Commit Graph

88 Commits

Author SHA1 Message Date
Trinity Pointard
ba4695f490 Add support for signature verification on pseudo header
Add support for pseudo-header '(request-target)'
Add some logging for denied request
2018-10-10 21:10:43 +02:00
Trinity Pointard
3466e55548 Implement JSON-ld signature verification
Implement JSON-ld signature verification
Move signature verification functions to the proper file
2018-10-06 10:06:06 +02:00
Trinity Pointard
62c94ed463 Refactor and verify http signature on personnal inbox
Verify signature on personnal inbox
Reduce code duplication
Put Headers in plume-models
2018-10-03 20:48:25 +02:00
Bat
d8ca1d70b7 Fix CSRF issues
GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.

Thanks @fdb-hiroshima for noticing it!
2018-09-19 18:13:07 +01:00
Bat
10da8f31b6 Hide articles on public pages
Only show them in the dashboard
2018-09-10 20:06:00 +01:00
Bat
de3707983a Account deletion
Fixes #182
2018-09-09 20:49:24 +01:00
Bat
f66ddf6ef2 Actually implement blocks 2018-09-08 22:05:48 +01:00
Baptiste Gelez
fe7f87c47f
Merge pull request #205 from lthms/recent_rocket
Update to a more recent rocket and rust toolchain
2018-09-08 19:06:52 +01:00
Thomas Letan
0ef4717a7f deps: Update to a more recent rocket and rust toolchain
With this patch, Plume will be use a more up-to-date revision of
Rocket, that works with nightly-2018-07-17. It may have been able to
make it work with a more recent revision, but it turns out rocket has
introduced several breaking changes so I’d rather fix those.

Besides updating rocket_i18n and rocket_csrf to use the same revision
than Plume, this patch deals with the new implementation of the
Uri<'_> type. It silents a class of warnings, to deal with a change in
rustc which affects diesel. This latter change should be reverted as
soon as diesel releases a new version of its crate.
2018-09-08 15:51:55 +02:00
Bat
2822f8efe9 Don't show the "Registrations closed" message if there is an error when creating a new user 2018-09-07 20:13:14 +01:00
Bat
7653551d57 Fix some compilation errors 2018-09-04 11:45:41 +01:00
Bat
dcebc4653a Make it possible to unfollow someone
I was sure it was already implemented, but it looks like it wasn't
2018-09-04 11:37:58 +01:00
Bat
32a4949f25 Update user information if needed
When a remote is displayed, if it has not been updated since at least 24 hours, newer informations are fetched.

Fixes #135
2018-09-03 19:53:20 +01:00
Bat
ac631627ab Make it possible to disable registrations
Fix #41
2018-09-03 17:05:45 +01:00
Bat
3013eec579 Redesign menu items 2018-09-03 14:59:02 +01:00
Bat
97c0b533ab Add Atom feeds for blogs and users 2018-09-01 21:08:26 +01:00
Bat
38d99ad5af Try to fetch followers 2018-07-27 12:53:21 +02:00
Bat
0314629d99 Improve the background article fetching code 2018-07-26 22:59:41 +02:00
Bat
bd259891f3 Try to fetch remote articles 2018-07-26 22:23:53 +02:00
Bat
a9f95c91e2 Sent activities in other threads 2018-07-26 17:51:41 +02:00
Bat
4e07fdbd05 Paginate followers too 2018-07-25 15:50:29 +02:00
Bat
3764e295b8 Fix the link of the follow/unfollow button so that it is always working, even without a trailing slash 2018-07-20 17:59:16 +02:00
Bat
b95e384ed7 Use the ApRequest guard for routes that need it + Fix a few issues with its impl
Also fixes some Rocket warnings!
2018-07-11 17:30:01 +02:00
Bat
3775d3a9c9 HTML validation + Actually associate messages to errors + Fix inverted behavior on new blog and post form 2018-07-07 22:51:48 +02:00
Bat
5f3afe900f Display errors on invalid forms
It will probably need a bit of styling…
2018-07-06 19:29:36 +02:00
Bat
153400959c Actually validate forms 2018-07-06 11:51:19 +02:00
Bat
c81bb9ec25 Make forms validatable 2018-06-29 14:56:00 +02:00
Trinity Pointard
30e9620d0a Add csrf protection 2018-06-24 18:58:57 +02:00
Bat
68c7aad179 Big repository reorganization
The code is divided in three crates:
- plume-common, for the ActivityPub module, and some common utils
- plume-models, for the models and database-related code
- plume, the app itself

This new organization will allow to test it more easily, but also to create other tools that only reuse a little part of
the code (for instance a Wordpress import tool, that would just use the plume-models crate)
2018-06-23 17:36:11 +01:00
Bat
e7fd12ae6f Set to and cc for new Follow activities 2018-06-23 13:47:53 +01:00
Didier Link
b153a9ce2b add an argument in the macro may_fail to have the account linked in the error template 2018-06-22 00:50:06 +02:00
Bat
e34d12922c Serialize publicKey in Person representation 2018-06-21 22:12:24 +01:00
Bat
f5f2aa7c59 Get rid of the activity_pub::actor::Actor trait 2018-06-21 18:53:57 +01:00
Bat
b2e8d54161 Drop activity_pub::activitypub and activity_pub::ActivityPub and only use the ActivityStream responder 2018-06-21 18:09:18 +01:00
Bat
3fe2625e86 Simplify the Inbox trait
If we want to add, for instance, streams in the future, we could introduce
a new trait for that, similar to FromActivity or Notify

We also display inbox errors to the "client" if something fails,
which could be useful for debugging.
2018-06-21 17:00:37 +01:00
Bat
2217ec0d56 Remove PgConnection when we don't need it
Massive simplification in the ActivityPub module!
2018-06-21 16:31:42 +01:00
Bat
5457a80eec Avoid calling compute_id when we shouldn't
It should only be used at initialization, after we should prefer ap_url,
as not everybody is using the same URLs as Plume.
2018-06-21 15:53:58 +01:00
Bat
3551bef895 Simplify the activity_pub::inbox::Notify trait + Fix notifications
Also fix a bug with the list of mentions that was returned
2018-06-20 22:51:47 +01:00
Bat
635ac6cf42 Merge branch 'master' into setup-script 2018-06-19 22:26:31 +01:00
Bat
8ab25b1ca2 Use uri! as much as possible instead of directly writing URLs 2018-06-19 22:20:27 +01:00
Bat
dd152f2607 Remove old configuration code 2018-06-19 18:29:34 +01:00
Bat
51571d6320 may_fail! macro
Returns an error template if an Option is None, else runs the given block
2018-06-18 18:28:28 +01:00
Bat
7e3cdec0b6 Add some to_json functions to models for serialization in templates 2018-06-18 17:34:29 +01:00
Bat
36bf2e114c Fix local notifications 2018-06-18 12:32:03 +01:00
Bat
0b9515645c De-duplicate some parts of the users templates 2018-06-17 18:48:22 +01:00
Bat
b18aa33c70 Update to the latest version of Rocket, to use rocket_contrib::Template::custom 2018-06-16 18:39:22 +01:00
Bat
c9b4c40fa1 Add the gettext-rs crate 2018-06-15 14:08:38 +01:00
Bat
a4a8446d45 Make the follow button a bit smarter 2018-06-13 19:06:14 +01:00
Bat
1c287c6dfe View remote profiles locally
Add a link to the profile on the real instance
2018-06-13 18:48:37 +01:00
Bat
edbeeef640 Add a dashboard 2018-06-10 18:55:08 +01:00