diff --git a/.SRCINFO b/.SRCINFO index ae5c3bb..91d85f3 100644 --- a/.SRCINFO +++ b/.SRCINFO @@ -1,6 +1,6 @@ pkgbase = gotosocial pkgdesc = ActivityPub social network server written in Golang - pkgver = 0.19.1 + pkgver = 0.20.1 pkgrel = 11 url = https://gotosocial.org arch = x86_64 @@ -19,6 +19,7 @@ pkgbase = gotosocial backup = etc/gotosocial/template/authorize.tmpl backup = etc/gotosocial/template/confirm-email.tmpl backup = etc/gotosocial/template/confirmed-email.tmpl + backup = etc/gotosocial/template/domain-allowlist.tmpl backup = etc/gotosocial/template/domain-blocklist.tmpl backup = etc/gotosocial/template/email_confirm.tmpl backup = etc/gotosocial/template/email_new_report.tmpl @@ -59,20 +60,20 @@ pkgbase = gotosocial backup = etc/gotosocial/template/status_poll.tmpl backup = etc/gotosocial/template/tag.tmpl backup = etc/gotosocial/template/thread.tmpl - source = gotosocial::git+https://github.com/superseriousbusiness/gotosocial#tag=v0.19.1 + source = gotosocial::git+https://codeberg.org/superseriousbusiness/gotosocial#tag=v0.20.1 source = sysusers.conf source = tmpfiles.conf source = use-fhs-directories.patch source = modded.patch - sha512sums = cab294e99184ec25888101e04e5753ab9f042711662258e0155619e071750a364f102132682aa44e95fba7a9c10ca3cf00da18537406f8bdfa4ec95e2a74663d + sha512sums = 37200b2c5f238cb86c8b0c7815a5a3754cd8db6fb7eebdf70d817a7e498df682b47d436a077089c241327d9f542ee6d66754c77047c8be16f734cf3e74fcfba1 sha512sums = 2ff5499a31e12733cb20a9261942ed135fbac327d5a836b8955f3e86c009a603cf965440d9dbe6db64b80d0f652ba56faddb0ef398393b72474d8cf6c438ab80 sha512sums = b89fad3073e140f17167515b38942e5b5e2bc2aee03c484e1bb7cf6444f86cb1e2a13a60b101e04d22633d348be073ca26cd309da4746e5062c12b4f3ce4b38a - sha512sums = 913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77 - sha512sums = 7a9837521e4765d3b6b509876ccf19a89de6dcafa69e82e436d1c26ca98e416ec012e5323c2d446ef92288821d0c64669076ebe647f72dba4d4d51fc63ffd847 - b2sums = 773c579ec4f504141dbae393dcaf6cd2b9669f8338d4f01d546def27c05f5899b12b3f7287bcf229743a11335597d6cadd8bc803e076f3558848dcd808d80277 + sha512sums = 87edf6e6acee86a621c838a7db32f1c9aab70bc5640f8eae099c5133a2be77ec2f711261d716a6821e4c0414436592170b1ae7a5f652bc8aeab49c8dbd0fedde + sha512sums = 9eadab35be81f9a4676fa9c623cdb7321e53055a3b7b1b2f8795a8c9f2e9059e6d7088b86dd23a85d2b234f8c938575089e7203dadfbdae486211c7f8f1f3ac1 + b2sums = da2a59857da3659e211d92694a4a7d40dceed2f930641d6b749be245b31094c68b8d1f3e561d4a0fc918ed5c32cf45531f92e873db7e931cefdcee6f4696c884 b2sums = ccf672731b88fc6700b0b81737790365e1eea0066bad1bbf6b13dac1e5b42af69063838efca47a6d9c16ee3f6308e2e23b92cf79d4226cd88f8551fb7361649b b2sums = 4f65af952441c0f54bb32049a149675e207f8993678423d369c4095c57476464614ac720eccc64d7a93a81268ad7ca41cae75ca7211bd7b78f9035f6e5341f04 - b2sums = 9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c - b2sums = 9958c7a20249ced130963fd5cfc9c8750ee4b98554a404f62d2d488298008a7e891bc136fab2373bdbb82534881e8407430f08ff519138fb649e93052e197c11 + b2sums = 3671911545d15cc21045b37fbe6983c05499e66b8a6a1e1b3eccbb5c2686914c88b090dec0bfe8e2919d8787e5b4c59bfb1e2c292cad30a8b552ab57e91d5fdf + b2sums = b0331e3fdf107bf072c35849155dd7a03d9c0e815a34182f0f108ec30b9a8d3a18b4ba38e24074a81812896c3cbbb189548591549d97fafcee8aef7a76827512 pkgname = gotosocial diff --git a/.nvchecker.toml b/.nvchecker.toml index 2ecb9ed..628ffbc 100644 --- a/.nvchecker.toml +++ b/.nvchecker.toml @@ -1,5 +1,5 @@ [gotosocial] source = "git" -git = "https://github.com/superseriousbusiness/gotosocial.git" +git = "https://codeberg.org/superseriousbusiness/gotosocial.git" prefix = "v" exclude_regex = ".*(beta|rc).*" diff --git a/PKGBUILD b/PKGBUILD index cb7f45c..ff75802 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -3,81 +3,82 @@ # Contributor: Stefan Husmann pkgname=gotosocial -pkgver=0.19.1 +pkgver=0.20.1 pkgrel=11 pkgdesc='ActivityPub social network server written in Golang' -arch=('x86_64') +arch=(x86_64) url='https://gotosocial.org' -license=('AGPL-3.0-only') -depends=('glibc') -makedepends=('git' 'go' 'yarn' 'nodejs' 'go-swagger') -options=('!lto') +license=(AGPL-3.0-only) +depends=(glibc) +makedepends=(git go yarn nodejs go-swagger) +options=(!lto) backup=( - 'etc/gotosocial/config.yaml' - 'etc/gotosocial/template/2fa.tmpl' - 'etc/gotosocial/template/404.tmpl' - 'etc/gotosocial/template/about.tmpl' - 'etc/gotosocial/template/authorize.tmpl' - 'etc/gotosocial/template/confirm-email.tmpl' - 'etc/gotosocial/template/confirmed-email.tmpl' - 'etc/gotosocial/template/domain-blocklist.tmpl' - 'etc/gotosocial/template/email_confirm.tmpl' - 'etc/gotosocial/template/email_new_report.tmpl' - 'etc/gotosocial/template/email_new_signup.tmpl' - 'etc/gotosocial/template/email_report_closed.tmpl' - 'etc/gotosocial/template/email_reset.tmpl' - 'etc/gotosocial/template/email_signup_approved.tmpl' - 'etc/gotosocial/template/email_signup_rejected.tmpl' - 'etc/gotosocial/template/email_test.tmpl' - 'etc/gotosocial/template/error.tmpl' - 'etc/gotosocial/template/finalize.tmpl' - 'etc/gotosocial/template/index.tmpl' - 'etc/gotosocial/template/index_register.tmpl' - 'etc/gotosocial/template/index_what_is_this.tmpl' - 'etc/gotosocial/template/login-info.tmpl' - 'etc/gotosocial/template/login_button.tmpl' - 'etc/gotosocial/template/maintenance.tmpl' - 'etc/gotosocial/template/oob.tmpl' - 'etc/gotosocial/template/page.tmpl' - 'etc/gotosocial/template/page_footer.tmpl' - 'etc/gotosocial/template/page_header.tmpl' - 'etc/gotosocial/template/page_ogmeta.tmpl' - 'etc/gotosocial/template/page_stylesheets.tmpl' - 'etc/gotosocial/template/profile-gallery.tmpl' - 'etc/gotosocial/template/profile.tmpl' - 'etc/gotosocial/template/profile_about_user.tmpl' - 'etc/gotosocial/template/profile_fields.tmpl' - 'etc/gotosocial/template/profile_header.tmpl' - 'etc/gotosocial/template/settings.tmpl' - 'etc/gotosocial/template/sign-in.tmpl' - 'etc/gotosocial/template/sign-up.tmpl' - 'etc/gotosocial/template/signed-up.tmpl' - 'etc/gotosocial/template/status.tmpl' - 'etc/gotosocial/template/status_attachment.tmpl' - 'etc/gotosocial/template/status_attributes.tmpl' - 'etc/gotosocial/template/status_header.tmpl' - 'etc/gotosocial/template/status_info.tmpl' - 'etc/gotosocial/template/status_poll.tmpl' - 'etc/gotosocial/template/tag.tmpl' - 'etc/gotosocial/template/thread.tmpl' + etc/gotosocial/config.yaml + etc/gotosocial/template/2fa.tmpl + etc/gotosocial/template/404.tmpl + etc/gotosocial/template/about.tmpl + etc/gotosocial/template/authorize.tmpl + etc/gotosocial/template/confirm-email.tmpl + etc/gotosocial/template/confirmed-email.tmpl + etc/gotosocial/template/domain-allowlist.tmpl + etc/gotosocial/template/domain-blocklist.tmpl + etc/gotosocial/template/email_confirm.tmpl + etc/gotosocial/template/email_new_report.tmpl + etc/gotosocial/template/email_new_signup.tmpl + etc/gotosocial/template/email_report_closed.tmpl + etc/gotosocial/template/email_reset.tmpl + etc/gotosocial/template/email_signup_approved.tmpl + etc/gotosocial/template/email_signup_rejected.tmpl + etc/gotosocial/template/email_test.tmpl + etc/gotosocial/template/error.tmpl + etc/gotosocial/template/finalize.tmpl + etc/gotosocial/template/index.tmpl + etc/gotosocial/template/index_register.tmpl + etc/gotosocial/template/index_what_is_this.tmpl + etc/gotosocial/template/login-info.tmpl + etc/gotosocial/template/login_button.tmpl + etc/gotosocial/template/maintenance.tmpl + etc/gotosocial/template/oob.tmpl + etc/gotosocial/template/page.tmpl + etc/gotosocial/template/page_footer.tmpl + etc/gotosocial/template/page_header.tmpl + etc/gotosocial/template/page_ogmeta.tmpl + etc/gotosocial/template/page_stylesheets.tmpl + etc/gotosocial/template/profile-gallery.tmpl + etc/gotosocial/template/profile.tmpl + etc/gotosocial/template/profile_about_user.tmpl + etc/gotosocial/template/profile_fields.tmpl + etc/gotosocial/template/profile_header.tmpl + etc/gotosocial/template/settings.tmpl + etc/gotosocial/template/sign-in.tmpl + etc/gotosocial/template/sign-up.tmpl + etc/gotosocial/template/signed-up.tmpl + etc/gotosocial/template/status.tmpl + etc/gotosocial/template/status_attachment.tmpl + etc/gotosocial/template/status_attributes.tmpl + etc/gotosocial/template/status_header.tmpl + etc/gotosocial/template/status_info.tmpl + etc/gotosocial/template/status_poll.tmpl + etc/gotosocial/template/tag.tmpl + etc/gotosocial/template/thread.tmpl ) source=( - "$pkgname::git+https://github.com/superseriousbusiness/gotosocial#tag=v$pkgver" - 'sysusers.conf' - 'tmpfiles.conf' - 'use-fhs-directories.patch' - 'modded.patch' + "$pkgname::git+https://codeberg.org/superseriousbusiness/gotosocial#tag=v$pkgver" + sysusers.conf + tmpfiles.conf + use-fhs-directories.patch + modded.patch ) -sha512sums=('cab294e99184ec25888101e04e5753ab9f042711662258e0155619e071750a364f102132682aa44e95fba7a9c10ca3cf00da18537406f8bdfa4ec95e2a74663d' +sha512sums=('37200b2c5f238cb86c8b0c7815a5a3754cd8db6fb7eebdf70d817a7e498df682b47d436a077089c241327d9f542ee6d66754c77047c8be16f734cf3e74fcfba1' '2ff5499a31e12733cb20a9261942ed135fbac327d5a836b8955f3e86c009a603cf965440d9dbe6db64b80d0f652ba56faddb0ef398393b72474d8cf6c438ab80' 'b89fad3073e140f17167515b38942e5b5e2bc2aee03c484e1bb7cf6444f86cb1e2a13a60b101e04d22633d348be073ca26cd309da4746e5062c12b4f3ce4b38a' - '913a5209487aba06bf1d8ac7c02506a05d01a8e12f172666c84bf6870d6237640d4745617b0f07ea8c9dcf665f4e0d24a0aabef31611909f7e9384ed6e7b7e77' - '7a9837521e4765d3b6b509876ccf19a89de6dcafa69e82e436d1c26ca98e416ec012e5323c2d446ef92288821d0c64669076ebe647f72dba4d4d51fc63ffd847') -b2sums=('773c579ec4f504141dbae393dcaf6cd2b9669f8338d4f01d546def27c05f5899b12b3f7287bcf229743a11335597d6cadd8bc803e076f3558848dcd808d80277' + '87edf6e6acee86a621c838a7db32f1c9aab70bc5640f8eae099c5133a2be77ec2f711261d716a6821e4c0414436592170b1ae7a5f652bc8aeab49c8dbd0fedde' + '9eadab35be81f9a4676fa9c623cdb7321e53055a3b7b1b2f8795a8c9f2e9059e6d7088b86dd23a85d2b234f8c938575089e7203dadfbdae486211c7f8f1f3ac1') +b2sums=('da2a59857da3659e211d92694a4a7d40dceed2f930641d6b749be245b31094c68b8d1f3e561d4a0fc918ed5c32cf45531f92e873db7e931cefdcee6f4696c884' 'ccf672731b88fc6700b0b81737790365e1eea0066bad1bbf6b13dac1e5b42af69063838efca47a6d9c16ee3f6308e2e23b92cf79d4226cd88f8551fb7361649b' '4f65af952441c0f54bb32049a149675e207f8993678423d369c4095c57476464614ac720eccc64d7a93a81268ad7ca41cae75ca7211bd7b78f9035f6e5341f04' - '9edd4520fb99856feb82d01935588add7f805aa180f2ed0fe169cb26576bc2e1d2c1e6ab11604d977cec6a4ad8f1d5be1413e1a366de59b89c5b869136538f8c' - '9958c7a20249ced130963fd5cfc9c8750ee4b98554a404f62d2d488298008a7e891bc136fab2373bdbb82534881e8407430f08ff519138fb649e93052e197c11') + '3671911545d15cc21045b37fbe6983c05499e66b8a6a1e1b3eccbb5c2686914c88b090dec0bfe8e2919d8787e5b4c59bfb1e2c292cad30a8b552ab57e91d5fdf' + 'b0331e3fdf107bf072c35849155dd7a03d9c0e815a34182f0f108ec30b9a8d3a18b4ba38e24074a81812896c3cbbb189548591549d97fafcee8aef7a76827512') prepare() { cd "$pkgname" diff --git a/REUSE.toml b/REUSE.toml index c580f9f..3ba8a05 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -7,16 +7,6 @@ path = [ "keys/**", ".SRCINFO", ".nvchecker.toml", - "*.install", - "*.sysusers", - "*.tmpfiles", - "*.logrotate", - "*.pam", - "*.service", - "*.socket", - "*.timer", - "*.desktop", - "*.hook", "sysusers.conf", "tmpfiles.conf", ] diff --git a/modded.patch b/modded.patch index ef7a5a9..7add7a9 100644 --- a/modded.patch +++ b/modded.patch @@ -1,24 +1,26 @@ diff --git a/example/config.yaml b/example/config.yaml -index 17a57b857..bf645a364 100644 +index bf6be2573..a0b11392c 100644 --- a/example/config.yaml +++ b/example/config.yaml -@@ -105,13 +105,13 @@ account-domain: "" +@@ -118,7 +118,7 @@ account-domain: "" protocol: "https" - # String. Address to bind the GoToSocial server to. --# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname. -+# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname or unix socket + # String. Address to bind the GoToSocial HTTP server to. +-# This can be an IPv4 address, an IPv6 address, or a hostname. ++# This can be an IPv4 address, an IPv6 address, or a hostname. or unix socket + # # The default value will bind to all interfaces, which makes the server - # accessible by other machines. For most setups there is no need to change this. - # If you are using GoToSocial in a reverse proxy setup with the proxy running on - # the same machine, you will want to set this to "localhost" or an equivalent, - # so that the proxy can't be bypassed. --# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"] -+# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]", "unix//run/gts/sock] + # accessible by other machines. For most setups you won't need to change this. +@@ -126,7 +126,7 @@ protocol: "https" + # running on the same machine, you may want to set this to "localhost" or equivalent, + # so that the proxy definitely can't be bypassed. + # +-# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "::1", "2001:db8::fed1"] ++# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "::1", "2001:db8::fed1", "unix//run/gts/sock] # Default: "0.0.0.0" bind-address: "0.0.0.0" -@@ -124,6 +124,13 @@ bind-address: "0.0.0.0" +@@ -139,6 +139,13 @@ bind-address: "0.0.0.0" # Default: 8080 port: 8080 @@ -32,77 +34,131 @@ index 17a57b857..bf645a364 100644 # Array of string. CIDRs or IP addresses of proxies that should be trusted when determining real client IP from behind a reverse proxy. # If you're running inside a Docker container behind Traefik or Nginx, for example, add the subnet of your docker network, # or the gateway of the docker network, and/or the address of the reverse proxy (if it's not running on the host network). -@@ -155,7 +162,7 @@ db-type: "postgres" +@@ -170,7 +177,7 @@ db-type: "sqlite" # If address is set to :memory: then an in-memory database will be used (no file). # WARNING: :memory: should NOT BE USED except for testing purposes. # -# Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"] +# Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db", "/run/postgresql/"] # Default: "" - db-address: "" + db-address: "sqlite.db" diff --git a/go.mod b/go.mod -index 4169208ed..60b3a1281 100644 +index baa5d5ad7..3f7374598 100644 --- a/go.mod +++ b/go.mod -@@ -74,6 +74,7 @@ require ( - github.com/uptrace/bun/extra/bunotel v1.2.11 +@@ -73,6 +73,7 @@ require ( + github.com/uptrace/bun/extra/bunotel v1.2.15 github.com/wagslane/go-password-validator v0.3.0 - github.com/yuin/goldmark v1.7.11 -+ go.balki.me/anyhttp v0.5.0 - go.opentelemetry.io/otel v1.35.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 + github.com/yuin/goldmark v1.7.13 ++ go.balki.me/anyhttp v0.5.2 + go.opentelemetry.io/contrib/exporters/autoexport v0.63.0 + go.opentelemetry.io/contrib/instrumentation/runtime v0.63.0 + go.opentelemetry.io/otel v1.38.0 diff --git a/go.sum b/go.sum -index 597cee716..532e99852 100644 +index 49451e55b..136678292 100644 --- a/go.sum +++ b/go.sum -@@ -489,6 +489,8 @@ github.com/yuin/goldmark v1.7.11 h1:ZCxLyDMtz0nT2HFfsYG8WZ47Trip2+JyLysKcMYE5bo= - github.com/yuin/goldmark v1.7.11/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg= - gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround h1:QbfrBqNKgAFSSK89fYf547vxDQuz8p6iJUzzAMrusNk= - gitlab.com/NyaaaWhatsUpDoc/sqlite v1.37.0-concurrency-workaround/go.mod h1:5YiWv+YviqGMuGw4V+PNplcyaJ5v+vQd7TQOgkACoJM= -+go.balki.me/anyhttp v0.5.0 h1:uys0oRciBpZfwtxXAevScKy6amIQBXyDrcV0EtGF5zo= -+go.balki.me/anyhttp v0.5.0/go.mod h1:JhfekOIjgVODoVqUCficjpIgmB3wwlB7jhN0eN2EZ/s= +@@ -505,6 +505,8 @@ github.com/yuin/goldmark v1.7.13 h1:GPddIs617DnBLFFVJFgpo1aBfe/4xcvMc3SB5t/D0pA= + github.com/yuin/goldmark v1.7.13/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg= + gitlab.com/NyaaaWhatsUpDoc/sqlite v1.39.1-concurrency-workaround h1:ptkkB4Z76pmpmLE7vmp5BVOfO5o5+Kt0eGFhNbvVxjA= + gitlab.com/NyaaaWhatsUpDoc/sqlite v1.39.1-concurrency-workaround/go.mod h1:9fjQZ0mB1LLP0GYrp39oOJXx/I2sxEnZtzCmEQIKvGE= ++go.balki.me/anyhttp v0.5.2 h1:et4tCDXLeXpWfMNvRKG7ojfrnlr3du7cEaG966MLSpA= ++go.balki.me/anyhttp v0.5.2/go.mod h1:JhfekOIjgVODoVqUCficjpIgmB3wwlB7jhN0eN2EZ/s= go.mongodb.org/mongo-driver v1.17.3 h1:TQyXhnsWfWtgAhMtOgtYHMTkZIfBTpMTsMnd9ZBeHxQ= go.mongodb.org/mongo-driver v1.17.3/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= diff --git a/internal/config/config.go b/internal/config/config.go -index b9804d404..331d41139 100644 +index dfc919f11..b2cca1276 100644 --- a/internal/config/config.go +++ b/internal/config/config.go -@@ -58,6 +58,7 @@ type Configuration struct { - BindAddress string `name:"bind-address" usage:"Bind address to use for the GoToSocial server (eg., 0.0.0.0, 172.138.0.9, [::], localhost). For ipv6, enclose the address in square brackets, eg [2001:db8::fed1]. Default binds to all interfaces."` - Port int `name:"port" usage:"Port to use for GoToSocial. Change this to 443 if you're running the binary directly on the host machine."` - TrustedProxies []string `name:"trusted-proxies" usage:"Proxies to trust when parsing x-forwarded headers into real IPs."` -+ TrustedPlatform string `name:"trusted-platform" usage:"HTTP header that contains the real client ip"` - SoftwareVersion string `name:"software-version" usage:""` - - DbType string `name:"db-type" usage:"Database type: eg., postgres"` -@@ -193,6 +194,8 @@ type Configuration struct { - AdminMediaListRemoteOnly bool `name:"remote-only" usage:"list only remote attachments/emojis; if specified then local-only cannot also be true"` - - RequestIDHeader string `name:"request-id-header" usage:"Header to extract the Request ID from. Eg.,'X-Request-Id'."` +@@ -54,13 +54,13 @@ func fieldtag(field, tag string) string { + // You will need to have gofumpt installed in order for this to work: + // https://github.com/mvdan/gofumpt. + type Configuration struct { +- LogLevel string `name:"log-level" usage:"Log level to run at: [trace, debug, info, warn, fatal]"` +- LogFormat string `name:"log-format" usage:"Log output format: [logfmt, json]"` +- LogTimestampFormat string `name:"log-timestamp-format" usage:"Format to use for the log timestamp, as supported by Go's time.Layout"` +- LogDbQueries bool `name:"log-db-queries" usage:"Log database queries verbosely when log-level is trace or debug"` +- LogClientIP bool `name:"log-client-ip" usage:"Include the client IP in logs"` +- RequestIDHeader string `name:"request-id-header" usage:"Header to extract the Request ID from. Eg.,'X-Request-Id'."` +- ++ LogLevel string `name:"log-level" usage:"Log level to run at: [trace, debug, info, warn, fatal]"` ++ LogFormat string `name:"log-format" usage:"Log output format: [logfmt, json]"` ++ LogTimestampFormat string `name:"log-timestamp-format" usage:"Format to use for the log timestamp, as supported by Go's time.Layout"` ++ LogDbQueries bool `name:"log-db-queries" usage:"Log database queries verbosely when log-level is trace or debug"` ++ LogClientIP bool `name:"log-client-ip" usage:"Include the client IP in logs"` ++ RequestIDHeader string `name:"request-id-header" usage:"Header to extract the Request ID from. Eg.,'X-Request-Id'."` ++ TrustedPlatform string `name:"trusted-platform" usage:"HTTP header that contains the real client ip"` + ConfigPath string `name:"config-path" usage:"Path to a file containing gotosocial configuration. Values set in this file will be overwritten by values set as env vars or arguments"` + ApplicationName string `name:"application-name" usage:"Name of the application, used in various places internally"` + LandingPageUser string `name:"landing-page-user" usage:"the user that should be shown on the instance's landing page"` +@@ -188,6 +188,9 @@ type Configuration struct { + AdminMediaListRemoteOnly bool `name:"remote-only" usage:"list only remote attachments/emojis; if specified then local-only cannot also be true" ephemeral:"yes"` + TestrigSkipDBSetup bool `name:"skip-db-setup" usage:"skip testrig database setup with population of test models" ephemeral:"yes"` + TestrigSkipDBTeardown bool `name:"skip-db-teardown" usage:"skip testrig database teardown (i.e. data deletion and tables dropped)" ephemeral:"yes"` + -+ KalaclistaAllowedUnauthorizedGet bool `name:"kalaclista-allowed-unauthorized-get" usage:"unlock AUTHOZIED_FETCH (aka Secure mode in Mastodon) mode."` ++ // for kalaclista-flavoured ++ KalaclistaTurnOffAuthorizedFetch bool `name:"kalaclista-turnoff-authorized-fetch" usage:"skip authorization if another instance message doesn't have httpsig"` } type HTTPClientConfiguration struct { diff --git a/internal/config/defaults.go b/internal/config/defaults.go -index 57c64db44..c19864002 100644 +index a4996e5c6..695adbcb4 100644 --- a/internal/config/defaults.go +++ b/internal/config/defaults.go -@@ -234,4 +234,6 @@ +@@ -251,4 +251,7 @@ RequestIDHeader: "X-Request-Id", LogClientIP: true, + -+ KalaclistaAllowedUnauthorizedGet: false, ++ // for kalaclista-flavoured ++ KalaclistaTurnOffAuthorizedFetch: true, } diff --git a/internal/config/helpers.gen.go b/internal/config/helpers.gen.go -index f063cbf93..cdb5a663f 100644 +index 217917bcf..e194e842e 100644 --- a/internal/config/helpers.gen.go +++ b/internal/config/helpers.gen.go -@@ -350,6 +350,31 @@ func GetTrustedProxies() []string { return global.GetTrustedProxies() } +@@ -225,6 +225,7 @@ + AdminMediaListRemoteOnlyFlag = "remote-only" + TestrigSkipDBSetupFlag = "skip-db-setup" + TestrigSkipDBTeardownFlag = "skip-db-teardown" ++ KalaclistaTurnOffAuthorizedFetchFlag = "kalaclista-turnoff-authorized-fetch" + ) + + func (cfg *Configuration) RegisterFlags(flags *pflag.FlagSet) { +@@ -415,6 +416,7 @@ func (cfg *Configuration) RegisterFlags(flags *pflag.FlagSet) { + flags.Float64("cache-mutes-mem-ratio", cfg.Cache.MutesMemRatio, "") + flags.Float64("cache-status-filter-mem-ratio", cfg.Cache.StatusFilterMemRatio, "") + flags.Float64("cache-visibility-mem-ratio", cfg.Cache.VisibilityMemRatio, "") ++ flags.Bool("kalaclista-turnoff-authorized-fetch", cfg.KalaclistaTurnOffAuthorizedFetch, "skip authorization if another instance message doesn't have httpsig") + } + + func (cfg *Configuration) MarshalMap() map[string]any { +@@ -615,6 +617,7 @@ func (cfg *Configuration) MarshalMap() map[string]any { + cfgmap["remote-only"] = cfg.AdminMediaListRemoteOnly + cfgmap["skip-db-setup"] = cfg.TestrigSkipDBSetup + cfgmap["skip-db-teardown"] = cfg.TestrigSkipDBTeardown ++ cfgmap["kalaclista-turnoff-authorized-fetch"] = cfg.KalaclistaTurnOffAuthorizedFetch + return cfgmap + } + +@@ -2226,6 +2229,14 @@ func (cfg *Configuration) UnmarshalMap(cfgmap map[string]any) error { + } + } + ++ if ival, ok := cfgmap["kalaclista-turnoff-authorized-fetch"]; ok { ++ var err error ++ cfg.KalaclistaTurnOffAuthorizedFetch, err = cast.ToBoolE(ival) ++ if err != nil { ++ return fmt.Errorf("error casting %#v -> bool for 'kalaclista-turnoff-authorized-fetch': %w", ival, err) ++ } ++ } ++ + return nil + } + +@@ -2559,6 +2570,31 @@ func GetTrustedProxies() []string { return global.GetTrustedProxies() } // SetTrustedProxies safely sets the value for global configuration 'TrustedProxies' field func SetTrustedProxies(v []string) { global.SetTrustedProxies(v) } @@ -134,37 +190,37 @@ index f063cbf93..cdb5a663f 100644 // GetSoftwareVersion safely fetches the Configuration value for state's 'SoftwareVersion' field func (st *ConfigState) GetSoftwareVersion() (v string) { st.mutex.RLock() -@@ -4681,3 +4706,28 @@ func GetRequestIDHeader() string { return global.GetRequestIDHeader() } +@@ -6565,6 +6601,28 @@ func GetTestrigSkipDBTeardown() bool { return global.GetTestrigSkipDBTeardown() + // SetTestrigSkipDBTeardown safely sets the value for global configuration 'TestrigSkipDBTeardown' field + func SetTestrigSkipDBTeardown(v bool) { global.SetTestrigSkipDBTeardown(v) } - // SetRequestIDHeader safely sets the value for global configuration 'RequestIDHeader' field - func SetRequestIDHeader(v string) { global.SetRequestIDHeader(v) } -+ -+// GetKalaclistaAllowedUnauthorizedGet safely fetches the Configuration value for state's 'KalaclistaAllowedUnauthorizedGet' field -+func (st *ConfigState) GetKalaclistaAllowedUnauthorizedGet() (v bool) { ++// GetKalaclistaTurnOffAuthorizedFetch safely fetches the Configuration value for state's 'KalaclistaTurnOffAuthorizedFetch' field ++func (st *ConfigState) GetKalaclistaTurnOffAuthorizedFetch() (v bool) { + st.mutex.RLock() -+ v = st.config.KalaclistaAllowedUnauthorizedGet ++ v = st.config.KalaclistaTurnOffAuthorizedFetch + st.mutex.RUnlock() -+ return ++ return v +} + -+// SetKalaclistaAllowedUnauthorizedGet safely sets the Configuration value for state's 'KalaclistaAllowedUnauthorizedGet' field -+func (st *ConfigState) SetKalaclistaAllowedUnauthorizedGet(v bool) { ++// SetKalaclistaTurnOffAuthorizedFetch safely sets the Configuration value for state's 'KalaclistaTurnOffAuthorizedFetch' field ++func (st *ConfigState) SetKalaclistaTurnOffAuthorizedFetch(v bool) { + st.mutex.Lock() + defer st.mutex.Unlock() -+ st.config.KalaclistaAllowedUnauthorizedGet = v ++ st.config.KalaclistaTurnOffAuthorizedFetch = v + st.reloadToViper() +} + -+// KalaclistaAllowedUnauthorizedGetFlag returns the flag name for the 'KalaclistaAllowedUnauthorizedGet' field -+func KalaclistaAllowedUnauthorizedGetFlag() string { return "kalaclista-allowed-unauthorized-get" } ++// GetKalaclistaTurnOffAuthorizedFetch safely fetches the value for global configuration 'KalaclistaTurnOffAuthorizedFetch' field ++func GetKalaclistaTurnOffAuthorizedFetch() bool { return global.GetKalaclistaTurnOffAuthorizedFetch() } + -+// GetKalaclistaAllowedUnauthorizedGet safely fetches the value for global configuration 'KalaclistaAllowedUnauthorizedGet' field -+func GetKalaclistaAllowedUnauthorizedGet() bool { return global.GetKalaclistaAllowedUnauthorizedGet() } ++// SetKalaclistaTurnOffAuthorizedFetch safely sets the value for global configuration 'KalaclistaTurnOffAuthorizedFetch' field ++func SetKalaclistaTurnOffAuthorizedFetch(v bool) { global.SetKalaclistaTurnOffAuthorizedFetch(v) } + -+// SetKalaclistaAllowedUnauthorizedGet safely sets the value for global configuration 'KalaclistaAllowedUnauthorizedGet' field -+func SetKalaclistaAllowedUnauthorizedGet(v bool) { global.SetKalaclistaAllowedUnauthorizedGet(v) } + // GetTotalOfMemRatios safely fetches the combined value for all the state's mem ratio fields + func (st *ConfigState) GetTotalOfMemRatios() (total float64) { + st.mutex.RLock() diff --git a/internal/processing/fedi/common.go b/internal/processing/fedi/common.go -index 9059aef39..6e9a22b59 100644 +index ff6ed6fd4..01b3037f1 100644 --- a/internal/processing/fedi/common.go +++ b/internal/processing/fedi/common.go @@ -20,8 +20,10 @@ @@ -178,89 +234,30 @@ index 9059aef39..6e9a22b59 100644 "code.superseriousbusiness.org/gotosocial/internal/db" "code.superseriousbusiness.org/gotosocial/internal/gtserror" "code.superseriousbusiness.org/gotosocial/internal/gtsmodel" -@@ -51,6 +53,12 @@ func (p *Processor) authenticate(ctx context.Context, requestedUser string) (*co +@@ -53,6 +55,10 @@ func (p *Processor) authenticate(ctx context.Context, requestedUser string) (*co // get requesting account, dereferencing if necessary. pubKeyAuth, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUser) if errWithCode != nil { -+ if config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized { -+ return &commonAuth{ -+ receivingAcct: receiver, -+ }, nil ++ if config.GetKalaclistaTurnOffAuthorizedFetch() && errWithCode.Code() == http.StatusUnauthorized { ++ return &commonAuth{receiver: receiver}, nil + } + return nil, errWithCode } -diff --git a/internal/processing/fedi/emoji.go b/internal/processing/fedi/emoji.go -index 8db8b48ea..d7e503f7d 100644 ---- a/internal/processing/fedi/emoji.go -+++ b/internal/processing/fedi/emoji.go -@@ -20,14 +20,20 @@ - import ( - "context" - "fmt" -+ "net/http" - - "code.superseriousbusiness.org/gotosocial/internal/ap" -+ "code.superseriousbusiness.org/gotosocial/internal/config" - "code.superseriousbusiness.org/gotosocial/internal/gtserror" - ) - - // EmojiGet handles the GET for a federated emoji originating from this instance. - func (p *Processor) EmojiGet(ctx context.Context, requestedEmojiID string) (interface{}, gtserror.WithCode) { - if _, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, ""); errWithCode != nil { -+ if !(config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized) { -+ return nil, errWithCode -+ } -+ - return nil, errWithCode - } - -diff --git a/internal/processing/fedi/user.go b/internal/processing/fedi/user.go -index 53dfd6022..7d976a523 100644 ---- a/internal/processing/fedi/user.go -+++ b/internal/processing/fedi/user.go -@@ -21,9 +21,11 @@ - "context" - "errors" - "fmt" -+ "net/http" - "net/url" - - "code.superseriousbusiness.org/gotosocial/internal/ap" -+ "code.superseriousbusiness.org/gotosocial/internal/config" - "code.superseriousbusiness.org/gotosocial/internal/db" - "code.superseriousbusiness.org/gotosocial/internal/gtserror" - "code.superseriousbusiness.org/gotosocial/internal/uris" -@@ -67,6 +69,15 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque - // we can serve a more complete profile. - pubKeyAuth, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername) - if errWithCode != nil { -+ if config.GetKalaclistaAllowedUnauthorizedGet() && errWithCode.Code() == http.StatusUnauthorized { -+ person, err := p.converter.AccountToAS(ctx, receiver) -+ if err != nil { -+ err := gtserror.Newf("error converting account: %w", err) -+ return nil, gtserror.NewErrorInternalError(err) -+ } -+ -+ return data(person) -+ } - return nil, errWithCode // likely 401 - } - diff --git a/internal/router/router.go b/internal/router/router.go -index 45419807d..7ef90e297 100644 +index fd7a18ebe..8ee62dc89 100644 --- a/internal/router/router.go +++ b/internal/router/router.go -@@ -23,6 +23,7 @@ - "fmt" +@@ -24,6 +24,7 @@ "net" "net/http" + "strconv" + "strings" "time" "code.superseriousbusiness.org/gotosocial/internal/config" -@@ -31,6 +32,7 @@ +@@ -32,6 +33,7 @@ "codeberg.org/gruf/go-bytesize" "codeberg.org/gruf/go-debug" "github.com/gin-gonic/gin" @@ -268,7 +265,7 @@ index 45419807d..7ef90e297 100644 "golang.org/x/crypto/acme/autocert" ) -@@ -75,6 +77,11 @@ func New(ctx context.Context) (*Router, error) { +@@ -76,6 +78,11 @@ func New(ctx context.Context) (*Router, error) { engine.MaxMultipartMemory = maxMultipartMemory engine.HandleMethodNotAllowed = true @@ -280,7 +277,7 @@ index 45419807d..7ef90e297 100644 // Set up client IP forwarding via // trusted x-forwarded-* headers. trustedProxies := config.GetTrustedProxies() -@@ -135,6 +142,7 @@ func (r *Router) Start() error { +@@ -138,6 +145,7 @@ func (r *Router) Start() error { certFile = config.GetTLSCertificateChain() keyFile = config.GetTLSCertificateKey() leEnabled = config.GetLetsEncryptEnabled() @@ -288,7 +285,7 @@ index 45419807d..7ef90e297 100644 ) switch { -@@ -155,6 +163,18 @@ func (r *Router) Start() error { +@@ -158,6 +166,18 @@ func (r *Router) Start() error { return err } @@ -602,10 +599,10 @@ index 000000000..85bce6fc3 +[0]: https://pkg.go.dev/time#ParseDuration diff --git a/vendor/go.balki.me/anyhttp/anyhttp.go b/vendor/go.balki.me/anyhttp/anyhttp.go new file mode 100644 -index 000000000..8d316a78f +index 000000000..fac5046e8 --- /dev/null +++ b/vendor/go.balki.me/anyhttp/anyhttp.go -@@ -0,0 +1,440 @@ +@@ -0,0 +1,429 @@ +// Package anyhttp has helpers to serve http from unix sockets and systemd socket activated fds +package anyhttp + @@ -621,7 +618,6 @@ index 000000000..8d316a78f + "strconv" + "strings" + "sync" -+ "syscall" + "time" + + "go.balki.me/anyhttp/idle" @@ -758,16 +754,6 @@ index 000000000..8d316a78f +// StartFD is the starting file descriptor number +const StartFD = 3 + -+func makeFdListener(fd int, name string) (net.Listener, error) { -+ fdFile := os.NewFile(uintptr(fd), name) -+ l, err := net.FileListener(fdFile) -+ if err != nil { -+ return nil, err -+ } -+ syscall.CloseOnExec(fd) -+ return l, nil -+} -+ +// GetListener returns the FileListener created with socketed activated fd +func (s *SysdConfig) GetListener() (net.Listener, error) { + @@ -1046,6 +1032,47 @@ index 000000000..8d316a78f + } + return &ctx, nil +} +diff --git a/vendor/go.balki.me/anyhttp/fd_unix.go b/vendor/go.balki.me/anyhttp/fd_unix.go +new file mode 100644 +index 000000000..83a94fce4 +--- /dev/null ++++ b/vendor/go.balki.me/anyhttp/fd_unix.go +@@ -0,0 +1,19 @@ ++//go:build unix ++ ++package anyhttp ++ ++import ( ++ "net" ++ "os" ++ "syscall" ++) ++ ++func makeFdListener(fd int, name string) (net.Listener, error) { ++ fdFile := os.NewFile(uintptr(fd), name) ++ l, err := net.FileListener(fdFile) ++ if err != nil { ++ return nil, err ++ } ++ syscall.CloseOnExec(fd) ++ return l, nil ++} +diff --git a/vendor/go.balki.me/anyhttp/fd_windows.go b/vendor/go.balki.me/anyhttp/fd_windows.go +new file mode 100644 +index 000000000..f1d6bca12 +--- /dev/null ++++ b/vendor/go.balki.me/anyhttp/fd_windows.go +@@ -0,0 +1,10 @@ ++package anyhttp ++ ++import ( ++ "errors" ++ "net" ++) ++ ++func makeFdListener(fd int, name string) (net.Listener, error) { ++ return nil, errors.New("windows not supported") ++} diff --git a/vendor/go.balki.me/anyhttp/idle/idle.go b/vendor/go.balki.me/anyhttp/idle/idle.go new file mode 100644 index 000000000..ee3d81ff1 @@ -1180,14 +1207,14 @@ index 000000000..ee3d81ff1 + return i.c +} diff --git a/vendor/modules.txt b/vendor/modules.txt -index 276f0f17c..ec3ecb43d 100644 +index 19b2ef773..3d418ee33 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt -@@ -968,6 +968,10 @@ github.com/yuin/goldmark/renderer +@@ -1002,6 +1002,10 @@ github.com/yuin/goldmark/renderer github.com/yuin/goldmark/renderer/html github.com/yuin/goldmark/text github.com/yuin/goldmark/util -+# go.balki.me/anyhttp v0.5.0 ++# go.balki.me/anyhttp v0.5.2 +## explicit; go 1.20 +go.balki.me/anyhttp +go.balki.me/anyhttp/idle diff --git a/use-fhs-directories.patch b/use-fhs-directories.patch index e629fe9..470251e 100644 --- a/use-fhs-directories.patch +++ b/use-fhs-directories.patch @@ -1,24 +1,15 @@ --- a/example/config.yaml +++ b/example/config.yaml -@@ -97,7 +97,7 @@ trusted-proxies: - # String. Database type. - # Options: ["postgres","sqlite"] - # Default: "postgres" --db-type: "postgres" -+db-type: "sqlite" - - # String. Database address or parameters. - # -@@ -112,7 +112,7 @@ db-type: "postgres" +@@ -172,7 +172,7 @@ db-type: "sqlite" # # Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"] # Default: "" --db-address: "" +-db-address: "sqlite.db" +db-address: "/var/lib/gotosocial/sqlite.db" - # Int. Port for database connection. + # Int. Port for postgres database connection; ignored for sqlite. # Examples: [5432, 1234, 6969] -@@ -158,12 +158,12 @@ db-tls-ca-cert: "" +@@ -297,12 +297,12 @@ cache: # String. Directory from which gotosocial will attempt to load html templates (.tmpl files). # Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"] # Default: "./web/template/" @@ -33,7 +24,7 @@ ########################### ##### INSTANCE CONFIG ##### -@@ -261,7 +261,7 @@ storage-backend: "local" +@@ -745,7 +745,7 @@ storage-backend: "local" # Only required when running with the local storage backend. # Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"] # Default: "/gotosocial/storage" @@ -42,7 +33,7 @@ # String. API endpoint of the S3 compatible service. # Only required when running with the s3 storage backend. -@@ -357,7 +357,7 @@ letsencrypt-port: 80 +@@ -908,7 +908,7 @@ letsencrypt-port: 80 # In any case, make sure GoToSocial has permissions to write to / read from this directory. # Examples: ["/home/gotosocial/storage/certs", "/acmecerts"] # Default: "/gotosocial/storage/certs" @@ -53,8 +44,8 @@ # Most likely, this will be the email address of the instance administrator. --- a/example/gotosocial.service +++ b/example/gotosocial.service -@@ -14,8 +14,8 @@ Type=exec - Restart=on-failure +@@ -28,8 +28,8 @@ Restart=on-failure + #Environment="OTEL_METRICS_PRODUCERS=prometheus" # change if your path to the GoToSocial binary is different -ExecStart=/gotosocial/gotosocial --config-path config.yaml server start @@ -62,5 +53,5 @@ +ExecStart=/usr/bin/gotosocial --config-path /etc/gotosocial/config.yaml server start +WorkingDirectory=/var/lib/gotosocial - StandardOutput=append:/var/log/gotosocial/gotosocial.log - StandardError=inherit + # Sandboxing options to harden security + # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html