Commit graph

2124 commits

Author SHA1 Message Date
kim 1d51e3c8d6
[bugfix] 2643 bug search for account url doesnt always work when redirected (#2673)
* update activity library so dereferencer returns full response and checks *final* link to allow for redirects

* temporarily add bodged fixed library

* remove unused code

* update getAccountFeatured() to use dereferenceCollectionPage()

* make sure to release map

* perform a 2nd decode to ensure reader is empty after primary decode

* add comment explaining choice of using Decode() instead of Unmarshal()

* update embedded activity library to latest matching https://github.com/superseriousbusiness/activity/pull/21

* add checks to look for changed URI and re-check database if redirected

* update max iteration count to 512, add checks during dereferenceAncestors() for indirect URLs

* remove doubled-up code

* fix use of status instead of current

* use URIs for checking equality for security

* use the latest known URI for boost_of_uri in case original was an indirect

* add dereferenceCollection() function for dereferenceAccountFeatured()

* pull in latest github.com/superseriousbusiness/activity version (and remove the bodge!!)

* fix typo in code comments

* update decodeType() to accept a readcloser and handle body closing

* switch to checking using BoostOfID and add note why not using BoostOfURI

* ensure InReplyTo gets unset when deleting status parent in case currently stubbed

* add tests for Collection and CollectionPage iterators
2024-02-23 16:24:40 +01:00
tobi 37a39b98ce
[feature] Add "what is this" section to index template (#2680) 2024-02-23 15:08:32 +00:00
tobi 5aca09b59e
[chore] Rename frontend.tmpl to settings.tmpl, remove unused "lightgray" class (#2674) 2024-02-21 16:11:11 +01:00
tobi 2d9e498f96
[bugfix] Fix wide images being squished when used as instance avatar (#2669) 2024-02-21 14:24:04 +01:00
kim 291e180990
[bugfix] fix possible mutex lockup during streaming code (#2633)
* rewrite Stream{} to use much less mutex locking, update related code

* use new context for the stream context

* ensure stream gets closed on return of writeTo / readFrom WSConn()

* ensure stream write timeout gets cancelled

* remove embedded context type from Stream{}, reformat log messages for consistency

* use c.Request.Context() for context passed into Stream().Open()

* only return 1 boolean, fix tests to expect multiple stream types in messages

* changes to ping logic

* further improved ping logic

* don't export unused function types, update message sending to only include relevant stream type

* ensure stream gets closed 🤦

* update to error log on failed json marshal (instead of panic)

* inverse websocket read error checking to _ignore_ expected close errors
2024-02-20 18:07:49 +00:00
tobi 8cafa6b74b
[feature] Add requested_by to relationship model (#2672)
* [feature] Add `requested_by` to relationship model

* whoops, missed some tests
2024-02-20 17:50:54 +00:00
tobi 65a273bc39
[bugfix] use start + end line in regex when validating emoji via API (#2671) 2024-02-20 11:46:04 +01:00
tobi ddfc725744
[chore/frontend] Use different background color for block quotes (#2668) 2024-02-19 16:51:57 +01:00
tobi cc09f612ec
[chore/frontend] Don't use italics for block quotes (#2667) 2024-02-19 16:34:45 +01:00
tobi d10226e912
[bugfix] Use ptr for instance stats entries to avoid skipping 0 values (#2666)
* [bugfix] Use ptr for instance stats entries to avoid skipping 0 values

* comment explaining why stats values are pointers
2024-02-19 13:17:14 +01:00
tobi 0554550acb
[bugfix] Ensure local statuses always get a threadID so they can be muted (#2665)
* [chore/bugfix] Ensure threadID always set on local statuses

* test
2024-02-19 11:50:49 +01:00
dependabot[bot] e2ebcbb516
[chore]: Bump github.com/jackc/pgx/v5 from 5.5.2 to 5.5.3 (#2664)
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.2 to 5.5.3.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.5.2...v5.5.3)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-19 11:20:15 +01:00
Milas Bowman af1a26a68f
[feature] Add Mastodon-compatible HTTP signature fallback (#2659)
On outgoing `GET` requests that are signed (e.g. authorized fetch),
if the initial request fails with `401`, try again, but _without_
the query parameters included in the HTTP signature.

This is primarily useful for compatibility with Mastodon; though
hopefully this can be removed in the not-too-distant future, as
they've started changing their behavior here.

Signed-off-by: Milas Bowman <devnull@milas.dev>
2024-02-19 11:18:17 +01:00
dependabot[bot] 2db115fa36
[chore]: Bump github.com/minio/minio-go/v7 from 7.0.66 to 7.0.67 (#2662)
Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.66 to 7.0.67.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.66...v7.0.67)

---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-19 09:36:50 +00:00
dependabot[bot] 30f6e6c7fe
[chore]: Bump github.com/tdewolff/minify/v2 from 2.20.16 to 2.20.17 (#2661) 2024-02-19 07:23:08 +00:00
tobi a314d2b539
[bugfix] Refactor parse mention, fix local mention bug (#2657)
* [bugfix] Refactor parse mention, fix local mention bug

* originAccount -> originAcct
2024-02-19 03:48:20 +00:00
tobi b14cd645f9
[chore] Comment out silly, frequently-failing GetStatusTwice test (#2656)
* [chore] Comment out silly, frequently-failing `GetStatusTwice` test

* lord
2024-02-18 11:04:02 +01:00
tobi 40f9eefc21
[bugfix] Fix dereferencing ancestors on new status create (#2652)
* [bugfix] Pass `latest` to dereferenceThread instead of barebones status

* only mark status orphaned if visibility suggests parent is really deleted

* tone down "not deref'd" warnings, since they represent a legit visibility situation

* remove FAQ entry for "status not deref'd yet"
2024-02-18 09:49:40 +00:00
tobi 83a4adbd95
[chore] Disable Move API endpoints for now until Move is fully implemented in the backend (#2650)
* [chore] Disable Move API endpoints for now until Move is fully implemented in the backend

* disable other form fields

* clarify that moving to GtS also isn't implemented yet
2024-02-17 17:03:44 +01:00
tobi d3f35e8eba
[chore] refactor extractFromCtx a bit (#2646) 2024-02-17 15:20:39 +01:00
Daenney a41e8a95bf
[chore] Simplify the User-Agent string (#2645)
* [chore] Simplify the User-Agent string

RFC 9110[1] includes a definition for the format of a user-agent header:

User-Agent = product *( RWS ( product / comment ) )
             product         = token ["/" product-version]
             product-version = token
	     comment        = "(" *( ctext / quoted-pair / comment ) ")"
             ctext          = HTAB / SP / %x21-27 / %x2A-5B / %x5D-7E / obs-text

An example given in the RFC: User-Agent: CERN-LineMode/2.15 libwww/2.17b3

The idea is typically start with the most important product/version, add
a (comment) if necessary and then include any auxilliary products.
However, the RFC warns against including too many auxiliary products as
those can be unnecessarily revealing.

For automated systems (i.e not a browser), the common and recommended
format is <product></version> (+uri-for-contact), followed with any
additional <product>/<version> pairs that are relevant.

This changes our UA to match that convention more closely. This makes it
easier for administrators who do user-agent parsing for statistics or
other purposes to correctly identify the version of GoToSocial.
Currently tools tend to get confused by the lack of a /<version> on the
start of our string.

[1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-user-agents

* [chore] Don't use app name in UA

From all the GtS UAs I've collected, nobody seems to set/change this,
so we might as well use the static string.

The main usefulness for this is when you have multilpe GtS instances
connecting to the same DB, so they can identify as different instances
by changing the application name (though it should already be obvious
from having different usernames).
2024-02-17 09:54:10 +01:00
kim 8b8211986e
[chore] also allow text/xml in place of application/xml (#2640) 2024-02-14 13:07:58 +01:00
kim 2bafd7daf5
[bugfix] add stricter checks during all stages of dereferencing remote AS objects (#2639)
* add stricter checks during all stages of dereferencing remote AS objects

* a comment
2024-02-14 12:13:38 +01:00
Tsuribori 142b7ec54f
[feature] Add metrics for instance user count, statuses count and federating instances count (#2592)
Co-authored-by: Tsuribori <none@example.org>
2024-02-14 11:58:55 +01:00
Leonora Tindall 46c06b1b8f
[docs] Inform new contributors to git fetch (#2637) 2024-02-14 09:22:34 +01:00
kim 3481a09b47
remove the execer and queryer conformance requirements (#2636) 2024-02-13 09:51:10 +00:00
kim ede8f43635
[performance] temporarily cache account status counts to reduce no. account counts (#2620)
* temporarily cache account status counts to reduce no. account counts

* whoops, forgot to initAccountCounts()

* use already fetched cache capacity value

* make cache a ptr type

* whoops, use count instead of just select

* fix to correctly use the transaction

* properly wrap that tx 😇

* correctly wrap both tx types

* outline retryOnBusy() to allow the fast path to be inlined

* return err on context cancelled

* remove unnecessary storage of context in stmt, fix Exec and Query interface implementations

* shutup linter
2024-02-12 11:52:12 +00:00
Daenney b2675047cb
[docs] Fix a few things in the bare metal install (#2624)
* [docs] Fix a few things in the bare metal install

Fixes #2454

* [chore] Fix shell variable interpolation
2024-02-12 11:06:33 +00:00
Daenney 4a4017b042
[docs] Enable some new features (#2623)
* [docs] Enable a bunch of markdown extensions

* details makes admonitions collapsible and when started with ???
  instead of !!! they'll be collpased by default
* highlights are updated to include linenums by default but with a style
  that doesn't result in the linenums to be copy-pasted when selecting
  and pasting. This makes it possible to directly link to a specific
  line in the documentation instead of just the general page
* caret, mark and tilde make it possible to highlight text and have
  super/subscripts
* keys turns combos like `++ctrl+alt+del++` into HTML key elements
  showing a keyboard combination to press
* tabbed makes it possible to have tabs within a document. Right now we
  have different sections sometimes to show the config for nginx, apache
  and Caddy, which can be turned into tabs instead and which tab is
  picked will get remebered
* smartsymbols turns certain things, like `(c)` in the right symbol ©

* [docs] Upgrade all the python dependencies

* [docs] Explain how to update conda deps
2024-02-12 11:05:35 +00:00
Vyr Cossont 54ca2cfa6e
Make GtS reported version SemVer-compatible (#2611) 2024-02-12 11:03:56 +00:00
dependabot[bot] db835f4810
[chore]: Bump github.com/tdewolff/minify/v2 from 2.20.14 to 2.20.16 (#2631)
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.20.14 to 2.20.16.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.20.14...v2.20.16)

---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 10:59:43 +00:00
dependabot[bot] db45e65e89
[chore]: Bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 (#2629) 2024-02-12 10:04:32 +00:00
dependabot[bot] d0e674b3da
[chore]: Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (#2632) 2024-02-12 09:56:45 +00:00
Daenney 9125a51584
[chore] Add AI check in PR template (#2625)
* [chore] Add AI check in PR template

* [chore] Update AI disclaimer sentence
2024-02-10 15:11:48 +01:00
Daenney dcb9fbfc03
[docs] Mounting config file in container (#2622)
* [docs] Mounting config file in container

This adds a small section clarifying how to mount a config.yaml in a
container.

* [docs] Work in GTS_CONFIG_PATH
2024-02-09 17:57:58 +01:00
tobi e890169e6f
use pointer for freshness window (#2614) 2024-02-09 14:24:49 +00:00
tobi 7a7746701d
[chore] Move DoOnce func wrapper to util (#2613) 2024-02-09 11:38:51 +00:00
kim 6738fd5bb0
[feature/performance] sqlite pragma optimize on close (#2596)
* wrap database drivers in order to handle error processing, hooks, etc

* remove dead code

* add code comment, remove unused blank imports
2024-02-07 14:43:27 +00:00
tobi b6fe8e7a5b
[bugfix] Ensure activities sender always = activities actor (#2608) 2024-02-06 12:59:37 +01:00
tobi aa396c78d3
[feature] serdes for moved/also_known_as (#2600)
* [feature] serdes for moved/also_known_as

* document `alsoKnownAs` and `movedTo` properties

* only implicitly populate AKA uris from DB for local accounts

* don't let remotes store more than 20 AKA uris to avoid shenanigans
2024-02-06 09:45:46 +00:00
dependabot[bot] 3cc51d5072
[chore]: Bump github.com/miekg/dns from 1.1.57 to 1.1.58 (#2606) 2024-02-05 14:09:50 +00:00
dependabot[bot] d59cba487f
[chore]: Bump github.com/google/uuid from 1.5.0 to 1.6.0 (#2604) 2024-02-05 09:52:30 +00:00
dependabot[bot] a482cb59f2
[chore]: Bump github.com/yuin/goldmark from 1.6.0 to 1.7.0 (#2603) 2024-02-05 09:50:35 +00:00
tobi 8692cc1f36
[chore] bump activity dependency -> v1.6.0-gts (#2599) 2024-02-02 14:06:09 +01:00
kim c13eb87ae7
stop paged endpoints returning null for empty items (#2597) 2024-02-01 12:45:02 +00:00
tobi b614d33c40
[feature] Try HTTP signature validation with and without query params for incoming requests (#2591)
* [feature] Verify signatures both with + without query params

* Bump to tagged version
2024-01-31 14:15:28 +00:00
Vyr Cossont c675d47a8c
Improve context descendant sorting (#2579)
* Improve context descendant sorting

Topologically sort replies, then move self-replies to top of list

* Unify descendant sort passes

* Correct test package name

* Preallocate maps
2024-01-31 13:40:41 +00:00
kim c9452f32f3
[bugfix] fix possible infinite loops in media / emoji cleanup (#2590)
* update media / emoji cleaner funcs to use new paging package, check for same returned maxID

* fix other calls of getattachments and getmojis not using paging

* use alternative order-by function
2024-01-31 13:31:53 +00:00
kim 0f7a2024c3
[bugfix] parent status replied to status not dereferenced sometimes (#2587)
* much simplified DereferenceStatusAncestors(), also handles edge cases now

* perform status acceptibility check before handling even as forward

* don't further dereference ancestors if they're up to date

* call enrichStatusSafely() directly to ensure we get error messages

* change getStatusByURI() semantics to return error + old model on failed update, fix deref ancestor to check for staleness before refetch

* perform a nil-check on the status.Local variable, in case it hasn't been set on new status attempting refresh

* more consistently set returned parent status, don't check if updated

* only home-timeline statuses if explicitly visible AND not explicitly invisible!

* fix broken test now that status acceptibility checks happen on forwarded statuses
2024-01-31 13:29:47 +00:00
kim 81198fa2d0
update go-structr v0.2.0 => v0.3.0 to fix possible hash collision issues (#2586) 2024-01-29 15:13:53 +00:00