pleroma issueshttps://git.pleroma.social/pleroma/pleroma/-/issues2023-06-27T00:56:19Zhttps://git.pleroma.social/pleroma/pleroma/-/issues/3133Lemmy / Kbin federation issues2023-06-27T00:56:19ZCarlos SolísLemmy / Kbin federation issues### Environment
* Installation type (OTP or From Source): OTP
* Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): 2.5.2
* Elixir version (`elixir -v` for from source installations, N/A for OTP): N/A
* Oper...### Environment
* Installation type (OTP or From Source): OTP
* Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): 2.5.2
* Elixir version (`elixir -v` for from source installations, N/A for OTP): N/A
* Operating system: Debian 11 Bullseye
* PostgreSQL version (`psql -V`): 13.11
### Bug description
When following a community from Lemmy or a magazine from Kbin, Pleroma will complain about an issue with the transmogrifier, for example:
```
Jun 12 10:36:15 example.net pleroma[3586219]: 10:36:15.814 [error] Error while fetching https://lemmy.world/activities/create/32ce9250-359e-4d2d-a969-c5b0c09c4a63: {:error, {:transmogrifier, :error}}
Jun 12 10:36:16 example.net pleroma[3586219]: 10:36:16.019 [error] Error while fetching https://programming.dev/activities/like/648e688e-f9d1-4627-9494-8f5ab8a40e26: {:error, {:transmogrifier, :error}}
Jun 12 10:36:16 example.net pleroma[3586219]: 10:36:16.778 [error] Error while fetching https://lemmy.world/activities/like/bc75afd2-2b94-4669-852e-6bc4d1d98743: {:error, {:transmogrifier, :error}}
Jun 12 10:36:17 example.net pleroma[3586219]: 10:36:17.224 [error] Error while fetching https://beehaw.org/activities/like/a8b3ee2b-4112-4354-bc00-5562694a9b6c: {:error, {:transmogrifier, :error}}
```
Furthermore, attached images and website previews are not properly parsed as a result, instead showing a black image (in clients like Fedilab) or a placeholder clip image (in Soapbox):
![imagen](/uploads/48fb8875e9dd8b3596bd47aff6650733/imagen.png)https://git.pleroma.social/pleroma/pleroma/-/issues/3132precompiled version db can't imgrate to compiled db [compiled by elixir 1.15....2023-12-04T03:31:20ZKuoi Zprecompiled version db can't imgrate to compiled db [compiled by elixir 1.15.7 or later]
This is my build log. https://web.archive.org/web/20231204032554/https://build.malacology.net/api/pkg/pleroma/log/1698812320
Following is my running log, but I use what you compile, things run well, but for what I compiled, sth face pr...
This is my build log. https://web.archive.org/web/20231204032554/https://build.malacology.net/api/pkg/pleroma/log/1698812320
Following is my running log, but I use what you compile, things run well, but for what I compiled, sth face problems, is this the issue that I previously use pre-build binary, now I use compiled binary?
It seems that the db generated from OTP release can't imgrate to the binary what I compiled
Renew log can be checked here https://web.archive.org/web/20231204032515/http://fars.ee/kHDY still [debug] for days.
```
Jun 02 04:04:07 helix systemd[1]: pleroma.service: Found left-over process 497 (epmd) in control group while starting unit. Ignoring.
Jun 02 04:04:07 helix systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Jun 02 04:04:07 helix systemd[1]: Started Pleroma social network.
Jun 02 04:04:10 helix pleroma[1783]: [notice] :alarm_handler: {:set, {:system_memory_high_watermark, []}}
Jun 02 04:04:10 helix pleroma[1783]: [info] Function passed as a handler with ID "pleroma-logger" is local function.
Jun 02 04:04:10 helix pleroma[1783]: This mean that it is either anonymous function or capture of function without module specified. That may cause performance penalty when calling such handler. For more details see note in `telemetry:attach/4` documentation.
Jun 02 04:04:10 helix pleroma[1783]: https://hexdocs.pm/telemetry/telemetry.html#attach-4
Jun 02 04:04:11 helix pleroma[1783]: [debug] QUERY OK source="columns" db=7.1ms queue=12.7ms idle=0.0ms
Jun 02 04:04:11 helix pleroma[1783]: SELECT TRUE FROM "information_schema"."columns" AS c0 WHERE (c0."table_name" = 'objects') AND (c0."column_name" = 'fts_content') LIMIT 1 []
Jun 02 04:04:11 helix pleroma[1783]: [info] Function passed as a handler with ID "telemetry_web__event_handler" is local function.
Jun 02 04:04:11 helix pleroma[1783]: This mean that it is either anonymous function or capture of function without module specified. That may cause performance penalty when calling such handler. For more details see note in `telemetry:attach/4` documentation.
Jun 02 04:04:11 helix pleroma[1783]: https://hexdocs.pm/telemetry/telemetry.html#attach-4
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.ForceMentionsInContent is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.DropPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.TagPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.NoPlaceholderTextPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.EnsureRePrepended is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.FollowBotPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.NoEmptyPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.UserAllowListPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] Elixir.Pleroma.Web.ActivityPub.MRF.NoOpPolicy is excluded from config descriptions, because does not implement `config_description/0` method.
Jun 02 04:04:11 helix pleroma[1783]: [debug] QUERY OK source="config" db=3.2ms queue=7.1ms idle=0.0ms
Jun 02 04:04:11 helix pleroma[1783]: SELECT c0."id", c0."key", c0."group", c0."value", c0."inserted_at", c0."updated_at" FROM "config" AS c0 []
Jun 02 04:04:11 helix pleroma[1783]: [info] Function passed as a handler with ID "oban-monitor-failure" is local function.
Jun 02 04:04:11 helix pleroma[1783]: This mean that it is either anonymous function or capture of function without module specified. That may cause performance penalty when calling such handler. For more details see note in `telemetry:attach/4` documentation.
Jun 02 04:04:11 helix pleroma[1783]: https://hexdocs.pm/telemetry/telemetry.html#attach-4
Jun 02 04:04:11 helix pleroma[1783]: [info] Function passed as a handler with ID "oban-monitor-success" is local function.
Jun 02 04:04:11 helix pleroma[1783]: This mean that it is either anonymous function or capture of function without module specified. That may cause performance penalty when calling such handler. For more details see note in `telemetry:attach/4` documentation.
Jun 02 04:04:11 helix pleroma[1783]: https://hexdocs.pm/telemetry/telemetry.html#attach-4
Jun 02 04:04:11 helix pleroma[1783]: [debug] QUERY OK source="data_migrations" db=0.8ms queue=2.5ms idle=44.5ms
Jun 02 04:04:11 helix pleroma[1783]: SELECT d0."id", d0."name", d0."state", d0."feature_lock", d0."params", d0."data", d0."inserted_at", d0."updated_at" FROM "data_migrations" AS d0 WHERE (d0."name" = $1) ["populate_hashtags_table"]
Jun 02 04:04:11 helix pleroma[1783]: [debug] QUERY OK source="data_migrations" db=0.9ms queue=3.4ms idle=44.9ms
Jun 02 04:04:11 helix pleroma[1783]: SELECT d0."id", d0."name", d0."state", d0."feature_lock", d0."params", d0."data", d0."inserted_at", d0."updated_at" FROM "data_migrations" AS d0 WHERE (d0."name" = $1) ["delete_context_objects"]
Jun 02 04:04:11 helix pleroma[1783]: [debug] QUERY OK source="data_migrations" db=2.0ms queue=0.1ms idle=40.4ms
Jun 02 04:04:11 helix pleroma[1783]: SELECT d0."id", d0."name", d0."state", d0."feature_lock", d0."params", d0."data", d0."inserted_at", d0."updated_at" FROM "data_migrations" AS d0 WHERE (d0."name" = $1) ["delete_context_objects"]
Jun 02 04:04:11 helix pleroma[1783]: [debug] QUERY OK source="data_migrations" db=3.7ms idle=46.8ms
Jun 02 04:04:11 helix pleroma[1783]: SELECT d0."id", d0."name", d0."state", d0."feature_lock", d0."params", d0."data", d0."inserted_at", d0."updated_at" FROM "data_migrations" AS d0 WHERE (d0."name" = $1) ["populate_hashtags_table"]
Jun 02 04:04:11 helix pleroma[1783]: [info] Gopher server disabled
Jun 02 04:04:11 helix pleroma[1783]: [debug] QUERY OK db=0.2ms queue=0.5ms idle=40.8ms
Jun 02 04:04:11 helix pleroma[1783]: show server_version []
Jun 02 04:04:11 helix pleroma[1783]: [debug] QUERY OK source="users" db=457.1ms decode=0.1ms queue=2.8ms idle=18.8ms
Jun 02 04:04:11 helix pleroma[1783]: SELECT distinct split_part(u0."nickname", '@', 2) FROM "users" AS u0 WHERE (u0."local" != $1) [true]
Jun 02 04:04:11 helix pleroma[1783]: [debug] QUERY OK source="users" db=4.5ms queue=1.4ms idle=466.6ms
Jun 02 04:04:11 helix pleroma[1783]: SELECT sum(u0."note_count") FROM "users" AS u0 WHERE (NOT (u0."nickname" IS NULL)) AND (NOT (u0."nickname" LIKE 'internal.%')) AND (u0."local" = $1) [true]
Jun 02 04:04:11 helix pleroma[1783]: [debug] QUERY OK source="users" db=2.4ms queue=1.0ms idle=472.6ms
Jun 02 04:04:11 helix pleroma[1783]: SELECT count(u0."id") FROM "users" AS u0 WHERE (u0."is_active" = TRUE) AND (u0."local" = TRUE) AND (NOT (u0."nickname" IS NULL)) AND (NOT (u0."invisible")) []
Jun 02 04:04:13 helix pleroma[1783]: [debug] Tzdata polling for update.
Jun 02 04:04:13 helix pleroma[1783]: [debug] Tzdata polling shows the loaded tz database is up to date.
Jun 02 04:04:16 helix pleroma[1783]: [debug] QUERY OK source="users" db=6.1ms queue=3.1ms idle=1052.9ms
Jun 02 04:04:16 helix pleroma[1783]: SELECT u0."id", u0."bio", u0."raw_bio", u0."email", u0."name", u0."nickname", u0."password_hash", u0."keys", u0."public_key", u0."ap_id", u0."avatar", u0."local", u0."follower_address", u0."following_address", u0."featured_address", u0."tags", u0."last_refreshed_at", u0."last_digest_emailed_at", u0."banner", u0."background", u0."note_count", u0."follower_count", u0."following_count", u0."is_locked", u0."is_confirmed", u0."password_reset_pending", u0."is_approved", u0."registration_reason", u0."confirmation_token", u0."default_scope", u0."domain_blocks", u0."is_active", u0."no_rich_text", u0."ap_enabled", u0."is_moderator", u0."is_admin", u0."show_role", u0."uri", u0."hide_followers_count", u0."hide_follows_count", u0."hide_followers", u0."hide_follows", u0."hide_favorites", u0."email_notifications", u0."mascot", u0."emoji", u0."pleroma_settings_store", u0."fields", u0."raw_fields", u0."is_discoverable", u0."invisible", u0."allow_following_move", u0."skip_thread_containment", u0."actor_type", u0."also_known_as", u0."inbox", u0."shared_inbox", u0."accepts_chat_messages", u0."last_active_at", u0."disclose_client", u0."pinned_objects", u0."is_suggested", u0."last_status_at", u0."birthday", u0."show_birthday", u0."language", u0."notification_settings", u0."blocks", u0."mutes", u0."muted_reblogs", u0."muted_notifications", u0."subscribers", u0."multi_factor_authentication_settings", u0."inserted_at", u0."updated_at" FROM "users" AS u0 WHERE (u0."ap_id" = $1) ["https://social.malacology.net/internal/fetch"]
Jun 02 04:05:12 helix pleroma[1783]: [debug] QUERY OK source="users" db=445.1ms queue=0.1ms idle=1172.6ms
Jun 02 04:05:12 helix pleroma[1783]: SELECT distinct split_part(u0."nickname", '@', 2) FROM "users" AS u0 WHERE (u0."local" != $1) [true]
Jun 02 04:05:12 helix pleroma[1783]: [debug] QUERY OK source="users" db=0.8ms idle=943.6ms
Jun 02 04:05:12 helix pleroma[1783]: SELECT sum(u0."note_count") FROM "users" AS u0 WHERE (NOT (u0."nickname" IS NULL)) AND (NOT (u0."nickname" LIKE 'internal.%')) AND (u0."local" = $1) [true]
Jun 02 04:05:12 helix pleroma[1783]: [debug] QUERY OK source="users" db=0.8ms idle=944.5ms
Jun 02 04:05:12 helix pleroma[1783]: SELECT count(u0."id") FROM "users" AS u0 WHERE (u0."is_active" = TRUE) AND (u0."local" = TRUE) AND (NOT (u0."nickname" IS NULL)) AND (NOT (u0."invisible")) []
Jun 02 04:06:12 helix pleroma[1783]: [debug] QUERY OK source="users" db=415.7ms queue=0.1ms idle=1340.5ms
Jun 02 04:06:12 helix pleroma[1783]: SELECT distinct split_part(u0."nickname", '@', 2) FROM "users" AS u0 WHERE (u0."local" != $1) [true]
Jun 02 04:06:12 helix pleroma[1783]: [debug] QUERY OK source="users" db=2.8ms idle=1362.5ms
Jun 02 04:06:12 helix pleroma[1783]: SELECT sum(u0."note_count") FROM "users" AS u0 WHERE (NOT (u0."nickname" IS NULL)) AND (NOT (u0."nickname" LIKE 'internal.%')) AND (u0."local" = $1) [true]
Jun 02 04:06:12 helix pleroma[1783]: [debug] QUERY OK source="users" db=2.3ms idle=1365.5ms
Jun 02 04:06:12 helix pleroma[1783]: SELECT count(u0."id") FROM "users" AS u0 WHERE (u0."is_active" = TRUE) AND (u0."local" = TRUE) AND (NOT (u0."nickname" IS NULL)) AND (NOT (u0."invisible")) []
```
my nginx here
```
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name MY_DOMAIN;
include /etc/nginx/custom/ssl.conf;
access_log /var/log/nginx/access.log;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
location / {
# if you do not want remote frontends to be able to access your Pleroma backend
# server, remove these lines.
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
if ($request_method = OPTIONS) {
return 204;
}
# stop removing lines here.
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy same-origin;
add_header X-Download-Options noopen;
# Uncomment this only after you get HTTPS working.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_pass http://localhost:4000;
client_max_body_size 16m;
}
location /proxy {
proxy_cache pleroma_media_cache;
proxy_cache_lock on;
proxy_ignore_client_abort on;
proxy_pass http://localhost:4000;
}
}
```
my ufw rule, as previously work well, I am sure there is no problem
```
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
4000/tcp ALLOW Anywhere
```
my nginx error is here
```
2023/12/04 10:56:06 [error] 70603#70603: *13 connect() failed (111: Connection refused) while connecting to upstream, client: 172.69.195.81, server: social.malacology.net, request: "GET / HTTP/2.0", upstream: "http://[::1]:4000/", host: "social.malacology.net"
2023/12/04 10:56:06 [error] 70603#70603: *13 connect() failed (111: Connection refused) while connecting to upstream, client: 172.69.195.81, server: social.malacology.net, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:4000/", host: "social.malacology.net"
2023/12/04 10:56:07 [error] 70603#70603: *18 no live upstreams while connecting to upstream, client: 172.69.194.3, server: social.malacology.net, request: "GET /favicon.ico HTTP/2.0", upstream: "http://localhost/favicon.ico", host: "social.malacology.net", referrer: "https://social.malacology.net/"
2023/12/04 10:56:27 [error] 70603#70603: *33 connect() failed (111: Connection refused) while connecting to upstream, client: 172.69.60.151, server: social.malacology.net, request: "POST /inbox HTTP/2.0", upstream: "http://127.0.0.1:4000/inbox", host: "social.malacology.net"
2023/12/04 10:56:27 [error] 70603#70603: *33 connect() failed (111: Connection refused) while connecting to upstream, client: 172.69.60.151, server: social.malacology.net, request: "POST /inbox HTTP/2.0", upstream: "http://[::1]:4000/inbox", host: "social.malacology.net"
2023/12/04 10:56:47 [error] 70603#70603: *13 connect() failed (111: Connection refused) while connecting to upstream, client: 172.69.195.81, server: social.malacology.net, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:4000/", host: "social.malacology.net"
2023/12/04 10:56:47 [error] 70603#70603: *13 connect() failed (111: Connection refused) while connecting to upstream, client: 172.69.195.81, server: social.malacology.net, request: "GET / HTTP/2.0", upstream: "http://[::1]:4000/", host: "social.malacology.net"
2023/12/04 10:56:48 [error] 70603#70603: *18 no live upstreams while connecting to upstream, client: 172.69.194.3, server: social.malacology.net, request: "GET /favicon.ico HTTP/2.0", upstream: "http://localhost/favicon.ico", host: "social.malacology.net", referrer: "https://social.malacology.net/"
2023/12/04 10:56:53 [error] 70603#70603: *50 no live upstreams while connecting to upstream, client: 172.70.123.111, server: social.malacology.net, request: "POST /inbox HTTP/2.0", upstream: "http://localhost/inbox", host: "social.malacology.net"
```https://git.pleroma.social/pleroma/pleroma/-/issues/3130Participation reaching ConversationView without an ap_id key2023-11-13T02:54:35ZZeroParticipation reaching ConversationView without an ap_id keySo I saw this error a bunch of times in my Pleroma log, I don't know how to reproduce or what causes it though.
```
15:57:04.522 [error] Process #PID<0.13534.7> raised an exception
** (KeyError) key :ap_id not found in: nil. If you ar...So I saw this error a bunch of times in my Pleroma log, I don't know how to reproduce or what causes it though.
```
15:57:04.522 [error] Process #PID<0.13534.7> raised an exception
** (KeyError) key :ap_id not found in: nil. If you are using the dot syntax, such as map.field, make sure the left-hand side of the dot is a map
lib/pleroma/web/mastodon_api/views/conversation_view.ex:27: Pleroma.Web.MastodonAPI.ConversationView.render/2
lib/pleroma/web/views/streamer_view.ex:142: Pleroma.Web.StreamerView.render/2
lib/pleroma/web/streamer.ex:308: Pleroma.Web.Streamer.push_to_socket/2
```
Here are the relevant code locations:
- [streamer.ex:308](https://git.pleroma.social/pleroma/pleroma/-/blob/31ec5cd35eece97aa1213c401b40d3ab83689ea9/lib/pleroma/web/streamer.ex#L308)
- [streamer_view.ex:142](https://git.pleroma.social/pleroma/pleroma/-/blob/31ec5cd35eece97aa1213c401b40d3ab83689ea9/lib/pleroma/web/views/streamer_view.ex#L130)
- [conversation_view.ex:27](https://git.pleroma.social/pleroma/pleroma/-/blob/31ec5cd35eece97aa1213c401b40d3ab83689ea9/lib/pleroma/web/mastodon_api/views/conversation_view.ex#L27)https://git.pleroma.social/pleroma/pleroma/-/issues/3129Purge or prevent OAuth tokens with no user id2023-05-29T09:44:44ZDuponinPurge or prevent OAuth tokens with no user idFollowing recent security update, I deleted all OAuth tokens but I noticed there was a huge amount (a bit more than 300k) tokens where `user_id` is `NULL`.
In comparison, I had slightly more than 3k valid OAuth tokens (with `user_id` set...Following recent security update, I deleted all OAuth tokens but I noticed there was a huge amount (a bit more than 300k) tokens where `user_id` is `NULL`.
In comparison, I had slightly more than 3k valid OAuth tokens (with `user_id` set).
You can find on your instance doing the following SQL `select count(id) from oauth_tokens where user_id is null;`.
I’ve yet to understand why these tokens without `user_id` exist.
@lanodan told me those exist because of Mastodon applications that don’t work with our MastoAPI implementation (citation needed).
We should prevent those to exist ideally in a first place, but in case we can’t, having a purge would be good.
I’m not sure if this is a security issue, but still concerning nonetheless.https://git.pleroma.social/pleroma/pleroma/-/issues/3128Idea: add a Hashcash or some other proof-of-work to the register page2023-06-22T03:18:50ZZeroIdea: add a Hashcash or some other proof-of-work to the register pageI had this idea and only just learned about Hashcash (https://en.wikipedia.org/wiki/Hashcash).
I think this (along with a better captcha) would be good to slow down things like skids mass creating accounts, which happened recently.
Th...I had this idea and only just learned about Hashcash (https://en.wikipedia.org/wiki/Hashcash).
I think this (along with a better captcha) would be good to slow down things like skids mass creating accounts, which happened recently.
There's an existing Elixir library: https://github.com/danj3/elixir-hashcash
And probably a lot of JS implementation like https://github.com/007/hashcash-js
I found this example of it being used for a sign up page, it's Rails, but it could be a good model for an implementation: https://github.com/BaseSecrete/active_hashcash
Aside from that, maybe some documentation on how to rate limit the login page properly on nginx and such would be helpful.
Just throwing some ideas out there, I don't think I'm competent enough to implement it, though.https://git.pleroma.social/pleroma/pleroma/-/issues/3127Hashtag links don't work in Mona app2023-06-22T03:02:34ZfeldHashtag links don't work in Mona appAllegedly our hashtag links need a class of "mention" applied to them, and then hashtag timeline thing view thing in the app will work correctly like it does for Mastodon?Allegedly our hashtag links need a class of "mention" applied to them, and then hashtag timeline thing view thing in the app will work correctly like it does for Mastodon?https://git.pleroma.social/pleroma/pleroma/-/issues/3122Self-deleting account doesn't purge all its statuses2023-05-27T03:45:26ZtusooaSelf-deleting account doesn't purge all its statuses0. Delete one's own account using the delete account API
1. Their posts are still retained, and still exposed in the context API. This contradicts to user expectation that deleting their account will also purge all of its posts, at least...0. Delete one's own account using the delete account API
1. Their posts are still retained, and still exposed in the context API. This contradicts to user expectation that deleting their account will also purge all of its posts, at least from the point of view of the local server.https://git.pleroma.social/pleroma/pleroma/-/issues/3134Ability to use emoji from other servers2023-06-13T18:03:12ZiacoreAbility to use emoji from other servers# Behavior suggestion/Feature request
It is possible to emoji-react to a post using emoji from another server, if someone else used that emoji first.
I wonder if it is possible to create the first reaction to a post using emoji from ano...# Behavior suggestion/Feature request
It is possible to emoji-react to a post using emoji from another server, if someone else used that emoji first.
I wonder if it is possible to create the first reaction to a post using emoji from another server.https://git.pleroma.social/pleroma/pleroma/-/issues/3120Add support for OpenTelemetry2023-05-09T19:10:56ZDuponinAdd support for OpenTelemetry[OpenTelemetry](https://opentelemetry.io/) is a framework to add app telemetry, giving insights on what’s going on *in* the application.
This could be greatly useful to understand some weird behaviours, rather than looking at a blackbox ...[OpenTelemetry](https://opentelemetry.io/) is a framework to add app telemetry, giving insights on what’s going on *in* the application.
This could be greatly useful to understand some weird behaviours, rather than looking at a blackbox and guessing what might have happened.
Most instances won’t benefit, and won’t have any tool to ingest that data; it should be disabled by default.
However, it could be useful for big/busy federation instances.
Related topic are Applicatiom Performance Monitors (APM), this topic got discussed in context of Sentry, see https://git.pleroma.social/pleroma/pleroma/-/issues/574.https://git.pleroma.social/pleroma/pleroma/-/issues/3117Dangling follow request after quarantining some site2024-01-07T13:34:59ZtusooaDangling follow request after quarantining some site0. Quarantine misskey.io
1. Deny a follow request from that site
2. Failed0. Quarantine misskey.io
1. Deny a follow request from that site
2. Failedhttps://git.pleroma.social/pleroma/pleroma/-/issues/3113/api/v1/accounts/ gets outdated data2023-04-15T11:10:37ZHJ/api/v1/accounts/ gets outdated dataI changed my avatar and description on sgsgb, and everything seems to be more or less fine except that `/api/v1/accounts/` shows previous data (old avatar and description)I changed my avatar and description on sgsgb, and everything seems to be more or less fine except that `/api/v1/accounts/` shows previous data (old avatar and description)https://git.pleroma.social/pleroma/pleroma/-/issues/3082"(DBConnection.EncodeError) Postgrex expected an integer" when running update...2023-05-07T23:07:38ZDynamic Operations Architect"(DBConnection.EncodeError) Postgrex expected an integer" when running update_users_following_followers_counts### Environment
* Installation type (OTP or From Source): OTP
* Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): Backend version 2.5.1 / Frontend version eec27700
* Elixir version (`elixir -v` for from so...### Environment
* Installation type (OTP or From Source): OTP
* Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): Backend version 2.5.1 / Frontend version eec27700
* Elixir version (`elixir -v` for from source installations, N/A for OTP): N/A
* OTP version: 23.3.4.18
* Operating system: Debian 11.6
* PostgreSQL version (`psql -V`): psql (PostgreSQL) 13.9 (Debian 13.9-0+deb11u1)
### Bug description
The following stacktrace appeared after round about 24 hours of running `su pleroma -s $SHELL -lc "./bin/pleroma_ctl database update_users_following_followers_counts"`
```
10:26:11.235 [debug] Fetching object https://mastodon.adtension.com/users/admin/following via AP
10:26:12.141 [debug] QUERY OK source="instances" db=0.6ms
SELECT TRUE FROM "instances" AS i0 WHERE ((i0."host" = $1) AND (i0."unreachable_since" <= $2)) ["mastodon.adtension.com", ~N[2023-03-29 08:26:12.140334]]
10:26:12.141 [debug] Fetching object https://mastodon.adtension.com/users/admin/followers via AP
10:26:12.217 [debug] QUERY OK source="instances" db=0.6ms
SELECT TRUE FROM "instances" AS i0 WHERE ((i0."host" = $1) AND (i0."unreachable_since" <= $2)) ["mastodon.adtension.com", ~N[2023-03-29 08:26:12.216349]]
10:26:12.220 [debug] QUERY ERROR db=1.5ms
UPDATE "users" SET "follower_count" = $1, "following_count" = $2, "hide_followers" = $3, "hide_follows" = $4, "updated_at" = $5 WHERE "id" = $6 [97000000000, 96997, true, true, ~N[2023-04-05 08:26:12], "AR2twWSuwfZ7vu2emm"]
10:26:12.220 [debug] QUERY OK source="users" db=0.1ms
SELECT u0."id", u0."bio", u0."raw_bio", u0."email", u0."name", u0."nickname", u0."password_hash", u0."keys", u0."public_key", u0."ap_id", u0."avatar", u0."local", u0."follower_address", u0."following_address", u0."featured_address", u0."tags", u0."last_refreshed_at", u0."last_digest_emailed_at", u0."banner", u0."background", u0."note_count", u0."follower_count", u0."following_count", u0."is_locked", u0."is_confirmed", u0."password_reset_pending", u0."is_approved", u0."registration_reason", u0."confirmation_token", u0."default_scope", u0."domain_blocks", u0."is_active", u0."no_rich_text", u0."ap_enabled", u0."is_moderator", u0."is_admin", u0."show_role", u0."uri", u0."hide_followers_count", u0."hide_follows_count", u0."hide_followers", u0."hide_follows", u0."hide_favorites", u0."email_notifications", u0."mascot", u0."emoji", u0."pleroma_settings_store", u0."fields", u0."raw_fields", u0."is_discoverable", u0."invisible", u0."allow_following_move", u0."skip_thread_containment", u0."actor_type", u0."also_known_as", u0."inbox", u0."shared_inbox", u0."accepts_chat_messages", u0."last_active_at", u0."disclose_client", u0."pinned_objects", u0."is_suggested", u0."last_status_at", u0."birthday", u0."show_birthday", u0."language", u0."notification_settings", u0."blocks", u0."mutes", u0."muted_reblogs", u0."muted_notifications", u0."subscribers", u0."multi_factor_authentication_settings", u0."inserted_at", u0."updated_at" FROM "users" AS u0 []
10:26:12.223 [debug] QUERY OK db=2.6ms
rollback []
** (DBConnection.EncodeError) Postgrex expected an integer in -2147483648..2147483647, got 97000000000. Please make sure the value you are passing matches the definition in your table or in your query or convert the value accordingly.
lib/postgrex/type_module.ex:947: Postgrex.DefaultTypes.encode_params/3
lib/postgrex/query.ex:75: DBConnection.Query.Postgrex.Query.encode/3
lib/db_connection.ex:1255: DBConnection.encode/5
lib/db_connection.ex:1355: DBConnection.run_prepare_execute/5
lib/db_connection.ex:595: DBConnection.parsed_prepare_execute/5
lib/db_connection.ex:587: DBConnection.prepare_execute/4
lib/postgrex.ex:340: Postgrex.query/4
lib/ecto/adapters/sql.ex:947: Ecto.Adapters.SQL.struct/10
```https://git.pleroma.social/pleroma/pleroma/-/issues/3077Config endpoint should typecheck2023-04-03T00:46:23ZHJConfig endpoint should typecheck(original title: Frontend management breaks if you try to add custom frontend)
In AdminFE Frontends -> Available you supposedly could set/add a custom frontend definition, however it breaks frontends list entirely. Upon close inspection...(original title: Frontend management breaks if you try to add custom frontend)
In AdminFE Frontends -> Available you supposedly could set/add a custom frontend definition, however it breaks frontends list entirely. Upon close inspection it seems that AdminFE just overwrites an array of available frontends with just one frontend definition as-is. Hypothetically it is an AdminFE bug, but it's weird that backend just... allows it to happen.https://git.pleroma.social/pleroma/pleroma/-/issues/3076Backend reports frontend being installed even if no refs have been installed2023-05-08T00:33:31ZHJBackend reports frontend being installed even if no refs have been installedIf you manually remove (since no way to uninstall via API) a **frontend ref** the API will still say that frontend installed. It should check that there's at least one ref installed.If you manually remove (since no way to uninstall via API) a **frontend ref** the API will still say that frontend installed. It should check that there's at least one ref installed.https://git.pleroma.social/pleroma/pleroma/-/issues/3072Improve available frontends registry2023-05-08T00:34:14ZHJImprove available frontends registryTalking about this: https://git.pleroma.social/pleroma/pleroma/-/blob/develop/config/config.exs#L739
- First and foremost it should allow multiple refs, not just one, in case admin wants to install develop version
- refs should have t...Talking about this: https://git.pleroma.social/pleroma/pleroma/-/blob/develop/config/config.exs#L739
- First and foremost it should allow multiple refs, not just one, in case admin wants to install develop version
- refs should have their own meta information (i.e. version requirement, tags (stable/unstable/experimental), etc.)
- We should probably move this configuartion away from config.exs and instead have a separate repo (much like https://git.pleroma.social/pleroma/emoji-index ), where FE devs can contribute manifests for their FEs in a simpler (JSON/YAML) format for it to be aggregated.https://git.pleroma.social/pleroma/pleroma/-/issues/3070[Feature Request] Ability to disable search for unauthenticated users2023-03-22T03:16:03ZYour New SJW Waifu[Feature Request] Ability to disable search for unauthenticated usersWe have a way to limit timeless, activities, and accounts as well as set if only unauthenticated, everyone, or nobody is allowed to search external statuses but no way to completely disable search for unauthenticated users.
I'd very muc...We have a way to limit timeless, activities, and accounts as well as set if only unauthenticated, everyone, or nobody is allowed to search external statuses but no way to completely disable search for unauthenticated users.
I'd very much like the ability to completely disable search for unauthenticated users.https://git.pleroma.social/pleroma/pleroma/-/issues/3067Support for Age Verifcation API like id.me2023-05-26T14:19:20ZSkylar CaulfieldSupport for Age Verifcation API like id.me**Pitch**
Add support for id.me during the plemora sign up process and require api be configured for US hosts by default
**Motivation**
Multiple laws have been proposed across the United States requiring that social media platforms ve...**Pitch**
Add support for id.me during the plemora sign up process and require api be configured for US hosts by default
**Motivation**
Multiple laws have been proposed across the United States requiring that social media platforms verify if the user is 18, or the users has parental permissions, failure to verify via a third party provider this could result in serve liability fines.
Bills proposed are
https://www.arkleg.state.ar.us/Bills/FTPDocument?path=%2FBills%2F2023R%2FPublic%2FSB396.pdf
https://le.utah.gov/~2023/bills/static/SB0152.htmlhttps://git.pleroma.social/pleroma/pleroma/-/issues/3063Add application/activity+json alternate link2023-04-03T00:47:28ZSaagar JhaAdd application/activity+json alternate link[Some instant messaging platforms](https://gist.github.com/saagarjha/07e897fd72b370027ce280480761cf1e#file-metadataextractor-js-L115) use this link to check for whether a service supports ActivityPub. It would be nice if Pleroma included...[Some instant messaging platforms](https://gist.github.com/saagarjha/07e897fd72b370027ce280480761cf1e#file-metadataextractor-js-L115) use this link to check for whether a service supports ActivityPub. It would be nice if Pleroma included this in the document so that it could be used.https://git.pleroma.social/pleroma/pleroma/-/issues/3057Supporting the Ivory app2023-05-08T00:37:24ZfeldSupporting the Ivory appStep 1: they're blocking Pleroma because they detect our user IDs are not integers
Step 2: figure out why the `/api/v1/statuses` response is not working for themStep 1: they're blocking Pleroma because they detect our user IDs are not integers
Step 2: figure out why the `/api/v1/statuses` response is not working for themhttps://git.pleroma.social/pleroma/pleroma/-/issues/3054Cannot delete statuses sent by banned users2023-05-08T00:37:49ZtusooaCannot delete statuses sent by banned usersHere, Activity.get_by_id will return not found for activities by banned users.
```
def delete(activity_id, user) do
with {_, %Activity{data: %{"object" => _, "type" => "Create"}} = activity} <-
{:find_activity, Activity...Here, Activity.get_by_id will return not found for activities by banned users.
```
def delete(activity_id, user) do
with {_, %Activity{data: %{"object" => _, "type" => "Create"}} = activity} <-
{:find_activity, Activity.get_by_id(activity_id)},
{_, %Object{} = object, _} <-
{:find_object, Object.normalize(activity, fetch: false), activity},
true <- User.privileged?(user, :messages_delete) || user.ap_id == object.data["actor"],
{:ok, delete_data, _} <- Builder.delete(user, object.data["id"]),
{:ok, delete, _} <- Pipeline.common_pipeline(delete_data, local: true) do
if User.privileged?(user, :messages_delete) and user.ap_id != object.data["actor"] do
```