Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into auth-fetch-exception

lib/mix/tasks/pleroma/search/indexer.ex

@@ -0,0 +1,80 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Mix.Tasks.Pleroma.Search.Indexer do
+  import Mix.Pleroma
+  import Ecto.Query
+
+  alias Pleroma.Workers.SearchIndexingWorker
+
+  def run(["create_index"]) do
+    start_pleroma()
+
+    with :ok <- Pleroma.Config.get([Pleroma.Search, :module]).create_index() do
+      IO.puts("Index created")
+    else
+      e -> IO.puts("Could not create index: #{inspect(e)}")
+    end
+  end
+
+  def run(["drop_index"]) do
+    start_pleroma()
+
+    with :ok <- Pleroma.Config.get([Pleroma.Search, :module]).drop_index() do
+      IO.puts("Index dropped")
+    else
+      e -> IO.puts("Could not drop index: #{inspect(e)}")
+    end
+  end
+
+  def run(["index" | options]) do
+    {options, [], []} =
+      OptionParser.parse(
+        options,
+        strict: [
+          limit: :integer
+        ]
+      )
+
+    start_pleroma()
+
+    limit = Keyword.get(options, :limit, 100_000)
+
+    per_step = 1000
+    chunks = max(div(limit, per_step), 1)
+
+    1..chunks
+    |> Enum.each(fn step ->
+      q =
+        from(a in Pleroma.Activity,
+          limit: ^per_step,
+          offset: ^per_step * (^step - 1),
+          select: [:id],
+          order_by: [desc: :id]
+        )
+
+      {:ok, ids} =
+        Pleroma.Repo.transaction(fn ->
+          Pleroma.Repo.stream(q, timeout: :infinity)
+          |> Enum.map(fn a ->
+            a.id
+          end)
+        end)
+
+      IO.puts("Got #{length(ids)} activities, adding to indexer")
+
+      ids
+      |> Enum.chunk_every(100)
+      |> Enum.each(fn chunk ->
+        IO.puts("Adding #{length(chunk)} activities to indexing queue")
+
+        chunk
+        |> Enum.map(fn id ->
+          SearchIndexingWorker.new(%{"op" => "add_to_index", "activity" => id})
+        end)
+        |> Oban.insert_all()
+      end)
+    end)
+  end
+end

lib/pleroma/application.ex

@@ -14,6 +14,7 @@ defmodule Pleroma.Application do
   @name Mix.Project.config()[:name]
   @version Mix.Project.config()[:version]
   @repository Mix.Project.config()[:source_url]
+  @compile_env Mix.env()
 
   def name, do: @name
   def version, do: @version
@@ -51,7 +52,11 @@ defmodule Pleroma.Application do
     Pleroma.HTML.compile_scrubbers()
     Pleroma.Config.Oban.warn()
     Config.DeprecationWarnings.warn()
-    Pleroma.Web.Plugs.HTTPSecurityPlug.warn_if_disabled()
+
+    if @compile_env != :test do
+      Pleroma.Web.Plugs.HTTPSecurityPlug.warn_if_disabled()
+    end
+
     Pleroma.ApplicationRequirements.verify!()
     load_custom_modules()
     Pleroma.Docs.JSON.compile()

lib/pleroma/scheduled_activity.ex

@@ -204,7 +204,7 @@ defmodule Pleroma.ScheduledActivity do
 
   def job_query(scheduled_activity_id) do
     from(j in Oban.Job,
-      where: j.queue == "scheduled_activities",
+      where: j.queue == "federator_outgoing",
       where: fragment("args ->> 'activity_id' = ?::text", ^to_string(scheduled_activity_id))
     )
   end

lib/pleroma/search/database_search.ex

@@ -48,6 +48,12 @@ defmodule Pleroma.Search.DatabaseSearch do
   @impl true
   def remove_from_index(_object), do: :ok
 
+  @impl true
+  def create_index, do: :ok
+
+  @impl true
+  def drop_index, do: :ok
+
   @impl true
   def healthcheck_endpoints, do: nil
 

lib/pleroma/search/meilisearch.ex

@@ -10,6 +10,12 @@ defmodule Pleroma.Search.Meilisearch do
 
   @behaviour Pleroma.Search.SearchBackend
 
+  @impl true
+  def create_index, do: :ok
+
+  @impl true
+  def drop_index, do: :ok
+
   defp meili_headers do
     private_key = Config.get([Pleroma.Search.Meilisearch, :private_key])
 

lib/pleroma/search/qdrant_search.ex

@@ -0,0 +1,182 @@
+defmodule Pleroma.Search.QdrantSearch do
+  @behaviour Pleroma.Search.SearchBackend
+  import Ecto.Query
+
+  alias Pleroma.Activity
+  alias Pleroma.Config.Getting, as: Config
+
+  alias __MODULE__.OpenAIClient
+  alias __MODULE__.QdrantClient
+
+  import Pleroma.Search.Meilisearch, only: [object_to_search_data: 1]
+  import Pleroma.Search.DatabaseSearch, only: [maybe_fetch: 3]
+
+  @impl true
+  def create_index do
+    payload = Config.get([Pleroma.Search.QdrantSearch, :qdrant_index_configuration])
+
+    with {:ok, %{status: 200}} <- QdrantClient.put("/collections/posts", payload) do
+      :ok
+    else
+      e -> {:error, e}
+    end
+  end
+
+  @impl true
+  def drop_index do
+    with {:ok, %{status: 200}} <- QdrantClient.delete("/collections/posts") do
+      :ok
+    else
+      e -> {:error, e}
+    end
+  end
+
+  def get_embedding(text) do
+    with {:ok, %{body: %{"data" => [%{"embedding" => embedding}]}}} <-
+           OpenAIClient.post("/v1/embeddings", %{
+             input: text,
+             model: Config.get([Pleroma.Search.QdrantSearch, :openai_model])
+           }) do
+      {:ok, embedding}
+    else
+      _ ->
+        {:error, "Failed to get embedding"}
+    end
+  end
+
+  defp actor_from_activity(%{data: %{"actor" => actor}}) do
+    actor
+  end
+
+  defp actor_from_activity(_), do: nil
+
+  defp build_index_payload(activity, embedding) do
+    actor = actor_from_activity(activity)
+    published_at = activity.data["published"]
+
+    %{
+      points: [
+        %{
+          id: activity.id |> FlakeId.from_string() |> Ecto.UUID.cast!(),
+          vector: embedding,
+          payload: %{actor: actor, published_at: published_at}
+        }
+      ]
+    }
+  end
+
+  defp build_search_payload(embedding, options) do
+    base = %{
+      vector: embedding,
+      limit: options[:limit] || 20,
+      offset: options[:offset] || 0
+    }
+
+    if author = options[:author] do
+      Map.put(base, :filter, %{
+        must: [%{key: "actor", match: %{value: author.ap_id}}]
+      })
+    else
+      base
+    end
+  end
+
+  @impl true
+  def add_to_index(activity) do
+    # This will only index public or unlisted notes
+    maybe_search_data = object_to_search_data(activity.object)
+
+    if activity.data["type"] == "Create" and maybe_search_data do
+      with {:ok, embedding} <- get_embedding(maybe_search_data.content),
+           {:ok, %{status: 200}} <-
+             QdrantClient.put(
+               "/collections/posts/points",
+               build_index_payload(activity, embedding)
+             ) do
+        :ok
+      else
+        e -> {:error, e}
+      end
+    else
+      :ok
+    end
+  end
+
+  @impl true
+  def remove_from_index(object) do
+    activity = Activity.get_by_object_ap_id_with_object(object.data["id"])
+    id = activity.id |> FlakeId.from_string() |> Ecto.UUID.cast!()
+
+    with {:ok, %{status: 200}} <-
+           QdrantClient.post("/collections/posts/points/delete", %{"points" => [id]}) do
+      :ok
+    else
+      e -> {:error, e}
+    end
+  end
+
+  @impl true
+  def search(user, original_query, options) do
+    query = "Represent this sentence for searching relevant passages: #{original_query}"
+
+    with {:ok, embedding} <- get_embedding(query),
+         {:ok, %{body: %{"result" => result}}} <-
+           QdrantClient.post(
+             "/collections/posts/points/search",
+             build_search_payload(embedding, options)
+           ) do
+      ids =
+        Enum.map(result, fn %{"id" => id} ->
+          Ecto.UUID.dump!(id)
+        end)
+
+      from(a in Activity, where: a.id in ^ids)
+      |> Activity.with_preloaded_object()
+      |> Activity.restrict_deactivated_users()
+      |> Ecto.Query.order_by([a], fragment("array_position(?, ?)", ^ids, a.id))
+      |> Pleroma.Repo.all()
+      |> maybe_fetch(user, original_query)
+    else
+      _ ->
+        []
+    end
+  end
+
+  @impl true
+  def healthcheck_endpoints do
+    qdrant_health =
+      Config.get([Pleroma.Search.QdrantSearch, :qdrant_url])
+      |> URI.parse()
+      |> Map.put(:path, "/healthz")
+      |> URI.to_string()
+
+    openai_health = Config.get([Pleroma.Search.QdrantSearch, :openai_healthcheck_url])
+
+    [qdrant_health, openai_health] |> Enum.filter(& &1)
+  end
+end
+
+defmodule Pleroma.Search.QdrantSearch.OpenAIClient do
+  use Tesla
+  alias Pleroma.Config.Getting, as: Config
+
+  plug(Tesla.Middleware.BaseUrl, Config.get([Pleroma.Search.QdrantSearch, :openai_url]))
+  plug(Tesla.Middleware.JSON)
+
+  plug(Tesla.Middleware.Headers, [
+    {"Authorization",
+     "Bearer #{Pleroma.Config.get([Pleroma.Search.QdrantSearch, :openai_api_key])}"}
+  ])
+end
+
+defmodule Pleroma.Search.QdrantSearch.QdrantClient do
+  use Tesla
+  alias Pleroma.Config.Getting, as: Config
+
+  plug(Tesla.Middleware.BaseUrl, Config.get([Pleroma.Search.QdrantSearch, :qdrant_url]))
+  plug(Tesla.Middleware.JSON)
+
+  plug(Tesla.Middleware.Headers, [
+    {"api-key", Pleroma.Config.get([Pleroma.Search.QdrantSearch, :qdrant_api_key])}
+  ])
+end

lib/pleroma/search/search_backend.ex

@@ -22,6 +22,16 @@ defmodule Pleroma.Search.SearchBackend do
   """
   @callback remove_from_index(object :: Pleroma.Object.t()) :: :ok | {:error, any()}
 
+  @doc """
+  Create the index
+  """
+  @callback create_index() :: :ok | {:error, any()}
+
+  @doc """
+  Drop the index
+  """
+  @callback drop_index() :: :ok | {:error, any()}
+
   @doc """
   Healthcheck endpoints of search backend infrastructure to monitor for controlling
   processing of jobs in the Oban queue.

lib/pleroma/web/activity_pub/activity_pub.ex

@@ -979,8 +979,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do
 
   defp restrict_replies(query, %{exclude_replies: true}) do
     from(
-      [_activity, object] in query,
-      where: fragment("?->>'inReplyTo' is null", object.data)
+      [activity, object] in query,
+      where:
+        fragment("?->>'inReplyTo' is null or ?->>'type' = 'Announce'", object.data, activity.data)
     )
   end
 

lib/pleroma/web/activity_pub/activity_pub_controller.ex

@@ -52,6 +52,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
     when action in [:activity, :object]
   )
 
+  plug(:log_inbox_metadata when action in [:inbox])
   plug(:set_requester_reachable when action in [:inbox])
   plug(:relay_active? when action in [:relay])
 
@@ -521,6 +522,13 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
     conn
   end
 
+  defp log_inbox_metadata(conn = %{params: %{"actor" => actor, "type" => type}}, _) do
+    Logger.metadata(actor: actor, type: type)
+    conn
+  end
+
+  defp log_inbox_metadata(conn, _), do: conn
+
   def upload_media(%{assigns: %{user: %User{} = user}} = conn, %{"file" => file} = data) do
     with {:ok, object} <-
            ActivityPub.upload(

lib/pleroma/web/activity_pub/mrf/anti_mention_spam_policy.ex

@@ -0,0 +1,87 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.AntiMentionSpamPolicy do
+  alias Pleroma.Config
+  alias Pleroma.User
+  require Pleroma.Constants
+
+  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
+
+  defp user_has_posted?(%User{} = u), do: u.note_count > 0
+
+  defp user_has_age?(%User{} = u) do
+    user_age_limit = Config.get([:mrf_antimentionspam, :user_age_limit], 30_000)
+    diff = NaiveDateTime.utc_now() |> NaiveDateTime.diff(u.inserted_at, :millisecond)
+    diff >= user_age_limit
+  end
+
+  defp good_reputation?(%User{} = u) do
+    user_has_age?(u) and user_has_posted?(u)
+  end
+
+  # copied from HellthreadPolicy
+  defp get_recipient_count(message) do
+    recipients = (message["to"] || []) ++ (message["cc"] || [])
+
+    follower_collection =
+      User.get_cached_by_ap_id(message["actor"] || message["attributedTo"]).follower_address
+
+    if Enum.member?(recipients, Pleroma.Constants.as_public()) do
+      recipients =
+        recipients
+        |> List.delete(Pleroma.Constants.as_public())
+        |> List.delete(follower_collection)
+
+      {:public, length(recipients)}
+    else
+      recipients =
+        recipients
+        |> List.delete(follower_collection)
+
+      {:not_public, length(recipients)}
+    end
+  end
+
+  defp object_has_recipients?(%{"object" => object} = activity) do
+    {_, object_count} = get_recipient_count(object)
+    {_, activity_count} = get_recipient_count(activity)
+    object_count + activity_count > 0
+  end
+
+  defp object_has_recipients?(object) do
+    {_, count} = get_recipient_count(object)
+    count > 0
+  end
+
+  @impl true
+  def filter(%{"type" => "Create", "actor" => actor} = activity) do
+    with {:ok, %User{local: false} = u} <- User.get_or_fetch_by_ap_id(actor),
+         {:has_mentions, true} <- {:has_mentions, object_has_recipients?(activity)},
+         {:good_reputation, true} <- {:good_reputation, good_reputation?(u)} do
+      {:ok, activity}
+    else
+      {:ok, %User{local: true}} ->
+        {:ok, activity}
+
+      {:has_mentions, false} ->
+        {:ok, activity}
+
+      {:good_reputation, false} ->
+        {:reject, "[AntiMentionSpamPolicy] User rejected"}
+
+      {:error, _} ->
+        {:reject, "[AntiMentionSpamPolicy] Failed to get or fetch user by ap_id"}
+
+      e ->
+        {:reject, "[AntiMentionSpamPolicy] Unhandled error #{inspect(e)}"}
+    end
+  end
+
+  # in all other cases, pass through
+  def filter(message), do: {:ok, message}
+
+  @impl true
+  def describe, do: {:ok, %{}}
+end

lib/pleroma/web/activity_pub/mrf/dnsrbl_policy.ex

@@ -0,0 +1,142 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2024 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.DNSRBLPolicy do
+  @moduledoc """
+  Dynamic activity filtering based on an RBL database
+
+  This MRF makes queries to a custom DNS server which will
+  respond with values indicating the classification of the domain
+  the activity originated from. This method has been widely used
+  in the email anti-spam industry for very fast reputation checks.
+
+  e.g., if the DNS response is 127.0.0.1 or empty, the domain is OK
+  Other values such as 127.0.0.2 may be used for specific classifications.
+
+  Information for why the host is blocked can be stored in a corresponding TXT record.
+
+  This method is fail-open so if the queries fail the activites are accepted.
+
+  An example of software meant for this purpsoe is rbldnsd which can be found
+  at http://www.corpit.ru/mjt/rbldnsd.html or mirrored at
+  https://git.pleroma.social/feld/rbldnsd
+
+  It is highly recommended that you run your own copy of rbldnsd and use an
+  external mechanism to sync/share the contents of the zone file. This is
+  important to keep the latency on the queries as low as possible and prevent
+  your DNS server from being attacked so it fails and content is permitted.
+  """
+
+  @behaviour Pleroma.Web.ActivityPub.MRF.Policy
+
+  alias Pleroma.Config
+
+  require Logger
+
+  @query_retries 1
+  @query_timeout 500
+
+  @impl true
+  def filter(%{"actor" => actor} = object) do
+    actor_info = URI.parse(actor)
+
+    with {:ok, object} <- check_rbl(actor_info, object) do
+      {:ok, object}
+    else
+      _ -> {:reject, "[DNSRBLPolicy]"}
+    end
+  end
+
+  @impl true
+  def filter(object), do: {:ok, object}
+
+  @impl true
+  def describe do
+    mrf_dnsrbl =
+      Config.get(:mrf_dnsrbl)
+      |> Enum.into(%{})
+
+    {:ok, %{mrf_dnsrbl: mrf_dnsrbl}}
+  end
+
+  @impl true
+  def config_description do
+    %{
+      key: :mrf_dnsrbl,
+      related_policy: "Pleroma.Web.ActivityPub.MRF.DNSRBLPolicy",
+      label: "MRF DNSRBL",
+      description: "DNS RealTime Blackhole Policy",
+      children: [
+        %{
+          key: :nameserver,
+          type: {:string},
+          description: "DNSRBL Nameserver to Query (IP or hostame)",
+          suggestions: ["127.0.0.1"]
+        },
+        %{
+          key: :port,
+          type: {:string},
+          description: "Nameserver port",
+          suggestions: ["53"]
+        },
+        %{
+          key: :zone,
+          type: {:string},
+          description: "Root zone for querying",
+          suggestions: ["bl.pleroma.com"]
+        }
+      ]
+    }
+  end
+
+  defp check_rbl(%{host: actor_host}, object) do
+    with false <- match?(^actor_host, Pleroma.Web.Endpoint.host()),
+         zone when not is_nil(zone) <- Keyword.get(Config.get([:mrf_dnsrbl]), :zone) do
+      query =
+        Enum.join([actor_host, zone], ".")
+        |> String.to_charlist()
+
+      rbl_response = rblquery(query)
+
+      if Enum.empty?(rbl_response) do
+        {:ok, object}
+      else
+        Task.start(fn ->
+          reason = rblquery(query, :txt) || "undefined"
+
+          Logger.warning(
+            "DNSRBL Rejected activity from #{actor_host} for reason: #{inspect(reason)}"
+          )
+        end)
+
+        :error
+      end
+    else
+      _ -> {:ok, object}
+    end
+  end
+
+  defp get_rblhost_ip(rblhost) do
+    case rblhost |> String.to_charlist() |> :inet_parse.address() do
+      {:ok, _} -> rblhost |> String.to_charlist() |> :inet_parse.address()
+      _ -> {:ok, rblhost |> String.to_charlist() |> :inet_res.lookup(:in, :a) |> Enum.random()}
+    end
+  end
+
+  defp rblquery(query, type \\ :a) do
+    config = Config.get([:mrf_dnsrbl])
+
+    case get_rblhost_ip(config[:nameserver]) do
+      {:ok, rblnsip} ->
+        :inet_res.lookup(query, :in, type,
+          nameservers: [{rblnsip, config[:port]}],
+          timeout: @query_timeout,
+          retry: @query_retries
+        )
+
+      _ ->
+        []
+    end
+  end
+end

lib/pleroma/web/activity_pub/object_validators/attachment_validator.ex

@@ -15,6 +15,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator do
     field(:type, :string, default: "Link")
     field(:mediaType, ObjectValidators.MIME, default: "application/octet-stream")
     field(:name, :string)
+    field(:summary, :string)
     field(:blurhash, :string)
 
     embeds_many :url, UrlObjectValidator, primary_key: false do
@@ -44,7 +45,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator do
       |> fix_url()
 
     struct
-    |> cast(data, [:id, :type, :mediaType, :name, :blurhash])
+    |> cast(data, [:id, :type, :mediaType, :name, :summary, :blurhash])
     |> cast_embed(:url, with: &url_changeset/2, required: true)
     |> validate_inclusion(:type, ~w[Link Document Audio Image Video])
     |> validate_required([:type, :mediaType])

lib/pleroma/web/api_spec/schemas/attachment.ex

@@ -50,7 +50,11 @@ defmodule Pleroma.Web.ApiSpec.Schemas.Attachment do
       pleroma: %Schema{
         type: :object,
         properties: %{
-          mime_type: %Schema{type: :string, description: "mime type of the attachment"}
+          mime_type: %Schema{type: :string, description: "mime type of the attachment"},
+          name: %Schema{
+            type: :string,
+            description: "Name of the attachment, typically the filename"
+          }
         }
       }
     },

lib/pleroma/web/endpoint.ex

@@ -38,6 +38,8 @@ defmodule Pleroma.Web.Endpoint do
 
   plug(Plug.Telemetry, event_prefix: [:phoenix, :endpoint])
 
+  plug(Pleroma.Web.Plugs.LoggerMetadataPath)
+
   plug(Pleroma.Web.Plugs.SetLocalePlug)
   plug(CORSPlug)
   plug(Pleroma.Web.Plugs.HTTPSecurityPlug)

lib/pleroma/web/federator.ex

@@ -44,7 +44,7 @@ defmodule Pleroma.Web.Federator do
   end
 
   def incoming_ap_doc(%{"type" => "Delete"} = params) do
-    ReceiverWorker.enqueue("incoming_ap_doc", %{"params" => params}, priority: 3)
+    ReceiverWorker.enqueue("incoming_ap_doc", %{"params" => params}, priority: 3, queue: :slow)
   end
 
   def incoming_ap_doc(params) do

lib/pleroma/web/mastodon_api/views/status_view.ex

@@ -624,6 +624,19 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
           to_string(attachment["id"] || hash_id)
       end
 
+    description =
+      if attachment["summary"] do
+        HTML.strip_tags(attachment["summary"])
+      else
+        attachment["name"]
+      end
+
+    name = if attachment["summary"], do: attachment["name"]
+
+    pleroma =
+      %{mime_type: media_type}
+      |> Maps.put_if_present(:name, name)
+
     %{
       id: attachment_id,
       url: href,
@@ -631,8 +644,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
       preview_url: href_preview,
       text_url: href,
       type: type,
-      description: attachment["name"],
-      pleroma: %{mime_type: media_type},
+      description: description,
+      pleroma: pleroma,
       blurhash: attachment["blurhash"]
     }
     |> Maps.put_if_present(:meta, meta)

lib/pleroma/web/plugs/http_security_plug.ex

@@ -3,26 +3,27 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
-  alias Pleroma.Config
   import Plug.Conn
 
   require Logger
 
+  @config_impl Application.compile_env(:pleroma, [__MODULE__, :config_impl], Pleroma.Config)
+
   def init(opts), do: opts
 
   def call(conn, _options) do
-    if Config.get([:http_security, :enabled]) do
+    if @config_impl.get([:http_security, :enabled]) do
       conn
       |> merge_resp_headers(headers())
-      |> maybe_send_sts_header(Config.get([:http_security, :sts]))
+      |> maybe_send_sts_header(@config_impl.get([:http_security, :sts]))
     else
       conn
     end
   end
 
   def primary_frontend do
-    with %{"name" => frontend} <- Config.get([:frontends, :primary]),
-         available <- Config.get([:frontends, :available]),
+    with %{"name" => frontend} <- @config_impl.get([:frontends, :primary]),
+         available <- @config_impl.get([:frontends, :available]),
          %{} = primary_frontend <- Map.get(available, frontend) do
       {:ok, primary_frontend}
     end
@@ -37,8 +38,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
   end
 
   def headers do
-    referrer_policy = Config.get([:http_security, :referrer_policy])
-    report_uri = Config.get([:http_security, :report_uri])
+    referrer_policy = @config_impl.get([:http_security, :referrer_policy])
+    report_uri = @config_impl.get([:http_security, :report_uri])
     custom_http_frontend_headers = custom_http_frontend_headers()
 
     headers = [
@@ -86,10 +87,10 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
   @csp_start [Enum.join(static_csp_rules, ";") <> ";"]
 
   defp csp_string do
-    scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
+    scheme = @config_impl.get([Pleroma.Web.Endpoint, :url])[:scheme]
     static_url = Pleroma.Web.Endpoint.static_url()
     websocket_url = Pleroma.Web.Endpoint.websocket_url()
-    report_uri = Config.get([:http_security, :report_uri])
+    report_uri = @config_impl.get([:http_security, :report_uri])
 
     img_src = "img-src 'self' data: blob:"
     media_src = "media-src 'self'"
@@ -97,8 +98,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
 
     # Strict multimedia CSP enforcement only when MediaProxy is enabled
     {img_src, media_src, connect_src} =
-      if Config.get([:media_proxy, :enabled]) &&
-           !Config.get([:media_proxy, :proxy_opts, :redirect_on_failure]) do
+      if @config_impl.get([:media_proxy, :enabled]) &&
+           !@config_impl.get([:media_proxy, :proxy_opts, :redirect_on_failure]) do
         sources = build_csp_multimedia_source_list()
 
         {
@@ -115,17 +116,21 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
       end
 
     connect_src =
-      if Config.get(:env) == :dev do
+      if @config_impl.get([:env]) == :dev do
         [connect_src, " http://localhost:3035/"]
       else
         connect_src
       end
 
     script_src =
-      if Config.get(:env) == :dev do
-        "script-src 'self' 'unsafe-eval'"
+      if @config_impl.get([:http_security, :allow_unsafe_eval]) do
+        if @config_impl.get([:env]) == :dev do
+          "script-src 'self' 'unsafe-eval'"
+        else
+          "script-src 'self' 'wasm-unsafe-eval'"
+        end
       else
-        "script-src 'self' 'wasm-unsafe-eval'"
+        "script-src 'self'"
       end
 
     report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"]
@@ -161,11 +166,11 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
   defp build_csp_multimedia_source_list do
     media_proxy_whitelist =
       [:media_proxy, :whitelist]
-      |> Config.get()
+      |> @config_impl.get()
       |> build_csp_from_whitelist([])
 
-    captcha_method = Config.get([Pleroma.Captcha, :method])
-    captcha_endpoint = Config.get([captcha_method, :endpoint])
+    captcha_method = @config_impl.get([Pleroma.Captcha, :method])
+    captcha_endpoint = @config_impl.get([captcha_method, :endpoint])
 
     base_endpoints =
       [
@@ -173,7 +178,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
         [Pleroma.Upload, :base_url],
         [Pleroma.Uploaders.S3, :public_endpoint]
       ]
-      |> Enum.map(&Config.get/1)
+      |> Enum.map(&@config_impl.get/1)
 
     [captcha_endpoint | base_endpoints]
     |> Enum.map(&build_csp_param/1)
@@ -200,7 +205,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
   end
 
   def warn_if_disabled do
-    unless Config.get([:http_security, :enabled]) do
+    unless Pleroma.Config.get([:http_security, :enabled]) do
       Logger.warning("
                                  .i;;;;i.
                                iYcviii;vXY:
@@ -245,8 +250,8 @@ your instance and your users via malicious posts:
   end
 
   defp maybe_send_sts_header(conn, true) do
-    max_age_sts = Config.get([:http_security, :sts_max_age])
-    max_age_ct = Config.get([:http_security, :ct_max_age])
+    max_age_sts = @config_impl.get([:http_security, :sts_max_age])
+    max_age_ct = @config_impl.get([:http_security, :ct_max_age])
 
     merge_resp_headers(conn, [
       {"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"},

lib/pleroma/web/plugs/logger_metadata_path.ex

@@ -0,0 +1,12 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.LoggerMetadataPath do
+  def init(opts), do: opts
+
+  def call(conn, _) do
+    Logger.metadata(path: conn.request_path)
+    conn
+  end
+end

lib/pleroma/web/plugs/logger_metadata_user.ex

@@ -0,0 +1,18 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.LoggerMetadataUser do
+  alias Pleroma.User
+
+  def init(opts), do: opts
+
+  def call(%{assigns: %{user: user = %User{}}} = conn, _) do
+    Logger.metadata(user: user.nickname)
+    conn
+  end
+
+  def call(conn, _) do
+    conn
+  end
+end

lib/pleroma/web/router.ex

@@ -29,6 +29,7 @@ defmodule Pleroma.Web.Router do
   pipeline :browser do
     plug(:accepts, ["html"])
     plug(:fetch_session)
+    plug(Pleroma.Web.Plugs.LoggerMetadataUser)
   end
 
   pipeline :oauth do
@@ -67,12 +68,14 @@ defmodule Pleroma.Web.Router do
     plug(:fetch_session)
     plug(:authenticate)
     plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
+    plug(Pleroma.Web.Plugs.LoggerMetadataUser)
   end
 
   pipeline :no_auth_or_privacy_expectations_api do
     plug(:base_api)
     plug(:after_auth)
     plug(Pleroma.Web.Plugs.IdempotencyPlug)
+    plug(Pleroma.Web.Plugs.LoggerMetadataUser)
   end
 
   # Pipeline for app-related endpoints (no user auth checks — app-bound tokens must be supported)
@@ -83,12 +86,14 @@ defmodule Pleroma.Web.Router do
   pipeline :api do
     plug(:expect_public_instance_or_user_authentication)
     plug(:no_auth_or_privacy_expectations_api)
+    plug(Pleroma.Web.Plugs.LoggerMetadataUser)
   end
 
   pipeline :authenticated_api do
     plug(:expect_user_authentication)
     plug(:no_auth_or_privacy_expectations_api)
     plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)
+    plug(Pleroma.Web.Plugs.LoggerMetadataUser)
   end
 
   pipeline :admin_api do
@@ -99,6 +104,7 @@ defmodule Pleroma.Web.Router do
     plug(Pleroma.Web.Plugs.EnsureAuthenticatedPlug)
     plug(Pleroma.Web.Plugs.UserIsStaffPlug)
     plug(Pleroma.Web.Plugs.IdempotencyPlug)
+    plug(Pleroma.Web.Plugs.LoggerMetadataUser)
   end
 
   pipeline :require_admin do
@@ -179,6 +185,7 @@ defmodule Pleroma.Web.Router do
     plug(:browser)
     plug(:authenticate)
     plug(Pleroma.Web.Plugs.EnsureUserTokenAssignsPlug)
+    plug(Pleroma.Web.Plugs.LoggerMetadataUser)
   end
 
   pipeline :well_known do
@@ -193,6 +200,7 @@ defmodule Pleroma.Web.Router do
   pipeline :pleroma_api do
     plug(:accepts, ["html", "json"])
     plug(OpenApiSpex.Plug.PutApiSpec, module: Pleroma.Web.ApiSpec)
+    plug(Pleroma.Web.Plugs.LoggerMetadataUser)
   end
 
   pipeline :mailbox_preview do

lib/pleroma/workers/attachments_cleanup_worker.ex

@@ -8,7 +8,7 @@ defmodule Pleroma.Workers.AttachmentsCleanupWorker do
   alias Pleroma.Object
   alias Pleroma.Repo
 
-  use Pleroma.Workers.WorkerHelper, queue: "attachments_cleanup"
+  use Pleroma.Workers.WorkerHelper, queue: "slow"
 
   @impl Oban.Worker
   def perform(%Job{

lib/pleroma/workers/backup_worker.ex

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Workers.BackupWorker do
-  use Oban.Worker, queue: :backup, max_attempts: 1
+  use Oban.Worker, queue: :slow, max_attempts: 1
 
   alias Oban.Job
   alias Pleroma.User.Backup

lib/pleroma/workers/cron/new_users_digest_worker.ex

@@ -9,7 +9,7 @@ defmodule Pleroma.Workers.Cron.NewUsersDigestWorker do
 
   import Ecto.Query
 
-  use Pleroma.Workers.WorkerHelper, queue: "mailer"
+  use Pleroma.Workers.WorkerHelper, queue: "background"
 
   @impl Oban.Worker
   def perform(_job) do

lib/pleroma/workers/mailer_worker.ex

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Workers.MailerWorker do
-  use Pleroma.Workers.WorkerHelper, queue: "mailer"
+  use Pleroma.Workers.WorkerHelper, queue: "background"
 
   @impl Oban.Worker
   def perform(%Job{args: %{"op" => "email", "encoded_email" => encoded_email, "config" => config}}) do

lib/pleroma/workers/mute_expire_worker.ex

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Workers.MuteExpireWorker do
-  use Pleroma.Workers.WorkerHelper, queue: "mute_expire"
+  use Pleroma.Workers.WorkerHelper, queue: "background"
 
   @impl Oban.Worker
   def perform(%Job{args: %{"op" => "unmute_user", "muter_id" => muter_id, "mutee_id" => mutee_id}}) do

lib/pleroma/workers/poll_worker.ex

@@ -6,7 +6,7 @@ defmodule Pleroma.Workers.PollWorker do
   @moduledoc """
   Generates notifications when a poll ends.
   """
-  use Pleroma.Workers.WorkerHelper, queue: "poll_notifications"
+  use Pleroma.Workers.WorkerHelper, queue: "background"
 
   alias Pleroma.Activity
   alias Pleroma.Notification

lib/pleroma/workers/purge_expired_activity.ex

@@ -7,7 +7,7 @@ defmodule Pleroma.Workers.PurgeExpiredActivity do
   Worker which purges expired activity.
   """
 
-  use Oban.Worker, queue: :activity_expiration, max_attempts: 1, unique: [period: :infinity]
+  use Oban.Worker, queue: :slow, max_attempts: 1, unique: [period: :infinity]
 
   import Ecto.Query
 
@@ -59,7 +59,7 @@ defmodule Pleroma.Workers.PurgeExpiredActivity do
   def get_expiration(id) do
     from(j in Oban.Job,
       where: j.state == "scheduled",
-      where: j.queue == "activity_expiration",
+      where: j.queue == "slow",
       where: fragment("?->>'activity_id' = ?", j.args, ^id)
     )
     |> Pleroma.Repo.one()

lib/pleroma/workers/purge_expired_filter.ex

@@ -7,7 +7,7 @@ defmodule Pleroma.Workers.PurgeExpiredFilter do
   Worker which purges expired filters
   """
 
-  use Oban.Worker, queue: :filter_expiration, max_attempts: 1, unique: [period: :infinity]
+  use Oban.Worker, queue: :background, max_attempts: 1, unique: [period: :infinity]
 
   import Ecto.Query
 
@@ -38,7 +38,7 @@ defmodule Pleroma.Workers.PurgeExpiredFilter do
   def get_expiration(id) do
     from(j in Job,
       where: j.state == "scheduled",
-      where: j.queue == "filter_expiration",
+      where: j.queue == "background",
       where: fragment("?->'filter_id' = ?", j.args, ^id)
     )
     |> Repo.one()

lib/pleroma/workers/purge_expired_token.ex

@@ -7,7 +7,7 @@ defmodule Pleroma.Workers.PurgeExpiredToken do
   Worker which purges expired OAuth tokens
   """
 
-  use Oban.Worker, queue: :token_expiration, max_attempts: 1
+  use Oban.Worker, queue: :background, max_attempts: 1
 
   @spec enqueue(%{token_id: integer(), valid_until: DateTime.t(), mod: module()}) ::
           {:ok, Oban.Job.t()} | {:error, Ecto.Changeset.t()}

lib/pleroma/workers/remote_fetcher_worker.ex

@@ -5,7 +5,7 @@
 defmodule Pleroma.Workers.RemoteFetcherWorker do
   alias Pleroma.Object.Fetcher
 
-  use Pleroma.Workers.WorkerHelper, queue: "remote_fetcher"
+  use Pleroma.Workers.WorkerHelper, queue: "background"
 
   @impl Oban.Worker
   def perform(%Job{args: %{"op" => "fetch_remote", "id" => id} = args}) do

lib/pleroma/workers/rich_media_expiration_worker.ex

@@ -6,7 +6,7 @@ defmodule Pleroma.Workers.RichMediaExpirationWorker do
   alias Pleroma.Web.RichMedia.Card
 
   use Oban.Worker,
-    queue: :rich_media_expiration
+    queue: :background
 
   @impl Oban.Worker
   def perform(%Job{args: %{"url" => url} = _args}) do

lib/pleroma/workers/scheduled_activity_worker.ex

@@ -7,7 +7,7 @@ defmodule Pleroma.Workers.ScheduledActivityWorker do
   The worker to post scheduled activity.
   """
 
-  use Pleroma.Workers.WorkerHelper, queue: "scheduled_activities"
+  use Pleroma.Workers.WorkerHelper, queue: "federator_outgoing"
 
   alias Pleroma.Repo
   alias Pleroma.ScheduledActivity