Merge 2cd5abfdcf into 9f6a1f7e79

* .go files are now tagged with diff=go for better diffs
* go.sum is tagged with generated which suppresses the diff
* go.sum is tagged with merge=ours to reduce merge conflicts

go.mod isn't tagged with generated since it's useful to see it on
dependency bump PRs.

.gitattributes

@@ -1 +1,3 @@
-/vendor/ linguist-generated
+*.go                diff=golang
+go.sum              linguist-generated merge=ours
+/vendor/            linguist-generated

CONTRIBUTING.md

@@ -385,7 +385,7 @@ We use [golangci-lint](https://golangci-lint.run/) for linting, which allows us
 
 If you make a PR that doesn't pass the linter, it will be rejected. As such, it's good practice to run the linter locally before pushing or opening a PR.
 
-To do this, first install the linter following the instructions [here](https://golangci-lint.run/usage/install/#local-installation).
+To do this, first install the linter following the instructions [here](https://golangci-lint.run/welcome/install/).
 
 Then, you can run the linter with:
 

docs/api/swagger.yaml

@@ -2114,7 +2114,7 @@ definitions:
             bitrate:
                 description: Bitrate of the media in bits per second.
                 example: 1000000
-                format: int64
+                format: uint64
                 type: integer
                 x-go-name: Bitrate
             duration:

example/apparmor/gotosocial

@@ -24,12 +24,12 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
 
   # Embedded ffmpeg needs read
   # permission on /dev/urandom.
-  owner /dev/ r,
+  /dev/ r,
-  owner /dev/urandom r,
+  /dev/urandom r,
 
   # Temp dir access is needed for storing
   # files briefly during media processing.
-  owner /tmp/ r,
+  /tmp/ r,
   owner /tmp/* rwk,
 
   # If running with GTS_WAZERO_COMPILATION_CACHE set,
@@ -39,7 +39,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
 
   # If you've enabled logging to syslog, allow GoToSocial
   # to write logs by uncommenting the following line:
-  # owner /var/log/syslog w,
+  # /var/log/syslog w,
 
   # These directories are not currently used by any of
   # the recommended GoToSocial installation methods, but
@@ -65,6 +65,7 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
   /etc/services r,
   /proc/sys/net/core/somaxconn r,
   /sys/fs/cgroup/system.slice/gotosocial.service/{,*} r,
+  /sys/kernel/mm/hugepages/ r,
   /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
   owner /proc/*/cgroup r,
   owner /proc/*/cpuset r,

internal/api/client/admin/emojicreate.go

@@ -145,8 +145,8 @@ func validateCreateEmoji(form *apimodel.EmojiCreateRequest) error {
 		return errors.New("no emoji given")
 	}
 
-	maxSize := config.GetMediaEmojiLocalMaxSize()
+	maxSize := int64(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated.
-	if form.Image.Size > int64(maxSize) {
+	if form.Image.Size > maxSize {
 		return fmt.Errorf("emoji image too large: image is %dKB but size limit for custom emojis is %dKB", form.Image.Size/1024, maxSize/1024)
 	}
 

internal/api/client/admin/emojiupdate.go

@@ -208,8 +208,8 @@ func validateUpdateEmoji(form *apimodel.EmojiUpdateRequest) error {
 		}
 
 		if hasImage {
-			maxSize := config.GetMediaEmojiLocalMaxSize()
+			maxSize := int64(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated.
-			if form.Image.Size > int64(maxSize) {
+			if form.Image.Size > maxSize {
 				return fmt.Errorf("emoji image too large: image is %dKB but size limit for custom emojis is %dKB", form.Image.Size/1024, maxSize/1024)
 			}
 		}

internal/api/model/attachment.go

@@ -160,7 +160,7 @@ type MediaDimensions struct {
 	Duration float32 `json:"duration,omitempty"`
 	// Bitrate of the media in bits per second.
 	// example: 1000000
-	Bitrate int `json:"bitrate,omitempty"`
+	Bitrate uint64 `json:"bitrate,omitempty"`
 	// Size of the media, in the format `[width]x[height]`.
 	// Not set for audio.
 	// example: 1920x1080

internal/cache/domain/domain.go

@@ -220,7 +220,7 @@ func (n *node) getChild(part string) *node {
 
 	for i < j {
 		// avoid overflow when computing h
-		h := int(uint(i+j) >> 1)
+		h := int(uint(i+j) >> 1) // #nosec G115
 		// i ≤ h < j
 
 		if n.child[h].part < part {

internal/db/bundb/bundb.go

@@ -25,6 +25,7 @@
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"math"
 	"net/url"
 	"os"
 	"runtime"
@@ -489,7 +490,10 @@ func deriveBunDBPGOptions() (*pgx.ConnConfig, error) {
 		cfg.Host = address
 	}
 	if port := config.GetDbPort(); port > 0 {
-		cfg.Port = uint16(port)
+		if port > math.MaxUint16 {
+			return nil, errors.New("invalid port, must be in range 1-65535")
+		}
+		cfg.Port = uint16(port) // #nosec G115 -- Just validated above.
 	}
 	if u := config.GetDbUser(); u != "" {
 		cfg.User = u

internal/federation/dereferencing/emoji.go

@@ -97,11 +97,11 @@ func() (*media.ProcessingEmoji, error) {
 			}
 
 			// Get maximum supported remote emoji size.
-			maxsz := config.GetMediaEmojiRemoteMaxSize()
+			maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated.
 
 			// Prepare data function to dereference remote emoji media.
 			data := func(context.Context) (io.ReadCloser, error) {
-				return tsport.DereferenceMedia(ctx, url, int64(maxsz))
+				return tsport.DereferenceMedia(ctx, url, maxsz)
 			}
 
 			// Create new emoji with prepared info.
@@ -189,11 +189,11 @@ func() (*media.ProcessingEmoji, error) {
 			}
 
 			// Get maximum supported remote emoji size.
-			maxsz := config.GetMediaEmojiRemoteMaxSize()
+			maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated.
 
 			// Prepare data function to dereference remote emoji media.
 			data := func(context.Context) (io.ReadCloser, error) {
-				return tsport.DereferenceMedia(ctx, url, int64(maxsz))
+				return tsport.DereferenceMedia(ctx, url, maxsz)
 			}
 
 			// Update emoji with prepared info.
@@ -255,11 +255,11 @@ func() (*media.ProcessingEmoji, error) {
 			}
 
 			// Get maximum supported remote emoji size.
-			maxsz := config.GetMediaEmojiRemoteMaxSize()
+			maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated.
 
 			// Prepare data function to dereference remote emoji media.
 			data := func(context.Context) (io.ReadCloser, error) {
-				return tsport.DereferenceMedia(ctx, url, int64(maxsz))
+				return tsport.DereferenceMedia(ctx, url, maxsz)
 			}
 
 			// Recache emoji with prepared info.

internal/federation/dereferencing/media.go

@@ -77,14 +77,14 @@ func() (*media.ProcessingMedia, error) {
 			}
 
 			// Get maximum supported remote media size.
-			maxsz := config.GetMediaRemoteMaxSize()
+			maxsz := int64(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
 
 			// Create media with prepared info.
 			return d.mediaManager.CreateMedia(
 				ctx,
 				accountID,
 				func(ctx context.Context) (io.ReadCloser, error) {
-					return tsport.DereferenceMedia(ctx, url, int64(maxsz))
+					return tsport.DereferenceMedia(ctx, url, maxsz)
 				},
 				info,
 			)
@@ -168,14 +168,14 @@ func() (*media.ProcessingMedia, error) {
 			}
 
 			// Get maximum supported remote media size.
-			maxsz := config.GetMediaRemoteMaxSize()
+			maxsz := int64(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
 
 			// Recache media with prepared info,
 			// this will also update media in db.
 			return d.mediaManager.CacheMedia(
 				attach,
 				func(ctx context.Context) (io.ReadCloser, error) {
-					return tsport.DereferenceMedia(ctx, url, int64(maxsz))
+					return tsport.DereferenceMedia(ctx, url, maxsz)
 				},
 			), nil
 		},

internal/httpclient/client.go

@@ -340,14 +340,14 @@ func (c *Client) do(r *Request) (rsp *http.Response, retry bool, err error) {
 
 			if u, _ := strconv.ParseUint(after, 10, 32); u != 0 {
 				// An integer no. of backoff seconds was provided.
-				r.backoff = time.Duration(u) * time.Second
+				r.backoff = time.Duration(u) * time.Second // #nosec G115 -- We clamp backoff below.
 			} else if at, _ := http.ParseTime(after); !at.Before(now) {
 				// An HTTP formatted future date-time was provided.
 				r.backoff = at.Sub(now)
 			}
 
 			// Don't let their provided backoff exceed our max.
-			if max := baseBackoff * time.Duration(c.retries); //
+			if max := baseBackoff * time.Duration(c.retries); // #nosec G115 -- We control c.retries.
 			r.backoff > max {
 				r.backoff = max
 			}

internal/media/ffmpeg.go

@@ -556,10 +556,10 @@ func (res *ffprobeResult) Process() (*result, error) {
 				if p := strings.SplitN(str, "/", 2); len(p) == 2 {
 					n, _ := strconv.ParseUint(p[0], 10, 32)
 					d, _ := strconv.ParseUint(p[1], 10, 32)
-					num, den = uint32(n), uint32(d)
+					num, den = uint32(n), uint32(d) // #nosec G115 -- ParseUint is configured to check
 				} else {
 					n, _ := strconv.ParseUint(p[0], 10, 32)
-					num = uint32(n)
+					num = uint32(n) // #nosec G115 -- ParseUint is configured to check
 				}
 
 				// Set final divised framerate.

internal/media/imaging.go

@@ -399,9 +399,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) {
 					g16 := uint16(s[1])
 					b16 := uint16(s[2])
 					a16 := uint16(a)
-					d[0] = uint8(r16 * 0xff / a16)
+					d[0] = uint8(r16 * 0xff / a16) // #nosec G115 -- Overflow desired.
-					d[1] = uint8(g16 * 0xff / a16)
+					d[1] = uint8(g16 * 0xff / a16) // #nosec G115 -- Overflow desired.
-					d[2] = uint8(b16 * 0xff / a16)
+					d[2] = uint8(b16 * 0xff / a16) // #nosec G115 -- Overflow desired.
 					d[3] = a
 				}
 				j += 4
@@ -431,9 +431,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) {
 					g32 := uint32(s[2])<<8 | uint32(s[3])
 					b32 := uint32(s[4])<<8 | uint32(s[5])
 					a32 := uint32(s[6])<<8 | uint32(s[7])
-					d[0] = uint8((r32 * 0xffff / a32) >> 8)
+					d[0] = uint8((r32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired.
-					d[1] = uint8((g32 * 0xffff / a32) >> 8)
+					d[1] = uint8((g32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired.
-					d[2] = uint8((b32 * 0xffff / a32) >> 8)
+					d[2] = uint8((b32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired.
 				}
 				d[3] = a
 				j += 4
@@ -509,30 +509,30 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) {
 				cr1 := int32(img.Cr[ic]) - 128
 
 				r := yy1 + 91881*cr1
-				if uint32(r)&0xff000000 == 0 {
+				if uint32(r)&0xff000000 == 0 { //nolint:gosec
 					r >>= 16
 				} else {
 					r = ^(r >> 31)
 				}
 
 				g := yy1 - 22554*cb1 - 46802*cr1
-				if uint32(g)&0xff000000 == 0 {
+				if uint32(g)&0xff000000 == 0 { //nolint:gosec
 					g >>= 16
 				} else {
 					g = ^(g >> 31)
 				}
 
 				b := yy1 + 116130*cb1
-				if uint32(b)&0xff000000 == 0 {
+				if uint32(b)&0xff000000 == 0 { //nolint:gosec
 					b >>= 16
 				} else {
 					b = ^(b >> 31)
 				}
 
 				d := dst[j : j+4 : j+4]
-				d[0] = uint8(r)
+				d[0] = uint8(r) // #nosec G115 -- Overflow desired.
-				d[1] = uint8(g)
+				d[1] = uint8(g) // #nosec G115 -- Overflow desired.
-				d[2] = uint8(b)
+				d[2] = uint8(b) // #nosec G115 -- Overflow desired.
 				d[3] = 0xff
 
 				iy++
@@ -569,9 +569,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) {
 				d := dst[j : j+4 : j+4]
 				switch a16 {
 				case 0xffff:
-					d[0] = uint8(r16 >> 8)
+					d[0] = uint8(r16 >> 8) // #nosec G115 -- Overflow desired.
-					d[1] = uint8(g16 >> 8)
+					d[1] = uint8(g16 >> 8) // #nosec G115 -- Overflow desired.
-					d[2] = uint8(b16 >> 8)
+					d[2] = uint8(b16 >> 8) // #nosec G115 -- Overflow desired.
 					d[3] = 0xff
 				case 0:
 					d[0] = 0
@@ -579,10 +579,10 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) {
 					d[2] = 0
 					d[3] = 0
 				default:
-					d[0] = uint8(((r16 * 0xffff) / a16) >> 8)
+					d[0] = uint8(((r16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired.
-					d[1] = uint8(((g16 * 0xffff) / a16) >> 8)
+					d[1] = uint8(((g16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired.
-					d[2] = uint8(((b16 * 0xffff) / a16) >> 8)
+					d[2] = uint8(((b16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired.
-					d[3] = uint8(a16 >> 8)
+					d[3] = uint8(a16 >> 8)                    // #nosec G115 -- Overflow desired.
 				}
 				j += 4
 			}
@@ -617,7 +617,7 @@ func clampFloat(x float64) uint8 {
 		return 255
 	}
 	if v > 0 {
-		return uint8(v)
+		return uint8(v) // #nosec G115 -- Just checked.
 	}
 	return 0
 }

internal/media/refetch.go

@@ -49,9 +49,6 @@ func (m *Manager) RefetchEmojis(ctx context.Context, domain string, dereferenceM
 		refetchIDs         []string
 	)
 
-	// Get max supported remote emoji media size.
-	maxsz := config.GetMediaEmojiRemoteMaxSize()
-
 	// page through emojis 20 at a time, looking for those with missing images
 	for {
 		// Fetch next block of emojis from database
@@ -111,8 +108,10 @@ func (m *Manager) RefetchEmojis(ctx context.Context, domain string, dereferenceM
 			continue
 		}
 
+		// Get max supported remote emoji media size.
+		maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated.
 		dataFunc := func(ctx context.Context) (reader io.ReadCloser, err error) {
-			return dereferenceMedia(ctx, emojiImageIRI, int64(maxsz))
+			return dereferenceMedia(ctx, emojiImageIRI, maxsz)
 		}
 
 		processingEmoji, err := m.UpdateEmoji(ctx, emoji, dataFunc, AdditionalEmojiInfo{

internal/media/util.go

@@ -145,7 +145,7 @@ func drainToTmp(rc io.ReadCloser) (string, error) {
 	// Check to see if limit was reached,
 	// (produces more useful error messages).
 	if lr != nil && lr.N <= 0 {
-		err := fmt.Errorf("reached read limit %s", bytesize.Size(limit))
+		err := fmt.Errorf("reached read limit %s", bytesize.Size(limit)) // #nosec G115 -- Just logging
 		return path, gtserror.SetLimitReached(err)
 	}
 

internal/middleware/logger.go

@@ -123,7 +123,7 @@ func Logger(logClientIP bool) gin.HandlerFunc {
 			}
 
 			// Generate a nicer looking bytecount
-			size := bytesize.Size(c.Writer.Size())
+			size := bytesize.Size(c.Writer.Size()) // #nosec G115 -- Just logging
 
 			// Finally, write log entry with status text + body size.
 			l.Logf(lvl, "%s: wrote %s", statusText, size)

internal/middleware/requestid.go

@@ -48,7 +48,7 @@ func NewRequestID() string {
 	b := make([]byte, 12)
 
 	// Get current time in milliseconds.
-	ms := uint64(time.Now().UnixMilli())
+	ms := uint64(time.Now().UnixMilli()) // #nosec G115 -- Pre-1970 clock?
 
 	// Store binary time data in byte buffer.
 	binary.LittleEndian.PutUint64(b[0:8], ms)

internal/middleware/throttling.go

@@ -82,12 +82,16 @@ func Throttle(cpuMultiplier int, retryAfter time.Duration) gin.HandlerFunc {
 		return func(c *gin.Context) {}
 	}
 
+	if retryAfter < 0 {
+		retryAfter = 0
+	}
+
 	var (
 		limit         = runtime.GOMAXPROCS(0) * cpuMultiplier
 		queueLimit    = limit * cpuMultiplier
 		tokens        = make(chan token, limit)
 		requestCount  = atomic.Int64{}
-		retryAfterStr = strconv.FormatUint(uint64(retryAfter/time.Second), 10)
+		retryAfterStr = strconv.FormatUint(uint64(retryAfter/time.Second), 10) // #nosec G115 -- Checked right above
 	)
 
 	// prefill token channel

internal/processing/account/update.go

@@ -463,9 +463,10 @@ func (p *Processor) UpdateAvatar(
 ) {
 	// Get maximum supported local media size.
 	maxsz := config.GetMediaLocalMaxSize()
+	maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated.
 
 	// Ensure media within size bounds.
-	if avatar.Size > int64(maxsz) {
+	if avatar.Size > maxszInt64 {
 		text := fmt.Sprintf("media exceeds configured max size: %s", maxsz)
 		return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
 	}
@@ -478,7 +479,7 @@ func (p *Processor) UpdateAvatar(
 	}
 
 	// Wrap the multipart file reader to ensure is limited to max.
-	rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz))
+	rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64)
 
 	// Write to instance storage.
 	return p.c.StoreLocalMedia(ctx,
@@ -508,9 +509,10 @@ func (p *Processor) UpdateHeader(
 ) {
 	// Get maximum supported local media size.
 	maxsz := config.GetMediaLocalMaxSize()
+	maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated.
 
 	// Ensure media within size bounds.
-	if header.Size > int64(maxsz) {
+	if header.Size > maxszInt64 {
 		text := fmt.Sprintf("media exceeds configured max size: %s", maxsz)
 		return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
 	}
@@ -523,7 +525,7 @@ func (p *Processor) UpdateHeader(
 	}
 
 	// Wrap the multipart file reader to ensure is limited to max.
-	rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz))
+	rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64)
 
 	// Write to instance storage.
 	return p.c.StoreLocalMedia(ctx,

internal/processing/admin/emoji.go

@@ -25,7 +25,6 @@
 	"mime/multipart"
 	"strings"
 
-	"codeberg.org/gruf/go-bytesize"
 	"codeberg.org/gruf/go-iotools"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
@@ -46,9 +45,10 @@ func (p *Processor) EmojiCreate(
 
 	// Get maximum supported local emoji size.
 	maxsz := config.GetMediaEmojiLocalMaxSize()
+	maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated.
 
 	// Ensure media within size bounds.
-	if form.Image.Size > int64(maxsz) {
+	if form.Image.Size > maxszInt64 {
 		text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz)
 		return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
 	}
@@ -61,7 +61,7 @@ func (p *Processor) EmojiCreate(
 	}
 
 	// Wrap the multipart file reader to ensure is limited to max.
-	rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz))
+	rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64)
 	data := func(context.Context) (io.ReadCloser, error) {
 		return rc, nil
 	}
@@ -301,9 +301,10 @@ func (p *Processor) emojiUpdateCopy(
 
 	// Get maximum supported local emoji size.
 	maxsz := config.GetMediaEmojiLocalMaxSize()
+	maxszInt := int(maxsz) // #nosec G115 -- Already validated.
 
 	// Ensure target emoji image within size bounds.
-	if bytesize.Size(target.ImageFileSize) > maxsz {
+	if target.ImageFileSize > maxszInt {
 		text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz)
 		return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
 	}
@@ -442,9 +443,10 @@ func (p *Processor) emojiUpdateModify(
 
 		// Get maximum supported local emoji size.
 		maxsz := config.GetMediaEmojiLocalMaxSize()
+		maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated.
 
 		// Ensure media within size bounds.
-		if image.Size > int64(maxsz) {
+		if image.Size > maxszInt64 {
 			text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz)
 			return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
 		}
@@ -457,7 +459,7 @@ func (p *Processor) emojiUpdateModify(
 		}
 
 		// Wrap the multipart file reader to ensure is limited to max.
-		rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz))
+		rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) // #nosec G115 -- Already validated.
 		data := func(context.Context) (io.ReadCloser, error) {
 			return rc, nil
 		}

internal/processing/media/create.go

@@ -36,9 +36,10 @@ func (p *Processor) Create(ctx context.Context, account *gtsmodel.Account, form
 
 	// Get maximum supported local media size.
 	maxsz := config.GetMediaLocalMaxSize()
+	maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated.
 
 	// Ensure media within size bounds.
-	if form.File.Size > int64(maxsz) {
+	if form.File.Size > maxszInt64 {
 		text := fmt.Sprintf("media exceeds configured max size: %s", maxsz)
 		return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
 	}
@@ -58,7 +59,7 @@ func (p *Processor) Create(ctx context.Context, account *gtsmodel.Account, form
 	}
 
 	// Wrap the multipart file reader to ensure is limited to max.
-	rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz))
+	rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64)
 
 	// Create local media and write to instance storage.
 	attachment, errWithCode := p.c.StoreLocalMedia(ctx,

internal/transport/derefmedia.go

@@ -53,7 +53,7 @@ func (t *transport) DereferenceMedia(ctx context.Context, iri *url.URL, maxsz in
 	// Check media within size limit.
 	if rsp.ContentLength > maxsz {
 		_ = rsp.Body.Close()       // close early.
-		sz := bytesize.Size(maxsz) // nicer log format
+		sz := bytesize.Size(maxsz) //nolint:gosec
 		return nil, gtserror.Newf("media body exceeds max size %s", sz)
 	}
 

internal/typeutils/internaltofrontend.go

@@ -647,7 +647,7 @@ func (c *Converter) AttachmentToAPIAttachment(ctx context.Context, media *gtsmod
 			Size:      toAPISize(media.FileMeta.Original.Width, media.FileMeta.Original.Height),
 			FrameRate: toAPIFrameRate(media.FileMeta.Original.Framerate),
 			Duration:  util.PtrOrZero(media.FileMeta.Original.Duration),
-			Bitrate:   int(util.PtrOrZero(media.FileMeta.Original.Bitrate)),
+			Bitrate:   util.PtrOrZero(media.FileMeta.Original.Bitrate),
 		}
 
 		// Copy over local file URL.
@@ -1529,9 +1529,9 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins
 		Version:              config.GetSoftwareVersion(),
 		Languages:            config.GetInstanceLanguages().TagStrs(),
 		Registrations:        config.GetAccountsRegistrationOpen(),
-		ApprovalRequired:     true,  // approval always required
+		ApprovalRequired:     true,                               // approval always required
-		InvitesEnabled:       false, // todo: not supported yet
+		InvitesEnabled:       false,                              // todo: not supported yet
-		MaxTootChars:         uint(config.GetStatusesMaxChars()),
+		MaxTootChars:         uint(config.GetStatusesMaxChars()), // #nosec G115 -- Already validated.
 		Rules:                c.InstanceRulesToAPIRules(i.Rules),
 		Terms:                i.Terms,
 		TermsRaw:             i.TermsText,
@@ -1551,9 +1551,9 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins
 	instance.Configuration.Statuses.CharactersReservedPerURL = instanceStatusesCharactersReservedPerURL
 	instance.Configuration.Statuses.SupportedMimeTypes = instanceStatusesSupportedMimeTypes
 	instance.Configuration.MediaAttachments.SupportedMimeTypes = media.SupportedMIMETypes
-	instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize())
+	instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
 	instance.Configuration.MediaAttachments.ImageMatrixLimit = instanceMediaAttachmentsImageMatrixLimit
-	instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize())
+	instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
 	instance.Configuration.MediaAttachments.VideoFrameRateLimit = instanceMediaAttachmentsVideoFrameRateLimit
 	instance.Configuration.MediaAttachments.VideoMatrixLimit = instanceMediaAttachmentsVideoMatrixLimit
 	instance.Configuration.Polls.MaxOptions = config.GetStatusesPollMaxOptions()
@@ -1563,7 +1563,7 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins
 	instance.Configuration.Accounts.AllowCustomCSS = config.GetAccountsAllowCustomCSS()
 	instance.Configuration.Accounts.MaxFeaturedTags = instanceAccountsMaxFeaturedTags
 	instance.Configuration.Accounts.MaxProfileFields = instanceAccountsMaxProfileFields
-	instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize())
+	instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated.
 	instance.Configuration.OIDCEnabled = config.GetOIDCEnabled()
 
 	// URLs
@@ -1695,9 +1695,9 @@ func (c *Converter) InstanceToAPIV2Instance(ctx context.Context, i *gtsmodel.Ins
 	instance.Configuration.Statuses.CharactersReservedPerURL = instanceStatusesCharactersReservedPerURL
 	instance.Configuration.Statuses.SupportedMimeTypes = instanceStatusesSupportedMimeTypes
 	instance.Configuration.MediaAttachments.SupportedMimeTypes = media.SupportedMIMETypes
-	instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize())
+	instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
 	instance.Configuration.MediaAttachments.ImageMatrixLimit = instanceMediaAttachmentsImageMatrixLimit
-	instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize())
+	instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
 	instance.Configuration.MediaAttachments.VideoFrameRateLimit = instanceMediaAttachmentsVideoFrameRateLimit
 	instance.Configuration.MediaAttachments.VideoMatrixLimit = instanceMediaAttachmentsVideoMatrixLimit
 	instance.Configuration.Polls.MaxOptions = config.GetStatusesPollMaxOptions()
@@ -1707,7 +1707,7 @@ func (c *Converter) InstanceToAPIV2Instance(ctx context.Context, i *gtsmodel.Ins
 	instance.Configuration.Accounts.AllowCustomCSS = config.GetAccountsAllowCustomCSS()
 	instance.Configuration.Accounts.MaxFeaturedTags = instanceAccountsMaxFeaturedTags
 	instance.Configuration.Accounts.MaxProfileFields = instanceAccountsMaxProfileFields
-	instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize())
+	instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated.
 	instance.Configuration.OIDCEnabled = config.GetOIDCEnabled()
 
 	// registrations

internal/web/index.go

@@ -60,7 +60,7 @@ func (m *Module) indexHandler(c *gin.Context) {
 		Instance:    instance,
 		OGMeta:      apiutil.OGBase(instance),
 		Stylesheets: []string{cssAbout, cssIndex},
-		Extra:       map[string]any{"showStrap": true},
+		Extra:       map[string]any{"showStrap": true, "showLoginButton": true},
 	}
 
 	apiutil.TemplateWebPage(c, page)

internal/web/login.go

@@ -0,0 +1,63 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package web
+
+import (
+	"context"
+
+	"github.com/gin-gonic/gin"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+)
+
+const (
+	loginPath = "/login"
+)
+
+func (m *Module) loginGETHandler(c *gin.Context) {
+	instance, errWithCode := m.processor.InstanceGetV1(c.Request.Context())
+	if errWithCode != nil {
+		apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	// Return instance we already got from the db,
+	// don't try to fetch it again when erroring.
+	instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) {
+		return instance, nil
+	}
+
+	// We only serve text/html at this endpoint.
+	if _, err := apiutil.NegotiateAccept(c, apiutil.TextHTML); err != nil {
+		apiutil.WebErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), instanceGet)
+		return
+	}
+
+	page := apiutil.WebPage{
+		Template:    "login.tmpl",
+		Instance:    instance,
+		OGMeta:      apiutil.OGBase(instance),
+		Stylesheets: []string{cssLogin},
+		Extra: map[string]any{
+			"showStrap": false,
+		},
+	}
+
+	apiutil.TemplateWebPage(c, page)
+}

internal/web/web.go

@@ -61,6 +61,7 @@
 	cssFA       = assetsPathPrefix + "/Fork-Awesome/css/fork-awesome.min.css"
 	cssAbout    = distPathPrefix + "/about.css"
 	cssIndex    = distPathPrefix + "/index.css"
+	cssLogin    = distPathPrefix + "/login.css"
 	cssStatus   = distPathPrefix + "/status.css"
 	cssThread   = distPathPrefix + "/thread.css"
 	cssProfile  = distPathPrefix + "/profile.css"
@@ -119,6 +120,7 @@ func (m *Module) Route(r *router.Router, mi ...gin.HandlerFunc) {
 	r.AttachHandler(http.MethodPost, confirmEmailPath, m.confirmEmailPOSTHandler)
 	r.AttachHandler(http.MethodGet, robotsPath, m.robotsGETHandler)
 	r.AttachHandler(http.MethodGet, aboutPath, m.aboutGETHandler)
+	r.AttachHandler(http.MethodGet, loginPath, m.loginGETHandler)
 	r.AttachHandler(http.MethodGet, domainBlockListPath, m.domainBlockListGETHandler)
 	r.AttachHandler(http.MethodGet, tagsPath, m.tagGETHandler)
 	r.AttachHandler(http.MethodGet, signupPath, m.signupGETHandler)

web/source/css/login.css

@@ -0,0 +1,119 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+.about-section.settings {
+	display: flex;
+	flex-direction: row;
+	gap: 1rem;
+	align-items: center;
+	justify-content: center;
+
+	padding-top: 1rem !important;
+	padding-bottom: 1rem !important;
+
+	p.settings-text {
+		margin-top: auto;
+		margin-bottom: auto;
+		flex: auto;
+	}
+
+	.settings-button {
+		flex: auto;
+	}
+
+}
+
+/*
+	Reuse about styling, but rework it
+	to separate sections a bit more.
+*/
+.about {
+	display: flex;
+	flex-direction: column;
+	gap: 2rem;
+	padding: 0;
+	
+	background: initial;
+	box-shadow: initial;
+	border: initial;
+	border-radius: initial;
+
+	.about-section {
+		padding: 2rem;
+		background: $bg-accent;
+		box-shadow: $boxshadow;
+		border: $boxshadow-border;
+		border-radius: $br;
+
+		h3 {
+			margin-top: 0px;
+		}
+	}
+}
+
+.apps {
+	align-self: start;
+
+	.applist {
+		margin: 0;
+		padding: 0;
+
+		display: grid;
+		grid-template-columns: 1fr 1fr;
+		grid-gap: 0.5rem;
+		align-content: start;
+
+		.applist-entry {
+			display: grid;
+			grid-template-columns: 25% 1fr;
+			grid-template-areas: "logo text";
+			gap: 1.5rem;
+			padding: 0.5rem;
+
+			.applist-logo {
+				grid-area: logo;
+				align-self: center;
+				justify-self: center;
+				width: 100%;
+				object-fit: contain;
+				flex: 1 1 auto;
+			}
+
+			.applist-logo.redraw {
+				fill: $fg;
+				stroke: $fg;
+			}
+
+			.applist-text {
+				grid-area: text;
+				
+				a {
+					font-weight: bold;
+				}
+			}
+		}
+	}
+}
+
+@media screen and (max-width: 600px) {
+	.apps .applist {
+		grid-template-columns: 1fr;
+	}
+}
+

web/source/css/page.css

@@ -116,3 +116,9 @@
 		text-align: center;
 	}
 }
+
+.login {
+	position: absolute;
+	top: 2vh;
+	right: 2vh;
+}

web/template/login.tmpl

@@ -0,0 +1,28 @@
+{{- /*
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/ -}}
+
+<main class="about">
+    <section role="region" class="about-section settings">
+        <p class="settings-text">
+            Looking to configure your profile and other settings?
+        </p>
+        <a href="/settings" class="settings-button button with-icon">Settings</a>
+    </section>
+    {{- include "index_apps.tmpl" . | indent 1 }}
+</main>

web/template/login_button.tmpl

@@ -0,0 +1,22 @@
+{{- /*
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/ -}}
+
+{{- if .showLoginButton }}
+<div class="login"><a href="/login" class="button with-icon">Log in</a></div>
+{{- end }}

web/template/page.tmpl

@@ -71,7 +71,9 @@ image/webp
         {{- end }}
         <title>{{- template "instanceTitle" . -}}</title>
     </head>
-    <body class="page">
+    <body>
+        {{- include "login_button.tmpl" . | indent 3 }}
+        <div class="page">
         <header class="page-header">
             {{- include "page_header.tmpl" . | indent 3 }}
         </header>
@@ -81,5 +83,6 @@ image/webp
         <footer class="page-footer">
             {{- include "page_footer.tmpl" . | indent 3 }}
         </footer>
+        </div>
     </body>
 </html>