UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-12-18 19:13:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #5109 from pixelfed/staging

Browse source 
Staging
This commit is contained in:
daniel 2024-05-24 23:21:43 -06:00 committed by GitHub
commit ed9bd2df8c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 397 additions and 395 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Dockerfile
View file

@ -132,6 +132,10 @@ ENV DEBIAN_FRONTEND="noninteractive"
# Ensure we run all scripts through 'bash' rather than 'sh' # Ensure we run all scripts through 'bash' rather than 'sh'
SHELL ["/bin/bash", "-c"] SHELL ["/bin/bash", "-c"]
# Set www-data to be RUNTIME_UID/RUNTIME_GID
RUN groupmod --gid ${RUNTIME_GID} www-data \
&& usermod --uid ${RUNTIME_UID} --gid ${RUNTIME_GID} www-data
RUN set -ex \ RUN set -ex \
&& mkdir -pv /var/www/ \ && mkdir -pv /var/www/ \
&& chown -R ${RUNTIME_UID}:${RUNTIME_GID} /var/www && chown -R ${RUNTIME_UID}:${RUNTIME_GID} /var/www

11
app/Http/Controllers/FederationController.php
View file

@ -72,14 +72,14 @@ class FederationController extends Controller
return response()->json($res, 200, [], JSON_UNESCAPED_SLASHES); return response()->json($res, 200, [], JSON_UNESCAPED_SLASHES);
} }
if(str_starts_with($resource, 'https://')) { if (str_starts_with($resource, 'https://')) {
if(str_starts_with($resource, 'https://' . $domain . '/users/')) { if (str_starts_with($resource, 'https://'.$domain.'/users/')) {
$username = str_replace('https://' . $domain . '/users/', '', $resource); $username = str_replace('https://'.$domain.'/users/', '', $resource);
if(strlen($username) > 15) { if (strlen($username) > 15) {
return response('', 400); return response('', 400);
} }
$stripped = str_replace(['_', '.', '-'], '', $username); $stripped = str_replace(['_', '.', '-'], '', $username);
if(!ctype_alnum($stripped)) { if (! ctype_alnum($stripped)) {
return response('', 400); return response('', 400);
} }
$key = 'federation:webfinger:sha256:url-username:'.$username; $key = 'federation:webfinger:sha256:url-username:'.$username;
@ -92,6 +92,7 @@ class FederationController extends Controller
} }
$webfinger = (new Webfinger($profile))->generate(); $webfinger = (new Webfinger($profile))->generate();
Cache::put($key, $webfinger, 1209600); Cache::put($key, $webfinger, 1209600);
return response()->json($webfinger, 200, [], JSON_UNESCAPED_SLASHES) return response()->json($webfinger, 200, [], JSON_UNESCAPED_SLASHES)
->header('Access-Control-Allow-Origin', '*'); ->header('Access-Control-Allow-Origin', '*');
} else { } else {

730
app/Util/Lexer/RestrictedNames.php
View file

@ -4,376 +4,378 @@ namespace App\Util\Lexer;
class RestrictedNames class RestrictedNames
{ {
public static $additional = [ public static $additional = [
'autoconfig', 'autoconfig',
'blog', 'blog',
'broadcasthost', 'broadcasthost',
'copyright', 'copyright',
'download', 'download',
'domainadmin', 'domainadmin',
'domainadministrator', 'domainadministrator',
'errors', 'errors',
'events', 'events',
'example', 'example',
'faq', 'faq',
'faqs', 'faqs',
'features', 'features',
'ftp', 'ftp',
'guest', 'guest',
'guests', 'guests',
'hostmaster', 'hostmaster',
'hostmaster', 'hostmaster',
'imap', 'imap',
'info', 'info',
'information', 'information',
'is', 'is',
'isatap', 'isatap',
'it', 'it',
'localdomain', 'localdomain',
'localhost', 'localhost',
'mail', 'mail',
'mailer-daemon', 'mailer-daemon',
'mailerdaemon', 'mailerdaemon',
'marketing', 'marketing',
'me', 'me',
'mis', 'mis',
'mx', 'mx',
'no-reply', 'no-reply',
'nobody', 'nobody',
'noc', 'noc',
'noreply', 'noreply',
'ns0', 'ns0',
'ns1', 'ns1',
'ns2', 'ns2',
'ns3', 'ns3',
'ns4', 'ns4',
'ns5', 'ns5',
'ns6', 'ns6',
'ns7', 'ns7',
'ns8', 'ns8',
'ns9', 'ns9',
'owner', 'owner',
'pop', 'pop',
'pop3', 'pop3',
'postmaster', 'postmaster',
'pricing', 'pricing',
'root', 'root',
'sales', 'sales',
'security', 'security',
'signin', 'signin',
'signout', 'signout',
'smtp', 'smtp',
'src', 'src',
'ssladmin', 'ssladmin',
'ssladministrator', 'ssladministrator',
'sslwebmaster', 'sslwebmaster',
'sys', 'sys',
'sysadmin', 'sysadmin',
'system', 'system',
'tutorial', 'tutorial',
'tutorials', 'tutorials',
'usenet', 'usenet',
'uucp', 'uucp',
'webmaster', 'webmaster',
'wpad', 'wpad',
]; ];
public static $reserved = [ public static $reserved = [
// Reserved for instance admin // Reserved for instance admin
'admin', 'admin',
'administrator', 'administrator',
// Static Assets // Static Assets
'assets', 'assets',
'public', 'public',
'storage', 'storage',
'htaccess', 'htaccess',
'.htaccess', '.htaccess',
'favicon.ico', 'favicon.ico',
'embed.js', 'embed.js',
'index.php', 'index.php',
'manifest.json', 'manifest.json',
'mix-manifest.json', 'mix-manifest.json',
'robots.txt', 'robots.txt',
// Laravel Horizon // Laravel Horizon
'horizon', 'horizon',
// Reserved routes // Reserved routes
'a', 'a',
'app', 'app',
'about', 'about',
'aboutus', 'aboutus',
'about-us', 'about-us',
'abuse', 'abuse',
'actor', 'actor',
'actors', 'actors',
'account', 'account',
'admins', 'admins',
'api', 'api',
'audio', 'audio',
'auth', 'auth',
'avatar', 'avatar',
'avatars', 'avatars',
'b', 'b',
'bartender', 'bartender',
'broadcast', 'broadcast',
'broadcaster', 'broadcaster',
'booth', 'booth',
'bouncer', 'bouncer',
'browse', 'browse',
'c', 'c',
'cdn', 'cdn',
'circle', 'circle',
'circles', 'circles',
'checkpoint', 'checkpoint',
'collection', 'collection',
'collections', 'collections',
'community', 'community',
'communities', 'communities',
'contact', 'contact',
'contact-us', 'contact-us',
'contact_us', 'contact_us',
'costar', 'costar',
'costars', 'costars',
'css', 'css',
'd', 'd',
'dashboard', 'dashboard',
'delete', 'delete',
'deleted', 'deleted',
'deleting', 'deleting',
'dmca', 'dmca',
'db', 'db',
'deck', 'deck',
'dev', 'dev',
'developer', 'developer',
'developers', 'developers',
'discover', 'discover',
'discovers', 'discovers',
'dj', 'dj',
'doc', 'doc',
'docs', 'docs',
'docs', 'docs',
'drive', 'drive',
'drives', 'drives',
'driver', 'driver',
'e', 'e',
'embed', 'embed',
'email', 'email',
'emails', 'emails',
'emoji', 'emoji',
'emojis', 'emojis',
'error', 'error',
'explore', 'explore',
'export', 'export',
'exports', 'exports',
'external', 'external',
'f', 'f',
'fedi', 'fedi',
'fediverse', 'fediverse',
'feed', 'feed',
'featured', 'featured',
'font', 'font',
'fonts', 'fonts',
'follow', 'follow',
'follows', 'follows',
'followme', 'followme',
'follow-me', 'follow-me',
'follow_me', 'follow_me',
'g', 'g',
'go', 'go',
'gdpr', 'gdpr',
'graph', 'graph',
'ghost', 'ghost',
'ghosts', 'ghosts',
'global', 'global',
'group', 'group',
'groups', 'groups',
'h', 'h',
'header', 'header',
'headers', 'headers',
'home', 'home',
'help', 'help',
'helpcenter', 'help.center',
'help-center', 'helpcenter',
'help_center', 'help-center',
'help_center_', 'help_center',
'help-center-', 'help_center_',
'help-center_', 'help-center-',
'help_center-', 'help-center_',
'i', 'help_center-',
'instance', 'i',
'inbox', 'instance',
'img', 'inbox',
'imgs', 'img',
'image', 'imgs',
'images', 'image',
'invite', 'images',
'invites', 'invite',
'import', 'invites',
'imports', 'import',
'j', 'imports',
'join', 'intent',
'js', 'j',
'k', 'join',
'key', 'js',
'l', 'k',
'lang', 'key',
'language', 'l',
'_lang', 'lang',
'_language', 'language',
'lab', '_lang',
'labs', '_language',
'legal', 'lab',
'link', 'labs',
'live', 'legal',
'look', 'link',
'look-back', 'live',
'loop', 'look',
'loops', 'look-back',
'location', 'loop',
'locations', 'loops',
'login', 'location',
'logout', 'locations',
'm', 'login',
'media', 'logout',
'mini', 'm',
'micro', 'media',
'menu', 'mini',
'music', 'micro',
'my2020', 'menu',
'my2021', 'music',
'my2022', 'my2020',
'my2023', 'my2021',
'my2024', 'my2022',
'my2025', 'my2023',
'my2026', 'my2024',
'my2027', 'my2025',
'my2028', 'my2026',
'my2029', 'my2027',
'my2030', 'my2028',
'my', 'my2029',
'n', 'my2030',
'news', 'my',
'new', 'n',
'news', 'news',
'news', 'new',
'newsfeed', 'news',
'newsroom', 'news',
'newsrooms', 'newsfeed',
'news-room', 'newsroom',
'news-rooms', 'newsrooms',
'network', 'news-room',
'networks', 'news-rooms',
'o', 'network',
'oauth', 'networks',
'official', 'o',
'p', 'oauth',
'page', 'official',
'pages', 'p',
'pin', 'page',
'pins', 'pages',
'photo', 'pin',
'photos', 'pins',
'password', 'photo',
'portfolio', 'photos',
'portfolios', 'password',
'pre', 'portfolio',
'post', 'portfolios',
'privacy', 'pre',
'private', 'post',
'q', 'privacy',
'quote', 'private',
'query', 'q',
'r', 'quote',
'redirect', 'query',
'redirects', 'r',
'register', 'redirect',
'registers', 'redirects',
'review', 'register',
'reviews', 'registers',
'reset', 'review',
'report', 'reviews',
'results', 'reset',
'reports', 'report',
'robot', 'results',
'robots', 'reports',
's', 'robot',
'sc', 'robots',
'search', 's',
'sell', 'sc',
'send', 'search',
'settings', 'sell',
'short', 'send',
'shortcode', 'settings',
'status', 'short',
'statuses', 'shortcode',
'site', 'status',
'sites', 'statuses',
'stage', 'site',
'static', 'sites',
'story', 'stage',
'stories', 'static',
'support', 'story',
'svg', 'stories',
'svgs', 'support',
't', 'svg',
'terms', 'svgs',
'telescope', 't',
'timeline', 'terms',
'timelines', 'telescope',
'tour', 'timeline',
'tv', 'timelines',
'u', 'tour',
'user', 'tv',
'users', 'u',
'username', 'user',
'usernames', 'users',
'v', 'username',
'valet', 'usernames',
'video', 'v',
'videos', 'valet',
'vendor', 'video',
'w', 'videos',
'waiter', 'vendor',
'wall', 'w',
'whats-new', 'waiter',
'whatsnew', 'wall',
'whatnew', 'whats-new',
'whats-news', 'whatsnew',
'web', 'whatnew',
'ws', 'whats-news',
'wss', 'web',
'www', 'ws',
'x', 'wss',
'y', 'www',
'year', 'x',
'year-in-review', 'y',
'z', 'year',
'400', 'year-in-review',
'401', 'z',
'403', '400',
'404', '401',
'500', '403',
'503', '404',
'504', '500',
]; '503',
'504',
];
public static function get() public static function get()
{ {
$banned = []; $banned = [];
if(config('instance.username.banned')) { if (config('instance.username.banned')) {
$banned = array_map('trim', explode(',', config('instance.username.banned'))); $banned = array_map('trim', explode(',', config('instance.username.banned')));
} }
$additional = self::$additional; $additional = self::$additional;
$reserved = self::$reserved; $reserved = self::$reserved;
$res = array_merge($additional, $reserved, $banned); $res = array_merge($additional, $reserved, $banned);
$res = array_unique($res); $res = array_unique($res);
sort($res); sort($res);
return $res; return $res;
} }
} }

2
docker/shared/root/docker/entrypoint.d/01-permissions.sh
View file

@ -17,7 +17,7 @@ run-as-current-user chown --verbose --recursive "${RUNTIME_UID}:${RUNTIME_GID}"
: "${DOCKER_APP_ENSURE_OWNERSHIP_PATHS:=""}" : "${DOCKER_APP_ENSURE_OWNERSHIP_PATHS:=""}"
declare -a ensure_ownership_paths=() declare -a ensure_ownership_paths=()
IFS=' ' read -ar ensure_ownership_paths <<<"${DOCKER_APP_ENSURE_OWNERSHIP_PATHS}" IFS=' ' read -r -a ensure_ownership_paths <<<"${DOCKER_APP_ENSURE_OWNERSHIP_PATHS}"
if [[ ${#ensure_ownership_paths[@]} == 0 ]]; then if [[ ${#ensure_ownership_paths[@]} == 0 ]]; then
log-info "No paths has been configured for ownership fixes via [\$DOCKER_APP_ENSURE_OWNERSHIP_PATHS]." log-info "No paths has been configured for ownership fixes via [\$DOCKER_APP_ENSURE_OWNERSHIP_PATHS]."

6
docker/shared/root/docker/entrypoint.d/05-templating.sh
View file

@ -16,12 +16,8 @@ entrypoint-set-script-name "$0"
declare template_file relative_template_file_path output_file_dir declare template_file relative_template_file_path output_file_dir
# load all dot-env config files # load all dot-env config files
load-config-files load-and-export-config-files
# export all dot-env variables so they are available in templating
#
# shellcheck disable=SC2068
export ${seen_dot_env_variables[@]}
find "${ENTRYPOINT_TEMPLATE_DIR}" -follow -type f -print | while read -r template_file; do find "${ENTRYPOINT_TEMPLATE_DIR}" -follow -type f -print | while read -r template_file; do
# Example: template_file=/docker/templates/usr/local/etc/php/php.ini # Example: template_file=/docker/templates/usr/local/etc/php/php.ini

2
docker/shared/root/docker/entrypoint.sh
View file

@ -28,7 +28,7 @@ entrypoint-set-script-name "entrypoint.sh"
# Convert ENTRYPOINT_SKIP_SCRIPTS into a native bash array for easier lookup # Convert ENTRYPOINT_SKIP_SCRIPTS into a native bash array for easier lookup
declare -a skip_scripts declare -a skip_scripts
# shellcheck disable=SC2034 # shellcheck disable=SC2034
IFS=' ' read -ar skip_scripts <<< "$ENTRYPOINT_SKIP_SCRIPTS" IFS=' ' read -r -a skip_scripts <<< "$ENTRYPOINT_SKIP_SCRIPTS"
# Ensure the entrypoint root folder exists # Ensure the entrypoint root folder exists
mkdir -p "${ENTRYPOINT_D_ROOT}" mkdir -p "${ENTRYPOINT_D_ROOT}"

37
docker/shared/root/docker/helpers.sh
View file

@ -27,9 +27,6 @@ declare -a dot_env_files=(
/var/www/.env /var/www/.env
) )
# environment keys seen when source dot files (so we can [export] them)
declare -ga seen_dot_env_variables=()
declare -g docker_state_path declare -g docker_state_path
docker_state_path="$(readlink -f ./storage/docker)" docker_state_path="$(readlink -f ./storage/docker)"
@ -250,13 +247,23 @@ function log-info-stderr()
fi fi
} }
# @description Loads the dot-env files used by Docker and track the keys present in the configuration. # @description Loads the dot-env files used by Docker
# @sets seen_dot_env_variables array List of config keys discovered during loading function load-config-files() {
function load-config-files() local export_vars=0
{ load-config-files-impl "$export_vars"
# Associative array (aka map/dictionary) holding the unique keys found in dot-env files }
local -A _tmp_dot_env_keys
# @description Loads the dot-env files used by Docker and exports the variables to subshells
function load-and-export-config-files() {
local export_vars=1
load-config-files-impl "$export_vars"
}
# @description Implementation of the [load-config-files] and [load-and-export-config-files] functions. Loads th
# @arg $1 int Whether to export the variables or just have them available in the current shell
function load-config-files-impl()
{
local export_vars=${1:-0}
for file in "${dot_env_files[@]}"; do for file in "${dot_env_files[@]}"; do
if ! file-exists "${file}"; then if ! file-exists "${file}"; then
log-warning "Could not source file [${file}]: does not exists" log-warning "Could not source file [${file}]: does not exists"
@ -264,19 +271,11 @@ function load-config-files()
fi fi
log-info "Sourcing ${file}" log-info "Sourcing ${file}"
if ((export_vars)); then set -o allexport; fi
# shellcheck disable=SC1090 # shellcheck disable=SC1090
source "${file}" source "${file}"
if ((export_vars)); then set +o allexport; fi
# find all keys in the dot-env file and store them in our temp associative array
for k in $(grep -v '^#' "${file}" | cut -d"=" -f1 | xargs); do
_tmp_dot_env_keys[$k]=1
done
done done
# Used in other scripts (like templating) for [export]-ing the values
#
# shellcheck disable=SC2034
seen_dot_env_variables=("${!_tmp_dot_env_keys[@]}")
} }
# @description Checks if $needle exists in $haystack # @description Checks if $needle exists in $haystack