honkoma/lib/pleroma
William Pitcock 0159a6dbe9 router: require oauth_read for searching
Search calls are generally expensive and allow unauthenticated users to
crawl the instance for user profiles or posts which contain specified
keywords.  An adversary can build a distributed search engine which not
only will consume significant instance resources, but also can be used
for undesirable purposes such as datamining.

Accordingly, require authenticated access to use the search API endpoints.
This acts as a nice balance as it allows guest users to make use of most
functionality available in Pleroma FE while ensuring that Pleroma
instances are reasonably protected from resource exhaustion.  It also
removes Pleroma as a potential vector in distributed search engines.
2019-05-29 10:58:45 +00:00
..
bbs bbs: chase timeline containment patch 2019-05-15 16:02:15 +00:00
captcha Switch to Jason over Poison 2019-05-13 15:37:38 -05:00
config remove deprecated PleromaFE configuration 2019-05-15 15:29:59 +05:45
conversation Conversations: Import order, import as read. 2019-05-09 16:39:28 +02:00
emails Add Reports to Admin API 2019-05-16 19:09:18 +00:00
gopher gopher: fix rendering of post content (closes #895) 2019-05-14 15:35:06 +00:00
http Respect proxy settings federation 2019-05-28 06:49:53 +00:00
instances Ecto 3.0.5 migration 2019-03-20 15:59:54 +03:00
object kill @httpoison 2019-05-25 04:24:21 +00:00
plugs add report uri and report to 2019-05-16 12:49:40 +07:00
upload Credo fixes: parameter consistency 2019-02-09 14:59:20 +01:00
uploaders kill @httpoison 2019-05-25 04:24:21 +00:00
user Move default mascot configuration to `config/` 2019-05-20 16:12:55 +01:00
web router: require oauth_read for searching 2019-05-29 10:58:45 +00:00
PasswordResetToken.ex Use `User.get_cached*` everywhere 2019-04-22 07:20:43 +00:00
activity.ex Add virtual :thread_muted? field 2019-05-21 00:35:46 +08:00
application.ex [#699] add worker to clean expired oauth tokens 2019-05-22 15:44:50 +00:00
bookmark.ex Remove `bookmarks` assoc and add a fake `bookmark` assoc instead 2019-05-07 19:33:22 +00:00
clippy.ex [Credo] fix Credo.Check.Readability.MaxLineLength 2019-03-13 04:26:56 +01:00
config.ex Fix Pleroma.Config.get!/1 raising an error when value is false 2019-05-14 06:40:59 +08:00
conversation.ex Merge remote-tracking branch 'origin/develop' into conversations-import 2019-05-15 17:47:29 +02:00
emoji.ex Fix emoji.txt / custom_emoji.txt / shortcode_globs handling 2019-04-21 23:07:14 +03:00
filter.ex chase test failures 2019-05-15 16:23:01 +00:00
flake_id.ex Fix account lookup for nicknames beginning with numbers 2019-04-02 10:51:33 +00:00
formatter.ex Mention all people in the beginning of DM 2019-05-24 20:34:23 +00:00
html.ex Pleroma.Formatter: width/height to class=emoji 2019-05-03 16:25:58 +02:00
instances.ex [#534] Various tweaks. Tests for Instances and Instance. 2019-01-28 15:25:06 +03:00
keys.ex move key generation functions into Pleroma.Keys module 2019-05-22 03:58:15 +00:00
list.ex Use `User.get_cached*` everywhere 2019-04-22 07:20:43 +00:00
mime.ex Mime: detect RIFF formats (wave, webp, avi) 2019-02-04 17:44:41 +01:00
notification.ex Merge branch 'develop' into feature/disable-account 2019-04-25 13:41:10 +07:00
object.ex object: add Object.prune() 2019-05-21 21:38:56 +00:00
object_tombstone.ex Revert Activity tombstones, add ObjectTombstone struct 2018-12-25 03:00:06 +03:00
pagination.ex pagination.ex: Drop atom keys in params 2019-03-28 17:18:59 +01:00
registration.ex [#923] Nickname & email selection for external registrations, option to connect to existing account. 2019-03-20 10:35:31 +03:00
repo.ex fix format 2019-05-06 17:51:03 +00:00
reverse_proxy.ex kill @httpoison 2019-05-25 04:24:21 +00:00
scheduled_activity.ex Add scheduler for sending scheduled activities to the queue 2019-04-06 23:56:29 +03:00
scheduled_activity_worker.ex Add scheduler for sending scheduled activities to the queue 2019-04-06 23:56:29 +03:00
signature.ex move key generation functions into Pleroma.Keys module 2019-05-22 03:58:15 +00:00
stats.ex Merge develop 2019-05-08 14:34:36 +00:00
thread_mute.ex [Credo] fix Credo.Check.Readability.AliasOrder 2019-03-13 04:26:54 +01:00
upload.ex Remove H1 in @moduledoc 2019-05-06 04:53:12 +02:00
user.ex move key generation functions into Pleroma.Keys module 2019-05-22 03:58:15 +00:00
user_invite_token.ex Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into feature/845-improve-status-deletion 2019-05-06 16:45:22 +00:00