mirror of https://github.com/LemmyNet/lemmy.git
Compare commits
6 Commits
91ba49594e
...
a54cf02e05
Author | SHA1 | Date |
---|---|---|
Nutomic | a54cf02e05 | |
SleeplessOne1917 | b152be7951 | |
SleeplessOne1917 | 485b0f1a54 | |
Felix Ableitner | e84e25d8fa | |
Felix Ableitner | d12cb68c19 | |
Felix Ableitner | 83a8bb1630 |
File diff suppressed because it is too large
Load Diff
|
@ -157,10 +157,10 @@ ts-rs = { version = "7.1.1", features = [
|
|||
"chrono-impl",
|
||||
"no-serde-warnings",
|
||||
] }
|
||||
rustls = { version = "0.21.11", features = ["dangerous_configuration"] }
|
||||
rustls = { version = "0.23.5", features = ["ring"] }
|
||||
futures-util = "0.3.30"
|
||||
tokio-postgres = "0.7.10"
|
||||
tokio-postgres-rustls = "0.10.0"
|
||||
tokio-postgres-rustls = "0.12.0"
|
||||
urlencoding = "2.1.3"
|
||||
enum-map = "2.7"
|
||||
moka = { version = "0.12.7", features = ["future"] }
|
||||
|
|
|
@ -25,7 +25,7 @@ full = [
|
|||
"lemmy_db_views_moderator/full",
|
||||
"lemmy_utils/full",
|
||||
"activitypub_federation",
|
||||
"encoding",
|
||||
"encoding_rs",
|
||||
"reqwest-middleware",
|
||||
"webpage",
|
||||
"ts-rs",
|
||||
|
@ -69,7 +69,7 @@ mime = { version = "0.3.17", optional = true }
|
|||
webpage = { version = "1.6", default-features = false, features = [
|
||||
"serde",
|
||||
], optional = true }
|
||||
encoding = { version = "0.2.33", optional = true }
|
||||
encoding_rs = { version = "0.8.34", optional = true }
|
||||
jsonwebtoken = { version = "8.3.0", optional = true }
|
||||
# necessary for wasmt compilation
|
||||
getrandom = { version = "0.2.14", features = ["js"] }
|
||||
|
|
|
@ -6,7 +6,7 @@ use crate::{
|
|||
utils::{local_site_opt_to_sensitive, proxy_image_link, proxy_image_link_opt_apub},
|
||||
};
|
||||
use activitypub_federation::config::Data;
|
||||
use encoding::{all::encodings, DecoderTrap};
|
||||
use encoding_rs::{Encoding, UTF_8};
|
||||
use lemmy_db_schema::{
|
||||
newtypes::DbUrl,
|
||||
source::{
|
||||
|
@ -160,11 +160,9 @@ fn extract_opengraph_data(html_bytes: &[u8], url: &Url) -> LemmyResult<OpenGraph
|
|||
// proper encoding. If the specified encoding cannot be found, fall back to the original UTF-8
|
||||
// version.
|
||||
if let Some(charset) = page.meta.get("charset") {
|
||||
if charset.to_lowercase() != "utf-8" {
|
||||
if let Some(encoding_ref) = encodings().iter().find(|e| e.name() == charset) {
|
||||
if let Ok(html_with_encoding) = encoding_ref.decode(html_bytes, DecoderTrap::Replace) {
|
||||
page = HTML::from_string(html_with_encoding, None)?;
|
||||
}
|
||||
if charset != UTF_8.name() {
|
||||
if let Some(encoding) = Encoding::for_label(charset.as_bytes()) {
|
||||
page = HTML::from_string(encoding.decode(html_bytes).0.into(), None)?;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,6 +8,6 @@
|
|||
"type": "Block",
|
||||
"removeData": true,
|
||||
"summary": "spam post",
|
||||
"expires": "2021-11-01T12:23:50.151874Z",
|
||||
"endTime": "2021-11-01T12:23:50.151874Z",
|
||||
"id": "http://enterprise.lemmy.ml/activities/block/5d42fffb-0903-4625-86d4-0b39bb344fc2"
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
"type": "Block",
|
||||
"removeData": true,
|
||||
"summary": "spam post",
|
||||
"expires": "2021-11-01T12:23:50.151874Z",
|
||||
"endTime": "2021-11-01T12:23:50.151874Z",
|
||||
"id": "http://enterprise.lemmy.ml/activities/block/726f43ab-bd0e-4ab3-89c8-627e976f553c"
|
||||
},
|
||||
"cc": ["http://enterprise.lemmy.ml/c/main"],
|
||||
|
|
|
@ -74,7 +74,6 @@ impl BlockUser {
|
|||
&context.settings().get_protocol_and_hostname(),
|
||||
)?,
|
||||
audience,
|
||||
expires,
|
||||
end_time: expires,
|
||||
})
|
||||
}
|
||||
|
@ -157,7 +156,7 @@ impl ActivityHandler for BlockUser {
|
|||
#[tracing::instrument(skip_all)]
|
||||
async fn receive(self, context: &Data<LemmyContext>) -> LemmyResult<()> {
|
||||
insert_received_activity(&self.id, context).await?;
|
||||
let expires = self.expires.or(self.end_time).map(Into::into);
|
||||
let expires = self.end_time.map(Into::into);
|
||||
let mod_person = self.actor.dereference(context).await?;
|
||||
let blocked_person = self.object.dereference(context).await?;
|
||||
let target = self.target.dereference(context).await?;
|
||||
|
|
|
@ -98,7 +98,7 @@ impl ActivityHandler for UndoBlockUser {
|
|||
#[tracing::instrument(skip_all)]
|
||||
async fn receive(self, context: &Data<LemmyContext>) -> LemmyResult<()> {
|
||||
insert_received_activity(&self.id, context).await?;
|
||||
let expires = self.object.expires.or(self.object.end_time).map(Into::into);
|
||||
let expires = self.object.end_time.map(Into::into);
|
||||
let mod_person = self.actor.dereference(context).await?;
|
||||
let blocked_person = self.object.object.dereference(context).await?;
|
||||
match self.object.target.dereference(context).await? {
|
||||
|
|
|
@ -38,8 +38,6 @@ pub struct BlockUser {
|
|||
pub(crate) remove_data: Option<bool>,
|
||||
/// block reason, written to mod log
|
||||
pub(crate) summary: Option<String>,
|
||||
/// TODO: deprecated
|
||||
pub(crate) expires: Option<DateTime<Utc>>,
|
||||
pub(crate) end_time: Option<DateTime<Utc>>,
|
||||
}
|
||||
|
||||
|
|
|
@ -33,13 +33,22 @@ use lemmy_utils::{
|
|||
use once_cell::sync::Lazy;
|
||||
use regex::Regex;
|
||||
use rustls::{
|
||||
client::{ServerCertVerified, ServerCertVerifier},
|
||||
ServerName,
|
||||
client::danger::{
|
||||
DangerousClientConfigBuilder,
|
||||
HandshakeSignatureValid,
|
||||
ServerCertVerified,
|
||||
ServerCertVerifier,
|
||||
},
|
||||
crypto::{self, verify_tls12_signature, verify_tls13_signature},
|
||||
pki_types::{CertificateDer, ServerName, UnixTime},
|
||||
ClientConfig,
|
||||
DigitallySignedStruct,
|
||||
SignatureScheme,
|
||||
};
|
||||
use std::{
|
||||
ops::{Deref, DerefMut},
|
||||
sync::Arc,
|
||||
time::{Duration, SystemTime},
|
||||
time::Duration,
|
||||
};
|
||||
use tracing::error;
|
||||
use url::Url;
|
||||
|
@ -312,10 +321,11 @@ pub fn diesel_option_overwrite_to_url_create(opt: &Option<String>) -> LemmyResul
|
|||
|
||||
fn establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgConnection>> {
|
||||
let fut = async {
|
||||
let rustls_config = rustls::ClientConfig::builder()
|
||||
.with_safe_defaults()
|
||||
.with_custom_certificate_verifier(Arc::new(NoCertVerifier {}))
|
||||
.with_no_client_auth();
|
||||
let rustls_config = DangerousClientConfigBuilder {
|
||||
cfg: ClientConfig::builder(),
|
||||
}
|
||||
.with_custom_certificate_verifier(Arc::new(NoCertVerifier {}))
|
||||
.with_no_client_auth();
|
||||
|
||||
let tls = tokio_postgres_rustls::MakeRustlsConnect::new(rustls_config);
|
||||
let (client, conn) = tokio_postgres::connect(config, tls)
|
||||
|
@ -338,21 +348,55 @@ fn establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgConne
|
|||
fut.boxed()
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
struct NoCertVerifier {}
|
||||
|
||||
impl ServerCertVerifier for NoCertVerifier {
|
||||
fn verify_server_cert(
|
||||
&self,
|
||||
_end_entity: &rustls::Certificate,
|
||||
_intermediates: &[rustls::Certificate],
|
||||
_end_entity: &CertificateDer,
|
||||
_intermediates: &[CertificateDer],
|
||||
_server_name: &ServerName,
|
||||
_scts: &mut dyn Iterator<Item = &[u8]>,
|
||||
_ocsp_response: &[u8],
|
||||
_now: SystemTime,
|
||||
_ocsp: &[u8],
|
||||
_now: UnixTime,
|
||||
) -> Result<ServerCertVerified, rustls::Error> {
|
||||
// Will verify all (even invalid) certs without any checks (sslmode=require)
|
||||
Ok(ServerCertVerified::assertion())
|
||||
}
|
||||
|
||||
fn verify_tls12_signature(
|
||||
&self,
|
||||
message: &[u8],
|
||||
cert: &CertificateDer,
|
||||
dss: &DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, rustls::Error> {
|
||||
verify_tls12_signature(
|
||||
message,
|
||||
cert,
|
||||
dss,
|
||||
&crypto::ring::default_provider().signature_verification_algorithms,
|
||||
)
|
||||
}
|
||||
|
||||
fn verify_tls13_signature(
|
||||
&self,
|
||||
message: &[u8],
|
||||
cert: &CertificateDer,
|
||||
dss: &DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, rustls::Error> {
|
||||
verify_tls13_signature(
|
||||
message,
|
||||
cert,
|
||||
dss,
|
||||
&crypto::ring::default_provider().signature_verification_algorithms,
|
||||
)
|
||||
}
|
||||
|
||||
fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
|
||||
crypto::ring::default_provider()
|
||||
.signature_verification_algorithms
|
||||
.supported_schemes()
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn build_db_pool() -> LemmyResult<ActualDbPool> {
|
||||
|
|
Loading…
Reference in New Issue