pleroma issueshttps://git.pleroma.social/pleroma/pleroma/-/issues2023-05-08T03:10:47Zhttps://git.pleroma.social/pleroma/pleroma/-/issues/2358Admin-FE emoji api endpoints return "404 Not Implemented"2023-05-08T03:10:47ZSophie LunaAdmin-FE emoji api endpoints return "404 Not Implemented"I can see the list of emoji packs that are available but can't see the contents, can't upload or delete emojis or even create a new pack. This used to work in an installation from source and I recently moved it to a Docker environment --...I can see the list of emoji packs that are available but can't see the contents, can't upload or delete emojis or even create a new pack. This used to work in an installation from source and I recently moved it to a Docker environment -- not sure if that's the cause, everything else works fine.
```
22:40:30.770 [info] GET /api/pleroma/emoji/packs/sharky
22:40:30.770 request_id=Fk8tgo93LQXDUQoAAqlC [debug] GET /api/pleroma/emoji/packs/sharky
22:40:30.770 request_id=Fk8tgo93LQXDUQoAAqlC [debug] Processing with Pleroma.Web.Fallback.RedirectController.api_not_implemented/2
Parameters: %{"page" => "1", "page_size" => "30", "path" => ["api", "pleroma", "emoji", "packs", "sharky"]}
Pipelines: []
22:40:30.770 request_id=Fk8tgo93LQXDUQoAAqlC [debug] Sent 404 in 311µs
22:40:30.770 request_id=Fk8tgo93LQXDUQoAAqlC [info] Sent 404 in 542µs
```
git branch -v:
`* stable 15550f7c4 Merge branch 'cherry-pick-a65fc78c' into 'stable'`https://git.pleroma.social/pleroma/pleroma/-/issues/207PleromaFE notice HTML should include a AP json and Atom XML <link>2023-05-08T04:09:00ZKane YorkPleromaFE notice HTML should include a AP json and Atom XML <link>HTML pages should include a `application/activity+json` and `application/atom+xml` `<link rel=alternate>`, and the frontend JS should keep this element up to date when moving to other pages.
For example, the page returned by https://cat...HTML pages should include a `application/activity+json` and `application/atom+xml` `<link rel=alternate>`, and the frontend JS should keep this element up to date when moving to other pages.
For example, the page returned by https://cathoderay.tube/notice/45021 should include this HTML element:
(option A, if #206 is implemented)
<link href='https://cathoderay.tube/notice/45021' rel='alternate' type='application/atom+xml'>
<link href='https://cathoderay.tube/notice/45021' rel='alternate' type='application/activity+json'>
(option B)
<link href='https://cathoderay.tube/objects/f2feb28f-56d9-4000-a719-561831dfa487' rel='alternate' type='application/atom+xml'>
<link href='https://cathoderay.tube/objects/f2feb28f-56d9-4000-a719-561831dfa487' rel='alternate' type='application/activity+json'>
Upon navigation away from the status, the link should be removed. Upon navigation to a status page, the link should be updated to point to the currently viewed status.
Purpose: I want to create a browser extension that will be able to recognize that you are on a AP/OStatus-enabled page, and let you reply nearly-inline.lainlainhttps://git.pleroma.social/pleroma/pleroma/-/issues/237add apache examples to pleroma guides2021-02-09T06:35:27ZDebbieadd apache examples to pleroma guidesas a Apache user, not familar with Nginx at all, this is something I would like. this guide for example https://git.pleroma.social/pleroma/pleroma/wikis/Easy-Onion-Federation-(Tor) has a Nginx example, but not a Apache one.
thanksas a Apache user, not familar with Nginx at all, this is something I would like. this guide for example https://git.pleroma.social/pleroma/pleroma/wikis/Easy-Onion-Federation-(Tor) has a Nginx example, but not a Apache one.
thankshttps://git.pleroma.social/pleroma/pleroma/-/issues/244rekey account when it deletes something2023-05-08T03:36:21Zkaniinirekey account when it deletes somethingthis is necessary to enable plausible deniabilitythis is necessary to enable plausible deniabilityHaelwennHaelwennhttps://git.pleroma.social/pleroma/pleroma/-/issues/384Optionally support Troy Hunt’s Pwned Password API2023-05-08T07:58:00ZshibayashiOptionally support Troy Hunt’s Pwned Password APIOne way to ensure peoples’ safety is to prevent them from setting unsafe passwords, specifically that they do not set a password that is already part of a known data breach. Checking against a black list is also part of the new NIST pass...One way to ensure peoples’ safety is to prevent them from setting unsafe passwords, specifically that they do not set a password that is already part of a known data breach. Checking against a black list is also part of the new NIST password guidance [1]. One way to do this is to use Troy Hunt’s Pwned Passwords API [2].
Troy Hunt maintains a huge list of publicly known data breaches and provides ways to check for leaked email addresses and passwords.
## How the API works
* Take the user password
* Generate the SHA1 hash of it
* Send the first 5 characters of it to the API endpoint (either a self-hosted one or Troy Hunt’s one)
* The API will return a list with the remainders of all hashes which start with the characters, additionally a counter is appended to each entry, in how many leaks this password was part of
* The client checks locally, which one of these hashes is the right one
* If the counter is `> 0` then the password is compromised
Because the returned list contains a lot of hash suffixes, anonymity is guaranteed by the k-anonymity model [3]. The list of passwords can either be downloaded and served locally or be accessed with `https://api.pwnedpasswords.com/range/{hashPrefix}`. According to Troy, almost all requests are in the Cloudflare cache and very few requests actually hit his server.
## Who uses this?
Some examples are:
* 1Password
* Eve Online
* Nextcloud
* Bitwarden
* Firefox Monitor
## How could we implement this?
* Provide config options, similar to the suggestions API:
```exs
config :pleroma, :pwned_passwords_check,
enabled: false,
check_always: false,
third_party_engine:
"https://api.pwnedpasswords.com/range/"
```
* Integrate the check in the password reset controller
* Do not reset the password, if the password was leaked
If `check_always` is true, the check happens always for everyone. If it is false, a small icon should be displayed in the password change dialog, similar to 1Password and Bitwarden, and the check happens if the user decides to click on that icon. Maybe include this in the list of features in PleromaFE to help people avoid registering on instances, which offer this service.
I am aware that this can be seen as a controversial feature, that’s why I would make this very configurable and entirely optional, yet I do see this as an useful feature to offer.
1. [NIST Guidance](https://pages.nist.gov/800-63-3/sp800-63b.html)
2. [Pwned Password API](https://haveibeenpwned.com/Passwords)
3. [k-anonymity](https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/)
4. [API description](https://haveibeenpwned.com/API/v2)https://git.pleroma.social/pleroma/pleroma/-/issues/386[OAuth] return HTTP 401 if things go wrong2023-05-08T08:32:04ZRoy Tam[OAuth] return HTTP 401 if things go wrong`/oauth/token` should return HTTP `401` with error code instead of HTTP `500` if parameters are invalid (testcase: old version Cuckoo+ redirect users to OAuth authorize page without properly encoding `client_id`, resulting padding charac...`/oauth/token` should return HTTP `401` with error code instead of HTTP `500` if parameters are invalid (testcase: old version Cuckoo+ redirect users to OAuth authorize page without properly encoding `client_id`, resulting padding characters missed in `client_id`, and after authorized it `POST` to `/oauth/token` with complete `client_id` that is not being authorized [and also improperly processed `code`], and pleroma returns HTTP `500` instead of HTTP `401` with `error` code `unauthorized_client` or `server_error`)lainlainhttps://git.pleroma.social/pleroma/pleroma/-/issues/400Implement OpenID Connect2019-05-31T10:11:50ZsuccfemboiImplement OpenID ConnectHaving support for OpenID would enable pleroma to act as an identity-server, which could be used for a "sign-in-as" option.
Last I'm aware of is that GNUsocial already has support for it.
There already are implementation of it OpenID in...Having support for OpenID would enable pleroma to act as an identity-server, which could be used for a "sign-in-as" option.
Last I'm aware of is that GNUsocial already has support for it.
There already are implementation of it OpenID in [Erlang](https://github.com/indigo-dc/oidcc) and in [Elixir](https://github.com/mustafaturan/shield/tree/ui). The Elixir variant does seem to be built on the same webframework that pleroma uses, but it has been archived for some reason.
This has been referenced [here](https://git.pleroma.social/pleroma/pleroma/issues/235#note_4217) as a possibility for a sign-in option, but I don't think it's a good Idea to close an issue when it hasn't been veritably resolved yet.
https://git.pleroma.social/pleroma/pleroma/-/issues/416Streaming API doesn't use chunked encoding (breaks bitlbee-mastodon)2020-04-24T14:41:53ZrjpStreaming API doesn't use chunked encoding (breaks bitlbee-mastodon)[bitlbee-mastodon](https://alexschroeder.ch/software/Bitlbee_Mastodon) tries to use the streaming API (`/api/v1/streaming/user`) but gets confused due to the connection being a "normal" HTTP connection (`Content-Length`, `keep-alive`) ra...[bitlbee-mastodon](https://alexschroeder.ch/software/Bitlbee_Mastodon) tries to use the streaming API (`/api/v1/streaming/user`) but gets confused due to the connection being a "normal" HTTP connection (`Content-Length`, `keep-alive`) rather than being chunked (no `Content-Length`, `Transfer-Encoding: chunked`). The underlying HTTP code in bitlbee records a closed stream when `req->body_size >= req->content_length` which causes bitlbee-mastodon to consider login failed (`Login error: Stream closed (200 OK)`).
[Mastodon Streaming API docs](https://docs.joinmastodon.org/api/streaming/) says that the streaming endpoints work as "chunked-encoding transfer" (or, alternately, a websocket).
(bitlbee-mastodon is A-OK talking to a Mastodon instance; it's just Pleroma that confuses it.)hrefhref@random.shhrefhref@random.shhttps://git.pleroma.social/pleroma/pleroma/-/issues/432Don't show multiple notifications if multiple tabs are open.2020-05-18T14:48:58ZpieDon't show multiple notifications if multiple tabs are open.When pleroma is open in multiple tabs, every notification is received once per tab rather than only once.When pleroma is open in multiple tabs, every notification is received once per tab rather than only once.https://git.pleroma.social/pleroma/pleroma/-/issues/434Remote Follow rework2019-01-20T15:42:40ZfeldRemote Follow rework1. Remote follow should not work at all if Pleroma is configured not to federate
2. If Pleroma is configured to limit federation to specific instances, the remote follow page should indicate this and suggest to the user that they can fo...1. Remote follow should not work at all if Pleroma is configured not to federate
2. If Pleroma is configured to limit federation to specific instances, the remote follow page should indicate this and suggest to the user that they can follow by signing up for an account on this instance or one of the instances that are allowed to federatehttps://git.pleroma.social/pleroma/pleroma/-/issues/463Testing push notification mix task2023-05-08T00:48:16ZHJTesting push notification mix taskThere should be a mix task for testing sending push notificationsThere should be a mix task for testing sending push notificationshttps://git.pleroma.social/pleroma/pleroma/-/issues/484Visibility that only shows to Mutuals2023-05-08T04:15:21ZpieVisibility that only shows to MutualsIt would be really great to have a visibility option that only shows the post to people who both follow and are followed by you.It would be really great to have a visibility option that only shows the post to people who both follow and are followed by you.https://git.pleroma.social/pleroma/pleroma/-/issues/493Insecure mode2023-05-08T03:47:13ZkaniiniInsecure modeTo facilitate migration from other fediverse software, we would like to be able to replay AP activities into Pleroma. This will of course be problematic because of the anti-spoofing protection and signature requirements. Thusly, it wou...To facilitate migration from other fediverse software, we would like to be able to replay AP activities into Pleroma. This will of course be problematic because of the anti-spoofing protection and signature requirements. Thusly, it would be nice to have a mode which turns these security features off.
Insecure mode should be a special invocation of the Pleroma server instead of a config setting. Something like an environment variable should trigger it.
That would allow us to import data through replaying it. We should also have very noticeable warnings when the server is operating in Insecure mode and it should not attempt to federate in Insecure mode.
(in other words the only functionality that should be live is only the functionality needed to import the data. nothing more.)https://git.pleroma.social/pleroma/pleroma/-/issues/495Cannot use websocket streaming with multiple instances2023-05-08T04:08:48Zh3potetoCannot use websocket streaming with multiple instancesI want to invest Pleroma server on multiple instances. But it seems that websocket streaming can not scale out.
Please let me know if you know the solution.
I already tried to use redis for `Phoenix.PubSub`: https://github.com/phoenixf...I want to invest Pleroma server on multiple instances. But it seems that websocket streaming can not scale out.
Please let me know if you know the solution.
I already tried to use redis for `Phoenix.PubSub`: https://github.com/phoenixframework/phoenix_pubsub_redis .
This method is for `Phoenix.Channel`, but now Pleroma does not use `Phoenix.Channel` for websocket streaming. It uses Cowboy handler. It was implemented in https://git.pleroma.social/pleroma/pleroma/merge_requests/560/diffs. And I read a related issue: https://git.pleroma.social/pleroma/pleroma/issues/451 . But I don't know why you don't use `Phoenix.Channel`.
Does this problem solve if upgrade to Phoenix 1.5? Or do you know how to scale out `Cowboy.Handler` ?
On one hand, chat is using `Phoenix.Channel` so it can scale out.https://git.pleroma.social/pleroma/pleroma/-/issues/516Safe Mode2020-05-23T14:57:55ZkaniiniSafe ModeThis would be an optional account setting which forces the sensitive flag to true on all media. This is helpful for browsing fedi in public places, like school, work breaks, etc.This would be an optional account setting which forces the sensitive flag to true on all media. This is helpful for browsing fedi in public places, like school, work breaks, etc.https://git.pleroma.social/pleroma/pleroma/-/issues/522MRF Simple alternative: Federation queue2023-05-08T04:15:31ZniaMRF Simple alternative: Federation queueRecently some admins have expressed a distaste for "forced federation".
Pleroma already has MRF Simple's "accept" for more limited federation, but this has some downsides:
* It requires interested admins to do research into existing se...Recently some admins have expressed a distaste for "forced federation".
Pleroma already has MRF Simple's "accept" for more limited federation, but this has some downsides:
* It requires interested admins to do research into existing servers and regular re-review to add anything new that is wanted.
* It requires filling out a form or writing an email if you want to federate with a server that uses it.
* It is heavy — it does not allow "default federated timeline removal", or even "default block", just "always reject".
A "federation approval queue" would have these features:
* Expose discovered servers and servers that wish to exchange activities, via an admin API.
* Allow reviewing queued activities.
* Allow setting default behavior - federated timeline removal, default block, reject, etc.
* Allow admins several options to deal with unapproved servers: approve, approve with federated timeline removal / media NSFW, reject, default block, and possibly more.
* Remove the server from the queue (and possibly allow through activities) once an admin has selected an option.
and provide these advantages:
* Allow more options than just reject-by-default.
* Not require filling out forms to get approved.
* Allow admins to focus on reviewing content that their server actually consumes rather than bothering with shared blocklists to deal with theoretical problems.
* Reduced workload for admins interested in limited federation.
* Reduced workload for admins interested in federating with servers that use limited federation.
Regardless of your opinions of admins that use limited federation or shared blocklists, they are using them, and I think this would provide an option that is better for the fediverse as a whole than the available solutions.https://git.pleroma.social/pleroma/pleroma/-/issues/542RFC7686 Compliance / Don't contact onion domains without proxy.2023-05-08T03:36:34ZirlRFC7686 Compliance / Don't contact onion domains without proxy.Where a .onion domain name is found, this should never be contacted unless a SOCKS proxy has been specified to avoid instances becoming leaks for .onion names via DNS lookups that are going to fail anyway.Where a .onion domain name is found, this should never be contacted unless a SOCKS proxy has been specified to avoid instances becoming leaks for .onion names via DNS lookups that are going to fail anyway.https://git.pleroma.social/pleroma/pleroma/-/issues/574Implement sentry for error reporting2023-05-09T19:10:57ZsuccfemboiImplement sentry for error reportingThis might be controversial but maybe one could implement sentry to log errors on the server. The admin can configure to run the error logger if desired but by default it should be off. The admin might also want to decide if an error rep...This might be controversial but maybe one could implement sentry to log errors on the server. The admin can configure to run the error logger if desired but by default it should be off. The admin might also want to decide if an error report should be sent or nothttps://git.pleroma.social/pleroma/pleroma/-/issues/577Feature Request: Temporary account 'ban' / 'probation'2023-05-08T04:09:11ZThndrFeature Request: Temporary account 'ban' / 'probation'Add in a feature that allows certain moderator levels and the admin of an instance to be able to temporary 'ban' ('probate') an account for X minutes/hours/days/weeks.
When these accounts are temporarily prevented from posting it should...Add in a feature that allows certain moderator levels and the admin of an instance to be able to temporary 'ban' ('probate') an account for X minutes/hours/days/weeks.
When these accounts are temporarily prevented from posting it should alert them with a custom message set by the admin letting them know that they can't post for X amount of time.
Optionally allow a custom default avatar when the account is restricted in this manner to let people know on the local instance that the user is temporarily restricted
*(potential issue: could cause problem with avatar caching, but such an option is mostly for the benefit of local instance users and not the rest of the fediverse)*https://git.pleroma.social/pleroma/pleroma/-/issues/595Posts by non-friends which mention you appear in Friends timeline2023-05-08T03:48:58ZfeldPosts by non-friends which mention you appear in Friends timelineYour friends timeline is meant for people you are following and the posts they boost. If you have accounts you do not follow repeatedly @mention you it serves as a Denial of Service on your Friends timeline because you can't see the post...Your friends timeline is meant for people you are following and the posts they boost. If you have accounts you do not follow repeatedly @mention you it serves as a Denial of Service on your Friends timeline because you can't see the posts which are only by your friends.
It seems to me that your mentions (unless they're from your friends) should only be in the notifications panel from which you can open the entire conversation if you want.
An option to at least control this behavior is strongly desired if the current behavior isn't deemed a bug.https://git.pleroma.social/pleroma/pleroma/-/issues/617Implement captcha option for visually impaired people2023-05-08T01:24:02ZIljaImplement captcha option for visually impaired peopleOften captcha's have an audio-option in case with certain disabilities (e.g. people who are blind) need to solve them. The current implementation doesn't have an option like that, which means using captcha blocks certain people from regi...Often captcha's have an audio-option in case with certain disabilities (e.g. people who are blind) need to solve them. The current implementation doesn't have an option like that, which means using captcha blocks certain people from registering.https://git.pleroma.social/pleroma/pleroma/-/issues/656Groups support2023-11-05T23:17:38ZfeldGroups supportSupport for groups. This feature needs input from @lambadalambda as it has been discussed at a high level but needs some details about exactly what we're aiming to achieve.Support for groups. This feature needs input from @lambadalambda as it has been discussed at a high level but needs some details about exactly what we're aiming to achieve.lainlainhttps://git.pleroma.social/pleroma/pleroma/-/issues/679Email notifications2020-09-03T13:25:23ZlainEmail notificationsOptionally, subscribe to email notifications.Optionally, subscribe to email notifications.https://git.pleroma.social/pleroma/pleroma/-/issues/680Email subscriptions to posts of certain friends2019-05-30T21:40:43ZlainEmail subscriptions to posts of certain friendsWhen you follow someone who does not post too much, you might want to get an email notifiation for posts of that person. Related to https://git.pleroma.social/pleroma/pleroma/issues/679 but not the same.When you follow someone who does not post too much, you might want to get an email notifiation for posts of that person. Related to https://git.pleroma.social/pleroma/pleroma/issues/679 but not the same.https://git.pleroma.social/pleroma/pleroma/-/issues/692Remove files older than X2023-05-08T04:15:11ZnepfagRemove files older than XI'd like to be able to replace all attachments that are older than a certain amount of time (say, half a year) with a symlink to a placeholder image to save disk space. Right now if I try to do that with a shell script then it also overw...I'd like to be able to replace all attachments that are older than a certain amount of time (say, half a year) with a symlink to a placeholder image to save disk space. Right now if I try to do that with a shell script then it also overwrites avatars, which should be preserved.
Could you please add a mix command that does this properly?https://git.pleroma.social/pleroma/pleroma/-/issues/3115Allow user to resend activation email.2023-04-17T12:45:28ZGhost UserAllow user to resend activation email.Activation emails can get lost, resulting in a user not having access to their account and a good username being taken needlessly.
I propose the following improvements:
* [ ] Ability on Pleroma-FE for a user to have their activation e...Activation emails can get lost, resulting in a user not having access to their account and a good username being taken needlessly.
I propose the following improvements:
* [ ] Ability on Pleroma-FE for a user to have their activation email re-sent.https://git.pleroma.social/pleroma/pleroma/-/issues/3118Reply count is out of sync2023-05-04T12:27:51ZsevenReply count is out of sync![screenshot](/uploads/e397a7906ce4ca7ba7366e577f55d69a/screenshot.png)
Steps to reproduce
1. Go to https://fedi.absturztau.be/notice/9q0Awcpm0ewDzZVdtw
2. Observe that reply count of the status is 1 but the status has 5 replies actually.![screenshot](/uploads/e397a7906ce4ca7ba7366e577f55d69a/screenshot.png)
Steps to reproduce
1. Go to https://fedi.absturztau.be/notice/9q0Awcpm0ewDzZVdtw
2. Observe that reply count of the status is 1 but the status has 5 replies actually.https://git.pleroma.social/pleroma/pleroma/-/issues/741ActivityPub C2S: Request to the URL of the conversation's ID returns blank HT...2020-10-06T16:29:25ZYuri VolkovActivityPub C2S: Request to the URL of the conversation's ID returns blank HTML page instead of JSON conversationUsing v.47.06 of AndStatus (see https://github.com/andstatus/andstatus/issues/499#issue-389014088 ) I'm requesting a conversation by its id. Receive HTML page as a response instead of expected JSON with a collection of activities.
url:'...Using v.47.06 of AndStatus (see https://github.com/andstatus/andstatus/issues/499#issue-389014088 ) I'm requesting a conversation by its id. Receive HTML page as a response instead of expected JSON with a collection of activities.
url:'https://pleroma.site/contexts/cebf1c4d-f7f2-46a5-8025-fd8bd9cde1ab'; response:'<!DOCTYPE html><html lang…';
Please implement!
Original Activity, from which I discovered the conversation ID:
```json
{
"type": "Create",
"to": [
"https:\/\/www.w3.org\/ns\/activitystreams#Public"
],
"published": "2019-03-10T18:46:31Z",
"object": {
"url": "https:\/\/pawoo.net\/@pawooAndStatusTester\/101727836012435643",
"type": "Note",
"to": [
"https:\/\/www.w3.org\/ns\/activitystreams#Public"
],
"tags": [
{
"type": "Mention",
"name": "@AndStatus@pleroma.site",
"href": "https:\/\/pleroma.site\/users\/AndStatus"
},
{
"type": "Hashtag",
"name": "#c2s",
"href": "https:\/\/pawoo.net\/tags\/c2s"
},
{
"type": "Hashtag",
"name": "#activitypub",
"href": "https:\/\/pawoo.net\/tags\/activitypub"
},
{
"type": "Hashtag",
"name": "#mastodon",
"href": "https:\/\/pawoo.net\/tags\/mastodon"
},
"c2s",
"activitypub",
"mastodon",
"nsfw"
],
"tag": [
{
"type": "Mention",
"name": "@AndStatus@pleroma.site",
"href": "https:\/\/pleroma.site\/users\/AndStatus"
},
{
"type": "Hashtag",
"name": "#c2s",
"href": "https:\/\/pawoo.net\/tags\/c2s"
},
{
"type": "Hashtag",
"name": "#activitypub",
"href": "https:\/\/pawoo.net\/tags\/activitypub"
},
{
"type": "Hashtag",
"name": "#mastodon",
"href": "https:\/\/pawoo.net\/tags\/mastodon"
},
{
"type": "Hashtag",
"name": "#c2s",
"href": "https:\/\/pleroma.site\/tags\/c2s"
},
{
"type": "Hashtag",
"name": "#activitypub",
"href": "https:\/\/pleroma.site\/tags\/activitypub"
},
{
"type": "Hashtag",
"name": "#mastodon",
"href": "https:\/\/pleroma.site\/tags\/mastodon"
},
{
"type": "Mention",
"name": "@AndStatus",
"href": "https:\/\/pleroma.site\/users\/AndStatus"
}
],
"summary": null,
"sensitive": false,
"published": "2019-03-10T18:46:31Z",
"inReplyToStatusId": "9gOorJogMWlBFNw1fE",
"inReplyToAtomUri": "https:\/\/pleroma.site\/objects\/7afcd0f7-f540-4f56-b7db-7ceac0ae4861",
"inReplyTo": "https:\/\/pleroma.site\/objects\/7afcd0f7-f540-4f56-b7db-7ceac0ae4861",
"id": "https:\/\/pawoo.net\/users\/pawooAndStatusTester\/statuses\/101727836012435643",
"conversation": "https:\/\/pleroma.site\/contexts\/cebf1c4d-f7f2-46a5-8025-fd8bd9cde1ab",
"context": "https:\/\/pleroma.site\/contexts\/cebf1c4d-f7f2-46a5-8025-fd8bd9cde1ab",
"content": "<p><span class=\"h-card\"><a href=\"https:\/\/pleroma.site\/users\/AndStatus\" class=\"u-url mention\">@<span>AndStatus<\/span><\/a><\/span> I do see your post via <a href=\"https:\/\/pawoo.net\/tags\/mastodon\" class=\"mention hashtag\" rel=\"tag\">#<span>Mastodon<\/span><\/a> site.<br \/>Please check via <a href=\"https:\/\/pawoo.net\/tags\/activitypub\" class=\"mention hashtag\" rel=\"tag\">#<span>ActivityPub<\/span><\/a> <a href=\"https:\/\/pawoo.net\/tags\/c2s\" class=\"mention hashtag\" rel=\"tag\">#<span>C2S<\/span><\/a> how two attached images may look like 👇<\/p>",
"cc": [
"https:\/\/pawoo.net\/users\/pawooAndStatusTester\/followers",
"https:\/\/pleroma.site\/users\/AndStatus"
],
"attributedTo": "https:\/\/pawoo.net\/users\/pawooAndStatusTester",
"attachment": [
{
"url": "https:\/\/img.pawoo.net\/media_attachments\/files\/013\/102\/220\/original\/b70c78bee2bf7c99.jpg",
"type": "Document",
"name": null,
"mediaType": "image\/jpeg"
},
{
"url": "https:\/\/img.pawoo.net\/media_attachments\/files\/013\/102\/261\/original\/104659a0cd852f39.jpg",
"type": "Document",
"name": null,
"mediaType": "image\/jpeg"
}
],
"atomUri": "https:\/\/pawoo.net\/users\/pawooAndStatusTester\/statuses\/101727836012435643",
"actor": "https:\/\/pawoo.net\/users\/pawooAndStatusTester"
},
"id": "https:\/\/pawoo.net\/users\/pawooAndStatusTester\/statuses\/101727836012435643\/activity",
"context_id": 30464285,
"context": "https:\/\/pleroma.site\/contexts\/cebf1c4d-f7f2-46a5-8025-fd8bd9cde1ab",
"cc": [
"https:\/\/pawoo.net\/users\/pawooAndStatusTester\/followers",
"https:\/\/pleroma.site\/users\/AndStatus"
],
"actor": "https:\/\/pawoo.net\/users\/pawooAndStatusTester",
"@context": [
"https:\/\/www.w3.org\/ns\/activitystreams",
"https:\/\/pleroma.site\/schemas\/litepub-0.1.jsonld"
]
}
```lainlainhttps://git.pleroma.social/pleroma/pleroma/-/issues/750Get documentation in a better state2023-05-08T04:07:59Zrinpatchrin+pleroma@patch.cxGet documentation in a better state* [x] Move documentation from the wiki to the repo because it does not support different content for different branches, people can't MR into it, etc.
* [x] Set up auto deploy of repo docs on docs.pleroma.social (!965)
* [ ] Document ...* [x] Move documentation from the wiki to the repo because it does not support different content for different branches, people can't MR into it, etc.
* [x] Set up auto deploy of repo docs on docs.pleroma.social (!965)
* [ ] Document common troubleshooting steps (updating to the latest master/develop, rebuilding pleroma and deps, etc.)
* [ ] Document the process of filing an issue (describe to which repositories (pleroma, pleroma-fe, auto_linker, mastofe) certain types of problems most likely belong, instruct to collect as much info as possible (we've had many issues with 'Error fetching updates' or '502 error' titles lately, which isn't too helpful)
* [ ] Refactor How-tos to be either in one file, or maybe even integrated with config.md1.0https://git.pleroma.social/pleroma/pleroma/-/issues/776Add ability to set up `Accept-Language: ` for rich media requests2023-05-08T04:15:05ZHJAdd ability to set up `Accept-Language: ` for rich media requestsfollowup to #775followup to #775https://git.pleroma.social/pleroma/pleroma/-/issues/792ActivityPub C2S: Error 400 when posting non-activity objects not wrapped into...2020-10-06T16:28:52ZFeufochmarActivityPub C2S: Error 400 when posting non-activity objects not wrapped into a Create activityWhen posting an object that is not an activity to the user's outbox, it is expected that the server wraps it in a Create activity (See https://www.w3.org/TR/activitypub/#object-without-create ).
Currently, Pleroma responds with an error...When posting an object that is not an activity to the user's outbox, it is expected that the server wraps it in a Create activity (See https://www.w3.org/TR/activitypub/#object-without-create ).
Currently, Pleroma responds with an error 400 (Bad Request), with the message "Unhandled activity type". When wrapping the same item inside a Create activity, Pleroma accepts the request.
Ex: Unwrapped note causing an error:
{"@context":"https://www.w3.org/ns/activitystreams","type":"Note","to":["http://localhost:4000/users/test"],"cc":[],"summary":"Test note","content":"A small note"}
When wrapped in a Create activity, no error, the note is created:
{"@context":"https://www.w3.org/ns/activitystreams","type":"Create","to":["http://localhost:4000/users/test"],"cc":[],"object":{"@context":"https://www.w3.org/ns/activitystreams","type":"Note","to":["http://localhost:4000/users/test"],"cc":[],"summary":"Test note","content":"A small note"}}
Tested on commit 5499750054081a4d4ac8a8b7b75dfd0a81f2a455 from develop.lainlainhttps://git.pleroma.social/pleroma/pleroma/-/issues/798Scaling Pleroma for a worldwide userbase2022-08-28T12:34:50ZfeldScaling Pleroma for a worldwide userbaseNormally you would expect users to join a community on the Fediverse that is both relevant to the users' interests and is also located nearby geographically for performance reasons. e.g., someone in Japan should join a Japanese server an...Normally you would expect users to join a community on the Fediverse that is both relevant to the users' interests and is also located nearby geographically for performance reasons. e.g., someone in Japan should join a Japanese server and use federation to communicate with users across the world. This eliminates performance bottlenecks by keeping the latency low.
However there are situations where this is not possible. I administer a customized Pleroma server that automatically enrolls an existing community/userbase with thousands of members who are worldwide. We observe performance issues as a result. e.g., users in Australia struggle to upload media to our server in Chicago.
We have a few options at our disposal to improve general performance such as using `config :Pleroma.Upload, base_url` to point to a CDN. This only solves the performance for consumption of content, not creation.
To achieve good performance we need to reduce latency of TCP connections by simply moving those activities to edge nodes which are geographically dispersed around the world. The problem is that this currently is not feasible in Pleroma. Simply moving Pleroma to be entirely behind a CDN is not wise because of `websockets`. CDNs do not like websockets.
CloudFlare supports websockets, but a limited number unless you pay for premium plans.
Akamai websocket support is unclear. It appears not permitted for production traffic based on my research.
This is unsurprising because websockets would be a serious strain on a CDN anyway. We can build our own CDN (and we are), but that doesn't change the reality that it's not a great solution to the problem.
This leaves us with the options of a major engineering effort and a lame hack:
1) OTP clustering, which will require some significant dev investment. But this is something we do want long term for building HA and load balanced Pleroma clusters
2) Some kind of API extension to support this, and bake it into the apps we influence (Roma, etc). e.g., hint that `/api/v1/statuses` should be accessed at a different `base_url` which can be proxied by a CDN, and fallback if that's unavailable.
Are there any other things we should consider? How else can this problem be approached?https://git.pleroma.social/pleroma/pleroma/-/issues/808Moderator Mode API for Front Ends2022-07-07T19:30:01ZNotZemichiModerator Mode API for Front EndsFollowing this lovely discussion:
https://shitposter.club/notice/9hhecwQbICDFH4Shmq
An optional mode at compile time to allow an admin grant moderator privileges to moderators to be able to see all/some user actions like unlisted, follo...Following this lovely discussion:
https://shitposter.club/notice/9hhecwQbICDFH4Shmq
An optional mode at compile time to allow an admin grant moderator privileges to moderators to be able to see all/some user actions like unlisted, follower only, direct messages, likes, etc.
That way an admin can sysadmin, moderators moderate.https://git.pleroma.social/pleroma/pleroma/-/issues/811ActivityPub C2S: Inbox and Outbox contents are incorrect2020-10-06T16:34:39ZFeufochmarActivityPub C2S: Inbox and Outbox contents are incorrectAccording to the ActivityPub specification, the outbox contains all the activities published by an actor and the inbox contains all the activities received by an actor.
Currently when a GET request is done on the outbox, the outbox only...According to the ActivityPub specification, the outbox contains all the activities published by an actor and the inbox contains all the activities received by an actor.
Currently when a GET request is done on the outbox, the outbox only contains the public activities, even when the actor is authenticated (with an OAuth bearer token for instance). When an actor is authenticated and is reading their outbox, the actor should be able to see all the activities, not just the public ones.
When a GET request is done on the inbox, the inbox contains the home timeline. So it also contains activities published by the actor, and not just the activities received by the actor. The home timeline is the merge of the inbox and the outbox. When using the ActivityPub C2S protocol, the home timeline should be built on the client side by fetching the inbox and the outbox, not on the server side by fetching the inbox.https://git.pleroma.social/pleroma/pleroma/-/issues/829Feature Request: SMTP email/inbox support2020-06-18T13:31:32ZThndrFeature Request: SMTP email/inbox supportI would like to suggest implementing SMTP support into Pleroma to allow users to message other users that have an account on the federated SMTP network and receive messages sent back to them by those users, as if they were two ActivityPu...I would like to suggest implementing SMTP support into Pleroma to allow users to message other users that have an account on the federated SMTP network and receive messages sent back to them by those users, as if they were two ActivityPub users sending private messages to each other.
Since the history of email server software is long and full of strife I assume any SMTP support would come through as a plugin that extends Pleroma by connecting to a local mail server that already has all of that work done, and just translates the protocols.
*I was going to include MUA support in this suggestion but that deserves it's own issue since it could be supported without full SMTP support.*https://git.pleroma.social/pleroma/pleroma/-/issues/830Feature Request: MUA client support2020-06-18T13:32:26ZThndrFeature Request: MUA client supportIt could be possible to allow email clients to connect to a Pleroma server to read and send private messages to other ActivityPub users (and other SMTP users if SMTP is supported by the server)
This would allow users to use not only nor...It could be possible to allow email clients to connect to a Pleroma server to read and send private messages to other ActivityPub users (and other SMTP users if SMTP is supported by the server)
This would allow users to use not only normal email clients, but also would allow specific use clients like DeltaChat(an encrypted messaging platform using email) to be used
Standards DeltaChat uses https://github.com/deltachat/deltachat-android/blob/master/standards.md#standards-used-in-delta-chat
I assume any MUA support without SMTP server support would come as a translation layer between the user and server to allow any standard compliant client to connecthttps://git.pleroma.social/pleroma/pleroma/-/issues/835Stickers2020-09-07T15:11:21ZkaniiniStickersIt is frequently discussed to add support for stickers. So lets actually do it!
Importantly, stickers are *different* than custom emoji. A sticker is an image response that is chosen from a library of images. Ideally, the end user wo...It is frequently discussed to add support for stickers. So lets actually do it!
Importantly, stickers are *different* than custom emoji. A sticker is an image response that is chosen from a library of images. Ideally, the end user would be able to upload her own images and curate them into sticker packs that could be shared with other users.
The question is how do we actually implement it?https://git.pleroma.social/pleroma/pleroma/-/issues/836don't link #hashtag in code blocks2024-01-06T16:10:44Ztedudon't link #hashtag in code blocksPer html test post: https://pleroma.site/notice/9i7G1Q8ufXA17eHYTQ
The #include lines would be prettier if they weren't hashtagged.
Please file under super low priority.Per html test post: https://pleroma.site/notice/9i7G1Q8ufXA17eHYTQ
The #include lines would be prettier if they weren't hashtagged.
Please file under super low priority.https://git.pleroma.social/pleroma/pleroma/-/issues/848Simulating groups? subscribing to hashtags2023-05-08T04:08:26ZxxSimulating groups? subscribing to hashtagsLet's pretend there are several hashtags that I care about -- maybe they are for news topics or sex workers on Switter, chat about certain programmers, whatever.
When I am logged in as an end user I can do this :
1. goto //site/tag/wh...Let's pretend there are several hashtags that I care about -- maybe they are for news topics or sex workers on Switter, chat about certain programmers, whatever.
When I am logged in as an end user I can do this :
1. goto //site/tag/whateverthehashtag
2. click "load older statuses"
3. pull up a list of posts tagged with "whateverthehashtag" through Pleroma magic
In the same way I can switch between "timeline", "public", and "known network", or switch between "mentions" and "private messages", having some easy access to my "favorite" hashtags in some way would be very useful .
In Mastodon-FE perhaps a "topics" item could be inserted between "direct messages" and "public timeline"
attaching some array of user-specified hashtags to a user somehow seems like it would be fairly simple to program ; going from a given hashtag to a feed for that hashtag is already a solved problem. (given tag x, change to url //site/tag/x) ....https://git.pleroma.social/pleroma/pleroma/-/issues/852Move avatars and banners out of the uploads folder.2023-05-08T04:09:37ZnepfagMove avatars and banners out of the uploads folder.I really, really want to delete old attachments, but there's stuff in the uploads foldder that's still being used, namely avatars and banners. Can you please move them somewhere else?I really, really want to delete old attachments, but there's stuff in the uploads foldder that's still being used, namely avatars and banners. Can you please move them somewhere else?https://git.pleroma.social/pleroma/pleroma/-/issues/859"right to vanish" -- profile scrubbing tools2023-05-08T12:24:41Zxx"right to vanish" -- profile scrubbing toolsMore tools for the following would be useful:
- mass tweet deletion
- mass unliking
- mass unfavoriting
- mass unRTing
- mass unfollow
You might ask "why not just export your following, delete your account, open a new account, an...More tools for the following would be useful:
- mass tweet deletion
- mass unliking
- mass unfavoriting
- mass unRTing
- mass unfollow
You might ask "why not just export your following, delete your account, open a new account, and refollow your pals" -- well, that'd work, but we can see on Twitter that 3rd party apps that provide this information are very popular -- and they're also how a lot of user data is given to creepy 3rd parties
Perhaps in the future these could be expanded, eg
- delete posts older than a month
- delete posts made between 2016 and 2017
- unfollow all users on a given domain
- unlike all posts from a specific user
etchttps://git.pleroma.social/pleroma/pleroma/-/issues/872Rework S3 bucket storage hierarchy / strategy?2020-07-02T13:49:14ZfeldRework S3 bucket storage hierarchy / strategy?After discussing the Pleroma S3 usage at work, we have some criticisms for long term archival of these objects especially around backup/restore. We have experience with S3 buckets that have millions of objects and many operations are pai...After discussing the Pleroma S3 usage at work, we have some criticisms for long term archival of these objects especially around backup/restore. We have experience with S3 buckets that have millions of objects and many operations are painfully slow at that size.
Example of a good hierarchy:
```
"idx": "t/t/w/ttwi3eda/poster/4.jpg",
"idx": "t/t/z/ttz6qsiu/small.jpg",
"idx": "t/u/3/tu3zixdp/large.jpg",
"idx": "t/u/6/tu68dlz3/large.jpg",
"idx": "t/u/7/tu7j1i32/large.jpg",
"idx": "t/u/c/tucz706h/medium.jpg",
"idx": "t/u/j/tuj95zf9/thumb.jpg",
"idx": "t/u/m/tumujmfo/poster/5.jpg",
```
Also suggested condensing our filenames from sha hashes to something denser. "base58 instead of base16" is a recommendation as well.lainlainhttps://git.pleroma.social/pleroma/pleroma/-/issues/3080[SUGGESTION] Improved Moderation Tools2023-04-03T22:10:51ZGhost User[SUGGESTION] Improved Moderation Tools**Improved permissions for Moderators**
- [x] Allow moderators access to the reports.
- [x] Allow moderators to deactivate accounts.
**Improved abuse handling**
- [ ] Implement a system to block email domains, similar to Mastodon, check...**Improved permissions for Moderators**
- [x] Allow moderators access to the reports.
- [x] Allow moderators to deactivate accounts.
**Improved abuse handling**
- [ ] Implement a system to block email domains, similar to Mastodon, check MX (useful for disposable blocking)
- [ ] Implement IP address blocking for account creation, optionally log IP addresses with a conf switch. Blocks should be configurable in the Admin-FE.
- [ ] Make chat messages reportable.https://git.pleroma.social/pleroma/pleroma/-/issues/969Mastodon API: Context pagination2023-05-08T03:55:24ZlainMastodon API: Context paginationSister issue: https://github.com/tootsuite/mastodon/issues/11029
Contexts should have some form of pagination. Anytime descendants or ancestors get over ~ 20, there should be link headers set to fetch the rest.
Some threads can get ...Sister issue: https://github.com/tootsuite/mastodon/issues/11029
Contexts should have some form of pagination. Anytime descendants or ancestors get over ~ 20, there should be link headers set to fetch the rest.
Some threads can get rather long and can even make the request time out if long enough. Even if they don't, waiting 5 seconds for a thread to load seems like a bad idea. As this would be a breaking change for contexts (suddenly clients will get less information returned) I'd suggest either doing that under the /v2 endpoints or adding a parameter ?paginated=true to enable this paginated mode.https://git.pleroma.social/pleroma/pleroma/-/issues/971Correctly order late-arriving activities2023-05-08T03:58:52ZlainCorrectly order late-arriving activitiesWhile chatting with the mastodon crowd and talking about our thread fetching system nightpool mentioned the following case:
```
what happens when someone sends you a private post that replies to another private post, and then sends the r...While chatting with the mastodon crowd and talking about our thread fetching system nightpool mentioned the following case:
```
what happens when someone sends you a private post that replies to another private post, and then sends the replied to post much later?
because of e.g. queuing delays or whatever.
```
It's true that this case is currently not handled correctly, because it will lead to a post having a higher id than it's reply and will thus cause them to be ordered wrongly.
This is a rare case, but it would be nice to handle this by assigning an earlier ID to the post that arrived too late.minibikiniminibikinihttps://git.pleroma.social/pleroma/pleroma/-/issues/981Polls: Check if remote user can validly cast a given vote2023-05-08T04:05:06ZlainPolls: Check if remote user can validly cast a given voteDouble voting etc.
essentially, the checking logic in CommonApi.vote has to be moved somewhere else (ActivityPub.create? should probably become ActivityPub.create_answer or something specific) / reused / refactored so that it runs in bo...Double voting etc.
essentially, the checking logic in CommonApi.vote has to be moved somewhere else (ActivityPub.create? should probably become ActivityPub.create_answer or something specific) / reused / refactored so that it runs in both local and incoming context.
@rinpatch comments appreciatedhttps://git.pleroma.social/pleroma/pleroma/-/issues/997Add mechanisms for federating poll results (especially private polls)2023-05-08T04:08:09ZClaireAdd mechanisms for federating poll results (especially private polls)Unless I'm mistaken, there is currently no mechanism in Pleroma to send poll results over the federation.
This is an issue in particular for private polls, as only the authoring instance will be able to see the results.
Mastodon uses an...Unless I'm mistaken, there is currently no mechanism in Pleroma to send poll results over the federation.
This is an issue in particular for private polls, as only the authoring instance will be able to see the results.
Mastodon uses an `Update` activity to send updates to the `Question` activity to followers/voters when it gets new votes / when the poll expires. The use of such an `Update` activity alleviates the need for user-authenticated fetching of the `Question` object.lainlainhttps://git.pleroma.social/pleroma/pleroma/-/issues/1002Replace the default nginx 502 page2020-05-04T09:42:36Zrinpatchrin+pleroma@patch.cxReplace the default nginx 502 page"502 error - nginx" does not tell much to the admin, instead we could replace it with a pleroma-styled page containing a short list of reasons why this might be happening and a link to the docs. Would also be a good use case for [pleroma..."502 error - nginx" does not tell much to the admin, instead we could replace it with a pleroma-styled page containing a short list of reasons why this might be happening and a link to the docs. Would also be a good use case for [pleroma-fox-tan-shy.png](https://git.pleroma.social/pleroma/pleroma/blob/develop/priv/static/images/pleroma-fox-tan-shy.png)https://git.pleroma.social/pleroma/pleroma/-/issues/1008Notifications that include filtered keywords still send notifications2023-05-08T04:05:19ZuncletrunksNotifications that include filtered keywords still send notificationsAppears to be an incongruence between the frontend and backend filters. If someone mentions me in a post with a filtered keyword, the notification does not show in the notifications panel but the indicator for a new notification does dis...Appears to be an incongruence between the frontend and backend filters. If someone mentions me in a post with a filtered keyword, the notification does not show in the notifications panel but the indicator for a new notification does display. Mobile apps and other clients that use the mastodon API display the notifications regardless, which is also annoying.https://git.pleroma.social/pleroma/pleroma/-/issues/1011Add shellcheck and shfmt to the CI2022-08-25T20:16:07Zrinpatchrin+pleroma@patch.cxAdd shellcheck and shfmt to the CI`pleroma_ctl` is a quite big shell script now, so we need to ensure it is properly formatted and POSIX-compilant`pleroma_ctl` is a quite big shell script now, so we need to ensure it is properly formatted and POSIX-compilanthttps://git.pleroma.social/pleroma/pleroma/-/issues/1012Figure out a way to merge some config parameters with defaults instead of ove...2019-06-23T07:10:48Zrinpatchrin+pleroma@patch.cxFigure out a way to merge some config parameters with defaults instead of overwritingSome parameters are really annoying to copy and keep track of, for example: frontend configs, restricted nicknames, poll limits (not really annoying but can break if defaults are overriden with only some parts of the map). We should figu...Some parameters are really annoying to copy and keep track of, for example: frontend configs, restricted nicknames, poll limits (not really annoying but can break if defaults are overriden with only some parts of the map). We should figure out a way to mark parameters as mergeable instead of overridable, but let the admins change it to override if they want tohttps://git.pleroma.social/pleroma/pleroma/-/issues/1018Figure out a way to test that releases actually run on the target platfrom2023-05-08T03:58:35Zrinpatchrin+pleroma@patch.cxFigure out a way to test that releases actually run on the target platfromCurrently I have to manually test this on 6 VMs after every elixir image rebuild/native dependency change. Would be nice if this could be automatedCurrently I have to manually test this on 6 VMs after every elixir image rebuild/native dependency change. Would be nice if this could be automatedhttps://git.pleroma.social/pleroma/pleroma/-/issues/1024Make it possible to anonymize reports2023-05-09T20:59:31Zrinpatchrin+pleroma@patch.cxMake it possible to anonymize reportsPeople argue that sending unanonymized reports can lead to harassment by hostile admins. Would be nice if we had an option to anonymize them by having a "System" account and sending reports using it as an actorPeople argue that sending unanonymized reports can lead to harassment by hostile admins. Would be nice if we had an option to anonymize them by having a "System" account and sending reports using it as an actorhttps://git.pleroma.social/pleroma/pleroma/-/issues/1027Ability to whitelist instances from DB pruning2020-05-04T09:41:50ZYour New SJW WaifuAbility to whitelist instances from DB pruningThe ability to whitelist certain instances from db pruning would be nice for instances that are dead but you'd like to keep their posts or for instances that don't have the best uptime.
Possibly even have the ability to set `remote_post_...The ability to whitelist certain instances from db pruning would be nice for instances that are dead but you'd like to keep their posts or for instances that don't have the best uptime.
Possibly even have the ability to set `remote_post_retention_days` per instance (defaulting to the default setting when one isn't specified).https://git.pleroma.social/pleroma/pleroma/-/issues/1052Unify activities and objects2021-04-21T08:01:01ZfeldUnify activities and objectsThis closes the activity/object divide that's causing us much performance painThis closes the activity/object divide that's causing us much performance pain2.0https://git.pleroma.social/pleroma/pleroma/-/issues/1064MastoFE login page redirects to clearnet address2023-05-08T03:27:55ZkarolatMastoFE login page redirects to clearnet addressWhen going to /web with an onion address the login page uses the onion address. When clicking login, however, it takes you back to the clearnet address.When going to /web with an onion address the login page uses the onion address. When clicking login, however, it takes you back to the clearnet address.HaelwennHaelwennhttps://git.pleroma.social/pleroma/pleroma/-/issues/1075BBCode really doesn't like square brackets2023-05-08T03:58:09ZHJBBCode really doesn't like square brackets![image](/uploads/e7b58cf06413264e140559eaddd58a08/image.png)
doesn't matter what text it is, as long as it has non-bbcode square brackets it's gonna error![image](/uploads/e7b58cf06413264e140559eaddd58a08/image.png)
doesn't matter what text it is, as long as it has non-bbcode square brackets it's gonna errorhttps://git.pleroma.social/pleroma/pleroma/-/issues/1107Unused indexes2023-05-08T12:32:17ZfeldUnused indexesUsing the `postgres_dba`[1] tools, looking at Pleroma database on bikeshed -- we have a few obvious indexes we can probably shed. A few others are picked up incorrectly because of data/features not on bikeshed.
```
pleroma_prod=# :dba
M...Using the `postgres_dba`[1] tools, looking at Pleroma database on bikeshed -- we have a few obvious indexes we can probably shed. A few others are picked up incorrectly because of data/features not on bikeshed.
```
pleroma_prod=# :dba
Menu:
0 – Node & Current DB Information: master/replica, lag, DB size, tmp files, etc
1 – Databases: Size, Statistics
2 – Table Sizes
3 – Load Profile
a1 – Current Activity: count of current connections grouped by database, user name, state
b1 – Tables Bloat, rough estimation
b2 – B-tree Indexes Bloat, rough estimation
b3 – Tables Bloat, more precise (requires pgstattuple extension; expensive)
b4 – B-tree Indexes Bloat, more precise (requires pgstattuple extension; expensive)
b5 – Tables and Columns Without Stats (so bloat cannot be estimated)
e1 – List of extensions installed in the current DB
i1 – Unused/Rarely Used Indexes
i2 – Redundant Indexes
i3 – FKs with Missing/Bad Indexes
i4 – Invalid Indexes
i5 – Unused/Redundant Indexes Do & Undo Migration DDL
p1 – [EXPERIMENTAL] Alignment Padding. How many bytes can be saved if columns are ordered better?
s1 – Slowest Queries, by Total Time (requires pg_stat_statements extension)
s2 – Slowest Queries Report (requires pg_stat_statements)
t1 – Postgres parameters tuning
v1 – Vacuum: Current Activity
q – Quit
Type your choice and press <Enter>:
i1
reason | schema_name | table_name | index_name | index_scan_pct | scans_per_write | index_size | table_size | idx_scan | all_scans
----------------------------+-------------+-----------------------------+---------------------------------------------------+----------------+-----------------+------------+------------+----------+------------
Never Used Indexes | public | objects | objects_actor_type | 0.00 | 0.00 | 797 MB | 14 GB | 0 | 2347416057
Never Used Indexes | public | activities | activities_hosts | 0.00 | 0.00 | 241 MB | 5841 MB | 0 | 22719783
Never Used Indexes | public | activities | activities_in_reply_to | 0.00 | 0.00 | 170 MB | 5841 MB | 0 | 22719783
Never Used Indexes | public | users | users_following_address_index | 0.00 | 0.00 | 6976 kB | 78 MB | 0 | 40852176
Never Used Indexes | public | conversation_participations | conversation_participations_updated_at_desc_index | 0.00 | 0.00 | 1096 kB | 3280 kB | 0 | 1921
Never Used Indexes | public | instances | instances_unreachable_since_index | 0.00 | 0.00 | 56 kB | 32 kB | 0 | 989610
Never Used Indexes | public | lists | lists_user_id_index | 0.00 | 0.00 | 16 kB | 8192 bytes | 0 | 558899
Never Used Indexes | public | lists | lists_following_index | 0.00 | 0.00 | 16 kB | 8192 bytes | 0 | 558899
Never Used Indexes | public | filters | hided_phrases_index | 0.00 | 0.00 | 8192 bytes | 0 bytes | 0 | 1083
Never Used Indexes | public | scheduled_activities | scheduled_activities_scheduled_at_index | 0.00 | 0.00 | 8192 bytes | 0 bytes | 0 | 60230
Low Scans, High Writes | public | activities | activities_context_index | 0.07 | 0.02 | 838 MB | 5841 MB | 16551 | 22719783
Low Scans, High Writes | public | activities | activities_actor_id_DESC_NULLS_LAST_index | 2.90 | 0.90 | 611 MB | 5841 MB | 658341 | 22719783
Low Scans, High Writes | public | activities | activities_actor_index | 0.00 | 0.00 | 539 MB | 5841 MB | 157 | 22719783
Low Scans, High Writes | public | objects | objects_in_reply_to_index | 0.00 | 0.01 | 439 MB | 14 GB | 12672 | 2347416057
Low Scans, High Writes | public | activities | activities_id_desc_nulls_last_local_index | 1.65 | 0.51 | 308 MB | 5841 MB | 373744 | 22719783
Low Scans, High Writes | public | activities | activities_visibility_index | 0.00 | 0.00 | 250 MB | 5841 MB | 219 | 22719783
Low Scans, High Writes | public | activities | activities_local_index | 0.00 | 0.00 | 157 MB | 5841 MB | 105 | 22719783
High-Write Large Non-Btree | public | objects | objects_fts | 0.00 | 0.00 | 2020 MB | 14 GB | 240 | 2347416057
High-Write Large Non-Btree | public | objects | objects_tags | 0.00 | 0.00 | 134 MB | 14 GB | 544 | 2347416057
(19 rows)
```
[1] https://github.com/NikolayS/postgres_dbahttps://git.pleroma.social/pleroma/pleroma/-/issues/1137Add a pleroma_ctl task for generating web push keys2023-05-08T04:11:12Zrinpatchrin+pleroma@patch.cxAdd a pleroma_ctl task for generating web push keysSince OTP release users don't have `mix web_push.gen.keypair`, they now can only generate web push keys by re-running the config generator. We should add a separate task for thatSince OTP release users don't have `mix web_push.gen.keypair`, they now can only generate web push keys by re-running the config generator. We should add a separate task for thathttps://git.pleroma.social/pleroma/pleroma/-/issues/1147Official Docker support2023-05-08T02:05:15ZAshlynn AndersonOfficial Docker supportStarted talking with lain about making an official Docker image (and possibly docker-compose.yml) with OTP Releases being a thing now a little bit back.
I've started work on this in my fork, thinking of splitting it into a couple of sep...Started talking with lain about making an official Docker image (and possibly docker-compose.yml) with OTP Releases being a thing now a little bit back.
I've started work on this in my fork, thinking of splitting it into a couple of separate MRs, one each for the:
- [x] Dockerfile (!1523)
- [ ] Gitlab CI integration
- [ ] and docker-compose.yml (possibly a couple different ones of these for different configurations? docker-compose.traefik.yml, etc)
If anyone would prefer this to be batched differently let me know, but I'm currently starting with just the Dockerfile.https://git.pleroma.social/pleroma/pleroma/-/issues/1157Halcyon can't log in anymore2023-05-08T04:10:20ZlainHalcyon can't log in anymore> There's a problem with the OAuth login at newer Pleroma instances using Halcyon.It always says "Unlisted redirect_uri" with force_login=False or redirects without a OAuth code without force_login=False.I wrote you a more detailed post ...> There's a problem with the OAuth login at newer Pleroma instances using Halcyon.It always says "Unlisted redirect_uri" with force_login=False or redirects without a OAuth code without force_login=False.I wrote you a more detailed post yesterday using my personal account.I checked the redirect_uri multiple times and it is definitely correct.
https://social.csswg.org/users/halcyon/statuses/102552503959769617https://git.pleroma.social/pleroma/pleroma/-/issues/1160Expose `limit_to_local_content` setting in nodeinfo (previously "User search ...2023-05-08T03:57:28ZnikExpose `limit_to_local_content` setting in nodeinfo (previously "User search does not work unless logged in")If this is intended behavior, the button should not be available unless logged in, rather than just showing no results found.If this is intended behavior, the button should not be available unless logged in, rather than just showing no results found.lainlainhttps://git.pleroma.social/pleroma/pleroma/-/issues/1189Cannot follow a Friendica user2023-05-08T03:55:34ZJaakko LuttinenCannot follow a Friendica userI'm not able to follow a Friendica user. I've clicked "Follow" and I see no error messages but the user doesn't appear on my "Following" list and I don't appear on their "Followers" list. The "Follow" button gets back to normal and I can...I'm not able to follow a Friendica user. I've clicked "Follow" and I see no error messages but the user doesn't appear on my "Following" list and I don't appear on their "Followers" list. The "Follow" button gets back to normal and I can try to click "Follow" again but nothing happens. I'm jluttine@ministry.moonbutt.science. The other person is on venera.social Friendica server. Any ideas what's the problem?https://git.pleroma.social/pleroma/pleroma/-/issues/1205Add ability to upload multiple avatars w/ different ratings?2023-05-08T04:14:40ZFrinkeldoodleAdd ability to upload multiple avatars w/ different ratings?This was an idea brought up by @kaniini in this post: https://pleroma.site/notice/9m4ISIBiGedWJFUVxQ
> imagine if people could upload more than one avatar, and set ratings on each one, like gravatar allows.
This would be a feature that...This was an idea brought up by @kaniini in this post: https://pleroma.site/notice/9m4ISIBiGedWJFUVxQ
> imagine if people could upload more than one avatar, and set ratings on each one, like gravatar allows.
This would be a feature that would allow you to upload multiple avatars, and assign each avatar a content rating. Then, instances and perhaps even individual users could set what avatar they see based on the content rating. This would allow a user to upload, say, a "safe for all audiences" avatar and a lewd avatar, while only showing the lewd avatar to those who specify "i want to see lewd avatars".
This is what the feature kinda looks like on Gravatar when you're uploading an avatar, and it honestly probably describes it better than my oddly-worded description:
![selectrating](/uploads/6dbca868f835897e5ff47730784d629a/selectrating.png)https://git.pleroma.social/pleroma/pleroma/-/issues/1228Media optimisation server-side2023-05-08T01:39:10ZMaxím V. SivokóňMedia optimisation server-sidedisclaimer: my first git* issue ever so pls be patient.
It’s a *feature request*.
Users don’t usually care about uploading optimised content, and not every admin is savvy enough to set it up themself. Optimising media would help saving...disclaimer: my first git* issue ever so pls be patient.
It’s a *feature request*.
Users don’t usually care about uploading optimised content, and not every admin is savvy enough to set it up themself. Optimising media would help saving both admins’ drive space (especially for instances with lots of users) and users’ traffic and downloading time (especially for users with lots of follows). If it is possible to implement something like optipng and mozjpeg without compromizing on RAM/CPU load (so Pleroma can keep the “Raspberry Pi” promise), then I belive all uploaded media should be optimised server-side.
I think it would be good idea to keep lossy compression by default, with probably the option for lossless (either set up by user or only an admin).
(alternative: lossy only, no configuration — it’s a social media software, not image gallery after all).
It seems Mastodon not only optimises all the media, but also scales images and video down to some maximum sizes and converts adio and video to lossy formats: [media_attachment.rb](https://github.com/tootsuite/mastodon/blob/cd660d374adc9394aaeea22d5d41b29535d8a4c2/app/models/media_attachment.rb)https://git.pleroma.social/pleroma/pleroma/-/issues/1235Web-based config generator2023-05-08T03:50:50ZfeldWeb-based config generatorPleroma would be infinitely more approachable if the config generator fired up a webserver on port 4000 and the user could navigate there and set things up (even provisioning an admin account???). I had a chat with @lambadalambda and thi...Pleroma would be infinitely more approachable if the config generator fired up a webserver on port 4000 and the user could navigate there and set things up (even provisioning an admin account???). I had a chat with @lambadalambda and this seems like a straightforward thing to do. Once we have the basic functionality sorted out we can throw some effort into CSS and clean design.minibikiniminibikinihttps://git.pleroma.social/pleroma/pleroma/-/issues/1242Follow a relay for a limited time2023-05-08T04:14:23ZfeldFollow a relay for a limited timeIf we add the ability to follow a relay and automatically unfollow after a period of time this gives us a better foundation to build an auto-bootstrapping option for new instances so they can populate their view of the network and remove...If we add the ability to follow a relay and automatically unfollow after a period of time this gives us a better foundation to build an auto-bootstrapping option for new instances so they can populate their view of the network and remove themselves from the relay after one day, one week, etc.https://git.pleroma.social/pleroma/pleroma/-/issues/1244Preload thread mutes/bookmarks in notification queries2023-05-08T04:07:49Zrinpatchrin+pleroma@patch.cxPreload thread mutes/bookmarks in notification queriesrinpatchrin+pleroma@patch.cxrinpatchrin+pleroma@patch.cxhttps://git.pleroma.social/pleroma/pleroma/-/issues/1250Broken emoji filename breaks instance2023-05-08T04:10:31ZHaelwennBroken emoji filename breaks instanceReported on the fediverse:
https://robo.super-niche.club/objects/b3aaaea4-fe4a-4fbc-9c69-eb0a12ef8cb9
> One of the emotes has B) as the filename. Using it borks your instance and it no longer loads timelines.
---
I guess the emoji filt...Reported on the fediverse:
https://robo.super-niche.club/objects/b3aaaea4-fe4a-4fbc-9c69-eb0a12ef8cb9
> One of the emotes has B) as the filename. Using it borks your instance and it no longer loads timelines.
---
I guess the emoji filter fails the hard way.lainlainhttps://git.pleroma.social/pleroma/pleroma/-/issues/1253Resolve objects addressed in to/cc2023-05-08T04:14:12Zrinpatchrin+pleroma@patch.cxResolve objects addressed in to/ccThis is kinda what we should do per AP spec and it will eliminate broken mentions in a post if the instance doesn't know about user mentioned and allow us to properly filter out follower collections that don't belong to the actor instead...This is kinda what we should do per AP spec and it will eliminate broken mentions in a post if the instance doesn't know about user mentioned and allow us to properly filter out follower collections that don't belong to the actor instead of stripping everything that ends with '/followers'https://git.pleroma.social/pleroma/pleroma/-/issues/1279Signing release assets2023-05-08T04:03:37ZHaelwennSigning release assetsI think we should sign the release assets of pleroma, with at least a regular checksum(like SHA256) and probably minisign/signify for verifying the authority (let's avoid OpenPGP).I think we should sign the release assets of pleroma, with at least a regular checksum(like SHA256) and probably minisign/signify for verifying the authority (let's avoid OpenPGP).https://git.pleroma.social/pleroma/pleroma/-/issues/1285deblob Pleroma2023-05-08T00:47:02Zkaniinideblob PleromaPleroma presently ships several blobs:
* Pleroma FE
* our packaging of GlitchSoc, MastoFE
* Admin FE
We generate artifacts for all of these with CI already.
We should change the installation process to optionally download and install ...Pleroma presently ships several blobs:
* Pleroma FE
* our packaging of GlitchSoc, MastoFE
* Admin FE
We generate artifacts for all of these with CI already.
We should change the installation process to optionally download and install these components as requested, instead of carrying them as blobs inside the main repo.https://git.pleroma.social/pleroma/pleroma/-/issues/1289pleroma_ctl argument --static-dir2023-05-08T01:22:07Zyalh76pleroma_ctl argument --static-dirWhen generating the `config.exs` using : `su pleroma -s /bin/bash -lc '/var/www/pleroma/pleroma/bin/pleroma_ctl instance gen --force --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql --domain test11.yh.yalh.ne...When generating the `config.exs` using : `su pleroma -s /bin/bash -lc '/var/www/pleroma/pleroma/bin/pleroma_ctl instance gen --force --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql --domain test11.yh.yalh.net --instance-name "My_Pleroma" --admin-email yalh@yh01.yh.yalh.net --notify-email yalh@yh01.yh.yalh.net --dbhost localhost --dbname pleroma --dbuser pleroma --dbpass 8d8RlYMl1ZfieGy1nXh9UHcEeAK2YN --rum N --indexable Y --db-configurable Y --uploads-dir /home/yunohost.app/pleroma/storage/uploads --static-dir /home/yunohost.app/pleroma/storage/static --listen-ip 127.0.0.1 --listen-port 8095'`
as written in the documentation https://docs-develop.pleroma.social/Mix.Tasks.Pleroma.Instance.html#module-options
There is an error:
```
589272 DEBUG Writing config to /etc/pleroma/config.exs.
589272 WARNING ** (File.Error) could not make directory (with -p) "/var/lib/pleroma/static": no such file or directory
```
So it seems that pleroma_ctl doesn't use the argument provided....https://git.pleroma.social/pleroma/pleroma/-/issues/1295[TRACKER?] Friendica AP vocabulary support2023-05-08T04:06:02ZHaelwenn[TRACKER?] Friendica AP vocabulary supportFriendica has support for creating activities of currently unsupported AP vocabulary, we might not have to support all of them but I think we should at least note it in our ticket tracker.
This list is based on the code at <https://gith...Friendica has support for creating activities of currently unsupported AP vocabulary, we might not have to support all of them but I think we should at least note it in our ticket tracker.
This list is based on the code at <https://github.com/friendica/friendica/blob/develop/src/Protocol/ActivityPub/Transmitter.php>
- [ ] actor suggestion(`sendContactSuggestion`), `Announce`
- [ ] actor relocation(`sendProfileRelocation`), `dfrn:relocate`
- [x] actor deletion(`sendProfileDeletion`), `Delete`
- [x] actor update(`sendProfileUpdate`), `Update`
- [x] actor follow(`sendFollowObject`), `Follow`
- [x] actor accept follow (`sendContactAccept`), `Accept`
- [x] actor reject follow (`sendContactReject`), `Reject`
- [x] actor undo follow (`sendContactUndo`), `Undo`
- [x] activity like
- [ ] activity dislike → we could transform it to a emoji reaction
- [ ] activity add ?
This list is based on the code at <https://github.com/friendica/friendica/blob/develop/src/Protocol/ActivityPub/Processor.php>
- [ ] event creation (`createEvent`), `Event`
- [ ] direct messages (`postMail`), unknown typing, but should work
- [x] actor type=Grouphttps://git.pleroma.social/pleroma/pleroma/-/issues/1301Report emails need a nice template2023-05-08T04:06:46ZfeldReport emails need a nice templateWe have a pretty good template for the digest emails, let's start with that.We have a pretty good template for the digest emails, let's start with that.https://git.pleroma.social/pleroma/pleroma/-/issues/1314Pleroma on Termux/Android2023-05-08T04:06:38ZLucy The DuckPleroma on Termux/AndroidIs it possible to package pleroma for termux on android? An old android could be a good solution for self-hosting.Is it possible to package pleroma for termux on android? An old android could be a good solution for self-hosting.https://git.pleroma.social/pleroma/pleroma/-/issues/1317Searching a user with non-ascii characters doesn't work2023-05-08T03:55:11ZlainSearching a user with non-ascii characters doesn't workSee the failing test in https://git.pleroma.social/pleroma/pleroma/merge_requests/1828See the failing test in https://git.pleroma.social/pleroma/pleroma/merge_requests/1828https://git.pleroma.social/pleroma/pleroma/-/issues/1331optionally use ElasticSearch for searches2023-05-08T02:55:23ZMew Mewoptionally use ElasticSearch for searchesElasticSearch is a much better indexer and algorithm than doing a query in SQL. It would be useful to have an option to use ElasticSearch as a backend for searching statuses.ElasticSearch is a much better indexer and algorithm than doing a query in SQL. It would be useful to have an option to use ElasticSearch as a backend for searching statuses.https://git.pleroma.social/pleroma/pleroma/-/issues/1333abstract SQL extension usage2023-05-08T04:14:01Zkaniiniabstract SQL extension usageIt would be nice to abstract the cases where we use Ecto fragments. If we can do so, it makes it easier to support other JSON-capable databases like recent MySQL and recent SQLite (with the `json1` extension).It would be nice to abstract the cases where we use Ecto fragments. If we can do so, it makes it easier to support other JSON-capable databases like recent MySQL and recent SQLite (with the `json1` extension).https://git.pleroma.social/pleroma/pleroma/-/issues/1366User invalid format if dot ('.') in the username2023-05-08T04:05:28ZJeanUser invalid format if dot ('.') in the usernameI believe this to be a similar issue than what lead to [MR 537](https://git.pleroma.social/pleroma/pleroma/merge_requests/537).
I have LDAP users with dots `.` in their login, and this is a deal-breaker for Pleroma currently (though log...I believe this to be a similar issue than what lead to [MR 537](https://git.pleroma.social/pleroma/pleroma/merge_requests/537).
I have LDAP users with dots `.` in their login, and this is a deal-breaker for Pleroma currently (though logs are not reporting the format error).
Testing locally to create a `admin.pleroma` user outputs the format error:
```
** (MatchError) no match of right hand side value: {:error, #Ecto.Changeset<action: :insert, changes: %{email: "pleroma@example.com", info: #Ecto.Changeset<action: :insert, changes: %{}, errors: [], data: #Pleroma.User.Info<>, valid?: true>, name: "admin.pleroma", nickname: "admin.pleroma", password: "ZIC9ZnO6nHsTO4FXb49/1A==", password_confirmation: "ZIC9ZnO6nHsTO4FXb49/1A=="}, errors: [nickname: {"has invalid format", [validation: :format]}], data: #Pleroma.User<>, valid?: false>}
(pleroma) lib/mix/tasks/pleroma/user.ex:155: Mix.Tasks.Pleroma.User.run/1
(mix) lib/mix/task.ex:331: Mix.Task.run_task/3
(mix) lib/mix/cli.ex:79: Mix.CLI.run_task/2
```https://git.pleroma.social/pleroma/pleroma/-/issues/1381ATOM feeds from public timeline2023-05-08T04:13:47ZGhost UserATOM feeds from public timelineCurrently, it's possible to have ATOM feeds on a per-user basis.
There is no way, however, to have ATOM feeds on an instance-wide basis (public timeline.
foss.technology is meant to be similar to a newsfeed, and an ATOM feed (of just th...Currently, it's possible to have ATOM feeds on a per-user basis.
There is no way, however, to have ATOM feeds on an instance-wide basis (public timeline.
foss.technology is meant to be similar to a newsfeed, and an ATOM feed (of just the posts (vs boosts/replies), though being configurable (or having multiple) is ideal) would be very useful for that goal.
I'm sure it's possible to imagine similar use-cases in themed instances.https://git.pleroma.social/pleroma/pleroma/-/issues/1384Strip mentions and html from input used for the search index2023-05-08T03:09:02Zrinpatchrin+pleroma@patch.cxStrip mentions and html from input used for the search indexWe should introduce a new column for search tsvectors and ensure the content converted to tsvectors has it's html and mentions stripped beforehand. This will lead to more accurate matches and an ability to actually make remote profiles u...We should introduce a new column for search tsvectors and ensure the content converted to tsvectors has it's html and mentions stripped beforehand. This will lead to more accurate matches and an ability to actually make remote profiles unsearchable for unauthenticated users (right now we restrict the user search to not show remote users to unauthenticated users, but if a local user mentioned them in a post, the result will be displayed)https://git.pleroma.social/pleroma/pleroma/-/issues/1389Enforce access control in Object/Activity get functions2023-05-08T03:27:32Zrinpatchrin+pleroma@patch.cxEnforce access control in Object/Activity get functionsI propose refactoring `Object.get_by_ap_id` and the like to check for visibility (unless `skip_visibility_check: true` is passed) and only serve public objects unless `for_user` is passed. I think that by enforcing access control when ge...I propose refactoring `Object.get_by_ap_id` and the like to check for visibility (unless `skip_visibility_check: true` is passed) and only serve public objects unless `for_user` is passed. I think that by enforcing access control when getting the objects we can eliminate the possibility of having bugs like !1667 and !635
@lambadalambda @kaniini what do you think?HaelwennHaelwennhttps://git.pleroma.social/pleroma/pleroma/-/issues/1390Tracking issue for FE bundle removal2023-05-08T03:29:00ZkaniiniTracking issue for FE bundle removalOver the past few months, we have been talking about a way to remove the FE bundles from Pleroma, having them managed in the instance folder instead.
Here is roughly how it should work.
The installation script should prompt asking what...Over the past few months, we have been talking about a way to remove the FE bundles from Pleroma, having them managed in the instance folder instead.
Here is roughly how it should work.
The installation script should prompt asking what FEs should be installed:
- Primary frontend: Pleroma FE, Kenoma, None
- Whether MastoFE should be installed
- Whether AdminFE should be installed
The installation script should fetch either the release or nightly version of all of these and install them in the appropriate place under instance/
It should also prompt if StaticFE (!1917) should be enabled.
Also, ideally the settings would be remembered and a mix task would exist to update one or more frontends to latest release or nightly.2.3.0Roman ChvanikovRoman Chvanikovhttps://git.pleroma.social/pleroma/pleroma/-/issues/1393Splice new recipients into activities when re-delivering a pre-existing activity2023-05-08T04:13:36ZkaniiniSplice new recipients into activities when re-delivering a pre-existing activityThis is mostly needed for situations involving per-actor inboxes and multiboxes, where multiple copies of an activity addressed to different segments of the final audience are received. Right now we only splice the recipient in when pro...This is mostly needed for situations involving per-actor inboxes and multiboxes, where multiple copies of an activity addressed to different segments of the final audience are received. Right now we only splice the recipient in when processing the activity for the first time.https://git.pleroma.social/pleroma/pleroma/-/issues/1398Trending tags2023-05-08T03:11:56ZMew MewTrending tagsImplement trending hashtags. Currently the endpoint exists but returns nothing, trending hashtags would be a good feature for discoverability.Implement trending hashtags. Currently the endpoint exists but returns nothing, trending hashtags would be a good feature for discoverability.minibikiniminibikinihttps://git.pleroma.social/pleroma/pleroma/-/issues/1408Making benchmarks useful2023-05-08T04:01:09Zrinpatchrin+pleroma@patch.cxMaking benchmarks useful* [ ] Have a dedicated runner for them that is not too high-spec to not be able to notice a change
* [ ] Set up a [codespeed](https://github.com/tobami/codespeed) and report the benchmark results to it. See https://speed.pypy.org/ for ...* [ ] Have a dedicated runner for them that is not too high-spec to not be able to notice a change
* [ ] Set up a [codespeed](https://github.com/tobami/codespeed) and report the benchmark results to it. See https://speed.pypy.org/ for example of what this allows us to do
* [ ] Run them on a real database or at least cache the generated one. (no idea how to do that in gitlab ci, probably have an external db server and create protected variables for connecting to it?)
feld edit: marginally related to https://git.pleroma.social/pleroma/pleroma-meta/-/issues/20feldfeldhttps://git.pleroma.social/pleroma/pleroma/-/issues/1409Instance aggressively posting /inbox endpoint after receiving error 4032023-05-08T04:10:12ZGhost UserInstance aggressively posting /inbox endpoint after receiving error 403A Pleroma Instance is aggressively posting the `/inbox` of my service (every 2 seconds) after receiving error code 403 after being blocked.
**Nginx Log data:**
```
-g802d2498-develop; https://blob.cat <alexafediverse+blobcat@gmail.com>"...A Pleroma Instance is aggressively posting the `/inbox` of my service (every 2 seconds) after receiving error code 403 after being blocked.
**Nginx Log data:**
```
-g802d2498-develop; https://blob.cat <alexafediverse+blobcat@gmail.com>"
199.19.224.159 - - [11/Nov/2019:21:15:37 +0000] "POST /inbox HTTP/1.1" 403 78 "-" "Pleroma 1.1.50-1753-g802d2498-develop; https://blob.cat <alexafediverse+blobcat@gmail.com>"
199.19.224.159 - - [11/Nov/2019:21:15:41 +0000] "POST /inbox HTTP/1.1" 403 78 "-" "Pleroma 1.1.50-1753-g802d2498-develop; https://blob.cat <alexafediverse+blobcat@gmail.com>"
199.19.224.159 - - [11/Nov/2019:21:15:44 +0000] "POST /inbox HTTP/1.1" 403 78 "-" "Pleroma 1.1.50-1753-g802d2498-develop; https://blob.cat <alexafediverse+blobcat@gmail.com>"
199.19.224.159 - - [11/Nov/2019:21:15:47 +0000] "POST /inbox HTTP/1.1" 403 78 "-" "Pleroma 1.1.50-1753-g802d2498-develop; https://blob.cat <alexafediverse+blobcat@gmail.com>"
199.19.224.159 - - [11/Nov/2019:21:15:48 +0000] "POST /inbox HTTP/1.1" 403 78 "-" "Pleroma 1.1.50-1753-g802d2498-develop; https://blob.cat <alexafediverse+blobcat@gmail.com>"
199.19.224.159 - - [11/Nov/2019:21:15:50 +0000] "POST /inbox HTTP/1.1" 403 78 "-" "Pleroma 1.1.50-1753-g802d2498-develop; https://blob.cat <alexafediverse+blobcat@gmail.com>"
```
I noticed this issue after fail2ban reported that an IP Address had hit the nginxrepeatoffender jail which blocks an IP Address with iptables after receiving 500 HTTP 403/444 Statuses within 24 hours.lainlainhttps://git.pleroma.social/pleroma/pleroma/-/issues/1410Option to overwrite follows when importing?2023-05-08T03:57:06ZGhost UserOption to overwrite follows when importing?Mastodon allows you to optionally overwrite existing follows when importing, which really helps when cleaning out follows of old/dead accounts on one instance and worrying about unfollowing the same accounts on an alt instance.
Is it pos...Mastodon allows you to optionally overwrite existing follows when importing, which really helps when cleaning out follows of old/dead accounts on one instance and worrying about unfollowing the same accounts on an alt instance.
Is it possible to give Pleroma similar functionality? Could extend to blocks/mutes as wellhttps://git.pleroma.social/pleroma/pleroma/-/issues/1421Chat configurability2023-05-08T04:13:22ZMew MewChat configurabilityPeople use chat on my instance occasionally, and I'd like to be able to configure the number of messages stored, either by number (e.g. prune over 100) or by time (e.g. prune over two days).People use chat on my instance occasionally, and I'd like to be able to configure the number of messages stored, either by number (e.g. prune over 100) or by time (e.g. prune over two days).https://git.pleroma.social/pleroma/pleroma/-/issues/1423Purge Question object cache after new votes come in instead of setting a ttl2023-05-08T04:10:02Zrinpatchrin+pleroma@patch.cxPurge Question object cache after new votes come in instead of setting a ttlCurrently our AP object cache has an indefinite ttl on regular objects and 60 second ttl on Question objects. We should have indefinite ttl on Question objects as well and just update the cache after new votesCurrently our AP object cache has an indefinite ttl on regular objects and 60 second ttl on Question objects. We should have indefinite ttl on Question objects as well and just update the cache after new voteshttps://git.pleroma.social/pleroma/pleroma/-/issues/1428Option to show favorites in timelines2023-05-08T04:13:12ZMew MewOption to show favorites in timelinesIt would be useful to be able to view favorites of your followees in timelines, to get a similar view to that of a single-user instance federated timeline.
Example of how this would look in PleromaFE:
![image](/uploads/21860b9f2c41967...It would be useful to be able to view favorites of your followees in timelines, to get a similar view to that of a single-user instance federated timeline.
Example of how this would look in PleromaFE:
![image](/uploads/21860b9f2c419674d3899a1e2b25d525/image.png)https://git.pleroma.social/pleroma/pleroma/-/issues/1436Disclose followed relays in nodeinfo2023-05-08T04:13:02ZMew MewDisclose followed relays in nodeinfoRelays an instance follows should be disclosed in nodeinfo, as it's part of an instance's federation policy.Relays an instance follows should be disclosed in nodeinfo, as it's part of an instance's federation policy.https://git.pleroma.social/pleroma/pleroma/-/issues/1446Make non-OTP mix tasks use RPC as well2023-05-08T03:56:47Zrinpatchrin+pleroma@patch.cxMake non-OTP mix tasks use RPC as wellCurrently it will spin up a new Pleroma node, which was pretty bad, but ok when we used an in-memory queue. Now we use Oban, which means the node spun up by the mix task will actually process jobs, which could lead to race conditions sin...Currently it will spin up a new Pleroma node, which was pretty bad, but ok when we used an in-memory queue. Now we use Oban, which means the node spun up by the mix task will actually process jobs, which could lead to race conditions since our code is not yet adapted to multi-node setups.https://git.pleroma.social/pleroma/pleroma/-/issues/1454Staticfe breaks on certain posts2023-05-08T04:12:50ZMew MewStaticfe breaks on certain postsVisiting https://blob.cat/users/kick?max_id=9pZRBe2zfpNFBOLnZA returns an HTTP 500, instead of properly displaying the posts. https://blob.cat/users/kick is fine, indicating that the profile isn't an issue, but one of their posts isVisiting https://blob.cat/users/kick?max_id=9pZRBe2zfpNFBOLnZA returns an HTTP 500, instead of properly displaying the posts. https://blob.cat/users/kick is fine, indicating that the profile isn't an issue, but one of their posts ishttps://git.pleroma.social/pleroma/pleroma/-/issues/1470[Tracker MastoAPI-3.1.3] Sync-up with Mastodon API 3.1.32023-11-16T14:52:58ZHaelwenn[Tracker MastoAPI-3.1.3] Sync-up with Mastodon API 3.1.3Thanks mastodon for not putting an API section anymore and basically documenting nothing other than in PRs.
format: mastodon release note (upstream relevant urls like PRs): own notes/URLs
## [2.8.0](https://github.com/tootsuite/mastodo...Thanks mastodon for not putting an API section anymore and basically documenting nothing other than in PRs.
format: mastodon release note (upstream relevant urls like PRs): own notes/URLs
## [2.8.0](https://github.com/tootsuite/mastodon/releases/tag/v2.8.0)
- [x] Polls: Should be fully done
- [x] Keybase Identity Proofs: nope nope nope
- Featured Hashtags in profiles ( https://github.com/tootsuite/mastodon/pull/9755 https://github.com/tootsuite/mastodon/pull/10167 https://github.com/tootsuite/mastodon/pull/10249 https://github.com/tootsuite/mastodon/pull/10034 ) : Maybe can be ignored? We do not have any featured/trending functionality and doesn't looks like we want it.
- [x] Add `type`, `limit`, `offset`, `min_id`, `max_id`, `account_id` to search API ( https://github.com/tootsuite/mastodon/pull/10091 ): https://git.pleroma.social/pleroma/pleroma/-/merge_requests/1386
- [ ] Add a `preferences` API so apps can share basic behaviours ( https://github.com/tootsuite/mastodon/pull/10109 ): What would be the use case for us here as most values are already availble?
- [x] Add `visibility` param to reblog REST API ( https://github.com/tootsuite/mastodon/pull/9851 https://github.com/tootsuite/mastodon/pull/10302 )
- [x] Add `blocked_by` relationship to the REST API ( https://github.com/tootsuite/mastodon/pull/10373 ):
- Change REST API and public profiles to not return follows/followers for users that have blocked you ( https://github.com/tootsuite/mastodon/pull/10491 ): Behavioural, we do not have to follow it
- [?] Add `alerts[poll]` to available push subscription ( https://docs.joinmastodon.org/entities/push-subscription )
### Notable
- Backend: Add self-replies fetching ( https://github.com/tootsuite/mastodon/pull/10106 https://github.com/tootsuite/mastodon/pull/10128 https://github.com/tootsuite/mastodon/pull/10175 https://github.com/tootsuite/mastodon/pull/10201 )
## [2.8.1](https://github.com/tootsuite/mastodon/releases/tag/v2.8.1)
- [x] Add ability to create multiple-choice polls in web UI ( https://github.com/tootsuite/mastodon/pull/10603 )
- [ ] Add `blurhash` to the Attachment entity in the REST API ( https://github.com/tootsuite/mastodon/pull/10630 ): We can't add it for remote attachments and I don't think it's worth it anyway
## [2.9.0](https://github.com/tootsuite/mastodon/releases/tag/v2.9.0)
- [x] Add `account_id` param to `GET /api/v1/notifications` ( https://github.com/tootsuite/mastodon/pull/10796 ): https://git.pleroma.social/pleroma/pleroma/merge_requests/2073
- [x] Add `text` attribute to response of `DELETE /api/v1/statuses/:id` ( https://github.com/tootsuite/mastodon/pull/10669 ) https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2690
## [2.9.1](https://github.com/tootsuite/mastodon/releases/tag/v2.9.1)
- [x] Add moderation API ( https://github.com/tootsuite/mastodon/pull/9387 ): Marked as done, the API is too different from ours and I see little to no value in adding it in pleroma
## [2.9.2](https://github.com/tootsuite/mastodon/releases/tag/v2.9.2)
- [x] Add `short_description` and `approval_required` to `GET /api/v1/instance` ( https://github.com/tootsuite/mastodon/pull/11146 ): Non-Applicable for now
## [2.9.3](https://github.com/tootsuite/mastodon/releases/tag/v2.9.3)
- [x] Add custom emoji support in profile metadata labels ( https://github.com/tootsuite/mastodon/pull/11350 ): https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2741
### Notable
- Add GIF and WebP support for custom emojis ( https://github.com/tootsuite/mastodon/pull/11519 )
## [3.0.0](https://github.com/tootsuite/mastodon/releases/tag/v3.0.0)
- [x] Add search results pagination (https://github.com/tootsuite/mastodon/pull/11409 https://github.com/tootsuite/mastodon/pull/11447)
- [x] Add categories for custom emojis ( https://github.com/tootsuite/mastodon/pull/11196 https://github.com/tootsuite/mastodon/pull/11793 https://github.com/tootsuite/mastodon/pull/11920 https://github.com/tootsuite/mastodon/pull/11876 ): IIRC I reused our tagging of emojis when I implemented this one
- Add REST API for managing featured hashtags ( https://github.com/tootsuite/mastodon/pull/11778 ): Started in 2.8.0: Non-Applicable
- [x] Add REST API for managing timeline read markers ( https://github.com/tootsuite/mastodon/pull/11762 ): https://git.pleroma.social/pleroma/pleroma/-/merge_requests/1852
- [ ] Add `exclude_unreviewed` param to `GET /api/v2/search` REST API ( https://github.com/tootsuite/mastodon/pull/11977 )
- Add `reason` param to `POST /api/v1/accounts` REST API ( https://github.com/tootsuite/mastodon/pull/12064 ): Approuval-required mode so Non-Applicable
- [x] Change REST API `POST /api/v1/follow_requests/:id/(approve|reject)` to return relationship ( https://github.com/tootsuite/mastodon/pull/11800 )
## [3.0.1](https://github.com/tootsuite/mastodon/releases/tag/v3.0.1)
- [x] Add voters count support (https://github.com/tootsuite/mastodon/pull/11917): https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2411
### Deprecated API removal
We do not have to follow mastodon there but now we can delete them:
- [ ] Remove deprecated REST API `GET /api/v1/search`
- [ ] Remove deprecated REST API `GET /api/v1/statuses/:id/card`
- [ ] Remove deprecated REST API `POST /api/v1/notifications/dismiss?id=:id`
- [ ] Remove deprecated REST API `GET /api/v1/timelines/direct`: mastofe still have support for boths
### Notable
- Add search syntax for operators and phrases ( https://github.com/tootsuite/mastodon/pull/11411 )
- Add NodeInfo endpoint ( https://github.com/tootsuite/mastodon/pull/12002 https://github.com/tootsuite/mastodon/pull/12058 )
- Change max length of media descriptions from 420 to 1500 characters ( https://github.com/tootsuite/mastodon/pull/11819 https://github.com/tootsuite/mastodon/pull/11836 )
## [3.1.0](https://github.com/tootsuite/mastodon/releases/tag/v3.1.0)
- [x] Bookmarks (<https://github.com/tootsuite/mastodon/pull/7107>, <https://github.com/tootsuite/mastodon/pull/12494>, <https://github.com/tootsuite/mastodon/pull/12381>)
- [x] Announcements: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3643
- [x] Add ability to add oneself to lists (<https://github.com/tootsuite/mastodon/pull/12271>)
- [x] Add `follow_request` notification type (<https://github.com/tootsuite/mastodon/pull/12198>) https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2354
- [x] Add `discoverable` to accounts in REST API (<https://github.com/tootsuite/mastodon/pull/12508>) https://git.pleroma.social/pleroma/pleroma/-/merge_requests/1641
- [ ] Change last_status_at to be a date, not datetime in REST API (<https://github.com/tootsuite/mastodon/pull/12966>)
### Notable
- Add basic support for Group actors (<https://github.com/tootsuite/mastodon/pull/12071>)
- Change accepted length of remote media descriptions from 420 to 1,500 characters (<https://github.com/tootsuite/mastodon/pull/12262>)
- Fix base64-encoded file uploads not being possible in REST API (<https://github.com/tootsuite/mastodon/pull/12748>, <https://github.com/tootsuite/mastodon/pull/12857>)
## [3.1.3](https://github.com/tootsuite/mastodon/releases/tag/v3.1.3)
- [x] `POST /api/v1/media → /api/v2/media` (<https://github.com/tootsuite/mastodon/pull/13210>): https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2439https://git.pleroma.social/pleroma/pleroma/-/issues/1472Attempting to upgrade Pleroma OTP wiped my entire instance2023-05-08T04:10:42ZxxAttempting to upgrade Pleroma OTP wiped my entire instanceI ran the command,
> `su pleroma -s $SHELL -lc "./bin/pleroma_ctl update"`
as instructed to by the instructions in the [OTP documentation](https://docs.pleroma.social/otp_en.html).
Now my `/opt/pleroma/` directory only contains the d...I ran the command,
> `su pleroma -s $SHELL -lc "./bin/pleroma_ctl update"`
as instructed to by the instructions in the [OTP documentation](https://docs.pleroma.social/otp_en.html).
Now my `/opt/pleroma/` directory only contains the directory `./tmp/log/` which contains two files, `erlang.log.1` and `run_erl.log`.
`/opt/pleroma/tmp/log/erlang.log.1`:
```
=====
===== LOGGING STARTED Sat Nov 16 18:44:32 UTC 2019
=====
Protocol 'inet_tcp': the name pleroma@127.0.0.1 seems to be in use by another Erlang node
```
`/opt/pleroma/tmp/log/run_erl.log`:
```
run_erl [312] Sat Nov 16 18:44:32 2019
Args before exec of shell:
run_erl [312] Sat Nov 16 18:44:32 2019
argv[0] = sh
run_erl [312] Sat Nov 16 18:44:32 2019
argv[1] = -c
run_erl [312] Sat Nov 16 18:44:32 2019
argv[2] = /opt/pleroma/releases/1\.1\.5\-1\-g36f4382b/\.\./\.\./erts\-10\.3\.5\.2/bin/erl \-elixir ansi_enabled true \-noshell \-s elixir start_cli \-mode embedded \-setcookie SkNYNhFNq\-wdhVPR5a3xat_iORYLa\-1OTnVDoqK8sXXsUWsYyAnGPA\=\= \-name pleroma\@127\.0\.0\.1 \-config /opt/pleroma/tmp/pleroma\-1\.1\.5\-1\-g36f4382b\-20191116184432\-3567\.runtime \-boot /opt/pleroma/releases/1\.1\.5\-1\-g36f4382b/start \-boot_var RELEASE_LIB /opt/pleroma/lib \-args_file /opt/pleroma/releases/1\.1\.5\-1\-g36f4382b/vm\.args \-extra \-\-no\-halt
```https://git.pleroma.social/pleroma/pleroma/-/issues/1473Can't follow a relay2023-05-08T00:33:51ZElia ArgentieriCan't follow a relay```
$ mix pleroma.relay follow https://relay.homunyan.com/actor
14:11:51.720 [error] Could not decode user at fetch https://relay.homunyan.com/actor, {:error, {:ok, %Tesla.Env{__client__: %Tesla.Client{adapter: {Tesla.Adapter.Hackney, :...```
$ mix pleroma.relay follow https://relay.homunyan.com/actor
14:11:51.720 [error] Could not decode user at fetch https://relay.homunyan.com/actor, {:error, {:ok, %Tesla.Env{__client__: %Tesla.Client{adapter: {Tesla.Adapter.Hackney, :call, [[connect_timeout: 10000, recv_timeout: 20000, follow_redirect: true, force_redirect: true, pool: :federation, ssl_options: [partial_chain: &:hackney_connect.partial_chain/1, versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"]], proxy: nil]]}, fun: nil, post: [], pre: []}, __module__: Tesla, body: "500 Internal Server Error\n\nServer got itself in trouble", headers: [{"server", "nginx/1.15.9 (Ubuntu)"}, {"date", "Thu, 12 Dec 2019 13:11:51 GMT"}, {"content-type", "text/plain; charset=utf-8"}, {"content-length", "55"}, {"connection", "keep-alive"}, {"strict-transport-security", "max-age=63072000; includeSubDomains; preload"}, {"referrer-policy", "strict-origin-when-cross-origin"}, {"x-content-type-options", "nosniff"}, {"x-frame-options", "SAMEORIGIN"}, {"x-xss-protection", "1; mode=block"}], method: :get, opts: [connect_timeout: 10000, recv_timeout: 20000, follow_redirect: true, force_redirect: true, pool: :federation, ssl_options: [partial_chain: &:hackney_connect.partial_chain/1, versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"]], proxy: nil, ssl: [server_name_indication: 'relay.homunyan.com']], query: [], status: 500, url: "https://relay.homunyan.com/actor"}}}
14:11:52.675 [error] error: "Could not fetch by AP id"
Error while following https://relay.homunyan.com/actor: "Could not fetch by AP id"
```
If I try with another relay:
```
$ mix pleroma.relay follow https://relay.mastodon.host/actor
$ mix pleroma.relay list
```
No errors but still not listed.
Edit: I'm using Pleroma 1.1.6 from stable branch
Other errors:
```
$ mix pleroma.relay follow https://relay.dog/actor
14:38:00.205 [error] Follower/Following counter update for https://relay.dog/actor failed.
{:error, "Object has been deleted"}
```Alexander StrizhakovAlexander Strizhakovhttps://git.pleroma.social/pleroma/pleroma/-/issues/1479Passive and active anti spam and abuse mechanisms2023-05-08T01:59:18ZlainPassive and active anti spam and abuse mechanismsThe issue in https://git.pleroma.social/pleroma/pleroma/issues/1476 brought this up, but the idea is more general, so I'm making this new issue to deal with it.
# Background
Pleroma is quick to install and efficient, but that also make...The issue in https://git.pleroma.social/pleroma/pleroma/issues/1476 brought this up, but the idea is more general, so I'm making this new issue to deal with it.
# Background
Pleroma is quick to install and efficient, but that also makes it easy to misuse it for spam or other kind of abuse. The problem is twofold:
1. An instance can be abused for spam because of lacking security mechanisms for registering and posting
2. An instance can be overwhelmed by spam because it just accepts it all.
Here are a few ideas how to deal with this. Please add to them with things you can come up with.
# Active spam protection
- [X] Use a captcha by default. This has been done in the most recent release.
- [ ] During installation, suggest to enable email confirmation if the admin has an email server
- [x] Rate limit posting / registrations. I'm not sure about the state of this.
- [ ] Have some special rate limits for new users.
# Passive spam protection
- [ ] Have a rate limit of posts per remote user
- [ ] Have a rate limit per instancehttps://git.pleroma.social/pleroma/pleroma/-/issues/1480Figure out initializing Plugs at boot time2023-05-08T04:04:43Zrinpatchrin+pleroma@patch.cxFigure out initializing Plugs at boot timeCurrently both our rate limiter and upload limit Plug are initialized at compile-time, making it impossible to tweak on OTP releases. Initializing them at runtime is an option (see https://github.com/elixir-plug/plug/pull/889 ), but I im...Currently both our rate limiter and upload limit Plug are initialized at compile-time, making it impossible to tweak on OTP releases. Initializing them at runtime is an option (see https://github.com/elixir-plug/plug/pull/889 ), but I imagine this can get quite expensive. We should figure out a way to initialize them at boot time
cc @plataformatec