* Make a distinction between moderators and admins
And rework the user list in the moderation interface, to be able to run the same action on many users,
and to have a huge list of actions whithout loosing space.
* Make user's role an enum + make it impossible for a moderator to escalate privileges
With the help of diesel-derive-enum (maybe it could be used in other places too?)
Also, moderators are still able to grant or revoke moderation rights to other people, but maybe only admins should be able to do it?
* Cargo fmt
* copy/pasting is bad
* Remove diesel-derive-enum and use an integer instead
It was not compatible with both Postgres and SQlite, because for one it generated a schema
with the "User_role" type, but for the other it was "Text"…
* Reset translations
* Use an enum to avoid magic numbers + fix the tests
* Reset translations
* Fix down.sql
* Theming
- Custom CSS for blogs
- Custom themes for instance
- New dark theme
- UI to choose your instance theme
- Option to disable blog themes if you prefer to only have the instance theme
- UI to choose a blog theme
* Bump activitystreams-derive from 0.1.0 to 0.1.1
* Bump tantivy from 0.9.1 to 0.10.1
* Bump rpassword from 3.0.2 to 4.0.1
* Bump num_cpus from 1.10.0 to 1.10.1
* Bump serde_qs from 0.4.6 to 0.5.0
* Bump stdweb-internal-runtime from 0.1.3 to 0.1.4
* [Security] Bump smallvec from 0.6.9 to 0.6.10
* Bump chrono from 0.4.6 to 0.4.7
* Bump bcrypt from 0.4.0 to 0.5.0
* Bump serde_json from 1.0.39 to 1.0.40
* Bump tokio from 0.1.21 to 0.1.22
* Bump scheduled-thread-pool from 0.2.0 to 0.2.2
* Bump stdweb from 0.4.14 to 0.4.18
* Bump hyper from 0.12.29 to 0.12.33
* Bump reqwest from 0.9.17 to 0.9.19
* Bump url from 1.7.2 to 2.1.0
* send scheme as part of webfinger remote follow template
fixtsileo/microblog.pub#49
* bump webfinger to 0.4.1
* cargo fmt
* revert translations
* Use group: prefix for blog webfinger queries
* add shrinkwraprs and implement Id thru it
This also means we can automatically convert Id to String without using
.into()!
* cleanup with the help of clippy!
* cleanup with the help of cargo fmt!
* remove extra block
* Shrinkwrap Page, ContentLen and RemoteForm
* translations
[Security] Bump ammonia from 2.0.0 to 2.1.1
Bump bcrypt from 0.2.2 to 0.4.0
Bump clap from 2.32.0 to 2.33.0
Bump colored from 1.7.0 to 1.8.0
Bump ctrlc from 3.1.1 to 3.1.2
Bump diesel from 1.4.1 to 1.4.2
Bump dotenv from 0.13.0 to 0.14.0
Bump hyper from 0.12.25 to 0.12.28
Bump openssl from 0.10.19 to 0.10.22
Bump proc-macro2 from 0.4.27 to 0.4.30
Bump reqwest from 0.9.11 to 0.9.16
Bump rpassword from 2.1.0 to 3.0.2
Bump serde_derive from 1.0.80 to 1.0.82
Bump serde_derive from 1.0.89 to 1.0.91
Bump serde from 1.0.89 to 1.0.91
Bump serde_qs from 0.4.5 to 0.4.6
Bump stdweb from 0.4.14 to 0.4.17
Bump syn from 0.11.11 to 0.15.27
Bump whatlang from 0.7.0 to 0.7.1
* Add a way to display flash messages
* Make the flash messages look nice
* Add actual feedback messages
* cargo fmt
* Move flash messages to PlumeRocket
And add trait to convert PlumeRocket to BaseContext
* Remove useless lifetime
* import migrations via macro
* panic on database not to the latest migration
* add subcommand to plm
* create migration that run tantivy index creation
* remove diesel_cli from places it was
* use our migration system for tests
* create table __diesel_schema_migrations if needed
Add support for remote interaction ([this thing](https://eldritch.cafe/users/Barmaid/remote_follow) in mastodon)
- [x] create the endpoint dispatching remote interactions to local pages
- [x] add this endpoint to web-finger
- [x] propose remote interaction when following and not connected
- [x] propose remote interaction when liking/sharing and not connected
- [x] propose remote interaction when commenting and not connected
- [x] fetch posts/comments we don't know but remote interaction was requested for ?
* Big refactoring of the Inbox
We now have a type that routes an activity through the registered handlers
until one of them matches.
Each Actor/Activity/Object combination is represented by an implementation of AsObject
These combinations are then registered on the Inbox type, which will try to deserialize
the incoming activity in the requested types.
Advantages:
- nicer syntax: the final API is clearer and more idiomatic
- more generic: only two traits (`AsActor` and `AsObject`) instead of one for each kind of activity
- it is easier to see which activities we handle and which one we don't
* Small fixes
- Avoid panics
- Don't search for AP ID infinitely
- Code style issues
* Fix tests
* Introduce a new trait: FromId
It should be implemented for any AP object.
It allows to look for an object in database using its AP ID, or to dereference it if it was not present in database
Also moves the inbox code to plume-models to test it (and write a basic test for each activity type we handle)
* Use if let instead of match
* Don't require PlumeRocket::intl for tests
* Return early and remove a forgotten dbg!
* Add more tests to try to understand where the issues come from
* Also add a test for comment federation
* Don't check creation_date is the same for blogs
* Make user and blog federation more tolerant to errors/missing fields
* Make clippy happy
* Use the correct Accept header when dereferencing
* Fix follow approval with Mastodon
* Add spaces to characters that should not be in usernames
And validate blog names too
* Smarter dereferencing: only do it once for each actor/object
* Forgot some files
* Cargo fmt
* Delete plume_test
* Delete plume_tests
* Update get_id docs + Remove useless : Sized
* Appease cargo fmt
* Remove dbg! + Use as_ref instead of clone when possible + Use and_then instead of map when possible
* Remove .po~
* send unfollow to local instance
* read cover from update activity
* Make sure "cc" and "to" are never empty
and fix a typo in a constant name
* Cargo fmt
Upgrade rust-toolchain
Upgrade Tantivy
Warning: tantivy now use a different file format, search index may need to be deleted and recreated to work as intended
try to run compile twice in a row because sometime oomk is evil
* Implement find_for_comment for notifications
* Delete notifications when deleting a comment
This should tackle #463
* Apply rustfmt
* Implement `find_for_mention` and remove order by from `find_for_comment`
There is no need to order the notifications
* Delete notifications for mentions
* Fix notifications for comments and mentions
Also adds a parameter to `md_to_html` to only render inline elements (so that we don't have titles or images in blog descriptions). And moves the delete button for the blog on the edition page.
I still have to update the SQLite migration once others PRs with migrations will be merged.
Also, there will be a problem when you edit a blog while not owning its banner or icon: when validating they will be reset to their default values… I don't see a good solution to this until we have a better way to handle uploads with Rocket (the same is probably happening for articles btw).
And the icon/banner are not federated yet, I don't know if I should add it to this PR or if it can come after?
![image](https://user-images.githubusercontent.com/16254623/53894510-7d853300-4030-11e9-8a2c-f5c0b0c7f512.png)
![image](https://user-images.githubusercontent.com/16254623/53894539-8b3ab880-4030-11e9-8113-685a27be8d7c.png)
Fixes#453Fixes#454
We add clippy as our build — also rectifying the missing `plume-cli` build!
In the next step we follow clippy's advise and fix some of the "simple" mistakes in our code, such as style or map usage.
Finally, we refactor some hard bits that need extraction of new types, or refactoring of function call-types, especially those that thread thru macros, and, of course functions with ~15 parameters should probably be rethought.
* Slightly improve the media experience
- Use a grid to display the list of media
- Add icons for non-image media preview
- Paginate the gallery
- Add links to the gallery in the editor and in the profile settings to make it more discoverable when you need it
Fixes#432
* Allow video and audio tags in SafeString
Otherwise we can't display their preview, nor show them in articles
Also show controls by default for these two elements
* Show fallback images for audio and unknown files, to make them more visible
* Add a new constructor to SafeString when the input is trusted and doesn't need to be escaped.
And use it to generate media previews.
* Make it possible to insert video/audio in articles
* Bump serde from 1.0.82 to 1.0.84
* Bump ructe from 0.5.4 to 0.5.6
* Bump colored from 1.6.1 to 1.7.0
* Bump itertools from 0.7.11 to 0.8.0
* Bump ammonia from 1.2.0 to 2.0.0
* Bump hyper from 0.12.19 to 0.12.20
* Bump serde_derive from 1.0.80 to 1.0.84
* Bump stdweb from 0.4.12 to 0.4.13
* Bump rsass from 0.9.4 to 0.9.6
* Bump failure from 0.1.3 to 0.1.5
* Bump reqwest from 0.9.5 to 0.9.8
* Bump serde_derive from 0.7.1 to 0.8.0
- Use `Result` as much as possible
- Display errors instead of panicking
TODO (maybe in another PR? this one is already quite big):
- Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error`
- Display more details about the error, to make it easier to debug
(sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes)
Add some support for comment visibility, fix#217
This add a new column to comment, denoting if they are public or not, and a new table linking private comments to those allowed to read them. There is currently no way to write a private comment from Plume.
Git is having a hard time what happened in Comment::from_activity, but most of it is just re-indentation because a new block was needed to please the borrow checker. I've marked with comments where things actually changed.
At this point only mentioned users can see private comments, even when posted as "follower only" or equivalent.
What should we do when someone isn't allowed to see a comment? Hide the whole thread, or just the comment? If hiding just the comment, should we mark there is a comment one can't see, but answers they can, or put other comments like if they answered to the same comment the hidden one do?
* Fix some follow issues
Fix not receiving notifications when followed by remote users
Fix imposibility to be unfollowed by Mastodon/Pleroma users (tested only against Pleroma)
* Fix notification on every post
* Fix issues with federation
Send Link instead of Object when emiting Follow request
Receive both Link and Object for Follow request
Don't panic when fetching user with no followers or posts from Pleroma
Reorder follower routes so Activity Pub one is reachable
* Generate absolute urls for mentions and tags
* Verify author when undoing activity by Link
* Count items in database as much as possible
* Fix the tests
* Remove two useless queries
* Run pragma directive before each sqlite connection
* Pragma for tests too
* Remove debug messages
* Add some constraint at database level
Fixes#79 and should fix#201 and #113 as well
* Fix tests
Delete duplicated data before adding constraints (only with Postgres, there is no way to do it with Sqlite with complex constraints like the one we are using)
Remove the constraint on media path
* We don't need to drop the media unique constraint anymore
Because we deleted it
* Bump base64 from 0.9.3 to 0.10.0
* Bump bcrypt from 0.2.0 to 0.2.1
* Bump canapi from 0.1.0 to 0.2.0
* Bump failure from 0.1.2 to 0.1.3
* Bump hyper from 0.11.27 to 0.12.11
* Bump hyper from 0.11.27 to 0.12.16
* Bump lazy_static from 1.1.0 to 1.2.0
* Bump multipart from 0.15.3 to 0.15.4
* Bump openssl from 0.10.12 to 0.10.15
* Bump pulldown-cmark from 0.1.2 to 0.2.0
* Bump reqwest from 0.9.2 to 0.9.5
* Bump rocket from 0.4.0-rc.1 to 0.4.0
* Bump rpassword from 2.0.0 to 2.1.0
* Bump ructe from 0.5.2 to 0.5.4
* Bump serde_derive from 1.0.79 to 1.0.80
* Bump serde from 1.0.79 to 1.0.80
* Bump serde_json from 1.0.32 to 1.0.33
* Bump tera from 0.11.17 to 0.11.20
* Bump url from 1.7.1 to 1.7.2
* Bump validator to from 0.7.2 to 0.8.0
* Bump validator_derive from 0.7.2 to 0.8.0
* Bump whatlang from 0.5.0 to 0.6.0
* Remove hyper from plume-common dependencies
* Remove rpassword from Plume dependancies
* Upgrade compiler to nightly-2018-12-06
All the template are now compiled at compile-time with the `ructe` crate.
I preferred to use it instead of askama because it allows more complex Rust expressions, where askama only supports a small subset of expressions and doesn't allow them everywhere (for instance, `{{ macro!() | filter }}` would result in a parsing error).
The diff is quite huge, but there is normally no changes in functionality.
Fixes#161 and unblocks #110 and #273
* Add search engine to the model
Add a Tantivy based search engine to the model
Implement most required functions for it
* Implement indexing and plm subcommands
Implement indexation on insert, update and delete
Modify func args to get the indexer where required
Add subcommand to initialize, refill and unlock search db
* Move to a new threadpool engine allowing scheduling
* Autocommit search index every half an hour
* Implement front part of search
Add default fields for search
Add new routes and templates for search and result
Implement FromFormValue for Page to reuse it on search result pagination
Add optional query parameters to paginate template's macro
Update to newer rocket_csrf, don't get csrf token on GET forms
* Handle process termination to release lock
Handle process termination
Add tests to search
* Add proper support for advanced search
Add an advanced search form to /search, in template and route
Modify Tantivy schema, add new tokenizer for some properties
Create new String query parser
Create Tantivy query AST from our own
* Split search.rs, add comment and tests
Split search.rs into multiple submodules
Add comments and tests for Query
Make user@domain be treated as one could assume
* Run cargo clippy on plume-common
Run clippy on plume-common and adjuste code accordingly
* Run cargo clippy on plume-model
Run clippy on plume-model and adjuste code accordingly
* Reduce need for allocation in plume-common
* Reduce need for allocation in plume-model
add a quick compilation failure if no database backend is enabled
* Run cargo clippy on plume-cli
* Run cargo clippy on plume
For now it only generate a "fake" URI for accept follow activities, but it should be possible to get the URI dereferencable later.
Also I don't know if this URI looks ok, I tried to get something kind of future-proof, but I don't really know about the actual URIs conventions.
Closes#313
Add migration to fix typo
Add support for linking hashtags with posts
Rework tag search page so it says a nicer message than page not found
when no post use that tag
Add new string to translation
we move our PostgreSQL specific migrations to a subdirectory.
The SQLite migrations have been created by running `diesel` against a
copy, and then fixing what's broken.
In the end i reduced all modifications to a single create, since we
*are* starting out fresh with SQLite.
n.b.: i'm not entirely happy with the results yet, because diesel
heavily modifies our `plume-models/src/schema.rs`.
I'll keep fiddling until we have the same types between the two
databases.
follow review from @pwoolcoc, and do not use
SafeString::new(&<String>::new())
since this makes an allocation which will then just be thrown away.
Instead, we pass ""
long_description & short_description's documentation say they can be
Markdown, but they are String, not SafeString.
This led to escaped strings being printed in the editor
https://github.com/Plume-org/Plume/issues/220
With this patch, Plume will be use a more up-to-date revision of
Rocket, that works with nightly-2018-07-17. It may have been able to
make it work with a more recent revision, but it turns out rocket has
introduced several breaking changes so I’d rather fix those.
Besides updating rocket_i18n and rocket_csrf to use the same revision
than Plume, this patch deals with the new implementation of the
Uri<'_> type. It silents a class of warnings, to deal with a change in
rustc which affects diesel. This latter change should be reverted as
soon as diesel releases a new version of its crate.