Commit Graph

99 Commits

Author SHA1 Message Date
fdb-hiroshima
c4a4ea5b6c Support blind key rotation (#399)
* Allow receiving objects with new unknown key

* Rotate key after sending Delete activity

* Do the right check
2019-01-05 22:30:28 +01:00
fdb-hiroshima
2333d898b9 Add new subcomand for plm to reset password (#406)
* Add new subcomand for plm to reset password

* Verify user exist before asking for new password
2019-01-03 16:45:27 +01:00
Baptiste Gelez
80a4dae8bd
Avoid panics (#392)
- Use `Result` as much as possible
- Display errors instead of panicking

TODO (maybe in another PR? this one is already quite big):
- Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error`
- Display more details about the error, to make it easier to debug

(sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes)
2018-12-29 09:36:07 +01:00
fdb-hiroshima
fdfeeed6d9 Comment visibility (#364)
Add some support for comment visibility, fix #217 

This add a new column to comment, denoting if they are public or not, and a new table linking private comments to those allowed to read them. There is currently no way to write a private comment from Plume.
Git is having a hard time what happened in Comment::from_activity, but most of it is just re-indentation because a new block was needed to please the borrow checker. I've marked with comments where things actually changed.
At this point only mentioned users can see private comments, even when posted as "follower only" or equivalent.

What should we do when someone isn't allowed to see a comment? Hide the whole thread, or just the comment? If hiding just the comment, should we mark there is a comment one can't see, but answers they can, or put other comments like if they answered to the same comment the hidden one do?
2018-12-24 11:23:04 +01:00
fdb-hiroshima
0ea1d57e48
Fix some federation issues (#357)
* Fix some follow issues

Fix not receiving notifications when followed by remote users
Fix imposibility to be unfollowed by Mastodon/Pleroma users (tested only against Pleroma)

* Fix notification on every post

* Fix issues with federation

Send Link instead of Object when emiting Follow request
Receive both Link and Object for Follow request
Don't panic when fetching user with no followers or posts from Pleroma
Reorder follower routes so Activity Pub one is reachable

* Generate absolute urls for mentions and tags

* Verify author when undoing activity by Link
2018-12-23 11:12:15 +01:00
Baptiste Gelez
38302203f4
Count items in database as much as possible (#344)
* Count items in database as much as possible

* Fix the tests

* Remove two useless queries

* Run pragma directive before each sqlite connection

* Pragma for tests too

* Remove debug messages
2018-12-14 23:16:18 +01:00
Baptiste Gelez
61b6ceed92
Add some constraint at database level (#342)
* Add some constraint at database level

Fixes #79 and should fix #201 and #113 as well

* Fix tests

Delete duplicated data before adding constraints (only with Postgres, there is no way to do it with Sqlite with complex constraints like the one we are using)

Remove the constraint on media path

* We don't need to drop the media unique constraint anymore

Because we deleted it
2018-12-09 18:44:26 +01:00
Baptiste Gelez
70af57c6e1
Use Ructe (#327)
All the template are now compiled at compile-time with the `ructe` crate.

I preferred to use it instead of askama because it allows more complex Rust expressions, where askama only supports a small subset of expressions and doesn't allow them everywhere (for instance, `{{ macro!() | filter }}` would result in a parsing error).

The diff is quite huge, but there is normally no changes in functionality.

Fixes #161 and unblocks #110 and #273
2018-12-06 18:54:16 +01:00
Trinity Pointard
ed71d24fe9 Verify remote user name and media url 2018-12-02 19:09:17 +01:00
fdb-hiroshima
449641d158
Add a search engine into Plume (#324)
* Add search engine to the model

Add a Tantivy based search engine to the model
Implement most required functions for it

* Implement indexing and plm subcommands

Implement indexation on insert, update and delete
Modify func args to get the indexer where required
Add subcommand to initialize, refill and unlock search db

* Move to a new threadpool engine allowing scheduling

* Autocommit search index every half an hour

* Implement front part of search

Add default fields for search
Add new routes and templates for search and result
Implement FromFormValue for Page to reuse it on search result pagination
Add optional query parameters to paginate template's macro
Update to newer rocket_csrf, don't get csrf token on GET forms

* Handle process termination to release lock

Handle process termination
Add tests to search

* Add proper support for advanced search

Add an advanced search form to /search, in template and route
Modify Tantivy schema, add new tokenizer for some properties
Create new String query parser
Create Tantivy query AST from our own

* Split search.rs, add comment and tests

Split search.rs into multiple submodules
Add comments and tests for Query
Make user@domain be treated as one could assume
2018-12-02 17:37:51 +01:00
fdb-hiroshima
74c398d60c
Run cargo clippy on whole project (#322)
* Run cargo clippy on plume-common

Run clippy on plume-common and adjuste code accordingly

* Run cargo clippy on plume-model

Run clippy on plume-model and adjuste code accordingly

* Reduce need for allocation in plume-common

* Reduce need for allocation in plume-model

add a quick compilation failure if no database backend is enabled

* Run cargo clippy on plume-cli

* Run cargo clippy on plume
2018-11-26 10:21:52 +01:00
fdb-hiroshima
8a4702df92 Add unit tests for main model parts (#310)
Add tests for following models:
- Blog
- Instance
- Media
- User
2018-11-24 12:44:17 +01:00
Trinity Pointard
4e6f3209d5 Normalize panic message
Change all unwrap to expect
Normalize expect's messages
Don't panic where it could be avoided easily
2018-10-20 08:44:33 +02:00
Trinity Pointard
ed5bafbbc4 Update webfinger and reqwest
Update webfinger to 0.3.1
Update reqwest to 0.9
Fix #257
2018-10-11 13:51:45 +02:00
Baptiste Gelez
8fdb55a501
Merge pull request #256 from Plume-org/verify-signature
Verify activity's signature
2018-10-10 21:31:11 +01:00
Bat
d08c21d58d Delete posts when deleting account 2018-10-06 12:37:28 +01:00
Trinity Pointard
0a5d435249 Verify http signatures 2018-10-03 09:31:38 +02:00
Bat
743620eb6a
Fix the SQlite build 2018-09-30 14:13:56 +02:00
Bat
38d737ed0c
Introduce features to choose between SQlite or Postgres 2018-09-30 14:13:54 +02:00
Trinity Pointard
d610ed1641 Add verify() to the Signer trait
And implement it for Blog and User
2018-09-30 12:08:04 +02:00
Igor Galić
65e213309b
do not allocate empty strings
follow review from @pwoolcoc, and do not use

    SafeString::new(&<String>::new())

since this makes an allocation which will then just be thrown away.
Instead, we pass ""
2018-09-14 18:24:27 +02:00
Igor Galić
f5c299f23c
make blog/instance description a SafeString
long_description & short_description's documentation say they can be
Markdown, but they are String, not SafeString.

This led to escaped strings being printed in the editor
https://github.com/Plume-org/Plume/issues/220
2018-09-14 15:14:24 +02:00
Bat
10da8f31b6 Hide articles on public pages
Only show them in the dashboard
2018-09-10 20:06:00 +01:00
Bat
642884034d Fix build errors 2018-09-09 12:37:20 +01:00
Bat
08cb337df6 Broadcast activities to all known instances
We consider everything posted with Plume public (for the moment at least)
2018-09-09 12:19:11 +01:00
Bat
1f2bd105b6 Implement user ban 2018-09-09 11:25:55 +01:00
Bat
d60289aac8 Local instance ID is 1, not 0
This prevented local users from being removed before broadcasting an activity.

Fixes #113
2018-09-04 14:02:01 +01:00
Bat
32a4949f25 Update user information if needed
When a remote is displayed, if it has not been updated since at least 24 hours, newer informations are fetched.

Fixes #135
2018-09-03 19:53:20 +01:00
Bat
78b3202a32 Reduce a little bit bcrypt cost
From 12 to 10, to make login time shorter.
2018-09-03 17:51:32 +01:00
Bat
820516bfe5 Federate avatars 2018-09-03 13:48:34 +01:00
Bat
e2e7d10929 Make it possible to choose an avatar 2018-09-03 13:04:17 +01:00
Bat
aa5fa11218 Add support for avatars, and fetch remote ones 2018-09-03 12:17:59 +01:00
Bat
ed8982b7fd Add a presentation of Plume and of the instance on the homepage
Fixes #132
2018-07-27 22:16:17 +02:00
Bat
74ec59e77c Add some configuration options for instance admins 2018-07-27 19:05:36 +02:00
Bat
38d99ad5af Try to fetch followers 2018-07-27 12:53:21 +02:00
Bat
0314629d99 Improve the background article fetching code 2018-07-26 22:59:41 +02:00
Bat
bd259891f3 Try to fetch remote articles 2018-07-26 22:23:53 +02:00
Bat
5583029b07 Update the WebFinger crate
Fixes an issue with some Mastodon accounts
2018-07-26 21:35:35 +02:00
Bat
5980c7b299 Simplify the logic to fallback to the FQN when no display name is available 2018-07-26 16:36:19 +02:00
Bat
4e07fdbd05 Paginate followers too 2018-07-25 15:50:29 +02:00
Bat
b0e75f4d63 Fix the behavior of the follow button
There was a bug in Tera and in the User::is_following function.

Fix #146
2018-07-20 17:51:32 +02:00
Bat
9701340c84 Allow the summary property to be absent from AP Actors 2018-07-19 10:41:37 +02:00
Bat
2b04b39f5d Correctly parse HTTP Accept headers 2018-07-18 16:58:28 +02:00
Bat
3d436c10b1 Accept more content types when making AP requests 2018-07-18 16:25:02 +02:00
Bat
389ad28d14 Don't broadcast activities to local users
Fix #80
2018-07-18 15:49:13 +02:00
Bat
507d3e6183 Use USE_HTTPS to compute AP URLs
Instead of relying on cfg(debug_assertions)
2018-06-26 16:21:58 +02:00
Bat
f805ec1d53 Introduce an environment variable to disable HTTPS, and use it when fetching WebFinger resources
You can now use USE_HTTPS=0 when debugging the federation locally.
2018-06-26 16:16:59 +02:00
Trinity Pointard
5133410451 Properly verify password
fix #86
2018-06-25 15:38:39 +02:00
Bat
68c7aad179 Big repository reorganization
The code is divided in three crates:
- plume-common, for the ActivityPub module, and some common utils
- plume-models, for the models and database-related code
- plume, the app itself

This new organization will allow to test it more easily, but also to create other tools that only reuse a little part of
the code (for instance a Wordpress import tool, that would just use the plume-models crate)
2018-06-23 17:36:11 +01:00