key: :public,
type: :boolean,
description:
- "Makes the client API in authenticated mode-only except for user-profiles." <>
- " Useful for disabling the Local Timeline and The Whole Known Network. " <>
+ "Switching this on will allow unauthenticated users access to all public resources on your instance" <>
+ " Switching it off is useful for disabling the Local Timeline and The Whole Known Network. " <>
" Note: when setting to `false`, please also check `:restrict_unauthenticated` setting."
},
%{
key: :restrict_unauthenticated,
label: "Restrict Unauthenticated",
type: :group,
- description:
- "Disallow viewing timelines, user profiles and statuses for unauthenticated users.",
+ description: "Disallow unauthenticated viewing of timelines, user profiles and statuses.",
children: [
%{
key: :timelines,
%{
key: :local,
type: :boolean,
- description: "Disallow view public timeline."
+ description: "Disallow viewing the public timeline."
},
%{
key: :federated,
type: :boolean,
- description: "Disallow view federated timeline."
+ description: "Disallow viewing the whole known network timeline."
}
]
},
%{
key: :local,
type: :boolean,
- description: "Disallow view local user profiles."
+ description: "Disallow viewing local user profiles."
},
%{
key: :remote,
type: :boolean,
- description: "Disallow view remote user profiles."
+ description: "Disallow viewing remote user profiles."
}
]
},
%{
key: :activities,
type: :map,
- description: "Settings for statuses.",
+ description: "Settings for posts.",
children: [
%{
key: :local,
type: :boolean,
- description: "Disallow view local statuses."
+ description: "Disallow viewing local posts."
},
%{
key: :remote,
type: :boolean,
- description: "Disallow view remote statuses."
+ description: "Disallow viewing remote posts."
}
]
}
* `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes.
* `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it.
* `allow_relay`: Permits remote instances to subscribe to all public posts of your instance. This may increase the visibility of your instance.
-* `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. Note that there is a dependent setting restricting or allowing unauthenticated access to specific resources, see `restrict_unauthenticated` for more details.
+* `public`: Allows unauthenticated access to public resources on your instance. This is essentially used as the default value for `:restrict_unauthenticated`.
+ See `restrict_unauthenticated` for more details.
* `quarantined_instances`: *DEPRECATED* ActivityPub instances where activities will not be sent. They can still reach there via other means, we just won't send them.
* `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML).
* `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with
### :restrict_unauthenticated
-Restrict access for unauthenticated users to timelines (public and federated), user profiles and statuses.
+Restrict access for unauthenticated users to timelines (public and federated), user profiles and posts.
* `timelines`: public and federated timelines
* `local`: public timeline
* `profiles`: user profiles
* `local`
* `remote`
-* `activities`: statuses
+* `activities`: posts
* `local`
* `remote`
-Note: when `:instance, :public` is set to `false`, all `:restrict_unauthenticated` items be effectively set to `true` by default. If you'd like to allow unauthenticated access to specific API endpoints on a private instance, please explicitly set `:restrict_unauthenticated` to non-default value in `config/prod.secret.exs`.
+#### When :instance, :public is `true`
-Note: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline).
+When your instance is in "public" mode, all public resources (users, posts, timelines) are accessible to unauthenticated users.
+
+Turning any of the `:restrict_unauthenticated` options to `true` will restrict access to the corresponding resources.
+
+#### When :instance, :public is `false`
+
+When `:instance, :public` is set to `false`, all of the `:restrict_unauthenticated` options will effectively be set to `true` by default,
+meaning that only authenticated users will be able to access the corresponding resources.
+
+If you'd like to allow unauthenticated access to specific resources, you can turn these settings to `false`.
+
+**Note**: setting `restrict_unauthenticated/timelines/local` to `true` has no practical sense if `restrict_unauthenticated/timelines/federated` is set to `false` (since local public activities will still be delivered to unauthenticated users as part of federated timeline).
## Pleroma.Web.ApiSpec.CastAndValidate
get_option(
options,
:domain,
- "What domain will your instance use? (e.g pleroma.soykaf.com)"
+ "What domain will your instance use? (e.g akkoma.example.com)"
),
":"
) ++ [443]
|> Repo.delete_all(timeout: :infinity)
end
+ def prune_stale_follow_requests do
+ before_time = cutoff()
+
+ from(a in Activity,
+ where:
+ fragment("?->>'type' = ?", a.data, "Follow") and a.inserted_at < ^before_time and
+ fragment("?->>'state' = ?", a.data, "reject")
+ )
+ |> Repo.delete_all(timeout: :infinity)
+ end
+
defp cutoff do
DateTime.utc_now() |> Timex.shift(days: -@cutoff)
end
use Ecto.Schema
alias Pleroma.Activity
- alias Pleroma.Object
alias Pleroma.User
import Ecto.Changeset
description: Config.get([:instance, :description]),
icons: [
%{
- src: "/static/logo.svg",
- type: "image/svg+xml"
+ src: "/static/logo.svg",
+ type: "image/svg+xml"
},
%{
- src: "/static/logo-512.png",
- sizes: "512x512",
- type: "image/png",
- purpose: "maskable"
+ src: "/static/logo-512.png",
+ sizes: "512x512",
+ type: "image/png",
+ purpose: "maskable"
}
],
theme_color: Config.get([:manifest, :theme_color]),
Logger.info("Pruning old deletes")
ActivityPruner.prune_deletes()
+ Logger.info("Pruning old follow requests")
+ ActivityPruner.prune_stale_follow_requests()
+
Logger.info("Pruning old undos")
ActivityPruner.prune_undos()
refute Activity.get_by_id(old_delete.id)
end
end
+
+ describe "prune_stale_follow_requests" do
+ test "it prunes old follow requests" do
+ follower = insert(:user)
+ followee = insert(:user)
+
+ new_follow_request =
+ insert(
+ :follow_activity,
+ follower: follower,
+ followed: followee,
+ state: "reject"
+ )
+
+ old_not_rejected_request =
+ insert(:follow_activity,
+ follower: follower,
+ followed: followee,
+ state: "pending",
+ inserted_at: DateTime.utc_now() |> DateTime.add(-31 * 24, :hour)
+ )
+
+ old_follow_request =
+ insert(:follow_activity,
+ follower: follower,
+ followed: followee,
+ inserted_at: DateTime.utc_now() |> DateTime.add(-31 * 24, :hour),
+ state: "reject"
+ )
+
+ Pruner.prune_stale_follow_requests()
+ assert Activity.get_by_id(new_follow_request.id)
+ assert Activity.get_by_id(old_not_rejected_request.id)
+ refute Activity.get_by_id(old_follow_request.id)
+ end
+ end
end
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.PleromaAPI.EmojiFileControllerTest do
- use Pleroma.Web.ConnCase
+ use Pleroma.Web.ConnCase, async: false
import Mock
import Tesla.Mock
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.TwitterAPI.RemoteFollowControllerTest do
- use Pleroma.Web.ConnCase, async: true
+ use Pleroma.Web.ConnCase, async: false
alias Pleroma.MFA
alias Pleroma.MFA.TOTP
data: data,
actor: follower.ap_id
}
+ |> Map.merge(attrs)
end
def report_activity_factory(attrs \\ %{}) do
projects / akkoma / commitdiff