port patches
Some checks failed
dockers/pixelfed/pipeline/head There was a failure building this commit
Some checks failed
dockers/pixelfed/pipeline/head There was a failure building this commit
This commit is contained in:
parent
dd3488fa0c
commit
1f8db65cbc
6 changed files with 99 additions and 69 deletions
|
@ -1,22 +1,24 @@
|
|||
From f2d5017497ba69f0e7f364640f3e04b18e8373e9 Mon Sep 17 00:00:00 2001
|
||||
From 9472451aa9abd8476dc7b7c8852bd139a8ccda89 Mon Sep 17 00:00:00 2001
|
||||
From: chris <cg@zknt.org>
|
||||
Date: Tue, 12 Mar 2024 17:07:10 +0100
|
||||
Date: Sat, 6 Apr 2024 11:37:29 +0200
|
||||
Subject: [PATCH 1/6] remove IP logging
|
||||
|
||||
Replace unneeded logging of IPs and User-Agent strings with meaningless static data.
|
||||
Replace unneeded logging of IPs and User-Agent strings with hashed data.
|
||||
---
|
||||
app/Http/Controllers/Api/ApiV1Dot1Controller.php | 16 ++++++++--------
|
||||
app/Http/Controllers/Auth/LoginController.php | 4 ++--
|
||||
app/Http/Controllers/RemoteAuthController.php | 4 ++--
|
||||
app/Http/Controllers/SeasonalController.php | 4 ++--
|
||||
app/Http/Controllers/Settings/HomeSettings.php | 8 ++++----
|
||||
.../Controllers/UserEmailForgotController.php | 4 ++--
|
||||
app/Listeners/AuthLogin.php | 4 ++--
|
||||
app/Listeners/LogFailedLogin.php | 4 ++--
|
||||
8 files changed, 24 insertions(+), 24 deletions(-)
|
||||
app/Http/Controllers/Api/ApiV1Dot1Controller.php | 12 ++++++------
|
||||
app/Http/Controllers/Auth/LoginController.php | 4 ++--
|
||||
app/Http/Controllers/Auth/RegisterController.php | 2 +-
|
||||
app/Http/Controllers/CuratedRegisterController.php | 2 +-
|
||||
app/Http/Controllers/RemoteAuthController.php | 4 ++--
|
||||
app/Http/Controllers/SeasonalController.php | 4 ++--
|
||||
app/Http/Controllers/Settings/HomeSettings.php | 8 ++++----
|
||||
app/Http/Controllers/UserEmailForgotController.php | 4 ++--
|
||||
app/Listeners/AuthLogin.php | 4 ++--
|
||||
app/Listeners/LogFailedLogin.php | 4 ++--
|
||||
10 files changed, 24 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
|
||||
index 6d051866..e75b3a1e 100644
|
||||
index 6d051866..7c2e0b9d 100644
|
||||
--- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php
|
||||
+++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
|
||||
@@ -285,8 +285,8 @@ class ApiV1Dot1Controller extends Controller
|
||||
|
@ -25,8 +27,8 @@ index 6d051866..e75b3a1e 100644
|
|||
$log->link = null;
|
||||
- $log->ip_address = $request->ip();
|
||||
- $log->user_agent = $request->userAgent();
|
||||
+ $log->ip_address = "127.0.0.23";
|
||||
+ $log->user_agent = "Pixelfed.de";
|
||||
+ $log->ip_address = sha1($request->ip());
|
||||
+ $log->user_agent = sha1($request->userAgent());
|
||||
$log->save();
|
||||
|
||||
Mail::to($request->user())->send(new PasswordChange($user));
|
||||
|
@ -35,27 +37,16 @@ index 6d051866..e75b3a1e 100644
|
|||
}
|
||||
$agent = new Agent();
|
||||
- $currentIp = $request->ip();
|
||||
+ $currentIp = "127.0.0.23";
|
||||
+ $currentIp = sha1($request->ip());
|
||||
|
||||
$activity = AccountLog::whereUserId($user->id)
|
||||
->whereAction('auth.login')
|
||||
@@ -323,8 +323,8 @@ class ApiV1Dot1Controller extends Controller
|
||||
return [
|
||||
'id' => $item->id,
|
||||
'action' => $item->action,
|
||||
- 'ip' => $item->ip_address,
|
||||
- 'ip_current' => $item->ip_address === $currentIp,
|
||||
+ 'ip' => "127.0.0.23",
|
||||
+ 'ip_current' => "127.0.0.23" === $currentIp,
|
||||
'is_mobile' => $agent->isMobile(),
|
||||
'device' => $agent->device(),
|
||||
'browser' => $agent->browser(),
|
||||
@@ -487,7 +487,7 @@ class ApiV1Dot1Controller extends Controller
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
- $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function(){}, config('pixelfed.app_registration_rate_limit_decay', 1800));
|
||||
+ $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.Str::Random(10), config('pixelfed.app_registration_rate_limit_attempts', 3), function(){}, config('pixelfed.app_registration_rate_limit_decay', 1800));
|
||||
+ $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.sha1($request->ip()), config('pixelfed.app_registration_rate_limit_attempts', 3), function(){}, config('pixelfed.app_registration_rate_limit_decay', 1800));
|
||||
abort_if(!$rl, 400, 'Too many requests');
|
||||
|
||||
$this->validate($request, [
|
||||
|
@ -64,7 +55,7 @@ index 6d051866..e75b3a1e 100644
|
|||
$user->password = Hash::make($password);
|
||||
$user->register_source = 'app';
|
||||
- $user->app_register_ip = $request->ip();
|
||||
+ $user->app_register_ip = "127.0.0.23";
|
||||
+ $user->app_register_ip = sha1($request->ip());
|
||||
$user->app_register_token = Str::random(40);
|
||||
$user->save();
|
||||
|
||||
|
@ -73,12 +64,12 @@ index 6d051866..e75b3a1e 100644
|
|||
}
|
||||
|
||||
- $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function(){}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
|
||||
+ $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.Str::Random(10), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function(){}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
|
||||
+ $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.sha1($request->ip()), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function(){}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
|
||||
abort_if(!$rl, 429, 'Too many requests');
|
||||
|
||||
$this->validate($request, [
|
||||
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
|
||||
index 627a879c..1d7af486 100644
|
||||
index 86ee52c8..3e6a9c4f 100644
|
||||
--- a/app/Http/Controllers/Auth/LoginController.php
|
||||
+++ b/app/Http/Controllers/Auth/LoginController.php
|
||||
@@ -109,8 +109,8 @@ class LoginController extends Controller
|
||||
|
@ -87,35 +78,61 @@ index 627a879c..1d7af486 100644
|
|||
$log->link = null;
|
||||
- $log->ip_address = $request->ip();
|
||||
- $log->user_agent = $request->userAgent();
|
||||
+ $log->ip_address = "127.0.0.23";
|
||||
+ $log->user_agent = "Pixelfed.de";
|
||||
+ $log->ip_address = sha1($request->ip());
|
||||
+ $log->user_agent = sha1($request->userAgent());
|
||||
$log->save();
|
||||
}
|
||||
|
||||
diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
|
||||
index 7568fca0..72c8b741 100644
|
||||
--- a/app/Http/Controllers/Auth/RegisterController.php
|
||||
+++ b/app/Http/Controllers/Auth/RegisterController.php
|
||||
@@ -163,7 +163,7 @@ class RegisterController extends Controller
|
||||
'username' => $data['username'],
|
||||
'email' => $data['email'],
|
||||
'password' => Hash::make($data['password']),
|
||||
- 'app_register_ip' => request()->ip()
|
||||
+ 'app_register_ip' => sha1(request()->ip())
|
||||
]);
|
||||
}
|
||||
|
||||
diff --git a/app/Http/Controllers/CuratedRegisterController.php b/app/Http/Controllers/CuratedRegisterController.php
|
||||
index 58bddb49..83e2e120 100644
|
||||
--- a/app/Http/Controllers/CuratedRegisterController.php
|
||||
+++ b/app/Http/Controllers/CuratedRegisterController.php
|
||||
@@ -389,7 +389,7 @@ class CuratedRegisterController extends Controller
|
||||
$cr->email = $request->email;
|
||||
$cr->username = $request->session()->get('cur-reg.form-username');
|
||||
$cr->password = bcrypt($request->session()->get('cur-reg.form-password'));
|
||||
- $cr->ip_address = $request->ip();
|
||||
+ $cr->ip_address = sha1($request->ip());
|
||||
$cr->reason_to_join = $request->session()->get('cur-reg.form-reason');
|
||||
$cr->verify_code = Str::random(40);
|
||||
$cr->save();
|
||||
diff --git a/app/Http/Controllers/RemoteAuthController.php b/app/Http/Controllers/RemoteAuthController.php
|
||||
index e068f5d7..37e4dfad 100644
|
||||
index e0afd82e..7e58eec5 100644
|
||||
--- a/app/Http/Controllers/RemoteAuthController.php
|
||||
+++ b/app/Http/Controllers/RemoteAuthController.php
|
||||
@@ -320,7 +320,7 @@ class RemoteAuthController extends Controller
|
||||
@@ -329,7 +329,7 @@ class RemoteAuthController extends Controller
|
||||
'webfinger' => $res['_webfinger'],
|
||||
], [
|
||||
'software' => 'mastodon',
|
||||
- 'ip_address' => $request->ip(),
|
||||
+ 'ip_address' => "127.0.0.23",
|
||||
+ 'ip_address' => sha1($request->ip()),
|
||||
'bearer_token' => $token,
|
||||
'verify_credentials' => $res,
|
||||
'last_verify_credentials_at' => now(),
|
||||
@@ -702,7 +702,7 @@ class RemoteAuthController extends Controller
|
||||
'email' => $data['email'],
|
||||
@@ -712,7 +712,7 @@ class RemoteAuthController extends Controller
|
||||
'email' => $data['email'],
|
||||
'password' => Hash::make($data['password']),
|
||||
'email_verified_at' => config('remote-auth.mastodon.contraints.skip_email_verification') ? now() : null,
|
||||
- 'app_register_ip' => request()->ip(),
|
||||
+ 'app_register_ip' => "127.0.0.23",
|
||||
'register_source' => 'mastodon'
|
||||
+ 'app_register_ip' => sha1(request()->ip()),
|
||||
'register_source' => 'mastodon',
|
||||
])));
|
||||
|
||||
diff --git a/app/Http/Controllers/SeasonalController.php b/app/Http/Controllers/SeasonalController.php
|
||||
index a9f1f98c..c3c4cc43 100644
|
||||
index a9f1f98c..352eb102 100644
|
||||
--- a/app/Http/Controllers/SeasonalController.php
|
||||
+++ b/app/Http/Controllers/SeasonalController.php
|
||||
@@ -230,8 +230,8 @@ class SeasonalController extends Controller
|
||||
|
@ -124,13 +141,13 @@ index a9f1f98c..c3c4cc43 100644
|
|||
[
|
||||
- 'ip_address' => $request->ip(),
|
||||
- 'user_agent' => $request->userAgent()
|
||||
+ 'ip_address' => "127.0.0.23",
|
||||
+ 'user_agent' => "Pixelfed.de"
|
||||
+ 'ip_address' => sha1($request->ip()),
|
||||
+ 'user_agent' => sha1($request->userAgent())
|
||||
]
|
||||
]);
|
||||
return response()->json(200);
|
||||
diff --git a/app/Http/Controllers/Settings/HomeSettings.php b/app/Http/Controllers/Settings/HomeSettings.php
|
||||
index 99326c09..6fc5030b 100644
|
||||
index 99326c09..1434cf66 100644
|
||||
--- a/app/Http/Controllers/Settings/HomeSettings.php
|
||||
+++ b/app/Http/Controllers/Settings/HomeSettings.php
|
||||
@@ -139,8 +139,8 @@ trait HomeSettings
|
||||
|
@ -139,8 +156,8 @@ index 99326c09..6fc5030b 100644
|
|||
$log->link = null;
|
||||
- $log->ip_address = $request->ip();
|
||||
- $log->user_agent = $request->userAgent();
|
||||
+ $log->ip_address = "127.0.0.23";
|
||||
+ $log->user_agent = "Pixelfed.de";
|
||||
+ $log->ip_address = sha1($request->ip());
|
||||
+ $log->user_agent = sha1($request->userAgent());
|
||||
$log->save();
|
||||
|
||||
Mail::to($request->user())->send(new PasswordChange($user));
|
||||
|
@ -150,13 +167,13 @@ index 99326c09..6fc5030b 100644
|
|||
$log->link = null;
|
||||
- $log->ip_address = $request->ip();
|
||||
- $log->user_agent = $request->userAgent();
|
||||
+ $log->ip_address = "127.0.0.23";
|
||||
+ $log->user_agent = "Pixelfed.de";
|
||||
+ $log->ip_address = sha1($request->ip());
|
||||
+ $log->user_agent = sha1($request->userAgent());
|
||||
$log->save();
|
||||
}
|
||||
|
||||
diff --git a/app/Http/Controllers/UserEmailForgotController.php b/app/Http/Controllers/UserEmailForgotController.php
|
||||
index 33378c4d..e6f1be45 100644
|
||||
index 3889b980..c2622d10 100644
|
||||
--- a/app/Http/Controllers/UserEmailForgotController.php
|
||||
+++ b/app/Http/Controllers/UserEmailForgotController.php
|
||||
@@ -80,8 +80,8 @@ class UserEmailForgotController extends Controller
|
||||
|
@ -165,13 +182,13 @@ index 33378c4d..e6f1be45 100644
|
|||
'user_id' => $user->id,
|
||||
- 'ip_address' => $request->ip(),
|
||||
- 'user_agent' => $request->userAgent(),
|
||||
+ 'ip_address' => "127.0.0.23",
|
||||
+ 'user_agent' => "Pixelfed.de",
|
||||
+ 'ip_address' => sha1($request->ip()),
|
||||
+ 'user_agent' => sha1($request->userAgent()),
|
||||
'email_sent_at' => now()
|
||||
]);
|
||||
|
||||
diff --git a/app/Listeners/AuthLogin.php b/app/Listeners/AuthLogin.php
|
||||
index 90806965..ffc67d79 100644
|
||||
index 90806965..90d6591b 100644
|
||||
--- a/app/Listeners/AuthLogin.php
|
||||
+++ b/app/Listeners/AuthLogin.php
|
||||
@@ -122,8 +122,8 @@ class AuthLogin
|
||||
|
@ -180,13 +197,13 @@ index 90806965..ffc67d79 100644
|
|||
'user_id' => $user->id,
|
||||
- 'ip' => request()->ip(),
|
||||
- 'user_agent' => str_limit(request()->userAgent(), 180),
|
||||
+ 'ip' => "127.0.0.23",
|
||||
+ 'user_agent' => "Pixelfed.de",
|
||||
+ 'ip' => sha1(request()->ip()),
|
||||
+ 'user_agent' => sha1(request()->userAgent()),
|
||||
]);
|
||||
});
|
||||
}
|
||||
diff --git a/app/Listeners/LogFailedLogin.php b/app/Listeners/LogFailedLogin.php
|
||||
index c6ba3305..9442bfd0 100644
|
||||
index c6ba3305..eff0cf71 100644
|
||||
--- a/app/Listeners/LogFailedLogin.php
|
||||
+++ b/app/Listeners/LogFailedLogin.php
|
||||
@@ -41,8 +41,8 @@ class LogFailedLogin
|
||||
|
@ -195,8 +212,8 @@ index c6ba3305..9442bfd0 100644
|
|||
$log->link = null;
|
||||
- $log->ip_address = $request->ip();
|
||||
- $log->user_agent = $request->userAgent();
|
||||
+ $log->ip_address = "127.0.0.23";
|
||||
+ $log->user_agent = "Pixelfed.de";
|
||||
+ $log->ip_address = sha1($request->ip());
|
||||
+ $log->user_agent = sha1($request->userAgent());
|
||||
$log->save();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
From 8437a0ec04713939137e5d3cdce912d7ffecd992 Mon Sep 17 00:00:00 2001
|
||||
From 2957a298a9a12683fd667faf5b1356135942ff48 Mon Sep 17 00:00:00 2001
|
||||
From: chris <cg@zknt.org>
|
||||
Date: Tue, 12 Mar 2024 17:08:14 +0100
|
||||
Date: Sat, 6 Apr 2024 11:38:51 +0200
|
||||
Subject: [PATCH 2/6] hardcode discovery settings
|
||||
|
||||
force enable discovery (as dynamic settings are not saved properly)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
From e5c94b4eaac8c246d22fb5a85f70bda4ad1d162d Mon Sep 17 00:00:00 2001
|
||||
From 62e640512c5951611682c22995840c74c3982222 Mon Sep 17 00:00:00 2001
|
||||
From: chris <cg@zknt.org>
|
||||
Date: Tue, 12 Mar 2024 17:08:37 +0100
|
||||
Date: Sat, 6 Apr 2024 11:39:17 +0200
|
||||
Subject: [PATCH 3/6] point to modified sourcecode
|
||||
|
||||
as per AGPL license of original source, modifications must be disclosed.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
From e00187bc43511a6f21d2486834e44900f5b64bae Mon Sep 17 00:00:00 2001
|
||||
From d2f2949c8f1662fb0c7840ce99de34ee9d76d613 Mon Sep 17 00:00:00 2001
|
||||
From: chris <cg@zknt.org>
|
||||
Date: Tue, 12 Mar 2024 17:09:52 +0100
|
||||
Date: Sat, 6 Apr 2024 11:45:04 +0200
|
||||
Subject: [PATCH 4/6] disable beagle service
|
||||
|
||||
beagle is a remote API service provided by dansup and used for centralised lookups.
|
||||
|
@ -8,7 +8,8 @@ Using the beagle service without users explicit consent violates GDPR.
|
|||
As it's not configurable at the moment this patch disables remote communication with beagle.
|
||||
---
|
||||
app/Services/Account/RemoteAuthService.php | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
app/Services/Internal/BeagleService.php | 1 +
|
||||
2 files changed, 5 insertions(+)
|
||||
|
||||
diff --git a/app/Services/Account/RemoteAuthService.php b/app/Services/Account/RemoteAuthService.php
|
||||
index 4412352a..0c69959f 100644
|
||||
|
@ -44,6 +45,18 @@ index 4412352a..0c69959f 100644
|
|||
try {
|
||||
$url = 'https://beagle.pixelfed.net/api/v1/raa/submit';
|
||||
$res = Http::throw()->timeout(10)->get($url, [
|
||||
diff --git a/app/Services/Internal/BeagleService.php b/app/Services/Internal/BeagleService.php
|
||||
index 60a4f78e..f8c9442c 100644
|
||||
--- a/app/Services/Internal/BeagleService.php
|
||||
+++ b/app/Services/Internal/BeagleService.php
|
||||
@@ -13,6 +13,7 @@ class BeagleService
|
||||
|
||||
public static function getDefaultRules()
|
||||
{
|
||||
+ return [];
|
||||
return Cache::remember(self::DEFAULT_RULES_CACHE_KEY, now()->addDays(7), function() {
|
||||
try {
|
||||
$res = Http::withOptions(['allow_redirects' => false])
|
||||
--
|
||||
2.44.0
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
From 533b441a88602ab8ab8e047f0d5c52ab25486aed Mon Sep 17 00:00:00 2001
|
||||
From 66cb2b46c6015b5efe1c06c24ea59853eb9dadbc Mon Sep 17 00:00:00 2001
|
||||
From: chris <cg@zknt.org>
|
||||
Date: Tue, 12 Mar 2024 17:10:13 +0100
|
||||
Date: Sat, 6 Apr 2024 11:45:42 +0200
|
||||
Subject: [PATCH 5/6] allow 30 char usernames
|
||||
|
||||
raise maximum username length, because why not?
|
||||
|
@ -9,7 +9,7 @@ raise maximum username length, because why not?
|
|||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
|
||||
index 8bdd57bf..ed029ea6 100644
|
||||
index 72c8b741..2c8a26b4 100644
|
||||
--- a/app/Http/Controllers/Auth/RegisterController.php
|
||||
+++ b/app/Http/Controllers/Auth/RegisterController.php
|
||||
@@ -70,7 +70,7 @@ class RegisterController extends Controller
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
From b0e9b2cf0fd8ec264ed7240a6102eef018794001 Mon Sep 17 00:00:00 2001
|
||||
From d5c6249217a1d85c765a59823274f41234f8d3c1 Mon Sep 17 00:00:00 2001
|
||||
From: chris <cg@zknt.org>
|
||||
Date: Tue, 12 Mar 2024 17:10:30 +0100
|
||||
Date: Sat, 6 Apr 2024 11:46:02 +0200
|
||||
Subject: [PATCH 6/6] Link legal notice
|
||||
|
||||
local jurisdiction requires a prominent link to a legal notice at the frontpage.
|
||||
|
|
Loading…
Reference in a new issue