Merge

2021-10-17 14:13:01 +01:00 · 2021-10-17 14:13:01 +01:00 · 0349f366a5
parent 77455fe83b 82507d418e
commit 0349f366a5
5 changed files with 867 additions and 810 deletions
--- a/README.md
+++ b/README.md
@ -25,8 +25,8 @@ On Arch/Parabola:
 ``` bash
 sudo pacman -S tor python-pip python-pysocks python-cryptography \
               imagemagick python-requests \
-	       perl-image-exiftool python-dateutil \
-	       certbot flake8 bandit
+           perl-image-exiftool python-dateutil \
+           certbot flake8 bandit
 sudo pip3 install pyqrcode pypng
 ```

@ -130,6 +130,16 @@ server {
    listen 443 ssl;
    server_name YOUR_DOMAIN;

+    gzip on;
+    gzip_disable "msie6";
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_min_length 1024;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/ld+json application/javascript text/xml application/xml application/rdf+xml application/xml+rss text/javascript;
+
    ssl_stapling off;
    ssl_stapling_verify off;
    ssl on;
@ -137,19 +147,19 @@ server {
    ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
    #ssl_dhparam /etc/ssl/certs/YOUR_DOMAIN.dhparam;

-    ssl_session_cache  builtin:1000  shared:SSL:10m;
-    ssl_session_timeout 60m;
-    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+    ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
+
+    add_header Content-Security-Policy "default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
-
-    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
-    add_header Strict-Transport-Security max-age=15768000;
+	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;

    access_log /dev/null;
    error_log /dev/null;
@ -183,7 +193,7 @@ server {
        proxy_request_buffering off;
        proxy_buffering off;
        proxy_pass http://localhost:7156;
-		tcp_nodelay on;
+        tcp_nodelay on;
    }
 }
 ```
--- a/daemon.py
+++ b/daemon.py
@ -72,6 +72,7 @@ from person import removeAccount
 from person import canRemovePost
 from person import personSnooze
 from person import personUnsnooze
+from posts import getOriginalPostFromAnnounceUrl
 from posts import savePostToBox
 from posts import getInstanceActorKey
 from posts import removePostInteractions
@ -7365,12 +7366,22 @@ class PubServer(BaseHTTPRequestHandler):
        actorLiked = path.split('?actor=')[1]
        if '?' in actorLiked:
            actorLiked = actorLiked.split('?')[0]
+
+        # if this is an announce then send the like to the original post
+        origActor, origPostUrl, origFilename = \
+            getOriginalPostFromAnnounceUrl(likeUrl, baseDir,
+                                           self.postToNickname, domain)
+        likeUrl2 = likeUrl
+        if origActor and origPostUrl:
+            actorLiked = origActor
+            likeUrl2 = origPostUrl
+
        likeJson = {
            "@context": "https://www.w3.org/ns/activitystreams",
            'type': 'Like',
            'actor': likeActor,
            'to': [actorLiked],
-            'object': likeUrl
+            'object': likeUrl2
        }

        # send out the like to followers
@ -7378,30 +7389,19 @@ class PubServer(BaseHTTPRequestHandler):

        print('Locating liked post ' + likeUrl)
        # directly like the post file
+        likedPostJson = None
        likedPostFilename = \
            locatePost(baseDir, self.postToNickname, domain, likeUrl)
        if likedPostFilename:
            recentPostsCache = self.server.recentPostsCache
            likedPostJson = loadJson(likedPostFilename, 0, 1)
-            if likedPostJson:
-                if likedPostJson.get('type'):
-                    if likedPostJson['type'] == 'Announce' and \
-                       likedPostJson.get('object'):
-                        if isinstance(likedPostJson['object'], str):
-                            announceLikeUrl = likedPostJson['object']
-                            announceLikedFilename = \
-                                locatePost(baseDir, self.postToNickname,
-                                           domain, announceLikeUrl)
-                            if announceLikedFilename:
-                                updateLikesCollection(recentPostsCache,
-                                                      baseDir,
-                                                      likedPostFilename,
-                                                      likeUrl,
-                                                      likeActor,
-                                                      self.postToNickname,
-                                                      domain, debug)
-                                likeUrl = announceLikeUrl
-                                likedPostFilename = announceLikedFilename
+            if origFilename and origPostUrl:
+                updateLikesCollection(recentPostsCache,
+                                      baseDir, likedPostFilename,
+                                      likeUrl, likeActor, self.postToNickname,
+                                      domain, debug)
+                likeUrl = origPostUrl
+                likedPostFilename = origFilename
            if debug:
                print('Updating likes for ' + likedPostFilename)
            updateLikesCollection(recentPostsCache,
@ -7411,8 +7411,6 @@ class PubServer(BaseHTTPRequestHandler):
            if debug:
                print('Regenerating html post for changed likes collection')
            # clear the icon from the cache so that it gets updated
-            if self.server.iconsCache.get('like.png'):
-                del self.server.iconsCache['like.png']
            if likedPostJson:
                cachedPostFilename = \
                    getCachedPostFilename(baseDir, self.postToNickname,
@ -7532,6 +7530,16 @@ class PubServer(BaseHTTPRequestHandler):
        actorLiked = path.split('?actor=')[1]
        if '?' in actorLiked:
            actorLiked = actorLiked.split('?')[0]
+
+        # if this is an announce then send the like to the original post
+        origActor, origPostUrl, origFilename = \
+            getOriginalPostFromAnnounceUrl(likeUrl, baseDir,
+                                           self.postToNickname, domain)
+        likeUrl2 = likeUrl
+        if origActor and origPostUrl:
+            actorLiked = origActor
+            likeUrl2 = origPostUrl
+
        undoLikeJson = {
            "@context": "https://www.w3.org/ns/activitystreams",
            'type': 'Undo',
@ -7541,7 +7549,7 @@ class PubServer(BaseHTTPRequestHandler):
                'type': 'Like',
                'actor': undoActor,
                'to': [actorLiked],
-                'object': likeUrl
+                'object': likeUrl2
            }
        }

@ -7549,39 +7557,25 @@ class PubServer(BaseHTTPRequestHandler):
        self._postToOutbox(undoLikeJson, self.server.projectVersion, None)

        # directly undo the like within the post file
+        likedPostJson = None
        likedPostFilename = locatePost(baseDir,
                                       self.postToNickname,
                                       domain, likeUrl)
        if likedPostFilename:
-            likedPostJson = loadJson(likedPostFilename, 0, 1)
            recentPostsCache = self.server.recentPostsCache
-            if likedPostJson:
-                if likedPostJson.get('type'):
-                    if likedPostJson['type'] == 'Announce' and \
-                       likedPostJson.get('object'):
-                        if isinstance(likedPostJson['object'], str):
-                            announceLikeUrl = likedPostJson['object']
-                            announceLikedFilename = \
-                                locatePost(baseDir, self.postToNickname,
-                                           domain, announceLikeUrl)
-                            if announceLikedFilename:
-                                undoLikesCollectionEntry(recentPostsCache,
-                                                         baseDir,
-                                                         likedPostFilename,
-                                                         likeUrl,
-                                                         undoActor, domain,
-                                                         debug)
-                                likeUrl = announceLikeUrl
-                                likedPostFilename = announceLikedFilename
+            likedPostJson = loadJson(likedPostFilename, 0, 1)
+            if origFilename and origPostUrl:
+                undoLikesCollectionEntry(recentPostsCache,
+                                         baseDir, likedPostFilename,
+                                         likeUrl, undoActor, domain, debug)
+                likeUrl = origPostUrl
+                likedPostFilename = origFilename
            if debug:
                print('Removing likes for ' + likedPostFilename)
            undoLikesCollectionEntry(recentPostsCache,
                                     baseDir,
                                     likedPostFilename, likeUrl,
                                     undoActor, domain, debug)
-            # clear the icon from the cache so that it gets updated
-            if self.server.iconsCache.get('like_inactive.png'):
-                del self.server.iconsCache['like_inactive.png']
            if debug:
                print('Regenerating html post for changed likes collection')
            if likedPostJson:
@ -7618,7 +7612,9 @@ class PubServer(BaseHTTPRequestHandler):
                                     False, True, False)
            else:
                print('WARN: Unliked post not found: ' + likedPostFilename)
-
+            # clear the icon from the cache so that it gets updated
+            if self.server.iconsCache.get('like_inactive.png'):
+                del self.server.iconsCache['like_inactive.png']
        self.server.GETbusy = False
        actorAbsolute = self._getInstalceUrl(callingDomain) + actor
        actorPathStr = \
--- a/defaultcategories/en.xml
+++ b/defaultcategories/en.xml
--- a/posts.py
+++ b/posts.py
@ -5040,3 +5040,53 @@ def editedPostFilename(baseDir: str, nickname: str, domain: str,
        return ''
    print(id2 + ' is an edit of ' + id1)
    return prevConvPostFilename
+
+
+def getOriginalPostFromAnnounceUrl(announceUrl: str, baseDir: str,
+                                   nickname: str,
+                                   domain: str) -> (str, str, str):
+    """From the url of an announce this returns the actor, url and
+    filename (if available) of the original post being announced
+    """
+    postFilename = locatePost(baseDir, nickname, domain, announceUrl)
+    if not postFilename:
+        return None, None, None
+    announcePostJson = loadJson(postFilename, 0, 1)
+    if not announcePostJson:
+        return None, None, None
+    if not announcePostJson.get('type'):
+        return None, None, None
+    if announcePostJson['type'] != 'Announce':
+        return None, None, None
+    if not announcePostJson.get('object'):
+        return None, None, None
+    if not isinstance(announcePostJson['object'], str):
+        return None, None, None
+    actor = url = None
+    # do we have the original post?
+    origPostId = announcePostJson['object']
+    origFilename = locatePost(baseDir, nickname, domain, origPostId)
+    if origFilename:
+        # we have the original post
+        origPostJson = loadJson(origFilename, 0, 1)
+        if origPostJson:
+            if hasObjectDict(origPostJson):
+                if origPostJson['object'].get('attributedTo'):
+                    if isinstance(origPostJson['object']['attributedTo'], str):
+                        actor = origPostJson['object']['attributedTo']
+                        url = origPostId
+                elif origPostJson['object'].get('actor'):
+                    actor = origPostJson['actor']
+                    url = origPostId
+    else:
+        # we don't have the original post
+        if hasUsersPath(origPostId):
+            # get the actor from the original post url
+            origNick = getNicknameFromActor(origPostId)
+            origDomain, origPort = getDomainFromActor(origPostId)
+            if origNick and origDomain:
+                actor = \
+                    origPostId.split('/' + origNick + '/')[0] + \
+                    '/' + origNick
+                url = origPostId
+    return actor, url, origFilename
--- a/website/EN/index.html
+++ b/website/EN/index.html