Commit Graph

714 Commits

Author SHA1 Message Date
Trinity Pointard 0d6a2af851 Code style improvement 2018-10-06 10:57:37 +02:00
Trinity Pointard 3466e55548 Implement JSON-ld signature verification
Implement JSON-ld signature verification
Move signature verification functions to the proper file
2018-10-06 10:06:06 +02:00
Trinity Pointard 62c94ed463 Refactor and verify http signature on personnal inbox
Verify signature on personnal inbox
Reduce code duplication
Put Headers in plume-models
2018-10-03 20:48:25 +02:00
Trinity Pointard 0a5d435249 Verify http signatures 2018-10-03 09:31:38 +02:00
Trinity Pointard d610ed1641 Add verify() to the Signer trait
And implement it for Blog and User
2018-09-30 12:08:04 +02:00
Trinity Pointard eafe1ed490 Add content digest to signed http headers
Sign the Digest HTTP header
2018-09-30 12:08:04 +02:00
Trinity Pointard fceb9ab0cd Update cookie management a bit
Update to latest rocket_csrf
Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275)
2018-09-30 11:56:12 +02:00
Baptiste Gelez 1e3f40833d
Add a link to Loomio in the README 2018-09-29 19:25:27 +01:00
Bat 6f8630df2e Use <div> for avatars
<img> is displayed as an error without src, in Chrome

Fixes #222
2018-09-29 18:29:22 +01:00
Baptiste Gelez 05f3ecabd6
Merge pull request #248 from maximesrd/patch-4
Bad commands in the update guide
2018-09-29 17:03:33 +01:00
maximesrd a1530791ef
Update UPDATE.md 2018-09-29 18:00:48 +02:00
Baptiste Gelez 236cf14406
Merge pull request #245 from Plume-org/rest-api
Some API endpoints for articles
2018-09-29 16:33:31 +01:00
Bat 72fd9eb610 API: Filter posts in the list 2018-09-29 15:45:27 +01:00
maximesrd 3b288c2dad
Update UPDATE.md 2018-09-29 15:34:59 +02:00
maximesrd b97b0233da
Update UPDATE.md 2018-09-29 15:34:29 +02:00
maximesrd db4c939be8
Bad commands 2018-09-29 15:02:17 +02:00
Baptiste Gelez 975f8d0393
Merge pull request #246 from fediverse-pl/master
i18n: Update Polish translation
2018-09-27 19:25:12 +01:00
Marcin Mikołajczak 47eeed1008 i18n: Update Polish translation
Signed-off-by: Marcin Mikołajczak <me@m4sk.in>
2018-09-27 12:42:09 +02:00
Bat f893056d6d Mount the API endpoints 2018-09-25 20:45:32 +01:00
Bat 472da486e9 Fix the canapi::Provider impl for Post 2018-09-25 20:10:18 +01:00
Baptiste Gelez ba3dd3304c
Merge pull request #243 from rhonda/master
Updated German translation
2018-09-25 15:38:58 +01:00
Rhonda D'Vine 88d8fb95c3 Updated German translation 2018-09-25 16:27:59 +02:00
Baptiste Gelez 9650fdbfb5
Merge pull request #242 from Atul9/fix-broken-link
#227 Fix broken link on blog page
2018-09-24 20:35:20 +01:00
Atul Bhosale 3dce53d899
Fix broken link on blog page 2018-09-24 23:46:32 +05:30
Baptiste Gelez 05fb7c9b42
Merge pull request #238 from Plume-org/csrf-issues
Fix CSRF issues
2018-09-21 13:37:35 +01:00
Baptiste Gelez 7afe249a75
Merge pull request #240 from OpenAlgeria/patch-1
Update INSTALL.md
2018-09-20 19:23:49 +01:00
OpenAlgeria 5d21e26406
Update INSTALL.md 2018-09-20 15:21:32 +02:00
Bat d8ca1d70b7 Fix CSRF issues
GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.

Thanks @fdb-hiroshima for noticing it!
2018-09-19 18:13:07 +01:00
Trinity Pointard f0fb030c7f Update recommended nginx config
Update recommended nginx config to allow iframes
close #234
2018-09-19 18:18:39 +02:00
Bat 1500267125 Add canapi and try to use for the API 2018-09-19 15:49:34 +01:00
Trinity Pointard fab6360100 Be less restrictive on authorized html tags
Allow users to add ids to tags
Allow users to use iframes
2018-09-19 10:51:27 +02:00
Baptiste Gelez 2bc6052a35
Replace plume by DATABASE_NAME in the docs
To make it clearer you can have multiple Plume instances/databases on the same server, and that this part of the URL may change too.
2018-09-18 21:40:20 +01:00
Baptiste Gelez d8bfd6d39f
Create ISSUE_TEMPLATE.md 2018-09-18 15:40:17 +01:00
Baptiste Gelez 064c5961e7
Add a CoC
Finally!
2018-09-18 13:59:43 +01:00
Baptiste Gelez eb24ba1774
Merge pull request #223 from igalic/fix/safe-string
make blog/instance description a SafeString
2018-09-14 20:56:13 +01:00
Igor Galić fb074e6344
render SafeString thru |safe
thanks again to @fdb-hiroshima for pointing me in the right direction!
2018-09-14 21:44:32 +02:00
Igor Galić 06718a5c8a
directly use SafeString in InstanceSettingsForm 2018-09-14 20:25:16 +02:00
Igor Galić d62c72dde0
allocate new SafeString in FromFormValue impl
thanks to @fdb-hiroshima for this review!
2018-09-14 19:50:59 +02:00
Igor Galić 0897088aa5
add implementation for FromFormValue for SafeString
thanks again to @pwoolcoc for this!
2018-09-14 18:26:42 +02:00
Igor Galić 65e213309b
do not allocate empty strings
follow review from @pwoolcoc, and do not use

    SafeString::new(&<String>::new())

since this makes an allocation which will then just be thrown away.
Instead, we pass ""
2018-09-14 18:24:27 +02:00
Igor Galić f5c299f23c
make blog/instance description a SafeString
long_description & short_description's documentation say they can be
Markdown, but they are String, not SafeString.

This led to escaped strings being printed in the editor
https://github.com/Plume-org/Plume/issues/220
2018-09-14 15:14:24 +02:00
Baptiste Gelez d355379e01
Merge pull request #219 from igalic/fix/env-howto
improve installation "docs"
2018-09-13 19:38:00 +01:00
Igor Galić e7b5d81687
gitignore docker-compose.yml 2018-09-13 17:21:20 +02:00
Igor Galić dfc76757bb
fix comment in docker.sample.env
docker's sample .env file under docs/ which contains the wrong command
to generate a rocket secret_key
2018-09-13 17:18:25 +02:00
Bat 5b138df8ce Remove duplicated message in gl.po 2018-09-12 17:07:41 +01:00
Bat 0200a7b223 Only send notifications for mentions if the post is not a draft 2018-09-12 17:00:00 +01:00
Bat b01212f4a6 Make it impossible to view drafts if you are not the author
Even if you got the URL
2018-09-12 16:58:38 +01:00
Bat 296aa2fbbb Merge branch 'master' of github.com:Plume-org/Plume 2018-09-12 13:41:10 +01:00
Baptiste Gelez ab640011e3
Merge pull request #215 from xmgz/master
update galician
2018-09-12 13:37:03 +01:00
Xose M f5633f4e7f
Merge branch 'master' into master 2018-09-12 07:40:16 +02:00