Commit Graph

465 Commits

Author SHA1 Message Date
b51aa23458 [docs] add a command to know if the system is compatible with the standard builds (#3980) 2025-04-11 12:42:18 +02:00
1e59795ff4 [docs] add instruction about postgres permission (#3981) 2025-04-11 12:41:50 +02:00
e032c959e1 [feature] Implement /oauth/revoke for token revocation (#3983) 2025-04-10 16:24:17 +02:00
365b575341 [feature] add TOTP two-factor authentication (2FA) (#3960)
* [feature] add TOTP two-factor authentication (2FA)

* use byteutil.S2B to avoid allocations when comparing + generating password hashes

* don't bother with string conversion  for consts

* use io.ReadFull

* use MustGenerateSecret for backup codes

* rename util functions
2025-04-07 16:14:41 +02:00
b184432331 [feature] Allow editing domain blocks/allows, fix comment import (#3967)
* start implementing editing of existing domain permissions

* [feature] Allow editing domain blocks/allows, fix comment import

* [bugfix] Use "comment" via /api/v1/instance

* fix the stuff
2025-04-04 18:29:22 +02:00
85fb63f46f [docs] Fix Swagger URL for the "edit status" operation (#3932) 2025-03-30 10:21:08 +02:00
b6e481d63e [feature] Allow user to choose "gallery" style layout for web view of profile (#3917)
* [feature] Allow user to choose "gallery" style web layout

* find a bug and squish it up and all day long you'll have good luck

* just a sec

* [performance] reindex public timeline + tinker with query a bit

* fiddling

* should be good now

* last bit of finagling, i'm done now i prommy

* panic normally
2025-03-26 15:59:39 +00:00
d5847e2d2b [feature] Application creation + management via API + settings panel (#3906)
* [feature] Application creation + management via API + settings panel

* fix docs links

* add errnorows test

* use known application as shorter

* add comment about side effects
2025-03-17 14:06:17 +00:00
CDN
3db5bfa0f2 [docs/zh] update zh docs: synced to 98c4cae + fix typo (#3884)
* [docs/zh] update zh docs: synced to 98c4cae8

* fix typo

* sync the support matrix in README

* update mkdocs.yml: add new article
2025-03-10 10:24:37 +01:00
CDN
98c4cae89a [chore] update links in CONTRIBUTING.md (#3881) 2025-03-08 18:48:11 +01:00
424f62dd70 [bugfix] Store and expose status content type (#3870)
* Add ContentType to internal models

* Add ContentType to API models StatusSource and StatusEdit

* Add helpers to convert between API/internal StatusContentType

* Write status content type on create/edit

* Add migration

* Update API docs

go run github.com/go-swagger/go-swagger/cmd/swagger generate spec --scan-models --exclude-deps --output docs/api/swagger.yaml

* ensure ContentType is updated anywhere Text is

* Update docs, take care of TODOs

* Set ContentType in more places where Text is set

* We don't actually use ContentType on the API status model

* Update StatusSource test

* Remove unused helper function I copied

* Revert change to StatusContentType swagger annotation

I'm going to include this in a follow-on PR instead.

* Add test for updating content type in edits

* Return a value from processContentType instead of modifying the existing status

Fixes an issue that was caught by the test I just added - the recorded edit would be marked with the *new* content type instead of the old one, which is obviously bad

* Add test for handling of statuses with no stored content type

* repurpose an existing test status instead of adding a new one to avoid breaking other tests

* Add test to ensure newly created statuses always have content type saved

* Do include content type on status API model actually

This is mostly important when deleting and redrafting.

The comment on `apimodel.Status.Text` implies that it's not sent except in response to status deletion, but actually this doesn't seem to be the case; it also appears to be present in responses to creations and normal fetches and stuff. So I'm treating `ContentType` the same here.

* Update new tests to check content type on API statuses

* Check content type of API statuses in all tests where text is checked

* update other api tests with status content type field

* Add test ensuring text and content type are returned when deleting a status

* Convert processContentType to free function and remove unused parameter

* check for the correct value in the deletion test

* Be explicit about this test status having an empty content type

* Use omitempty consistently on API models

* clean up the final diff a bit

* one more swagger regen for the road

* Handle nil statuses in processContentType

* Don't pass processContentType the entire edit form, it doesn't need it

* Move processContentType to common.go and use for creation as well

* Remove unused parameters to ContentTypeToAPIContentType
2025-03-06 16:31:52 +00:00
829143d263 [feature] Add token review / delete to backend + settings panel (#3845) 2025-03-04 10:01:25 +00:00
1b37944f8b [feature] Refactor tokens, allow multiple app redirect_uris (#3849)
* [feature] Refactor tokens, allow multiple app redirect_uris

* move + tweak handlers a bit

* return error for unset oauth2.ClientStore funcs

* wrap UpdateToken with cache

* panic handling

* cheeky little time optimization

* unlock on error
2025-03-03 15:03:36 +00:00
8488ac9286 [chore] migrate oauth2 -> codeberg (#3857) 2025-03-02 16:42:51 +01:00
5d0e3d9c35 [chore] github.com/superseriousbusiness/httpsig -> codeberg.org/superseriousbusiness/httpsig (#3854) 2025-03-02 13:28:38 +01:00
e2e185d10b [chore] github.com/superseriousbusiness/activity -> codeberg.org/superseriousbusiness/activity (#3853) 2025-03-02 12:48:00 +01:00
0118e03cda [feature] Implement CSV import for mutes (#3696)
* Implement CSV import for mutes

* update swagger.yaml

* update documentation

* add ImportTestSuite.TestImportMutes

* fix comment typo
2025-03-01 11:37:40 +01:00
d73acc70d5 Document importing posts (#3844) 2025-02-28 16:10:16 -08:00
eb720241da [feature] Enforce OAuth token scopes (#3835)
* move tokenauth to apiutil

* enforce scopes

* docs

* update test models, remove deprecated "follow"

* file header

* tests

* tweak scope matcher

* simplify...

* fix tests

* log user out of settings panel in case of oauth error
2025-02-26 13:04:55 +01:00
96d39155f2 [docs] Fix swagger operation descriptions (#3830)
* Fix swagger operation descriptions

Signed-off-by: mkljczk <git@mkljczk.pl>

* generate a swagger file

Signed-off-by: mkljczk <git@mkljczk.pl>

---------

Signed-off-by: mkljczk <git@mkljczk.pl>
2025-02-25 12:47:48 +01:00
1c049ba295 [docs] correct docker version format (#3832)
The documentation explains that the release tag is in the format of `vX.Y.Z` for container images. This does not appear to be correct when looking at the image tags in dockerhub. It seems the `v` prefix has been dropped at some point, or was never in place.
2025-02-25 12:47:07 +01:00
c9de6c9a1e [docs] Update interactionPolicy (#3703)
* [docs] Update interactionPolicy

* Update docs/federation/posts.md

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* brush up docs

* boobs

* finish up

---------

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2025-02-22 13:26:49 +01:00
fccb0bc102 [feature] Implement backfilling statuses thru scheduled_at (#3685)
* Implement backfilling statuses thru scheduled_at

* Forbid mentioning others in backfills

* Update error messages & codes

* Add new tests for backfilled statuses

* Test that backfilling doesn't timeline or notify

* Fix check for absence of notification

* Test that backfills do not cause federation

* Fix type of apimodel.StatusCreateRequest.ScheduledAt in tests

* Add config file switch and min date check
2025-02-12 09:49:33 -08:00
787bdc1488 [feature] make account sign-up / backlog limits configurable (#3768) 2025-02-10 15:46:36 +01:00
CDN
62f25ea08a [docs/zh] Update zh docs: synced to e10de84 (#3763)
* [docs/zh] Update zh docs: synced to e10de84

* [docs/zh] update mkdocs config of zh docs

* [docs/zh] update repo docs translations (README, ROADMAP, CONTRIBUTING) + update swagger schema metadata of docs/zh
2025-02-09 11:13:08 +01:00
CDN
2aa3524739 [chore] fix typo in docs (#3758)
* [chore] fix link reference in docs/admin/settings.md

* [docs] fix typo in docs/federation/posts.md
2025-02-09 11:12:46 +01:00
e10de8464a [bug] Add missing group property to the Account model (#3746)
* Stub out account's Group parameter

* Fix typo in Contributing documentation

* Update swagger and match style

* Update the swagger command to mimic test/swagger.sh

* Fix tests for new `group` param in Account model

* More test changes for new `group` param in Account

* Continuing test changes for `group` param stubbing

* Another round of `group` stubbing for tests
2025-02-08 13:04:30 +01:00
07d2770995 [feature] Change instance-stats-randomize to instance-stats-mode with multiple options; implement nodeinfo 2.1 (#3734)
* [feature] Change `instance-stats-randomize` to `instance-stats-mode` with multiple options; implement nodeinfo 2.1

* swaggalaggadingdong
2025-02-04 16:52:42 +01:00
27844b7da2 [feature] Implement Web Push notification policy (#3721)
* Web Push: add policy column to subscriptions

* Web Push: add policy to API

* Web Push: test notification policy

* go-fmt unrelated file (how did this get thru?)
2025-02-03 10:25:53 +00:00
f5eee56bb1 [bugfix] Swagger: fix media_ids[] param for creating statuses (#3722) 2025-02-01 17:14:49 -08:00
a55bd6d2bd [feature] Add instance-stats-randomize config option (#3718)
* [feature] Add `instance-stats-randomize` config option

* don't use cache (overkill)
2025-01-31 19:27:18 +01:00
b3ecfe1e0a [docs] remove -X POST from curl commands (#3665)
Daniel, author of curl, explains why `-X POST` is not
necessary and considered bad behavior:

https://daniel.haxx.se/blog/2015/09/11/unnecessary-use-of-curl-x/ for
2025-01-30 13:56:08 +01:00
bfe8144fda [bugfix] Allow processing null ID emojis (#3702)
* [bugfix] Allow processing null ID emojis

* document emojis

* blah

* typo

* array thingy
2025-01-28 13:32:37 +01:00
9048290948 [chore] skip trusted-proxies warning if ip excepted from rate limiting (#3699)
* [chore] skip `trusted-proxies` warning if ip excepted from rate limiting

* weep

* typo

* fix env parsing test
2025-01-27 19:21:13 +01:00
2a46681147 [chore] Allow suppressing trusted-proxies warning by disabling rate limiting (#3686) 2025-01-26 11:21:57 +00:00
3ab2d8621b [docs] Swagger: fix filter context params by moving enum list from the list type to the item type (#3684)
Reported by `@modulus:matrix.org`
2025-01-26 09:51:28 +01:00
5b765d734e [feature] Push notifications (#3587)
* Update push subscription API model to be Mastodon 4.0 compatible

* Add webpush-go dependency

# Conflicts:
#	go.sum

* Single-row table for storing instance's VAPID key pair

* Generate VAPID key pair during startup

* Add VAPID public key to instance info API

* Return VAPID public key when registering an app

* Store Web Push subscriptions in DB

* Add Web Push sender (similar to email sender)

* Add no-op push senders to most processor tests

* Test Web Push notifications from workers

* Delete Web Push subscriptions when account is deleted

* Implement push subscription API

* Linter fixes

* Update Swagger

* Fix enum to int migration

* Fix GetVAPIDKeyPair

* Create web push subscriptions table with indexes

* Log Web Push server error messages

* Send instance URL as Web Push JWT subject

* Accept any 2xx code as a success

* Fix malformed VAPID sub claim

* Use packed notification flags

* Remove unused date columns

* Add notification type for update notifications

Not used yet

* Make GetVAPIDKeyPair idempotent

and remove PutVAPIDKeyPair

* Post-rebase fixes

* go mod tidy

* Special-case 400 errors other than 408/429

Most client errors should remove the subscription.

* Improve titles, trim body to reasonable length

* Disallow cleartext HTTP for Web Push servers

* Fix lint

* Remove redundant index on unique column

Also removes redundant unique and notnull tags on ID column since these are implied by pk

* Make realsender.go more readable

* Use Tobi's style for wrapping errors

* Restore treating all 5xx codes as temporary problems

* Always load target account settings

* Stub `policy` and `standard`

* webpush.Sender: take type converter as ctor param

* Move webpush.MockSender and noopSender into testrig
2025-01-23 16:47:30 -08:00
9333bbc4d0 [feature] Serve bot accounts over AP as Service instead of Person (#3672)
* pepis

* oopsie doopsie

* bollocks
2025-01-23 18:18:23 +01:00
b42cb7a802 [feature] Add warning about trusted-proxies to make config easier (#3675)
* [feature] Add warning about `trusted-proxies` to make config easier

* thank you linter, hugs and kisses to you
2025-01-23 15:48:09 +01:00
37fd7c7a6a [bugfix] Store LastModified for domain perm subs + send as If-Modified-Since (#3655) 2025-01-20 10:56:00 +01:00
451803b230 [feature] Fetch + create domain permissions from subscriptions nightly (#3635)
* peepeepoopoo

* test domain perm subs

* swagger

* envparsing

* dries your wets

* start on docs

* finish up docs

* copy paste errors

* rename actions package

* rename force -> skipCache

* move obfuscate parse nearer to where err is checked

* make higherPrios a simple slice

* don't use receiver for permsFrom funcs

* add more context to error logs

* defer finished log

* use switch for permType instead of if/else

* thanks linter, love you <3

* validate csv headers before full read

* use bufio scanner
2025-01-08 11:29:40 +01:00
e9bb7ddd3a [feature] Create/update/remove domain permission subscriptions (#3623)
* [feature] Create/update/remove domain permission subscriptions

* lint

* envparsing

* remove errant fmt.Println

* create drafts, subs, exclude, from snapshot models

* name etag column correctly

* remove count column

* lint
2025-01-05 13:20:33 +01:00
kim
fe8d5f2307 [feature] add support for clients editing statuses and fetching status revision history (#3628)
* start adding client support for making status edits and viewing history

* modify 'freshest' freshness window to be 5s, add typeutils test for status -> api edits

* only populate the status edits when specifically requested

* start adding some simple processor status edit tests

* add test editing status but adding a poll

* test edits appropriately adding poll expiry handlers

* finish adding status edit tests

* store both new and old revision emojis in status

* add code comment

* ensure the requester's account is populated before status edits

* add code comments for status edit tests

* update status edit form swagger comments

* remove unused function

* fix status source test

* add more code comments, move media description check back to media process in status create

* fix tests, add necessary form struct tag
2024-12-23 17:54:44 +00:00
1aa7f70660 [chore] Stub /api/v1/announcements implementation (#3630)
* [chore] Stub /api/v1/announcements implementation

This implements the /api/v1/announcements endpoint by simply returning
an empty array. This indicates there are no instance announcements.

Some clients retrieve this endpoint and get surprised by a 404. It tends
to be harmless, but results in some unnecessary logging when trying to
debug other things.

* [fix] Forgot some swagger

* [fix] Fix swagger some more
2024-12-23 16:43:50 +01:00
4fbe06e332 [docs] Add missing --config-path arg in backup documentation (#3607) 2024-12-09 11:40:33 +01:00
9477fd7eba [feature] Allow partial-word hashtags using non-breaking spaces (#3606)
* [feature] Allow partial-word hashtags using non-breaking spaces

* update docs
2024-12-08 16:03:00 +01:00
642f5230e6 [chore] stub /api/v1/accounts/{id}/featured_tags endpoint (#3598)
* [chore] stub /api/v1/accounts/{id}/featured_tags endpoint

* fix swagger parsing issue

---------

Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
2024-12-08 13:47:07 +01:00
kim
23fc70f4e6 [feature] add support for receiving federated status edits (#3597)
* add support for extracting Updated field from Statusable implementers

* add support for status edits in the database, and update status dereferencer to handle them

* remove unused AdditionalInfo{}.CreatedAt

* remove unused AdditionalEmojiInfo{}.CreatedAt

* update new mention creation to use status.UpdatedAt

* remove mention.UpdatedAt, fixes related to NewULIDFromTime() change

* add migration to remove Mention{}.UpdatedAt field

* add migration to add the StatusEdit{} table

* start adding tests, add delete function for status edits

* add more of status edit migrations, fill in more of the necessary edit delete functionality

* remove unused function

* allow generating gotosocial compatible ulid via CLI with `go run ./cmd/gen-ulid`

* add StatusEdit{} test models

* fix new statusedits sql

* use model instead of table name

* actually remove the Mention.UpdatedAt field...

* fix tests now new models are added, add more status edit DB tests

* fix panic wording

* add test for deleting status edits

* don't automatically set `updated_at` field on updated statuses

* flesh out more of the dereferencer status edit tests, ensure updated at field set on outgoing AS statuses

* remove media_attachments.updated_at column

* fix up more tests, further complete the dereferencer status edit tests

* update more status serialization tests not expecting 'updated' AS property

* gah!! json serialization tests!!

* undo some gtscontext wrapping changes

* more serialization test fixing 🥲

* more test fixing, ensure the edit.status_id field is actually set 🤦

* fix status edit test

* grrr linter

* add edited_at field to apimodel status

* remove the choice of paging on the timeline public filtered test (otherwise it needs updating every time you add statuses ...)

* ensure that status.updated_at always fits chronologically

* fix more serialization tests ...

* add more code comments

* fix envparsing

* update swagger file

* properly handle media description changes during status edits

* slight formatting tweak

* code comment
2024-12-05 13:35:07 +00:00
9609c4550d [feature] Add global instance CSS customization setting (#3352)
Allow instance admins to add custom CSS that will affect
every page of their instance.

This is done with a new CustomCSS instance setting that
works pretty much exactly like the Users CustomCSS property.
This custom CSS is then requested for every page load.
User styles/themes take precedence over this CSS.

Co-authored-by: tobi <tobi.smethurst@protonmail.com>
2024-12-02 12:24:48 +01:00
CDN
44b7bc71b6 [docs/zh] Update zh docs: synced to da4db81bcf (#3589) 2024-12-02 10:48:53 +01:00