lain
1d75d0ed7a
Merge branch 'admin-api-change-password' into 'develop'
...
Admin API: `PATCH /api/pleroma/admin/users/:nickname/update_credentials`
See merge request pleroma/pleroma!2149
5 years ago
Egor Kislitsyn
3189c44a0c
Remove some TwitterAPI endpoints
5 years ago
Alexander Strizhakov
a6ee6784bc
creating trusted app from adminFE & mix task
5 years ago
Egor Kislitsyn
cb8236cda6
Add embeddable posts
5 years ago
eugenijm
13cce9c0de
Admin API: `PATCH /api/pleroma/admin/users/:nickname/credentials`, `GET /api/pleroma/admin/users/:nickname/credentials`.
5 years ago
eugenijm
d198e7fa2a
Admin API: `PATCH /api/pleroma/admin/users/:nickname/change_password`
5 years ago
Alexander Strizhakov
91870c8995
adding rss for user feed
5 years ago
Ivan Tashkinov
5fc92deef3
[ #1560 ] Ensured authentication or enabled federation for federation-related routes. New tests + tests refactoring.
5 years ago
Ivan Tashkinov
b6fc98d9cd
[ #1560 ] ActivityPubController federation state restrictions adjustments. Adjusted tests.
5 years ago
Haelwenn (lanodan) Monnier
6da6540036
Bump copyright years of files changed after 2020-01-07
...
Done via the following command:
git diff fcd5dd259a
--stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
5 years ago
eugenijm
e2a6a40367
Admin API: `GET /api/pleroma/admin/statuses` - list all statuses (accepts `godmode` and `local_only`)
5 years ago
eugenijm
7ad5c51f23
Admin API: `GET /api/pleroma/admin/stats` to get status count by visibility scope
5 years ago
lain
314928333a
Pleroma API: Add endpoint to get reaction information on a single emoji
5 years ago
Lain Soykaf
4538a1ee01
EmojiReactions: Remove old API endpoints
5 years ago
Lain Soykaf
f875b9650a
EmojiReactions: Add Mastodon-aligned reaction endpoints, change response
5 years ago
Alexander Strizhakov
5db6ac8ee4
removing migrate_from_db endpoint from admin api
5 years ago
rinpatch
49e80a1537
Merge branch 'feature/restart-pleroma-from-outside-application' into 'develop'
...
Restarting pleroma from outside application
See merge request pleroma/pleroma!2144
5 years ago
Alexander Strizhakov
e93cc561cd
restarting pleroma from outside application
5 years ago
Maksim Pechnikov
2cfe1b9385
Merge branch 'develop' into feature/tag_feed
5 years ago
Alexander Strizhakov
60ba2339a2
saving to DB only added by user settings
5 years ago
Maksim Pechnikov
c9f45edeac
Merge branch 'develop' into feature/tag_feed
5 years ago
Alexander Strizhakov
70c7a26de8
Merge branch 'develop' into admin-be
5 years ago
Alex S
2753285b77
config editing through database
5 years ago
Maksim Pechnikov
5b84156013
moved remote follow in separate controller
5 years ago
Maksim Pechnikov
a879c396bb
Merge branch 'develop' into feature/tag_feed
5 years ago
Maxim Filippov
3ecf131511
Merge branch 'develop' into feature/report-notes
5 years ago
Egor Kislitsyn
75b419d7c8
Do not apply http signature pipeline to the unsubscribe route
5 years ago
Maxim Filippov
a7f77785c2
Implement report notes destruction
5 years ago
Maksim Pechnikov
22fc271e23
init tag feed
5 years ago
Maxim Filippov
4b60d41db9
Add report notes
5 years ago
Maxim Filippov
82f4e4760e
Merge branch 'develop' into feature/admin-api-list-statuses-for-a-given-instance
5 years ago
Maxim Filippov
fd24467b92
Merge branch 'develop' into feature/admin-api-list-statuses-for-a-given-instance
5 years ago
lain
bd62946020
Merge branch 'feature/confirm-user-acc-resend-confirmation' into 'develop'
...
AdminAPI: Confirm user account, resend confirmation email
See merge request pleroma/pleroma!1994
5 years ago
Maxim Filippov
46eb160135
AdminAPI: Confirm user account, resend confirmation email
5 years ago
rinpatch
22554ac5ca
Merge branch 'bugfix/1395-email-activation' into 'develop'
...
Bugfix/1395 email activation
Closes #1395
See merge request pleroma/pleroma!1965
5 years ago
lain
f17e0f8e4f
OAuthPlug, Router: Handle deactivated users in the UserEnabledPlug
5 years ago
Maxim Filippov
114930b5fd
Merge branch 'develop' into feature/admin-api-list-statuses-for-a-given-instance
5 years ago
Maxim Filippov
30af5da330
Admin API: list all statuses from a given instance
5 years ago
feld
1afeaf82fa
Merge branch 'feature/reports-groups-and-multiple-state-update' into 'develop'
...
Admin API: Grouped reports, update multiple reports in one query
Closes admin-fe#43
See merge request pleroma/pleroma!1815
5 years ago
rinpatch
6085c71bd1
Merge branch 'reactions' into 'develop'
...
Emoji Reactions
See merge request pleroma/pleroma!1662
5 years ago
Phil Hagelberg
dc3b87d153
Move static FE routing into its own plug.
...
Previously it was piggybacking on FallbackRedirectController for users
and OStatusController for notices; now it's all in one place.
5 years ago
lain
b22ee9d966
Merge remote-tracking branch 'origin/develop' into reactions
5 years ago
Maxim Filippov
b14bf9044f
Merge branch 'develop' into feature/reports-groups-and-multiple-state-update
5 years ago
Maxim Filippov
43ea16870f
Merge branch 'develop' into feature/reports-groups-and-multiple-state-update
5 years ago
Maxim Filippov
743b622b7b
Force password reset for multiple users
5 years ago
Maksim Pechnikov
243719a965
Merge branch 'develop' into feature/masto_api_markers
5 years ago
Haelwenn
f01dbc450c
Merge branch 'feature/mastofe-pwa' into 'develop'
...
MastoFE: Add PWA manifest.
See merge request pleroma/pleroma!1834
5 years ago
eugenijm
52ed2f8f2d
Pleroma API: `POST /api/v1/pleroma/conversations/read` to mark all user's conversations as read
5 years ago
KokaKiwi
638457ba94
MastoFE: Add PWA manifest.
5 years ago
Maxim Filippov
019147f115
Merge branch 'develop' into feature/relay-list
5 years ago
Ariadne Conill
beb9861f9d
router: disconnect Salmon
5 years ago
Ariadne Conill
4f82e42e4e
websub: remove entirely
5 years ago
Maxim Filippov
2473702be2
Merge branch 'develop' into feature/relay-list
5 years ago
Maksim Pechnikov
66b5d0ff55
add Markers /api/v1/markers
5 years ago
Maxim Filippov
cc6875b582
Add `GET /api/pleroma/admin/relay` endpoint - lists all followed relays
5 years ago
Maxim Filippov
aaa4252f41
Deprecate POST/DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group instead of deleting it
5 years ago
Maxim Filippov
f5104f36bb
Deprecate /api/pleroma/admin/users/:nickname/toggle_activation instead of deleting it
5 years ago
Maxim Filippov
ad42837244
Ability to toggle activation status and permission group for a group of users
5 years ago
Maxim Filippov
35068baf65
Merge branch 'develop' into feature/reports-groups-and-multiple-state-update
5 years ago
Maxim Filippov
7aceaa517b
Admin API: Reports, grouped by status
5 years ago
lain
6c278cfe09
Merge branch 'develop' into 'reactions'
...
# Conflicts:
# CHANGELOG.md
5 years ago
Sergey Suprunenko
4b3f77a99f
Extract RSS Feed functionality from OStatus
5 years ago
lain
73b6512907
Merge remote-tracking branch 'origin/develop' into reactions
5 years ago
Ivan Tashkinov
b93856874d
[ #1234 ] Merge remote-tracking branch 'remotes/upstream/develop' into 1234-mastodon-2-4-3-oauth-scopes
...
# Conflicts:
# CHANGELOG.md
# lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex
# lib/pleroma/web/router.ex
5 years ago
lain
61097ba6ab
Merge branch 'develop' into 'reactions'
...
# Conflicts:
# CHANGELOG.md
5 years ago
kaniini
7a318d74e6
Merge branch 'split-masto-api/leftovers' into 'develop'
...
[#1278 ] Move a few more actions from MastodonAPIController
See merge request pleroma/pleroma!1761
5 years ago
lain
d9aaea44ff
Merge remote-tracking branch 'origin/develop' into reactions
5 years ago
Maksim Pechnikov
83631752af
removed legacy api: "/objects/:uuid/likes"
5 years ago
Maxim Filippov
8dcc2f9f5e
Admin API: Allow changing the state of multiple reports at once
5 years ago
lain
4cb603e1df
PleromaAPI: Add unreacting.
5 years ago
Egor Kislitsyn
e0c68eeb02
Move `:favourites` and `:bookmarks` actions to StatusController
5 years ago
Egor Kislitsyn
7f2bc57725
Move `follows`, `mutes` and `blocks` actions to AccountController
5 years ago
Egor Kislitsyn
d3c404af12
Add MastoFEController
5 years ago
lain
dfe5c958eb
ActivityPub: Add undo for emoji reactions.
5 years ago
Egor Kislitsyn
1c6e1055c8
Add CustomEmojiController
5 years ago
lain
557223b2b5
Merge remote-tracking branch 'origin/develop' into reactions
5 years ago
Egor Kislitsyn
c8b01f6667
Extract instance actions from `MastodonAPIController` to `InstanceController`
5 years ago
Egor Kislitsyn
af690d1033
Extract auth actions from `MastodonAPIController` to `AuthController`
5 years ago
Egor Kislitsyn
2dad6dd020
Extract apps actions from `MastodonAPIController` to `AppController`
5 years ago
Egor Kislitsyn
39695c4436
Extract suggestions actions from `MastodonAPIController` to `SuggestionController`
5 years ago
Egor Kislitsyn
585bc57edb
Extract media actions from `MastodonAPIController` to `MediaController`
5 years ago
Egor Kislitsyn
36a34c36fe
Extract poll actions from `MastodonAPIController` to `PollController`
5 years ago
Egor Kislitsyn
0c6009dd2e
Extract mascot actions from `MastodonAPIController` to MascotController
5 years ago
Egor Kislitsyn
987e0b8be8
Move update_credentials to MastodonAPI.AccountController
5 years ago
Egor Kislitsyn
c0ce2d5faf
Move account_register, relationships and verify_credentials to MastodonAPI.AccountController
5 years ago
Egor Kislitsyn
3c5ecb70b4
Add PleromaAPI.AccountController
5 years ago
Egor Kislitsyn
e7aef27c00
Fix merge
5 years ago
lain
a7f22c6e93
Merge remote-tracking branch 'origin/develop' into reactions
5 years ago
lain
b923842e96
Merge remote-tracking branch 'origin/develop' into reactions
5 years ago
kaniini
26f66fb70a
Merge branch 'features/apc2s-media-upload' into 'develop'
...
AP C2S mediaUpload
Closes #1171
See merge request pleroma/pleroma!1706
5 years ago
kaniini
0e356cc800
Merge branch 'split-masto-api/reports' into 'develop'
...
Extract report actions from `MastodonAPIController` to `ReportController`
See merge request pleroma/pleroma!1744
5 years ago
kaniini
74d8fadf37
Merge branch 'split-masto-api/conversations' into 'develop'
...
Extract conversation actions from `MastodonAPIController` to ConversationController
See merge request pleroma/pleroma!1743
5 years ago
Egor Kislitsyn
b7f27a4f58
Extract report actions from `MastodonAPIController` to `ReportController`
...
Update MastodonAPI.ReportView
5 years ago
Ariadne Conill
1d7cbdaf7b
change new scrobble endpoint
5 years ago
Ariadne Conill
e653edd182
split scrobble functions into their own controller
5 years ago
Ariadne Conill
a6e1469767
router: change scrobble timeline route from now-playing to scrobbles
5 years ago
Ariadne Conill
7cad6ea67a
pleroma api: hook up scrobbler controller
5 years ago
Egor Kislitsyn
d4d88b3361
Extract conversation actions from `MastodonAPIController` to ConversationController
5 years ago
rinpatch
e9d1aa75d5
Revert subscription refactoring.
...
As discussed in pleroma-meta#2
This reverts commit eb9aa7aa10
, reversing
changes made to c4fbb56984
.
5 years ago
kaniini
92d08d4113
Merge branch 'split-masto-api/follow-requests' into 'develop'
...
Extract follow requests actions from `MastodonAPIController` to `FollowRequestController`
See merge request pleroma/pleroma!1730
5 years ago
kaniini
68bf99baf2
Merge branch 'split-masto-api/domain-blocks' into 'develop'
...
Extract domain blocks actions from `MastodonAPIController` to `DomainBlockController`
See merge request pleroma/pleroma!1729
5 years ago
kaniini
27a3221d57
Merge branch 'split-masto-api/scheduled-statuses' into 'develop'
...
Extract scheduled statuses actions from `MastodonAPIController` to `ScheduledActivityController`
See merge request pleroma/pleroma!1728
5 years ago
Egor Kislitsyn
408750b94e
Extract domain blocks actions from `MastodonAPIController` to `DomainBlockController`
5 years ago
Egor Kislitsyn
99c5a35890
Extract follow requests actions from `MastodonAPIController` to `FollowRequestController`
5 years ago
Egor Kislitsyn
0a5b106ddd
Extract scheduled statuses actions from `MastodonAPIController` to `ScheduledActivityController`
5 years ago
Egor Kislitsyn
621377f378
Extract filter actions from `MastodonAPIController` to `FilterController`
5 years ago
kaniini
91e2bcf218
Merge branch 'refactor/status-controller' into 'develop'
...
Extract status actions from `MastodonAPIController` to `StatusController`
See merge request pleroma/pleroma!1719
5 years ago
kaniini
eb9aa7aa10
Merge branch 'refactor/subscription' into 'develop'
...
Refactor subscription functionality
Closes #1130
See merge request pleroma/pleroma!1664
5 years ago
Egor Kislitsyn
98d1347a4e
Extract status actions from `MastodonAPIController` into `StatusController`
5 years ago
Roman Chvanikov
b4b147000c
Merge develop
5 years ago
Egor Kislitsyn
3572cf29b7
Extract timeline actions from `MastodonAPIController` into `TimelineController`
5 years ago
kaniini
6abe12dced
Merge branch 'refactor/notification-controller' into 'develop'
...
Extract notification actions from `MastodonAPIController` into `NotificationController`
See merge request pleroma/pleroma!1646
5 years ago
Ekaterina Vaartis
ba9d35a904
Add an API endpoint for listing remote packs
5 years ago
Haelwenn (lanodan) Monnier
0dc8f3d6d2
/api/ap/uploadMedia → /api/ap/upload_media
5 years ago
Egor Kislitsyn
a66a7a328f
Extract notification actions from `MastodonAPIController` into `NotificationController`
5 years ago
kaniini
29dd8ab9c0
Merge branch 'feature/force-password-reset' into 'develop'
...
Admin API: Add ability to require password reset
See merge request pleroma/pleroma!1705
5 years ago
Haelwenn (lanodan) Monnier
815b904508
Add support for AP C2S uploadMedia
...
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1171
5 years ago
Maxim Filippov
6f25668215
Admin API: Add ability to force user's password reset
5 years ago
Ekaterina Vaartis
d51e5e447e
Move emoji reloading to admin api
5 years ago
Ekaterina Vaartis
74fb6d8647
Move EmojiAPIController from EmojiAPI to PleromaAPI
5 years ago
Ekaterina Vaartis
6cd651a38b
Make the emoji controller api more RESTy
5 years ago
Ekaterina Vaartis
f24731788e
Move emoji pack list from /list to /
5 years ago
Ekaterina Vaartis
9eb2ee4df0
Allow importing old (emoji.txt / plain) packs from the filesystem
5 years ago
Ekaterina Vaartis
f5131540dc
Add a way to create emoji packs via an endpoint
5 years ago
Ekaterina Vaartis
9afe7258dd
Implememt emoji pack file updating + write tests
5 years ago
Ekaterina Vaartis
bcc0bfd0c5
Add an endpoint for emoji pack metadata updating
5 years ago
Ekaterina Vaartis
2d4b8f3d20
Add an endpoint for deleting emoji packs
5 years ago
Ekaterina Vaartis
54b8e683bc
Swap TOML for YAML to get YAML generation for packs from fallbacks
...
If fallback url doesn't have a pack.yml file, one from the source will
be used
5 years ago
Ekaterina Vaartis
b791a08656
Implement API actions on packs
...
That incldues listing them and downloading them from other instances
or from the remote url
5 years ago
Alex S
a18f1e7cd7
namings
5 years ago
Alex S
4faf2b1555
post for creating invite tokens in admin api
5 years ago
Roman Chvanikov
7d1773bc6b
Rename SubscriptionNotificationController list and get actions to index and show
5 years ago
Roman Chvanikov
a81f80233d
Apply suggestion to lib/pleroma/web/router.ex
5 years ago
Roman Chvanikov
6042e21b25
Move subscription notifications to a separate controller
5 years ago
Roman Chvanikov
76c3e290fc
Merge develop
5 years ago
rinpatch
ba70a8cae6
Merge branch 'develop' into feature/delivery-tracking
5 years ago
Roman Chvanikov
0bd2b85edb
Separate Subscription Notifications from regular Notifications
5 years ago
lain
a7f31bf06c
Merge remote-tracking branch 'origin/develop' into reactions
5 years ago
Egor Kislitsyn
25d8216804
Add email change endpoint
5 years ago
rinpatch
b0e6058021
Parse http signature for request to objects/activities
5 years ago
lain
05e9776517
PleromaAPIController: Add endpoint to fetch emoji reactions.
5 years ago
Egor Kislitsyn
b40b10b53d
Add an endpoint to get multiple statuses by IDs
5 years ago
rinpatch
896ffabe37
Merge branch 'so-long-twitterapi' into 'develop'
...
Removing TwitterAPI
See merge request pleroma/pleroma!1605
5 years ago
lain
99ea990a16
PleromaAPIController: Add emoji reactions.
5 years ago
rinpatch
c2b6c1b089
Extend `/api/pleroma/notifications/read` to mark multiple notifications
...
as read and make it respond with Mastoapi entities
5 years ago
rinpatch
bd3ed3a622
Add back /api/qvitter/statuses/notifications/read.json
5 years ago
rinpatch
eb1739c596
Remove most of TwitterAPIController
5 years ago
Egor Kislitsyn
30510ade0e
Extract MastodonAPIController's list actions into MastodonAPI.ListController; Add more tests
5 years ago
kaniini
6dc24422dc
Merge branch 'issue/1177' into 'develop'
...
[#1177 ] fixed unfollow for relay actor
See merge request pleroma/pleroma!1589
5 years ago
Maxim Filippov
37dd3867bb
Log admin/moderator actions
5 years ago
lain
90986667ce
Merge branch 'admin-create-users' into 'develop'
...
user creation admin api will create multiple users
See merge request pleroma/pleroma!1170
5 years ago
Maksim Pechnikov
8dc6a6b210
fix /inbox for Relay
5 years ago
Maksim Pechnikov
64bfb41c55
fixed unfollow for relay actor
5 years ago
Sachin Joshi
37229af15f
remove old user create and delete routes for admin
5 years ago
lain
df81abb68c
Conversations: Use correct oauth paths for extended api.
5 years ago
lain
560dbad538
Merge remote-tracking branch 'origin/develop' into pleroma-conversations
5 years ago
lain
60231ec7bd
Conversation: Add endpoint to get a conversation by id.
5 years ago
lain
a2b98f6d58
Merge remote-tracking branch 'origin/develop' into pleroma-conversations
5 years ago
lain
3af6d14da7
Pleroma Conversations API: Add a way to set recipients.
5 years ago
lain
eee98aaa73
Pleroma API: Add endpoint to get conversation statuses.
5 years ago
Roman Chvanikov
9d4f34fbcb
Merge branch 'develop' into feature/digest-email
5 years ago
Alexander Strizhakov
51b3b6d816
Admin changes
5 years ago
Sergey Suprunenko
c0e258cf21
Redirect not logged-in users to the MastoFE login page on private instances
5 years ago
Sachin Joshi
242f5c585e
add account confirmation email resend in mastodon api
5 years ago
Maksim
6b77a88365
[ #1097 ] added redirect: /pleroma/admin -> /pleroma/admin/
5 years ago
Roman Chvanikov
d2da3d30f3
Merge branch 'develop' into feature/digest-email
5 years ago
Maxim Filippov
f46805bb40
Merge branch 'develop' into feature/admin-api-user-statuses
5 years ago
Haelwenn (lanodan) Monnier
90be91b0e0
Router: Remove deprecated AdminAPI endpoints
5 years ago
Ariadne Conill
bc6c5c513a
router: ensure the AP sharedinbox path is registered first
5 years ago
Roman Chvanikov
36049f08ef
Merge develop
5 years ago
Maxim Filippov
9570a5be40
Merge branch 'develop' into feature/admin-api-user-statuses
5 years ago
Ariadne Conill
184fa61fb3
plugs: add MappedSignatureToIdentityPlug
5 years ago
Ariadne Conill
cf9cb953d5
activitypub: represent internal fetch actor
5 years ago
Alexander Strizhakov
10f82c88b8
mastoapi password reset
...
added rate limit to password reset
configure rate limit in runtime
5 years ago
Roman Chvanikov
c729883936
Merge branch 'develop' into feature/digest-email
5 years ago
Maxim Filippov
418ae6638d
Merge branch 'develop' into feature/admin-api-user-statuses
5 years ago
Maxim Filippov
a9459ff98f
Admin API: Endpoint for fetching latest user's statuses
5 years ago
rinpatch
095117a58c
Merge branch 'develop' into fix/ap-hide-follows
5 years ago
rinpatch
97b79efbcd
ActivityPub Controller: Actually pass for_user to following/followers
...
views and give 403 errors when trying to request hidden follower pages
when unauthenticated
5 years ago
Mark Felder
360e4cdaa2
Move these to pleroma namespace in Mastodon API
5 years ago
Roman Chvanikov
371d39e160
Merge develop
5 years ago
kaniini
1417627d07
Merge branch 'remove-avatar-header' into 'develop'
...
Ability to reset avatar, profile banner and backgroud
See merge request pleroma/pleroma!1187
5 years ago
rinpatch
9e58d3c624
FallbackRedirector: Do not crash on Metadata rendering errors
5 years ago
Roman Chvanikov
657277ffc0
Resolve conflicts
5 years ago
Egor Kislitsyn
74132e3715
Enable IdempotencyPlug for the all API
5 years ago
Maksim
a0c4ebb4d7
[ #184 ] small refactoring reset password
5 years ago
Sachin Joshi
a0c65bbd6c
Merge branch 'develop' into 'remove-avatar-header'
...
# Conflicts:
# CHANGELOG.md
5 years ago
Mark Felder
9b908697dd
OEmbed.OEmbedController does not exist in the Pleroma codebase. It was removed in commit 92c5640f
...
and this leftover artifact breaks compiling now.
5 years ago
Alexander Strizhakov
c2ca1f22a2
it is changed in compile time
...
we can't change module attributes and endpoint settings in runtime
5 years ago
Maksim
ee4ed87fb4
[ #948 ] /api/v1/account_search added optional parameters (limit, offset, following)
5 years ago
rinpatch
92213fb87c
Replace Mix.env with Pleroma.Config.get(:env)
...
Mix.env/0 is not availible in release environments such as distillery or
elixir's built-in releases.
5 years ago
Mark Felder
6ef145b4fc
Merge branch 'develop' into feature/digest-email
5 years ago
rinpatch
026b245dbc
Merge branch 'develop' into feature/polls-2-electric-boogalo
5 years ago
rinpatch
65db5e9f52
Resolve merge conflicts
5 years ago
rinpatch
300d94c628
Add poll votes
...
Also in this commit by accident:
- Fix query ordering causing exclude_poll_votes to not work
- Do not create notifications for Answer objects
5 years ago
Sachin Joshi
ad5263c647
Merge remote-tracking branch 'upstream/develop' into admin-create-users
5 years ago
Haelwenn (lanodan) Monnier
5d3ece2861
Remove now useless flavours switching
5 years ago
kaniini
6aec0d1b58
Revert "Merge branch 'feature/search-authenticated-only' into 'develop'"
...
This reverts merge request !1209
5 years ago
Roman Chvanikov
ce47017c89
Merge develop
5 years ago
William Pitcock
0159a6dbe9
router: require oauth_read for searching
...
Search calls are generally expensive and allow unauthenticated users to
crawl the instance for user profiles or posts which contain specified
keywords. An adversary can build a distributed search engine which not
only will consume significant instance resources, but also can be used
for undesirable purposes such as datamining.
Accordingly, require authenticated access to use the search API endpoints.
This acts as a nice balance as it allows guest users to make use of most
functionality available in Pleroma FE while ensuring that Pleroma
instances are reasonably protected from resource exhaustion. It also
removes Pleroma as a potential vector in distributed search engines.
5 years ago