Commit Graph

515 Commits (0205038f0d5e179670b467abca20c25173e3e111)

Author SHA1 Message Date
Thomas Sileo 5cf54c2782 Add support for OAuth 2.0 dynamic client registration 2022-12-16 19:23:22 +01:00
Thomas Sileo db6016394b Fix CSP IndieAuth redirection issue 2022-12-16 09:22:40 +01:00
Thomas Sileo 573a76c0c5 Fix admin redirect 2022-12-15 22:27:14 +01:00
Thomas Sileo 3097dbebe9 Improve Webfinger 2022-12-15 22:14:24 +01:00
Thomas Sileo 15dd7e184b Allow to hide shares from actors 2022-12-12 20:48:05 +01:00
Thomas Sileo 22410862f3 Tweak/fix opengraph parsing 2022-12-11 18:15:30 +01:00
Thomas Sileo 7621a19489 Check browser support before returning webp pictures 2022-12-11 16:15:25 +01:00
João Costa 9d6ed4cd28 Fix og:title always being empty on articles 2022-12-06 19:38:44 +01:00
Thomas Sileo 0f10bfddac Oops add missing file 2022-12-05 22:01:37 +01:00
Thomas Sileo 26efd09304 Add task to import Mastodon following export 2022-12-05 21:58:13 +01:00
Thomas Sileo 5d95fd44ac Fix webmention discovery 2022-12-04 12:06:15 +01:00
Thomas Sileo a337b32bcd Blocking server also blocks subdomains 2022-12-04 11:51:52 +01:00
Thomas Sileo e8fcf5a9a2 Tweak video mode 2022-12-03 19:57:13 +01:00
Thomas Sileo 7525744f82 Test new GIF mode for videos without sound 2022-12-03 19:47:11 +01:00
Thomas Sileo 7d3fc35a24 More proxy client tweaks 2022-12-02 19:40:58 +01:00
Thomas Sileo 73dceee0f5 Fix proxy client 2022-12-02 19:28:59 +01:00
Thomas Sileo 34c7cdb5fb Fix Undo{Announce} recipients 2022-12-02 18:48:23 +01:00
Thomas Sileo 0527e34476 Tweak proxy client 2022-12-02 18:48:05 +01:00
Thomas Sileo a82f619e89 Revert "fix unshare by getting recipients from Announce activity instead of Undo"
This reverts commit dcd44ec3b6.
2022-12-02 18:12:24 +01:00
Thomas Sileo a68b3e7318 Don't insert an empty div on the index when there's no pages 2022-11-30 20:11:20 +01:00
Thomas Sileo 436d5ccf1b Tweak in reply to this xyz text 2022-11-30 19:30:26 +01:00
Thomas Sileo a273f26549 Only show local delete for local replies 2022-11-30 17:49:36 +01:00
Thomas Sileo 9d357446d2 Tweak logging 2022-11-30 17:37:08 +01:00
João Costa 5df4d420de Whitelist object types in the index query
Select the outbox object types that we want to show on the notes page
instead of removing objects that we don't want to show.
That way, it's easier to ensure that there are no objects messing up the
object count/empty checks.

Partially fixes https://todo.sr.ht/~tsileo/microblog.pub/65
2022-11-30 14:10:28 +01:00
Jane 68884d9afa Use <details> element for sensitive text
The sensitive text feature was implemented with <label> and hidden
checkbox <input> elements. There were two issues with this
implementation:
1. The user couldn't navigate to the "show/hide more" button using
   keyboard.
2. The label indicates two actions at the same time ("show/hide more"),
   making it unclear what the function of the checkbox was and what the
   current show/collapse state was.

As it is generally preferrable to use built-in HTML elements for the
best semantic, this commit moves to use the <details> and <summary>
elements for the sensitive text feature. The browser will open/collapse
the content in <details> automatically when the user clicks on the
<summary>, and keyboard navigation support is built-in.

This commit also changes the button to display "show more" or "show
less" depending on the state for visual clarity. This button is hidden
from the accessibility tree using `aria-label="false"`, as the <details>
element already exposes its state to the tree and we want to avoid
duplicated information.

A few caveats:
* The "show/hide sensitive content" button for sensitive attachments
  hasn't been changed yet as I'd like to get more feedback about the new
  implementation.
* As the summary/content warning text itself is also part of the
  <summary> tag, the user can now also click on them to toggle the
  visibility of the sensitive text. This may not be desirable as the
  current interface does not make it clear that this could happen; the
  user may try to select some text from the summary and be surprised
  by the sensitive text being expanded. One way to improve this would
  be to add an event listener to the summary text and call
  `preventDefault`, but this would introduce JavaScript code.
2022-11-30 12:26:34 +01:00
Thomas Sileo 46a592b11e Switch back to HTTP1 for the media proxy client 2022-11-30 12:26:31 +01:00
Thomas Sileo 5f0b8f5dfd Tweak media proxy client 2022-11-28 20:58:16 +01:00
Thomas Sileo 578581b4dc More mf2 improvements for shares/reposts 2022-11-27 16:29:49 +01:00
Thomas Sileo ec36272bb4 Allow to disable certain notification type 2022-11-27 12:11:42 +01:00
Thomas Sileo e30e0de10e No more HTTP sig check on the actor profile 2022-11-27 11:36:15 +01:00
Sam dcd44ec3b6 fix unshare by getting recipients from Announce activity instead of Undo 2022-11-27 11:31:45 +01:00
Sam 71a4ea2425 fix typo on deleted object ap_type 2022-11-27 11:29:54 +01:00
Thomas Sileo 441e3d90b1 Fix formatting 2022-11-23 21:58:59 +01:00
Alexey Shpakovsky d9b9f596d3 Skip custom emojis which don't match emoji regexp
Otherwise, emojis containing forbidden symbols (for example, `-`)
appear in "emoji selector" on admin/new page, but are not replaced
with emoji image on submit.

Also add a note to documentation mentioning allowed characters.
2022-11-23 21:54:02 +01:00
Thomas Sileo 2cc4eda143 Boostrap stream customization (API may change) 2022-11-22 20:30:35 +01:00
Thomas Sileo bd065446bf Hack in HTTP sig to drop Delete requests early on 2022-11-21 21:43:12 +01:00
Thomas Sileo 8475f5bccd Fix admin session timeout 2022-11-21 20:43:51 +01:00
Thomas Sileo a435cd33c9 Allow to delete webmentions 2022-11-20 11:56:58 +01:00
Thomas Sileo d692ec060f Tweak webmention processing 2022-11-20 11:31:00 +01:00
Thomas Sileo 4c6eb51ae2 Proper mf2 for replies 2022-11-20 11:12:34 +01:00
Thomas Sileo d36102255f Merge branch 'v2' into indieweb-merge-part2 2022-11-20 10:48:43 +01:00
Thomas Sileo cdbc545d5e Add a flag on new notifications 2022-11-20 10:13:17 +01:00
Thomas Sileo fbc46e0517 More logging for the admin session 2022-11-20 10:02:28 +01:00
Thomas Sileo ef4608f348 Switch back the proxy client to HTTP2 mode 2022-11-20 09:49:19 +01:00
Cocoa a9f41d6be7 Put 'with_icon' param in the correct macro call
Fix for https://todo.sr.ht/~tsileo/microblog.pub/66
2022-11-20 09:47:54 +01:00
Thomas Sileo 822280c280 Tweak proxy client (increased timeout, no more HTTP2) 2022-11-19 08:32:44 +01:00
Thomas Sileo c83dd30f41 Increase admin session validity to 3 days 2022-11-19 08:16:53 +01:00
Thomas Sileo 9d312bc229 Fix typing 2022-11-19 08:15:36 +01:00
Kevin Wallace b37b77ad34 Make local actor icon optional
If a remote actor has no icon, we show our local default icon.

If we have no icon, we should allow remote instances to show their
default icon, instead of sending ours.
2022-11-19 08:12:49 +01:00
Thomas Sileo 9ee3f3b971 More progess on webmention replies 2022-11-19 08:12:33 +01:00
Thomas Sileo 066f5ec900 Merge branch 'v2' into indieweb-merge-part2 2022-11-18 20:36:58 +01:00
Kevin Wallace a2254f2674 Add return type to hmac_sha256 2022-11-18 20:30:29 +01:00
Kevin Wallace 2151733e4f Add robots meta tags on pages in robots.txt
Useful when app is at a non-root path and we're not handling top-level
/robots.txt requests.
2022-11-18 20:30:29 +01:00
Kevin Wallace 3cff4e4507 Use BASE_URL when generating {proxied,resized}_image_url
Necessary when running at a non-root path
2022-11-18 20:30:29 +01:00
Thomas Sileo 120f92a9ed Display Webmention as replies when applicable 2022-11-18 20:20:58 +01:00
Thomas Sileo ae8029cd22 Fix template 2022-11-17 21:12:16 +01:00
Thomas Sileo 434fd98cd9 Merge IndieWeb likes/reposts with their AP counterpart 2022-11-17 21:03:24 +01:00
Thomas Sileo 89c90fba56 Start to merge IndieWeb and AP interactions 2022-11-17 09:18:06 +01:00
Thomas Sileo e29fe0a079 Fix DM admin page showing deleted objects 2022-11-15 23:07:10 +01:00
Thomas Sileo 04e75c78e0 Handle inbox delete handler for actors 2022-11-15 21:47:51 +01:00
Thomas Sileo 68c27e083f Allow to click on picture to see the original one 2022-11-14 21:23:41 +01:00
Thomas Sileo d52528584a Tweak template for the local delete button 2022-11-13 18:32:38 +01:00
Thomas Sileo d352dc104a Add local delete option
Useful for removing replies showing up on the public website.
2022-11-13 18:19:52 +01:00
Thomas Sileo 0c5ce67d4e Tweak remote instance redirection 2022-11-13 17:37:19 +01:00
Kevin Wallace 9db7bdf0fb remote follow: use HTML redirect to work around CSP issue
In Chrome, I get the following when trying to use the remote follow form:

    Refused to send form data to 'https://example.com/remote_follow'
    because it violates the following Content Security Policy directive:
    "form-action 'self'".

It seems some browsers (but notably not Firefox) apply the form-action
policy to the redirect target in addition to the initial form
submission endpoint.  See:

    https://github.com/w3c/webappsec-csp/issues/8

In that thread, this workaround is suggested.
2022-11-13 17:11:02 +01:00
Thomas Sileo 793a939046 Fix OG metadata scraping and improve workers 2022-11-13 13:00:22 +01:00
Thomas Sileo c3eb44add7 Improve mention parsing 2022-11-12 10:04:37 +01:00
Thomas Sileo 9b75020c91 Fix for profile image URL support 2022-11-12 09:26:28 +01:00
Thomas Sileo 36a1a6bd9c Fix for processing objects from Birdsite LIVE 2022-11-12 09:01:56 +01:00
Thomas Sileo 164cd9bd00 Webfinger strips extra space 2022-11-11 15:25:55 +01:00
Thomas Sileo 698a2bae11 Follow up fixes for the image URL support 2022-11-11 15:13:45 +01:00
Alexey Shpakovsky 4613997fe3 Add option to set image_url ("background image") for user
While this option is not used anywhere in microblog.pub itself, some
other servers do occasionally use it when showing remote profiles.

Also, this image _can_ be used in microblog.pub - just add this:

	<img src="{{ local_actor.image_url }}">

in the appropriate place of your template!
2022-11-11 15:08:17 +01:00
Thomas Sileo 4c995957a6 Merge branch 'test-css-tweak' into v2 2022-11-11 15:07:40 +01:00
Thomas Sileo 5c98b8dbfb Revert "Minor styling tweaks: piccalil.li's modern CSS Reset swyx.io's 100 Bytes of CSS to look great everywhere"
This reverts commit a339ff93b1.
2022-11-11 15:07:18 +01:00
Thomas Sileo 48d5914851 Tweak orientation hint for attachments 2022-11-11 14:56:56 +01:00
Ash McAllan 8f00e522d7 pass through width and height of attachments to allow styling based on media orientation 2022-11-11 14:20:59 +01:00
Thomas Sileo 62c9327500 Add support for setting a custom CSP 2022-11-09 21:26:43 +01:00
Cassio Zen a339ff93b1 Minor styling tweaks: piccalil.li's modern CSS Reset swyx.io's 100 Bytes of CSS to look great everywhere 2022-11-09 20:39:27 +01:00
Thomas Sileo afd253a1b4 Fix OG image URL 2022-11-09 09:29:25 +01:00
Thomas Sileo 509e10e79b Fix active URL in the navbar 2022-11-09 08:15:29 +01:00
Thomas Sileo d96ec913d4 Add support for displaying events from Mobilizon 2022-11-07 20:35:23 +01:00
Thomas Sileo 530491ff10 Fix typing 2022-11-07 18:53:45 +01:00
Kevin Wallace 48740ea8cb Allow templates to be overridden in data/templates/
I'd like to customize my instance's theme beyond what's possible with
_theme.scss.  This patch would allow me to do that, and keep my changes
self-contained in data/ without maintaining a local patchset over
app/templates/.

For utils.html, I've also added scoped blocks around the body of every
macro.  This allows the macros to be overridden individually in
data/templates/utils.html, without copying the whole file.  For example,
to only override the display of a specific actor's name/icon:

    {% extends "app/utils.html" %}
    {% block display_actor %}
    {% if actor.ap_id == "https://me.example.com" %}
    <!-- custom actor display -->
    {% else %}
    {{ super() }}
    {% endif %}
    {% endblock %}
2022-11-07 18:46:21 +01:00
Thomas Sileo 0d7c121781 Fix formatting 2022-11-06 16:57:04 +01:00
Kevin Wallace a4cfd65009 Sign media URLs to avoid becoming an open proxy
Signatures are valid for ~1 week.
2022-11-04 19:36:26 +01:00
Thomas Sileo 540b9d1470 Minor tweaks about non-root handling 2022-11-04 19:28:21 +01:00
Kevin Wallace 1c076049cf Fix URL generation when not at domain root 2022-11-04 19:22:30 +01:00
Kevin Wallace 242bf7b515 fixup! Fix URL generation when not at domain root
Oops -- missed these two!  Sorry for the noise; let me know if you'd
like me to squash and resubmit.
2022-11-04 19:22:30 +01:00
Kevin Wallace 2843155501 Allow actor id to be specified in config
This is useful if the actor won't be at the root of the domain.
2022-11-04 19:22:30 +01:00
Thomas Sileo 0badf0bc1f Fix permalink for Questions 2022-11-03 22:38:29 +01:00
Thomas Sileo 32692a7dcd First shot at supporting custom handler 2022-11-02 08:51:21 +01:00
Thomas Sileo b6f0cd01d3 Less HTML restrictions for local content 2022-10-30 18:47:24 +01:00
Thomas Sileo c985dd84c3 Add slugify helper 2022-10-30 17:51:57 +01:00
Thomas Sileo 3d049da2e5 Add slug support for Article 2022-10-30 17:50:59 +01:00
Thomas Sileo 3729500e3e Improve Block support 2022-10-23 16:37:32 +02:00
Thomas Sileo 2853bf2a28 Fix tag dedup 2022-10-20 19:39:55 +02:00
Thomas Sileo 0144a1c0d4 Tweak Mistletoe autolink 2022-10-19 21:09:30 +02:00
Thomas Sileo d93bcf6128 Complete the switch to mistletoe 2022-10-19 20:46:01 +02:00
Thomas Sileo f50a233ce9 Improved Block support 2022-10-18 21:39:09 +02:00
Thomas Sileo 8e7fbcc501 Tweak actor refresh 2022-10-11 20:49:06 +02:00