moon
/
spc-pleroma
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,582 Commits 2 Branches 0 Tags 208 MiB
Commit Graph

80 Commits

Author SHA1 Message Date
tusooa f8afba95b2 Merge branch 'fix/gts-federation' into 'develop' 
GoToSocial federation fixes

See merge request pleroma/pleroma!3725
 2022-09-05 01:10:34 +00:00
Hélène 439c1baf25
OAuthPlug: use user cache instead of joining 
As this plug is called on every request, this should reduce load on the
database by not requiring to select on the users table every single
time, and to instead use the by-ID user cache whenever possible.
 2022-08-24 03:40:05 +02:00
Hélène 61254111e5
HttpSignaturePlug: accept standard (request-target) 
The (request-target) used by Pleroma is non-standard, but many HTTP
signature implementations do it this way due to a misinterpretation of
the draft 06 of HTTP signatures: "path" was interpreted as not having
the query, though later examples show that it must be the absolute path
with the query part of the URL as well.

This behavior is kept to make sure most software (Pleroma itself,
Mastodon, and probably others) do not break, but Pleroma now accepts
signatures for a (request-target) containing the query, as expected by
many HTTP signature libraries, and clarified in the draft 11 of HTTP
signatures.

Additionally, the new draft renamed (request-target) to @request-target.
We now support both for incoming requests' signatures.
 2022-08-18 17:01:34 +02:00
Tusooa Zhu 57c030a0a7 Skip cache when /objects or /activities is authenticated 
Ref: fix-local-public
 2022-05-06 10:23:26 +02:00
Tusooa Zhu e2d24eda57 Allow to skip cache in Cache plug 
Ref: fix-local-public
 2022-05-06 10:23:26 +02:00
Haelwenn d7c53da77a Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop' 
Translate backend-rendered pages

See merge request pleroma/pleroma!3634
 2022-03-20 18:14:37 +00:00
Tusooa Zhu aca11fb70e
Support multiple locales from userLanguage cookie 2022-03-03 02:31:36 -05:00
Tusooa Zhu 7ea330b4fe
Support multiple locales formally 
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.

[0]: https://github.com/elixir-gettext/gettext/issues/303
 2022-03-03 02:03:44 -05:00
Tusooa Zhu 8de573b047
Fallback to a variant if the language in general is not supported 
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.

Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
 2022-03-02 19:59:11 -05:00
Tusooa Zhu e644f8dea5
Allow user to register with custom language 2022-03-02 01:41:13 -05:00
Tusooa Zhu 0149ea4538
Send emails i18n'd using backend-stored user language 2022-03-01 22:19:13 -05:00
Sean King 17aa3644be
Copyright bump for 2022 2022-02-25 23:11:42 -07:00
Tusooa Zhu 9f4c5743e8
Make lint happy 2022-02-21 19:12:32 -05:00
Tusooa Zhu 0fd3695b9c
Prefer userLanguage cookie over Accept-Language header in detecting locale 
https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60
 2022-02-21 18:02:19 -05:00
Alex Gleason 138f5a4517
EnsureStaffPrivilegedPlug: don't let non-moderators through 2021-12-27 17:18:26 -06:00
Alibek Omarov f02715c4b2 Fix lint errors 2021-12-27 03:42:03 +03:00
Alibek Omarov cd1041c3a4 API: optionally restrict moderators from accessing sensitive data 2021-12-27 02:27:48 +03:00
Alex Gleason 44ede0657f
Merge remote-tracking branch 'pleroma/develop' into staff-plug 2021-08-04 11:48:57 -05:00
Alex Gleason 9bc1e79c56
Moderators: add UserIsStaffPlug 2021-07-12 21:57:52 -05:00
Alex Gleason 595bca24ad
Merge remote-tracking branch 'pleroma/develop' into cycles-frontend-static 2021-05-30 12:12:58 -05:00
Alex Gleason 721c966842
FrontendStatic: make Router a runtime dep 
Speeds up recompilation by removing compile-time cycles
 2021-05-30 12:12:16 -05:00
Alex Gleason 39127f15eb
Merge remote-tracking branch 'pleroma/develop' into cycles-router-api-routes 2021-05-28 13:51:21 -05:00
Alex Gleason c23b81e399
Pleroma.Web.get_api_routes/0 --> Pleroma.Web.Router.get_api_routes/0 
Reduce recompilation time by breaking compile-time cycles
 2021-05-28 13:51:01 -05:00
Sean King 2b4f958b2a
Add opting out of Google FLoC to HTTPSecurityPlug headers 2021-04-18 14:00:18 -06:00
Mark Felder 1552179792 Improved recursion through the api route list 2021-02-25 10:07:29 -06:00
Mark Felder cea31df6a6 Attempt to filter out API calls from FrontendStatic plug 2021-02-24 15:27:53 -06:00
rinpatch 2ab9499258 OAuthScopesPlug: remove transform_scopes in favor of explicit admin scope definitions 
Transforming scopes is no longer necessary since we are dropping
support for accessing admin api without `admin:` prefix in scopes.
 2021-02-17 21:37:23 +03:00
Ivan Tashkinov df89b5019b [#2510] Improved support for app-bound OAuth tokens. Auth-related refactoring. 2021-02-11 15:02:50 +03:00
Egor Kislitsyn 793fc77b16
Add active user count 2021-01-27 18:20:06 +04:00
eugenijm 7fcaa188a0 Allow to define custom HTTP headers per each frontend 2021-01-21 21:55:23 +03:00
eugenijm 133644dfa2 Ability to set the Service-Worker-Allowed header 2021-01-21 21:55:11 +03:00
Lain Soykaf 39f3683a06 Pbkdf2: Use it everywhere. 2021-01-14 15:06:16 +01:00
lain 9106048c61 Password: Replace Pbkdf2 with Password. 2021-01-13 15:11:11 +01:00
Haelwenn (lanodan) Monnier c4439c630f
Bump Copyright to 2021 
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
 2021-01-13 07:49:50 +01:00
Mark Felder 86dcfb4eb9 More places we should be using Upload.base_url 2021-01-08 17:32:42 -06:00
Mark Felder d69c78ceb9 Remove configurability of upload proxy opts, simplify 2021-01-05 15:06:00 -06:00
lain 713612c377 Cachex: Make caching provider switchable at runtime. 
Defaults to Cachex.
 2020-12-18 17:44:46 +01:00
Ivan Tashkinov e9859b68fc [#3112] Ensured presence and consistency of :user and :token assigns (EnsureUserTokenAssignsPlug). Refactored auth info dropping functions. 2020-12-06 13:59:10 +03:00
Ivan Tashkinov 50e47a215f Merge remote-tracking branch 'remotes/origin/develop' into auth-improvements 2020-11-28 21:51:27 +03:00
Alexander Strizhakov 6aadb1cb40
digest algorithm is taken from header 2020-11-27 08:10:52 +03:00
Ivan Tashkinov 12a5981cc3 Session token setting on token exchange. Auth-related refactoring. 2020-11-25 21:47:23 +03:00
Ivan Tashkinov ccc2cf0e87 Session-based OAuth auth fixes (token expiration check), refactoring, tweaks. 2020-11-21 19:47:25 +03:00
Ivan Tashkinov 04f6b48ac1 Auth subsystem refactoring and tweaks. 
Added proper OAuth skipping for SessionAuthenticationPlug. Integrated LegacyAuthenticationPlug into AuthenticationPlug. Adjusted tests & docs.
 2020-10-31 13:38:35 +03:00
Maksim Pechnikov d28f72a55a FrontStatic plug: excluded invalid url 2020-10-27 22:59:27 +03:00
Alexander Strizhakov b081080dd9
fixes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov 1d0e130cb3
fixes after rebase 2020-10-13 16:44:02 +03:00
Alexander Strizhakov 9f4fe5485b
alias alphabetically order 2020-10-13 16:43:59 +03:00
Alexander Strizhakov 3ef4e9d170
AdminSecretAuthenticationPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov c497558d43
AuthenticationPlug module name 2020-10-13 16:43:58 +03:00
Alexander Strizhakov c1777e7479
BasicAuthDecoderPlug module name 2020-10-13 16:43:58 +03:00