Commit graph

70 commits

Author SHA1 Message Date
Hugo Gameiro
3cd3cb6a41 Add SMTP reply_to option (#11718)
* Add SMTP_REPLY_TO in .env.production.sample

* Set reply_to in SMTP options
2019-09-02 18:12:40 +02:00
Stanislas
9767db2a6b Add ES_PREFIX in .env.production.sample (#10087) 2019-05-09 22:41:27 +02:00
M Somerville
4b27569841 Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. (#8423)
Still check for S3_CLOUDFRONT_HOST for existing installs.
2018-08-25 13:27:08 +02:00
Immae
cbaabe0215 Add ldap search filter (#8151) 2018-08-15 18:12:44 +02:00
MIYAGI Hikaru
ac56fa3c22 Merge HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY into ALLOW_ACCESS_TO_HIDDEN_SERVICE (#7901)
If Mastodon accesses to the hidden service via transparent proxy, it's needed to avoid checking whether it's a private address, since `.onion` is resolved to a private address.
I was previously using the `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` to provide that function. However, I realized that using `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` is redundant, since this specification is always used with `ALLOW_ACCESS_TO_HIDDEN_SERVICE`. Therefore, I decided to integrate the setting of `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into` ALLOW_ACCESS_TO_HIDDEN_SERVICE`.
2018-06-29 15:36:02 +02:00
Akihiko Odaki
0cb1524dc1 Cache attachments on external host with service worker (#7493) 2018-05-29 00:43:47 +02:00
Hugo Gameiro
27cfb13b83 Improve OpenStack v3 compatibility (#7392)
* Update paperclip.rb

* Update .env.production.sample

* Update paperclip.rb
2018-05-07 02:28:28 +02:00
MIYAGI Hikaru
28808f638e HTTP proxy support for outgoing request, manage access to hidden service (#7134)
* Add support for HTTP client proxy

* Add access control for darknet

Supress error when access to darknet via transparent proxy

* Fix the codes pointed out

* Lint

* Fix an omission + lint

* any? -> include?

* Change detection method to regexp to avoid test fail
2018-04-25 02:14:49 +02:00
Akihiko Odaki
aec3ebab81 Document CORS requirement for asset host (#6941) 2018-03-28 20:40:18 +02:00
Alexander
af08f6042d rename pam email environment variable to something more understandable and default to LOCAL_DOMAIN (better fallback) (#6833) 2018-03-19 20:09:26 +01:00
Eugen Rochko
8b18784116 Adjust suggested ES host in .env sample for docker-compose config (#6710) 2018-03-09 11:32:55 +01:00
Effy Elden
4a8046df66 Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available (#6669) 2018-03-07 06:19:10 +01:00
Alexander
988f6505e4 fix logic for pam_controlled_service (#6599) 2018-03-02 19:02:50 +01:00
Eugen Rochko
35b45a5c11 Add LDAP options to .env.production.sample (#6592) 2018-03-02 08:14:34 +01:00
Eugen Rochko
f35356609b Ensure the app does not even start if OTP_SECRET is not set (#6557)
* Ensure the app does not even start if OTP_SECRET is not set

* Remove PAPERCLIP_SECRET (it's not used by anything, actually)

Imports are for internal consumption and the url option isn't even
used correctly, so we can remove the hash stuff from them
2018-02-26 01:31:44 +01:00
Eugen Rochko
b5105e6898 Fix #6536 (#6558) 2018-02-26 00:24:55 +01:00
Ghislain Loaec
d1806f5dc4 New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540) 2018-02-23 01:16:17 +01:00
Alexander
32cc2d8c9b Update pam documentation (#6518)
* document pam email extraction

* remove superfluous newline
2018-02-22 23:41:21 +01:00
Ghislain Loaec
deea524052 New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED + fixes #6533 (#6538) 2018-02-22 23:31:25 +01:00
Eugen Rochko
7ca5a06505 Full-text search for authorized statuses (#6423)
* Add full-text search for authorized statuses

- Search API will return statuses that match the query
- Only for logged in users
- Only if you are author of the status,
- Or you were mentioned in it
- Or you favourited or reblogged it
- Configuration over `ES_ENABLED`, `ES_HOST`, `ES_PORT`, `ES_PREFIX`
- Run `rails chewy:deploy` to create & populate index

Fix #5880
Fix #4293
Fix #1152

* Add commented out docker-compose configuration for ES container

* Optimize index import, filter search results

* Add basic normalization to the index

* Add better stemming and normalization to the index

* Skip webfinger request if search query includes both @ and a space

* Fix code style

* Visually separate search result sections

* Fix code style issues
2018-02-09 23:04:47 +01:00
Eugen Rochko
555e7205da Make PAM gem optional, allow configuration over environment (#6415) 2018-02-04 15:05:53 +01:00
Eugen Rochko
5322013f25 CAS + SAML authentication feature (#6425)
* Cas authentication feature

* Config

* Remove class_eval + Omniauth initializer

* Codeclimate review

* Codeclimate review 2

* Codeclimate review 3

* Remove uid/email reconciliation

* SAML authentication

* Clean up code

* Improve login form

* Fix code style issues

* Add locales
2018-02-04 05:42:13 +01:00
nightpool
e921778dd3 enforce LOCAL_HTTPS=true in production (#6061)
* enforce https in production

* note changes in production env sample

* typo fix
2017-12-22 02:17:59 +01:00
Nolan Lawson
1e65921ed8 Document REDIS_NAMESPACE (#5038) 2017-09-22 06:44:39 +02:00
Patrick Figel
759bbdd9ca Add OpenStack Keystone V3 support (#4889)
Keystone V2 is deprecated in favour of V3. This adds the necessary
connection parameters for establishing a V3 connection. Connections
to V2 endpoints are still possible and the configuration should
remain compatible.

This also introduces a SWIFT_REGION variable for multi-region
OpenStack environments and a SWIFT_CACHE_TTL that controls how long
tokens and other meta-data is cached for. Caching tokens avoids
rate-limiting errors that would result in media uploads becoming
unavailable during high load or when using tasks like
media:remove_remote. fog-openstack only supports token caching for
V3 endpoints, so a recommendation for using V3 was added.
2017-09-11 15:11:13 +02:00
Yamagishi Kazutoshi
85909a8b22 Add environment sample for OpenStack Swift (#4816) 2017-09-06 12:13:00 +02:00
Treyssat-Vincent Nino
57e50aa023 comment correction (#4812) 2017-09-05 12:13:25 +02:00
ScienJus
ea264f848f Show SMTP_TLS in config sample (#4477) 2017-08-01 15:00:29 +02:00
Yamagishi Kazutoshi
7be29a500d Add Rake task for generate VAPID key (#4195)
* Add Rake task for generate VAPID key

* edit config/initializers/vapid.rb
2017-07-14 12:13:43 +02:00
Sorin Davidoi
ecab38fd66 Web Push Notifications (#3243)
* feat: Register push subscription

* feat: Notify when mentioned

* feat: Boost, favourite, reply, follow, follow request

* feat: Notification interaction

* feat: Handle change of public key

* feat: Unsubscribe if things go wrong

* feat: Do not send normal notifications if push is enabled

* feat: Focus client if open

* refactor: Move push logic to WebPushSubscription

* feat: Better title and body

* feat: Localize messages

* chore: Fix lint errors

* feat: Settings

* refactor: Lazy load

* fix: Check if push settings exist

* feat: Device-based preferences

* refactor: Simplify logic

* refactor: Pull request feedback

* refactor: Pull request feedback

* refactor: Create /api/web/push_subscriptions endpoint

* feat: Spec PushSubscriptionController

* refactor: WebPushSubscription => Web::PushSubscription

* feat: Spec Web::PushSubscription

* feat: Display first media attachment

* feat: Support direction

* fix: Stuff broken while rebasing

* refactor: Integration with session activations

* refactor: Cleanup

* refactor: Simplify implementation

* feat: Set VAPID keys via environment

* chore: Comments

* fix: Crash when no alerts

* fix: Set VAPID keys in testing environment

* fix: Follow link

* feat: Notification actions

* fix: Delete previous subscription

* chore: Temporary logs

* refactor: Move migration to a later date

* fix: Fetch the correct session activation and misc bugs

* refactor: Move migration to a later date

* fix: Remove follow request (no notifications)

* feat: Send administrator contact to push service

* feat: Set time-to-live

* fix: Do not show sensitive images

* fix: Reducer crash in error handling

* feat: Add badge

* chore: Fix lint error

* fix: Checkbox label overlap

* fix: Check for payload support

* fix: Rename action "type" (crash in latest Chrome)

* feat: Action to expand notification

* fix: Lint errors

* fix: Unescape notification body

* fix: Do not allow boosting if the status is hidden

* feat: Add VAPID keys to the production sample environment

* fix: Strip HTML tags from status

* refactor: Better error messages

* refactor: Handle browser not implementing the VAPID protocol (Samsung Internet)

* fix: Error when target_status is nil

* fix: Handle lack of image

* fix: Delete reference to invalid subscriptions

* feat: Better error handling

* fix: Unescape HTML characters after tags are striped

* refactor: Simpify code

* fix: Modify to work with #4091

* Sort strings alphabetically

* i18n: Updated Polish translation

it annoys me that it's not fully localized :P

* refactor: Use current_session in PushSubscriptionController

* fix: Rebase mistake

* fix: Set cacheName to mastodon

* refactor: Pull request feedback

* refactor: Remove logging statements

* chore(yarn): Fix conflicts with master

* chore(yarn): Copy latest from master

* chore(yarn): Readd offline-plugin

* refactor: Use save! and update!

* refactor: Send notifications async

* fix: Allow retry when push fails

* fix: Save track for failed pushes

* fix: Minify sw.js

* fix: Remove account_id from fabricator
2017-07-13 22:15:32 +02:00
Chris
d388b5af3f added 'https://' to CDN_HOST variable example (#3446) 2017-05-30 18:39:28 +02:00
Immae
ae917bfb23 Allow alternate domains for mastodon handlers (#3187) 2017-05-22 15:40:04 +02:00
Wonderfall
8b954737b8 Some Dockerfile improvements (#3182)
- improve docker_entrypoint.sh
- serve static files with puma by default
- sort packages list
- use virtual package for build deps
- show how to assign UID/GID
2017-05-20 20:01:05 +02:00
Audun Larsen
2aa05dc765 Adds better documentation to LOCAL_DOMAIN and LOCAL_HTTPS (#3149)
Fixes #2254
2017-05-19 20:55:15 +02:00
Jarek Lipski
4557bf1255 Improve example env file for local Postfix relay (#2892) 2017-05-08 03:34:11 +02:00
ThibG
02500e3f64 Add additional documentation and warnings to the WEB_DOMAIN setting. (#2386)
* Add additional documentation and warnings to the WEB_DOMAIN setting.

This feature is largely undocumented, and quite a number of users have
shot them in the feet already despite the warning. Added a bit of documentation
and expanded the warning until we have a mechanism for dealing with conflicting
user URIs.

* Change WEB_DOMAIN comments to point to the extensive online documentation
2017-05-05 04:56:28 +02:00
abcang
2ceaa88ed0 fix DB_URL (#2778) 2017-05-04 15:53:44 +02:00
Eugen Rochko
0951a2f9f3 Clean up redis configuration. Allow using REDIS_URL to set advanced (#2732)
connection options instead of setting REDIS_HOST etc individually

Close #1986
2017-05-03 23:18:13 +02:00
Akihiko Odaki
40a06ce911 Allow to set CA file for SMTP (#2713) 2017-05-03 01:03:12 +02:00
evilny0
520dd00efd Updated note about 'none' SMTP authentication method in .env.production.sample (#2167) 2017-04-19 23:16:43 +02:00
Yamagishi Kazutoshi
a3358f438f Change to switch signature version for Amazon S3 (#2124) 2017-04-19 14:18:50 +02:00
Ian Kelling
21564e635a Add documentation of SMTP_DOMAIN (#1738)
Without setting it, exim will reject the mail with a message like:
rejected EHLO from [10.20.0.1]: syntactically invalid argument(s): {}
2017-04-17 10:42:29 +02:00
Miguel Jacq
609fe68e7b Allow using an SMTP server without authentication (#1597)
* Allow using an SMTP server without authentication (e.g Postfix relay on the same host) by setting SMTP_LOGIN and SMTP_AUTH_METHOD to 'none'

* Add note in .env.production.sample about SMTP settings for servers where no auth is required

* Assume that SMTP_LOGIN and SMTP_PASSWORD will be blank if we set SMTP_AUTH_METHOD to none
2017-04-17 10:41:19 +02:00
geta6
4146b86beb Improve streaming server with cluster (#1970) 2017-04-17 04:32:30 +02:00
Les Orchard
492e8ec00e Add REDIS_DB env variable to configure Redis database (#1366) 2017-04-15 02:21:13 +02:00
ThibG
c45c67c2ac Allow running mastodon on a different domain as the one used for identifying users (#1267)
* Allow running mastodon on a different domain as the one used for identifying users

* Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing

* Compare to web_domain instead of local_domain when dealing with feeds/API

* Correctly identify mentions to local accounts

Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
2017-04-15 02:15:46 +02:00
Valentin Lorentz
5da8581563 Custom Paperclip path. (#778)
* Custom Paperclip path.

* Document PAPERCLIP_ROOT.

* Add PAPERCLIP_ROOT_URL (and rename PAPERCLIP_ROOT to PAPERCLIP_ROOT_PATH).
2017-04-15 02:07:21 +02:00
James Moore
31f72c39a6 smtp delivery type fix (#1556)
* delivery fix

# Conflicts:
#	config/environments/production.rb

* added stub in .env file

* reordered and added a comment
2017-04-13 19:51:49 +02:00
Alexander Mankuta
7ff773bed5 More SMTP customization (#1372)
* Allow SMTP auth method customization

* Add SMTP openssl_verify_mode option support

Allows one use self-signed certs with their SMTP server.

* Add SMTP enable_starttls_auto option support
2017-04-10 21:48:30 +02:00
Eugen
0cec9862db Add env variable to disable prepared statements (#1293) 2017-04-09 05:46:32 +02:00