* Password reset
* Various improvements and fixes for password reset
- Reorganize src/mail.rs to make it cleaner
- add a build_mail function
- only make the requests invalid after 2 hours
- avoid infintely-growing list of requests by deleting them once completed, or after 24 hours
- avoid sending many requests for the same user
- validate the password reset form
* Avoid locking so many times
Fix durations
* Remove old requests even if the current one is not valid
* Remove unused feature
* Also remove the custom_derive and plugin features while we are at it
* Forgot a 0 è_é
* Avoid panicking while owning a request lock
* Use master branch of lettre so that we can build with the latest OpenSSL
* Fix the debug mailer
Fix#433
I added the repo link to Cargo.toml so that `software.repository` could be configurable like @rhaamo suggested. I don't know if it's ok to include `software.repository` without bumping the schema version, but I didn't know if that would break any clients that parse nodeinfo with a hardcoded schema version.
* Allow customizing max form size from env vars
* Add error page for unprocessable entities
And change default http port to 7878
* Improve char counter: under the editor, more discrete, and give it a default value
This pull request add a `categories` key to the web manifest. The categories key was [recently added](https://www.aaron-gustafson.com/notebook/categories-land-in-the-web-app-manifest/ "Blog post detailing the addition of categories to the spec") to the Web Manifest spec and is a list of categorizations you want to apply to your site that serves as a hint to search engines and webapp catalogs.
The categories can be anything and there is no standardized list of vaues. The W3C is maintaining a list of commonly used values [here](https://github.com/w3c/manifest/wiki/Categories). I added _social_ to Plume's manifest based on that list, but I think eventually allowing a user defined list would be better. I don't know if there's anything in Plume currently that would enable that.
- Use `Result` as much as possible
- Display errors instead of panicking
TODO (maybe in another PR? this one is already quite big):
- Find a way to merge Ructe/ErrorPage types, so that we can have routes returning `Result<X, ErrorPage>` instead of panicking when we have an `Error`
- Display more details about the error, to make it easier to debug
(sorry, this isn't going to be fun to review, the diff is huge, but it is always the same changes)
Add some support for comment visibility, fix#217
This add a new column to comment, denoting if they are public or not, and a new table linking private comments to those allowed to read them. There is currently no way to write a private comment from Plume.
Git is having a hard time what happened in Comment::from_activity, but most of it is just re-indentation because a new block was needed to please the borrow checker. I've marked with comments where things actually changed.
At this point only mentioned users can see private comments, even when posted as "follower only" or equivalent.
What should we do when someone isn't allowed to see a comment? Hide the whole thread, or just the comment? If hiding just the comment, should we mark there is a comment one can't see, but answers they can, or put other comments like if they answered to the same comment the hidden one do?
* Fix some follow issues
Fix not receiving notifications when followed by remote users
Fix imposibility to be unfollowed by Mastodon/Pleroma users (tested only against Pleroma)
* Fix notification on every post
* Fix issues with federation
Send Link instead of Object when emiting Follow request
Receive both Link and Object for Follow request
Don't panic when fetching user with no followers or posts from Pleroma
Reorder follower routes so Activity Pub one is reachable
* Generate absolute urls for mentions and tags
* Verify author when undoing activity by Link
* Remove use of String for body parameters
Create SignedJson and implement FromData for it
* Make Travis test on release
* Remove warning when installing and fix coverage
* Count items in database as much as possible
* Fix the tests
* Remove two useless queries
* Run pragma directive before each sqlite connection
* Pragma for tests too
* Remove debug messages
* Bump base64 from 0.9.3 to 0.10.0
* Bump bcrypt from 0.2.0 to 0.2.1
* Bump canapi from 0.1.0 to 0.2.0
* Bump failure from 0.1.2 to 0.1.3
* Bump hyper from 0.11.27 to 0.12.11
* Bump hyper from 0.11.27 to 0.12.16
* Bump lazy_static from 1.1.0 to 1.2.0
* Bump multipart from 0.15.3 to 0.15.4
* Bump openssl from 0.10.12 to 0.10.15
* Bump pulldown-cmark from 0.1.2 to 0.2.0
* Bump reqwest from 0.9.2 to 0.9.5
* Bump rocket from 0.4.0-rc.1 to 0.4.0
* Bump rpassword from 2.0.0 to 2.1.0
* Bump ructe from 0.5.2 to 0.5.4
* Bump serde_derive from 1.0.79 to 1.0.80
* Bump serde from 1.0.79 to 1.0.80
* Bump serde_json from 1.0.32 to 1.0.33
* Bump tera from 0.11.17 to 0.11.20
* Bump url from 1.7.1 to 1.7.2
* Bump validator to from 0.7.2 to 0.8.0
* Bump validator_derive from 0.7.2 to 0.8.0
* Bump whatlang from 0.5.0 to 0.6.0
* Remove hyper from plume-common dependencies
* Remove rpassword from Plume dependancies
* Upgrade compiler to nightly-2018-12-06
Use uri! to generate links instead of hardcoded urls
Fix#110
Fix invalid links needing to be POST forms
Translate login message for boost and like directly from template
Put js for search in its own file
All the template are now compiled at compile-time with the `ructe` crate.
I preferred to use it instead of askama because it allows more complex Rust expressions, where askama only supports a small subset of expressions and doesn't allow them everywhere (for instance, `{{ macro!() | filter }}` would result in a parsing error).
The diff is quite huge, but there is normally no changes in functionality.
Fixes#161 and unblocks #110 and #273
* Add search engine to the model
Add a Tantivy based search engine to the model
Implement most required functions for it
* Implement indexing and plm subcommands
Implement indexation on insert, update and delete
Modify func args to get the indexer where required
Add subcommand to initialize, refill and unlock search db
* Move to a new threadpool engine allowing scheduling
* Autocommit search index every half an hour
* Implement front part of search
Add default fields for search
Add new routes and templates for search and result
Implement FromFormValue for Page to reuse it on search result pagination
Add optional query parameters to paginate template's macro
Update to newer rocket_csrf, don't get csrf token on GET forms
* Handle process termination to release lock
Handle process termination
Add tests to search
* Add proper support for advanced search
Add an advanced search form to /search, in template and route
Modify Tantivy schema, add new tokenizer for some properties
Create new String query parser
Create Tantivy query AST from our own
* Split search.rs, add comment and tests
Split search.rs into multiple submodules
Add comments and tests for Query
Make user@domain be treated as one could assume
* Run cargo clippy on plume-common
Run clippy on plume-common and adjuste code accordingly
* Run cargo clippy on plume-model
Run clippy on plume-model and adjuste code accordingly
* Reduce need for allocation in plume-common
* Reduce need for allocation in plume-model
add a quick compilation failure if no database backend is enabled
* Run cargo clippy on plume-cli
* Run cargo clippy on plume
Add migration to fix typo
Add support for linking hashtags with posts
Rework tag search page so it says a nicer message than page not found
when no post use that tag
Add new string to translation
GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.
Thanks @fdb-hiroshima for noticing it!
follow review from @pwoolcoc, and do not use
SafeString::new(&<String>::new())
since this makes an allocation which will then just be thrown away.
Instead, we pass ""
long_description & short_description's documentation say they can be
Markdown, but they are String, not SafeString.
This led to escaped strings being printed in the editor
https://github.com/Plume-org/Plume/issues/220
With this patch, Plume will be use a more up-to-date revision of
Rocket, that works with nightly-2018-07-17. It may have been able to
make it work with a more recent revision, but it turns out rocket has
introduced several breaking changes so I’d rather fix those.
Besides updating rocket_i18n and rocket_csrf to use the same revision
than Plume, this patch deals with the new implementation of the
Uri<'_> type. It silents a class of warnings, to deal with a change in
rustc which affects diesel. This latter change should be reverted as
soon as diesel releases a new version of its crate.
The code is divided in three crates:
- plume-common, for the ActivityPub module, and some common utils
- plume-models, for the models and database-related code
- plume, the app itself
This new organization will allow to test it more easily, but also to create other tools that only reuse a little part of
the code (for instance a Wordpress import tool, that would just use the plume-models crate)