hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
17,740 commits 2 branches 0 tags 241 MiB
Commit graph

10,418 commits

Author SHA1 Message Date
Lain Soykaf
02185ec711 StripLocation, ReadDescription: Silence noisy errors. 2026-01-26 20:51:35 +02:00
nicole mikołajczyk
520bac27dc Add changelog entry 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2026-01-26 20:51:35 +02:00
nicole mikołajczyk
5068e31583 optimize follow_request_count for own account view 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2026-01-26 20:51:35 +02:00
floatingghost
c07506ab6e paginate follow requests (#460) 
matches https://docs.joinmastodon.org/methods/follow_requests/#get mostly

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/460
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2026-01-26 20:51:35 +02:00
Lain Soykaf
3d7d119782 Linting 2026-01-26 20:51:35 +02:00
Lain Soykaf
b013ec9123 Emoji, AccountView, UtilController: Handle encoding of emoji 2026-01-26 20:51:35 +02:00
Lain Soykaf
7ce7d4d319 Linting 2026-01-26 20:51:35 +02:00
Lain Soykaf
33b8ccf21f Emoji: Handle more edge cases for local emoji with strange filenames. 2026-01-26 20:51:35 +02:00
Lain Soykaf
72fea0c901 Emoji: Unify tag building, fix tests. 2026-01-26 20:51:35 +02:00
nicole mikołajczyk
e40bedc601 Add v1/instance/domain_blocks endpoint 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2026-01-26 20:51:35 +02:00
Mark Felder
71a4b8d0f2 In-house redirect handler for mediaproxy with Hackney adapter 
Also ensure we always pass an absolute URL to Hackney when parsing a redirect response

(cherry picked from commit 00ac6bce8d244eec7e2460358296619e5cacba6b)
 2026-01-26 20:51:35 +02:00
Lain Soykaf
b85507c764 http(hackney): disable adapter redirects by default 
Hackney 1.25.x has redirect handling issues behind CONNECT proxies and with pools.
Disable hackney-level redirects and rely on Tesla.Middleware.FollowRedirects instead.
Also default to with_body: true so redirects can be followed reliably.
 2026-01-26 20:51:35 +02:00
Henry Jameson
8d82808d7a Merge remote-tracking branch 'origin/develop' into shigusegubu 2026-01-03 02:01:33 +02:00
Lain Soykaf
6c73ebe484 Merge branch 'phnt/mastoapi-misattribution-3381' into release/2.10-sec 2025-12-29 09:47:54 +04:00
lain
1a313fa30c Merge branch 'replies_collection' into 'develop' 
Provide full replies collection in ActivityPub objects (ported from akkoma)

See merge request pleroma/pleroma!4370
 2025-12-25 10:22:53 +00:00
Lain Soykaf
916c8c0581 ActivityPubController: Don't crash on unknown params 2025-12-25 13:04:09 +04:00
Lain Soykaf
e07b3d2442 ObjectView: Make the first reply collection a page, so it shows the actual items. 2025-12-25 12:54:09 +04:00
Lain Soykaf
8e94c5ca38 UserView: Followers != Follows 2025-12-25 12:53:36 +04:00
Lain Soykaf
fc15c25889 Transmogrifier: Only set replies on objects, not activities. 2025-12-25 12:50:55 +04:00
Phantasm
df375662d6
 		AP: simplify visible_for_user? conditions. 
`true or true` returns `true`
 2025-12-23 17:04:08 +01:00
lain
2f48544937 Merge branch 'akkoma-fixes-1014-1018' into 'develop' 
Status visibility checks for post interactions, stop leaking internal Activity representation (Akkoma PR 1014 and 1018)

Closes #3383

See merge request pleroma/pleroma!4400
 2025-12-23 13:55:18 +00:00
Phantasm
01ffaba3d2
 		MastoAPI: Fix unauth visibility checks when fetching by Activity FlakeID 
- Adds another Pleroma.ActivityPub.Visibility.visible_for_user?/2 func
- Modifies existing tests to include a local Activity referencing a
  remote Object
- Changes Announce Activity test factory to reference Objects instead of
  Activities and use a different Actor for the Announce
- Changes ap_id of remote user in Announce test factory to match Objects
- Adds `object_local` option to Note factories that explicitly changes
  the domain in the URL to not match the endpoint URL in the test env
  to properly work with the new visibility func, since we don't store
  locality of Object unlike Activities
 2025-12-23 00:07:16 +01:00
Phantasm
c2b40659e7
 		MastoAPI: Fix misattribution when fetching status by Activity FlakeID 2025-12-22 23:33:00 +01:00
lain
1d366c0138 Merge branch 'transmogrifier/handle-as-public' into 'develop' 
Transmogrifier: convert "as:Public" to full w3 URL

See merge request pleroma/pleroma!4394
 2025-12-22 07:39:44 +00:00
lain
d19b992417 Merge branch 'webfinger-actual-fix' into 'develop' 
Fix WebFinger for split-domain setups

See merge request pleroma/pleroma!4405
 2025-12-22 07:38:55 +00:00
Lain Soykaf
e9d9724637 WebFinger: Tighten the requirements. 2025-12-21 17:46:39 +04:00
Lain Soykaf
ec58b6a4cc CommonFixes, Transmogrifier: Fix tests. 2025-12-21 15:19:38 +04:00
Lain Soykaf
98f300c5ae Transmogrifier: Handle user updates. 2025-12-21 14:16:57 +04:00
nicole mikołajczyk
e0ab2c9c9c Merge remote-tracking branch 'origin/develop' into mastodon-quote-id-api 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-12-17 13:43:45 +01:00
nicole mikołajczyk
c06fcc7f5d Merge branch 'order-favourites-reblogs' into 'develop' 
Order favourites and reblogs list from newest to oldest

See merge request pleroma/pleroma!4399
 2025-12-16 23:49:01 +01:00
nicole mikołajczyk
d41e2fbaaf Merge branch 'preferred-frontend' into 'develop' 
Port Akkoma frontend preference code

See merge request pleroma/pleroma!4398
 2025-12-16 20:54:00 +01:00
nicole mikołajczyk
c6298be9f0 Merge branch 'scrobbles-scope' into 'develop' 
Add `write:scrobbles` and `read:scrobbles` scope for scrobbling

See merge request pleroma/pleroma!4379
 2025-12-16 20:53:32 +01:00
nicole mikołajczyk
45af48520b this shouldn't be available outside the module 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-12-15 18:10:00 +01:00
nicole mikołajczyk
3e2573f1c4 Fix WebFinger for split-domain set ups 
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
 2025-12-15 17:01:53 +01:00
Phantasm
4985902b02
 		Add Actor images normalization from array of urls to string 2025-12-15 00:00:57 +01:00
Phantasm
3466b626d6
 		lint 2025-12-14 14:06:38 +01:00
Phantasm
d36d0abd27
 		API Docs: Switch some added 404 API response to ApiNotFoundError schema 2025-12-12 21:17:58 +01:00
Phantasm
49a5630c75
 		CommonAPI: Standardize visibility error, use helper function if possible 2025-12-12 18:05:58 +01:00
Phantasm
53f23dd259
 		MastoAPI docs: Remove unused 403 respones 2025-12-12 00:04:28 +01:00
Phantasm
fe7108cbc2
 		MastoAPI: Unify pin/bookmark/mute/fav not visible responses to 404 
Also adds more tests for these interactions.
 2025-12-12 00:04:27 +01:00
Phantasm
73a3f06f71
 		PleromaAPI: Change EmojiReact to invisible post response from 400 to 404 2025-12-12 00:03:59 +01:00
Phantasm
293628fb24
 		MastoAPI/CommonAPI: Return 404 when post not visible to user 
Akkoma patches returned 403 and some of my previous commits returned 422.
This unifies the errors returned to 404 "Record not found", gaslighting
user just like we do for other endpoints and how Mastodon does it.
 2025-12-11 23:32:21 +01:00
Phantasm
9d89156b84
 		AP C2S: Explicitly reject Updates to Actors that failed silently 2025-12-11 23:32:21 +01:00
Phantasm
426535bc38
 		CommonAPI: Forbid disallowed status (un)muting and unpinning 
When a user tried to unpin a status not belonging to them, a full
MastoAPI response was sent back even if status was not visible to them.

Ditto with (un)mutting except ownership.
 2025-12-11 23:30:04 +01:00
Phantasm
21b2fd1e05
 		AP C2S: reject Flag activities, add visibility refutes to some tests 2025-12-11 23:30:04 +01:00
Phantasm
7f3b3c2491
 		AP C2S: remove check for local user since user is already authenticated 
Before a request arrives to update_outbox, it already passed through out
Plug authentication (:authenticate), so at this point all users should
be local.

Also adds Listen Activities to the list of allowed Activities that don't
need an existing normalized object referenced in them.
 2025-12-11 23:30:04 +01:00
Phantasm
2b76243ec8
 		CommonAPI: Fail when user sends report with posts not visible to them 2025-12-11 23:30:03 +01:00
Phantasm
a4e480a636
 		lint and credo 2025-12-11 23:30:03 +01:00
Phantasm
b3887a6fa7
 		AP C2S: Validate visibility for C2S requests to /users/:nickname/outbox 
A local user could previously send Announce/EmojiReact/Like activities
to their outbox referencing objects that aren't visible to them and they
would get processed as if can see them. Only requirement is knowing
the URI of the object and the users instance having C2S enabled (currently
disabled by default).
 2025-12-11 23:30:03 +01:00
Oneric
18d762c01b
 		Add voters key to internal object fields 
It is inlined and used to keep track of who already voted for a poll.
This is expected to be confidential information and must no be exposed
 2025-12-11 23:30:03 +01:00