diff options
Diffstat (limited to 'lib')
24 files changed, 588 insertions, 180 deletions
diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex index 2acf35ed9..3881ead26 100644 --- a/lib/mix/tasks/sample_config.eex +++ b/lib/mix/tasks/sample_config.eex @@ -29,8 +29,7 @@ config :pleroma, Pleroma.Repo, # The public S3 endpoint is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. # -# config :pleroma, Pleroma.Upload, -# use_s3: true, +# config :pleroma, Pleroma.Uploaders.S3, # bucket: "some-bucket", # public_endpoint: "https://s3.amazonaws.com" # @@ -44,3 +43,21 @@ config :pleroma, Pleroma.Repo, # For using third-party S3 clones like wasabi, also do: # config :ex_aws, :s3, # host: "s3.wasabisys.com" + + +# Configure Openstack Swift support if desired. +# +# Many openstack deployments are different, so config is left very open with +# no assumptions made on which provider you're using. This should allow very +# wide support without needing separate handlers for OVH, Rackspace, etc. +# +# config :pleroma, Pleroma.Uploaders.Swift, +# container: "some-container", +# username: "api-username-yyyy", +# password: "api-key-xxxx", +# tenant_id: "<openstack-project/tenant-id>", +# auth_url: "https://keystone-endpoint.provider.com", +# storage_url: "https://swift-endpoint.prodider.com/v1/AUTH_<tenant>/<container>", +# object_url: "https://cdn-endpoint.provider.com/<container>" +# + diff --git a/lib/pleroma/filter.ex b/lib/pleroma/filter.ex new file mode 100644 index 000000000..fe904df3a --- /dev/null +++ b/lib/pleroma/filter.ex @@ -0,0 +1,62 @@ +defmodule Pleroma.Filter do + use Ecto.Schema + import Ecto.{Changeset, Query} + alias Pleroma.{User, Repo, Activity} + + schema "filters" do + belongs_to(:user, Pleroma.User) + field(:filter_id, :integer) + field(:hide, :boolean, default: false) + field(:whole_word, :boolean, default: true) + field(:phrase, :string) + field(:context, {:array, :string}) + field(:expires_at, :utc_datetime) + + timestamps() + end + + def get(id, %{id: user_id} = _user) do + query = + from( + f in Pleroma.Filter, + where: f.filter_id == ^id, + where: f.user_id == ^user_id + ) + + Repo.one(query) + end + + def get_filters(%Pleroma.User{id: user_id} = user) do + query = + from( + f in Pleroma.Filter, + where: f.user_id == ^user_id + ) + + Repo.all(query) + end + + def create(%Pleroma.Filter{} = filter) do + Repo.insert(filter) + end + + def delete(%Pleroma.Filter{id: filter_key} = filter) when is_number(filter_key) do + Repo.delete(filter) + end + + def delete(%Pleroma.Filter{id: filter_key} = filter) when is_nil(filter_key) do + %Pleroma.Filter{id: id} = get(filter.filter_id, %{id: filter.user_id}) + + filter + |> Map.put(:id, id) + |> Repo.delete() + end + + def update(%Pleroma.Filter{} = filter) do + destination = Map.from_struct(filter) + + Pleroma.Filter.get(filter.filter_id, %{id: filter.user_id}) + |> cast(destination, [:phrase, :context, :hide, :expires_at, :whole_word]) + |> Repo.update() + end +end diff --git a/lib/pleroma/formatter.ex b/lib/pleroma/formatter.ex index cf2944c38..2b4c3c2aa 100644 --- a/lib/pleroma/formatter.ex +++ b/lib/pleroma/formatter.ex @@ -154,13 +154,16 @@ defmodule Pleroma.Formatter do MediaProxy.url(file) }' />" ) + |> HtmlSanitizeEx.basic_html() end) end - def get_emoji(text) do + def get_emoji(text) when is_binary(text) do Enum.filter(@emoji, fn {emoji, _} -> String.contains?(text, ":#{emoji}:") end) end + def get_emoji(_), do: [] + def get_custom_emoji() do @emoji end diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index a744e6fd4..f188a5f32 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -1,34 +1,19 @@ defmodule Pleroma.Upload do alias Ecto.UUID - alias Pleroma.Web - def store(%Plug.Upload{} = file, should_dedupe) do - settings = Application.get_env(:pleroma, Pleroma.Upload) - use_s3 = Keyword.fetch!(settings, :use_s3) + @storage_backend Application.get_env(:pleroma, Pleroma.Upload) + |> Keyword.fetch!(:uploader) + def store(%Plug.Upload{} = file, should_dedupe) do content_type = get_content_type(file.path) + uuid = get_uuid(file, should_dedupe) name = get_name(file, uuid, content_type, should_dedupe) - upload_folder = get_upload_path(uuid, should_dedupe) - url_path = get_url(name, uuid, should_dedupe) strip_exif_data(content_type, file.path) - File.mkdir_p!(upload_folder) - result_file = Path.join(upload_folder, name) - - if File.exists?(result_file) do - File.rm!(file.path) - else - File.cp!(file.path, result_file) - end - - url_path = - if use_s3 do - put_s3_file(name, uuid, result_file, content_type) - else - url_path - end + {:ok, url_path} = + @storage_backend.put_file(name, uuid, file.path, content_type, should_dedupe) %{ "type" => "Document", @@ -43,22 +28,16 @@ defmodule Pleroma.Upload do } end - # XXX: does this code actually work? i am skeptical. --kaniini def store(%{"img" => "data:image/" <> image_data}, should_dedupe) do - settings = Application.get_env(:pleroma, Pleroma.Upload) - use_s3 = Keyword.fetch!(settings, :use_s3) - parsed = Regex.named_captures(~r/(?<filetype>jpeg|png|gif);base64,(?<data>.*)/, image_data) data = Base.decode64!(parsed["data"], ignore: :whitespace) - uuid = UUID.generate() - uuidpath = Path.join(upload_path(), uuid) - uuid = UUID.generate() - File.mkdir_p!(upload_path()) + tmp_path = tempfile_for_image(data) - File.write!(uuidpath, data) + uuid = UUID.generate() - content_type = get_content_type(uuidpath) + content_type = get_content_type(tmp_path) + strip_exif_data(content_type, tmp_path) name = create_name( @@ -67,30 +46,7 @@ defmodule Pleroma.Upload do content_type ) - upload_folder = get_upload_path(uuid, should_dedupe) - url_path = get_url(name, uuid, should_dedupe) - - File.mkdir_p!(upload_folder) - result_file = Path.join(upload_folder, name) - - if should_dedupe do - if !File.exists?(result_file) do - File.rename(uuidpath, result_file) - else - File.rm!(uuidpath) - end - else - File.rename(uuidpath, result_file) - end - - strip_exif_data(content_type, result_file) - - url_path = - if use_s3 do - put_s3_file(name, uuid, result_file, content_type) - else - url_path - end + {:ok, url_path} = @storage_backend.put_file(name, uuid, tmp_path, content_type, should_dedupe) %{ "type" => "Image", @@ -105,21 +61,28 @@ defmodule Pleroma.Upload do } end + @doc """ + Creates a tempfile using the Plug.Upload Genserver which cleans them up + automatically. + """ + def tempfile_for_image(data) do + {:ok, tmp_path} = Plug.Upload.random_file("profile_pics") + {:ok, tmp_file} = File.open(tmp_path, [:write, :raw, :binary]) + IO.binwrite(tmp_file, data) + + tmp_path + end + def strip_exif_data(content_type, file) do settings = Application.get_env(:pleroma, Pleroma.Upload) do_strip = Keyword.fetch!(settings, :strip_exif) - [filetype, ext] = String.split(content_type, "/") + [filetype, _ext] = String.split(content_type, "/") if filetype == "image" and do_strip == true do Mogrify.open(file) |> Mogrify.custom("strip") |> Mogrify.save(in_place: true) end end - def upload_path do - settings = Application.get_env(:pleroma, Pleroma.Upload) - Keyword.fetch!(settings, :uploads) - end - defp create_name(uuid, ext, type) do case type do "application/octet-stream" -> @@ -163,26 +126,6 @@ defmodule Pleroma.Upload do end end - defp get_upload_path(uuid, should_dedupe) do - if should_dedupe do - upload_path() - else - Path.join(upload_path(), uuid) - end - end - - defp get_url(name, uuid, should_dedupe) do - if should_dedupe do - url_for(:cow_uri.urlencode(name)) - else - url_for(Path.join(uuid, :cow_uri.urlencode(name))) - end - end - - defp url_for(file) do - "#{Web.base_url()}/media/#{file}" - end - def get_content_type(file) do match = File.open(file, [:read], fn f -> @@ -224,25 +167,4 @@ defmodule Pleroma.Upload do _e -> "application/octet-stream" end end - - defp put_s3_file(name, uuid, path, content_type) do - settings = Application.get_env(:pleroma, Pleroma.Upload) - bucket = Keyword.fetch!(settings, :bucket) - public_endpoint = Keyword.fetch!(settings, :public_endpoint) - - {:ok, file_data} = File.read(path) - - File.rm!(path) - - s3_name = "#{uuid}/#{name}" - - {:ok, result} = - ExAws.S3.put_object(bucket, s3_name, file_data, [ - {:acl, :public_read}, - {:content_type, content_type} - ]) - |> ExAws.request() - - "#{public_endpoint}/#{bucket}/#{s3_name}" - end end diff --git a/lib/pleroma/uploaders/local.ex b/lib/pleroma/uploaders/local.ex new file mode 100644 index 000000000..d96481c8d --- /dev/null +++ b/lib/pleroma/uploaders/local.ex @@ -0,0 +1,51 @@ +defmodule Pleroma.Uploaders.Local do + @behaviour Pleroma.Uploaders.Uploader + + alias Pleroma.Web + + def put_file(name, uuid, tmpfile, _content_type, should_dedupe) do + upload_folder = get_upload_path(uuid, should_dedupe) + url_path = get_url(name, uuid, should_dedupe) + + File.mkdir_p!(upload_folder) + + result_file = Path.join(upload_folder, name) + + if File.exists?(result_file) do + File.rm!(tmpfile) + else + File.cp!(tmpfile, result_file) + end + + {:ok, url_path} + end + + def upload_path do + settings = Application.get_env(:pleroma, Pleroma.Uploaders.Local) + Keyword.fetch!(settings, :uploads) + end + + defp get_upload_path(uuid, should_dedupe) do + if should_dedupe do + upload_path() + else + Path.join(upload_path(), uuid) + end + end + + defp get_url(name, uuid, should_dedupe) do + if should_dedupe do + url_for(:cow_uri.urlencode(name)) + else + url_for(Path.join(uuid, :cow_uri.urlencode(name))) + end + end + + defp url_for(file) do + settings = Application.get_env(:pleroma, Pleroma.Uploaders.Local) + + Keyword.get(settings, :uploads_url) + |> String.replace("{{file}}", file) + |> String.replace("{{base_url}}", Web.base_url()) + end +end diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex new file mode 100644 index 000000000..ce0ed3e34 --- /dev/null +++ b/lib/pleroma/uploaders/s3.ex @@ -0,0 +1,24 @@ +defmodule Pleroma.Uploaders.S3 do + @behaviour Pleroma.Uploaders.Uploader + + def put_file(name, uuid, path, content_type, _should_dedupe) do + settings = Application.get_env(:pleroma, Pleroma.Uploaders.S3) + bucket = Keyword.fetch!(settings, :bucket) + public_endpoint = Keyword.fetch!(settings, :public_endpoint) + + {:ok, file_data} = File.read(path) + + File.rm!(path) + + s3_name = "#{uuid}/#{name}" + + {:ok, _} = + ExAws.S3.put_object(bucket, s3_name, file_data, [ + {:acl, :public_read}, + {:content_type, content_type} + ]) + |> ExAws.request() + + {:ok, "#{public_endpoint}/#{bucket}/#{s3_name}"} + end +end diff --git a/lib/pleroma/uploaders/swift/keystone.ex b/lib/pleroma/uploaders/swift/keystone.ex new file mode 100644 index 000000000..a79214319 --- /dev/null +++ b/lib/pleroma/uploaders/swift/keystone.ex @@ -0,0 +1,48 @@ +defmodule Pleroma.Uploaders.Swift.Keystone do + use HTTPoison.Base + + @settings Application.get_env(:pleroma, Pleroma.Uploaders.Swift) + + def process_url(url) do + Enum.join( + [Keyword.fetch!(@settings, :auth_url), url], + "/" + ) + end + + def process_response_body(body) do + body + |> Poison.decode!() + end + + def get_token() do + username = Keyword.fetch!(@settings, :username) + password = Keyword.fetch!(@settings, :password) + tenant_id = Keyword.fetch!(@settings, :tenant_id) + + case post( + "/tokens", + make_auth_body(username, password, tenant_id), + ["Content-Type": "application/json"], + hackney: [:insecure] + ) do + {:ok, %HTTPoison.Response{status_code: 200, body: body}} -> + body["access"]["token"]["id"] + + {:ok, %HTTPoison.Response{status_code: _}} -> + "" + end + end + + def make_auth_body(username, password, tenant) do + Poison.encode!(%{ + :auth => %{ + :passwordCredentials => %{ + :username => username, + :password => password + }, + :tenantId => tenant + } + }) + end +end diff --git a/lib/pleroma/uploaders/swift/swift.ex b/lib/pleroma/uploaders/swift/swift.ex new file mode 100644 index 000000000..819dfebda --- /dev/null +++ b/lib/pleroma/uploaders/swift/swift.ex @@ -0,0 +1,28 @@ +defmodule Pleroma.Uploaders.Swift.Client do + use HTTPoison.Base + + @settings Application.get_env(:pleroma, Pleroma.Uploaders.Swift) + + def process_url(url) do + Enum.join( + [Keyword.fetch!(@settings, :storage_url), url], + "/" + ) + end + + def upload_file(filename, body, content_type) do + object_url = Keyword.fetch!(@settings, :object_url) + token = Pleroma.Uploaders.Swift.Keystone.get_token() + + case put("#{filename}", body, "X-Auth-Token": token, "Content-Type": content_type) do + {:ok, %HTTPoison.Response{status_code: 201}} -> + {:ok, "#{object_url}/#{filename}"} + + {:ok, %HTTPoison.Response{status_code: 401}} -> + {:error, "Unauthorized, Bad Token"} + + {:error, _} -> + {:error, "Swift Upload Error"} + end + end +end diff --git a/lib/pleroma/uploaders/swift/uploader.ex b/lib/pleroma/uploaders/swift/uploader.ex new file mode 100644 index 000000000..794f76cb0 --- /dev/null +++ b/lib/pleroma/uploaders/swift/uploader.ex @@ -0,0 +1,10 @@ +defmodule Pleroma.Uploaders.Swift do + @behaviour Pleroma.Uploaders.Uploader + + def put_file(name, uuid, tmp_path, content_type, _should_dedupe) do + {:ok, file_data} = File.read(tmp_path) + remote_name = "#{uuid}/#{name}" + + Pleroma.Uploaders.Swift.Client.upload_file(remote_name, file_data, content_type) + end +end diff --git a/lib/pleroma/uploaders/uploader.ex b/lib/pleroma/uploaders/uploader.ex new file mode 100644 index 000000000..b58fc6d71 --- /dev/null +++ b/lib/pleroma/uploaders/uploader.ex @@ -0,0 +1,20 @@ +defmodule Pleroma.Uploaders.Uploader do + @moduledoc """ + Defines the contract to put an uploaded file to any backend. + """ + + @doc """ + Put a file to the backend. + + Returns `{:ok, String.t } | {:error, String.t} containing the path of the + uploaded file, or error information if the file failed to be saved to the + respective backend. + """ + @callback put_file( + name :: String.t(), + uuid :: String.t(), + file :: File.t(), + content_type :: String.t(), + should_dedupe :: Boolean.t() + ) :: {:ok, String.t()} | {:error, String.t()} +end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index fca490cb1..1dad30e87 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -68,7 +68,8 @@ defmodule Pleroma.User do following_count: length(user.following) - oneself, note_count: user.info["note_count"] || 0, follower_count: user.info["follower_count"] || 0, - locked: user.info["locked"] || false + locked: user.info["locked"] || false, + default_scope: user.info["default_scope"] || "public" } end @@ -608,6 +609,14 @@ defmodule Pleroma.User do ) end + def moderator_user_query() do + from( + u in User, + where: u.local == true, + where: fragment("?->'is_moderator' @> 'true'", u.info) + ) + end + def deactivate(%User{} = user) do new_info = Map.put(user.info, "deactivated", true) cs = User.info_changeset(user, %{info: new_info}) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 68b398786..361e93e91 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -14,8 +14,10 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do # For Announce activities, we filter the recipients based on following status for any actors # that match actual users. See issue #164 for more information about why this is necessary. - def get_recipients(%{"type" => "Announce"} = data) do - recipients = (data["to"] || []) ++ (data["cc"] || []) + defp get_recipients(%{"type" => "Announce"} = data) do + to = data["to"] || [] + cc = data["cc"] || [] + recipients = to ++ cc actor = User.get_cached_by_ap_id(data["actor"]) recipients @@ -28,10 +30,15 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do User.following?(user, actor) end end) + + {recipients, to, cc} end - def get_recipients(data) do - (data["to"] || []) ++ (data["cc"] || []) + defp get_recipients(data) do + to = data["to"] || [] + cc = data["cc"] || [] + recipients = to ++ cc + {recipients, to, cc} end defp check_actor_is_active(actor) do @@ -53,12 +60,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do :ok <- check_actor_is_active(map["actor"]), {:ok, map} <- MRF.filter(map), :ok <- insert_full_object(map) do + {recipients, _, _} = get_recipients(map) + {:ok, activity} = Repo.insert(%Activity{ data: map, local: local, actor: map["actor"], - recipients: get_recipients(map) + recipients: recipients }) Notification.create_notifications(activity) @@ -84,6 +93,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do Pleroma.Web.Streamer.stream("public:local", activity) end + activity.data["object"] + |> Map.get("tag", []) + |> Enum.filter(fn tag -> is_bitstring(tag) end) + |> Enum.map(fn tag -> Pleroma.Web.Streamer.stream("hashtag:" <> tag, activity) end) + if activity.data["object"]["attachment"] != [] do Pleroma.Web.Streamer.stream("public:media", activity) @@ -399,6 +413,20 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do defp restrict_tag(query, _), do: query + defp restrict_to_cc(query, recipients_to, recipients_cc) do + from( + activity in query, + where: + fragment( + "(?->'to' \\?| ?) or (?->'cc' \\?| ?)", + activity.data, + ^recipients_to, + activity.data, + ^recipients_cc + ) + ) + end + defp restrict_recipients(query, [], _user), do: query defp restrict_recipients(query, recipients, nil) do @@ -540,6 +568,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do |> Enum.reverse() end + def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do + fetch_activities_query([], opts) + |> restrict_to_cc(recipients_to, recipients_cc) + |> Repo.all() + |> Enum.reverse() + end + def upload(file) do data = Upload.store(file, Application.get_env(:pleroma, :instance)[:dedupe_media]) Repo.insert(%Object{data: data}) @@ -717,6 +752,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do "actor" => data["attributedTo"], "object" => data }, + :ok <- Transmogrifier.contain_origin(id, params), {:ok, activity} <- Transmogrifier.handle_incoming(params) do {:ok, Object.normalize(activity.data["object"])} else diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 1367bc7e3..4a3a82195 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -31,6 +31,20 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do end @doc """ + Checks that an imported AP object's actor matches the domain it came from. + """ + def contain_origin(id, %{"actor" => actor} = params) do + id_uri = URI.parse(id) + actor_uri = URI.parse(get_actor(params)) + + if id_uri.host == actor_uri.host do + :ok + else + :error + end + end + + @doc """ Modifies an incoming AP object (mastodon format) to our internal format. """ def fix_object(object) do diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index cbedca004..1e5ac2721 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -11,7 +11,7 @@ defmodule Pleroma.Web.Endpoint do # # You should set gzip to true if you are running phoenix.digest # when deploying your static files in production. - plug(Plug.Static, at: "/media", from: Pleroma.Upload.upload_path(), gzip: false) + plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false) plug( Plug.Static, diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index f482de6fd..f2fcc76ad 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -2,11 +2,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do use Pleroma.Web, :controller alias Pleroma.{Repo, Object, Activity, User, Notification, Stats} alias Pleroma.Web - alias Pleroma.Web.MastodonAPI.{StatusView, AccountView, MastodonView, ListView} + alias Pleroma.Web.MastodonAPI.{StatusView, AccountView, MastodonView, ListView, FilterView} alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.CommonAPI alias Pleroma.Web.OAuth.{Authorization, Token, App} + alias Pleroma.Web.MediaProxy alias Comeonin.Pbkdf2 import Ecto.Query require Logger @@ -124,7 +125,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end @instance Application.get_env(:pleroma, :instance) - @mastodon_api_level "2.3.3" + @mastodon_api_level "2.4.3" def masto_instance(conn, _params) do response = %{ @@ -653,9 +654,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, %{}) end - def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do - accounts = User.search(query, params["resolve"] == "true") - + def status_search(query) do fetched = if Regex.match?(~r/https?:/, query) do with {:ok, object} <- ActivityPub.fetch_object_from_id(query) do @@ -680,7 +679,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do order_by: [desc: :id] ) - statuses = Repo.all(q) ++ fetched + Repo.all(q) ++ fetched + end + + def search2(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do + accounts = User.search(query, params["resolve"] == "true") + + statuses = status_search(query) tags_path = Web.base_url() <> "/tag/" @@ -704,31 +709,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do def search(%{assigns: %{user: user}} = conn, %{"q" => query} = params) do accounts = User.search(query, params["resolve"] == "true") - fetched = - if Regex.match?(~r/https?:/, query) do - with {:ok, object} <- ActivityPub.fetch_object_from_id(query) do - [Activity.get_create_activity_by_object_ap_id(object.data["id"])] - else - _e -> [] - end - end || [] - - q = - from( - a in Activity, - where: fragment("?->>'type' = 'Create'", a.data), - where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients, - where: - fragment( - "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", - a.data, - ^query - ), - limit: 20, - order_by: [desc: :id] - ) - - statuses = Repo.all(q) ++ fetched + statuses = status_search(query) tags = String.split(query) @@ -850,9 +831,14 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do |> Map.put("type", "Create") |> Map.put("blocking_user", user) - # adding title is a hack to not make empty lists function like a public timeline + # we must filter the following list for the user to avoid leaking statuses the user + # does not actually have permission to see (for more info, peruse security issue #270). + following_to = + following + |> Enum.filter(fn x -> x in user.following end) + activities = - ActivityPub.fetch_activities([title | following], params) + ActivityPub.fetch_activities_bounded(following_to, following, params) |> Enum.reverse() conn @@ -1044,6 +1030,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do NaiveDateTime.to_iso8601(created_at) |> String.replace(~r/(\.\d+)?$/, ".000Z", global: false) + id = id |> to_string + case activity.data["type"] do "Create" -> %{ @@ -1089,6 +1077,65 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end end + def get_filters(%{assigns: %{user: user}} = conn, params) do + filters = Pleroma.Filter.get_filters(user) + res = FilterView.render("filters.json", filters: filters) + json(conn, res) + end + + def create_filter( + %{assigns: %{user: user}} = conn, + %{"phrase" => phrase, "context" => context} = params + ) do + query = %Pleroma.Filter{ + user_id: user.id, + phrase: phrase, + context: context, + hide: Map.get(params, "irreversible", nil), + whole_word: Map.get(params, "boolean", true) + # expires_at + } + + {:ok, response} = Pleroma.Filter.create(query) + res = FilterView.render("filter.json", filter: response) + json(conn, res) + end + + def get_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id} = params) do + filter = Pleroma.Filter.get(filter_id, user) + res = FilterView.render("filter.json", filter: filter) + json(conn, res) + end + + def update_filter( + %{assigns: %{user: user}} = conn, + %{"phrase" => phrase, "context" => context, "id" => filter_id} = params + ) do + query = %Pleroma.Filter{ + user_id: user.id, + filter_id: filter_id, + phrase: phrase, + context: context, + hide: Map.get(params, "irreversible", nil), + whole_word: Map.get(params, "boolean", true) + # expires_at + } + + {:ok, response} = Pleroma.Filter.update(query) + res = FilterView.render("filter.json", filter: response) + json(conn, res) + end + + def delete_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id} = params) do + query = %Pleroma.Filter{ + user_id: user.id, + filter_id: filter_id + } + + {:ok, response} = Pleroma.Filter.delete(query) + json(conn, %{}) + end + def errors(conn, _) do conn |> put_status(500) @@ -1125,6 +1172,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do end ) end) + |> Enum.map(fn x -> + Map.put(x, "avatar", MediaProxy.url(x["avatar"])) + end) + |> Enum.map(fn x -> + Map.put(x, "avatar_static", MediaProxy.url(x["avatar_static"])) + end) conn |> json(data2) @@ -1135,4 +1188,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do json(conn, []) end end + + def filters(conn, _) do + json(conn, []) + end end diff --git a/lib/pleroma/web/mastodon_api/mastodon_socket.ex b/lib/pleroma/web/mastodon_api/mastodon_socket.ex index 174293906..bc628ba56 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_socket.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_socket.ex @@ -23,16 +23,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonSocket do "public:local:media", "user", "direct", - "list" + "list", + "hashtag" ] <- params["stream"] do topic = if stream == "list", do: "list:#{params["list"]}", else: stream + socket_stream = if stream == "hashtag", do: "hashtag:#{params["tag"]}", else: stream socket = socket |> assign(:topic, topic) |> assign(:user, user) - Pleroma.Web.Streamer.add_socket(params["stream"], socket) + Pleroma.Web.Streamer.add_socket(socket_stream, socket) {:ok, socket} else _e -> :error diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index d9edcae7f..7915933be 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -13,6 +13,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do image = User.avatar_url(user) |> MediaProxy.url() header = User.banner_url(user) |> MediaProxy.url() user_info = User.user_info(user) + bot = (user.info["source_data"]["type"] || "Person") in ["Application", "Service"] emojis = (user.info["source_data"]["tag"] || []) @@ -26,9 +27,14 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do } end) + fields = + (user.info["source_data"]["attachment"] || []) + |> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end) + |> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end) + %{ id: to_string(user.id), - username: hd(String.split(user.nickname, "@")), + username: username_from_nickname(user.nickname), acct: user.nickname, display_name: user.name || user.nickname, locked: user_info.locked, @@ -43,11 +49,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do header: header, header_static: header, emojis: emojis, - fields: [], + fields: fields, + bot: bot, source: %{ note: "", - privacy: "public", - sensitive: "false" + privacy: user_info.default_scope, + sensitive: false } } end @@ -56,7 +63,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do %{ id: to_string(user.id), acct: user.nickname, - username: hd(String.split(user.nickname, "@")), + username: username_from_nickname(user.nickname), url: user.ap_id } end @@ -68,12 +75,20 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do followed_by: User.following?(target, user), blocking: User.blocks?(user, target), muting: false, + muting_notifications: false, requested: false, - domain_blocking: false + domain_blocking: false, + showing_reblogs: false } end def render("relationships.json", %{user: user, targets: targets}) do render_many(targets, AccountView, "relationship.json", user: user, as: :target) end + + defp username_from_nickname(string) when is_binary(string) do + hd(String.split(string, "@")) + end + + defp username_from_nickname(_), do: nil end diff --git a/lib/pleroma/web/mastodon_api/views/filter_view.ex b/lib/pleroma/web/mastodon_api/views/filter_view.ex new file mode 100644 index 000000000..6bd687d46 --- /dev/null +++ b/lib/pleroma/web/mastodon_api/views/filter_view.ex @@ -0,0 +1,27 @@ +defmodule Pleroma.Web.MastodonAPI.FilterView do + use Pleroma.Web, :view + alias Pleroma.Web.MastodonAPI.FilterView + alias Pleroma.Web.CommonAPI.Utils + + def render("filters.json", %{filters: filters} = opts) do + render_many(filters, FilterView, "filter.json", opts) + end + + def render("filter.json", %{filter: filter}) do + expires_at = + if filter.expires_at do + Utils.to_masto_date(filter.expires_at) + else + nil + end + + %{ + id: to_string(filter.filter_id), + phrase: filter.phrase, + context: filter.context, + expires_at: expires_at, + irreversible: filter.hide, + whole_word: false + } + end +end diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 2fab60274..67cef004a 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -3,6 +3,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do alias Pleroma.Stats alias Pleroma.Web + alias Pleroma.{User, Repo} def schemas(conn, _params) do response = %{ @@ -22,8 +23,15 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do instance = Application.get_env(:pleroma, :instance) media_proxy = Application.get_env(:pleroma, :media_proxy) suggestions = Application.get_env(:pleroma, :suggestions) + chat = Application.get_env(:pleroma, :chat) + gopher = Application.get_env(:pleroma, :gopher) stats = Stats.get_stats() + staff_accounts = + User.moderator_user_query() + |> Repo.all() + |> Enum.map(fn u -> u.ap_id end) + response = %{ version: "2.0", software: %{ @@ -52,7 +60,10 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do thirdPartyEngine: Keyword.get(suggestions, :third_party_engine, ""), timeout: Keyword.get(suggestions, :timeout, 5000), web: Keyword.get(suggestions, :web, "") - } + }, + staffAccounts: staff_accounts, + chat: Keyword.get(chat, :enabled), + gopher: Keyword.get(gopher, :enabled) } } diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index a5fb32a4e..160cedd8e 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -60,11 +60,13 @@ defmodule Pleroma.Web.OAuth.OAuthController do fixed_token = fix_padding(params["code"]), %Authorization{} = auth <- Repo.get_by(Authorization, token: fixed_token, app_id: app.id), - {:ok, token} <- Token.exchange_token(app, auth) do + {:ok, token} <- Token.exchange_token(app, auth), + {:ok, inserted_at} <- DateTime.from_naive(token.inserted_at, "Etc/UTC") do response = %{ token_type: "Bearer", access_token: token.token, refresh_token: token.refresh_token, + created_at: DateTime.to_unix(inserted_at), expires_in: 60 * 10, scope: "read write follow" } @@ -116,6 +118,18 @@ defmodule Pleroma.Web.OAuth.OAuthController do token_exchange(conn, params) end + def token_revoke(conn, %{"token" => token} = params) do + with %App{} = app <- get_app_from_request(conn, params), + %Token{} = token <- Repo.get_by(Token, token: token, app_id: app.id), + {:ok, %Token{}} <- Repo.delete(token) do + json(conn, %{}) + else + _error -> + # RFC 7009: invalid tokens [in the request] do not cause an error response + json(conn, %{}) + end + end + defp fix_padding(token) do token |> Base.url_decode64!(padding: false) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 927323794..9dcf44795 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -93,6 +93,7 @@ defmodule Pleroma.Web.Router do get("/authorize", OAuthController, :authorize) post("/authorize", OAuthController, :create_authorization) post("/token", OAuthController, :token_exchange) + post("/revoke", OAuthController, :token_revoke) end scope "/api/v1", Pleroma.Web.MastodonAPI do @@ -154,7 +155,15 @@ defmodule Pleroma.Web.Router do post("/domain_blocks", MastodonAPIController, :block_domain) delete("/domain_blocks", MastodonAPIController, :unblock_domain) + get("/filters", MastodonAPIController, :get_filters) + post("/filters", MastodonAPIController, :create_filter) + get("/filters/:id", MastodonAPIController, :get_filter) + put("/filters/:id", MastodonAPIController, :update_filter) + delete("/filters/:id", MastodonAPIController, :delete_filter) + get("/suggestions", MastodonAPIController, :suggestions) + + get("/filters", MastodonAPIController, :filters) end scope "/api/web", Pleroma.Web.MastodonAPI do diff --git a/lib/pleroma/web/streamer.ex b/lib/pleroma/web/streamer.ex index c61bad830..6b6d40346 100644 --- a/lib/pleroma/web/streamer.ex +++ b/lib/pleroma/web/streamer.ex @@ -1,7 +1,8 @@ defmodule Pleroma.Web.Streamer do use GenServer require Logger - alias Pleroma.{User, Notification, Activity, Object} + alias Pleroma.{User, Notification, Activity, Object, Repo} + alias Pleroma.Web.ActivityPub.ActivityPub def init(args) do {:ok, args} @@ -60,8 +61,24 @@ defmodule Pleroma.Web.Streamer do end def handle_cast(%{action: :stream, topic: "list", item: item}, topics) do + author = User.get_cached_by_ap_id(item.data["actor"]) + + # filter the recipient list if the activity is not public, see #270. + recipient_lists = + case ActivityPub.is_public?(item) do + true -> + Pleroma.List.get_lists_from_activity(item) + + _ -> + Pleroma.List.get_lists_from_activity(item) + |> Enum.filter(fn list -> + owner = Repo.get(User, list.user_id) + author.follower_address in owner.following + end) + end + recipient_topics = - Pleroma.List.get_lists_from_activity(item) + recipient_lists |> Enum.map(fn %{id: id} -> "list:#{id}" end) Enum.each(recipient_topics || [], fn list_topic -> diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index d1ecebf61..886b70f5f 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -156,28 +156,39 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do |> send_resp(200, response) _ -> - json(conn, %{ - site: %{ - name: Keyword.get(@instance, :name), - description: Keyword.get(@instance, :description), - server: Web.base_url(), - textlimit: to_string(Keyword.get(@instance, :limit)), - closed: if(Keyword.get(@instance, :registrations_open), do: "0", else: "1"), - private: if(Keyword.get(@instance, :public, true), do: "0", else: "1"), - pleromafe: %{ - theme: Keyword.get(@instance_fe, :theme), - background: Keyword.get(@instance_fe, :background), - logo: Keyword.get(@instance_fe, :logo), - redirectRootNoLogin: Keyword.get(@instance_fe, :redirect_root_no_login), - redirectRootLogin: Keyword.get(@instance_fe, :redirect_root_login), - chatDisabled: !Keyword.get(@instance_chat, :enabled), - showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), - scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), - collapseMessageWithSubject: - Keyword.get(@instance_fe, :collapse_message_with_subject) - } - } - }) + data = %{ + name: Keyword.get(@instance, :name), + description: Keyword.get(@instance, :description), + server: Web.base_url(), + textlimit: to_string(Keyword.get(@instance, :limit)), + closed: if(Keyword.get(@instance, :registrations_open), do: "0", else: "1"), + private: if(Keyword.get(@instance, :public, true), do: "0", else: "1") + } + + pleroma_fe = %{ + theme: Keyword.get(@instance_fe, :theme), + background: Keyword.get(@instance_fe, :background), + logo: Keyword.get(@instance_fe, :logo), + logoMask: Keyword.get(@instance_fe, :logo_mask), + logoMargin: Keyword.get(@instance_fe, :logo_margin), + redirectRootNoLogin: Keyword.get(@instance_fe, :redirect_root_no_login), + redirectRootLogin: Keyword.get(@instance_fe, :redirect_root_login), + chatDisabled: !Keyword.get(@instance_chat, :enabled), + showInstanceSpecificPanel: Keyword.get(@instance_fe, :show_instance_panel), + scopeOptionsEnabled: Keyword.get(@instance_fe, :scope_options_enabled), + collapseMessageWithSubject: Keyword.get(@instance_fe, :collapse_message_with_subject) + } + + managed_config = Keyword.get(@instance, :managed_config) + + data = + if managed_config do + data |> Map.put("pleromafe", pleroma_fe) + else + data + end + + json(conn, %{site: data}) end end diff --git a/lib/pleroma/web/twitter_api/views/activity_view.ex b/lib/pleroma/web/twitter_api/views/activity_view.ex index 55b5287f5..909eefdd8 100644 --- a/lib/pleroma/web/twitter_api/views/activity_view.ex +++ b/lib/pleroma/web/twitter_api/views/activity_view.ex @@ -181,6 +181,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do def render("activity.json", %{activity: %{data: %{"type" => "Like"}} = activity} = opts) do user = get_user(activity.data["actor"], opts) liked_activity = Activity.get_create_activity_by_object_ap_id(activity.data["object"]) + liked_activity_id = if liked_activity, do: liked_activity.id, else: nil created_at = activity.data["published"] @@ -197,7 +198,7 @@ defmodule Pleroma.Web.TwitterAPI.ActivityView do "is_post_verb" => false, "uri" => "tag:#{activity.data["id"]}:objectType=Favourite", "created_at" => created_at, - "in_reply_to_status_id" => liked_activity.id, + "in_reply_to_status_id" => liked_activity_id, "external_url" => activity.data["id"], "activity_type" => "like" } |