Merge remote-tracking branch 'origin/develop' into language-detection

2025-02-22 14:05:53 +01:00 · 2025-02-22 14:05:53 +01:00 · 2b1ef1bbdf
commit 2b1ef1bbdf
parent 9d9bc74e91 6f48ade417
1005 changed files with 13890 additions and 4733 deletions
--- a/config/config.exs
+++ b/config/config.exs
@ -82,6 +82,10 @@ config :ex_aws, :s3,
  # region: "us-east-1", # may be required for Amazon AWS
  scheme: "https://"

+config :pleroma, Pleroma.Uploaders.IPFS,
+  post_gateway_url: "http://localhost:5001",
+  get_gateway_url: "http://localhost:8080"
+
 config :pleroma, :emoji,
  shortcode_globs: ["/emoji/custom/**/*.png"],
  pack_extensions: [".png", ".gif"],
@ -128,16 +132,18 @@ config :pleroma, Pleroma.Web.Endpoint,
  ]

 # Configures Elixir's Logger
+config :logger, backends: [:console]
+
 config :logger, :console,
  level: :debug,
  format: "\n$time $metadata[$level] $message\n",
-  metadata: [:request_id]
+  metadata: [:actor, :path, :type, :user]

 config :logger, :ex_syslogger,
  level: :debug,
  ident: "pleroma",
  format: "$metadata[$level] $message",
-  metadata: [:request_id]
+  metadata: [:actor, :path, :type, :user]

 config :mime, :types, %{
  "application/xml" => ["xml"],
@ -188,6 +194,7 @@ config :pleroma, :instance,
  allow_relay: true,
  public: true,
  quarantined_instances: [],
+  rejected_instances: [],
  static_dir: "instance/static/",
  allowed_post_formats: [
    "text/plain",
@ -337,7 +344,7 @@ config :pleroma, :manifest,
  icons: [
    %{
      src: "/static/logo.svg",
-      sizes: "144x144",
+      sizes: "512x512",
      purpose: "any",
      type: "image/svg+xml"
    }
@ -406,19 +413,38 @@ config :pleroma, :mrf_vocabulary,
  accept: [],
  reject: []

+config :pleroma, :mrf_dnsrbl,
+  nameserver: "127.0.0.1",
+  port: 53,
+  zone: "bl.pleroma.com"
+
 # threshold of 7 days
 config :pleroma, :mrf_object_age,
  threshold: 604_800,
  actions: [:delist, :strip_followers]

+config :pleroma, :mrf_nsfw_api,
+  url: "http://127.0.0.1:5000/",
+  threshold: 0.7,
+  mark_sensitive: true,
+  unlist: false,
+  reject: false
+
 config :pleroma, :mrf_follow_bot, follower_nickname: nil

 config :pleroma, :mrf_inline_quote, template: "<bdi>RT:</bdi> {url}"

+config :pleroma, :mrf_remote_report,
+  reject_all: false,
+  reject_anonymous: true,
+  reject_empty_message: true
+
 config :pleroma, :mrf_force_mention,
  mention_parent: true,
  mention_quoted: true

+config :pleroma, :mrf_antimentionspam, user_age_limit: 30_000
+
 config :pleroma, :rich_media,
  enabled: true,
  ignore_hosts: [],
@ -427,7 +453,7 @@ config :pleroma, :rich_media,
    Pleroma.Web.RichMedia.Parsers.TwitterCard,
    Pleroma.Web.RichMedia.Parsers.OEmbed
  ],
-  failure_backoff: 60_000,
+  timeout: 5_000,
  ttl_setters: [
    Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl,
    Pleroma.Web.RichMedia.Parser.TTL.Opengraph
@ -501,7 +527,8 @@ config :pleroma, :http_security,
  sts: false,
  sts_max_age: 31_536_000,
  ct_max_age: 2_592_000,
-  referrer_policy: "same-origin"
+  referrer_policy: "same-origin",
+  allow_unsafe_eval: false

 config :cors_plug,
  max_age: 86_400,
@ -558,41 +585,25 @@ config :pleroma, Pleroma.User,
  ],
  email_blacklist: []

+# The Pruner :max_age must be longer than Worker :unique
+# value or it cannot enforce uniqueness.
 config :pleroma, Oban,
  repo: Pleroma.Repo,
  log: false,
  queues: [
    activity_expiration: 10,
-    token_expiration: 5,
-    filter_expiration: 1,
-    backup: 1,
    federator_incoming: 5,
-    federator_outgoing: 5,
-    ingestion_queue: 50,
+    federator_outgoing: 25,
    web_push: 50,
-    mailer: 10,
-    transmogrifier: 20,
-    scheduled_activities: 10,
-    poll_notifications: 10,
-    background: 5,
-    remote_fetcher: 2,
-    attachments_cleanup: 1,
-    new_users_digest: 1,
-    mute_expire: 5,
-    search_indexing: 10,
-    rich_media_expiration: 2
+    background: 20,
+    search_indexing: [limit: 10, paused: true],
+    slow: 5
  ],
-  plugins: [Oban.Plugins.Pruner],
+  plugins: [{Oban.Plugins.Pruner, max_age: 900}],
  crontab: [
    {"0 0 * * 0", Pleroma.Workers.Cron.DigestEmailsWorker},
-    {"0 0 * * *", Pleroma.Workers.Cron.NewUsersDigestWorker}
-  ]
-
-config :pleroma, :workers,
-  retries: [
-    federator_incoming: 5,
-    federator_outgoing: 5,
-    search_indexing: 2
+    {"0 0 * * *", Pleroma.Workers.Cron.NewUsersDigestWorker},
+    {"*/10 * * * *", Pleroma.Workers.Cron.AppCleanupWorker}
  ]

 config :pleroma, Pleroma.Formatter,
@ -606,14 +617,17 @@ config :pleroma, Pleroma.Formatter,

 config :pleroma, :ldap,
  enabled: System.get_env("LDAP_ENABLED") == "true",
-  host: System.get_env("LDAP_HOST") || "localhost",
-  port: String.to_integer(System.get_env("LDAP_PORT") || "389"),
+  host: System.get_env("LDAP_HOST", "localhost"),
+  port: String.to_integer(System.get_env("LDAP_PORT", "389")),
  ssl: System.get_env("LDAP_SSL") == "true",
  sslopts: [],
  tls: System.get_env("LDAP_TLS") == "true",
  tlsopts: [],
-  base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
-  uid: System.get_env("LDAP_UID") || "cn"
+  base: System.get_env("LDAP_BASE", "dc=example,dc=com"),
+  uid: System.get_env("LDAP_UID", "cn"),
+  # defaults to CAStore's Mozilla roots
+  cacertfile: System.get_env("LDAP_CACERTFILE", nil),
+  mail: System.get_env("LDAP_MAIL", "mail")

 oauth_consumer_strategies =
  System.get_env("OAUTH_CONSUMER_STRATEGIES")
@ -706,6 +720,7 @@ config :pleroma, :rate_limit,
  timeline: {500, 3},
  search: [{1000, 10}, {1000, 30}],
  app_account_creation: {1_800_000, 25},
+  oauth_app_creation: {900_000, 5},
  relations_actions: {10_000, 10},
  relation_id_action: {60_000, 2},
  statuses_actions: {10_000, 15},
@ -818,22 +833,27 @@ config :pleroma, :connections_pool,

 config :pleroma, :pools,
  federation: [
-    size: 50,
-    max_waiting: 10,
+    size: 75,
+    max_waiting: 20,
    recv_timeout: 10_000
  ],
  media: [
-    size: 50,
+    size: 75,
+    max_waiting: 20,
+    recv_timeout: 15_000
+  ],
+  rich_media: [
+    size: 25,
    max_waiting: 20,
    recv_timeout: 15_000
  ],
  upload: [
    size: 25,
-    max_waiting: 5,
+    max_waiting: 20,
    recv_timeout: 15_000
  ],
  default: [
-    size: 10,
+    size: 50,
    max_waiting: 2,
    recv_timeout: 5_000
  ]
@ -841,15 +861,19 @@ config :pleroma, :pools,
 config :pleroma, :hackney_pools,
  federation: [
    max_connections: 50,
-    timeout: 150_000
+    timeout: 10_000
  ],
  media: [
    max_connections: 50,
-    timeout: 150_000
+    timeout: 15_000
+  ],
+  rich_media: [
+    max_connections: 50,
+    timeout: 15_000
  ],
  upload: [
    max_connections: 25,
-    timeout: 300_000
+    timeout: 15_000
  ]

 config :pleroma, :majic_pool, size: 2
@ -888,12 +912,10 @@ config :pleroma, Pleroma.User.Backup,
  purge_after_days: 30,
  limit_days: 7,
  dir: nil,
-  process_wait_time: 30_000,
-  process_chunk_size: 100
+  process_chunk_size: 100,
+  timeout: :timer.minutes(30)

 config :pleroma, ConcurrentLimiter, [
-  {Pleroma.Web.RichMedia.Helpers, [max_running: 5, max_waiting: 5]},
-  {Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy, [max_running: 5, max_waiting: 5]},
  {Pleroma.Search, [max_running: 30, max_waiting: 50]}
 ]

@ -915,6 +937,19 @@ config :pleroma, Pleroma.Application,

 config :pleroma, Pleroma.Uploaders.Uploader, timeout: 30_000

+config :pleroma, Pleroma.Search.QdrantSearch,
+  qdrant_url: "http://127.0.0.1:6333/",
+  qdrant_api_key: "",
+  openai_url: "http://127.0.0.1:11345",
+  # The healthcheck url has to be set to nil when used with the real openai
+  # API, as it doesn't have a healthcheck endpoint.
+  openai_healthcheck_url: "http://127.0.0.1:11345/health",
+  openai_model: "snowflake/snowflake-arctic-embed-xs",
+  openai_api_key: "",
+  qdrant_index_configuration: %{
+    vectors: %{size: 384, distance: "Cosine"}
+  }
+
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
 import_config "#{Mix.env()}.exs"
--- a/config/description.exs
+++ b/config/description.exs
@ -136,6 +136,31 @@ config :pleroma, :config_description, [
      }
    ]
  },
+  %{
+    group: :pleroma,
+    key: Pleroma.Uploaders.IPFS,
+    type: :group,
+    description: "IPFS uploader-related settings",
+    children: [
+      %{
+        key: :get_gateway_url,
+        type: :string,
+        description: "GET Gateway URL",
+        suggestions: [
+          "https://ipfs.mydomain.com/{CID}",
+          "https://{CID}.ipfs.mydomain.com/"
+        ]
+      },
+      %{
+        key: :post_gateway_url,
+        type: :string,
+        description: "POST Gateway URL",
+        suggestions: [
+          "http://localhost:5001/"
+        ]
+      }
+    ]
+  },
  %{
    group: :pleroma,
    key: Pleroma.Uploaders.S3,
@ -749,6 +774,18 @@ config :pleroma, :config_description, [
          {"*.quarantined.com", "Reason"}
        ]
      },
+      %{
+        key: :rejected_instances,
+        type: {:list, :tuple},
+        key_placeholder: "instance",
+        value_placeholder: "reason",
+        description:
+          "List of ActivityPub instances to reject requests from if authorized_fetch_mode is enabled",
+        suggestions: [
+          {"rejected.com", "Reason"},
+          {"*.rejected.com", "Reason"}
+        ]
+      },
      %{
        key: :static_dir,
        type: :string,
@ -1191,79 +1228,6 @@ config :pleroma, :config_description, [
      }
    ]
  },
-  %{
-    group: :logger,
-    type: :group,
-    description: "Logger-related settings",
-    children: [
-      %{
-        key: :backends,
-        type: [:atom, :tuple, :module],
-        description:
-          "Where logs will be sent, :console - send logs to stdout, { ExSyslogger, :ex_syslogger } - to syslog, Quack.Logger - to Slack.",
-        suggestions: [:console, {ExSyslogger, :ex_syslogger}]
-      }
-    ]
-  },
-  %{
-    group: :logger,
-    type: :group,
-    key: :ex_syslogger,
-    label: "ExSyslogger",
-    description: "ExSyslogger-related settings",
-    children: [
-      %{
-        key: :level,
-        type: {:dropdown, :atom},
-        description: "Log level",
-        suggestions: [:debug, :info, :warning, :error]
-      },
-      %{
-        key: :ident,
-        type: :string,
-        description:
-          "A string that's prepended to every message, and is typically set to the app name",
-        suggestions: ["pleroma"]
-      },
-      %{
-        key: :format,
-        type: :string,
-        description: "Default: \"$date $time [$level] $levelpad$node $metadata $message\"",
-        suggestions: ["$metadata[$level] $message"]
-      },
-      %{
-        key: :metadata,
-        type: {:list, :atom},
-        suggestions: [:request_id]
-      }
-    ]
-  },
-  %{
-    group: :logger,
-    type: :group,
-    key: :console,
-    label: "Console Logger",
-    description: "Console logger settings",
-    children: [
-      %{
-        key: :level,
-        type: {:dropdown, :atom},
-        description: "Log level",
-        suggestions: [:debug, :info, :warning, :error]
-      },
-      %{
-        key: :format,
-        type: :string,
-        description: "Default: \"$date $time [$level] $levelpad$node $metadata $message\"",
-        suggestions: ["$metadata[$level] $message"]
-      },
-      %{
-        key: :metadata,
-        type: {:list, :atom},
-        suggestions: [:request_id]
-      }
-    ]
-  },
  %{
    group: :pleroma,
    key: :frontend_configurations,
@ -1791,6 +1755,12 @@ config :pleroma, :config_description, [
        type: :boolean,
        description: "Require HTTP signatures for AP fetches"
      },
+      %{
+        key: :authorized_fetch_mode_exceptions,
+        type: {:list, :string},
+        description:
+          "List of IPs (CIDR format accepted) to exempt from HTTP Signatures requirement (for example to allow debugging, you shouldn't otherwise need this)"
+      },
      %{
        key: :note_replies_output_limit,
        type: :integer,
@ -2043,23 +2013,6 @@ config :pleroma, :config_description, [
      }
    ]
  },
-  %{
-    group: :pleroma,
-    key: :workers,
-    type: :group,
-    description: "Includes custom worker options not interpretable directly by `Oban`",
-    children: [
-      %{
-        key: :retries,
-        type: {:keyword, :integer},
-        description: "Max retry attempts for failed jobs, per `Oban` queue",
-        suggestions: [
-          federator_incoming: 5,
-          federator_outgoing: 5
-        ]
-      }
-    ]
-  },
  %{
    group: :pleroma,
    key: Pleroma.Web.Metadata,
@ -2131,11 +2084,11 @@ config :pleroma, :config_description, [
        ]
      },
      %{
-        key: :failure_backoff,
+        key: :timeout,
        type: :integer,
        description:
-          "Amount of milliseconds after request failure, during which the request will not be retried.",
-        suggestions: [60_000]
+          "Amount of milliseconds after which the HTTP request is forcibly terminated.",
+        suggestions: [5_000]
      }
    ]
  },
@ -2288,14 +2241,8 @@ config :pleroma, :config_description, [
        label: "SSL options",
        type: :keyword,
        description: "Additional SSL options",
-        suggestions: [cacertfile: "path/to/file/with/PEM/cacerts", verify: :verify_peer],
+        suggestions: [verify: :verify_peer],
        children: [
-          %{
-            key: :cacertfile,
-            type: :string,
-            description: "Path to file with PEM encoded cacerts",
-            suggestions: ["path/to/file/with/PEM/cacerts"]
-          },
          %{
            key: :verify,
            type: :atom,
@ -2315,14 +2262,8 @@ config :pleroma, :config_description, [
        label: "TLS options",
        type: :keyword,
        description: "Additional TLS options",
-        suggestions: [cacertfile: "path/to/file/with/PEM/cacerts", verify: :verify_peer],
+        suggestions: [verify: :verify_peer],
        children: [
-          %{
-            key: :cacertfile,
-            type: :string,
-            description: "Path to file with PEM encoded cacerts",
-            suggestions: ["path/to/file/with/PEM/cacerts"]
-          },
          %{
            key: :verify,
            type: :atom,
@ -2339,11 +2280,25 @@ config :pleroma, :config_description, [
      },
      %{
        key: :uid,
-        label: "UID",
+        label: "UID Attribute",
        type: :string,
        description:
          "LDAP attribute name to authenticate the user, e.g. when \"cn\", the filter will be \"cn=username,base\"",
        suggestions: ["cn"]
+      },
+      %{
+        key: :cacertfile,
+        label: "CACertfile",
+        type: :string,
+        description: "Path to CA certificate file"
+      },
+      %{
+        key: :mail,
+        label: "Mail Attribute",
+        type: :string,
+        description:
+          "LDAP attribute name to use as the email address when automatically registering the user on first login",
+        suggestions: ["mail"]
      }
    ]
  },
@ -3347,8 +3302,7 @@ config :pleroma, :config_description, [
        suggestions: [
          Pleroma.Web.Preload.Providers.Instance,
          Pleroma.Web.Preload.Providers.User,
-          Pleroma.Web.Preload.Providers.Timelines,
-          Pleroma.Web.Preload.Providers.StatusNet
+          Pleroma.Web.Preload.Providers.Timelines
        ]
      }
    ]
@ -3385,20 +3339,19 @@ config :pleroma, :config_description, [
        description: "Limit user to export not more often than once per N days",
        suggestions: [7]
      },
-      %{
-        key: :process_wait_time,
-        type: :integer,
-        label: "Process Wait Time",
-        description:
-          "The amount of time to wait for backup to report progress, in milliseconds. If no progress is received from the backup job for that much time, terminate it and deem it failed.",
-        suggestions: [30_000]
-      },
      %{
        key: :process_chunk_size,
        type: :integer,
        label: "Process Chunk Size",
        description: "The number of activities to fetch in the backup job for each chunk.",
        suggestions: [100]
+      },
+      %{
+        key: :timeout,
+        type: :integer,
+        label: "Timeout",
+        description: "The amount of time to wait for backup to complete in seconds.",
+        suggestions: [1_800]
      }
    ]
  },
--- a/config/dev.exs
+++ b/config/dev.exs
@ -35,8 +35,8 @@ config :pleroma, Pleroma.Emails.Mailer, adapter: Swoosh.Adapters.Local
 # configured to run both http and https servers on
 # different ports.

-# Do not include metadata nor timestamps in development logs
-config :logger, :console, format: "[$level] $message\n"
+# Do not include timestamps in development logs
+config :logger, Logger.Backends.Console, format: "$metadata[$level] $message\n"

 # Set a higher stacktrace during development. Avoid configuring such
 # in production as building large stacktraces may be expensive.
--- a/config/prod.exs
+++ b/config/prod.exs
@ -20,6 +20,7 @@ config :pleroma, Pleroma.Web.Endpoint,
 config :phoenix, serve_endpoints: true

 # Do not print debug messages in production
+config :logger, Logger.Backends.Console, level: :info
 config :logger, :console, level: :info
 config :logger, :ex_syslogger, level: :info

--- a/config/test.exs
+++ b/config/test.exs
@ -49,7 +49,8 @@ config :pleroma, Pleroma.Repo,
  hostname: System.get_env("DB_HOST") || "localhost",
  port: System.get_env("DB_PORT") || "5432",
  pool: Ecto.Adapters.SQL.Sandbox,
-  pool_size: System.schedulers_online() * 2
+  pool_size: System.schedulers_online() * 2,
+  log: false

 config :pleroma, :dangerzone, override_repo_pool_size: true

@ -153,6 +154,11 @@ config :pleroma, Pleroma.Uploaders.S3, config_impl: Pleroma.UnstubbedConfigMock
 config :pleroma, Pleroma.Upload, config_impl: Pleroma.UnstubbedConfigMock
 config :pleroma, Pleroma.ScheduledActivity, config_impl: Pleroma.UnstubbedConfigMock
 config :pleroma, Pleroma.Web.RichMedia.Helpers, config_impl: Pleroma.StaticStubbedConfigMock
+config :pleroma, Pleroma.Uploaders.IPFS, config_impl: Pleroma.UnstubbedConfigMock
+config :pleroma, Pleroma.Web.Plugs.HTTPSecurityPlug, config_impl: Pleroma.StaticStubbedConfigMock
+config :pleroma, Pleroma.Web.Plugs.HTTPSignaturePlug, config_impl: Pleroma.StaticStubbedConfigMock
+
+config :pleroma, Pleroma.Signature, http_signatures_impl: Pleroma.StubbedHTTPSignaturesMock

 peer_module =
  if String.to_integer(System.otp_release()) >= 25 do
@ -171,11 +177,18 @@ config :pleroma, Pleroma.Application,
  streamer_registry: false,
  test_http_pools: true

+config :pleroma, Pleroma.Web.Streaming, sync_streaming: true
+
 config :pleroma, Pleroma.Uploaders.Uploader, timeout: 1_000

 config :pleroma, Pleroma.Emoji.Loader, test_emoji: true

-config :pleroma, Pleroma.Web.RichMedia.Backfill, provider: Pleroma.Web.RichMedia.Backfill
+config :pleroma, Pleroma.Web.RichMedia.Backfill,
+  stream_out: Pleroma.Web.ActivityPub.ActivityPubMock
+
+config :pleroma, Pleroma.Web.Plugs.HTTPSecurityPlug, enable: false
+
+config :pleroma, Pleroma.User.Backup, tempdir: "test/tmp"

 if File.exists?("./config/test.secret.exs") do
  import_config "test.secret.exs"