Return 413 when an actor's banner or background exceeds the size limit

Uploading an avatar media exceeding max size returns a 413

Until now it was returning a 500 because the upload plug were going
through the changeset and ending in the JSON encoder, which raised
because struct has to @derive the encoder.

allow http AS profile in ld+json header

Update '.gitea/issue_template/feat.yml'

Update '.gitea/issue_template/bug.yml'

Add `mail` to make the gmail adapter in swoosh work

Test removed HTTP adapter

Allow mock in http adapter checking

Remove quack, ensure adapter is finch

uppdate excoveralls

Add diagnostics http

Ensure Gun is Gone

Remove hackney/gun in favour of finch

Bump versions

Merge pull request 'Don't listen Erlang Port Mapper Daemon (4369/tcp) on 0.0.0.0' (#358) from r3g_5z/akkoma:close-open-ports into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/358

Merge pull request 'Add dark and light theme mode to docs, detection, and button' (#360) from r3g_5z/akkoma:docs-dark-mode into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/360

Add dark and light theme mode to docs, detection, and button

my eyes hurt

Signed-off-by: r3g_5z <june@girlboss.ceo>

Don't listen Erlang Port Mapper Daemon (4369/tcp) on 0.0.0.0

Signed-off-by: r3g_5z <june@girlboss.ceo>

Merge pull request 'Remove unnecessary KillMode=process' (#359) from r3g_5z/akkoma:remove-unnecessary-killmode into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/359

Merge remote-tracking branch 'origin/translations' into develop

Remove unnecessary KillMode=process

It's unclear why this is the default as this is highly not recommended.
KillMode=process ends up leaving leftover orphaned processes that
escape resource management and process lifecycles, wasting resources
on servers.

Signed-off-by: r3g_5z <june@girlboss.ceo>

Do not fetch anything from blocked instances

Add some extra info around possible nils

Update translation files

Updated by "Squash Git commits" hook in Weblate.

Translation: Pleroma fe/Akkoma Backend (Static pages)
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-static-pages/

Translated using Weblate (Indonesian)

Currently translated at 21.6% (18 of 83 strings)

Added translation using Weblate (Indonesian)

Co-authored-by: Weblate <noreply@weblate.org>
Co-authored-by: t1 <taaa@fedora.email>
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-static-pages/id/
Translation: Pleroma fe/Akkoma Backend (Static pages)

Merge pull request 'Magical patches' (#357) from magical-patches into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/357

Revert "mandate published on notes"

This reverts commit e49b583147748be73062acc92ea510f6f55a503a.

Merge pull request 'Skip posts in indexer where publish date is nil' (#356) from sn0w/akkoma:feature/indexer-skip-broken-activities into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/356
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>

mandate published on notes

fixes #356

Add URL and code to :not_found errors

Ref #355

Underscore unused variable

Do not pass transient undo-y activities through MRF

Remove FollowBotPolicy

extend reject MRF to check if originating instance is blocked

Skip posts in indexer where publish date is nil

Merge remote-tracking branch 'ilja/fix_tagpolicy_to_also_work_on_updates' into develop

mix format

Fix MRF policies to also work with Update

Objects who got updated would just pass through several of the MRF policies, undoing moderation in some situations.
In the relevant cases we now check not only for Create activities, but also Update activities.

I checked which ones checked explicitly on type Create using `grep '"type" => "Create"' lib/pleroma/web/activity_pub/mrf/*`.

The following from that list have not been changed:
* lib/pleroma/web/activity_pub/mrf/follow_bot_policy.ex
    * Not relevant for moderation
* lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
    * Already had a test for Update
* lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
    * In practice only relevant when fetching old objects (e.g. through Like or Announce). These are always wrapped in a Create.
* lib/pleroma/web/activity_pub/mrf/reject_non_public.ex
    * We don't allow changing scope with Update, so not relevant here

Fix tagpolicy to also work with Update

Objects who got updated would just pass the TagPolicy, undoing the moderation that was set in place for the Actor.
Now we check not only for Create activities, but also Update activities.

Merge pull request 'Add YAML issue templates for bug and feat' (#353) from sfr/akkoma:issue-template into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/353

Add YAML issue templates for bug and feat

Update 'ISSUE_TEMPLATE.md'

Add issue template

Add misskey markdown to format suggestions

Fixes #345

Add check for null reply_to_user

Redirect to standard FE if logged in

Document custom.css

GOOGLE

static-fe overhaul (#236)

makes static-fe look more like pleroma-fe, with the stylesheets matching pleroma-dark and pleroma-light based on `prefers-color-scheme`.

- [x] navbar
- [x] about sidebar
- [x] background image
- [x] statuses
  - [x] "reply to" or "edited" tags
- [x] accounts
  - [x] show more / show less
  - [x] posts / with replies / media / followers / following
    - [x] followers/following would require user card snippets
  - [x] admin/bot indicators
- [x] attachments
  - [x] nsfw attachments
- [x] fontawesome icons
- [x] clean up and sort css
- [x] add pleroma-light
- [x] replace hardcoded strings

also i forgot
- [x] repeated headers

how it looks + sneak peek at statuses:

Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/236
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>

Diagnostics tasks (#348)

a bunch of ways to get query plans to help with debugging

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/348

Merge pull request 'Small improvements to the Gentoo installation isntructions' (#335) from timorl/akkoma:i-use-gentoo-btw into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/335

DOCS: backup restore improvements (#332)

Mostly add how to speed up restoration by adding activities_visibility_index later. Also some small other improvements.

This is based on what I did on a Pleroma instance. I assume the activities_visibility_index taking so long is still true for Akkoma, but can't really test because I don't have a big enough Akkoma DB yet 🙃

Co-authored-by: ilja <git@ilja.space>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/332
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>

Allow dashes in domain name search

update default favicon

Doc branding

varnish config/docs (#342)

Co-authored-by: Mark Felder <feld@feld.me>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/342

Remerge of hashtag following (#341)

this time with less idiot

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/341

revert 4a94c9a31ef11f63ea71ad9c1f085c18cf8ef083

revert Add ability to follow hashtags (#336)

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/336

Add changelog entry for hashtag following

Add ability to follow hashtags (#336)

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/336

Small improvements to the Gentoo installation isntructions

Purge Rejected Follow requests in daily task (#334)

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/334

Merge pull request 'Manually define PATH for Arch Linux users in systemd unit' (#333) from r3g_5z/akkoma:arch-perl-modules into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/333

Manually define PATH for Arch Linux users in systemd unit

Signed-off-by: r3g_5z <june@girlboss.ceo>

Add maskable to logo

Merge pull request 'Add PWA config' (#329) from pwa into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/329

Resolve follow activity from accept/reject without ID (#328)

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/328

still use mask

Add PWA info

Fixing up deletes a bit (#327)

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/327

Merge pull request 'docs: Remove quarantine section' (#324) from norm/akkoma:remove-quarantine into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/324

docs: Remove quarantine section

Quarantining was deprecated back in 2022.08.

Also added that SimplePolicy's `reject` also prevents outbound federation to servers listed there.

Add ability to set a default post expiry (#321)

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/321

Merge pull request 'Spin off imports into n oban jobs' (#319) from spin-off-imports into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/319

Spin off imports into n oban jobs

Merge pull request 'Delete 'installation/download-mastofe-build.sh'' (#317) from norm/akkoma:delete-download-mastofe-build.sh into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/317

Delete 'installation/download-mastofe-build.sh'

AFAIK, this isn't being used anymore, and it's outdated anyways.

Merge branch 'normalise-markup-by-default' into develop

weirdly no, images should not have classes

normalise markup by default (#316)

why was this _not_ default?

honestly i'm surprised pleroma hasn't exploded yet

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/316

document normalizemarkup and inlinequote MRFs

Add tests, changelog entry

Turn on markup normalisation by default

fix tests broken by relay defaults changing (#314)

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/314

minor-changes (#313)

Only real change here is making MRF rejects log as debug instead of info (https://akkoma.dev/AkkomaGang/akkoma/issues/234)

I don't know if it's the best way to do it, but it seems it's just MRF using this and almost always this is intended.

The rest are just minor docs changes and syncing the restricted nicknames stuff.

I compiled and ran my changes with Docker and they all work.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/313
Co-authored-by: @r3g_5z@plem.sapphic.site <june@girlboss.ceo>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@girlboss.ceo>

Add Signed Fetch Statistics (#312)

Close #304.

Notes:
 - This patch was made on top of Pleroma develop, so I created a separate cachex worker for request signature actions, instead of Akkoma's instance cache. If that is a merge blocker, I can attempt to move logic around for that.
 - Regarding the `has_request_signatures: true -> false` state transition: I think that is a higher level thing (resetting instance state on new instance actor key) which is separate from the changes relevant to this one.

Co-authored-by: Luna <git@l4.pm>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/312
Co-authored-by: @luna@f.l4.pm <akkoma@l4.pm>
Co-committed-by: @luna@f.l4.pm <akkoma@l4.pm>

Note that openbsd needs erlang-wx

Merge pull request 'Remove reference to city.jpg in COPYING' (#310) from norm/akkoma:copying-city-jpg into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/310

Merge pull request 'change default allow_relay to false' (#309) from nocebo/akkoma:default-no-relay into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/309

Remove reference to city.jpg in COPYING

Again forgot to remove a reference to a deleted file...

Hopefully this should be the last one.

change default allow_relay to false

relay functionality should be opt-in

http timeout config (#307)

Ref https://meta.akkoma.dev/t/increase-timeout-on-libretranslate-request-how/156/2

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/307

Change follow_operation schema to use type BooleanLike (#301)

Changes follow_operation schema to use BooleanLike instead of :boolean so that strings like "0" and "1" (used by mastodon.py) can be accepted. Rest of file uses the same. For more info please see https://git.pleroma.social/pleroma/pleroma/-/issues/2999

(I'm also sending this here as I'm not hopeful about upstream not ignoring  it)

Co-authored-by: ave <ave@ave.zone>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/301
Co-authored-by: ave <ave@noreply.akkoma>
Co-committed-by: ave <ave@noreply.akkoma>

Merge pull request 'Remove reference to pleroma-fox-tan-shy.png in COPYING' (#298) from norm/akkoma:copying-remove-pleroma-tan-shy into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/298

Remove reference to pleroma-fox-tan-shy.png in COPYING

Forgot to remove this in https://akkoma.dev/AkkomaGang/akkoma/pulls/285.

This image was also removed a while back.

Add conversationDisplay to settings

Merge pull request 'Additional timeline query improvements from upstream' (#291) from norm/akkoma:timeline-query-improvements into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/291

Add favicon, frontend docs

HTTP header improvements (#294)

- Drop Expect-CT

Expect-CT has been redundant since 2018 when Certificate Transparency became mandated and required for all CAs and browsers. This header is only implemented in Chrome and is now deprecated. HTTP header analysers do not check this anymore as this is enforced by default. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT

- Raise HSTS to 2 years and explicitly preload

The longer age for HSTS, the better. Header analysers prefer 2 years over 1 year now as free TLS is very common using Let's Encrypt.
For HSTS to be fully effective, you need to submit your root domain (domain.tld) to https://hstspreload.org. However, a requirement for this is the "preload" directive in Strict-Transport-Security. If you do not have "preload", it will reject your domain.

- Drop X-Download-Options

This is an IE8-era header when Adobe products used to use the IE engine for making outbound web requests to embed webpages in things like Adobe Acrobat (PDFs). Modern apps are using Microsoft Edge WebView2 or Chromium Embedded Framework. No modern browser checks or header analyser check for this.

- Set base-uri to 'none'

This is to specify the domain for relative links (`<base>` HTML tag). pleroma-fe does not use this and it's an incredibly niche tag.

I use all of these myself on my instance by rewriting the headers with zero problems. No breakage observed.

I have not compiled my Elixr changes, but I don't see why they'd break.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/294
Co-authored-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>

Merge pull request 'Drop XSS auditor' (#292) from r3g_5z/akkoma:drop-xss-auditor into develop

Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/292