Merge branch 'develop' into feature/matstodon-statuses-by-name

2019-07-19 16:55:10 -05:00 · 2019-07-19 16:55:10 -05:00 · 9169f331b6
commit 9169f331b6
parent 46c7c53fbb c1c64d6d06
59 changed files with 1184 additions and 191 deletions
--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
@ -10,6 +10,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
  alias Pleroma.Object.Fetcher
  alias Pleroma.User
  alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.ActivityPub.InternalFetchActor
  alias Pleroma.Web.ActivityPub.ObjectView
  alias Pleroma.Web.ActivityPub.Relay
  alias Pleroma.Web.ActivityPub.Transmogrifier
@ -206,9 +207,8 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    json(conn, dgettext("errors", "error"))
  end

-  def relay(conn, _params) do
-    with %User{} = user <- Relay.get_actor(),
-         {:ok, user} <- User.ensure_keys_present(user) do
+  defp represent_service_actor(%User{} = user, conn) do
+    with {:ok, user} <- User.ensure_keys_present(user) do
      conn
      |> put_resp_header("content-type", "application/activity+json")
      |> json(UserView.render("user.json", %{user: user}))
@ -217,6 +217,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubController do
    end
  end

+  defp represent_service_actor(nil, _), do: {:error, :not_found}
+
+  def relay(conn, _params) do
+    Relay.get_actor()
+    |> represent_service_actor(conn)
+  end
+
+  def internal_fetch(conn, _params) do
+    InternalFetchActor.get_actor()
+    |> represent_service_actor(conn)
+  end
+
  def whoami(%{assigns: %{user: %User{} = user}} = conn, _params) do
    conn
    |> put_resp_header("content-type", "application/activity+json")
--- a/lib/pleroma/web/activity_pub/internal_fetch_actor.ex
+++ b/lib/pleroma/web/activity_pub/internal_fetch_actor.ex
@ -0,0 +1,20 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.InternalFetchActor do
+  alias Pleroma.User
+
+  require Logger
+
+  def init do
+    # Wait for everything to settle.
+    Process.sleep(1000 * 5)
+    get_actor()
+  end
+
+  def get_actor do
+    "#{Pleroma.Web.Endpoint.url()}/internal/fetch"
+    |> User.get_or_create_service_actor_by_ap_id("internal.fetch")
+  end
+end
--- a/lib/pleroma/web/activity_pub/mrf/mention_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/mention_policy.ex
@ -0,0 +1,24 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.MentionPolicy do
+  @moduledoc "Block messages which mention a user"
+
+  @behaviour Pleroma.Web.ActivityPub.MRF
+
+  @impl true
+  def filter(%{"type" => "Create"} = message) do
+    reject_actors = Pleroma.Config.get([:mrf_mention, :actors], [])
+    recipients = (message["to"] || []) ++ (message["cc"] || [])
+
+    if Enum.any?(recipients, fn recipient -> Enum.member?(reject_actors, recipient) end) do
+      {:reject, nil}
+    else
+      {:ok, message}
+    end
+  end
+
+  @impl true
+  def filter(message), do: {:ok, message}
+end
--- a/lib/pleroma/web/activity_pub/publisher.ex
+++ b/lib/pleroma/web/activity_pub/publisher.ex
@ -131,7 +131,7 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
      %User{ap_id: ap_id} =
        Enum.find(recipients, fn %{info: %{source_data: data}} -> data["inbox"] == inbox end)

-      # Get all the recipients on the same host and add them to cc. Otherwise it a remote
+      # Get all the recipients on the same host and add them to cc. Otherwise, a remote
      # instance would only accept a first message for the first recipient and ignore the rest.
      cc = get_cc_ap_ids(ap_id, recipients)

--- a/lib/pleroma/web/activity_pub/relay.ex
+++ b/lib/pleroma/web/activity_pub/relay.ex
@ -10,7 +10,8 @@ defmodule Pleroma.Web.ActivityPub.Relay do
  require Logger

  def get_actor do
-    User.get_or_create_instance_user()
+    "#{Pleroma.Web.Endpoint.url()}/relay"
+    |> User.get_or_create_service_actor_by_ap_id()
  end

  def follow(target_instance) do
--- a/lib/pleroma/web/activity_pub/views/user_view.ex
+++ b/lib/pleroma/web/activity_pub/views/user_view.ex
@ -31,8 +31,7 @@ defmodule Pleroma.Web.ActivityPub.UserView do

  def render("endpoints.json", _), do: %{}

-  # the instance itself is not a Person, but instead an Application
-  def render("user.json", %{user: %{nickname: nil} = user}) do
+  def render("service.json", %{user: user}) do
    {:ok, user} = User.ensure_keys_present(user)
    {:ok, _, public_key} = Keys.keys_from_pem(user.info.keys)
    public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
@ -47,7 +46,8 @@ defmodule Pleroma.Web.ActivityPub.UserView do
      "followers" => "#{user.ap_id}/followers",
      "inbox" => "#{user.ap_id}/inbox",
      "name" => "Pleroma",
-      "summary" => "Virtual actor for Pleroma relay",
+      "summary" =>
+        "An internal service actor for this Pleroma instance.  No user-serviceable parts inside.",
      "url" => user.ap_id,
      "manuallyApprovesFollowers" => false,
      "publicKey" => %{
@ -60,6 +60,13 @@ defmodule Pleroma.Web.ActivityPub.UserView do
    |> Map.merge(Utils.make_json_ld_header())
  end

+  # the instance itself is not a Person, but instead an Application
+  def render("user.json", %{user: %User{nickname: nil} = user}),
+    do: render("service.json", %{user: user})
+
+  def render("user.json", %{user: %User{nickname: "internal." <> _} = user}),
+    do: render("service.json", %{user: user})
+
  def render("user.json", %{user: user}) do
    {:ok, user} = User.ensure_keys_present(user)
    {:ok, _, public_key} = Keys.keys_from_pem(user.info.keys)
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@ -47,6 +47,8 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do

  require Logger

+  @rate_limited_relations_actions ~w(follow unfollow)a
+
  @rate_limited_status_actions ~w(reblog_status unreblog_status fav_status unfav_status
    post_status delete_status)a

@ -62,9 +64,16 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
    when action in ~w(fav_status unfav_status)a
  )

+  plug(
+    RateLimiter,
+    {:relations_id_action, params: ["id", "uri"]} when action in @rate_limited_relations_actions
+  )
+
+  plug(RateLimiter, :relations_actions when action in @rate_limited_relations_actions)
  plug(RateLimiter, :statuses_actions when action in @rate_limited_status_actions)
  plug(RateLimiter, :app_account_creation when action == :account_register)
  plug(RateLimiter, :search when action in [:search, :search2, :account_search])
+  plug(RateLimiter, :password_reset when action == :password_reset)

  @local_mastodon_name "Mastodon-Local"

@ -1808,6 +1817,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
    end
  end

+  def password_reset(conn, params) do
+    nickname_or_email = params["email"] || params["nickname"]
+
+    with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do
+      conn
+      |> put_status(:no_content)
+      |> json("")
+    else
+      {:error, "unknown user"} ->
+        send_resp(conn, :not_found, "")
+
+      {:error, _} ->
+        send_resp(conn, :bad_request, "")
+    end
+  end
+
  def try_render(conn, target, params)
      when is_binary(target) do
    case render(conn, target, params) do
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@ -51,6 +51,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
      following: User.following?(user, target),
      followed_by: User.following?(target, user),
      blocking: User.blocks?(user, target),
+      blocked_by: User.blocks?(target, user),
      muting: User.mutes?(user, target),
      muting_notifications: User.muted_notifications?(user, target),
      subscribing: User.subscribed_to?(user, target),
@ -136,6 +137,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
    |> maybe_put_notification_settings(user, opts[:for])
    |> maybe_put_settings_store(user, opts[:for], opts)
    |> maybe_put_chat_token(user, opts[:for], opts)
+    |> maybe_put_activation_status(user, opts[:for])
  end

  defp username_from_nickname(string) when is_binary(string) do
@ -196,6 +198,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do

  defp maybe_put_notification_settings(data, _, _), do: data

+  defp maybe_put_activation_status(data, user, %User{info: %{is_admin: true}}) do
+    Kernel.put_in(data, [:pleroma, :deactivated], user.info.deactivated)
+  end
+
+  defp maybe_put_activation_status(data, _, _), do: data
+
  defp image_url(%{"url" => [%{"href" => href} | _]}), do: href
  defp image_url(_), do: nil
 end
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@ -382,7 +382,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
      %{
        # Mastodon uses separate ids for polls, but an object can't have
        # more than one poll embedded so object id is fine
-        id: object.id,
+        id: to_string(object.id),
        expires_at: Utils.to_masto_date(end_time),
        expired: expired,
        multiple: multiple,
--- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex
+++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex
@ -30,7 +30,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
  def filename_matches(%{"filename" => _} = _, path, url) do
    filename = MediaProxy.filename(url)

-    if filename && Path.basename(path) != filename do
+    if filename && does_not_match(path, filename) do
      {:wrong_filename, filename}
    else
      :ok
@ -38,4 +38,9 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
  end

  def filename_matches(_, _, _), do: :ok
+
+  defp does_not_match(path, filename) do
+    basename = Path.basename(path)
+    basename != filename and URI.decode(basename) != filename and URI.encode(basename) != filename
+  end
 end
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -586,7 +586,7 @@ defmodule Pleroma.Web.Router do
    end
  end

-  pipeline :ap_relay do
+  pipeline :ap_service_actor do
    plug(:accepts, ["activity+json", "json"])
  end

@ -617,6 +617,7 @@ defmodule Pleroma.Web.Router do
  pipeline :activitypub do
    plug(:accepts, ["activity+json", "json"])
    plug(Pleroma.Web.Plugs.HTTPSignaturePlug)
+    plug(Pleroma.Web.Plugs.MappedSignatureToIdentityPlug)
  end

  scope "/", Pleroma.Web.ActivityPub do
@ -663,8 +664,17 @@ defmodule Pleroma.Web.Router do
  end

  scope "/relay", Pleroma.Web.ActivityPub do
-    pipe_through(:ap_relay)
+    pipe_through(:ap_service_actor)
+
    get("/", ActivityPubController, :relay)
+    post("/inbox", ActivityPubController, :inbox)
+  end
+
+  scope "/internal/fetch", Pleroma.Web.ActivityPub do
+    pipe_through(:ap_service_actor)
+
+    get("/", ActivityPubController, :internal_fetch)
+    post("/inbox", ActivityPubController, :inbox)
  end

  scope "/", Pleroma.Web.ActivityPub do
@ -691,6 +701,8 @@ defmodule Pleroma.Web.Router do
    get("/web/login", MastodonAPIController, :login)
    delete("/auth/sign_out", MastodonAPIController, :logout)

+    post("/auth/password", MastodonAPIController, :password_reset)
+
    scope [] do
      pipe_through(:oauth_read_or_public)
      get("/web/*path", MastodonAPIController, :index)
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -8,7 +8,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
  require Logger

  alias Pleroma.Activity
+  alias Pleroma.Config
  alias Pleroma.Emoji
+  alias Pleroma.Healthcheck
  alias Pleroma.Notification
  alias Pleroma.Plugs.AuthenticationPlug
  alias Pleroma.User
@ -23,7 +25,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
  end

  def remote_subscribe(conn, %{"nickname" => nick, "profile" => _}) do
-    with %User{} = user <- User.get_cached_by_nickname(nick), avatar = User.avatar_url(user) do
+    with %User{} = user <- User.get_cached_by_nickname(nick),
+         avatar = User.avatar_url(user) do
      conn
      |> render("subscribe.html", %{nickname: nick, avatar: avatar, error: false})
    else
@ -338,20 +341,21 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
  end

  def healthcheck(conn, _params) do
-    info =
-      if Pleroma.Config.get([:instance, :healthcheck]) do
-        Pleroma.Healthcheck.system_info()
-      else
-        %{}
-      end
+    with true <- Config.get([:instance, :healthcheck]),
+         %{healthy: true} = info <- Healthcheck.system_info() do
+      json(conn, info)
+    else
+      %{healthy: false} = info ->
+        service_unavailable(conn, info)

-    conn =
-      if info[:healthy] do
-        conn
-      else
-        Plug.Conn.put_status(conn, :service_unavailable)
-      end
+      _ ->
+        service_unavailable(conn, %{})
+    end
+  end

-    json(conn, info)
+  defp service_unavailable(conn, info) do
+    conn
+    |> put_status(:service_unavailable)
+    |> json(info)
  end
 end
--- a/lib/pleroma/web/twitter_api/twitter_api.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api.ex
@ -221,6 +221,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
      user
      |> UserEmail.password_reset_email(token_record.token)
      |> Mailer.deliver_async()
+
+      {:ok, :enqueued}
    else
      false ->
        {:error, "bad user identifier"}
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@ -27,6 +27,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do

  require Logger

+  plug(Pleroma.Plugs.RateLimiter, :password_reset when action == :password_reset)
  plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline])
  action_fallback(:errors)

@ -437,6 +438,12 @@ defmodule Pleroma.Web.TwitterAPI.Controller do

    with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do
      json_response(conn, :no_content, "")
+    else
+      {:error, "unknown user"} ->
+        send_resp(conn, :not_found, "")
+
+      {:error, _} ->
+        send_resp(conn, :bad_request, "")
    end
  end

--- a/lib/pleroma/web/uploader_controller.ex
+++ b/lib/pleroma/web/uploader_controller.ex
@ -11,10 +11,6 @@ defmodule Pleroma.Web.UploaderController do
    process_callback(conn, :global.whereis_name({Uploader, upload_path}), params)
  end

-  def callbacks(conn, _) do
-    render_error(conn, :bad_request, "bad request")
-  end
-
  defp process_callback(conn, pid, params) when is_pid(pid) do
    send(pid, {Uploader, self(), conn, params})

--- a/lib/pleroma/web/web_finger/web_finger.ex
+++ b/lib/pleroma/web/web_finger/web_finger.ex
@ -32,7 +32,7 @@ defmodule Pleroma.Web.WebFinger do

  def webfinger(resource, fmt) when fmt in ["XML", "JSON"] do
    host = Pleroma.Web.Endpoint.host()
-    regex = ~r/(acct:)?(?<username>\w+)@#{host}/
+    regex = ~r/(acct:)?(?<username>[a-z0-9A-Z_\.-]+)@#{host}/

    with %{"username" => username} <- Regex.named_captures(regex, resource),
         %User{} = user <- User.get_cached_by_nickname(username) do