| Age | Commit message (Collapse) | Author | Files |
|---|
|
* [feature/chore] Add Move database functions + cache
* add move mem ratio to envparsing.sh
* update comment
|
|
* Implement client-side v1 filters
* Exclude linter false positives
* Update test/envparsing.sh
* Fix minor Swagger, style, and Bun usage issues
* Regenerate Swagger
* De-generify filter keywords
* Remove updating filter statuses
This is an operation that the Mastodon v2 filter API doesn't actually have, because filter statuses, unlike keywords, don't have options: the only info they contain is the status ID to be filtered.
* Add a test for filter statuses specifically
* De-generify filter statuses
* Inline FilterEntry
* Use vertical style for Bun operations consistently
* Add comment on Filter DB interface
* Remove GoLand linter control comments
Our existing linters should catch these, or they don't matter very much
* Reduce memory ratio for filters
|
|
* [chore]: Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* cast the exxpected test values as float32 to bypass (possible) testify suite regression
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kim <grufwub@gmail.com>
|
|
* add more stringent checks for remote status permissibility
* add check for inreplyto of a remote status being a boost
* do not permit inReplyTo boost wrapper statuses
* change comment wording
* fix calls to NewFederator()
* add code comments for NotPermitted() and SetNotPermitted()
* improve comment
* check that existing != nil before attempting delete
* ensure replying account isn't suspended
* use a debug log instead of info. check for boost using ID
* shorten log string length. make info level
* add note that replying to boost wrapper status shouldn't be able to happen anyways
* update to use onFail() function
|
|
|
|
* [docs] Update HTTP signature docs a bit
* Update docs/federation/federating_with_gotosocial.md
Co-authored-by: Daenney <daenney@users.noreply.github.com>
* Update docs/federation/federating_with_gotosocial.md
Co-authored-by: Daenney <daenney@users.noreply.github.com>
---------
Co-authored-by: Daenney <daenney@users.noreply.github.com>
|
|
The OpenTelemetry SDK is very strict about the schema version when
the `Resource` is initialized.
Specifically, different schema versions _CANNOT_ be mixed, and since
the default SDK resource (which is merged with the user-defined one)
defines a schema URL, the `semconv` imports are really prone to being
out-of-sync.
The best way to avoid this is to merge a _schemaless_ resource. This
is fine...there's plenty of other ways to get `semconv` out of sync,
and the core service attributes (e.g. `service.name`) should not ever
change.
Additionally, any errors here are now propagated so that they'll be
visible instead of silently swallowed.
|
|
|
|
|
|
|
|
This switches the documentation to use human sizes, so 50MiB instead of
an integer number of bytes. This makes it much easier to understand what
values are set, and less likely to accidentally set the wrong value.
|
|
* add stronger checks on status being replied to
* update error code test is expecting
|
|
macOS (#2700)
|
|
* [chore] re-add `statuses_account_id_id_idx` if removed
* if not exists
|
|
|
|
(#2670)
* Account timeline: exclude self-replies that mention other accounts
* Add index for querying unmentioned statuses
* remove now unused statuses_account_id_id_idx
---------
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
|
|
(#2693)
* add script to test import / export cycle of a gotosocial instance
* use suffix for setting mktemp file suffix
|
|
* Add support for very basic RBAC
* Add some small tests for allowedGroup and adminGroup
* Switch to table-driven tests
|
|
* [chore/docs] Various little docs updates
* Update docs/api/swagger.md
Co-authored-by: Daenney <daenney@users.noreply.github.com>
---------
Co-authored-by: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>
Co-authored-by: Daenney <daenney@users.noreply.github.com>
|
|
Blocks the Amazon crawler bot.
Closes: #2686
|
|
* [chore] Move `visibility` to `filter/visibility`
* [feature] Add experimental instance-federation-spam-filter option
|
|
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.20.17 to 2.20.18.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.20.17...v2.20.18)
---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
* Remove trailing whitespace from example config
* Update and extend example AppArmor profile
|
|
* add authentication workflow to docs
* fixed the markdown callouts and added the new page to the mkdocs.yml
* fixed the markdown callouts properly this time
* applied the suggested edits
* inline styles don't render in code blocks; added bash to the curl code blocks
* scopes list was not rendering as a list; fixed a typo in getting your token warning
* scopes can be a space separated list and not just one
* apply suggested change to authentication.md
Co-authored-by: Daenney <daenney@users.noreply.github.com>
* applied latest suggested edits
* added information on Gts scoped tokens
* fixed admonition formatting
---------
Co-authored-by: Daenney <daenney@users.noreply.github.com>
|
|
char count into status (#2682)
* [chore] Make default max image description 1500 chars, collapse cw char count into status
* oops
* tests
|
|
(#2673)
* update activity library so dereferencer returns full response and checks *final* link to allow for redirects
* temporarily add bodged fixed library
* remove unused code
* update getAccountFeatured() to use dereferenceCollectionPage()
* make sure to release map
* perform a 2nd decode to ensure reader is empty after primary decode
* add comment explaining choice of using Decode() instead of Unmarshal()
* update embedded activity library to latest matching https://github.com/superseriousbusiness/activity/pull/21
* add checks to look for changed URI and re-check database if redirected
* update max iteration count to 512, add checks during dereferenceAncestors() for indirect URLs
* remove doubled-up code
* fix use of status instead of current
* use URIs for checking equality for security
* use the latest known URI for boost_of_uri in case original was an indirect
* add dereferenceCollection() function for dereferenceAccountFeatured()
* pull in latest github.com/superseriousbusiness/activity version (and remove the bodge!!)
* fix typo in code comments
* update decodeType() to accept a readcloser and handle body closing
* switch to checking using BoostOfID and add note why not using BoostOfURI
* ensure InReplyTo gets unset when deleting status parent in case currently stubbed
* add tests for Collection and CollectionPage iterators
|
|
|
|
class (#2674)
|
|
|
|
* rewrite Stream{} to use much less mutex locking, update related code
* use new context for the stream context
* ensure stream gets closed on return of writeTo / readFrom WSConn()
* ensure stream write timeout gets cancelled
* remove embedded context type from Stream{}, reformat log messages for consistency
* use c.Request.Context() for context passed into Stream().Open()
* only return 1 boolean, fix tests to expect multiple stream types in messages
* changes to ping logic
* further improved ping logic
* don't export unused function types, update message sending to only include relevant stream type
* ensure stream gets closed :facepalm:
* update to error log on failed json marshal (instead of panic)
* inverse websocket read error checking to _ignore_ expected close errors
|
|
* [feature] Add `requested_by` to relationship model
* whoops, missed some tests
|
|
|
|
|
|
|
|
* [bugfix] Use ptr for instance stats entries to avoid skipping 0 values
* comment explaining why stats values are pointers
|
|
(#2665)
* [chore/bugfix] Ensure threadID always set on local statuses
* test
|
|
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.2 to 5.5.3.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.5.2...v5.5.3)
---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
On outgoing `GET` requests that are signed (e.g. authorized fetch),
if the initial request fails with `401`, try again, but _without_
the query parameters included in the HTTP signature.
This is primarily useful for compatibility with Mastodon; though
hopefully this can be removed in the not-too-distant future, as
they've started changing their behavior here.
Signed-off-by: Milas Bowman <devnull@milas.dev>
|
|
Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.66 to 7.0.67.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.66...v7.0.67)
---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
* [bugfix] Refactor parse mention, fix local mention bug
* originAccount -> originAcct
|
|
* [chore] Comment out silly, frequently-failing `GetStatusTwice` test
* lord
|
|
* [bugfix] Pass `latest` to dereferenceThread instead of barebones status
* only mark status orphaned if visibility suggests parent is really deleted
* tone down "not deref'd" warnings, since they represent a legit visibility situation
* remove FAQ entry for "status not deref'd yet"
|
|
in the backend (#2650)
* [chore] Disable Move API endpoints for now until Move is fully implemented in the backend
* disable other form fields
* clarify that moving to GtS also isn't implemented yet
|
|
|
|
* [chore] Simplify the User-Agent string
RFC 9110[1] includes a definition for the format of a user-agent header:
User-Agent = product *( RWS ( product / comment ) )
product = token ["/" product-version]
product-version = token
comment = "(" *( ctext / quoted-pair / comment ) ")"
ctext = HTAB / SP / %x21-27 / %x2A-5B / %x5D-7E / obs-text
An example given in the RFC: User-Agent: CERN-LineMode/2.15 libwww/2.17b3
The idea is typically start with the most important product/version, add
a (comment) if necessary and then include any auxilliary products.
However, the RFC warns against including too many auxiliary products as
those can be unnecessarily revealing.
For automated systems (i.e not a browser), the common and recommended
format is <product></version> (+uri-for-contact), followed with any
additional <product>/<version> pairs that are relevant.
This changes our UA to match that convention more closely. This makes it
easier for administrators who do user-agent parsing for statistics or
other purposes to correctly identify the version of GoToSocial.
Currently tools tend to get confused by the lack of a /<version> on the
start of our string.
[1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-user-agents
* [chore] Don't use app name in UA
From all the GtS UAs I've collected, nobody seems to set/change this,
so we might as well use the static string.
The main usefulness for this is when you have multilpe GtS instances
connecting to the same DB, so they can identify as different instances
by changing the application name (though it should already be obvious
from having different usernames).
|
|
|
|
objects (#2639)
* add stricter checks during all stages of dereferencing remote AS objects
* a comment
|
|
instances count (#2592)
Co-authored-by: Tsuribori <none@example.org>
|
|
|
tobi
Vyr Cossont
dependabot[bot]
kim
Milas Bowman
Daenney
9p4
tux93
Camille Frantz
Tsuribori
Leonora Tindall