pleroma issueshttps://git.pleroma.social/pleroma/pleroma/-/issues2023-05-08T01:20:14Zhttps://git.pleroma.social/pleroma/pleroma/-/issues/2702Conditional handling of http_security with Onion federation2023-05-08T01:20:14ZAlex GleasonConditional handling of http_security with Onion federationRelated: pleroma/pleroma-meta#58
It seems that Onion federation requires disabling the HTTPSecurityPlug which gives a big ascii warning banner when you start the server:
> HTTP Security is disabled. Please re-enable it to prevent users...Related: pleroma/pleroma-meta#58
It seems that Onion federation requires disabling the HTTPSecurityPlug which gives a big ascii warning banner when you start the server:
> HTTP Security is disabled. Please re-enable it to prevent users from attacking
your instance and your users via malicious posts
When enabled, it would normally add these headers:
```elixir
headers = [
{"x-xss-protection", "1; mode=block"},
{"x-permitted-cross-domain-policies", "none"},
{"x-frame-options", "DENY"},
{"x-content-type-options", "nosniff"},
{"referrer-policy", referrer_policy},
{"x-download-options", "noopen"},
{"content-security-policy", csp_string()},
{"permissions-policy", "interest-cohort=()"}
]
```
and:
```elixir
merge_resp_headers(conn, [
{"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"},
{"expect-ct", "enforce, max-age=#{max_age_ct}"}
])
```
This is nothing that can't just be added to the clearnet Nginx config, but surely there's a way to detect if the user is connected over Tor and disable it conditionally? As it stands, adding Onion support requires downgrading your clearnet config.https://git.pleroma.social/pleroma/pleroma/-/issues/2696No indication that approval emails require welcome emails to be enabled2023-05-08T01:53:34ZioNo indication that approval emails require welcome emails to be enabledIt's not clear at all that after someone's account is approved, they are sent a welcome email and not a special approval email. The Admin FE setting that controls whether registration is approval-based should also point to the setting th...It's not clear at all that after someone's account is approved, they are sent a welcome email and not a special approval email. The Admin FE setting that controls whether registration is approval-based should also point to the setting that enables welcome emails.https://git.pleroma.social/pleroma/pleroma/-/issues/2654[ActivityPub S2S] Pleroma drops Object that has multiple "type"2023-05-08T00:43:00Za1batrossa1ba.omarov@gmail.com[ActivityPub S2S] Pleroma drops Object that has multiple "type"### Environment
* Installation type (OTP or From Source): sourse sourse
* Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): https://git.pleroma.social/pleroma/pleroma/-/commit/745375bdcf2679ff803dd4ebc4a83...### Environment
* Installation type (OTP or From Source): sourse sourse
* Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): https://git.pleroma.social/pleroma/pleroma/-/commit/745375bdcf2679ff803dd4ebc4a8313a7b5fb157
* Elixir version (`elixir -v` for from source installations, N/A for OTP): 1.11.2, Erlang/OTP 23
* Operating system: Ubuntu 20.04
* PostgreSQL version (`psql -V`): 12.6
### Bug description
According to [ActivityStreams spec](https://www.w3.org/TR/activitystreams-vocabulary/#dfn-type) (and [example](https://www.w3.org/TR/activitystreams-core/#fig-an-object-that-is-both-a-place-and-a-gr-location)), Object may have multiple types defined, when it needs to override core vocabulary type.
Pleroma seems to be dropping this. It works on Mastodon 3.4.0+glitch though.
Example JSON:
```json
{
"id": "https://aptest.debiania.in.ua/notes/2",
"type": ["Note", "gr:Location"],
"published": "2021-05-23T09:06:18.141413+00:00",
"attributedTo": "https://aptest.debiania.in.ua/actor",
"content": "Hello, multi-typed world!",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"cc": [],
"inReplyTo": "",
"summary": "",
"tag": [],
"sensitive": false,
"gr:category": "restaurants/french_restaurants",
"@context": [
"https://www.w3.org/ns/activitystreams",
{
"gr": "http://purl.org/goodrelations/v1#"
}
]
}
```https://git.pleroma.social/pleroma/pleroma/-/issues/2636"don't show follower/-ing count" disables visibility for user2023-05-08T02:10:25Zfeli verse"don't show follower/-ing count" disables visibility for user### Environment
* Installation type (OTP or From Source): Source
* Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): 2.2.2
* Elixir version (`elixir -v` for from source installations, N/A for OTP):
* Opera...### Environment
* Installation type (OTP or From Source): Source
* Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): 2.2.2
* Elixir version (`elixir -v` for from source installations, N/A for OTP):
* Operating system:
* PostgreSQL version (`psql -V`):
### Bug description
setting "don't show follower count" and "don't show following count" disables the visibility of the corresponding list for the user (that set the settings, so "owner"). issue #2362 is corresponding to this. can reproduce on other instances that run the latest stable (2.3.0) and 2.3.5(fab).
this is not within the expected of what the setting wording is. if the de-visibility is intended, i'd expect a wording of the setting this predictable to the user.![followingcount](/uploads/1afa75e256c68378e76f82c1421b96dd/followingcount.png)https://git.pleroma.social/pleroma/pleroma/-/issues/2621[Feature Request] ability to react with the ඞ unicode character2023-05-08T02:11:46ZYour New SJW Waifu[Feature Request] ability to react with the ඞ unicode characterඞ would be a very useful emoji reaction.ඞ would be a very useful emoji reaction.https://git.pleroma.social/pleroma/pleroma/-/issues/2589[Feature Request] Ability to have media_proxy process $instanceUrl/media links2023-05-08T02:15:51ZYour New SJW Waifu[Feature Request] Ability to have media_proxy process $instanceUrl/media linksI run my instance with the ability to also connect to it from an onion address.
Media has always been somewhat of an issue getting it to go over Tor instead of clearnet.
If we could give the ability to proxy local media then an easy ...I run my instance with the ability to also connect to it from an onion address.
Media has always been somewhat of an issue getting it to go over Tor instead of clearnet.
If we could give the ability to proxy local media then an easy workaround would be too just set `config :pleroma, :media_proxy, base_url: "/proxy"` so that it serves relative links so they'll be sent over Tor without having to make requests to clearnet.https://git.pleroma.social/pleroma/pleroma/-/issues/25702.3.0 crashes on Raspberry Pi (Flavour arm) - pleroma.service: Main process e...2023-05-08T02:06:15ZMartin2.3.0 crashes on Raspberry Pi (Flavour arm) - pleroma.service: Main process exited, code=exited, status=1/FAILURE<!--
### Precheck
* For support use https://git.pleroma.social/pleroma/pleroma-support or [community channels](https://git.pleroma.social/pleroma/pleroma#community-channels).
* Please do a quick search to ensure no similar bug has been ...<!--
### Precheck
* For support use https://git.pleroma.social/pleroma/pleroma-support or [community channels](https://git.pleroma.social/pleroma/pleroma#community-channels).
* Please do a quick search to ensure no similar bug has been reported before. If the bug has not been addressed after 2 weeks, it's fine to bump it.
* Try to ensure that the bug is actually related to the Pleroma backend. For example, if a bug happens in Pleroma-FE but not in Mastodon-FE or mobile clients, it's likely that the bug should be filed in [Pleroma-FE](https://git.pleroma.social/pleroma/pleroma-fe/issues/new) repository.
-->
### Environment
* Installation type (OTP or From Source): OTP
* Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): 2.3.0
* Elixir version (`elixir -v` for from source installations, N/A for OTP):
* Operating system: Linux fedpi 4.14.79-v7+ #1159 SMP Sun Nov 4 17:50:20 GMT 2018 armv7l GNU/Linux
* PostgreSQL version (`psql -V`): psql (PostgreSQL) 11.10 (Raspbian 11.10-0+deb10u1)
### Bug description
2.2.2 Was running without any problems
I upgraded to 2.3.0 as always with
```
su pleroma -s $SHELL -lc "/opt/pleroma/bin/pleroma_ctl update"
su pleroma -s $SHELL -lc "/opt/pleroma/bin/pleroma_ctl migrate"
```
The postgres migration took some time and I could not see an error occuring.
Now if I start pleroma with systemctl start pleroma it starts, but one process seems to crash:
journalctl -u plroma:
```
-- Logs begin at Tue 2021-03-09 14:25:46 CET, end at Tue 2021-03-09 20:03:04 CET. --
Mär 09 14:25:46 fedpi systemd[1]: pleroma.service: Found left-over process 987 (epmd) in control group while starting unit. Ignoring.
Mär 09 14:25:46 fedpi systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Mär 09 14:25:46 fedpi systemd[1]: Started Pleroma social network.
Mär 09 14:25:51 fedpi pleroma[7091]: 2021-03-09 14:25:51.156003 supervisor_report #{label=>{supervisor,start_error},report=>[{supervisor,{local,kernel_sup}},{errorContext,
Mär 09 14:25:51 fedpi pleroma[7091]: 2021-03-09 14:25:51.156145 crash_report #{label=>{proc_lib,crash},report=>[[{initial_call,{supervisor,kernel,['Argument__1']}},{p
Mär 09 14:25:52 fedpi pleroma[7091]: 2021-03-09 14:25:52.166405 crash_report #{label=>{proc_lib,crash},report=>[[{initial_call,{application_master,init,['Argument__1'
Mär 09 14:25:52 fedpi pleroma[7091]: 2021-03-09 14:25:52.172054 std_info #{label=>{application_controller,exit},report=>[{application,kernel},{exited,{{shutdown,{
Mär 09 14:25:52 fedpi pleroma[7091]: {"Kernel pid terminated",application_controller,"{application_start_failure,kernel,{{shutdown,{failed_to_start_child,kernel_safe_sup,{on
Mär 09 14:25:52 fedpi pleroma[7091]: Kernel pid terminated (application_controller) ({application_start_failure,kernel,{{shutdown,{failed_to_start_child,kernel_safe_sup,{on_
Mär 09 14:25:52 fedpi pleroma[7091]: [1B blob data]
Mär 09 14:25:53 fedpi pleroma[7091]: Crash dump is being written to: erl_crash.dump...done
Mär 09 14:25:53 fedpi systemd[1]: pleroma.service: Main process exited, code=exited, status=1/FAILURE
Mär 09 14:25:53 fedpi systemd[1]: pleroma.service: Failed with result 'exit-code'.
Mär 09 14:25:53 fedpi systemd[1]: pleroma.service: Service RestartSec=100ms expired, scheduling restart.
Mär 09 14:25:53 fedpi systemd[1]: pleroma.service: Scheduled restart job, restart counter is at 4072.
Mär 09 14:25:53 fedpi systemd[1]: Stopped Pleroma social network.
Mär 09 14:25:53 fedpi systemd[1]: pleroma.service: Found left-over process 987 (epmd) in control group while starting unit. Ignoring.
Mär 09 14:25:53 fedpi systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Mär 09 14:25:53 fedpi systemd[1]: Started Pleroma social network.
Mär 09 14:25:57 fedpi pleroma[7156]: 2021-03-09 14:25:57.980069 supervisor_report #{label=>{supervisor,start_error},report=>[{supervisor,{local,kernel_sup}},{errorContext,
Mär 09 14:25:57 fedpi pleroma[7156]: 2021-03-09 14:25:57.980364 crash_report #{label=>{proc_lib,crash},report=>[[{initial_call,{supervisor,kernel,['Argument__1']}},{p
Mär 09 14:25:58 fedpi pleroma[7156]: 2021-03-09 14:25:58.987366 crash_report #{label=>{proc_lib,crash},report=>[[{initial_call,{application_master,init,['Argument__1'
Mär 09 14:25:58 fedpi pleroma[7156]: 2021-03-09 14:25:58.988221 std_info #{label=>{application_controller,exit},report=>[{application,kernel},{exited,{{shutdown,{
Mär 09 14:25:59 fedpi pleroma[7156]: {"Kernel pid terminated",application_controller,"{application_start_failure,kernel,{{shutdown,{failed_to_start_child,kernel_safe_sup,{on
Mär 09 14:25:59 fedpi pleroma[7156]: Kernel pid terminated (application_controller) ({application_start_failure,kernel,{{shutdown,{failed_to_start_child,kernel_safe_sup,{on_
Mär 09 14:25:59 fedpi pleroma[7156]: [1B blob data]
Mär 09 14:25:59 fedpi pleroma[7156]: Crash dump is being written to: erl_crash.dump...done
Mär 09 14:25:59 fedpi systemd[1]: pleroma.service: Main process exited, code=exited, status=1/FAILURE
Mär 09 14:25:59 fedpi systemd[1]: pleroma.service: Failed with result 'exit-code'.
Mär 09 14:26:00 fedpi systemd[1]: pleroma.service: Service RestartSec=100ms expired, scheduling restart.
Mär 09 14:26:00 fedpi systemd[1]: pleroma.service: Scheduled restart job, restart counter is at 4073.
Mär 09 14:26:00 fedpi systemd[1]: Stopped Pleroma social network.
Mär 09 14:26:00 fedpi systemd[1]: pleroma.service: Found left-over process 987 (epmd) in control group while starting unit. Ignoring.
Mär 09 14:26:00 fedpi systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Mär 09 14:26:00 fedpi systemd[1]: Started Pleroma social network.
Mär 09 14:26:04 fedpi pleroma[7220]: 2021-03-09 14:26:04.627101 supervisor_report #{label=>{supervisor,start_error},report=>[{supervisor,{local,kernel_sup}},{errorContext,
Mär 09 14:26:04 fedpi pleroma[7220]: 2021-03-09 14:26:04.627242 crash_report #{label=>{proc_lib,crash},report=>[[{initial_call,{supervisor,kernel,['Argument__1']}},{p
Mär 09 14:26:05 fedpi pleroma[7220]: 2021-03-09 14:26:05.637218 crash_report #{label=>{proc_lib,crash},report=>[[{initial_call,{application_master,init,['Argument__1'
Mär 09 14:26:05 fedpi pleroma[7220]: 2021-03-09 14:26:05.642712 std_info #{label=>{application_controller,exit},report=>[{application,kernel},{exited,{{shutdown,{
Mär 09 14:26:06 fedpi pleroma[7220]: {"Kernel pid terminated",application_controller,"{application_start_failure,kernel,{{shutdown,{failed_to_start_child,kernel_safe_sup,{on
```
In opt/pleroma there ist an erl_crash.dump, hope I can attach it: [erl_crash.dump.gz](/uploads/89a33ee550a4539865dc54e7be016c27/erl_crash.dump.gz)https://git.pleroma.social/pleroma/pleroma/-/issues/2499Maybe support application field in statuses?2023-05-08T03:03:26ZfeldMaybe support application field in statuses?Sean is working on an alternate FE inspired by Diaspora and really wants to be able to show the app used to make the post. We hardcode the application as **Web**.
Lately I'm wondering if exposing this would help people discover new apps...Sean is working on an alternate FE inspired by Diaspora and really wants to be able to show the app used to make the post. We hardcode the application as **Web**.
Lately I'm wondering if exposing this would help people discover new apps and FEs for Pleroma. I used to think this info was useless, but I'm not so certain anymore.
Thoughts @lambadalambda ?https://git.pleroma.social/pleroma/pleroma/-/issues/2471Function request: import and export instance blocking list2023-05-08T03:07:56ZSnowFunction request: import and export instance blocking list![msedge_cmjld3cjxt](/uploads/f2e97a09e50ab9889b5a31dbb83864dc/msedge_cmjld3cjxt.png)
Lack of this function...
Then people have to add it 1 by 1...
https://pedoblock.ignorelist.com/2020/12/22/how-to-use-this/![msedge_cmjld3cjxt](/uploads/f2e97a09e50ab9889b5a31dbb83864dc/msedge_cmjld3cjxt.png)
Lack of this function...
Then people have to add it 1 by 1...
https://pedoblock.ignorelist.com/2020/12/22/how-to-use-this/https://git.pleroma.social/pleroma/pleroma/-/issues/2393Admin websocket events2023-05-08T03:15:50ZAlex GleasonAdmin websocket eventsI'm building an admin interface that integrates with the main Soapbox FE UI:
![Screenshot_from_2020-12-31_14-43-26](/uploads/3eb844e55bb22ccacac9336f511fd289/Screenshot_from_2020-12-31_14-43-26.png)
![Screenshot_from_2020-12-31_14-43-1...I'm building an admin interface that integrates with the main Soapbox FE UI:
![Screenshot_from_2020-12-31_14-43-26](/uploads/3eb844e55bb22ccacac9336f511fd289/Screenshot_from_2020-12-31_14-43-26.png)
![Screenshot_from_2020-12-31_14-43-17](/uploads/4ebdd6a783af910bf29a83c428879199/Screenshot_from_2020-12-31_14-43-17.png)
It would be nice to have websocket events for things like "new report" and "new registration" so they can be displayed in the UI immediately without having to refresh the page/component.https://git.pleroma.social/pleroma/pleroma/-/issues/2316Enable Invites when Registrations are Open2023-05-08T03:06:48ZMichael Collinsmichael.collins@bofhllc.netEnable Invites when Registrations are Open![image](/uploads/b8bdf690ecd021e1594f5eea8a8543ed/image.png)
I think the Invite system should be allowed to be enabled whether or not Registrations are Open or Closed.
This would allow users to invite their friends by relying on the I...![image](/uploads/b8bdf690ecd021e1594f5eea8a8543ed/image.png)
I think the Invite system should be allowed to be enabled whether or not Registrations are Open or Closed.
This would allow users to invite their friends by relying on the Instance to send out an Invite email. This would help instances spread the word and maybe increase their user-base.https://git.pleroma.social/pleroma/pleroma/-/issues/2315Support Mastodon API push subscription type "poll"2023-05-08T03:19:32ZfeldSupport Mastodon API push subscription type "poll"Mastodon added in 2.8.0 the ability to subscribe for push notifications to be notified "when a poll you voted in or created has ended".
As a poll creator: this is straightforward
As a poll participant: unsure how this is meant to work....Mastodon added in 2.8.0 the ability to subscribe for push notifications to be notified "when a poll you voted in or created has ended".
As a poll creator: this is straightforward
As a poll participant: unsure how this is meant to work. Is there a notification coming from the origin server where the poll was created, or is it expected that this is tracked locally by your own instance?MaksimMaksimhttps://git.pleroma.social/pleroma/pleroma/-/issues/2313Deleted/deactivated accounts still viewable as admin2023-05-08T01:33:12ZfeldDeleted/deactivated accounts still viewable as adminDeleted and deactivated accounts appear to still be viewable if you're an admin. Browsing their profile works and they return in search results. Ideally they'd only be accessible via Admin API.Deleted and deactivated accounts appear to still be viewable if you're an admin. Browsing their profile works and they return in search results. Ideally they'd only be accessible via Admin API.https://git.pleroma.social/pleroma/pleroma/-/issues/2256Include username in reports actions in admin-fe Moderation Log2023-05-08T03:20:46ZAngelina FilippovaInclude username in reports actions in admin-fe Moderation LogI think it would be helpful if the username of the reported user is included on all relevant report actions in the Moderation log. This is because searching the Mod Log is the best way to find what has occurred relative to a particular u...I think it would be helpful if the username of the reported user is included on all relevant report actions in the Moderation log. This is because searching the Mod Log is the best way to find what has occurred relative to a particular user.
So for example, the highlighted line could read:
> @mk added note 'NRB' to report #9xWutsLOX8rbDkcDfE on user @test30
![Screenshot_from_2020-08-15_14.34.07](https://git.pleroma.social/pleroma/admin-fe/uploads/dc9af0f1c85fe4cf75638dee0ae74676/Screenshot_from_2020-08-15_14.34.07.png)
Related issue in admin-fe: https://git.pleroma.social/pleroma/admin-fe/-/issues/145MaksimMaksimhttps://git.pleroma.social/pleroma/pleroma/-/issues/2225Gemini support2023-05-08T03:10:56ZioGemini support[Gemini](https://gemini.circumlunar.space/) is a new protocol that aims to improve on Gopher
while coexisting with Gopher and HTTP. It would be nice if we supported Gemini as well as Gopher.[Gemini](https://gemini.circumlunar.space/) is a new protocol that aims to improve on Gopher
while coexisting with Gopher and HTTP. It would be nice if we supported Gemini as well as Gopher.HaelwennHaelwennhttps://git.pleroma.social/pleroma/pleroma/-/issues/2224Profile directory?2024-02-22T15:18:24ZioProfile directory?Mastodon has a user-facing way to list all user profiles that have opted into it.
It would be neat to have the same thing in Pleroma.Mastodon has a user-facing way to list all user profiles that have opted into it.
It would be neat to have the same thing in Pleroma.https://git.pleroma.social/pleroma/pleroma/-/issues/2205Registration API responses are stringified JSON objects2023-05-08T02:59:08ZAlex GleasonRegistration API responses are stringified JSON objectsOn POST `/api/v1/accounts`, it returns error messages as stringified JSON. I have to `JSON.parse(response.data.error)` to do anything with them.
![Screenshot_from_2020-09-29_22-59-59](/uploads/98e3f57b804da45d01a456bc58b506ea/Screenshot...On POST `/api/v1/accounts`, it returns error messages as stringified JSON. I have to `JSON.parse(response.data.error)` to do anything with them.
![Screenshot_from_2020-09-29_22-59-59](/uploads/98e3f57b804da45d01a456bc58b506ea/Screenshot_from_2020-09-29_22-59-59.png)
Usually when there's an `error` key it's just a regular sentence, like this 403 from `/oauth/token`. Here is what I consider a "good" response:
![Screenshot_from_2020-09-29_22-59-47](/uploads/e69170fd34c1d6b8df0d5c7757a2b0c1/Screenshot_from_2020-09-29_22-59-47.png)
("identifier" is also good for i18n)
And the resulting popup:
![Screenshot_from_2020-09-29_22-54-23](/uploads/4683a7b4386dbced902bcd60fefe67f9/Screenshot_from_2020-09-29_22-54-23.png)
However with stringified JSON, we get this:
![Screenshot_from_2020-09-29_22-54-06](/uploads/94d56a82e4176158b6ea85c7280285c9/Screenshot_from_2020-09-29_22-54-06.png)
What I really want to do is **update the form** with these values and say something generic in the popup. I think ideally the response should resemble this:
```json
{
"error": "Please review the submission",
"identifier": "review_submission",
"fields": {
"captcha": ["Invalid CAPTCHA"]
}
}
```https://git.pleroma.social/pleroma/pleroma/-/issues/2023Improved Moderation2023-05-08T03:11:24ZGhost UserImproved Moderation**Improved permissions for Moderators**
Moderators should be empowered to handle abuse and take action, without changing core instance settings.
- [x] Allow moderators access to the reports. (!2912)
- [ ] Allow moderators to deactivate a...**Improved permissions for Moderators**
Moderators should be empowered to handle abuse and take action, without changing core instance settings.
- [x] Allow moderators access to the reports. (!2912)
- [ ] Allow moderators to deactivate accounts.
**Improved abuse handling**
- [x] Implement a system to block email domains, similar to Mastodon, check MX (useful for disposable blocking) in (!2837)
- [ ] Implement IP address blocking for account creation, optionally log IP addresses with a conf switch. Blocks should be configurable in the Admin-FE.
- [x] Make chat messages reportable. (!2937)https://git.pleroma.social/pleroma/pleroma/-/issues/2002Markdown syntax highlighting2023-05-08T03:30:33ZAlex GleasonMarkdown syntax highlightingIn order for syntax highlighting of Markdown code blocks to be possible on the frontend, the BE needs to store and render the language.
What I propose is something like this:
With this input:
```elixir
{:ok, "Hello world"}
...In order for syntax highlighting of Markdown code blocks to be possible on the frontend, the BE needs to store and render the language.
What I propose is something like this:
With this input:
```elixir
{:ok, "Hello world"}
```
The HTML output should look like this:
```html
<pre>
<code data-lang="elixir">{:ok, "Hello world"}</code>
</pre>
```https://git.pleroma.social/pleroma/pleroma/-/issues/1955ChatMessages moderation2023-05-08T03:44:34ZAlex GleasonChatMessages moderationI think ChatMessages should have some moderation features, like the ability for users to report particular ChatMessages. An admin should have the ability to view Chats in AdminFE, as well as delete messages.I think ChatMessages should have some moderation features, like the ability for users to report particular ChatMessages. An admin should have the ability to view Chats in AdminFE, as well as delete messages.