Commit Graph

74 Commits

Author SHA1 Message Date
Baptiste Gelez a2b9d7ec44
Password reset (#448)
* Password reset

* Various improvements and fixes for password reset

- Reorganize src/mail.rs to make it  cleaner
- add a build_mail function
- only make the requests invalid after 2 hours
- avoid infintely-growing list of requests by deleting them once completed, or after 24 hours
- avoid sending many requests for the same user
- validate the password reset form

* Avoid locking so many times

Fix durations

* Remove old requests even if the current one is not valid

* Remove unused feature

* Also remove the custom_derive and plugin features while we are at it

* Forgot a 0 è_é

* Avoid panicking while owning a request lock

* Use master branch of lettre so that we can build with the latest OpenSSL

* Fix the debug mailer
2019-02-27 13:29:26 +01:00
zcdunn 7bac70a483 Update nodeinfo (#446)
Fix #433

I added the repo link to Cargo.toml so that `software.repository` could be configurable like @rhaamo suggested. I don't know if it's ok to include `software.repository` without bumping the schema version, but I didn't know if that would break any clients that parse nodeinfo with a hardcoded schema version.
2019-02-17 13:42:59 +01:00
Baptiste Gelez 77bfe635d7
Update dependencies (#440) 2019-02-13 13:39:30 +01:00
Baptiste Gelez 7eef4643c8
Update rocket_i18n and add gettext_macros (#431)
Internationalization now uses proc-macros that generate the .pot file
automatically.
2019-02-02 15:23:50 +01:00
fdb-hiroshima 944a9d08a7
Update dependencies (#428)
* Bump serde from 1.0.82 to 1.0.84
* Bump ructe from 0.5.4 to 0.5.6
* Bump colored from 1.6.1 to 1.7.0
* Bump itertools from 0.7.11 to 0.8.0
* Bump ammonia from 1.2.0 to 2.0.0
* Bump hyper from 0.12.19 to 0.12.20
* Bump serde_derive from 1.0.80 to 1.0.84
* Bump stdweb from 0.4.12 to 0.4.13
* Bump rsass from 0.9.4 to 0.9.6
* Bump failure from 0.1.3 to 0.1.5
* Bump reqwest from 0.9.5 to 0.9.8
* Bump serde_derive from 0.7.1 to 0.8.0
2019-01-18 19:22:36 +01:00
Baptiste Gelez 3fce5d6a14
Use Rust for the front-end too (#374)
Rust can compile to WASM, so let's use it for front-end code as well.

To compile the front-end:

```
cargo install cargo-web
cargo web deploy -p plume-front
```
2018-12-25 11:51:40 +01:00
Baptiste Gelez 8ff6332784
I'm not the only one who made Plume è_é (#373) 2018-12-23 17:29:08 +01:00
Baptiste Gelez 9e799f2cf2
Use SCSS (#355)
- Use variables
- Split everything in various files

The SCSS is compiled with `cargo build`/`run`

I also fixed a few visual issues.
2018-12-15 22:06:27 +01:00
Trinity Pointard 21fe63665d Upgrade rocket_csrf
Fix #346
2018-12-13 10:22:43 +01:00
fdb-hiroshima e1ecc7289f
Upgrade plume dependencies (#332)
* Bump base64 from 0.9.3 to 0.10.0
* Bump bcrypt from 0.2.0 to 0.2.1
* Bump canapi from 0.1.0 to 0.2.0
* Bump failure from 0.1.2 to 0.1.3
* Bump hyper from 0.11.27 to 0.12.11
* Bump hyper from 0.11.27 to 0.12.16
* Bump lazy_static from 1.1.0 to 1.2.0
* Bump multipart from 0.15.3 to 0.15.4
* Bump openssl from 0.10.12 to 0.10.15
* Bump pulldown-cmark from 0.1.2 to 0.2.0
* Bump reqwest from 0.9.2 to 0.9.5
* Bump rocket from 0.4.0-rc.1 to 0.4.0
* Bump rpassword from 2.0.0 to 2.1.0
* Bump ructe from 0.5.2 to 0.5.4
* Bump serde_derive from 1.0.79 to 1.0.80
* Bump serde from 1.0.79 to 1.0.80
* Bump serde_json from 1.0.32 to 1.0.33
* Bump tera from 0.11.17 to 0.11.20
* Bump url from 1.7.1 to 1.7.2
* Bump validator to from 0.7.2 to 0.8.0
* Bump validator_derive from 0.7.2 to 0.8.0
* Bump whatlang from 0.5.0 to 0.6.0
* Remove hyper from plume-common dependencies
* Remove rpassword from Plume dependancies
* Upgrade compiler to nightly-2018-12-06
2018-12-07 21:00:12 +01:00
Baptiste Gelez 70af57c6e1
Use Ructe (#327)
All the template are now compiled at compile-time with the `ructe` crate.

I preferred to use it instead of askama because it allows more complex Rust expressions, where askama only supports a small subset of expressions and doesn't allow them everywhere (for instance, `{{ macro!() | filter }}` would result in a parsing error).

The diff is quite huge, but there is normally no changes in functionality.

Fixes #161 and unblocks #110 and #273
2018-12-06 18:54:16 +01:00
fdb-hiroshima 449641d158
Add a search engine into Plume (#324)
* Add search engine to the model

Add a Tantivy based search engine to the model
Implement most required functions for it

* Implement indexing and plm subcommands

Implement indexation on insert, update and delete
Modify func args to get the indexer where required
Add subcommand to initialize, refill and unlock search db

* Move to a new threadpool engine allowing scheduling

* Autocommit search index every half an hour

* Implement front part of search

Add default fields for search
Add new routes and templates for search and result
Implement FromFormValue for Page to reuse it on search result pagination
Add optional query parameters to paginate template's macro
Update to newer rocket_csrf, don't get csrf token on GET forms

* Handle process termination to release lock

Handle process termination
Add tests to search

* Add proper support for advanced search

Add an advanced search form to /search, in template and route
Modify Tantivy schema, add new tokenizer for some properties
Create new String query parser
Create Tantivy query AST from our own

* Split search.rs, add comment and tests

Split search.rs into multiple submodules
Add comments and tests for Query
Make user@domain be treated as one could assume
2018-12-02 17:37:51 +01:00
Trinity Pointard 00a205a882 Update debian installation doc
fix #305
Update debian installation doc
Remove need for libpq when compiling with sqlite backend
Remove some unneaded features of multipart to speed up compilation
2018-11-21 10:09:23 +01:00
Trinity Pointard ed5bafbbc4 Update webfinger and reqwest
Update webfinger to 0.3.1
Update reqwest to 0.9
Fix #257
2018-10-11 13:51:45 +02:00
Bat d0d1210e21 Document new command-line tools 2018-10-06 12:19:48 +01:00
Baptiste Gelez b464671cf0
Merge pull request #226 from igalic/feat/sqlite
Add SQLite as supported database
2018-10-06 12:15:00 +01:00
Trinity Pointard d3ed2d8af5 Fix regression and update rocket_csrf
Fix account creation, introduced by fceb9ab
Update to latest rocket_csrf
2018-10-02 11:51:12 +02:00
Bat 38d737ed0c
Introduce features to choose between SQlite or Postgres 2018-09-30 14:13:54 +02:00
Igor Galić e5691f7b23
add sqlite as diesel dependency 2018-09-30 14:13:42 +02:00
Trinity Pointard fceb9ab0cd Update cookie management a bit
Update to latest rocket_csrf
Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275)
2018-09-30 11:56:12 +02:00
Bat 72fd9eb610 API: Filter posts in the list 2018-09-29 15:45:27 +01:00
Bat f893056d6d Mount the API endpoints 2018-09-25 20:45:32 +01:00
Bat 1500267125 Add canapi and try to use for the API 2018-09-19 15:49:34 +01:00
Bat 8fa83dfe25 Version bump
0.1.x was the pre-alpha.

The first Alpha will be 0.2.x
2018-09-11 19:53:14 +01:00
Bat 8879935925 Add the possibility to save an article as draft 2018-09-10 19:38:19 +01:00
Bat a3b7d5557b Allow newer Tera versions
Tera 0.11.15 was released, and fixes the bug that forced us to downgrade.
2018-09-09 18:53:28 +01:00
Bat 2f53cb9122 Update rocket_csrf 2018-09-09 11:06:10 +01:00
Bat c0d0f98d1f Update rocket_csrf and enable protection again 2018-09-09 10:27:03 +01:00
Bat 995c173146 Downgrade Tera + Temporary disable CSRF protection
Bugs in these crates prevented articles from displaying correctly.
2018-09-08 23:09:59 +01:00
Thomas Letan 0ef4717a7f deps: Update to a more recent rocket and rust toolchain
With this patch, Plume will be use a more up-to-date revision of
Rocket, that works with nightly-2018-07-17. It may have been able to
make it work with a more recent revision, but it turns out rocket has
introduced several breaking changes so I’d rather fix those.

Besides updating rocket_i18n and rocket_csrf to use the same revision
than Plume, this patch deals with the new implementation of the
Uri<'_> type. It silents a class of warnings, to deal with a change in
rustc which affects diesel. This latter change should be reverted as
soon as diesel releases a new version of its crate.
2018-09-08 15:51:55 +02:00
Bat 772bb350ac Update rocket_csrf to support multipart forms 2018-09-03 10:21:33 +01:00
Bat f44b6fffa3 Media upload 2018-09-02 21:55:42 +01:00
Bat 97c0b533ab Add Atom feeds for blogs and users 2018-09-01 21:08:26 +01:00
Bat 5583029b07 Update the WebFinger crate
Fixes an issue with some Mastodon accounts
2018-07-26 21:35:35 +02:00
Bat 1e5ad2b086 Add a job pool 2018-07-26 17:32:52 +02:00
Trinity Pointard e9b2a20ad3 Update dependancie to rocket_csrf
fix #117
2018-07-20 17:24:34 +02:00
Baptiste Gelez 6fe70cd723
Merge pull request #111 from Plume-org/form-validation
Form validation
2018-07-08 14:28:47 +02:00
Bat 5f3afe900f Display errors on invalid forms
It will probably need a bit of styling…
2018-07-06 19:29:36 +02:00
Trinity Pointard ec4b791727 Update dependancy to rocket_csrf
fix #96
2018-06-30 09:38:44 +02:00
Bat b008e11fb0 Add validator 2018-06-29 14:22:43 +02:00
Baptiste Gelez ca07950100
Merge pull request #83 from Plume-org/csrf-protection
Csrf protection
2018-06-26 16:30:24 +02:00
Bat f805ec1d53 Introduce an environment variable to disable HTTPS, and use it when fetching WebFinger resources
You can now use USE_HTTPS=0 when debugging the federation locally.
2018-06-26 16:16:59 +02:00
Trinity Pointard 30e9620d0a Add csrf protection 2018-06-24 18:58:57 +02:00
Bat 68c7aad179 Big repository reorganization
The code is divided in three crates:
- plume-common, for the ActivityPub module, and some common utils
- plume-models, for the models and database-related code
- plume, the app itself

This new organization will allow to test it more easily, but also to create other tools that only reuse a little part of
the code (for instance a Wordpress import tool, that would just use the plume-models crate)
2018-06-23 17:36:11 +01:00
Bat e7e557612e Rewrite User::from_activity to use the activitypub crate instead of raw JSON 2018-06-21 21:30:56 +01:00
Bat 4ea071e709 Switch to pulldown-cmark for markdown parsing + Try to parse mentions
It's not working correctly yet for some reason…
2018-06-20 15:29:19 +01:00
Bat d00688e526 Admin creation 2018-06-19 16:14:52 +01:00
Bat 54e2cea83b Start a setup script
For now, it checks if the instance is ready, and if it is not starts the actual setup script.

Only the first actual step of the script, checking for native dependencies, is implemented.
2018-06-19 14:08:44 +01:00
Bat 5415b70854 Use the webfinger crate 2018-06-18 22:50:40 +01:00
Bat cdb8aba6ec Update rocket_i18n 2018-06-17 23:04:46 +01:00