Commit graph

1663 commits

Author SHA1 Message Date
tobi 66bedc4747
[bugfix] Use account ID host as accDomain if 2nd webfinger lookup fails (#1630) 2023-03-19 15:45:13 +00:00
tobi 7db81cde44
[feature] Email notifications for new / closed moderation reports (#1628)
* start fiddling about with email sending to allow multiple recipients

* do some fiddling

* notifs working

* notify on closed report

* finishing up

* envparsing

* use strings.ContainsAny
2023-03-19 13:11:46 +01:00
Daenney 9c55c07be9
[docs] Update docs on how to login (#1626)
This adds a section to the docs instructing how to ensure apps will be
able to successfully login to an instance when host- and account-domain
differ.

Resolves #1609
2023-03-16 11:43:19 +01:00
tobi 196cd88b1c
[feature] Allow admins to send test emails (#1620)
* [feature] Allow admins to send test emails

* implement unwrap on new error type

* add + use gtserror types

* GoToSocial Email Test -> GoToSocial Test Email

* add + use getInstance db call

* removed unused "unknown" error type
2023-03-14 16:11:04 +00:00
tobi d5529d6c9f
[chore] fix + update swagger docs (#1622) 2023-03-14 10:56:34 +01:00
dependabot[bot] 19e058466d
[chore]: Bump github.com/ulule/limiter/v3 from 3.11.0 to 3.11.1 (#1616)
Bumps [github.com/ulule/limiter/v3](https://github.com/ulule/limiter) from 3.11.0 to 3.11.1.
- [Release notes](https://github.com/ulule/limiter/releases)
- [Commits](https://github.com/ulule/limiter/compare/v3.11.0...v3.11.1)

---
updated-dependencies:
- dependency-name: github.com/ulule/limiter/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 09:59:49 +01:00
dependabot[bot] e448260e86
[chore]: Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#1618)
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 09:56:14 +01:00
dependabot[bot] 86dafa6871
[chore]: Bump github.com/abema/go-mp4 from 0.10.0 to 0.10.1 (#1617)
Bumps [github.com/abema/go-mp4](https://github.com/abema/go-mp4) from 0.10.0 to 0.10.1.
- [Release notes](https://github.com/abema/go-mp4/releases)
- [Commits](https://github.com/abema/go-mp4/compare/v0.10.0...v0.10.1)

---
updated-dependencies:
- dependency-name: github.com/abema/go-mp4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 09:52:57 +01:00
dependabot[bot] 34f453878b
[chore]: Bump golang.org/x/image from 0.5.0 to 0.6.0 (#1615)
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/image/releases)
- [Commits](https://github.com/golang/image/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/image
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 09:51:50 +01:00
dependabot[bot] 0a864623f3
[chore]: Bump codeberg.org/gruf/go-kv from 1.6.0 to 1.6.1 (#1619)
Bumps codeberg.org/gruf/go-kv from 1.6.0 to 1.6.1.

---
updated-dependencies:
- dependency-name: codeberg.org/gruf/go-kv
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-13 07:52:13 +00:00
f0x52 6e10175229
update license headers (#1612) 2023-03-12 17:49:06 +00:00
Daenney 5e2bf0bdca
[chore] Improve copyright header handling (#1608)
* [chore] Remove years from all license headers

Years or year ranges aren't required in license headers. Many projects
have removed them in recent years and it avoids a bit of yearly toil.

In many cases our copyright claim was also a bit dodgy since we added
the 2021-2023 header to files created after 2021 but you can't claim
copyright into the past that way.

* [chore] Add license header check

This ensures a license header is always added to any new file. This
avoids maintainers/reviewers needing to remember to check for and ask
for it in case a contribution doesn't include it.

* [chore] Add missing license headers

* [chore] Further updates to license header

* Use the more common // indentend comment format
* Remove the hack we had for the linter now that we use the // format
* Add SPDX license identifier
2023-03-12 16:00:57 +01:00
tobi a772d4d98e
[chore] Fix opengraph properties (#1611) 2023-03-12 14:14:33 +01:00
darrinsmart e323a930bf
[feature] Support multiple subscriptions on single websocket connection (#1489)
- Allow Oauth authentication on websocket endpoint
- Make streamType query parameter optional
- Read websocket commands from client and update subscriptions
2023-03-11 11:10:58 +01:00
f0x52 cb2f84e551
[frontend/fix] Mobile css tweaks (#1605)
* mobile css tweaks

* bulk process list mobile css
2023-03-11 10:49:44 +01:00
Daenney a312238e79
[feature] Provide .well-known/host-meta endpoint (#1604)
* [feature] Provide .well-known/host-meta endpoint

This adds the host-meta endpoint as Mastodon clients use this to
discover the API domain to use when the host and account domains aren't
the same.

* Address review comments
2023-03-09 17:55:45 +00:00
Daenney 9ba35c65eb
[bug] Handle 410 on webfinger properly (#1601)
When we receive an HTTP 410 on webfinger it means the resource we asked
for (the account) is gone, but the endpoint itself responded. In such
cases we want to treat the request as successful from a cache (renewal)
point of view, while still returning an error from Finger.

Follow-up for #1588
2023-03-09 10:17:11 +00:00
kim d0dee8d0b6
[chore] improved enrichAccount() logging (#1602)
* slight refactor and improved logging on failed webfinger in enrichAccount()

* use correct log format directive

---------

Signed-off-by: kim <grufwub@gmail.com>
2023-03-08 17:19:49 +00:00
Daenney e397272fe8
[feature] Discover webfinger through host-meta (#1588)
* [feature] Discover webfinger through host-meta

This implements a fallback for discovering the webfinger endpoint in
case the /.well-known/webfinger endpoint wasn't properly redirected.
Some instances do this because the recommendation used to be to use
host-meta for the webfinger redirect in the before times.

Closes #1558.

* [bug] Ensure we only ever update cache on success

* [chore] Move finger tests to their own place

This adds a test suite for transport and moves the finger cache tests
into there instead of abusing the search test suite.

* [chore] cleanup the test a bit more

We don't really need a separate function for the oddly located webfinger
response as we check the full URL string anyway

* Address review comments

* [chore] update config example

* [chore] access DB only through state in controller
2023-03-08 12:57:41 +00:00
tobi b344c2c8f4
[chore] Update uptrace/bun and modernc/sqlite dependencies (#1598)
* [chore] Update bun from 1.1.10 -> 1.1.12

* [chore] bump modernc/sqlite 1.20.4 -> 1.21.0
2023-03-06 11:00:53 +01:00
kim d8d5818b47
[bugfix] internal server error on search not found (#1590)
* add error value wrapping, include status code / not found flags from transport errors, update error usages

Signed-off-by: kim <grufwub@gmail.com>

* add code commenting for gtserror functions

Signed-off-by: kim <grufwub@gmail.com>

---------

Signed-off-by: kim <grufwub@gmail.com>
2023-03-06 10:38:43 +01:00
zowhoey f518f649f8
[feature] Add support for profile fields (#1483)
* Add go-playground/form pkg

* [feature] Add support for profile fields

* Add field attributes test

* Validate profile fields form

* Add profile field validation tests

* Add Field Attributes definition to swagger

---------

Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com>
2023-03-06 10:30:19 +01:00
dependabot[bot] 24f6a447f3
[chore]: Bump github.com/jackc/pgx/v4 from 4.17.2 to 4.18.1 (#1595)
Bumps [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) from 4.17.2 to 4.18.1.
- [Release notes](https://github.com/jackc/pgx/releases)
- [Changelog](https://github.com/jackc/pgx/blob/v4.18.1/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v4.17.2...v4.18.1)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-06 10:12:45 +01:00
dependabot[bot] 9f36507c45
[chore]: Bump golang.org/x/oauth2 from 0.5.0 to 0.6.0 (#1597)
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-06 08:26:44 +00:00
dependabot[bot] b004b4dae9
[chore]: Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (#1593)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-06 08:16:14 +00:00
dependabot[bot] 06524ac259
[chore]: Bump golang.org/x/text from 0.7.0 to 0.8.0 (#1594)
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-06 08:09:17 +00:00
Daenney 65aeeb4442
[chore] Print human readable config (#1589)
This changes the config action to print the config in a more human
readable format, indented by 4 spaces and with newlines.

Thanks to this, we can now reasonably construct some JSON in the
envparsing shell script, without needing utilities like jd. It does
assume cat is available in order to not change the shebang to bash.

With the expected JSON now being one key per line it should make it much
easier for multiple PRs that change something around config not to
collide in merge conflicts.
2023-03-04 20:56:50 +00:00
Daenney d2f6de0185
[feature] Allow loading TLS certs from disk (#1586)
Currently, GtS only supports using the built-in LE client directly for
TLS. However, admins may still want to use GtS directly (so without a
reverse proxy) but with certificates provided through some other
mechanism. They may have some centralised way of provisioning these
things themselves, or simply prefer to use LE but with a different
challenge like DNS-01 which is not supported by autocert.

This adds support for loading a public/private keypair from disk instead
of using LE and reconfigures the server to use a TLS listener if we
succeed in doing so.

Additionally, being able to load TLS keypair from disk opens up the path
to using a custom CA for testing purposes avoinding the need for a
constellation of containers and something like Pebble or Step CA to
provide LE APIs.
2023-03-04 17:24:02 +00:00
kim ef074752d0
use updateattachment when updating to ensure cache is invalidated (#1587)
Signed-off-by: kim <grufwub@gmail.com>
2023-03-04 14:53:21 +00:00
kim a8e6bdfa33
[performance] cache media attachments (#1525)
* replace concurrency worker pools with base models in State.Workers, update code and tests accordingly

* add media attachment caching, slightly tweak default cache config

* further tweak default cache config values

* replace other media attachment db calls to go through cache

* update envparsing test

* fix delete media attachment sql

* fix media sql query

* invalidate cached media entries during status create / update

* fix envparsing test

* fix typo in panic log message...

* add 'updated_at' column during UpdateAttachment

* remove unused func

---------

Signed-off-by: kim <grufwub@gmail.com>
2023-03-03 23:02:23 +00:00
tobi 5be59f4a25
[bugfix] Federate status delete using just the URI (#1584) 2023-03-03 19:56:34 +00:00
tobi 88eefd0aeb
[bugfix] Clamp admin report limit <1 to 100 (#1583)
* [bugfix] Clamp report limit <1 to 100

* add + update tests
2023-03-03 14:01:11 +01:00
tobi 29f8c51ab8
[bugfix] Fix unpinning statuses not working (#1582)
And also fix unpinning/pinning potentially leaking the ID of followers-only statuses through returning 422 instead of 404.

Also tests!
2023-03-03 13:35:49 +01:00
kim fe6c8b8152
[bugfix] on deref new account, check db again for account on ErrAlreadyExists (#1581)
Signed-off-by: kim <grufwub@gmail.com>
2023-03-03 09:34:34 +01:00
tobi bfccf4e450
[bugfix] add ON CONFLICT statements to status updates (#1580) 2023-03-02 16:58:23 +01:00
Vyr Cossont e6cde25466
[feature] Advertise rich text formats, support content_type field (#1370)
* Advertise rich text formats, support content_type field

* Update JSON in instance patch tests

* Replace format with content_type everywhere

* update migration to work with both pg and sqlite

* regenerate swagger docs

* update instance serialization + tests

* fix up

* learn to code tobi please, i'm begging you

---------

Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
2023-03-02 12:06:40 +01:00
kim baf933cb9f
[chore] move client/federator workerpools to Workers{} (#1575)
* replace concurrency worker pools with base models in State.Workers, update code and tests accordingly

* improve code comment

* change back testrig default log level

* un-comment-out TestAnnounceTwice() and fix

---------

Signed-off-by: kim <grufwub@gmail.com>
Reviewed-by: tobi
2023-03-01 18:26:53 +00:00
tobi 24cec4e7aa
[feature] Federate pinned posts (aka featuredCollection) in and out (#1560)
* start fiddling

* the ol' fiddle + update

* start working on fetching statuses

* poopy doopy doo where r u uwu

* further adventures in featuring statuses

* finishing up

* fmt

* simply status unpin loop

* move empty featured check back to caller function

* remove unnecessary log.WithContext calls

* remove unnecessary IsIRI() checks

* add explanatory comment about status URIs

* change log level to error

* better test names
2023-03-01 17:52:44 +00:00
kim 87c5c42972
[chore/performance] simplify storage driver to use storage.Storage directly (#1576)
* simply use storage.Storage, removing wrapping KVStore as we don't need KV store locking functionality

Signed-off-by: kim <grufwub@gmail.com>

* fix missing unwrapped function

Signed-off-by: kim <grufwub@gmail.com>

* add code comment

Signed-off-by: kim <grufwub@gmail.com>

* linter, please take my offering in peace

Signed-off-by: kim <grufwub@gmail.com>

---------

Signed-off-by: kim <grufwub@gmail.com>
2023-03-01 10:44:54 +01:00
Daenney e4c5f9adfd
[chore] Improve unsupported_grant_type error (#1572)
This attempts to provide a slightly more comprehensive error message for
the end user when an incorrect grant type is used. This is not something
the user can typically resolve but should hopefully be informative for
the (client) developer.
2023-02-28 11:38:34 +01:00
tobi d550f0ecbe
[chore] Bump oauth2/v4 -> v4.6.6.6-SSB (#1571) 2023-02-27 16:16:58 +01:00
tobi 4bb3f59324
[chore] bump go, build, and lint version (#1570) 2023-02-27 13:10:54 +01:00
dependabot[bot] 8696a8cdf0
[chore]: Bump github.com/miekg/dns from 1.1.50 to 1.1.51 (#1566)
Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.50 to 1.1.51.
- [Release notes](https://github.com/miekg/dns/releases)
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](https://github.com/miekg/dns/compare/v1.1.50...v1.1.51)

---
updated-dependencies:
- dependency-name: github.com/miekg/dns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 10:51:12 +01:00
Daenney 6c2bd141f7
[chore] Better diff for envparsing test (#1562)
This checks if jd is availalbe and if so uses that to create the diff
instead. jd can tell you at which (nested) key the values are differing
which makes for more human friendly output.
2023-02-27 10:23:17 +01:00
dependabot[bot] 5a45b6ec6a
[chore]: Bump golang.org/x/oauth2 from 0.4.0 to 0.5.0 (#1564)
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 10:22:37 +01:00
dependabot[bot] 752c38b0d5
[chore]: Bump github.com/minio/minio-go/v7 from 7.0.48 to 7.0.49 (#1567)
Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.48 to 7.0.49.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.48...v7.0.49)

---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 10:21:58 +01:00
Daenney e1b704e06e
[chore] Use latest containers when building (#1554)
This updates the Dockerfile to use the latest image versions for all the
containers that are used when building the final GTS container.
2023-02-26 18:26:24 +01:00
Daenney 55300cbd73
[chore] Inform user on how to get testrig (#1557)
This adds a dummy testrig subcommand when we're not building with DEBUG
set. Now any invocation of gotosocial testrig, plain or with any kind of
subcommands or arguments will result in that error message getting
returned.
2023-02-25 22:26:48 +00:00
Daenney 83be140f0b
[chore] Update vscode launch configuration (#1556)
In order to get testrig we have to build with the debugenv tag and run
with the DEBUG environment variable. Since this is a Debug build this
also updates the launch configuration name to reflect that.

We do not build with `-ldflags="-s -w"` since that strips debug info.

This makes it possible to launch GtS from VS Code in debug mode, set
breakpoints in the editor etc.
2023-02-25 17:15:30 +00:00
Daenney 9cfb69f75d
[feature] Make OIDC admin groups configurable (#1555)
This removes the current default of checking for membership of the admin
or admins group and makes it required to explicitly configure which
groups should grant admin access, if any.

Relying on the implicit default of admin or admins is potentially
dangerous as that group may contain a different subset of people that we
may wish to grant admin access to GtS. This is probably not an issue for
a single-person instance, but for a community instance different admin
groups may exist in an OIDC provider for different applications.

I'm explicitly opting for not defaulting the value of oidc-admin-groups
to admin,admins because I think it's better for those things to be
explicitly configured.
2023-02-25 16:37:39 +00:00