From: Maksim Pechnikov Date: Mon, 3 Feb 2020 18:42:36 +0000 (+0300) Subject: Merge branch 'develop' into issue/1383 X-Git-Url: http://git.squeep.com/?a=commitdiff_plain;h=2c40c8b4a2890e60abe8d67a3c8af4a88d225b60;hp=-c;p=akkoma Merge branch 'develop' into issue/1383 --- 2c40c8b4a2890e60abe8d67a3c8af4a88d225b60 diff --combined config/config.exs index 696b8ebf4,c57ef1bf7..98a44efb0 --- a/config/config.exs +++ b/config/config.exs @@@ -51,6 -51,20 +51,6 @@@ config :pleroma, Pleroma.Repo telemetry_event: [Pleroma.Repo.Instrumenter], migration_lock: nil -scheduled_jobs = - with digest_config <- Application.get_env(:pleroma, :email_notifications)[:digest], - true <- digest_config[:active] do - [{digest_config[:schedule], {Pleroma.Daemons.DigestEmailDaemon, :perform, []}}] - else - _ -> [] - end - -config :pleroma, Pleroma.Scheduler, - global: true, - overlap: true, - timezone: :utc, - jobs: scheduled_jobs - config :pleroma, Pleroma.Captcha, enabled: true, seconds_valid: 300, @@@ -480,12 -494,6 +480,12 @@@ config :pleroma, Oban scheduled_activities: 10, background: 5, attachments_cleanup: 5 + ], + crontab: [ + {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker}, + {"0 * * * *", Pleroma.Workers.Cron.StatsWorker}, + {"* * * * *", Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker}, + {"0 0 * * 0", Pleroma.Workers.Cron.DigestEmailsWorker} ] config :pleroma, :workers, @@@ -570,6 -578,7 +570,6 @@@ config :pleroma, Pleroma.ScheduledActiv config :pleroma, :email_notifications, digest: %{ active: false, - schedule: "0 0 * * 0", interval: 7, inactivity_threshold: 7 } @@@ -577,7 -586,8 +577,7 @@@ config :pleroma, :oauth2, token_expires_in: 600, issue_new_refresh_token: true, - clean_expired_tokens: false, - clean_expired_tokens_interval: 86_400_000 + clean_expired_tokens: false config :pleroma, :database, rum_enabled: false @@@ -586,11 -596,21 +586,21 @@@ config :pleroma, :env, Mix.env( config :http_signatures, adapter: Pleroma.Signature - config :pleroma, :rate_limit, authentication: {60_000, 15} + config :pleroma, :rate_limit, + authentication: {60_000, 15}, + search: [{1000, 10}, {1000, 30}], + app_account_creation: {1_800_000, 25}, + relations_actions: {10_000, 10}, + relation_id_action: {60_000, 2}, + statuses_actions: {10_000, 15}, + status_id_action: {60_000, 3}, + password_reset: {1_800_000, 5}, + account_confirmation_resend: {8_640_000, 5}, + ap_routes: {60_000, 15} config :pleroma, Pleroma.ActivityExpiration, enabled: true - config :pleroma, Pleroma.Plugs.RemoteIp, enabled: false + config :pleroma, Pleroma.Plugs.RemoteIp, enabled: true config :pleroma, :static_fe, enabled: false @@@ -602,6 -622,7 +612,6 @@@ config :pleroma, :modules, runtime_dir config :pleroma, configurable_from_database: false -config :swarm, node_blacklist: [~r/myhtml_.*$/] # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. import_config "#{Mix.env()}.exs" diff --combined docs/configuration/cheatsheet.md index 021bb54c9,a81bfa29d..8af3394bb --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@@ -308,16 -308,15 +308,15 @@@ This will make Pleroma listen on `127.0 Available options: * `enabled` - Enable/disable the plug. Defaults to `false`. - * `headers` - A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Defaults to `~w[forwarded x-forwarded-for x-client-ip x-real-ip]`. + * `headers` - A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Defaults to `["x-forwarded-for"]`. * `proxies` - A list of strings in [CIDR](https://en.wikipedia.org/wiki/CIDR) notation specifying the IPs of known proxies. Defaults to `[]`. * `reserved` - Defaults to [localhost](https://en.wikipedia.org/wiki/Localhost) and [private network](https://en.wikipedia.org/wiki/Private_network). ### :rate_limit - This is an advanced feature and disabled by default. - - If your instance is behind a reverse proxy you must enable and configure [`Pleroma.Plugs.RemoteIp`](#pleroma-plugs-remoteip). + !!! note + If your instance is behind a reverse proxy ensure [`Pleroma.Plugs.RemoteIp`](#pleroma-plugs-remoteip) is enabled (it is enabled by default). A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where: @@@ -326,14 -325,31 +325,31 @@@ It is also possible to have different limits for unauthenticated and authenticated users: the keyword value must be a list of two tuples where the first one is a config for unauthenticated users and the second one is for authenticated. + For example: + + ```elixir + config :pleroma, :rate_limit, + authentication: {60_000, 15}, + search: [{1000, 10}, {1000, 30}] + ``` + + Means that: + + 1. In 60 seconds, 15 authentication attempts can be performed from the same IP address. + 2. In 1 second, 10 search requests can be performed from the same IP adress by unauthenticated users, while authenticated users can perform 30 search requests per second. + Supported rate limiters: - * `:search` for the search requests (account & status search etc.) - * `:app_account_creation` for registering user accounts from the same IP address - * `:relations_actions` for actions on relations with all users (follow, unfollow) - * `:relation_id_action` for actions on relation with a specific user (follow, unfollow) - * `:statuses_actions` for create / delete / fav / unfav / reblog / unreblog actions on any statuses - * `:status_id_action` for fav / unfav or reblog / unreblog actions on the same status by the same user + * `:search` - Account/Status search. + * `:app_account_creation` - Account registration from the API. + * `:relations_actions` - Following/Unfollowing in general. + * `:relation_id_action` - Following/Unfollowing for a specific user. + * `:statuses_actions` - Status actions such as: (un)repeating, (un)favouriting, creating, deleting. + * `:status_id_action` - (un)Repeating/(un)Favouriting a particular status. + * `:authentication` - Authentication actions, i.e getting an OAuth token. + * `:password_reset` - Requesting password reset emails. + * `:account_confirmation_resend` - Requesting resending account confirmation emails. + * `:ap_routes` - Requesting statuses via ActivityPub. ### :web_cache_ttl @@@ -496,7 -512,6 +512,7 @@@ Configuration options described in [Oba * `verbose` - logs verbosity * `prune` - non-retryable jobs [pruning settings](https://github.com/sorentwo/oban#pruning) (`:disabled` / `{:maxlen, value}` / `{:maxage, value}`) * `queues` - job queues (see below) +* `crontab` - periodic jobs, see [`Oban.Cron`](#obancron) Pleroma has the following queues: @@@ -508,12 -523,6 +524,12 @@@ * `web_push` - Web push notifications * `scheduled_activities` - Scheduled activities, see [`Pleroma.ScheduledActivity`](#pleromascheduledactivity) +#### Oban.Cron + +Pleroma has these periodic job workers: + +`Pleroma.Workers.Cron.ClearOauthTokenWorker` - a job worker to cleanup expired oauth tokens. + Example: ```elixir @@@ -524,9 -533,6 +540,9 @@@ config :pleroma, Oban queues: [ federator_incoming: 50, federator_outgoing: 50 + ], + crontab: [ + {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker} ] ``` @@@ -809,7 -815,8 +825,7 @@@ Configure OAuth 2 provider capabilities * `token_expires_in` - The lifetime in seconds of the access token. * `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token. -* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`. -* `clean_expired_tokens_interval` - Interval to run the job to clean expired tokens. Defaults to `86_400_000` (24 hours). +* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`. Interval settings sets in configuration periodic jobs [`Oban.Cron`](#obancron) ## Link parsing diff --combined lib/pleroma/application.ex index 6fdc54aed,2c8889ce5..27758cf94 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@@ -33,6 -33,7 +33,7 @@@ defmodule Pleroma.Application d def start(_type, _args) do Pleroma.HTML.compile_scrubbers() Pleroma.Config.DeprecationWarnings.warn() + Pleroma.Plugs.HTTPSecurityPlug.warn_if_disabled() Pleroma.Repo.check_migrations_applied!() setup_instrumenters() load_custom_modules() @@@ -41,9 -42,12 +42,9 @@@ children = [ Pleroma.Repo, - Pleroma.Scheduler, Pleroma.Config.TransferTask, Pleroma.Emoji, Pleroma.Captcha, - Pleroma.Daemons.ScheduledActivityDaemon, - Pleroma.Daemons.ActivityExpirationDaemon, Pleroma.Plugs.RateLimiter.Supervisor ] ++ cachex_children() ++ @@@ -54,6 -58,7 +55,6 @@@ {Oban, Pleroma.Config.get(Oban)} ] ++ task_children(@env) ++ - oauth_cleanup_child(oauth_cleanup_enabled?()) ++ streamer_child(@env) ++ chat_child(@env, chat_enabled?()) ++ [ @@@ -155,12 -160,20 +156,12 @@@ defp chat_enabled?, do: Pleroma.Config.get([:chat, :enabled]) - defp oauth_cleanup_enabled?, - do: Pleroma.Config.get([:oauth2, :clean_expired_tokens], false) - defp streamer_child(:test), do: [] defp streamer_child(_) do [Pleroma.Web.Streamer.supervisor()] end - defp oauth_cleanup_child(true), - do: [Pleroma.Web.OAuth.Token.CleanWorker] - - defp oauth_cleanup_child(_), do: [] - defp chat_child(_env, true) do [Pleroma.Web.ChatChannel.ChatChannelState] end