* [chore] Bump tooling versions, bump go -> v1.23.0
* undo silly change
* sign
* bump go version in go.mod
* allow overflow in imaging
* goreleaser deprecation notices
* [chore] Upgrade golangci-lint, ignore existing int overflow warnings
There is a new lint for unchecked int casts. Integer overflows are bad,
but the old code that triggers this lint seems to be perfectly fine.
Instead of disabling the lint entirely for new code as well, grandfather
in existing code.
* fix golangci-lint documentation link
* revert unrelated changes
* revert another unrelated change
* get rid of remaining nolint:gosec
* swagger updates
* apply review feedback
* fix wrong formatting specifier thing
* fix the linter for real
---------
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
* replicate issue
* update go-structr to v0.8.10 with internal linked-list fix, small tweaks to caching of interaction requests
* remove debug function
---------
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
* bump go-byteutil v1.2.0 -> v1.3.0 which has safer (as in long-term API consistency) byte <-> string conversions
* fix test relying on byteutil exported type no longer existing
* update go-storage dependency, for S3Storage manually call PutObject() so we can set content-type
* update calls to PutFile() to include the contentType
* ensure that errors checking status visibility / converting aren't dropped
* add some more context to error messages
* include calling function name in log entries
* don't error on timelining hidden status
* further code to ignore statusfilter.ErrHideStatus type errors
* remove unused error type
* add local instance status / domain / user counts
* add checks for localhost
* rename from InstanceCounts to LocalInstance
* improved code comment
* add error message to gin context on header blocked or not allowed
* remove the unused header filter tracking code (leaving OTEL TODOs in place)
* appease the linter
* improved federatingdb logging in cases of unknown iri / types, add new log methods
* whoops; forgot to wrap log argument in serialize{} !
* use debug instead of warn level
* switch last entry to Debug
* improvements to caching for lists and relationship to accounts / follows
* fix nil panic in AddToList()
* ensure list related caches are correctly invalidated
* ensure returned ID lists are ordered correctly
* bump go-structr to v0.8.9 (returns early if zero uncached keys to be loaded)
* remove zero checks in uncached key load functions (go-structr now handles this)
* fix issues after rebase on upstream/main
* update the expected return order of CSV exports (since list entries are now down by entry creation date)
* rename some funcs, allow deleting list entries for multiple follow IDs at a time, fix up more tests
* use returning statements on delete to get cache invalidation info
* fixes to recent database delete changes
* fix broken list entries delete sql
* remove unused db function
* update remainder of delete functions to behave in similar way, some other small tweaks
* fix delete user sql, allow returning on err no entries
* uncomment + fix list database tests
* update remaining list tests
* update envparsing test
* add comments to each specific key being invalidated
* add more cache invalidation explanatory comments
* whoops; actually delete poll votes from database in the DeletePollByID() func
* remove added but-commented-out field
* improved comment regarding paging being disabled
* make cache invalidation comments match what's actually happening
* fix up delete query comments to match what is happening
* rename function to read a bit better
* don't use ErrNoEntries on delete when not needed (it's only needed for a RETURNING call)
* update function name in test
* move list exclusivity check to AFTER eligibility check. use log.Panic() instead of panic()
* use the poll_id column in poll_votes for selecting votes in poll ID
* fix function name
* [feature] Process `Reject` of interaction via fedi API, put rejected statuses in the "sin bin"
* update test
* move nil check back to `rejectStatusIRI`
* search for mentions also by username,domain in status deref, handle deleted statuses in enrichStatusSafely()
* return d.enrichStatusSafely() directly
* [feature/frontend] Add options to include Unlisted posts or hide all posts
* finish up
* swagger
* move invalidate call into bundb package, avoid invalidating if not necessary
* rename show_web_statuses => web_visibility
* don't use ptr for webvisibility
* last bits
* [bugfix] Fix temp table deletion causing runaway allocations
* move some vars around
* small fixes
* rely on conn max age to recycle temp tables
* fackin' ell m8
* use single-threaded image resizing in native code so we have more control over goroutines
* implement parallel-free versions of image transform functions also
* remove debug code
* use a single instance of wazero runtime and compiled modules
* remove test output 🤦
* undo process-{media,emoji} changes
* update test runner to include wazero compilation cache
* sign drone.yml
---------
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
* on account update, ensure that public key has not changed
* change expected error message
* also support the case of changing account keys when expired (not waiting for handshake)
* tweak account update hardening logic, add tests for updating account with pubkey expired
* add check for whether incoming data was via federator, accepting keys if so
* use freshest window for federated account updates + comment about it
* include pinned status when incrementing / decrementing status counts
* remove the pinned increment on status creation
* code comments
* microoptimize decr
* wrap thumbnailing code to handle generation natively where possible
* more code comments!
* add even more code comments!
* add code comments about blurhash generation
* maintain image rotation if contained in exif data
* move rotation before resizing
* ensure pix_fmt actually selected by ffprobe, check for alpha layer with gifs
* use linear instead of nearest-neighbour for resizing
* work with image "orientation" instead of "rotation". use default 75% quality for both webp and jpeg generation
* add header to new file
* use thumb extension when getting thumb mime type
* update test models and tests with new media processing
* add suggested code comments
* add note about thumbnail filter count reducing memory usage
* [bugfix] send back Sec-Websocket-Protocol header for streaming WebSocket
Chrome expects the selected Sec-Websocket-Protocol to be sent back
on the WebSocket upgrade request (RFC6455 1.9).
* fiddle a bit to avoid getting headers multiple times
* add some explanatory notes
---------
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
* add test for emoji update image
* update emoji recache to set the instance account id
* don't refresh emoji if only not cached. in that case literally just recache
* code comment
* rename + move a few things
* add some more code comments, and rename some functions to make logic a bit clearer
* remove unnecessary nil check (the value can be nil)
* comment wording
* remove test data output
* handle the case of caching an emoji which has been refreshed then uncached
* allow overwriting on testrig storage as we do now on regular storage
* fix emoji category ID not getting updated
---------
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
* [chore] Synchronise our robots.txt with upstream
* [feature] Add headers to escape AI crawlers
This adds 2 headers that a number of AI crawlers respect to signal that
content should not be included in their datasets.
* add back exif-terminator and use only for jpeg,png,webp
* fix arguments passed to terminateExif()
* pull in latest exif-terminator
* fix test
* update processed img
---------
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
* Implement Mastodon-compatible roles
- `Account.role` should only be available through verify_credentials for checking current user's permissions
- `Account.role` now carries a Mastodon-compatible permissions bitmap and a marker for whether it should be shown to the public
- `Account.roles` added for *public* display roles (undocumented but stable since Mastodon 4.1)
- Web template now uses only public display roles (no user-visible change here, we already special-cased the `user` role)
* Handle verify_credentials case for default role
* Update JSON exact-match tests
* Address review comments
* Add blocks bit to admin permissions bitmap
