tobi
88a81fbcaf
[chore] Close copied request body in SignDelivery ( #3254 )
2024-08-30 17:00:55 +00:00
Daenney
1e0c858a05
[chore] Upgrade ncruces/go-sqlite3 to v0.18.1 ( #3253 )
...
Contains a fix for locking behaviour on the BSDs.
2024-08-30 17:02:24 +02:00
tobi
cd93a5baf3
[security] Implement allowFiles
fs for better isolation of ffmpeg / ffprobe ( #3251 )
...
* [chore] Implement readOneFile fs
* further isolation
* remove fmt call
* tweaks
2024-08-30 14:03:59 +02:00
tobi
e10aa76612
[chore] Only call imaging.Resize when necessary
, use even tinier blurhashes ( #3247 )
...
* [chore] Use `imaging.Fit`, use even tinier blurhashes
* avoid calling resize if not necessary
* update blurhashes + thumb
2024-08-29 17:43:14 +02:00
Daenney
277b043633
[chore] Update robots.txt with more AI scrapers ( #3248 )
2024-08-29 17:42:48 +02:00
tobi
1f3dfbf10c
[bugfix/frontend] Fix TypeError: gtsError is undefined
( #3245 )
2024-08-27 12:39:26 +02:00
tobi
2db5a51582
[chore/frontend] Present themes as dropdown instead of radio ( #3244 )
2024-08-27 12:16:45 +02:00
tobi
8a34e4c28f
[bugfix] Fix incorrect json-ld @context
serialization ( #3243 )
2024-08-26 19:17:45 +02:00
kim
f4d69db36a
move WASM compilation stage much later in server init to reduce memory usage during db migrations ( #3242 )
2024-08-26 16:21:29 +00:00
tobi
28d57d1f13
[chore] Bump all otel deps ( #3241 )
2024-08-26 18:05:54 +02:00
dependabot[bot]
291bb68b47
[chore]: Bump github.com/prometheus/client_golang from 1.20.0 to 1.20.2 ( #3239 )
...
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) from 1.20.0 to 1.20.2.
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.20.0...v1.20.2 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-26 10:41:21 +02:00
tobi
db59ca36b1
[chore] Remove unused "env" module ( #3235 )
2024-08-25 15:37:20 +00:00
tobi
2bd31ab710
[chore] Tiny tweak to ApprovedByURI ( #3234 )
2024-08-25 15:44:08 +02:00
tobi
d3887bf6cc
[bugfix] Let prometheus client do its own compression handling ( #3232 )
2024-08-25 13:25:32 +02:00
tobi
bef0dfc66c
[bugfix] Carry-over ApprovedByURI
to avoid marking already-approved remote statuses as pending approval ( #3231 )
...
* [bugfix] Carry-over pendingApproval + approvedByURI to avoid pending already-approved remote statuses
* don't carry over pending_approval, not necessary
* comment
2024-08-25 12:18:39 +02:00
tobi
da3fa2d4a2
[chore/bugfix] Fix missing insertion of preapproved interaction requests ( #3228 )
2024-08-24 12:17:55 +00:00
dependabot[bot]
f35c124d14
Bump elliptic from 6.5.4 to 6.5.7 in /web/source ( #3212 )
...
Bumps [elliptic](https://github.com/indutny/elliptic ) from 6.5.4 to 6.5.7.
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.4...v6.5.7 )
---
updated-dependencies:
- dependency-name: elliptic
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-24 13:34:13 +02:00
dependabot[bot]
a4c0a59193
Bump micromatch from 4.0.5 to 4.0.8 in /web/source ( #3227 )
2024-08-24 10:12:50 +00:00
tobi
f23f04e0b1
[feature] Interaction requests client api + settings panel ( #3215 )
...
* [feature] Interaction requests client api + settings panel
* test accept / reject
* fmt
* don't pin rejected interaction
* use single db model for interaction accept, reject, and request
* swaggor
* env sharting
* append errors
* remove ErrNoEntries checks
* change intReqID to reqID
* rename "pend" to "request"
* markIntsPending -> mark interactionsPending
* use log instead of returning error when rejecting interaction
* empty migration
* jolly renaming
* make interactionURI unique again
* swag grr
* remove unnecessary locks
* invalidate as last step
2024-08-24 11:49:37 +02:00
kim
8e5a72ac5c
[performance] ffmpeg ffprobe wrapper improvements ( #3225 )
...
* use a single instance of wazero runtime and compiled modules
* remove test output 🤦
* undo process-{media,emoji} changes
* update test runner to include wazero compilation cache
* sign drone.yml
---------
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
2024-08-23 17:15:35 +02:00
tobi
53fccb8af8
[feature] Use local_only
field, deprecate federated
field ( #3222 )
...
* [feature] Use `local_only` field, deprecate `federated` field
* use `deprecated` comment for form.Federated
* nolint
2024-08-22 19:47:10 +02:00
tobi
ffcf6e73f7
[bugfix/frontend] Small safari + gnome web fixes ( #3219 )
...
* [bugfix/frontend] Small safari + gnome web fixes
* wee
* update comment
2024-08-21 10:43:43 +02:00
tobi
9b2f14b131
[bugfix/frontend] Fix error on submitting domain perm with enter key ( #3218 )
2024-08-20 18:56:42 +02:00
kim
889d4756ea
[performance] use native Go code to probe JPEGs ( #3206 )
...
* use native Go code to probe JPEGs
* add note about copying from github.com/disintegration/imaging
* add more code comments
2024-08-19 13:38:10 +00:00
kim
e1154453bb
[chore] update default http client timeout to 30s ( #3214 )
2024-08-19 14:56:43 +02:00
dependabot[bot]
c78c3d5ed9
[chore]: Bump github.com/miekg/dns from 1.1.61 to 1.1.62 ( #3209 )
2024-08-19 11:35:08 +00:00
dependabot[bot]
c28a18b680
[chore]: Bump github.com/minio/minio-go/v7 from 7.0.74 to 7.0.75 ( #3208 )
2024-08-19 10:37:44 +00:00
dependabot[bot]
6ff8376d96
[chore]: Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.0 ( #3210 )
2024-08-19 10:13:46 +00:00
kim
ae14aa004d
[bugfix] permit unspecified orientation data ( #3205 )
2024-08-16 14:10:03 +02:00
kim
586639ccf0
update go-sqlite3 to v0.18.0 ( #3204 )
2024-08-15 00:30:58 +00:00
kim
09f24e0446
update go-ffmpreg to v0.2.5 (pulls in latest tetratelabs/wazero) ( #3203 )
2024-08-15 00:08:55 +00:00
kim
6fe96a5611
update go-fastcopy to v1.1.3 ( #3200 )
2024-08-14 16:56:56 +00:00
kim
f8d5b9f49c
update go-structr to v0.8.8 ( #3199 )
2024-08-14 12:08:24 +00:00
kim
9cd27b412d
[security] harden account update logic ( #3198 )
...
* on account update, ensure that public key has not changed
* change expected error message
* also support the case of changing account keys when expired (not waiting for handshake)
* tweak account update hardening logic, add tests for updating account with pubkey expired
* add check for whether incoming data was via federator, accepting keys if so
* use freshest window for federated account updates + comment about it
2024-08-13 15:37:09 +00:00
kim
5212a1057e
[bugfix] relax missing preferred_username, instead using webfingered username ( #3189 )
...
* support no preferred_username, instead using webfingered username
* add tests for the new preferred_username behaviour
2024-08-13 09:01:50 +00:00
kim
4cb3e4d3e6
[bugfix] incorrect AP serialize function used serializing worker data ( #3196 )
2024-08-12 18:23:24 +02:00
dependabot[bot]
871d062bd6
[chore]: Bump golang.org/x/image from 0.18.0 to 0.19.0 ( #3191 )
2024-08-12 10:12:52 +00:00
dependabot[bot]
745b80259f
[chore]: Bump golang.org/x/net from 0.27.0 to 0.28.0 ( #3194 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.27.0 to 0.28.0.
- [Commits](https://github.com/golang/net/compare/v0.27.0...v0.28.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-12 11:49:45 +02:00
kim
865b3aeaac
[bugfix] updated pinned counts on status delete ( #3188 )
...
* include pinned status when incrementing / decrementing status counts
* remove the pinned increment on status creation
* code comments
* microoptimize decr
2024-08-11 11:23:36 +02:00
kim
4a3ece0c6c
[bugfix] ensure testrig package only compiled-in when debug enabled ( #3185 )
...
* ensure testrig package only compiled-in (including init) when debug enabled
* add code comment to testrig init to indicate WebAssembly compilation
2024-08-09 10:53:29 +00:00
kim
f77005128a
[performance] move thumbnail generation to go code where possible ( #3183 )
...
* wrap thumbnailing code to handle generation natively where possible
* more code comments!
* add even more code comments!
* add code comments about blurhash generation
* maintain image rotation if contained in exif data
* move rotation before resizing
* ensure pix_fmt actually selected by ffprobe, check for alpha layer with gifs
* use linear instead of nearest-neighbour for resizing
* work with image "orientation" instead of "rotation". use default 75% quality for both webp and jpeg generation
* add header to new file
* use thumb extension when getting thumb mime type
* update test models and tests with new media processing
* add suggested code comments
* add note about thumbnail filter count reducing memory usage
2024-08-08 17:12:13 +00:00
John Winston
94c615d417
[feature] Add db-postgres-connection-string
option ( #3178 )
...
* handle db-url
* lint and add doc
* add more doc
* fix config test
* return error
* change name from db-url to db-postgres-connection-string
2024-08-08 14:00:19 +02:00
tobi
b19cfee7ae
[feature] Use gifv type for short soundless mp4 videos ( #3182 )
2024-08-08 08:12:16 +00:00
kim
3045782b49
updates our ffmpreg version, heh ( #3181 )
2024-08-07 15:38:02 +02:00
Leah Neukirchen
4697271cef
[bugfix] send back Sec-Websocket-Protocol header for streaming WebSocket ( #3169 )
...
* [bugfix] send back Sec-Websocket-Protocol header for streaming WebSocket
Chrome expects the selected Sec-Websocket-Protocol to be sent back
on the WebSocket upgrade request (RFC6455 1.9).
* fiddle a bit to avoid getting headers multiple times
* add some explanatory notes
---------
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
2024-08-06 11:52:27 +02:00
dependabot[bot]
b78be9fd4a
[chore]: Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 ( #3171 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.21.0...v0.22.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-05 09:52:20 +00:00
kim
b85a9983d0
[bugfix] fix emoji recaching operations ( #3167 )
...
* add test for emoji update image
* update emoji recache to set the instance account id
* don't refresh emoji if only not cached. in that case literally just recache
* code comment
* rename + move a few things
* add some more code comments, and rename some functions to make logic a bit clearer
* remove unnecessary nil check (the value can be nil)
* comment wording
* remove test data output
* handle the case of caching an emoji which has been refreshed then uncached
* allow overwriting on testrig storage as we do now on regular storage
* fix emoji category ID not getting updated
---------
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
2024-08-03 19:05:38 +02:00
tobi
fa59c3713c
[chore] Add media-ffmpeg-pool-size
config var ( #3164 )
2024-08-03 16:40:26 +02:00
tobi
09f239d7e3
[chore/frontend] Update namerole rendering on skinny devices ( #3166 )
2024-08-03 16:39:07 +02:00
Daenney
9b50151f17
[feature] Beef up our AI opt-outs ( #3165 )
...
* [chore] Synchronise our robots.txt with upstream
* [feature] Add headers to escape AI crawlers
This adds 2 headers that a number of AI crawlers respect to signal that
content should not be included in their datasets.
2024-08-02 18:22:39 +02:00