Commit graph

2137 commits

Author SHA1 Message Date
tobi 2a99df0588
[feature] enable + document explicit IP dialer allowing/denying (#1950)
* [feature] enable + document explicit IP dialer allowing/denying

* lord have mercy

* allee jonge

* shortcut check ipv6 prefixes

* comment

* separate httpclient_test, export Sanitizer
2023-07-07 16:17:39 +02:00
tobi ac564c1862
[bugfix] Reorder web view logic, other small fixes (#1954) 2023-07-07 14:58:53 +02:00
Daenney 9ff4c20374
[docs] Rework backups a bit (#1942)
* [docs] Rework backups a bit

This changes the existing backup documentation to:

* Push a bit harder on people to perform backups, it's not really just a
  nice to have
* Removes the language about migrating to/from GoToSocial and a
  different ActivityPub server since that's really not supported
* Adds a section about using backup software and provides an example on
  how to do this using Borgmatic

* [docs] Remove too much info in db section

* [docs] Add docs on how to backup local media

This adds documentation pointing people at the media list-local command
in order to determine what media files they need to include as part of
their backups.

Provides a Python script that people can use to transform the media
listing from the CLI into Borg patterns. It also includes a Borgmatic
config.yaml in the repository so people can easily fetch it instead of
copy-pasting from the docs.

* [bugfix] Ensure we emit an absolute path prefix

It works either way, as a pattern like data/files/<ID> would match a
file on /data/files/<ID>. But it would potentially also match any path
that happens to include data/files/<ID> but not rooted at the
storage-local-base-path.

* [docs] Add more links to media list CLI reference
2023-07-07 11:45:42 +02:00
Daenney 81f33c3b9f
[feature] Add media list command (#1943)
* [feature] Add media list command

This is an attempt to help alleviate #1776. Using admin media list
--local the full path to each local media file will be printed, with a
newline. The output of this should be feadable into backup tools in
order to allow to backup local media too. Together with the database
this should allow to fully recover from the loss of an instance.

The list command also gets a --remote flag for symmetry. In the case
of --remote we print the RemoteURL instead, the location the asset can
be retrieved from.

To get all media, you can run with --local and --remote.

* [bugfix] Fix the test failures

* [feature] Reimplement list media as top commands

This changes the implementation of admin media list --<variant> to two
separate top-level commands, list-local and list-remote.

The implementation now iterates over over the database in batches of 200
in order to avoid loading all media metadata into memory.

* [feature] Implement ListMedia with filter callback

This does away with the somewhat odd iterator-like structure we had
before and does away with most of the loop duplication in list-local and
list-remote. Instead they call GetAllMediaPaths with a filter func to
select the media they want. That's accumulated into a slice and
eventually returned.

* [bugfix] Simplify remote filter

Since we don't append the empty string anywhere, the remote filter can
be limited to returning RemoteURL, as that'll be an empty string for
local media.

* [docs] Add media list commands to CLI reference

---------

Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
2023-07-07 11:35:05 +02:00
tobi e70bf8a6c8
[chore/bugfix] Domain block tidying up, Implement first pass of 207 Multi-Status (#1886)
* [chore/refactor] update domain block processing

* expose domain block import errors a lil better

* move/remove unused query keys
2023-07-07 11:34:12 +02:00
tobi d9c69f6ce0
[chore/performance] Remove remaining 'whereEmptyOrNull' funcs (#1946) 2023-07-05 12:34:37 +02:00
tobi 3d16962173
[chore/bugfix] Break Websockets logic into smaller read/write functions, don't log expected errors (#1932)
* [chore/bugfix] Break Websockets logic into smaller read/write functions, don't log expected errors

* tweak

* tidy up, use control message
2023-07-04 12:55:10 +02:00
Daenney ba0bc06b8c
[feature] Add instance stats to /about (#1936)
When you configure the landing-page-user redirect, you lose access to
the one page that displays server stats. This adds the same stats as we
have on / to /about to bring those back.
2023-07-04 11:33:07 +02:00
dependabot[bot] 1218f97e01
[chore]: Bump github.com/minio/minio-go/v7 from 7.0.58 to 7.0.59 (#1941)
Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.58 to 7.0.59.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.58...v7.0.59)

---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-04 11:22:40 +02:00
Daenney 2a40c81f10
[bugfix] Try to fix the webfinger test, again (#1931)
For some reason we hit the case in CI where the
TestFingerWithHostMetaCacheStrategy seems to experience some time
dilation. It's possible this is a genuine bug, but I can't for the life
of me reproduce it locally, even after having run this test thousands of
times (-count=1000 when invoking go test etc.)

This changes the test to explicitly stop the webfinger cache, set TTL
and Sweep frequency to something well beyond the lifetime of the cache
during the test and then starts the cache again. Hopefully that does it,
because the other option that remains is that for some reason
timekeeping in CI/Docker is not as precise as when running the test on a
host.
2023-06-27 18:32:03 +02:00
tobi d98b6318ac
[bugfix] Use gtserror package for WrongType errs (#1930)
* [bugfix] Use gtserror package for WrongType errs

* test
2023-06-27 11:37:42 +02:00
dependabot[bot] e3e0f673cc
[chore]: Bump github.com/minio/minio-go/v7 from 7.0.56 to 7.0.58 (#1928) 2023-06-26 20:45:49 +00:00
dependabot[bot] 4ad933b71c
[chore]: Bump github.com/miekg/dns from 1.1.54 to 1.1.55 (#1929)
Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.54 to 1.1.55.
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](https://github.com/miekg/dns/compare/v1.1.54...v1.1.55)

---
updated-dependencies:
- dependency-name: github.com/miekg/dns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 22:35:40 +02:00
dependabot[bot] 120743d3bf
[chore]: Bump github.com/tdewolff/minify/v2 from 2.12.6 to 2.12.7 (#1927) 2023-06-26 09:34:00 +00:00
dependabot[bot] 33ccb716fc
[chore]: Bump golang.org/x/image from 0.7.0 to 0.8.0 (#1926) 2023-06-26 09:32:58 +00:00
tobi 52ebff5e7e
[bugfix] Only mark status orphaned on 410 Gone (#1923) 2023-06-24 13:59:28 +02:00
tobi 3e19f480e6
[bugfix] Ensure InReplyToID set properly, update dereference ancestors func (#1921) 2023-06-24 08:32:10 +01:00
kim 9a22102fa8
[bugfix/chore] oauth entropy fix + media cleanup tasks rewrite (#1853) 2023-06-22 20:46:36 +01:00
Daenney c4cf6326d8
[docs] Clarify email requirement for OIDC (#1918) 2023-06-21 21:22:51 +02:00
kim 8e0043104d
[performance] update go-cache library (#1917)
* update go-cache library

Signed-off-by: kim <grufwub@gmail.com>

* fix broken test after cache library upgrade

Signed-off-by: kim <grufwub@gmail.com>

* fix the webfinger test

Signed-off-by: kim <grufwub@gmail.com>

---------

Signed-off-by: kim <grufwub@gmail.com>
2023-06-21 21:08:48 +02:00
tobi 831ae09f8b
[feature] Add partial text search for accounts + statuses (#1836) 2023-06-21 17:26:40 +01:00
tobi fab64a20b0
[docs] Disambiguate docker version, don't recommend opening localhost (#1913) 2023-06-20 14:36:23 +02:00
dependabot[bot] f56dd290e1
[chore]: Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 (#1908) 2023-06-19 08:19:49 +00:00
Umar Getagazov 84eb7eaf26
[chore] Fix Swagger paths for lists API endpoints (#1904) 2023-06-19 10:00:19 +02:00
Umar Getagazov 73bfb5fbff
[bugfix] Parse POST-style forms in the list member removal endpoint (#1903) 2023-06-19 09:58:58 +02:00
dependabot[bot] 70357a770f
[chore]: Bump github.com/jackc/pgx/v5 from 5.3.1 to 5.4.1 (#1907)
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.3.1 to 5.4.1.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.3.1...v5.4.1)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-19 09:56:15 +02:00
dependabot[bot] b560fe186d
[chore]: Bump golang.org/x/net from 0.10.0 to 0.11.0 (#1909)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.11.0.
- [Commits](https://github.com/golang/net/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-19 09:54:50 +02:00
dependabot[bot] 54f3387c11
[chore]: Bump golang.org/x/crypto from 0.9.0 to 0.10.0 (#1910)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/crypto/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-19 09:54:29 +02:00
tobi d8e16a226a
[chore/bugfix] Refactor ap/extract.go functions, return URIs more reliably (#1897) 2023-06-17 16:49:11 +01:00
Umar Getagazov 0fa06c0cde
[bugfix] Accept non-multipart forms for account updates (#1896)
* [bugfix] Update Swagger schema per max_profile_fields addition

* [bugfix] Accept non-multipart forms for account updates
2023-06-16 11:16:04 +02:00
tobi 827cc4df56
[chore/bugfix] Demote failed inbox forwarding to warn log rather than error return (#1892) 2023-06-14 15:08:31 +02:00
tobi 24fbdf2b0a
[chore] Refactor AP authentication, other small bits of tidying up (#1874) 2023-06-13 15:47:56 +01:00
Daenney 433b56d2f9
[docs] Add certificates and firewalling to advanced (#1888)
* [docs] Add a certificates guide in Advanced

This adds some documentation about the process of getting certificates
through ACME in general. It also provides a number of links to
alternative clients and certbot deployment guides that are up to date.

Slightly restructure the NGINX and Apache reverse proxy documentation
and insert mentions to the Provisioning TLS certificates advanced
documentation in them.

* [docs] Add firewall section in Advanced

* [docs] Add new guides to section indexes

* [docs] Fix spelling issue

* [docs] Fix a few typos
2023-06-13 16:30:09 +02:00
f0x52 8fb5a7e7f8
[Frontend] Settings for profile fields (#1885)
* get max emoji size from instance settings

* expose (hardcoded) max amount of profile fields in instance api

* basic profile field setting

* fix profile field hook structure for updates

* *twirls mustache* fix ze tests

---------

Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
2023-06-13 12:21:26 +02:00
Daenney 4990099fde
[docs] Made Advanced its own section (#1883)
* [docs] Made Advanced its own section

This splits the Advanced page off from the Getting Started guide and
makes it its own thing. It now has some additional sub-sections for
bigger topics like caching and enhanced security. This also moves
tracing from Getting Started to Advanced as that feels like a more
appropriate location for it.

The enhanced security looks a little silly with a single section, but I
have guides pending for firewall configurations and I'd also like to
consolidate our how to provision TLS certificates in there as we repeat
this information multiple times.

* [docs] Fix all my spelling errors

* [docs] Inline the links in sandboxing
2023-06-12 15:38:53 +02:00
dependabot[bot] 5d19fb1b2f
[chore]: Bump modernc.org/sqlite from 1.23.0 to 1.23.1 (#1884)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.23.0 to 1.23.1.
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.23.0...v1.23.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 11:25:23 +02:00
tobi 5e2897e35c
[bugfix] Invalidate timeline entries for status when stats change (#1879) 2023-06-11 10:18:44 +01:00
Daenney 84e1c7a7c4
[docs] Revamp the installation guide (#1877)
This tries to revamp/restructure the installation guide. It's renamed to
"Getting Started" as it now contains a few more things than just the
installation, especially the deployment considerations which we didn't
use to spell out as much ahead of time.

Installation is now a section with the guides on their own. I've removed
a bit of redundancy like the user creation. I also removed the rogue
reverse proxy section in the Docker guide and lifted that into the
reverse proxy section.
2023-06-10 11:13:04 +02:00
tobi b0015a3604
[bugfix] Delete from list timeline on status deletion (#1878) 2023-06-10 11:11:54 +02:00
Daenney 6f6b8576f0
[docs] Add example tracing infrastructure (#1866)
This adds an example on how to get Grafana Tempo up to receive spans as
well as Grafana itself to view them.

I've added this as a separate Tracing doc in the installation guide as
the Advanced one was starting to get rather full.

Fixes: #1791
2023-06-09 16:04:23 +02:00
tobi b401bd1ccb
[chore] update latest deps, ensure readme up to date (#1873)
* [chore] update latest deps, ensure readme up to date

* remove double entry
2023-06-05 10:15:05 +02:00
dependabot[bot] f1b70cc00f
[chore]: Bump github.com/minio/minio-go/v7 from 7.0.55 to 7.0.56 (#1869)
Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.55 to 7.0.56.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.55...v7.0.56)

---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-05 09:28:13 +02:00
dependabot[bot] 7638a68688
[chore]: Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1872)
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.3...v1.8.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-05 09:25:52 +02:00
tobi d7d660374a
[bugfix] Fix slow joined home timeline query (#1867) 2023-06-04 20:17:28 +01:00
Daenney 45773a0bf4
[bugfix/docs] AppArmor profile for SQLite (#1864)
Our default configuration places the SQLite DB in /gotosocial/, but the
AppArmor profile doesn't allow us to write there. Instead of making the
whole directory writable, add a writable area in /gotosocial/db/ instead
and advise in the docs to move the DB there.
2023-06-04 18:55:57 +02:00
tobi 97bc2e713a
[chore] tidy + test timelines a bit better (#1865)
* [chore] tidy + test timelines a bit better

* thanks linter
2023-06-04 18:55:30 +02:00
Daenney 186e849dbf
[docs] Add Repology stats (#1859)
Instead of a manually curated list of distribution packages, this adds
the Repology[1] widget instead.

This also separates out the distribution packages from the
self-hosting/deployment options into their own sections.

[1]: https://repology.org/project/gotosocial/versions
2023-06-04 11:40:32 +02:00
tobi 21c1552daa
[chore] Update versions, fix lint errors (#1860) 2023-06-03 13:58:57 +02:00
tobi 1d4137fb88
[bugfix] Fix first item of thread dereferencing always being skipped (#1858)
* [bugfix] Fix first item of thread dereferencing always being skipped

* tweak to status descendant item iteration

Signed-off-by: kim <grufwub@gmail.com>

---------

Signed-off-by: kim <grufwub@gmail.com>
Co-authored-by: kim <grufwub@gmail.com>
2023-06-03 11:35:15 +02:00
Julian-Samuel Gebühr 1f39275c0f
[bugfix] Allow lowercase emoji shortcode in frontend (#1851)
* Replace pinafore with semaphore

* Typo

* Allow lowercase emoji shortcode in frontend

* Fix failing test (corrected expected outcome)
2023-06-02 17:42:14 +02:00