Commit graph

563 commits

Author SHA1 Message Date
fr33domlover
04e26a911d In httpGetAP, if we got an unexpected Content-Type, specify it in error message 2019-01-21 22:24:09 +00:00
fr33domlover
2a68bb560b Link to OutboxR for testing, instead of InboxR 2019-01-21 21:42:21 +00:00
fr33domlover
e6ee947cfd In update-deps.sh, darcs pull new patches automatically without asking 2019-01-21 21:07:56 +00:00
fr33domlover
1f47ca39eb Federation test outbox page with form for entering JSON 2019-01-21 15:54:57 +00:00
fr33domlover
2cc621e3a5 Public ActivityPub actor in PersonR
It already had one, but it didn't have a public key and it was using the old
mess of the Vervis.ActivityStreams module, which I'll possibly remove soon.
It's hopefully more elegant now.
2019-01-19 05:56:58 +00:00
fr33domlover
2a4dc345f4 Back to using the (updated) YesodHttpSig class 2019-01-19 04:21:56 +00:00
fr33domlover
393cce0ede When GETing the keyId, set Accept header to JSON-LD/AS2 2019-01-19 02:57:58 +00:00
fr33domlover
93def0dfc8 When doing httpJSON to GET keyId, use appHttpManager, not the silly global one 2019-01-19 02:33:20 +00:00
fr33domlover
61a82f52d8 Turn inbox URL in layout template into a link, accidentally didn't before 2019-01-19 02:21:23 +00:00
fr33domlover
28439b0236 Add InboxR to breadcrumbs instance, I always forget and it causes errors 2019-01-19 02:20:49 +00:00
fr33domlover
e4153fc909 Ugh I forgot *again* to commit a new source file, the actual InboxR handler 2019-01-19 01:56:50 +00:00
fr33domlover
df01560ea6 ActivityPub inbox test page
This patch includes some ugliness and commented out code. Sorry for that. I'll
clean it up soon.

Basically there's a TVar holding a Vector of at most 10 AP activities. You can
freely POST stuff to /inbox, and then GET /inbox and see what you posted, or an
error description saying why your activity was rejected.
2019-01-19 01:44:21 +00:00
fr33domlover
e22d0c000a In homepage say ForgeFed instead of GitPub (thanks zPlus!) 2019-01-19 01:43:19 +00:00
fr33domlover
822345a70e Move signup link to login line, should look a bit nicer 2019-01-19 01:41:57 +00:00
fr33domlover
853390aba0 Move signup link to the top, to be close to login link (thanks zPlus!)
It's still ugly, they appear on different lines. Ideally, should change the
layout to have the links together.
2019-01-19 01:07:09 +00:00
fr33domlover
9adf7a2e34 Fix HTTP sig default time limit, 5 minutes not 5 seconds 2019-01-19 01:06:09 +00:00
fr33domlover
499e26db48 Periodically rotated AP actor key for signing ActivityPub requests
The actor key will be used for all actors on the server. It's held in a `TVar`
so that it can always be safely updated and safely retrieved (technically there
is a single writer so IORef and MVar could work, but they require extra care
while TVar is by design suited for this sort of thing).
2019-01-14 22:08:44 +00:00
fr33domlover
adaa920aa4 Launch service thread with a function that re-throws if they fail
In Haskell by default if a thread has an exception, the main thread isn't
notified at all. This patch changes service thread launching to re-throw their
exceptions in the main thread, so that their failure is noticed.
2019-01-14 22:03:49 +00:00
fr33domlover
5862b03019 Remove HTTP connection manager, it's not being used
I suppose there's no performance difference in using one, but it requires
`http-conduit` as a build dependency, so potentially we may be reducing build
time by removing unnecessary deps.
2019-01-14 02:30:39 +00:00
fr33domlover
4c50a1fc96 Turn clone-deps.sh into a safe update-deps.sh script and document in INSTALL.md 2019-01-14 01:50:14 +00:00
fr33domlover
0e2001af0f Palette: Make the dark blue lighter, it's too dark against the #111 background 2019-01-03 10:18:09 +00:00
fr33domlover
632bfe1979 In repo change feed, entry ID is now the URL of patch page 2018-12-12 08:37:01 +00:00
fr33domlover
4bd33b59e5 Remove GitOld module, it's not in use anymore 2018-12-12 07:59:19 +00:00
fr33domlover
fe4d1e1afe Remove the src-old dir, no need for it anymore (since long time ago) 2018-12-12 07:46:30 +00:00
fr33domlover
f9045e211b Update INSTALL.md to reflect latest status 2018-12-10 13:58:39 +00:00
fr33domlover
33338a73cc Upgrade to GHC 8.4 and LTS 12 2018-12-05 03:41:19 +00:00
fr33domlover
4c17e3486b Mention in INSTALL.md a way to build against libssl 1.1 2018-11-29 22:01:12 +00:00
fr33domlover
a1daa4fb3e Place dependency libraries in a 'lib' subdir instead of same dir as Vervis 2018-11-29 09:48:27 +00:00
fr33domlover
9aea6947c0 Use apt in INSTALL.md, not apt-get (thanks vaeringjar!) 2018-11-28 08:20:45 +00:00
fr33domlover
1c47dabe48 Mention in README that INSTALL does exist 2018-11-01 09:46:18 +00:00
fr33domlover
48d7e86684 Remove table headers from repo source dir view 2018-11-01 09:45:48 +00:00
fr33domlover
0d3ccb3a38 Document running the SSH server on port 22 2018-10-25 20:28:06 +00:00
fr33domlover
878f853520 Some CSS tweaks 2018-07-12 09:31:00 +00:00
fr33domlover
9bc5d411c8 Change color scheme to something hopefully not controversial 2018-07-12 09:25:04 +00:00
fr33domlover
cf3f8fb8f6 Add CSRF token to all buttons through a new buttonW widget 2018-07-11 08:15:19 +00:00
fr33domlover
7fdc7e703d Repo tree view: Replace [D] and [F] with Unicode chars 2018-07-10 16:43:22 +00:00
fr33domlover
01163dfe9a Darcs patch parser: Make sure we read the whole patch successfully 2018-07-10 16:00:01 +00:00
fr33domlover
edaf141359 Fix Darcs patch author parsing 2018-07-10 15:26:16 +00:00
fr33domlover
a50de1fe88 Darcs patch view, supporting only text file edit hunks so far 2018-07-10 14:02:30 +00:00
fr33domlover
13bd369de3 Darcs patch reader: Join adjacent remove-add sequences like in the Git module 2018-07-09 19:12:11 +00:00
fr33domlover
16c71b666f Data.List.Local: Generalize input list to be any Foldable 2018-07-08 21:57:08 +00:00
fr33domlover
c8146bbff4 Data.List.Local: Comment out the unused groupByFst 2018-07-08 21:56:08 +00:00
fr33domlover
7782e83419 Initial implementation of Darcs patch reader 2018-07-08 14:45:35 +00:00
fr33domlover
c8b085fbc8 Plan for parsing Darcs patch for patch view 2018-07-07 16:05:10 +00:00
fr33domlover
5a7811b067 Include CSRF token in login form, otherwise the check fails and login fails
CSRF token check doesn't find the token in the login POST, so logins fail. For
some reason, yesod-auth-account intentionally avoided putting the token in the
login form. I updated the yesod-auth-account code to include the token. This
patch simply choose the new revision with the fix, so that logins work again.
2018-07-01 15:10:11 +00:00
fr33domlover
a1d0b8402e Disable CSRF token check for HTTP git pull
Git pull uses a POST request, which is treated as a write request and the CSRF
token is checked. However, no modification to the server is made by git pulls,
as far as I know (actually I'm not sure why it uses a POST). The entire
response is handled by the git command, and the client side is usually the git
command running in the terminal, there's no session and no cookies (as far as I
know). So I'm just disabling CSRF token checking for this route.
2018-07-01 15:04:33 +00:00
fr33domlover
c420b8d8ea Make the cookie encryption key and timeout configurable in settings file 2018-07-01 08:15:23 +00:00
fr33domlover
870123bfcc Enable CSRF middleware, hopefully this time it works 2018-07-01 04:51:43 +00:00
fr33domlover
9ed1f4c99d Fix: Sharer and repo in SSH address path weren't being lowercased in SSH server
The sharer and repo were being taken and used as is to check push permissions,
which is how it's supposed to be, *but* they were also being used as is to
build the repo path! So sharer and repo names that aren't all lowercase were
getting "No such repository" errors when trying to push.

I changed `RepoSpec` to hold `ShrIdent` and `RpIdent` instead of plain `Text`,
to avoid confusions like that and be clear and explicit about the
representation, and failures to find a repo after verifying it against the DB
are now logged as errors to help with debugging.

I hope this fixes the problem.
2018-06-18 08:30:57 +00:00
fr33domlover
6088b1e117 Display tickets in list view the same as in tree view 2018-06-17 10:29:51 +00:00