Commit graph

70 commits

Author SHA1 Message Date
Hugo Gameiro
5466b39c78 Add SMTP reply_to option ()
* Add SMTP_REPLY_TO in .env.production.sample

* Set reply_to in SMTP options
2019-09-02 18:12:40 +02:00
Stanislas
a3c7dd92f3 Add ES_PREFIX in .env.production.sample () 2019-05-09 22:41:27 +02:00
M Somerville
2bba6e582d Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. ()
Still check for S3_CLOUDFRONT_HOST for existing installs.
2018-08-25 13:27:08 +02:00
Immae
b0f4fe456b Add ldap search filter () 2018-08-15 18:12:44 +02:00
MIYAGI Hikaru
ddd0bb69e1 Merge HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY into ALLOW_ACCESS_TO_HIDDEN_SERVICE ()
If Mastodon accesses to the hidden service via transparent proxy, it's needed to avoid checking whether it's a private address, since `.onion` is resolved to a private address.
I was previously using the `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` to provide that function. However, I realized that using `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` is redundant, since this specification is always used with `ALLOW_ACCESS_TO_HIDDEN_SERVICE`. Therefore, I decided to integrate the setting of `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into` ALLOW_ACCESS_TO_HIDDEN_SERVICE`.
2018-06-29 15:36:02 +02:00
Akihiko Odaki
d95642f6d9 Cache attachments on external host with service worker () 2018-05-29 00:43:47 +02:00
Hugo Gameiro
ea4e243303 Improve OpenStack v3 compatibility ()
* Update paperclip.rb

* Update .env.production.sample

* Update paperclip.rb
2018-05-07 02:28:28 +02:00
MIYAGI Hikaru
f58dcbc981 HTTP proxy support for outgoing request, manage access to hidden service ()
* Add support for HTTP client proxy

* Add access control for darknet

Supress error when access to darknet via transparent proxy

* Fix the codes pointed out

* Lint

* Fix an omission + lint

* any? -> include?

* Change detection method to regexp to avoid test fail
2018-04-25 02:14:49 +02:00
Akihiko Odaki
4f9136d2d5 Document CORS requirement for asset host () 2018-03-28 20:40:18 +02:00
Alexander
33ee347c99 rename pam email environment variable to something more understandable and default to LOCAL_DOMAIN (better fallback) () 2018-03-19 20:09:26 +01:00
Eugen Rochko
675b8fea53
Adjust suggested ES host in .env sample for docker-compose config () 2018-03-09 11:32:55 +01:00
Effy Elden
dd9d00d293 Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available () 2018-03-07 06:19:10 +01:00
Alexander
42fe05dea1 fix logic for pam_controlled_service () 2018-03-02 19:02:50 +01:00
Eugen Rochko
b4f8e87358
Add LDAP options to .env.production.sample () 2018-03-02 08:14:34 +01:00
Eugen Rochko
5cc716688a
Ensure the app does not even start if OTP_SECRET is not set ()
* Ensure the app does not even start if OTP_SECRET is not set

* Remove PAPERCLIP_SECRET (it's not used by anything, actually)

Imports are for internal consumption and the url option isn't even
used correctly, so we can remove the hash stuff from them
2018-02-26 01:31:44 +01:00
Eugen Rochko
f0a1b1a152
Fix () 2018-02-26 00:24:55 +01:00
Ghislain Loaec
e668180044 New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref (not only SAML strategies) () 2018-02-23 01:16:17 +01:00
Alexander
8fa924e372 Update pam documentation ()
* document pam email extraction

* remove superfluous newline
2018-02-22 23:41:21 +01:00
Ghislain Loaec
3084fe4959 New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED + fixes () 2018-02-22 23:31:25 +01:00
Eugen Rochko
3ebc0ad4d3
Full-text search for authorized statuses ()
* Add full-text search for authorized statuses

- Search API will return statuses that match the query
- Only for logged in users
- Only if you are author of the status,
- Or you were mentioned in it
- Or you favourited or reblogged it
- Configuration over `ES_ENABLED`, `ES_HOST`, `ES_PORT`, `ES_PREFIX`
- Run `rails chewy:deploy` to create & populate index

Fix 
Fix 
Fix 

* Add commented out docker-compose configuration for ES container

* Optimize index import, filter search results

* Add basic normalization to the index

* Add better stemming and normalization to the index

* Skip webfinger request if search query includes both @ and a space

* Fix code style

* Visually separate search result sections

* Fix code style issues
2018-02-09 23:04:47 +01:00
Eugen Rochko
38e0133e1b
Make PAM gem optional, allow configuration over environment () 2018-02-04 15:05:53 +01:00
Eugen Rochko
26f21fd5a0
CAS + SAML authentication feature ()
* Cas authentication feature

* Config

* Remove class_eval + Omniauth initializer

* Codeclimate review

* Codeclimate review 2

* Codeclimate review 3

* Remove uid/email reconciliation

* SAML authentication

* Clean up code

* Improve login form

* Fix code style issues

* Add locales
2018-02-04 05:42:13 +01:00
nightpool
9592b5e31e enforce LOCAL_HTTPS=true in production ()
* enforce https in production

* note changes in production env sample

* typo fix
2017-12-22 02:17:59 +01:00
Nolan Lawson
d4f80824f7 Document REDIS_NAMESPACE () 2017-09-22 06:44:39 +02:00
Patrick Figel
3018043fc2 Add OpenStack Keystone V3 support ()
Keystone V2 is deprecated in favour of V3. This adds the necessary
connection parameters for establishing a V3 connection. Connections
to V2 endpoints are still possible and the configuration should
remain compatible.

This also introduces a SWIFT_REGION variable for multi-region
OpenStack environments and a SWIFT_CACHE_TTL that controls how long
tokens and other meta-data is cached for. Caching tokens avoids
rate-limiting errors that would result in media uploads becoming
unavailable during high load or when using tasks like
media:remove_remote. fog-openstack only supports token caching for
V3 endpoints, so a recommendation for using V3 was added.
2017-09-11 15:11:13 +02:00
Yamagishi Kazutoshi
fa21d004c7 Add environment sample for OpenStack Swift () 2017-09-06 12:13:00 +02:00
Treyssat-Vincent Nino
aefb4719bc comment correction () 2017-09-05 12:13:25 +02:00
ScienJus
c3e355388a Show SMTP_TLS in config sample () 2017-08-01 15:00:29 +02:00
Yamagishi Kazutoshi
0fa9dd8527 Add Rake task for generate VAPID key ()
* Add Rake task for generate VAPID key

* edit config/initializers/vapid.rb
2017-07-14 12:13:43 +02:00
Sorin Davidoi
0c7c188c45 Web Push Notifications ()
* feat: Register push subscription

* feat: Notify when mentioned

* feat: Boost, favourite, reply, follow, follow request

* feat: Notification interaction

* feat: Handle change of public key

* feat: Unsubscribe if things go wrong

* feat: Do not send normal notifications if push is enabled

* feat: Focus client if open

* refactor: Move push logic to WebPushSubscription

* feat: Better title and body

* feat: Localize messages

* chore: Fix lint errors

* feat: Settings

* refactor: Lazy load

* fix: Check if push settings exist

* feat: Device-based preferences

* refactor: Simplify logic

* refactor: Pull request feedback

* refactor: Pull request feedback

* refactor: Create /api/web/push_subscriptions endpoint

* feat: Spec PushSubscriptionController

* refactor: WebPushSubscription => Web::PushSubscription

* feat: Spec Web::PushSubscription

* feat: Display first media attachment

* feat: Support direction

* fix: Stuff broken while rebasing

* refactor: Integration with session activations

* refactor: Cleanup

* refactor: Simplify implementation

* feat: Set VAPID keys via environment

* chore: Comments

* fix: Crash when no alerts

* fix: Set VAPID keys in testing environment

* fix: Follow link

* feat: Notification actions

* fix: Delete previous subscription

* chore: Temporary logs

* refactor: Move migration to a later date

* fix: Fetch the correct session activation and misc bugs

* refactor: Move migration to a later date

* fix: Remove follow request (no notifications)

* feat: Send administrator contact to push service

* feat: Set time-to-live

* fix: Do not show sensitive images

* fix: Reducer crash in error handling

* feat: Add badge

* chore: Fix lint error

* fix: Checkbox label overlap

* fix: Check for payload support

* fix: Rename action "type" (crash in latest Chrome)

* feat: Action to expand notification

* fix: Lint errors

* fix: Unescape notification body

* fix: Do not allow boosting if the status is hidden

* feat: Add VAPID keys to the production sample environment

* fix: Strip HTML tags from status

* refactor: Better error messages

* refactor: Handle browser not implementing the VAPID protocol (Samsung Internet)

* fix: Error when target_status is nil

* fix: Handle lack of image

* fix: Delete reference to invalid subscriptions

* feat: Better error handling

* fix: Unescape HTML characters after tags are striped

* refactor: Simpify code

* fix: Modify to work with 

* Sort strings alphabetically

* i18n: Updated Polish translation

it annoys me that it's not fully localized :P

* refactor: Use current_session in PushSubscriptionController

* fix: Rebase mistake

* fix: Set cacheName to mastodon

* refactor: Pull request feedback

* refactor: Remove logging statements

* chore(yarn): Fix conflicts with master

* chore(yarn): Copy latest from master

* chore(yarn): Readd offline-plugin

* refactor: Use save! and update!

* refactor: Send notifications async

* fix: Allow retry when push fails

* fix: Save track for failed pushes

* fix: Minify sw.js

* fix: Remove account_id from fabricator
2017-07-13 22:15:32 +02:00
Chris
23081bb299 added 'https://' to CDN_HOST variable example () 2017-05-30 18:39:28 +02:00
Immae
a94c152fd3 Allow alternate domains for mastodon handlers () 2017-05-22 15:40:04 +02:00
Wonderfall
ae78d012ac Some Dockerfile improvements ()
- improve docker_entrypoint.sh
- serve static files with puma by default
- sort packages list
- use virtual package for build deps
- show how to assign UID/GID
2017-05-20 20:01:05 +02:00
Audun Larsen
3da521a586 Adds better documentation to LOCAL_DOMAIN and LOCAL_HTTPS ()
Fixes 
2017-05-19 20:55:15 +02:00
Jarek Lipski
b18504adfe Improve example env file for local Postfix relay () 2017-05-08 03:34:11 +02:00
ThibG
4d22d03fab Add additional documentation and warnings to the WEB_DOMAIN setting. ()
* Add additional documentation and warnings to the WEB_DOMAIN setting.

This feature is largely undocumented, and quite a number of users have
shot them in the feet already despite the warning. Added a bit of documentation
and expanded the warning until we have a mechanism for dealing with conflicting
user URIs.

* Change WEB_DOMAIN comments to point to the extensive online documentation
2017-05-05 04:56:28 +02:00
abcang
629a4d0fca fix DB_URL () 2017-05-04 15:53:44 +02:00
Eugen Rochko
c997091166 Clean up redis configuration. Allow using REDIS_URL to set advanced ()
connection options instead of setting REDIS_HOST etc individually

Close 
2017-05-03 23:18:13 +02:00
Akihiko Odaki
26bc591572 Allow to set CA file for SMTP () 2017-05-03 01:03:12 +02:00
evilny0
0876a06e45 Updated note about 'none' SMTP authentication method in .env.production.sample () 2017-04-19 23:16:43 +02:00
Yamagishi Kazutoshi
8b8e140c71 Change to switch signature version for Amazon S3 () 2017-04-19 14:18:50 +02:00
Ian Kelling
fd62d4de10 Add documentation of SMTP_DOMAIN ()
Without setting it, exim will reject the mail with a message like:
rejected EHLO from [10.20.0.1]: syntactically invalid argument(s): {}
2017-04-17 10:42:29 +02:00
Miguel Jacq
e9eaf9e33c Allow using an SMTP server without authentication ()
* Allow using an SMTP server without authentication (e.g Postfix relay on the same host) by setting SMTP_LOGIN and SMTP_AUTH_METHOD to 'none'

* Add note in .env.production.sample about SMTP settings for servers where no auth is required

* Assume that SMTP_LOGIN and SMTP_PASSWORD will be blank if we set SMTP_AUTH_METHOD to none
2017-04-17 10:41:19 +02:00
geta6
64e1d51025 Improve streaming server with cluster () 2017-04-17 04:32:30 +02:00
Les Orchard
7609593e48 Add REDIS_DB env variable to configure Redis database () 2017-04-15 02:21:13 +02:00
ThibG
a9529d3b4b Allow running mastodon on a different domain as the one used for identifying users ()
* Allow running mastodon on a different domain as the one used for identifying users

* Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing

* Compare to web_domain instead of local_domain when dealing with feeds/API

* Correctly identify mentions to local accounts

Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
2017-04-15 02:15:46 +02:00
Valentin Lorentz
5ab0ffc6c8 Custom Paperclip path. ()
* Custom Paperclip path.

* Document PAPERCLIP_ROOT.

* Add PAPERCLIP_ROOT_URL (and rename PAPERCLIP_ROOT to PAPERCLIP_ROOT_PATH).
2017-04-15 02:07:21 +02:00
James Moore
d9dc0fe84e smtp delivery type fix ()
* delivery fix

# Conflicts:
#	config/environments/production.rb

* added stub in .env file

* reordered and added a comment
2017-04-13 19:51:49 +02:00
Alexander Mankuta
0dbbc16c69 More SMTP customization ()
* Allow SMTP auth method customization

* Add SMTP openssl_verify_mode option support

Allows one use self-signed certs with their SMTP server.

* Add SMTP enable_starttls_auto option support
2017-04-10 21:48:30 +02:00
Eugen
d5a675099a Add env variable to disable prepared statements () 2017-04-09 05:46:32 +02:00