Commit Graph

486 Commits

Author SHA1 Message Date
ffde1b150f [chore] Move deps to code.superseriousbusiness.org (#4054) 2025-04-25 15:15:36 +02:00
0992ffc057 [bugfix] Use util.IsNil for checking DomainPermission (#4040) 2025-04-22 12:20:45 +02:00
kim
67fc1fd904 ensure 'none' gets included in serializable visibilities (#4007) 2025-04-14 13:33:37 +01:00
c8a780e12a [bugfix] Fix setting bot on/off (#3986)
* [bugfix] Fix setting bot on/off

* read client messages in tests

* test fix
2025-04-11 15:36:40 +01:00
e032c959e1 [feature] Implement /oauth/revoke for token revocation (#3983) 2025-04-10 16:24:17 +02:00
365b575341 [feature] add TOTP two-factor authentication (2FA) (#3960)
* [feature] add TOTP two-factor authentication (2FA)

* use byteutil.S2B to avoid allocations when comparing + generating password hashes

* don't bother with string conversion  for consts

* use io.ReadFull

* use MustGenerateSecret for backup codes

* rename util functions
2025-04-07 16:14:41 +02:00
8ae2440da3 [chore] Migrate accounts to new table, relax uniqueness constraint of actor url and collections (#3928)
* [chore] Migrate accounts to new table, relax uniqueness constraint of actor url and collections

* fiddle with it! (that's what she said)

* remove unused cache fields

* sillyness

* fix tiny whoopsie
2025-04-06 14:39:40 +02:00
b184432331 [feature] Allow editing domain blocks/allows, fix comment import (#3967)
* start implementing editing of existing domain permissions

* [feature] Allow editing domain blocks/allows, fix comment import

* [bugfix] Use "comment" via /api/v1/instance

* fix the stuff
2025-04-04 18:29:22 +02:00
3949117be0 [feature] Use blurhashes in frontend, tidy up gallery view a bit (#3948)
* [feature] Use blurhashes in frontend, tidy up gallery view a bit

* weeeeeeeeeeeeeeeee

* beep boop
2025-03-31 15:51:17 +02:00
b6e481d63e [feature] Allow user to choose "gallery" style layout for web view of profile (#3917)
* [feature] Allow user to choose "gallery" style web layout

* find a bug and squish it up and all day long you'll have good luck

* just a sec

* [performance] reindex public timeline + tinker with query a bit

* fiddling

* should be good now

* last bit of finagling, i'm done now i prommy

* panic normally
2025-03-26 15:59:39 +00:00
d5847e2d2b [feature] Application creation + management via API + settings panel (#3906)
* [feature] Application creation + management via API + settings panel

* fix docs links

* add errnorows test

* use known application as shorter

* add comment about side effects
2025-03-17 14:06:17 +00:00
d8113c11e4 [feature] Parse content warning to HTML, serialize via client API as plaintext (#3876)
* [feature] Parse content warning as HTML, serialize via API to plaintext

* tidy up some cruft

* whoops

* oops

* i'm da joker baybee

* clemency muy lorde

* rename some of the text functions for clarity

* jiggle the opts

* fiddle de deee

* hopefully the last test fix i ever have to do in my beautiful life
2025-03-07 14:04:34 +00:00
424f62dd70 [bugfix] Store and expose status content type (#3870)
* Add ContentType to internal models

* Add ContentType to API models StatusSource and StatusEdit

* Add helpers to convert between API/internal StatusContentType

* Write status content type on create/edit

* Add migration

* Update API docs

go run github.com/go-swagger/go-swagger/cmd/swagger generate spec --scan-models --exclude-deps --output docs/api/swagger.yaml

* ensure ContentType is updated anywhere Text is

* Update docs, take care of TODOs

* Set ContentType in more places where Text is set

* We don't actually use ContentType on the API status model

* Update StatusSource test

* Remove unused helper function I copied

* Revert change to StatusContentType swagger annotation

I'm going to include this in a follow-on PR instead.

* Add test for updating content type in edits

* Return a value from processContentType instead of modifying the existing status

Fixes an issue that was caught by the test I just added - the recorded edit would be marked with the *new* content type instead of the old one, which is obviously bad

* Add test for handling of statuses with no stored content type

* repurpose an existing test status instead of adding a new one to avoid breaking other tests

* Add test to ensure newly created statuses always have content type saved

* Do include content type on status API model actually

This is mostly important when deleting and redrafting.

The comment on `apimodel.Status.Text` implies that it's not sent except in response to status deletion, but actually this doesn't seem to be the case; it also appears to be present in responses to creations and normal fetches and stuff. So I'm treating `ContentType` the same here.

* Update new tests to check content type on API statuses

* Check content type of API statuses in all tests where text is checked

* update other api tests with status content type field

* Add test ensuring text and content type are returned when deleting a status

* Convert processContentType to free function and remove unused parameter

* check for the correct value in the deletion test

* Be explicit about this test status having an empty content type

* Use omitempty consistently on API models

* clean up the final diff a bit

* one more swagger regen for the road

* Handle nil statuses in processContentType

* Don't pass processContentType the entire edit form, it doesn't need it

* Move processContentType to common.go and use for creation as well

* Remove unused parameters to ContentTypeToAPIContentType
2025-03-06 16:31:52 +00:00
829143d263 [feature] Add token review / delete to backend + settings panel (#3845) 2025-03-04 10:01:25 +00:00
1b37944f8b [feature] Refactor tokens, allow multiple app redirect_uris (#3849)
* [feature] Refactor tokens, allow multiple app redirect_uris

* move + tweak handlers a bit

* return error for unset oauth2.ClientStore funcs

* wrap UpdateToken with cache

* panic handling

* cheeky little time optimization

* unlock on error
2025-03-03 15:03:36 +00:00
8488ac9286 [chore] migrate oauth2 -> codeberg (#3857) 2025-03-02 16:42:51 +01:00
e2e185d10b [chore] github.com/superseriousbusiness/activity -> codeberg.org/superseriousbusiness/activity (#3853) 2025-03-02 12:48:00 +01:00
0118e03cda [feature] Implement CSV import for mutes (#3696)
* Implement CSV import for mutes

* update swagger.yaml

* update documentation

* add ImportTestSuite.TestImportMutes

* fix comment typo
2025-03-01 11:37:40 +01:00
eb720241da [feature] Enforce OAuth token scopes (#3835)
* move tokenauth to apiutil

* enforce scopes

* docs

* update test models, remove deprecated "follow"

* file header

* tests

* tweak scope matcher

* simplify...

* fix tests

* log user out of settings panel in case of oauth error
2025-02-26 13:04:55 +01:00
kim
a03a35a5d6 [bugfix] update fedi api to support multiple separate votes in same multiple choice poll (#3809) 2025-02-20 11:13:07 +01:00
96716e4f43 [feature] Forward-compatibility with Approval objects (#3807)
* vendor

* [feature] Forward-compatibility with Approval objects

* vendor the thing

* fix leetle bug

* lil syntax tweak for beloved kimb
2025-02-19 18:09:54 +01:00
kim
e220c6a894 adds more code comments and some small code formatting tweaks (#3799) 2025-02-17 11:44:41 +00:00
dfcb7862a9 [bugfix] Return 404 when web context target status hidden (#3792) 2025-02-13 14:10:13 +01:00
fccb0bc102 [feature] Implement backfilling statuses thru scheduled_at (#3685)
* Implement backfilling statuses thru scheduled_at

* Forbid mentioning others in backfills

* Update error messages & codes

* Add new tests for backfilled statuses

* Test that backfilling doesn't timeline or notify

* Fix check for absence of notification

* Test that backfills do not cause federation

* Fix type of apimodel.StatusCreateRequest.ScheduledAt in tests

* Add config file switch and min date check
2025-02-12 09:49:33 -08:00
787bdc1488 [feature] make account sign-up / backlog limits configurable (#3768) 2025-02-10 15:46:36 +01:00
ce7ba8f498 [bugfix] Fix POST to create account endpoint (#3767) 2025-02-09 13:52:52 +01:00
e10de8464a [bug] Add missing group property to the Account model (#3746)
* Stub out account's Group parameter

* Fix typo in Contributing documentation

* Update swagger and match style

* Update the swagger command to mimic test/swagger.sh

* Fix tests for new `group` param in Account model

* More test changes for new `group` param in Account

* Continuing test changes for `group` param stubbing

* Another round of `group` stubbing for tests
2025-02-08 13:04:30 +01:00
bfb81f5bac [bugfix] wrong nodeinfo version (tobi is a boob) (#3735) 2025-02-04 16:52:54 +00:00
07d2770995 [feature] Change instance-stats-randomize to instance-stats-mode with multiple options; implement nodeinfo 2.1 (#3734)
* [feature] Change `instance-stats-randomize` to `instance-stats-mode` with multiple options; implement nodeinfo 2.1

* swaggalaggadingdong
2025-02-04 16:52:42 +01:00
27844b7da2 [feature] Implement Web Push notification policy (#3721)
* Web Push: add policy column to subscriptions

* Web Push: add policy to API

* Web Push: test notification policy

* go-fmt unrelated file (how did this get thru?)
2025-02-03 10:25:53 +00:00
a55bd6d2bd [feature] Add instance-stats-randomize config option (#3718)
* [feature] Add `instance-stats-randomize` config option

* don't use cache (overkill)
2025-01-31 19:27:18 +01:00
71b50353eb [feature] Process incoming Undo Announce properly (#3676)
* [feature] Process incoming Undo Announce properly

* test undo announce
2025-01-24 17:36:34 +01:00
5b765d734e [feature] Push notifications (#3587)
* Update push subscription API model to be Mastodon 4.0 compatible

* Add webpush-go dependency

# Conflicts:
#	go.sum

* Single-row table for storing instance's VAPID key pair

* Generate VAPID key pair during startup

* Add VAPID public key to instance info API

* Return VAPID public key when registering an app

* Store Web Push subscriptions in DB

* Add Web Push sender (similar to email sender)

* Add no-op push senders to most processor tests

* Test Web Push notifications from workers

* Delete Web Push subscriptions when account is deleted

* Implement push subscription API

* Linter fixes

* Update Swagger

* Fix enum to int migration

* Fix GetVAPIDKeyPair

* Create web push subscriptions table with indexes

* Log Web Push server error messages

* Send instance URL as Web Push JWT subject

* Accept any 2xx code as a success

* Fix malformed VAPID sub claim

* Use packed notification flags

* Remove unused date columns

* Add notification type for update notifications

Not used yet

* Make GetVAPIDKeyPair idempotent

and remove PutVAPIDKeyPair

* Post-rebase fixes

* go mod tidy

* Special-case 400 errors other than 408/429

Most client errors should remove the subscription.

* Improve titles, trim body to reasonable length

* Disallow cleartext HTTP for Web Push servers

* Fix lint

* Remove redundant index on unique column

Also removes redundant unique and notnull tags on ID column since these are implied by pk

* Make realsender.go more readable

* Use Tobi's style for wrapping errors

* Restore treating all 5xx codes as temporary problems

* Always load target account settings

* Stub `policy` and `standard`

* webpush.Sender: take type converter as ctor param

* Move webpush.MockSender and noopSender into testrig
2025-01-23 16:47:30 -08:00
9333bbc4d0 [feature] Serve bot accounts over AP as Service instead of Person (#3672)
* pepis

* oopsie doopsie

* bollocks
2025-01-23 18:18:23 +01:00
8daa4dae34 [bugfix] More permissive CSV parsing for perm subs, text parse fix (#3638)
* [bugfix] More permissive CSV parsing for perm subs, text parse fix

* wee

* change the way dry works, slightly

* me oh my, i'm just a little guy

* we're just normal men
2025-01-08 22:38:27 +01:00
451803b230 [feature] Fetch + create domain permissions from subscriptions nightly (#3635)
* peepeepoopoo

* test domain perm subs

* swagger

* envparsing

* dries your wets

* start on docs

* finish up docs

* copy paste errors

* rename actions package

* rename force -> skipCache

* move obfuscate parse nearer to where err is checked

* make higherPrios a simple slice

* don't use receiver for permsFrom funcs

* add more context to error logs

* defer finished log

* use switch for permType instead of if/else

* thanks linter, love you <3

* validate csv headers before full read

* use bufio scanner
2025-01-08 11:29:40 +01:00
kim
c013892ca2 [chore] replace statuses.updated_at column with statuses.edited_at (#3636)
* update statuses table to replace updated_at column with edited_at

* code comment

* better code comments, fix setting of status + edit + mention + poll database times

* fix log to logf call

* fix status.EditIDs not being carried over in dereferencer.encrichStatus()

* move status.EditID setting into handleStatusEdit()
2025-01-08 11:29:23 +01:00
e9bb7ddd3a [feature] Create/update/remove domain permission subscriptions (#3623)
* [feature] Create/update/remove domain permission subscriptions

* lint

* envparsing

* remove errant fmt.Println

* create drafts, subs, exclude, from snapshot models

* name etag column correctly

* remove count column

* lint
2025-01-05 13:20:33 +01:00
kim
fe8d5f2307 [feature] add support for clients editing statuses and fetching status revision history (#3628)
* start adding client support for making status edits and viewing history

* modify 'freshest' freshness window to be 5s, add typeutils test for status -> api edits

* only populate the status edits when specifically requested

* start adding some simple processor status edit tests

* add test editing status but adding a poll

* test edits appropriately adding poll expiry handlers

* finish adding status edit tests

* store both new and old revision emojis in status

* add code comment

* ensure the requester's account is populated before status edits

* add code comments for status edit tests

* update status edit form swagger comments

* remove unused function

* fix status source test

* add more code comments, move media description check back to media process in status create

* fix tests, add necessary form struct tag
2024-12-23 17:54:44 +00:00
kim
23fc70f4e6 [feature] add support for receiving federated status edits (#3597)
* add support for extracting Updated field from Statusable implementers

* add support for status edits in the database, and update status dereferencer to handle them

* remove unused AdditionalInfo{}.CreatedAt

* remove unused AdditionalEmojiInfo{}.CreatedAt

* update new mention creation to use status.UpdatedAt

* remove mention.UpdatedAt, fixes related to NewULIDFromTime() change

* add migration to remove Mention{}.UpdatedAt field

* add migration to add the StatusEdit{} table

* start adding tests, add delete function for status edits

* add more of status edit migrations, fill in more of the necessary edit delete functionality

* remove unused function

* allow generating gotosocial compatible ulid via CLI with `go run ./cmd/gen-ulid`

* add StatusEdit{} test models

* fix new statusedits sql

* use model instead of table name

* actually remove the Mention.UpdatedAt field...

* fix tests now new models are added, add more status edit DB tests

* fix panic wording

* add test for deleting status edits

* don't automatically set `updated_at` field on updated statuses

* flesh out more of the dereferencer status edit tests, ensure updated at field set on outgoing AS statuses

* remove media_attachments.updated_at column

* fix up more tests, further complete the dereferencer status edit tests

* update more status serialization tests not expecting 'updated' AS property

* gah!! json serialization tests!!

* undo some gtscontext wrapping changes

* more serialization test fixing 🥲

* more test fixing, ensure the edit.status_id field is actually set 🤦

* fix status edit test

* grrr linter

* add edited_at field to apimodel status

* remove the choice of paging on the timeline public filtered test (otherwise it needs updating every time you add statuses ...)

* ensure that status.updated_at always fits chronologically

* fix more serialization tests ...

* add more code comments

* fix envparsing

* update swagger file

* properly handle media description changes during status edits

* slight formatting tweak

* code comment
2024-12-05 13:35:07 +00:00
kim
3e18d97a6e [feature] unending polls (#3592)
* adds support for unending polls to be created locally

* remove unused argument
2024-12-04 10:35:48 +01:00
9609c4550d [feature] Add global instance CSS customization setting (#3352)
Allow instance admins to add custom CSS that will affect
every page of their instance.

This is done with a new CustomCSS instance setting that
works pretty much exactly like the Users CustomCSS property.
This custom CSS is then requested for every page load.
User styles/themes take precedence over this CSS.

Co-authored-by: tobi <tobi.smethurst@protonmail.com>
2024-12-02 12:24:48 +01:00
kim
d9f67efae5 send out poll votes as separate create activities given that no other AP servers support multiple objects in a single activity (#3582) 2024-11-28 15:37:37 +00:00
kim
312cb8b9c7 [chore] rename New___(string) int signature functions to Parse___(string) int (#3580)
* rename New___(string) int {} signature functions to Parse___(string) int {}

* remove test output
2024-11-28 12:54:22 +01:00
6a8af42647 [bugfix] Allow unsetting filter expiration dates (#3560)
* Regression tests for #3497 (v1 and v2)
* use Nullable type for v2 form.expires_in

---------

Co-authored-by: tobi <tobi.smethurst@protonmail.com>
2024-11-26 08:23:00 -08:00
kim
a444adee97 [bugfix] notification types missing from link header (#3571)
* ensure notification types get included in link header query for notifications

* fix type query keys
2024-11-25 15:33:21 +00:00
kim
cac9d65029 [performance] convert enum strings to ints (#3558)
* convert statuses.visibility and notifications.notification_type columns from type string -> int for performance / space savings

* fix test trying to compare string to int

* fix instance count query using string literal instead of gtsmodel const type

* ensure a default value is always set

* also migrate the account settings and sin bin status tables

* initialize maps outside loops and place into singular enum mapping creation func

* use int16 for enum types

* update sinbinstatus creation to be from a snapshot at initial creation

* add snapshot of poll type at creation time
2024-11-25 14:48:59 +01:00
301543616b [feature] Add domain permission drafts and excludes (#3547)
* [feature] Add domain permission drafts and excludes

* fix typescript complaining

* lint

* make filenames more consistent

* test own domain excluded
2024-11-21 13:09:58 +00:00
kim
e3c2b790fd [performance] minimise log field allocations (#3529)
* when appending log field only do so by minimal amount

* move slice utils to separate package to fix import cycle, add GrowJust() and AppendJust() functions

* fix GrowJust() not returning slice of same length

* improved xslices tests

* make AppendJust() test check for slice contents, fix AppendJust() final copying behaviour

* add a +1 with field growth to try minimise allocation for log 'msg' field
2024-11-11 15:45:19 +00:00
8a93300ac4 [feature] Add image descriptions for default avatar + header; don't allow editing default desc (#3473) 2024-10-21 14:04:50 +02:00