f67b30bf81
fix: requirements.txt to reduce vulnerabilities
...
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177
2023-10-26 13:50:21 +00:00
ea08bd9153
build(deps): bump pyrsistent from 0.19.3 to 0.20.0
...
Bumps [pyrsistent](https://github.com/tobgu/pyrsistent ) from 0.19.3 to 0.20.0.
- [Changelog](https://github.com/tobgu/pyrsistent/blob/master/CHANGES.txt )
- [Commits](https://github.com/tobgu/pyrsistent/compare/v0.19.3...v0.20.0 )
---
updated-dependencies:
- dependency-name: pyrsistent
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-26 05:34:41 -07:00
ca8b7484c0
drop User.as2, Object.as_as2, switch callers to Protocol.convert
2023-10-25 13:28:01 -07:00
3471476092
Revert "Protocol.receive: bump up threads from 10 to 30"
...
Seemed to make things worse, not better. Guess I need to implement continuation passing across task handler requests. #652
This reverts commit 66da2efc7a
2023-10-25 12:31:52 -07:00
e833eb04dc
Object.resolve_ids: compact output objects with just id to bare string ids
2023-10-25 12:31:52 -07:00
acb1c703a3
rename Protocol.serve => .convert, move Content-Type to class constant
2023-10-25 12:31:52 -07:00
c3c3c17c9d
build(deps): bump cryptography from 41.0.4 to 41.0.5
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.4 to 41.0.5.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.4...41.0.5 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-25 06:02:09 -07:00
93c67ba7bb
build(deps): bump werkzeug from 3.0.0 to 3.0.1
...
Bumps [werkzeug](https://github.com/pallets/werkzeug ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/pallets/werkzeug/releases )
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst )
- [Commits](https://github.com/pallets/werkzeug/compare/3.0.0...3.0.1 )
---
updated-dependencies:
- dependency-name: werkzeug
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-25 06:02:01 -07:00
6a867ca2c4
update for granary.as2's new PropertyValue attachment handling
...
snarfed/granary@20d6c3f065
2023-10-24 16:02:16 -07:00
5a07e154ef
use subdomain_wrap in ids.convert
2023-10-24 15:58:03 -07:00
023ffd0b7a
docs: cut the supported apps section way down, link to GH issues search
2023-10-24 13:15:56 -07:00
611bc94fc2
Object.as1 from bluesky: granary now sets actor/author
...
in snarfed/granary@eceb700c6c
2023-10-24 12:36:13 -07:00
422a240183
Resolve protocol-subdomain-wrapped ids/URLs by stripping the subdomain wrapping
...
Renames Object.replace_copies_with_originals => resolve_ids. As a side effect, also fixes https://console.cloud.google.com/errors/detail/CK3U3PONxv5Q;time=P30D?project=bridgy-federated
2023-10-24 10:47:44 -07:00
d12fd99b03
noop: move Protocol.subdomain_url to common.subdomain_wrap
2023-10-23 15:44:32 -07:00
9a87d7261f
fix crash on RSS/Atom feeds for users without obj or obj.as1
...
fixes https://console.cloud.google.com/errors/detail/CKSZq8OU-tCRXA;time=P30D?project=bridgy-federated
2023-10-23 13:11:40 -07:00
f783dcc762
build(deps): bump websockets from 11.0.3 to 12.0
...
Bumps [websockets](https://github.com/python-websockets/websockets ) from 11.0.3 to 12.0.
- [Release notes](https://github.com/python-websockets/websockets/releases )
- [Commits](https://github.com/python-websockets/websockets/compare/11.0.3...12.0 )
---
updated-dependencies:
- dependency-name: websockets
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 06:41:57 -07:00
4205f1f626
build(deps): bump charset-normalizer from 3.3.0 to 3.3.1
...
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer ) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases )
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.0...3.3.1 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 06:04:44 -07:00
50aa80884e
build(deps): bump cbor2 from 5.4.6 to 5.5.0
...
Bumps [cbor2](https://github.com/agronholm/cbor2 ) from 5.4.6 to 5.5.0.
- [Release notes](https://github.com/agronholm/cbor2/releases )
- [Changelog](https://github.com/agronholm/cbor2/blob/master/docs/versionhistory.rst )
- [Commits](https://github.com/agronholm/cbor2/compare/5.4.6...5.5.0 )
---
updated-dependencies:
- dependency-name: cbor2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-23 05:57:20 -07:00
158200d9fd
bug fix for opt out, handle HTML
2023-10-21 20:51:54 -07:00
b32045d494
postprocess_as2: duplicate content into contentMap.en
...
for #681 . this suppresses Mastodon's Translate link. longer term "right" fix is to actually detect the source's language, if available, and use it instead.
2023-10-20 13:37:54 -07:00
1fa205af30
User.get_or_create: only fetch user profile if we don't already have it
2023-10-20 11:23:43 -07:00
39c0d0e734
atproto: hard code our PDS URL to atproto.brid.gy
...
even on localhost
2023-10-20 11:16:23 -07:00
6f1bf8a5ef
activitypub: handle query params in URL when checking HTTP Sig
2023-10-19 22:15:39 -07:00
16d8832c72
receive: support ?force=true to skip "already seen this id" check
2023-10-19 22:15:14 -07:00
d31f470178
Web.is_web_url: ignore www subdomain
...
for 3b88b0f
2023-10-19 16:25:04 -07:00
3b88b0f315
AP: don't create "receiving" user in inbox, don't set actor to g.user in send
...
more iffy kinda scary changes. gulp. important though, baby step toward killing g.user! #690
2023-10-19 16:15:40 -07:00
fe3a9b693c
User.get_or_create: load user profile object, fetch if it doesn't exist
2023-10-19 15:01:19 -07:00
4faf551f8f
testutil: generate activitypub._DEFAULT_SIGNATURE_USER proactively
2023-10-19 13:09:19 -07:00
89cd73831b
rework g.user
...
* it's always sending user ie actor
* don't pass it to task from atproto.poll_notifications (we were incorrectly passing the receiving user)
* in Protocol.receive, default g.user to actor/author
* in ActivityPub.signed_request, if g.user is ActivityPub, it won't have AP keys, so use default signing user instead
kinda scary and iffy. 🤞 🤞 🤞
2023-10-18 13:56:53 -07:00
e66ca3fb7f
noop: expand a few log messages
2023-10-18 13:13:44 -07:00
7e3613ab6c
fix ATProto.target_for: it should always return our base URL as the PDS
2023-10-18 12:01:17 -07:00
9e1acf1cf7
replace copy ids with originals in Protocol.load
...
honestly not sure if this is necessary yet, and it's moderately expensive, two serial datastore queries with an IN filter. we'll see.
2023-10-18 11:18:20 -07:00
d7a51916ad
/r/ redirect: handle bad URLs
...
fixes https://console.cloud.google.com/errors/detail/CJ30oPbsoqmI7QE;time=P30D?project=bridgy-federated
2023-10-18 11:03:22 -07:00
efdf84a023
Protocol.receive: replace copy ids with originals, related bug fixes
2023-10-18 11:03:22 -07:00
e486c28919
testutil noop, fix class names in Fake log messages
2023-10-18 11:03:22 -07:00
c1b07acfa5
cloud tasks only
2023-10-18 11:03:22 -07:00
ff88c082ef
try not clearing Object.bsky
...
now that we're starting to replace copies with originals in ids, actors, etc, it'd be nice to preserve the original source object data.
2023-10-18 11:03:22 -07:00
96b84511eb
add Object.replace_copies_with_originals
2023-10-18 11:03:22 -07:00
dcfdf35416
point atproto at federation sandbox, fix notif poll by importing all protocols
2023-10-18 11:03:21 -07:00
b8c7d1cd96
receive_task: set object.new to force receive to process it
2023-10-18 11:03:21 -07:00
fc96959383
tone down logging, especially for polling ATProto notifs
2023-10-18 11:03:21 -07:00
12375e0111
protect webmention and receive task handlers with @cloud_tasks_only
2023-10-18 11:03:21 -07:00
a0a92d4f3e
add URL to notification feed entries
2023-10-18 11:03:21 -07:00
6add016b7e
build(deps): bump urllib3 from 2.0.6 to 2.0.7
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.6 to 2.0.7.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-17 14:08:16 -07:00
4a3607325f
canonicalize domain: redirect UI requests on other domains to fed.brid.gy
2023-10-16 14:02:17 -07:00
66da2efc7a
Protocol.receive: bump up threads from 10 to 30
...
10 still isn't enough! tantek's ~300 inboxes are still hitting the 10m deadline.
2023-10-16 13:47:54 -07:00
325ba64c66
authorization: block external requests to cloud task handlers
...
...by checking for a GAE Cloud Tasks header: https://cloud.google.com/tasks/docs/creating-appengine-handlers#reading_task_request_headers
2023-10-16 13:04:34 -07:00
db3a5e7fd6
authorization: pass and accept authed_as in receive task handler
...
for #566
2023-10-16 12:45:27 -07:00
f292a7d957
authorization: allow actor to update/delete itself
...
for #566
2023-10-16 12:25:29 -07:00
c83c77a73e
authorization: log when authed user doesn't match activity's author/actor
...
for #566 . just logging for now, want to see if we're already hitting this at all.
2023-10-16 11:13:38 -07:00
snyk-bot