Merge branch 'develop' into issue/1354

2020-01-12 12:12:15 -06:00 · 2020-01-12 12:12:15 -06:00 · 2f5b8fbeb3
commit 2f5b8fbeb3
parent 933dc12043 ecb8fe183c
171 changed files with 1537 additions and 3303 deletions
--- a/lib/pleroma/application.ex
+++ b/lib/pleroma/application.ex
@ -5,6 +5,7 @@
 defmodule Pleroma.Application do
  import Cachex.Spec
  use Application
+  require Logger

  @name Mix.Project.config()[:name]
  @version Mix.Project.config()[:version]
@ -33,6 +34,7 @@ defmodule Pleroma.Application do
    Pleroma.HTML.compile_scrubbers()
    Pleroma.Config.DeprecationWarnings.warn()
    setup_instrumenters()
+    load_custom_modules()

    # Define workers and child supervisors to be supervised
    children =
@ -68,6 +70,28 @@ defmodule Pleroma.Application do
    Supervisor.start_link(children, opts)
  end

+  def load_custom_modules do
+    dir = Pleroma.Config.get([:modules, :runtime_dir])
+
+    if dir && File.exists?(dir) do
+      dir
+      |> Pleroma.Utils.compile_dir()
+      |> case do
+        {:error, _errors, _warnings} ->
+          raise "Invalid custom modules"
+
+        {:ok, modules, _warnings} ->
+          if @env != :test do
+            Enum.each(modules, fn mod ->
+              Logger.info("Custom module loaded: #{inspect(mod)}")
+            end)
+          end
+
+          :ok
+      end
+    end
+  end
+
  defp setup_instrumenters do
    require Prometheus.Registry

--- a/lib/pleroma/html.ex
+++ b/lib/pleroma/html.ex
@ -10,9 +10,7 @@ defmodule Pleroma.HTML do
    dir = Path.join(:code.priv_dir(:pleroma), "scrubbers")

    dir
-    |> File.ls!()
-    |> Enum.map(&Path.join(dir, &1))
-    |> Kernel.ParallelCompiler.compile()
+    |> Pleroma.Utils.compile_dir()
    |> case do
      {:error, _errors, _warnings} ->
        raise "Compiling scrubbers failed"
--- a/lib/pleroma/object/fetcher.ex
+++ b/lib/pleroma/object/fetcher.ex
@ -154,7 +154,7 @@ defmodule Pleroma.Object.Fetcher do
  end

  def fetch_and_contain_remote_object_from_id(id) when is_binary(id) do
-    Logger.info("Fetching object #{id} via AP")
+    Logger.debug("Fetching object #{id} via AP")

    date = Pleroma.Signature.signed_date()

--- a/lib/pleroma/plugs/oauth_scopes_plug.ex
+++ b/lib/pleroma/plugs/oauth_scopes_plug.ex
@ -18,16 +18,13 @@ defmodule Pleroma.Plugs.OAuthScopesPlug do
    token = assigns[:token]

    scopes = transform_scopes(scopes, options)
-    matched_scopes = token && filter_descendants(scopes, token.scopes)
+    matched_scopes = (token && filter_descendants(scopes, token.scopes)) || []

    cond do
-      is_nil(token) ->
-        maybe_perform_instance_privacy_check(conn, options)
-
-      op == :| && Enum.any?(matched_scopes) ->
+      token && op == :| && Enum.any?(matched_scopes) ->
        conn

-      op == :& && matched_scopes == scopes ->
+      token && op == :& && matched_scopes == scopes ->
        conn

      options[:fallback] == :proceed_unauthenticated ->
--- a/lib/pleroma/uploaders/mdii.ex
+++ b/lib/pleroma/uploaders/mdii.ex
@ -1,37 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Uploaders.MDII do
-  @moduledoc "Represents uploader for https://github.com/hakaba-hitoyo/minimal-digital-image-infrastructure"
-
-  alias Pleroma.Config
-  alias Pleroma.HTTP
-
-  @behaviour Pleroma.Uploaders.Uploader
-
-  # MDII-hosted images are never passed through the MediaPlug; only local media.
-  # Delegate to Pleroma.Uploaders.Local
-  def get_file(file) do
-    Pleroma.Uploaders.Local.get_file(file)
-  end
-
-  def put_file(upload) do
-    cgi = Config.get([Pleroma.Uploaders.MDII, :cgi])
-    files = Config.get([Pleroma.Uploaders.MDII, :files])
-
-    {:ok, file_data} = File.read(upload.tempfile)
-
-    extension = String.split(upload.name, ".") |> List.last()
-    query = "#{cgi}?#{extension}"
-
-    with {:ok, %{status: 200, body: body}} <-
-           HTTP.post(query, file_data, [], adapter: [pool: :default]) do
-      remote_file_name = String.split(body) |> List.first()
-      public_url = "#{files}/#{remote_file_name}.#{extension}"
-      {:ok, {:url, public_url}}
-    else
-      _ -> Pleroma.Uploaders.Local.put_file(upload)
-    end
-  end
-end
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -1430,20 +1430,47 @@ defmodule Pleroma.User do
  Creates an internal service actor by URI if missing.
  Optionally takes nickname for addressing.
  """
-  def get_or_create_service_actor_by_ap_id(uri, nickname \\ nil) do
-    with user when is_nil(user) <- get_cached_by_ap_id(uri) do
-      {:ok, user} =
-        %User{
-          invisible: true,
-          local: true,
-          ap_id: uri,
-          nickname: nickname,
-          follower_address: uri <> "/followers"
-        }
-        |> Repo.insert()
+  @spec get_or_create_service_actor_by_ap_id(String.t(), String.t()) :: User.t() | nil
+  def get_or_create_service_actor_by_ap_id(uri, nickname) do
+    {_, user} =
+      case get_cached_by_ap_id(uri) do
+        nil ->
+          with {:error, %{errors: errors}} <- create_service_actor(uri, nickname) do
+            Logger.error("Cannot create service actor: #{uri}/.\n#{inspect(errors)}")
+            {:error, nil}
+          end

-      user
-    end
+        %User{invisible: false} = user ->
+          set_invisible(user)
+
+        user ->
+          {:ok, user}
+      end
+
+    user
+  end
+
+  @spec set_invisible(User.t()) :: {:ok, User.t()}
+  defp set_invisible(user) do
+    user
+    |> change(%{invisible: true})
+    |> update_and_set_cache()
+  end
+
+  @spec create_service_actor(String.t(), String.t()) ::
+          {:ok, User.t()} | {:error, Ecto.Changeset.t()}
+  defp create_service_actor(uri, nickname) do
+    %User{
+      invisible: true,
+      local: true,
+      ap_id: uri,
+      nickname: nickname,
+      follower_address: uri <> "/followers"
+    }
+    |> change
+    |> unique_constraint(:nickname)
+    |> Repo.insert()
+    |> set_cache()
  end

  # AP style
@ -1855,9 +1882,9 @@ defmodule Pleroma.User do
      ])

    with {:ok, updated_user} <- update_and_set_cache(changeset) do
-      if user.is_admin && !updated_user.is_admin do
-        # Tokens & authorizations containing any admin scopes must be revoked (revoking all).
-        # This is an extra safety measure (tokens' admin scopes won't be accepted for non-admins).
+      if user.is_admin != updated_user.is_admin do
+        # Admin status change results in change of accessible OAuth scopes, and instead of changing
+        #   already issued tokens we revoke them, requiring user to sign in again
        global_sign_out(user)
      end

--- a/lib/pleroma/utils.ex
+++ b/lib/pleroma/utils.ex
@ -0,0 +1,12 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Utils do
+  def compile_dir(dir) when is_binary(dir) do
+    dir
+    |> File.ls!()
+    |> Enum.map(&Path.join(dir, &1))
+    |> Kernel.ParallelCompiler.compile()
+  end
+end
--- a/lib/pleroma/web/activity_pub/activity_pub.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
@ -1298,28 +1298,26 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
  def fetch_follow_information_for_user(user) do
    with {:ok, following_data} <-
           Fetcher.fetch_and_contain_remote_object_from_id(user.following_address),
-         following_count when is_integer(following_count) <- following_data["totalItems"],
         {:ok, hide_follows} <- collection_private(following_data),
         {:ok, followers_data} <-
           Fetcher.fetch_and_contain_remote_object_from_id(user.follower_address),
-         followers_count when is_integer(followers_count) <- followers_data["totalItems"],
         {:ok, hide_followers} <- collection_private(followers_data) do
      {:ok,
       %{
         hide_follows: hide_follows,
-         follower_count: followers_count,
-         following_count: following_count,
+         follower_count: normalize_counter(followers_data["totalItems"]),
+         following_count: normalize_counter(following_data["totalItems"]),
         hide_followers: hide_followers
       }}
    else
-      {:error, _} = e ->
-        e
-
-      e ->
-        {:error, e}
+      {:error, _} = e -> e
+      e -> {:error, e}
    end
  end

+  defp normalize_counter(counter) when is_integer(counter), do: counter
+  defp normalize_counter(_), do: 0
+
  defp maybe_update_follow_information(data) do
    with {:enabled, true} <-
           {:enabled, Pleroma.Config.get([:instance, :external_user_synchronization])},
@ -1339,24 +1337,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
    end
  end

+  defp collection_private(%{"first" => %{"type" => type}})
+       when type in ["CollectionPage", "OrderedCollectionPage"],
+       do: {:ok, false}
+
  defp collection_private(%{"first" => first}) do
-    if is_map(first) and
-         first["type"] in ["CollectionPage", "OrderedCollectionPage"] do
+    with {:ok, %{"type" => type}} when type in ["CollectionPage", "OrderedCollectionPage"] <-
+           Fetcher.fetch_and_contain_remote_object_from_id(first) do
      {:ok, false}
    else
-      with {:ok, %{"type" => type}} when type in ["CollectionPage", "OrderedCollectionPage"] <-
-             Fetcher.fetch_and_contain_remote_object_from_id(first) do
-        {:ok, false}
-      else
-        {:error, {:ok, %{status: code}}} when code in [401, 403] ->
-          {:ok, true}
-
-        {:error, _} = e ->
-          e
-
-        e ->
-          {:error, e}
-      end
+      {:error, {:ok, %{status: code}}} when code in [401, 403] -> {:ok, true}
+      {:error, _} = e -> e
+      e -> {:error, e}
    end
  end

--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@ -257,7 +257,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do

  # only accept relayed Creates
  def inbox(conn, %{"type" => "Create"} = params) do
-    Logger.info(
+    Logger.debug(
      "Signature missing or not from author, relayed Create message, fetching object from source"
    )

@ -270,11 +270,11 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    headers = Enum.into(conn.req_headers, %{})

    if String.contains?(headers["signature"], params["actor"]) do
-      Logger.info(
+      Logger.debug(
        "Signature validation error for: #{params["actor"]}, make sure you are forwarding the HTTP Host header!"
      )

-      Logger.info(inspect(conn.req_headers))
+      Logger.debug(inspect(conn.req_headers))
    end

    json(conn, dgettext("errors", "error"))
--- a/lib/pleroma/web/activity_pub/mrf/drop_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/drop_policy.ex
@ -9,7 +9,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.DropPolicy do

  @impl true
  def filter(object) do
-    Logger.info("REJECTING #{inspect(object)}")
+    Logger.debug("REJECTING #{inspect(object)}")
    {:reject, object}
  end

--- a/lib/pleroma/web/activity_pub/mrf/mediaproxy_warming_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/mediaproxy_warming_policy.ex
@ -18,7 +18,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy do
  ]

  def perform(:prefetch, url) do
-    Logger.info("Prefetching #{inspect(url)}")
+    Logger.debug("Prefetching #{inspect(url)}")

    url
    |> MediaProxy.url()
--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@ -48,7 +48,7 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
  * `id`: the ActivityStreams URI of the message
  """
  def publish_one(%{inbox: inbox, json: json, actor: %User{} = actor, id: id} = params) do
-    Logger.info("Federating #{id} to #{inbox}")
+    Logger.debug("Federating #{id} to #{inbox}")
    %{host: host, path: path} = URI.parse(inbox)

    digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64())
@ -228,7 +228,7 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
    public = is_public?(activity)

    if public && Config.get([:instance, :allow_relay]) do
-      Logger.info(fn -> "Relaying #{activity.data["id"]} out" end)
+      Logger.debug(fn -> "Relaying #{activity.data["id"]} out" end)
      Relay.publish(activity)
    end

--- a/lib/pleroma/web/activity_pub/relay.ex
+++ b/lib/pleroma/web/activity_pub/relay.ex
@ -9,10 +9,12 @@ defmodule Pleroma.Web.ActivityPub.Relay do
  alias Pleroma.Web.ActivityPub.ActivityPub
  require Logger

+  @relay_nickname "relay"
+
  def get_actor do
    actor =
      relay_ap_id()
-      |> User.get_or_create_service_actor_by_ap_id()
+      |> User.get_or_create_service_actor_by_ap_id(@relay_nickname)

    actor
  end
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@ -59,7 +59,7 @@ defmodule Pleroma.Web.Endpoint do

  plug(Pleroma.Plugs.TrailingFormatPlug)
  plug(Plug.RequestId)
-  plug(Plug.Logger)
+  plug(Plug.Logger, log: :debug)

  plug(Pleroma.Plugs.Parsers)

--- a/lib/pleroma/web/federator/federator.ex
+++ b/lib/pleroma/web/federator/federator.ex
@ -58,7 +58,7 @@ defmodule Pleroma.Web.Federator do
  end

  def perform(:incoming_ap_doc, params) do
-    Logger.info("Handling incoming AP activity")
+    Logger.debug("Handling incoming AP activity")

    params = Utils.normalize_params(params)

@ -71,13 +71,13 @@ defmodule Pleroma.Web.Federator do
      {:ok, activity}
    else
      %Activity{} ->
-        Logger.info("Already had #{params["id"]}")
+        Logger.debug("Already had #{params["id"]}")
        :error

      _e ->
        # Just drop those for now
-        Logger.info("Unhandled activity")
-        Logger.info(Jason.encode!(params, pretty: true))
+        Logger.debug("Unhandled activity")
+        Logger.debug(Jason.encode!(params, pretty: true))
        :error
    end
  end
--- a/lib/pleroma/web/federator/publisher.ex
+++ b/lib/pleroma/web/federator/publisher.ex
@ -47,7 +47,7 @@ defmodule Pleroma.Web.Federator.Publisher do
    Config.get([:instance, :federation_publisher_modules])
    |> Enum.each(fn module ->
      if module.is_representable?(activity) do
-        Logger.info("Publishing #{activity.data["id"]} using #{inspect(module)}")
+        Logger.debug("Publishing #{activity.data["id"]} using #{inspect(module)}")
        module.publish(user, activity)
      end
    end)
--- a/lib/pleroma/web/masto_fe_controller.ex
+++ b/lib/pleroma/web/masto_fe_controller.ex
@ -20,18 +20,21 @@ defmodule Pleroma.Web.MastoFEController do
  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug when action != :index)

  @doc "GET /web/*path"
-  def index(%{assigns: %{user: user}} = conn, _params) do
-    token = get_session(conn, :oauth_token)
+  def index(%{assigns: %{user: user, token: token}} = conn, _params)
+      when not is_nil(user) and not is_nil(token) do
+    conn
+    |> put_layout(false)
+    |> render("index.html",
+      token: token.token,
+      user: user,
+      custom_emojis: Pleroma.Emoji.get_all()
+    )
+  end

-    if user && token do
-      conn
-      |> put_layout(false)
-      |> render("index.html", token: token, user: user, custom_emojis: Pleroma.Emoji.get_all())
-    else
-      conn
-      |> put_session(:return_to, conn.request_path)
-      |> redirect(to: "/web/login")
-    end
+  def index(conn, _params) do
+    conn
+    |> put_session(:return_to, conn.request_path)
+    |> redirect(to: "/web/login")
  end

  @doc "GET /web/manifest.json"
--- a/lib/pleroma/web/metadata/twitter_card.ex
+++ b/lib/pleroma/web/metadata/twitter_card.ex
@ -31,7 +31,7 @@ defmodule Pleroma.Web.Metadata.Providers.TwitterCard do
      if attachments == [] or Metadata.activity_nsfw?(object) do
        [
          image_tag(user),
-          {:meta, [property: "twitter:card", content: "summary_large_image"], []}
+          {:meta, [property: "twitter:card", content: "summary"], []}
        ]
      else
        attachments
--- a/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/emoji_api_controller.ex
@ -52,7 +52,7 @@ defmodule Pleroma.Web.PleromaAPI.EmojiAPIController do
  @doc """
  Lists the packs available on the instance as JSON.

-  The information is public and does not require authentification. The format is
+  The information is public and does not require authentication. The format is
  a map of "pack directory name" to pack.json contents.
  """
  def list_packs(conn, _params) do
--- a/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
@ -22,7 +22,14 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do

  plug(
    OAuthScopesPlug,
-    %{scopes: ["read:statuses"]} when action in [:conversation, :conversation_statuses]
+    %{scopes: ["read:statuses"]}
+    when action in [:conversation, :conversation_statuses, :emoji_reactions_by]
+  )
+
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["write:statuses"]}
+    when action in [:react_with_emoji, :unreact_with_emoji]
  )

  plug(
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -20,7 +20,14 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
  plug(
    OAuthScopesPlug,
    %{scopes: ["follow", "write:follows"]}
-    when action in [:do_remote_follow, :follow_import]
+    when action == :follow_import
+  )
+
+  # Note: follower can submit the form (with password auth) not being signed in (having no token)
+  plug(
+    OAuthScopesPlug,
+    %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]}
+    when action == :do_remote_follow
  )

  plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks_import)
@ -255,7 +262,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
  end

  def delete_account(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params["password"]) do
+    password = params["password"] || ""
+
+    case CommonAPI.Utils.confirm_current_password(user, password) do
      {:ok, user} ->
        User.delete(user)
        json(conn, %{status: "success"})