Merge develop

config/config.md

@@ -39,6 +39,7 @@ Note: `strip_exif` has been replaced by `Pleroma.Upload.Filter.Mogrify`.
   * `Pleroma.Web.ActivityPub.MRF.DropPolicy`: Drops all activities. It generally doesn’t makes sense to use in production
   * `Pleroma.Web.ActivityPub.MRF.SimplePolicy`: Restrict the visibility of activities from certains instances (See ``:mrf_simple`` section)
   * `Pleroma.Web.ActivityPub.MRF.RejectNonPublic`: Drops posts with non-public visibility settings (See ``:mrf_rejectnonpublic`` section)
+  * `Pleroma.Web.ActivityPub.MRF.EnsureRePrepended`: Rewrites posts to ensure that replies to posts with subjects do not have an identical subject and instead begin with re:.
 * `public`: Makes the client API in authentificated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network.
 * `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send.
 * `managed_config`: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json``

config/test.exs

@@ -27,6 +27,12 @@
 config :pleroma, :ostatus, Pleroma.Web.OStatusMock
 config :tesla, adapter: Tesla.Mock
 
+config :web_push_encryption, :vapid_details,
+  subject: "mailto:administrator@example.com",
+  public_key:
+    "BLH1qVhJItRGCfxgTtONfsOKDc9VRAraXw-3NsmjMngWSh7NxOizN6bkuRA7iLTMPS82PjwJAr3UoK9EC1IFrz4",
+  private_key: "_-XZ0iebPrRfZ_o0-IatTdszYa8VCH1yLN-JauK7HHA"
+
 try do
   import_config "test.secret.exs"
 rescue

lib/mix/tasks/pleroma/sample_config.eex

@@ -29,6 +29,12 @@ config :pleroma, Pleroma.Repo,
   hostname: "<%= dbhost %>",
   pool_size: 10
 
+# Configure web push notifications
+config :web_push_encryption, :vapid_details,
+  subject: "mailto:<%= email %>",
+  public_key: "<%= web_push_public_key %>",
+  private_key: "<%= web_push_private_key %>"
+
 # Enable Strict-Transport-Security once SSL is working:
 # config :pleroma, :http_security,
 #   sts: true
@@ -54,9 +60,9 @@ config :pleroma, Pleroma.Repo,
 
 
 # Configure Openstack Swift support if desired.
-# 
-# Many openstack deployments are different, so config is left very open with 
-# no assumptions made on which provider you're using. This should allow very 
+#
+# Many openstack deployments are different, so config is left very open with
+# no assumptions made on which provider you're using. This should allow very
 # wide support without needing separate handlers for OVH, Rackspace, etc.
 #
 # config :pleroma, Pleroma.Uploaders.Swift,

lib/pleroma/application.ex

@@ -66,7 +66,8 @@ def start(_type, _args) do
         ),
         worker(Pleroma.Web.Federator.RetryQueue, []),
         worker(Pleroma.Web.Federator, []),
-        worker(Pleroma.Stats, [])
+        worker(Pleroma.Stats, []),
+        worker(Pleroma.Web.Push, [])
       ] ++
         streamer_child() ++
         chat_child() ++

lib/pleroma/formatter.ex

@@ -114,7 +114,7 @@ def add_user_links({subs, text}, mentions) do
 
     subs =
       subs ++
-        Enum.map(mentions, fn {match, %User{ap_id: ap_id, info: info}, uuid} ->
+        Enum.map(mentions, fn {match, %User{id: id, ap_id: ap_id, info: info}, uuid} ->
           ap_id =
             if is_binary(info.source_data["url"]) do
               info.source_data["url"]
@@ -125,7 +125,7 @@ def add_user_links({subs, text}, mentions) do
           short_match = String.split(match, "@") |> tl() |> hd()
 
           {uuid,
-           "<span><a class='mention' href='#{ap_id}'>@<span>#{short_match}</span></a></span>"}
+           "<span><a data-user='#{id}' class='mention' href='#{ap_id}'>@<span>#{short_match}</span></a></span>"}
         end)
 
     {subs, uuid_text}
@@ -147,7 +147,11 @@ def add_hashtag_links({subs, text}, tags) do
     subs =
       subs ++
         Enum.map(tags, fn {tag_text, tag, uuid} ->
-          url = "<a href='#{Pleroma.Web.base_url()}/tag/#{tag}' rel='tag'>#{tag_text}</a>"
+          url =
+            "<a data-tag='#{tag}' href='#{Pleroma.Web.base_url()}/tag/#{tag}' rel='tag'>#{
+              tag_text
+            }</a>"
+
           {uuid, url}
         end)
 

lib/pleroma/html.ex

@@ -45,7 +45,7 @@ defmodule Pleroma.HTML.Scrubber.TwitterText do
   Meta.strip_comments()
 
   # links
-  Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
+  Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes)
   Meta.allow_tag_with_these_attributes("a", ["name", "title"])
 
   # paragraphs and linebreaks
@@ -86,7 +86,7 @@ defmodule Pleroma.HTML.Scrubber.Default do
   Meta.remove_cdata_sections_before_scrub()
   Meta.strip_comments()
 
-  Meta.allow_tag_with_uri_attributes("a", ["href"], @valid_schemes)
+  Meta.allow_tag_with_uri_attributes("a", ["href", "data-user", "data-tag"], @valid_schemes)
   Meta.allow_tag_with_these_attributes("a", ["name", "title"])
 
   Meta.allow_tag_with_these_attributes("abbr", ["title"])

lib/pleroma/http/connection.ex

@@ -3,7 +3,12 @@ defmodule Pleroma.HTTP.Connection do
   Connection for http-requests.
   """
 
-  @hackney_options [pool: :default]
+  @hackney_options [
+    pool: :default,
+    timeout: 10000,
+    recv_timeout: 20000,
+    follow_redirect: true
+  ]
   @adapter Application.get_env(:tesla, :adapter)
 
   @doc """

lib/pleroma/notification.ex

@@ -110,6 +110,7 @@ def create_notification(%Activity{} = activity, %User{} = user) do
       notification = %Notification{user_id: user.id, activity: activity}
       {:ok, notification} = Repo.insert(notification)
       Pleroma.Web.Streamer.stream("user", notification)
+      Pleroma.Web.Push.send(notification)
       notification
     end
   end

lib/pleroma/object.ex

 defmodule Pleroma.Object do
   use Ecto.Schema
-  alias Pleroma.{Repo, Object, Activity}
+  alias Pleroma.{Repo, Object, User, Activity}
   import Ecto.{Query, Changeset}
 
   schema "objects" do
@@ -31,6 +31,13 @@ def normalize(obj) when is_map(obj), do: Object.get_by_ap_id(obj["id"])
   def normalize(ap_id) when is_binary(ap_id), do: Object.get_by_ap_id(ap_id)
   def normalize(_), do: nil
 
+  # Owned objects can only be mutated by their owner
+  def authorize_mutation(%Object{data: %{"actor" => actor}}, %User{ap_id: ap_id}),
+    do: actor == ap_id
+
+  # Legacy objects can be mutated by anybody
+  def authorize_mutation(%Object{}, %User{}), do: true
+
   if Mix.env() == :test do
     def get_cached_by_ap_id(ap_id) do
       get_by_ap_id(ap_id)

lib/pleroma/plugs/oauth_plug.ex

 defmodule Pleroma.Plugs.OAuthPlug do
   import Plug.Conn
-  alias Pleroma.User
-  alias Pleroma.Repo
-  alias Pleroma.Web.OAuth.Token
+  import Ecto.Query
 
-  def init(options) do
-    options
-  end
+  alias Pleroma.{
+    User,
+    Repo,
+    Web.OAuth.Token
+  }
+
+  @realm_reg Regex.compile!("Bearer\:?\s+(.*)$", "i")
+
+  def init(options), do: options
 
   def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
 
   def call(conn, _) do
-    token =
-      case get_req_header(conn, "authorization") do
-        ["Bearer " <> header] -> header
-        _ -> get_session(conn, :oauth_token)
-      end
-
-    with token when not is_nil(token) <- token,
-         %Token{user_id: user_id} <- Repo.get_by(Token, token: token),
-         %User{} = user <- Repo.get(User, user_id),
-         false <- !!user.info.deactivated do
+    with {:ok, token} <- fetch_token(conn),
+         {:ok, user} <- fetch_user(token) do
       conn
+      |> assign(:token, token)
       |> assign(:user, user)
     else
       _ -> conn
     end
   end
+
+  # Gets user by token
+  #
+  @spec fetch_user(String.t()) :: {:ok, User.t()} | nil
+  defp fetch_user(token) do
+    query = from(q in Token, where: q.token == ^token, preload: [:user])
+
+    with %Token{user: %{info: %{deactivated: false} = _} = user} <- Repo.one(query) do
+      {:ok, user}
+    end
+  end
+
+  # Gets token from session by :oauth_token key
+  #
+  @spec fetch_token_from_session(Plug.Conn.t()) :: :no_token_found | {:ok, String.t()}
+  defp fetch_token_from_session(conn) do
+    case get_session(conn, :oauth_token) do
+      nil -> :no_token_found
+      token -> {:ok, token}
+    end
+  end
+
+  # Gets token from headers
+  #
+  @spec fetch_token(Plug.Conn.t()) :: :no_token_found | {:ok, String.t()}
+  defp fetch_token(%Plug.Conn{} = conn) do
+    headers = get_req_header(conn, "authorization")
+
+    with :no_token_found <- fetch_token(headers),
+         do: fetch_token_from_session(conn)
+  end
+
+  @spec fetch_token(Keyword.t()) :: :no_token_found | {:ok, String.t()}
+  defp fetch_token([]), do: :no_token_found
+
+  defp fetch_token([token | tail]) do
+    trimmed_token = String.trim(token)
+
+    case Regex.run(@realm_reg, trimmed_token) do
+      [_, match] -> {:ok, String.trim(match)}
+      _ -> fetch_token(tail)
+    end
+  end
 end

lib/pleroma/reverse_proxy.ex

@@ -56,7 +56,7 @@ defmodule Pleroma.ReverseProxy do
   @hackney Application.get_env(:pleroma, :hackney, :hackney)
   @httpoison Application.get_env(:pleroma, :httpoison, HTTPoison)
 
-  @default_hackney_options [{:follow_redirect, true}]
+  @default_hackney_options []
 
   @inline_content_types [
     "image/gif",

lib/pleroma/user.ex

@@ -62,10 +62,6 @@ def follow_changeset(struct, params \\ %{}) do
     |> validate_required([:following])
   end
 
-  def info_changeset(struct, params \\ %{}) do
-    raise "NOT VALID ANYMORE"
-  end
-
   def user_info(%User{} = user) do
     oneself = if user.local, do: 1, else: 0
 

lib/pleroma/user/info.ex

@@ -24,6 +24,7 @@ defmodule Pleroma.User.Info do
     field(:topic, :string, default: nil)
     field(:hub, :string, default: nil)
     field(:salmon, :string, default: nil)
+    field(:hide_network, :boolean, default: false)
 
     # Found in the wild
     # ap_id -> Where is this used?
@@ -135,6 +136,7 @@ def profile_update(info, params) do
       :no_rich_text,
       :default_scope,
       :banner,
+      :hide_network,
       :background
     ])
   end
@@ -147,6 +149,11 @@ def mastodon_profile_update(info, params) do
     ])
   end
 
+  def mastodon_settings_update(info, params) do
+    info
+    |> cast(params, [:settings])
+  end
+
   def set_source_data(info, source_data) do
     params = %{source_data: source_data}
 

lib/pleroma/web/activity_pub/activity_pub.ex

@@ -574,7 +574,14 @@ def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do
 
   def upload(file, opts \\ []) do
     with {:ok, data} <- Upload.store(file, opts) do
-      Repo.insert(%Object{data: data})
+      obj_data =
+        if opts[:actor] do
+          Map.put(data, "actor", opts[:actor])
+        else
+          data
+        end
+
+      Repo.insert(%Object{data: obj_data})
     end
   end
 
@@ -765,10 +772,7 @@ def fetch_and_contain_remote_object_from_id(id) do
          {:ok, %{body: body, status: code}} when code in 200..299 <-
            @httpoison.get(
              id,
-             [Accept: "application/activity+json"],
-             follow_redirect: true,
-             timeout: 10000,
-             recv_timeout: 20000
+             [{:Accept, "application/activity+json"}]
            ),
          {:ok, data} <- Jason.decode(body),
          :ok <- Transmogrifier.contain_origin_from_id(id, data) do

lib/pleroma/web/activity_pub/mrf/ensure_re_prepended.ex

+defmodule Pleroma.Web.ActivityPub.MRF.EnsureRePrepended do
+  alias Pleroma.Object
+
+  @behaviour Pleroma.Web.ActivityPub.MRF
+
+  @reply_prefix Regex.compile!("^re:[[:space:]]*", [:caseless])
+  def filter_by_summary(
+        %{"summary" => parent_summary} = parent,
+        %{"summary" => child_summary} = child
+      )
+      when not is_nil(child_summary) and byte_size(child_summary) > 0 and
+             not is_nil(parent_summary) and byte_size(parent_summary) > 0 do
+    if (child_summary == parent_summary and not Regex.match?(@reply_prefix, child_summary)) or
+         (Regex.match?(@reply_prefix, parent_summary) &&
+            Regex.replace(@reply_prefix, parent_summary, "") == child_summary) do
+      Map.put(child, "summary", "re: " <> child_summary)
+    else
+      child
+    end
+  end
+
+  def filter_by_summary(parent, child), do: child
+
+  def filter(%{"type" => activity_type} = object) when activity_type == "Create" do
+    child = object["object"]
+    in_reply_to = Object.normalize(child["inReplyTo"])
+
+    child =
+      if(in_reply_to,
+        do: filter_by_summary(in_reply_to.data, child),
+        else: child
+      )
+
+    object = Map.put(object, "object", child)
+
+    {:ok, object}
+  end
+
+  def filter(object), do: {:ok, object}
+end

lib/pleroma/web/activity_pub/views/user_view.ex

@@ -82,7 +82,7 @@ def render("following.json", %{user: user, page: page}) do
     query = from(user in query, select: [:ap_id])
     following = Repo.all(query)
 
-    collection(following, "#{user.ap_id}/following", page)
+    collection(following, "#{user.ap_id}/following", page, !user.info.hide_network)
     |> Map.merge(Utils.make_json_ld_header())
   end
 
@@ -95,7 +95,7 @@ def render("following.json", %{user: user}) do
       "id" => "#{user.ap_id}/following",
       "type" => "OrderedCollection",
       "totalItems" => length(following),
-      "first" => collection(following, "#{user.ap_id}/following", 1)
+      "first" => collection(following, "#{user.ap_id}/following", 1, !user.info.hide_network)
     }
     |> Map.merge(Utils.make_json_ld_header())
   end
@@ -105,7 +105,7 @@ def render("followers.json", %{user: user, page: page}) do
     query = from(user in query, select: [:ap_id])
     followers = Repo.all(query)
 
-    collection(followers, "#{user.ap_id}/followers", page)
+    collection(followers, "#{user.ap_id}/followers", page, !user.info.hide_network)
     |> Map.merge(Utils.make_json_ld_header())
   end
 
@@ -118,7 +118,7 @@ def render("followers.json", %{user: user}) do
       "id" => "#{user.ap_id}/followers",
       "type" => "OrderedCollection",
       "totalItems" => length(followers),
-      "first" => collection(followers, "#{user.ap_id}/followers", 1)
+      "first" => collection(followers, "#{user.ap_id}/followers", 1, !user.info.hide_network)
     }
     |> Map.merge(Utils.make_json_ld_header())
   end
@@ -172,7 +172,7 @@ def render("outbox.json", %{user: user, max_id: max_qid}) do
     end
   end
 
-  def collection(collection, iri, page, total \\ nil) do
+  def collection(collection, iri, page, show_items \\ true, total \\ nil) do
     offset = (page - 1) * 10
     items = Enum.slice(collection, offset, 10)
     items = Enum.map(items, fn user -> user.ap_id end)
@@ -183,7 +183,7 @@ def collection(collection, iri, page, total \\ nil) do
       "type" => "OrderedCollectionPage",
       "partOf" => iri,
       "totalItems" => total,
-      "orderedItems" => items
+      "orderedItems" => if(show_items, do: items, else: [])
     }
 
     if offset < total do

lib/pleroma/web/mastodon_api/mastodon_api_controller.ex

@@ -2,13 +2,22 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
   use Pleroma.Web, :controller
   alias Pleroma.{Repo, Object, Activity, User, Notification, Stats}
   alias Pleroma.Web
-  alias Pleroma.Web.MastodonAPI.{StatusView, AccountView, MastodonView, ListView, FilterView}
+
+  alias Pleroma.Web.MastodonAPI.{
+    StatusView,
+    AccountView,
+    MastodonView,
+    ListView,
+    FilterView,
+    PushSubscriptionView
+  }
+
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Web.CommonAPI
   alias Pleroma.Web.OAuth.{Authorization, Token, App}
   alias Pleroma.Web.MediaProxy
-  alias Comeonin.Pbkdf2
+
   import Ecto.Query
   require Logger
 
@@ -433,33 +442,31 @@ def relationships(%{assigns: %{user: user}} = conn, _) do
     |> json([])
   end
 
-  def update_media(%{assigns: %{user: _}} = conn, data) do
+  def update_media(%{assigns: %{user: user}} = conn, data) do
     with %Object{} = object <- Repo.get(Object, data["id"]),
+         true <- Object.authorize_mutation(object, user),
          true <- is_binary(data["description"]),
          description <- data["description"] do
       new_data = %{object.data | "name" => description}
 
-      change = Object.change(object, %{data: new_data})
-      {:ok, _} = Repo.update(change)
-
-      data =
-        new_data
-        |> Map.put("id", object.id)
+      {:ok, _} =
+        object
+        |> Object.change(%{data: new_data})
+        |> Repo.update()
 
-      render(conn, StatusView, "attachment.json", %{attachment: data})
+      attachment_data = Map.put(new_data, "id", object.id)
+      render(conn, StatusView, "attachment.json", %{attachment: attachment_data})
     end
   end
 
-  def upload(%{assigns: %{user: _}} = conn, %{"file" => file} = data) do
-    with {:ok, object} <- ActivityPub.upload(file, description: Map.get(data, "description")) do
-      change = Object.change(object, %{data: object.data})
-      {:ok, object} = Repo.update(change)
-
-      objdata =
-        object.data
-        |> Map.put("id", object.id)
-
-      render(conn, StatusView, "attachment.json", %{attachment: objdata})
+  def upload(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do
+    with {:ok, object} <-
+           ActivityPub.upload(file,
+             actor: User.ap_id(user),
+             description: Map.get(data, "description")
+           ) do
+      attachment_data = Map.put(object.data, "id", object.id)
+      render(conn, StatusView, "attachment.json", %{attachment: attachment_data})
     end
   end
 
@@ -502,17 +509,30 @@ def hashtag_timeline(%{assigns: %{user: user}} = conn, params) do
     |> render(StatusView, "index.json", %{activities: activities, for: user, as: :activity})
   end
 
-  # TODO: Pagination
-  def followers(conn, %{"id" => id}) do
+  def followers(%{assigns: %{user: for_user}} = conn, %{"id" => id}) do
     with %User{} = user <- Repo.get(User, id),
          {:ok, followers} <- User.get_followers(user) do
+      followers =
+        cond do
+          for_user && user.id == for_user.id -> followers
+          user.info.hide_network -> []
+          true -> followers
+        end
+
       render(conn, AccountView, "accounts.json", %{users: followers, as: :user})
     end
   end
 
-  def following(conn, %{"id" => id}) do
+  def following(%{assigns: %{user: for_user}} = conn, %{"id" => id}) do
     with %User{} = user <- Repo.get(User, id),
          {:ok, followers} <- User.get_friends(user) do
+      followers =
+        cond do
+          for_user && user.id == for_user.id -> followers
+          user.info.hide_network -> []
+          true -> followers
+        end
+
       render(conn, AccountView, "accounts.json", %{users: followers, as: :user})
     end
   end
@@ -959,9 +979,11 @@ def index(%{assigns: %{user: user}} = conn, _params) do
   end
 
   def put_settings(%{assigns: %{user: user}} = conn, %{"data" => settings} = _params) do
-    with new_info <- Map.put(user.info, "settings", settings),
-         change <- User.info_changeset(user, %{info: new_info}),
-         {:ok, _user} <- User.update_and_set_cache(change) do
+    info_cng = User.Info.mastodon_settings_update(user.info, settings)
+
+    with changeset <- User.update_changeset(user),
+         changeset <- Ecto.Changeset.put_embed(changeset, :info, info_cng),
+         {:ok, user} <- User.update_and_set_cache(changeset) do
       conn
       |> json(%{})
     else
@@ -1149,6 +1171,33 @@ def delete_filter(%{assigns: %{user: user}} = conn, %{"id" => filter_id}) do
     json(conn, %{})
   end
 
+  def create_push_subscription(%{assigns: %{user: user, token: token}} = conn, params) do
+    Pleroma.Web.Push.Subscription.delete_if_exists(user, token)
+    {:ok, subscription} = Pleroma.Web.Push.Subscription.create(user, token, params)
+    view = PushSubscriptionView.render("push_subscription.json", subscription: subscription)
+    json(conn, view)
+  end
+
+  def get_push_subscription(%{assigns: %{user: user, token: token}} = conn, _params) do
+    subscription = Pleroma.Web.Push.Subscription.get(user, token)
+    view = PushSubscriptionView.render("push_subscription.json", subscription: subscription)
+    json(conn, view)
+  end
+
+  def update_push_subscription(
+        %{assigns: %{user: user, token: token}} = conn,
+        params
+      ) do
+    {:ok, subscription} = Pleroma.Web.Push.Subscription.update(user, token, params)
+    view = PushSubscriptionView.render("push_subscription.json", subscription: subscription)
+    json(conn, view)
+  end
+
+  def delete_push_subscription(%{assigns: %{user: user, token: token}} = conn, _params) do
+    {:ok, _response} = Pleroma.Web.Push.Subscription.delete(user, token)
+    json(conn, %{})
+  end
+
   def errors(conn, _) do
     conn
     |> put_status(500)
@@ -1169,7 +1218,14 @@ def suggestions(%{assigns: %{user: user}} = conn, _) do
       url = String.replace(api, "{{host}}", host) |> String.replace("{{user}}", user)
 
       with {:ok, %{status: 200, body: body}} <-
-             @httpoison.get(url, [], timeout: timeout, recv_timeout: timeout),
+             @httpoison.get(
+               url,
+               [],
+               adapter: [
+                 timeout: timeout,
+                 recv_timeout: timeout
+               ]
+             ),
            {:ok, data} <- Jason.decode(body) do
         data2 =
           Enum.slice(data, 0, limit)

lib/pleroma/web/mastodon_api/views/push_subscription_view.ex

+defmodule Pleroma.Web.MastodonAPI.PushSubscriptionView do
+  use Pleroma.Web, :view
+  alias Pleroma.Web.MastodonAPI.PushSubscriptionView