Commit Graph

712 Commits

Author SHA1 Message Date
Trinity Pointard 62c94ed463 Refactor and verify http signature on personnal inbox
Verify signature on personnal inbox
Reduce code duplication
Put Headers in plume-models
2018-10-03 20:48:25 +02:00
Trinity Pointard 0a5d435249 Verify http signatures 2018-10-03 09:31:38 +02:00
Trinity Pointard d610ed1641 Add verify() to the Signer trait
And implement it for Blog and User
2018-09-30 12:08:04 +02:00
Trinity Pointard eafe1ed490 Add content digest to signed http headers
Sign the Digest HTTP header
2018-09-30 12:08:04 +02:00
Trinity Pointard fceb9ab0cd Update cookie management a bit
Update to latest rocket_csrf
Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275)
2018-09-30 11:56:12 +02:00
Baptiste Gelez 1e3f40833d
Add a link to Loomio in the README 2018-09-29 19:25:27 +01:00
Bat 6f8630df2e Use <div> for avatars
<img> is displayed as an error without src, in Chrome

Fixes #222
2018-09-29 18:29:22 +01:00
Baptiste Gelez 05f3ecabd6
Merge pull request #248 from maximesrd/patch-4
Bad commands in the update guide
2018-09-29 17:03:33 +01:00
maximesrd a1530791ef
Update UPDATE.md 2018-09-29 18:00:48 +02:00
Baptiste Gelez 236cf14406
Merge pull request #245 from Plume-org/rest-api
Some API endpoints for articles
2018-09-29 16:33:31 +01:00
Bat 72fd9eb610 API: Filter posts in the list 2018-09-29 15:45:27 +01:00
maximesrd 3b288c2dad
Update UPDATE.md 2018-09-29 15:34:59 +02:00
maximesrd b97b0233da
Update UPDATE.md 2018-09-29 15:34:29 +02:00
maximesrd db4c939be8
Bad commands 2018-09-29 15:02:17 +02:00
Baptiste Gelez 975f8d0393
Merge pull request #246 from fediverse-pl/master
i18n: Update Polish translation
2018-09-27 19:25:12 +01:00
Marcin Mikołajczak 47eeed1008 i18n: Update Polish translation
Signed-off-by: Marcin Mikołajczak <me@m4sk.in>
2018-09-27 12:42:09 +02:00
Bat f893056d6d Mount the API endpoints 2018-09-25 20:45:32 +01:00
Bat 472da486e9 Fix the canapi::Provider impl for Post 2018-09-25 20:10:18 +01:00
Baptiste Gelez ba3dd3304c
Merge pull request #243 from rhonda/master
Updated German translation
2018-09-25 15:38:58 +01:00
Rhonda D'Vine 88d8fb95c3 Updated German translation 2018-09-25 16:27:59 +02:00
Baptiste Gelez 9650fdbfb5
Merge pull request #242 from Atul9/fix-broken-link
#227 Fix broken link on blog page
2018-09-24 20:35:20 +01:00
Atul Bhosale 3dce53d899
Fix broken link on blog page 2018-09-24 23:46:32 +05:30
Baptiste Gelez 05fb7c9b42
Merge pull request #238 from Plume-org/csrf-issues
Fix CSRF issues
2018-09-21 13:37:35 +01:00
Baptiste Gelez 7afe249a75
Merge pull request #240 from OpenAlgeria/patch-1
Update INSTALL.md
2018-09-20 19:23:49 +01:00
OpenAlgeria 5d21e26406
Update INSTALL.md 2018-09-20 15:21:32 +02:00
Bat d8ca1d70b7 Fix CSRF issues
GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.

Thanks @fdb-hiroshima for noticing it!
2018-09-19 18:13:07 +01:00
Trinity Pointard f0fb030c7f Update recommended nginx config
Update recommended nginx config to allow iframes
close #234
2018-09-19 18:18:39 +02:00
Bat 1500267125 Add canapi and try to use for the API 2018-09-19 15:49:34 +01:00
Trinity Pointard fab6360100 Be less restrictive on authorized html tags
Allow users to add ids to tags
Allow users to use iframes
2018-09-19 10:51:27 +02:00
Baptiste Gelez 2bc6052a35
Replace plume by DATABASE_NAME in the docs
To make it clearer you can have multiple Plume instances/databases on the same server, and that this part of the URL may change too.
2018-09-18 21:40:20 +01:00
Baptiste Gelez d8bfd6d39f
Create ISSUE_TEMPLATE.md 2018-09-18 15:40:17 +01:00
Baptiste Gelez 064c5961e7
Add a CoC
Finally!
2018-09-18 13:59:43 +01:00
Baptiste Gelez eb24ba1774
Merge pull request #223 from igalic/fix/safe-string
make blog/instance description a SafeString
2018-09-14 20:56:13 +01:00
Igor Galić fb074e6344
render SafeString thru |safe
thanks again to @fdb-hiroshima for pointing me in the right direction!
2018-09-14 21:44:32 +02:00
Igor Galić 06718a5c8a
directly use SafeString in InstanceSettingsForm 2018-09-14 20:25:16 +02:00
Igor Galić d62c72dde0
allocate new SafeString in FromFormValue impl
thanks to @fdb-hiroshima for this review!
2018-09-14 19:50:59 +02:00
Igor Galić 0897088aa5
add implementation for FromFormValue for SafeString
thanks again to @pwoolcoc for this!
2018-09-14 18:26:42 +02:00
Igor Galić 65e213309b
do not allocate empty strings
follow review from @pwoolcoc, and do not use

    SafeString::new(&<String>::new())

since this makes an allocation which will then just be thrown away.
Instead, we pass ""
2018-09-14 18:24:27 +02:00
Igor Galić f5c299f23c
make blog/instance description a SafeString
long_description & short_description's documentation say they can be
Markdown, but they are String, not SafeString.

This led to escaped strings being printed in the editor
https://github.com/Plume-org/Plume/issues/220
2018-09-14 15:14:24 +02:00
Baptiste Gelez d355379e01
Merge pull request #219 from igalic/fix/env-howto
improve installation "docs"
2018-09-13 19:38:00 +01:00
Igor Galić e7b5d81687
gitignore docker-compose.yml 2018-09-13 17:21:20 +02:00
Igor Galić dfc76757bb
fix comment in docker.sample.env
docker's sample .env file under docs/ which contains the wrong command
to generate a rocket secret_key
2018-09-13 17:18:25 +02:00
Bat 5b138df8ce Remove duplicated message in gl.po 2018-09-12 17:07:41 +01:00
Bat 0200a7b223 Only send notifications for mentions if the post is not a draft 2018-09-12 17:00:00 +01:00
Bat b01212f4a6 Make it impossible to view drafts if you are not the author
Even if you got the URL
2018-09-12 16:58:38 +01:00
Bat 296aa2fbbb Merge branch 'master' of github.com:Plume-org/Plume 2018-09-12 13:41:10 +01:00
Baptiste Gelez ab640011e3
Merge pull request #215 from xmgz/master
update galician
2018-09-12 13:37:03 +01:00
Xose M f5633f4e7f
Merge branch 'master' into master 2018-09-12 07:40:16 +02:00
Xosé M 3d52afc804 fixed some fuzzies & new 2018-09-12 07:23:23 +02:00
Xosé M c5d93a2951 update 2018-09-12 07:15:33 +02:00