Commit graph

35 commits

Author SHA1 Message Date
tobi 89e0cfd874
[feature] Admin accounts endpoints; approve/reject sign-ups ()
* update settings panels, add pending overview + approve/deny functions

* add admin accounts get, approve, reject

* send approved/rejected emails

* use signup URL

* docs!

* email

* swagger

* web linting

* fix email tests

* wee lil fixerinos

* use new paging logic for GetAccounts() series of admin endpoints, small changes to query building

* shuffle useAccountIDIn check *before* adding to query

* fix parse from toot react error

* use `netip.Addr`

* put valid slices in globals

* optimistic updates for account state

---------

Co-authored-by: kim <grufwub@gmail.com>
2024-04-13 13:25:10 +02:00
kim 83e7847cdf
fix possible nil panic () 2024-04-04 16:45:59 +01:00
tobi ab2d063fcb
[feature] Process outgoing Move from clientAPI ()
* prevent moved accounts from taking create-type actions

* update move logic

* federate move out

* indicate on web profile when an account has moved

* [docs] Add migration docs section

* lock while checking + setting move state

* use redirectFollowers func for clientAPI as well

* comment typo

* linter? i barely know 'er!

* Update internal/uris/uri.go

Co-authored-by: Daenney <daenney@users.noreply.github.com>

* add a couple tests for move

* fix little mistake exposed by tests (thanks tests)

* ensure Move marked as successful

* attach shared util funcs to struct

* lock whole account when doing move

* move moving check to after error check

* replace repeated text with error func

* linterrrrrr!!!!

* catch self follow case

---------

Co-authored-by: Daenney <daenney@users.noreply.github.com>
2024-03-13 13:53:29 +01:00
kim 8b8211986e
[chore] also allow text/xml in place of application/xml () 2024-02-14 13:07:58 +01:00
kim 2bafd7daf5
[bugfix] add stricter checks during all stages of dereferencing remote AS objects ()
* add stricter checks during all stages of dereferencing remote AS objects

* a comment
2024-02-14 12:13:38 +01:00
Vyr Cossont 7e0a203173
[bugfix] Fix EmptyJSONObject/EmptyJSONArray ()
* Fix EmptyJSONObject/EmptyJSONArray

These are meant to be the bytes representing an empty object and array in JSON: `{}` and `[]`. They are actually the strings `"{}"` and `"[]"`. This causes clients expecting an object or array to not be able to parse the response.

* Use json.RawMessage instead of []byte
2024-01-28 11:49:04 +01:00
tobi 0ff52b71f2
[chore] Refactor HTML templates and CSS ()
* [chore] Refactor HTML templates and CSS

* eslint

* ignore "Local"

* rss tests

* fiddle with OG just a tiny bit

* dick around with polls a bit more so SR stops saying "clickable"

* remove break

* oh lord

* don't lazy load avatar

* fix ogmeta tests

* clean up some cruft

* catch remaining calls to c.HTML

* fix error rendering + stack overflow in tag

* allow templating attributes

* fix indent

* set aria-hidden on status complementary content, since it's already present in the label anyway

* tidy up templating calls a little

* try to make styling a bit more consistent + readable

* fix up some remaining CSS issues

* fix up reports
2023-12-27 11:23:52 +01:00
kim 8ebb7775a3
[feature] request blocking by http headers () 2023-12-18 14:18:25 +00:00
kim d56a8d095e
[performance] simpler throttling logic ()
* reduce complexity of throttling logic to use 1 queue and an atomic int

* use atomic add instead of CAS, add throttling test
2023-12-16 12:53:42 +01:00
kim 74700cc803
[performance] http response encoding / writing improvements () 2023-11-27 14:00:57 +00:00
kim 16275853eb
[bugfix] self-referencing collection pages for status replies () 2023-11-20 12:22:28 +00:00
tobi 8d0c017cf2
[feature/performance] Wrap incoming HTTP requests in timeout handler ()
* deinterface router, start messing about with deadlines

* weeeee

* thanks linter (thinter)

* write Connection: close when timing out requests

* update wording

* don't replace req

* don't bother with fancy Cause functions (I'll use them one day...)
2023-11-13 19:48:51 +01:00
kim e9e5dc5a40
[feature] add support for polls + receiving federated status edits () 2023-11-08 14:32:17 +00:00
tobi 183eaa5b29
[feature] Implement explicit domain allows + allowlist federation mode ()
* love like winter! wohoah, wohoah

* domain allow side effects

* tests! logging! unallow!

* document federation modes

* linty linterson

* test

* further adventures in documentation

* finish up domain block documentation (i think)

* change wording a wee little bit

* docs, example

* consolidate shared domainPermission code

* call mode once

* fetch federation mode within domain blocked func

* read domain perm import in streaming manner

* don't use pointer to slice for domain perms

* don't bother copying blocks + allows before deleting

* admonish!

* change wording just a scooch

* update docs
2023-09-21 12:12:04 +02:00
tobi 2796a2e82f
[feature] Hashtag federation (in/out), hashtag client API endpoints ()
* update go-fed

* do the things

* remove unused columns from tags

* update to latest lingo from main

* further tag shenanigans

* serve stub page at tag endpoint

* we did it lads

* tests, oh tests, ohhh tests, oh tests (doo doo doo doo)

* swagger docs

* document hashtag usage + federation

* instanceGet

* don't bother parsing tag href

* rename whereStartsWith -> whereStartsLike

* remove GetOrCreateTag

* dont cache status tag timelineability
2023-07-31 15:47:35 +02:00
tobi 89ee9d5004
[bugfix] Return all accounts when list accounts limit <= 0 () 2023-07-21 13:56:38 +01:00
kim f4319740ab
[bugfix] more robust list timeline invalidation () 2023-07-18 09:43:17 +01:00
tobi 12b6cdcd8c
[bugfix] Set Vary header correctly on cache-control ()
* [bugfix] Set Vary header correctly on cache-control

* Prefer activitypub types on AP endpoints

* use immutable on file server, vary by range

* vary auth on Accept
2023-07-13 21:27:25 +02:00
tobi ac564c1862
[bugfix] Reorder web view logic, other small fixes () 2023-07-07 14:58:53 +02:00
tobi e70bf8a6c8
[chore/bugfix] Domain block tidying up, Implement first pass of 207 Multi-Status ()
* [chore/refactor] update domain block processing

* expose domain block import errors a lil better

* move/remove unused query keys
2023-07-07 11:34:12 +02:00
tobi 831ae09f8b
[feature] Add partial text search for accounts + statuses () 2023-06-21 17:26:40 +01:00
tobi 24fbdf2b0a
[chore] Refactor AP authentication, other small bits of tidying up () 2023-06-13 15:47:56 +01:00
tobi 21c1552daa
[chore] Update versions, fix lint errors () 2023-06-03 13:58:57 +02:00
tobi 2358cf4e43
[bugfix] Overwrite API client closed errors with 499 - Client Closed Request ()
* [bugfix] Overwrite client closed errors with 499

* bleep bloop

* review changes
2023-06-02 15:19:43 +02:00
tobi f5c004d67d
[feature] Add List functionality ()
* start working on lists

* further list work

* test list db functions nicely

* more work on lists

* peepoopeepoo

* poke

* start list timeline func

* we're getting there lads

* couldn't be me working on stuff... could it?

* hook up handlers

* fiddling

* weeee

* woah

* screaming, pissing

* fix streaming being a whiny baby

* lint, small test fix, swagger

* tidying up, testing

* fucked! by the linter

* move timelines to state like a boss

* add timeline start to tests using state

* invalidate lists
2023-05-25 10:37:38 +02:00
Daenney e91cabb704
[bugfix] Fix NegotiateFormat with multiple accept headers ()
* [bugfix] Fix NegotiateAccept with multi accept

There's a bug in Gin's NegotiateFormat that doesn't handle the presence
of multilpe accept headers. This lifts the code from the PR @tsmethurst
sent a year ago to Gin into our codebase to fix the issue.

* [bugfix] Concat accept header in webfinger

Some implementations bug out when there's multiple accept headers,
including Gin (see 7050112af1). But things
seem to work reliably with a single accept header with multiple parts.

Fixes: 
2023-05-16 15:08:45 +02:00
Natsu Kagami ba5a464ca5
[chore] Prefer JSON errors in API endpoints ()
* Default to JSON over HTML for error handling

* Change the default error display for web endpoints to html
2023-05-12 10:16:41 +02:00
tobi 5027d0ced2
[bugfix] Serve correct 'application/jrd+json' content type for webfinger requests ()
* [bugfix] Return `application/jrd+json` from webfinger queries

* update finger req content-type
2023-05-04 12:28:50 +02:00
kim 6a29c5ffd4
[performance] improved request batching (removes need for queueing) ()
* revamp http client to not limit requests, instead use sender worker

Signed-off-by: kim <grufwub@gmail.com>

* remove separate sender worker pool, spawn 2*GOMAXPROCS batch senders each time, no need for transport cache sweeping

Signed-off-by: kim <grufwub@gmail.com>

* improve batch senders to keep popping recipients until remote URL found

Signed-off-by: kim <grufwub@gmail.com>

* fix recipient looping issue

Signed-off-by: kim <grufwub@gmail.com>

* fix missing mutex unlock

Signed-off-by: kim <grufwub@gmail.com>

* move request id ctx key to gtscontext, finish filling out more code comments, add basic support for not logging client IP

Signed-off-by: kim <grufwub@gmail.com>

* slight code reformatting

Signed-off-by: kim <grufwub@gmail.com>

* a whitespace

Signed-off-by: kim <grufwub@gmail.com>

* remove unused code

Signed-off-by: kim <grufwub@gmail.com>

* add missing license headers

Signed-off-by: kim <grufwub@gmail.com>

* fix request backoff calculation

Signed-off-by: kim <grufwub@gmail.com>

---------

Signed-off-by: kim <grufwub@gmail.com>
2023-04-28 17:45:21 +02:00
Daenney 5e2bf0bdca
[chore] Improve copyright header handling ()
* [chore] Remove years from all license headers

Years or year ranges aren't required in license headers. Many projects
have removed them in recent years and it avoids a bit of yearly toil.

In many cases our copyright claim was also a bit dodgy since we added
the 2021-2023 header to files created after 2021 but you can't claim
copyright into the past that way.

* [chore] Add license header check

This ensures a license header is always added to any new file. This
avoids maintainers/reviewers needing to remember to check for and ask
for it in case a contribution doesn't include it.

* [chore] Add missing license headers

* [chore] Further updates to license header

* Use the more common // indentend comment format
* Remove the hack we had for the linter now that we use the // format
* Add SPDX license identifier
2023-03-12 16:00:57 +01:00
Daenney a312238e79
[feature] Provide .well-known/host-meta endpoint ()
* [feature] Provide .well-known/host-meta endpoint

This adds the host-meta endpoint as Mastodon clients use this to
discover the API domain to use when the host and account domains aren't
the same.

* Address review comments
2023-03-09 17:55:45 +00:00
Daenney 68e6d08c76
[feature] Add a request ID and include it in logs ()
This adds a lightweight form of tracing to GTS. Each incoming request is
assigned a Request ID which we then pass on and log in all our log
lines. Any function that gets called downstream from an HTTP handler
should now emit a requestID=value pair whenever it logs something.

Co-authored-by: kim <grufwub@gmail.com>
2023-02-17 12:02:29 +01:00
tobi 382512a5a6
[feature] Implement /api/v2/instance endpoint ()
* interim: start adding /api/v2/instance

* finish up
2023-02-02 14:08:13 +01:00
tobi 0dbe6c514f
[chore] Update/add license headers for 2023 () 2023-01-05 12:43:00 +01:00
tobi 941893a774
[chore] The Big Middleware and API Refactor (tm) ()
* interim commit: start refactoring middlewares into package under router

* another interim commit, this is becoming a big job

* another fucking massive interim commit

* refactor bookmarks to new style

* ambassador, wiz zeze commits you are spoiling uz

* she compiles, we're getting there

* we're just normal men; we're just innocent men

* apiutil

* whoopsie

* i'm glad noone reads commit msgs haha :blob_sweat:

* use that weirdo go-bytesize library for maxMultipartMemory

* fix media module paths
2023-01-02 12:10:50 +00:00