Ableitner <me@nutomic.com>
Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/67
2020-07-10 18:15:41 +00:00
c9338027f2 Migrate user and group to new activitystreams library 2020-07-08 18:01:04 +02:00
a074564458
Federation async (#848)
* Asyncify more

* I guess these changed

* Clean PR a bit

* Convert more away from failure error

* config changes for testing federation

* It was DNS

So actix-web's client relies on TRust DNS Resolver to figure out
where to send data, but TRust DNS Resolver seems to not play nice
with docker, which expressed itself as not resolving the name to
an IP address _the first time_ when making a request. The fix was
literally to make the request again (which I limited to 3 times
total, and not exceeding the request timeout in total)

* Only retry for connecterror

Since TRust DNS Resolver was causing ConnectError::Timeout,
this change limits the retry to only this error, returning
immediately for any other error

* Use http sig norm 0.4.0-alpha for actix-web 3.0 support

* Blocking function, retry http requests

* cargo +nightly fmt

* Only create one pictrs dir

* Don't yarn build

* cargo +nightly fmt
2020-07-01 08:54:29 -04:00
7d1c6e9a40 Switching back to isahc. 2020-06-25 15:36:03 -04:00
dc94e58cbf Merge branch 'master' into federation_merge_from_master_2 2020-06-23 21:11:38 -04:00
325ed2ec3b Rename "instance_whitelist" config option to "allowed_instances" 2020-06-16 12:49:51 +02:00
c1ef766125 migrate follow 2020-06-03 21:44:14 +02:00
3999e0485e migrate tombstone 2020-06-03 17:10:16 +02:00
d1aca27126 Use activitystreams-ext 2020-05-18 18:15:26 +02:00
f15c3b4e1e Merge branch 'yerba_rework-imports' into federation 2020-05-16 21:09:26 -04:00
9e61c3be94 Rework imports 2020-05-16 20:04:17 +02:00
Dessalines
940dc73f28 Federated mentions. Fixes #681 (#717)
* Federated mentions. Fixes #681

* Changing some todos, adding comments.
2020-05-15 12:36:11 -04:00
13ca47a3b4 Use ActorType for sign/verify, instead of passing raw privatekey/actor_id 2020-05-14 17:17:40 +02:00
11acc7225e Add helper function for Activity::create() 2020-05-14 14:26:44 +02:00
a1ad21ec56 remove outdated comments 2020-05-14 13:23:56 +02:00
66142c546b Merge branch 'federated_private_messages' into federation 2020-05-06 13:51:39 -04:00
15f1920b25 Federated private messages. 2020-05-05 22:06:24 -04:00
dfd6629a6f Federate community category and nsfw 2020-05-05 16:30:13 +02:00
7485f1a5b4 Federate nsfw/locked info for posts 2020-05-05 02:09:27 +02:00
b8b2398d32 Adding undo follow community. 2020-05-03 22:41:45 -04:00
fab22e3d8a Add federated comment and post undo like. 2020-05-03 20:34:04 -04:00
dfc9637230 Merge branch 'federation' into federated_remove_actions 2020-05-03 13:27:53 -04:00
211ef795e9 Some additional notes, reorg. 2020-05-03 10:22:25 -04:00
a09c818746 Adding federated mod remove actions. 2020-05-03 10:00:59 -04:00
5366797a4b Add undos for delete community, post, and comment. 2020-05-01 15:01:29 -04:00
2f1cd9976d Adding federated community, comment, and post deletes.
- Unit tests added too.
- No undeletes working yet.
2020-05-01 10:07:38 -04:00
461114c143 update activitystreams lib 2020-04-30 18:30:01 +02:00
770dcbdc49 wip: add former_type to tombstone 2020-04-29 21:10:50 +02:00
c43f06124a Address comments, implement delete for posts and comments 2020-04-29 16:51:25 +02:00
0c0c683986 Implement deleting communities 2020-04-28 19:46:25 +02:00
59bba148ff Merge branch 'federation' into add_federated_post_likes 2020-04-28 10:12:07 -04:00
b60c7bbae7 Merge branch 'federation' into add_activity_table 2020-04-28 10:10:05 -04:00
07a9d84ed0 Removing some comments. 2020-04-28 09:57:28 -04:00
3b62f58dd2 Adding federated post and comment likes. 2020-04-28 00:16:02 -04:00
6eaa06ab02 Merge branch 'shared_inbox_1' into add_federated_post_likes 2020-04-27 22:48:20 -04:00
9721b77317 1/3rd done with post likes 2020-04-27 22:47:26 -04:00
4b741c3759 Adding a better switching for activity kinds for the shared inbox. 2020-04-27 19:21:41 -04:00
70060c27b2 Adding activity table inserts. 2020-04-27 18:17:02 -04:00
22abbebd41 Lots of additions to federation.
- Added a shared inbox.
- Added federated comments, comment updates, and tests.
- Abstracted ap object sends into a common trait.
2020-04-27 12:57:00 -04:00
3ce0618362 Making a trait function for follow and accept. 2020-04-26 13:20:42 -04:00
079ac091eb Adding back in post fetching. 2020-04-25 11:49:15 -04:00
b5a5b307a0 Adding get_public_key_ext() to ActorType trait. 2020-04-24 22:34:51 -04:00
8a25f0f816 Use an associated type instead of Generic. 2020-04-24 17:30:27 -04:00
d846740839 Some more cleanup. 2020-04-24 15:55:54 -04:00
66a2c4a2c3 Some fed fixes. 2020-04-24 10:04:36 -04:00
957e4a2611 Change apub IDs to be consistent with html urls 2020-04-21 22:45:01 +02:00
8daf72278d Add http signature to outgoing apub requests 2020-04-18 20:54:20 +02:00
b1b97db11a Implement instance whitelist 2020-04-17 19:34:18 +02:00