From 7d233f1dd9c5be8d7beba7ec5b92029888e0c91c Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 17 Feb 2020 14:27:29 +0100 Subject: Manual approves followers only for the instance And not for accounts or channels of the instance --- server/lib/activitypub/process/process-follow.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'server') diff --git a/server/lib/activitypub/process/process-follow.ts b/server/lib/activitypub/process/process-follow.ts index 85f22d654..0b98d4af2 100644 --- a/server/lib/activitypub/process/process-follow.ts +++ b/server/lib/activitypub/process/process-follow.ts @@ -59,7 +59,7 @@ async function processFollow (byActor: MActorSignature, targetActorURL: string) transaction: t }) - if (actorFollow.state !== 'accepted' && CONFIG.FOLLOWERS.INSTANCE.MANUAL_APPROVAL === false) { + if (actorFollow.state !== 'accepted' && isFollowingInstance && CONFIG.FOLLOWERS.INSTANCE.MANUAL_APPROVAL === false) { actorFollow.state = 'accepted' await actorFollow.save({ transaction: t }) } -- cgit v1.2.3 From 1c5fbed2093c0462e40a092d49d761a043c50e98 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 17 Feb 2020 15:33:42 +0100 Subject: Fix avatar update --- server/lib/activitypub/actor.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'server') diff --git a/server/lib/activitypub/actor.ts b/server/lib/activitypub/actor.ts index f802658cf..0b21de0ca 100644 --- a/server/lib/activitypub/actor.ts +++ b/server/lib/activitypub/actor.ts @@ -176,8 +176,8 @@ async function updateActorAvatarInstance (actor: MActorDefault, info: AvatarInfo if (!info.name) return actor if (actor.Avatar) { - // Don't update the avatar if the filename did not change - if (actor.Avatar.fileUrl === info.fileUrl) return actor + // Don't update the avatar if the file URL did not change + if (info.fileUrl && actor.Avatar.fileUrl === info.fileUrl) return actor try { await actor.Avatar.destroy({ transaction: t }) -- cgit v1.2.3 From 2db48acc46307f8f61a39ba073c3ef1ee31f2940 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 17 Feb 2020 15:44:06 +0100 Subject: Correctly fix auto follows --- server/lib/activitypub/process/process-follow.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'server') diff --git a/server/lib/activitypub/process/process-follow.ts b/server/lib/activitypub/process/process-follow.ts index 0b98d4af2..db7fb8568 100644 --- a/server/lib/activitypub/process/process-follow.ts +++ b/server/lib/activitypub/process/process-follow.ts @@ -59,7 +59,9 @@ async function processFollow (byActor: MActorSignature, targetActorURL: string) transaction: t }) - if (actorFollow.state !== 'accepted' && isFollowingInstance && CONFIG.FOLLOWERS.INSTANCE.MANUAL_APPROVAL === false) { + // Set the follow as accepted if the remote actor follows a channel or account + // Or if the instance automatically accepts followers + if (actorFollow.state !== 'accepted' && (isFollowingInstance === false || CONFIG.FOLLOWERS.INSTANCE.MANUAL_APPROVAL === false)) { actorFollow.state = 'accepted' await actorFollow.save({ transaction: t }) } -- cgit v1.2.3 From dfab4fa9c6d5b6f12ac844b191a51282b002d3f5 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 20 Feb 2020 10:04:36 +0100 Subject: Fix CSP for embeds --- server/controllers/client.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'server') diff --git a/server/controllers/client.ts b/server/controllers/client.ts index dc3ff18fc..56685f102 100644 --- a/server/controllers/client.ts +++ b/server/controllers/client.ts @@ -2,10 +2,11 @@ import * as express from 'express' import { join } from 'path' import { root } from '../helpers/core-utils' import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers/constants' -import { asyncMiddleware } from '../middlewares' +import { asyncMiddleware, embedCSP } from '../middlewares' import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n' import { ClientHtml } from '../lib/client-html' import { logger } from '../helpers/logger' +import { CONFIG } from '@server/initializers/config' const clientsRouter = express.Router() @@ -19,8 +20,13 @@ clientsRouter.use('/videos/watch/:id', asyncMiddleware(generateWatchHtmlPage)) clientsRouter.use('/accounts/:nameWithHost', asyncMiddleware(generateAccountHtmlPage)) clientsRouter.use('/video-channels/:nameWithHost', asyncMiddleware(generateVideoChannelHtmlPage)) +const embedCSPMiddleware = CONFIG.CSP.ENABLED + ? embedCSP + : (req: express.Request, res: express.Response, next: express.NextFunction) => next() + clientsRouter.use( '/videos/embed', + embedCSPMiddleware, (req: express.Request, res: express.Response) => { res.removeHeader('X-Frame-Options') res.sendFile(embedPath) -- cgit v1.2.3 From 49be0fd3255db54cf9b038bed792eb0de0faf591 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 21 Feb 2020 14:11:11 +0100 Subject: Fix CPU usage on PostgreSQL --- server/models/video/video.ts | 52 +++++++++++++++++--------------------------- 1 file changed, 20 insertions(+), 32 deletions(-) (limited to 'server') diff --git a/server/models/video/video.ts b/server/models/video/video.ts index eacffe186..a91a7663d 100644 --- a/server/models/video/video.ts +++ b/server/models/video/video.ts @@ -136,8 +136,7 @@ import { MVideoThumbnailBlacklist, MVideoWithAllFiles, MVideoWithFile, - MVideoWithRights, - MStreamingPlaylistFiles + MVideoWithRights } from '../../typings/models' import { MVideoFile, MVideoFileStreamingPlaylistVideo } from '../../typings/models/video/video-file' import { MThumbnail } from '../../typings/models/video/thumbnail' @@ -437,42 +436,31 @@ export type AvailableForListIDsOptions = { } if (options.followerActorId) { - let localVideosReq: WhereOptions = {} + let localVideosReq = '' if (options.includeLocalVideos === true) { - localVideosReq = { remote: false } + localVideosReq = ' UNION ALL SELECT "video"."id" FROM "video" WHERE remote IS FALSE' } // Force actorId to be a number to avoid SQL injections const actorIdNumber = parseInt(options.followerActorId.toString(), 10) whereAnd.push({ - [Op.or]: [ - { - id: { - [ Op.in ]: Sequelize.literal( - '(' + - 'SELECT "videoShare"."videoId" AS "id" FROM "videoShare" ' + - 'INNER JOIN "actorFollow" ON "actorFollow"."targetActorId" = "videoShare"."actorId" ' + - 'WHERE "actorFollow"."actorId" = ' + actorIdNumber + - ')' - ) - } - }, - { - id: { - [ Op.in ]: Sequelize.literal( - '(' + - 'SELECT "video"."id" AS "id" FROM "video" ' + - 'INNER JOIN "videoChannel" ON "videoChannel"."id" = "video"."channelId" ' + - 'INNER JOIN "account" ON "account"."id" = "videoChannel"."accountId" ' + - 'INNER JOIN "actor" ON "account"."actorId" = "actor"."id" ' + - 'INNER JOIN "actorFollow" ON "actorFollow"."targetActorId" = "actor"."id" ' + - 'WHERE "actorFollow"."actorId" = ' + actorIdNumber + - ')' - ) - } - }, - localVideosReq - ] + id: { + [Op.in]: Sequelize.literal( + '(' + + 'SELECT "videoShare"."videoId" AS "id" FROM "videoShare" ' + + 'INNER JOIN "actorFollow" ON "actorFollow"."targetActorId" = "videoShare"."actorId" ' + + 'WHERE "actorFollow"."actorId" = ' + actorIdNumber + + ' UNION ALL ' + + 'SELECT "video"."id" AS "id" FROM "video" ' + + 'INNER JOIN "videoChannel" ON "videoChannel"."id" = "video"."channelId" ' + + 'INNER JOIN "account" ON "account"."id" = "videoChannel"."accountId" ' + + 'INNER JOIN "actor" ON "account"."actorId" = "actor"."id" ' + + 'INNER JOIN "actorFollow" ON "actorFollow"."targetActorId" = "actor"."id" ' + + 'WHERE "actorFollow"."actorId" = ' + actorIdNumber + + localVideosReq + + ')' + ) + } }) } -- cgit v1.2.3