Commit graph

1917 commits

Author SHA1 Message Date
kim
50b713e37a
[chore] bump bun (and related libraries) versions to v1.1.16 (#2209) 2023-09-18 11:38:56 +01:00
kim
7293d6029b
[feature] add paging to account follows, followers and follow requests endpoints (#2186) 2023-09-12 14:00:35 +01:00
tobi
4b594516ec
[feature] Allow admins to expire remote public keys; refetch expired keys on demand (#2183) 2023-09-12 10:43:12 +01:00
Daenney
2cac5a4613
[feature] Support Actor URIs for webfinger queries (#2187)
* [feature] Support Actor URIs for webfinger queries

It's now possible to pass an Actor URI as the resource to query for when
doing a webfinger query. The code now extracts the username and domain
from the URI. The URI needs to be fully qualified, including having a
scheme of http or https to be recognised as such.

The acct scheme is handled as we used to, including dealing with an
erroneous leading @ on the username. We retain the ability to handle
resources without a scheme by parsing them again with the acct scheme if
the original parse failed. This can happen due to parsing ambiguities
when dealing with a string like user@domain.tld:port.

* [bugfix] Remove debugging changes

* [chore] Make TestExtractNamestring table-driven

* [chore] Unnest Trim and Split for readability
2023-09-11 18:38:31 +02:00
tobi
7011f57b09
[chore] bump bun v1.1.14 -> v1.1.15 (#2195) 2023-09-11 15:16:52 +02:00
dependabot[bot]
23dd6f664c
[chore]: Bump golang.org/x/net from 0.14.0 to 0.15.0 (#2193)
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 12:47:44 +02:00
dependabot[bot]
ecbce17655
[chore]: Bump github.com/tdewolff/minify/v2 from 2.12.8 to 2.12.9 (#2194) 2023-09-11 09:50:58 +00:00
dependabot[bot]
f0a3fcae85
[chore]: Bump golang.org/x/crypto from 0.12.0 to 0.13.0 (#2190) 2023-09-11 09:50:37 +00:00
OniriCorpe
79906f969d
[docs] add fail2ban regex in the doc (#2189) 2023-09-11 09:43:31 +02:00
kim
b093947d84
[chore] much improved paging package (#2182) 2023-09-07 15:58:37 +01:00
Daenney
14ef098099
[feature] Support OTLP HTTP, drop Jaeger (#2184)
* [feature] Add http trace exporter, drop Jaeger

Jaeger supports ingesting traces using the OpenTelemetry gRPC or HTTP
methods. The Jaeger project has deprecated the old jaeger transport.

* Add support for submitting traces over HTTP
* Drop support for the old Jaeger protocol
* Upgrade the trace libraries to v1.17

Fixes: #2176
Fixes: #2179
2023-09-07 13:20:37 +02:00
kim
916c6d07ba
[bugfix] fix checks for deref the same status descendants / ascendants (#2181) 2023-09-05 11:22:02 +01:00
tobi
9f2199f9a9
[chore] Add script for downloading latest snapshot tar.gz (#2157)
* [chore] Add script for downloading latest snapshot tar.gz

* Update scripts/get_latest_snapshot.sh

Co-authored-by: Daenney <daenney@users.noreply.github.com>

* Update scripts/get_latest_snapshot.sh

Co-authored-by: Daenney <daenney@users.noreply.github.com>

* update comment

---------

Co-authored-by: Daenney <daenney@users.noreply.github.com>
2023-09-04 19:18:39 +02:00
Daenney
5f10885dde
[feature] Don't trace non-existing routes (#2172)
c.FullPath() is the empty string if a request doesn't match any route on
our mux. In those cases, there's no value in emitting a trace. The trace
will be empty, containing no other information beyond the fact that we
didn't match a route. Since Gin breaks off the processing early we don't
need to trace this request as it won't do anything and consumes no
further resources.

The 404 will still be emitted by our logs and will be visible from a
reverse proxy too.
2023-09-04 17:15:14 +02:00
tobi
3ed1ca68e5
[feature] Store admin actions in the db, prevent conflicting actions (#2167) 2023-09-04 14:55:17 +01:00
dependabot[bot]
4f3daeebcb
[chore]: Bump golang.org/x/image from 0.11.0 to 0.12.0 (#2178)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-04 12:51:12 +01:00
dependabot[bot]
c0bddd272f
[chore]: Bump github.com/minio/minio-go/v7 from 7.0.62 to 7.0.63 (#2180)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-04 10:16:41 +01:00
dependabot[bot]
ddd3c2e44b
[chore]: Bump golang.org/x/text from 0.12.0 to 0.13.0 (#2177)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-04 10:16:06 +01:00
kim
4eb77ff5d7
[bugfix] move SQLite pragmas into connection string (#2171)
* move SQLite pragmas into connection string

Signed-off-by: kim <grufwub@gmail.com>

* use url.Values type for SQLite connection preferences

Signed-off-by: kim <grufwub@gmail.com>

* set SQLite URI prefs properly using _pragma query key

Signed-off-by: kim <grufwub@gmail.com>

* add notes on SQLite connection preferences

Signed-off-by: kim <grufwub@gmail.com>

* fix typo

Signed-off-by: kim <grufwub@gmail.com>

* add one extra line regarding connection pooling

Signed-off-by: kim <grufwub@gmail.com>

---------

Signed-off-by: kim <grufwub@gmail.com>
2023-09-01 15:13:33 +02:00
kim
1ee99fc165
[bugfix] wrap bun.Tx to add our own error processing (#2169)
* wrap bun.Tx to add our own error processing

Signed-off-by: kim <grufwub@gmail.com>

* add compile-time check for updateRowError() compatibility with sql.Row, fix wrapTx() not being used properly

Signed-off-by: kim <grufwub@gmail.com>

---------

Signed-off-by: kim <grufwub@gmail.com>
2023-08-31 11:46:15 +02:00
dependabot[bot]
2ec313a21f
[chore]: Bump github.com/google/uuid from 1.3.0 to 1.3.1 (#2166) 2023-08-28 07:12:40 +00:00
dependabot[bot]
e6407ec95c
[chore]: Bump github.com/KimMachineGun/automemlimit from 0.2.6 to 0.3.0 (#2165) 2023-08-28 06:59:08 +00:00
tobi
13f1c85e70
[chore/frontend] Make line-height a wee little bit bigger (#2159) 2023-08-24 12:52:12 +02:00
Daenney
5416ad9888
[docs] Update backup docs (#2153) 2023-08-23 19:06:46 +01:00
tobi
083e8f35b3
[bugfix/frontend] Normalize header sizes (#2152)
* [bugfix/frontend] Normalize header sizes

* ensmallen heading a little
2023-08-23 18:28:59 +02:00
rdelaage
7b48437f17
[feature] list commands for both attachment and emojis (#2121)
* [feature] list commands for both attachment and emojis

* use fewer commands, provide `local-only` and `remote-only` as filters

* envparsing

---------

Co-authored-by: Romain de Laage <romain.delaage@rdelaage.ovh>
Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
2023-08-23 18:01:16 +02:00
tobi
8f38dc2e7f
[feature] Add rate limit exceptions option, use ISO8601 for rate limit reset (#2151)
* start updating rate limiting, add exceptions

* tests, comments, tidying up

* add rate limiting exceptions to example config

* envparsing

* nolint

* apply kimbediff

* add examples
2023-08-23 14:32:27 +02:00
tobi
94d16631bc
[performance] Rework home timeline query to use cache more (#2148) 2023-08-22 15:41:51 +02:00
Daenney
4ae16bce8c
[feature] Make log format configurable (#2130)
* [feature] Don't emit timestamp in log lines

When running gotosocial with a service manager like systemd, or a
container runtime, the associated log driver usually emits timestamps
itself. In those cases, having the extra timestamp from our own log
lines ends up being a bit noisy and when centrally ingesting logs is
duplicate information.

This introduces a configuration flag that allows disabling emitting the
timestamp. It's only wired up for "daemonised" processes, meaning server
and testrig.

* [chore] Add docs for log-timestamp

* [feature] Simplify timestamp handling

Co-Authored-By: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>

* [chore] Less escaped double-quotes

* [chore] Fix help string

---------

Co-authored-by: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>
2023-08-21 19:07:55 +01:00
tobi
638f023a1c
[performance] Tweak media attachment cleanup; replace stale index (#2143) 2023-08-21 14:03:04 +01:00
dependabot[bot]
70d87f0ff0
[chore]: Bump codeberg.org/gruf/go-kv from 1.6.3 to 1.6.4 (#2142) 2023-08-21 06:54:30 +00:00
dependabot[bot]
59b5ed6638
[chore]: Bump github.com/minio/minio-go/v7 from 7.0.61 to 7.0.62 (#2141) 2023-08-21 06:40:16 +00:00
dependabot[bot]
36dceac56c
[chore]: Bump github.com/yuin/goldmark from 1.5.5 to 1.5.6 (#2140) 2023-08-21 06:39:14 +00:00
tobi
1e2db7a32f
[feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs (#2134)
* [feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs

* env parsing tests, my coy mistress
2023-08-20 13:35:55 +02:00
f0x52
92de8fb396
[feature] Instance rules (#2125)
* init instance rules database model, admin api

* expose instance rules in public instance api

* public /api/v1/instance/rules route

* GET ruleById

* createRule route

* createRule auth check

* updateRule

* deleteRule

* list rules on about page

* ruleGet auth

* add about page ids for anchors

* process and store adding violated rules to reports

* admin api models for instance rules

* instance rule edit frontend

* change rule inputs to textareas

* database fixes after rebase (#2124)

* remove unused imports

* fix db migration column name

* fix tests

* fix more tests

* fix postgres error with wrongly used Ident

* add some tests, fiddle with rule model a bit, fix postgres migration

* swagger docs

---------

Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
2023-08-19 14:33:15 +02:00
kim
d5d6ad406f
[bugfix] fix double firing bun.DB query hooks (#2124)
* improve bun.DB wrapping readability + comments, fix double-firing query hooks

* fix incorrect code comment placement

* fix linter issues

* Update internal/db/basic.go

* do as the linter commmands ...

---------

Signed-off-by: kim <grufwub@gmail.com>
Co-authored-by: Daenney <daenney@users.noreply.github.com>
2023-08-17 17:26:21 +01:00
dependabot[bot]
e70629e856
[chore]: Bump github.com/jackc/pgx/v5 from 5.4.2 to 5.4.3 (#2112)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-16 16:10:13 +01:00
dependabot[bot]
5a4ceebcbd
[chore]: Bump github.com/abema/go-mp4 from 0.12.0 to 0.13.0 (#2113)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-16 16:10:01 +01:00
dependabot[bot]
8f4b779b2d
[chore]: Bump modernc.org/sqlite from 1.24.0 to 1.25.0 (#2114)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-16 16:09:50 +01:00
tobi
42bb352d53
[feature] Add snapshot binary builds + uploads (#2119)
* [feature] Add snapshot binary builds + uploads

* Update docs to include info on snapshot builds

* review comments

* little tweaks
2023-08-15 18:48:17 +02:00
kim
e9c3663cce
[chore] ensure worker contexts have request ID (#2120) 2023-08-15 17:01:01 +01:00
kim
815b5291e0
[bugfix] fix inconsistent calculated cache sizes (#2115)
* use calculated exampleTime instead of `time.Now()` to ensure no locale data, retweak cache ratios

* update envparsing test

* update default cache memory to 100MiB

* fix envparsing with latest cache target default

---------

Signed-off-by: kim <grufwub@gmail.com>
2023-08-14 17:08:19 +01:00
f0x52
912a104aed
[fix] Update CSP header for blob images (upload preview) and dev livereload (#2109)
* update CSP header for blob images (upload preview) and dev livereload websocket

* update csp for s3, update csp tests
2023-08-14 12:30:09 +02:00
kim
8ea7f551a0
[bugfix] bump go-kv version with logfmt quote fix (#2108) 2023-08-13 14:27:29 +01:00
Daenney
5e368d3089
[bugfix] CSP policy fixes for S3/object storage (#2104)
* [bugfix] CSP policy fixes for S3 in non-proxied mode

* It should be img-src
* In both img-src and media-src we still need to include 'self'
2023-08-12 12:21:48 +02:00
tobi
b7274545e0
[bugfix] Add s3 endpoint as image-src and media-src for CSP (#2103)
* [bugfix] Add s3 endpoint as image-src and media-src for CSP

* use https if secure

* reorder comment
2023-08-11 17:49:17 +02:00
tobi
a1768a83e0
[bugfix] Suppress 'errNoEntries' warnings from InboxForwarding function call (#2102) 2023-08-11 14:17:36 +01:00
tobi
dc99e9e10b
[bugfix] Fix using wrong key for clientID during oauth callback (#2101) 2023-08-11 14:58:47 +02:00
tobi
dc96562b40
[bugfix] Use custom bluemonday policy to disallow inline img tags (#2100) 2023-08-11 14:40:11 +02:00
Daenney
3aedd937c3
[feature] Set Content-Security-Policy header (#2095)
This adds the CSP header with a policy of only loading from the same
domain. We don't make use of external media, CSS, JS, fonts, so we don't
ever need external data loaded in our context.

When building a DEBUG build, the policy gets extended to include
localhost:*, i.e localhost on any port. This keeps the live-reloading
flow for JS development working. localhost and 127.0.0.1 are considered
to be the same so mixing and matching those doesn't result in a CSP
violation.
2023-08-11 13:20:56 +02:00