Commit Graph

2123 Commits

Author SHA1 Message Date
Trinity Pointard
d3ed2d8af5 Fix regression and update rocket_csrf
Fix account creation, introduced by fceb9ab
Update to latest rocket_csrf
2018-10-02 11:51:12 +02:00
Baptiste Gelez
6738883f2b
Merge pull request #250 from fdb-hiroshima/feature/underlined_links
Add link underline for main body
2018-10-01 12:42:54 +01:00
Bat
07f2c979ec Make the REST API compatible with SQlite 2018-09-30 14:21:07 +01:00
Bat
bd80430b1b
Document model macros 2018-09-30 14:13:56 +02:00
Bat
743620eb6a
Fix the SQlite build 2018-09-30 14:13:56 +02:00
Bat
535c68b423
Run Travis for SQlite too 2018-09-30 14:13:55 +02:00
Bat
38d737ed0c
Introduce features to choose between SQlite or Postgres 2018-09-30 14:13:54 +02:00
Igor Galić
88456faf84
align types between sqlite & postgres
this one's achieved by adding "NOT NULL" at the *correct* position in
SQLite's create tables.
2018-09-30 14:13:53 +02:00
Igor Galić
b28bef20a7
align types between sqlite & postgres
use DATETIME for SQLite's time type. This way, Diesel picks up on what
it's supposed to be.
2018-09-30 14:13:52 +02:00
Igor Galić
1f8680c4c5
add sqlite migrations
we move our PostgreSQL specific migrations to a subdirectory.
The SQLite migrations have been created by running `diesel` against a
copy, and then fixing what's broken.
In the end i reduced all modifications to a single create, since we
*are* starting out fresh with SQLite.

n.b.: i'm not entirely happy with the results yet, because diesel
heavily modifies our `plume-models/src/schema.rs`.
I'll keep fiddling until we have the same types between the two
databases.
2018-09-30 14:13:52 +02:00
Igor Galić
e5691f7b23
add sqlite as diesel dependency 2018-09-30 14:13:42 +02:00
Trinity Pointard
d610ed1641 Add verify() to the Signer trait
And implement it for Blog and User
2018-09-30 12:08:04 +02:00
Trinity Pointard
eafe1ed490 Add content digest to signed http headers
Sign the Digest HTTP header
2018-09-30 12:08:04 +02:00
Trinity Pointard
fceb9ab0cd Update cookie management a bit
Update to latest rocket_csrf
Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275)
2018-09-30 11:56:12 +02:00
Dominik Pataky
31a3e6c825 Revert icon injection 2018-09-29 21:42:51 +02:00
Dominik Pataky
83c4387e94 Add link underline for main body; add link icon
Links in the main body part are now underlined on mouse hover.
<a> tags in the article content are expanded by an icon from
FontAwesome.

Fixes #140
2018-09-29 21:41:02 +02:00
Baptiste Gelez
1e3f40833d
Add a link to Loomio in the README 2018-09-29 19:25:27 +01:00
Bat
6f8630df2e Use <div> for avatars
<img> is displayed as an error without src, in Chrome

Fixes #222
2018-09-29 18:29:22 +01:00
Baptiste Gelez
05f3ecabd6
Merge pull request #248 from maximesrd/patch-4
Bad commands in the update guide
2018-09-29 17:03:33 +01:00
maximesrd
a1530791ef
Update UPDATE.md 2018-09-29 18:00:48 +02:00
Baptiste Gelez
236cf14406
Merge pull request #245 from Plume-org/rest-api
Some API endpoints for articles
2018-09-29 16:33:31 +01:00
Bat
72fd9eb610 API: Filter posts in the list 2018-09-29 15:45:27 +01:00
maximesrd
3b288c2dad
Update UPDATE.md 2018-09-29 15:34:59 +02:00
maximesrd
b97b0233da
Update UPDATE.md 2018-09-29 15:34:29 +02:00
maximesrd
db4c939be8
Bad commands 2018-09-29 15:02:17 +02:00
Baptiste Gelez
975f8d0393
Merge pull request #246 from fediverse-pl/master
i18n: Update Polish translation
2018-09-27 19:25:12 +01:00
Marcin Mikołajczak
47eeed1008 i18n: Update Polish translation
Signed-off-by: Marcin Mikołajczak <me@m4sk.in>
2018-09-27 12:42:09 +02:00
Bat
f893056d6d Mount the API endpoints 2018-09-25 20:45:32 +01:00
Bat
472da486e9 Fix the canapi::Provider impl for Post 2018-09-25 20:10:18 +01:00
Baptiste Gelez
ba3dd3304c
Merge pull request #243 from rhonda/master
Updated German translation
2018-09-25 15:38:58 +01:00
Rhonda D'Vine
88d8fb95c3 Updated German translation 2018-09-25 16:27:59 +02:00
Baptiste Gelez
9650fdbfb5
Merge pull request #242 from Atul9/fix-broken-link
#227 Fix broken link on blog page
2018-09-24 20:35:20 +01:00
Atul Bhosale
3dce53d899
Fix broken link on blog page 2018-09-24 23:46:32 +05:30
Baptiste Gelez
05fb7c9b42
Merge pull request #238 from Plume-org/csrf-issues
Fix CSRF issues
2018-09-21 13:37:35 +01:00
Baptiste Gelez
7afe249a75
Merge pull request #240 from OpenAlgeria/patch-1
Update INSTALL.md
2018-09-20 19:23:49 +01:00
OpenAlgeria
5d21e26406
Update INSTALL.md 2018-09-20 15:21:32 +02:00
Bat
d8ca1d70b7 Fix CSRF issues
GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.

Thanks @fdb-hiroshima for noticing it!
2018-09-19 18:13:07 +01:00
Trinity Pointard
f0fb030c7f Update recommended nginx config
Update recommended nginx config to allow iframes
close #234
2018-09-19 18:18:39 +02:00
Bat
1500267125 Add canapi and try to use for the API 2018-09-19 15:49:34 +01:00
Trinity Pointard
fab6360100 Be less restrictive on authorized html tags
Allow users to add ids to tags
Allow users to use iframes
2018-09-19 10:51:27 +02:00
Baptiste Gelez
2bc6052a35
Replace plume by DATABASE_NAME in the docs
To make it clearer you can have multiple Plume instances/databases on the same server, and that this part of the URL may change too.
2018-09-18 21:40:20 +01:00
Baptiste Gelez
d8bfd6d39f
Create ISSUE_TEMPLATE.md 2018-09-18 15:40:17 +01:00
Baptiste Gelez
064c5961e7
Add a CoC
Finally!
2018-09-18 13:59:43 +01:00
Baptiste Gelez
eb24ba1774
Merge pull request #223 from igalic/fix/safe-string
make blog/instance description a SafeString
2018-09-14 20:56:13 +01:00
Igor Galić
fb074e6344
render SafeString thru |safe
thanks again to @fdb-hiroshima for pointing me in the right direction!
2018-09-14 21:44:32 +02:00
Igor Galić
06718a5c8a
directly use SafeString in InstanceSettingsForm 2018-09-14 20:25:16 +02:00
Igor Galić
d62c72dde0
allocate new SafeString in FromFormValue impl
thanks to @fdb-hiroshima for this review!
2018-09-14 19:50:59 +02:00
Igor Galić
0897088aa5
add implementation for FromFormValue for SafeString
thanks again to @pwoolcoc for this!
2018-09-14 18:26:42 +02:00
Igor Galić
65e213309b
do not allocate empty strings
follow review from @pwoolcoc, and do not use

    SafeString::new(&<String>::new())

since this makes an allocation which will then just be thrown away.
Instead, we pass ""
2018-09-14 18:24:27 +02:00
Igor Galić
f5c299f23c
make blog/instance description a SafeString
long_description & short_description's documentation say they can be
Markdown, but they are String, not SafeString.

This led to escaped strings being printed in the editor
https://github.com/Plume-org/Plume/issues/220
2018-09-14 15:14:24 +02:00