UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-12-19 03:23:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #5109 from pixelfed/staging

Browse source 
Staging
This commit is contained in:
daniel 2024-05-24 23:21:43 -06:00 committed by GitHub
commit ed9bd2df8c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 397 additions and 395 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Dockerfile
View file

@ -132,6 +132,10 @@ ENV DEBIAN_FRONTEND="noninteractive"
# Ensure we run all scripts through 'bash' rather than 'sh' # Ensure we run all scripts through 'bash' rather than 'sh'
SHELL ["/bin/bash", "-c"] SHELL ["/bin/bash", "-c"]
# Set www-data to be RUNTIME_UID/RUNTIME_GID
RUN groupmod --gid ${RUNTIME_GID} www-data \
&& usermod --uid ${RUNTIME_UID} --gid ${RUNTIME_GID} www-data
RUN set -ex \ RUN set -ex \
&& mkdir -pv /var/www/ \ && mkdir -pv /var/www/ \
&& chown -R ${RUNTIME_UID}:${RUNTIME_GID} /var/www && chown -R ${RUNTIME_UID}:${RUNTIME_GID} /var/www

11
app/Http/Controllers/FederationController.php
View file

@ -72,14 +72,14 @@ class FederationController extends Controller
return response()->json($res, 200, [], JSON_UNESCAPED_SLASHES); return response()->json($res, 200, [], JSON_UNESCAPED_SLASHES);
} }
if(str_starts_with($resource, 'https://')) { if (str_starts_with($resource, 'https://')) {
if(str_starts_with($resource, 'https://' . $domain . '/users/')) { if (str_starts_with($resource, 'https://'.$domain.'/users/')) {
$username = str_replace('https://' . $domain . '/users/', '', $resource); $username = str_replace('https://'.$domain.'/users/', '', $resource);
if(strlen($username) > 15) { if (strlen($username) > 15) {
return response('', 400); return response('', 400);
} }
$stripped = str_replace(['_', '.', '-'], '', $username); $stripped = str_replace(['_', '.', '-'], '', $username);
if(!ctype_alnum($stripped)) { if (! ctype_alnum($stripped)) {
return response('', 400); return response('', 400);
} }
$key = 'federation:webfinger:sha256:url-username:'.$username; $key = 'federation:webfinger:sha256:url-username:'.$username;
@ -92,6 +92,7 @@ class FederationController extends Controller
} }
$webfinger = (new Webfinger($profile))->generate(); $webfinger = (new Webfinger($profile))->generate();
Cache::put($key, $webfinger, 1209600); Cache::put($key, $webfinger, 1209600);
return response()->json($webfinger, 200, [], JSON_UNESCAPED_SLASHES) return response()->json($webfinger, 200, [], JSON_UNESCAPED_SLASHES)
->header('Access-Control-Allow-Origin', '*'); ->header('Access-Control-Allow-Origin', '*');
} else { } else {

4
app/Util/Lexer/RestrictedNames.php
View file

@ -194,6 +194,7 @@ class RestrictedNames
'headers', 'headers',
'home', 'home',
'help', 'help',
'help.center',
'helpcenter', 'helpcenter',
'help-center', 'help-center',
'help_center', 'help_center',
@ -212,6 +213,7 @@ class RestrictedNames
'invites', 'invites',
'import', 'import',
'imports', 'imports',
'intent',
'j', 'j',
'join', 'join',
'js', 'js',
@ -363,7 +365,7 @@ class RestrictedNames
{ {
$banned = []; $banned = [];
if(config('instance.username.banned')) { if (config('instance.username.banned')) {
$banned = array_map('trim', explode(',', config('instance.username.banned'))); $banned = array_map('trim', explode(',', config('instance.username.banned')));
} }

2
docker/shared/root/docker/entrypoint.d/01-permissions.sh
View file

@ -17,7 +17,7 @@ run-as-current-user chown --verbose --recursive "${RUNTIME_UID}:${RUNTIME_GID}"
: "${DOCKER_APP_ENSURE_OWNERSHIP_PATHS:=""}" : "${DOCKER_APP_ENSURE_OWNERSHIP_PATHS:=""}"
declare -a ensure_ownership_paths=() declare -a ensure_ownership_paths=()
IFS=' ' read -ar ensure_ownership_paths <<<"${DOCKER_APP_ENSURE_OWNERSHIP_PATHS}" IFS=' ' read -r -a ensure_ownership_paths <<<"${DOCKER_APP_ENSURE_OWNERSHIP_PATHS}"
if [[ ${#ensure_ownership_paths[@]} == 0 ]]; then if [[ ${#ensure_ownership_paths[@]} == 0 ]]; then
log-info "No paths has been configured for ownership fixes via [\$DOCKER_APP_ENSURE_OWNERSHIP_PATHS]." log-info "No paths has been configured for ownership fixes via [\$DOCKER_APP_ENSURE_OWNERSHIP_PATHS]."

6
docker/shared/root/docker/entrypoint.d/05-templating.sh
View file

@ -16,12 +16,8 @@ entrypoint-set-script-name "$0"
declare template_file relative_template_file_path output_file_dir declare template_file relative_template_file_path output_file_dir
# load all dot-env config files # load all dot-env config files
load-config-files load-and-export-config-files
# export all dot-env variables so they are available in templating
#
# shellcheck disable=SC2068
export ${seen_dot_env_variables[@]}
find "${ENTRYPOINT_TEMPLATE_DIR}" -follow -type f -print | while read -r template_file; do find "${ENTRYPOINT_TEMPLATE_DIR}" -follow -type f -print | while read -r template_file; do
# Example: template_file=/docker/templates/usr/local/etc/php/php.ini # Example: template_file=/docker/templates/usr/local/etc/php/php.ini

2
docker/shared/root/docker/entrypoint.sh
View file

@ -28,7 +28,7 @@ entrypoint-set-script-name "entrypoint.sh"
# Convert ENTRYPOINT_SKIP_SCRIPTS into a native bash array for easier lookup # Convert ENTRYPOINT_SKIP_SCRIPTS into a native bash array for easier lookup
declare -a skip_scripts declare -a skip_scripts
# shellcheck disable=SC2034 # shellcheck disable=SC2034
IFS=' ' read -ar skip_scripts <<< "$ENTRYPOINT_SKIP_SCRIPTS" IFS=' ' read -r -a skip_scripts <<< "$ENTRYPOINT_SKIP_SCRIPTS"
# Ensure the entrypoint root folder exists # Ensure the entrypoint root folder exists
mkdir -p "${ENTRYPOINT_D_ROOT}" mkdir -p "${ENTRYPOINT_D_ROOT}"

37
docker/shared/root/docker/helpers.sh
View file

@ -27,9 +27,6 @@ declare -a dot_env_files=(
/var/www/.env /var/www/.env
) )
# environment keys seen when source dot files (so we can [export] them)
declare -ga seen_dot_env_variables=()
declare -g docker_state_path declare -g docker_state_path
docker_state_path="$(readlink -f ./storage/docker)" docker_state_path="$(readlink -f ./storage/docker)"
@ -250,13 +247,23 @@ function log-info-stderr()
fi fi
} }
# @description Loads the dot-env files used by Docker and track the keys present in the configuration. # @description Loads the dot-env files used by Docker
# @sets seen_dot_env_variables array List of config keys discovered during loading function load-config-files() {
function load-config-files() local export_vars=0
{ load-config-files-impl "$export_vars"
# Associative array (aka map/dictionary) holding the unique keys found in dot-env files }
local -A _tmp_dot_env_keys
# @description Loads the dot-env files used by Docker and exports the variables to subshells
function load-and-export-config-files() {
local export_vars=1
load-config-files-impl "$export_vars"
}
# @description Implementation of the [load-config-files] and [load-and-export-config-files] functions. Loads th
# @arg $1 int Whether to export the variables or just have them available in the current shell
function load-config-files-impl()
{
local export_vars=${1:-0}
for file in "${dot_env_files[@]}"; do for file in "${dot_env_files[@]}"; do
if ! file-exists "${file}"; then if ! file-exists "${file}"; then
log-warning "Could not source file [${file}]: does not exists" log-warning "Could not source file [${file}]: does not exists"
@ -264,19 +271,11 @@ function load-config-files()
fi fi
log-info "Sourcing ${file}" log-info "Sourcing ${file}"
if ((export_vars)); then set -o allexport; fi
# shellcheck disable=SC1090 # shellcheck disable=SC1090
source "${file}" source "${file}"
if ((export_vars)); then set +o allexport; fi
# find all keys in the dot-env file and store them in our temp associative array
for k in $(grep -v '^#' "${file}" | cut -d"=" -f1 | xargs); do
_tmp_dot_env_keys[$k]=1
done done
done
# Used in other scripts (like templating) for [export]-ing the values
#
# shellcheck disable=SC2034
seen_dot_env_variables=("${!_tmp_dot_env_keys[@]}")
} }
# @description Checks if $needle exists in $haystack # @description Checks if $needle exists in $haystack