Commit graph

178 commits

Author SHA1 Message Date
Haelwenn (lanodan) Monnier
1257331291
MastodonAPI.StatusView: Do not use site_name
site_name allow to spoof the origin of the domain and so hacks like:

<!-- served on https://hacktivis.me/tmp/joinmastodon.org.html -->
<meta property="og:image" content="https://hacktivis.me/datalove/img/meme/pleroma/mastodon%2C%20forbidden%20amuse%20yourself.jpeg" />
<meta property="og:title" content="Mastodon: Forbidden Amuse Yourself" />
<meta property="og:site_name" content="joinmastodon.org" />
<meta http-equiv="refresh" content="0; url=http://joinmastodon.org/">
2020-02-15 00:36:09 +01:00
Lain Soykaf
f875b9650a EmojiReactions: Add Mastodon-aligned reaction endpoints, change response 2020-02-07 14:52:13 +01:00
feld
df0b00b32d Merge branch 'mastoapi-non-html-strings' into 'develop'
mastodon API: do not sanitize html in non-html fields

See merge request pleroma/pleroma!2167
2020-02-06 16:08:23 +00:00
rinpatch
983a87175e mastodon API: do not sanitize html in non-html fields 2020-02-02 14:46:32 +03:00
lain
a802e07241 Emoji Reactions: Add reacted field to emoji reactions 2020-01-29 11:39:06 +01:00
lain
347f3ed2c6 Emoji reactions: Change api format once more 2020-01-24 10:52:24 +01:00
lain
dd3fc50ea4 Emoji reactions: Change cache and reply format 2020-01-22 13:57:42 +01:00
lain
4c5b5f14dc StatusView: Add emoji_reactions 2020-01-20 16:24:20 +01:00
Thomas Citharel
d2f1c4f658
Add ActivityPub Object Event type support
Adds Event support in the same way Video objects are handled, with the
name of the object as message header.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2019-12-17 16:16:21 +01:00
Egor Kislitsyn
80ededc04f
Add direct_conversation_id to web push payload 2019-11-26 19:53:43 +07:00
eugenijm
ed29be24cb Mastodon API, streaming: Add pleroma.direct_conversation_id to the conversation stream event payload. 2019-11-04 18:36:16 +03:00
Ivan Tashkinov
10ff01acd9 [#1304] Moved all non-mutes / non-blocks fields from User.Info to User. WIP. 2019-10-16 21:59:21 +03:00
Thibaut Girka
43e3db0951 Fix returned visibility of announces in MastodonAPI 2019-10-01 20:38:29 +02:00
Egor Kislitsyn
36a34c36fe
Extract poll actions from MastodonAPIController to PollController 2019-10-01 11:44:34 +07:00
Egor Kislitsyn
e7aef27c00
Fix merge 2019-09-30 19:10:54 +07:00
Ariadne Conill
7cad6ea67a pleroma api: hook up scrobbler controller 2019-09-30 10:39:17 +00:00
Ariadne Conill
b7877e9b1c mastodon api: implement rendering of listen activities 2019-09-30 10:39:17 +00:00
Maksim Pechnikov
1053319cd6 Merge branch 'develop' into tests/mastodon_api_controller.ex 2019-09-28 10:36:04 +03:00
Egor Kislitsyn
5ea5c58a85 Move view logic from StatusController.context to StatusView and add a test 2019-09-27 10:52:47 +07:00
Egor Kislitsyn
98d1347a4e Extract status actions from MastodonAPIController into StatusController 2019-09-27 10:51:15 +07:00
Maksim Pechnikov
494bb6bac6 updated tests 2019-09-23 22:37:30 +03:00
Haelwenn
46ae62d159 Merge branch 'patch-5' into 'develop'
Mastodon API: URI encode hashtag name in generated URLs

See merge request pleroma/pleroma!1642
2019-09-11 17:47:19 +00:00
rinpatch
43f02dfe38 Revert "Parallelize template rendering"
This reverts commit 1ad71592ad.

Since it had no limit on the number on concurrent processes it OOM killed
instances while rendering hellthreads. When I tried introducing a
concurrency limit with Task.async_stream/manual folds it lead to about 3 times
worse performance on threads larger than 1000 activities (we are talking
30s vs 1.2 minutes), I think this is not worth the about 1.5 times
performance increase on smaller threads when using it.
2019-09-10 22:01:45 +03:00
shadowfacts
e5c6bf3673 Mastodon API: URI encode hashtag name in generated URLs
Otherwise hashtags with word characters other than those allowed in URLs (e.g. Japanese characters) produce hashtag URLs that are invalid.
2019-09-07 19:50:45 +00:00
rinpatch
b312ca3d52 Mastodon API Poll view: Fix handling of polls without an end date 2019-09-05 12:03:39 +03:00
rinpatch
3face45467 Mastodon API: Add pleroma.thread_muted to Status entity
Needed for pleroma-fe!941
2019-09-04 14:17:23 +03:00
lain
cc6c0b4ba6 Merge remote-tracking branch 'origin/develop' into sixohsix/pleroma-post_expiration 2019-08-24 15:48:33 +02:00
lain
7ab2dbbdb6 Merge branch 'pleroma-conversations' into 'develop'
Extended Pleroma Conversations

See merge request pleroma/pleroma!1535
2019-08-16 12:55:33 +00:00
rinpatch
1ad71592ad Parallelize template rendering 2019-08-15 18:05:50 +03:00
lain
560dbad538 Merge remote-tracking branch 'origin/develop' into pleroma-conversations 2019-08-14 15:30:40 +02:00
rinpatch
c1b6952d2a Mastodon API: Preloading and normalization optimizations
- Try to normalize the activity instead of object wherever possible
- Put the `user` key on non-home timelines as well so bookmarks and
thread mutes are preloaded there as well
- Skip trying to get the user when rendering mentions if the id ==
as:Public or user's follower collection
- Preload the object when getting replied to activities and do not crash
if it's not present

This almost solves the problem of Pleroma hammering the db with a lot
of queries when rendering timelines, the things left are
1. When rendering mentions and the user is not in cache, save it for
later and request all uncached users in one go
2. Somehow get rid of needing to get the latest follow activity to
detect the value of `requested` in a relationship. (create a database
view for user relationship and cache it maybe?)
2019-08-13 20:34:34 +03:00
rinpatch
0802a08871 Mastodon API: Fix thread mute detection
It was calling CommonAPI.thread_muted? with post author's account
instead of viewer's one.
2019-08-10 16:27:46 +03:00
lain
7483679a7b StatusView: Return direct conversation id. 2019-07-31 15:12:29 +02:00
Sergey Suprunenko
b20020da16 Show the url advertised in the Activity in the Status JSON response 2019-07-24 19:28:21 +00:00
Mike Verdone
2c83eb0b15 Revert "squash! Expose expires_at datetime in mastoAPI only for the activity actor"
This reverts commit 2981821db8.
2019-07-24 17:09:59 +02:00
Mike Verdone
2981821db8 squash! Expose expires_at datetime in mastoAPI only for the activity actor
NOTE: rewrite the commit msg
2019-07-24 16:51:09 +02:00
Mike Verdone
3cb471ec06 Expose expires_at datetime in mastoAPI only for the activity actor
In the "pleroma" section of the MastoAPI for status activities you can
see an expires_at item that states when the activity will expire, or
nothing if the activity will not expire.

The expires_at date is only visible to the person who posted the
activity. This is the conservative approach in case some attacker
decides to write a logger for expiring posts. However, in the future of
OCAP, signed requests, and all that stuff, this attack might not be that
likely. Some other pleroma dev should remove the restriction in the code
at that time, if they're satisfied with the security implications of
doing so.
2019-07-24 14:47:22 +02:00
lain
1ed24bcc76 Status View: Poll ids are strings.
All ids in mastodon are strings, in general.
2019-07-16 12:47:40 +09:00
Sergey Suprunenko
ff55e3c16f Create mentions only for explicitly mentioned users 2019-07-10 13:29:50 +00:00
Maksim
008c55e4e9 add test for search_controller/ 100% coverage 2019-07-10 08:28:03 +00:00
rinpatch
72b88c82bc Mastodon API: Fix embedded relationships not being rendered inside of statuses 2019-07-08 12:07:08 +03:00
rinpatch
1fd8e19d76 Remove a TODO comment as the tests for poll view were written 2019-06-02 23:46:17 +03:00
rinpatch
444406167b Mastodon API: actually check for poll votes 2019-06-01 21:41:23 +03:00
rinpatch
65db5e9f52 Resolve merge conflicts 2019-06-01 16:29:58 +03:00
Sergey Suprunenko
1690be991e Replace missing non-nullable Card attributes with empty strings 2019-05-30 21:03:31 +00:00
rinpatch
e6b175ed6c Fix credo issues 2019-05-22 21:57:46 +03:00
rinpatch
f28747858b Actual vote count in poll view 2019-05-21 14:27:09 +03:00
Aaron Tinio
eb02edcad9 Add virtual :thread_muted? field
that may be set when fetching activities
2019-05-21 00:35:46 +08:00
rinpatch
1d90f9b969 Remove tags/mentions/rich text from poll options because Mastodon and
add custom emoji
2019-05-19 17:06:44 +03:00
rinpatch
5ece901af3 Resolve merge conflicts and remove IO.inspects 2019-05-18 13:37:38 +03:00