diff --git a/patches/0001-remove-IP-logging.patch b/patches/0001-remove-IP-logging.patch index 1155d89..3057b37 100644 --- a/patches/0001-remove-IP-logging.patch +++ b/patches/0001-remove-IP-logging.patch @@ -1,6 +1,6 @@ -From 624eaa7e48699566497bfe45e8e40ea3285f9cad Mon Sep 17 00:00:00 2001 +From 8b8a7c12ee3c9a87623effc46eb75c44438fe1ee Mon Sep 17 00:00:00 2001 From: chris -Date: Sat, 20 Apr 2024 16:19:49 +0200 +Date: Sun, 26 May 2024 13:42:01 +0200 Subject: [PATCH 1/6] remove IP logging Replace unneeded logging of IPs and User-Agent strings with hashed data. @@ -18,56 +18,56 @@ Replace unneeded logging of IPs and User-Agent strings with hashed data. 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php -index 6d051866..7c2e0b9d 100644 +index 59fb1c93..9a124025 100644 --- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php +++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php -@@ -285,8 +285,8 @@ class ApiV1Dot1Controller extends Controller - $log->action = 'account.edit.password'; - $log->message = 'Password changed'; - $log->link = null; -- $log->ip_address = $request->ip(); -- $log->user_agent = $request->userAgent(); -+ $log->ip_address = sha1($request->ip()); -+ $log->user_agent = sha1($request->userAgent()); - $log->save(); +@@ -283,8 +283,8 @@ class ApiV1Dot1Controller extends Controller + $log->action = 'account.edit.password'; + $log->message = 'Password changed'; + $log->link = null; +- $log->ip_address = $request->ip(); +- $log->user_agent = $request->userAgent(); ++ $log->ip_address = sha1($request->ip()); ++ $log->user_agent = sha1($request->userAgent()); + $log->save(); - Mail::to($request->user())->send(new PasswordChange($user)); -@@ -310,7 +310,7 @@ class ApiV1Dot1Controller extends Controller - abort_if(BouncerService::checkIp($request->ip()), 404); - } - $agent = new Agent(); -- $currentIp = $request->ip(); -+ $currentIp = sha1($request->ip()); + Mail::to($request->user())->send(new PasswordChange($user)); +@@ -308,7 +308,7 @@ class ApiV1Dot1Controller extends Controller + abort_if(BouncerService::checkIp($request->ip()), 404); + } + $agent = new Agent(); +- $currentIp = $request->ip(); ++ $currentIp = sha1($request->ip()); - $activity = AccountLog::whereUserId($user->id) - ->whereAction('auth.login') + $activity = AccountLog::whereUserId($user->id) + ->whereAction('auth.login') @@ -487,7 +487,7 @@ class ApiV1Dot1Controller extends Controller - abort_if(BouncerService::checkIp($request->ip()), 404); - } + abort_if(BouncerService::checkIp($request->ip()), 404); + } -- $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function(){}, config('pixelfed.app_registration_rate_limit_decay', 1800)); -+ $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.sha1($request->ip()), config('pixelfed.app_registration_rate_limit_attempts', 3), function(){}, config('pixelfed.app_registration_rate_limit_decay', 1800)); - abort_if(!$rl, 400, 'Too many requests'); +- $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function () { ++ $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.sha1($request->ip()), config('pixelfed.app_registration_rate_limit_attempts', 3), function () { + }, config('pixelfed.app_registration_rate_limit_decay', 1800)); + abort_if(! $rl, 400, 'Too many requests'); - $this->validate($request, [ -@@ -559,7 +559,7 @@ class ApiV1Dot1Controller extends Controller - $user->email = $email; - $user->password = Hash::make($password); - $user->register_source = 'app'; -- $user->app_register_ip = $request->ip(); -+ $user->app_register_ip = sha1($request->ip()); - $user->app_register_token = Str::random(40); - $user->save(); +@@ -560,7 +560,7 @@ class ApiV1Dot1Controller extends Controller + $user->email = $email; + $user->password = Hash::make($password); + $user->register_source = 'app'; +- $user->app_register_ip = $request->ip(); ++ $user->app_register_ip = sha1($request->ip()); + $user->app_register_token = Str::random(40); + $user->save(); -@@ -616,7 +616,7 @@ class ApiV1Dot1Controller extends Controller - abort_if(BouncerService::checkIp($request->ip()), 404); - } +@@ -618,7 +618,7 @@ class ApiV1Dot1Controller extends Controller + abort_if(BouncerService::checkIp($request->ip()), 404); + } -- $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function(){}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800)); -+ $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.sha1($request->ip()), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function(){}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800)); - abort_if(!$rl, 429, 'Too many requests'); +- $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () { ++ $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.sha1($request->ip()), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () { + }, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800)); + abort_if(! $rl, 429, 'Too many requests'); - $this->validate($request, [ diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 86ee52c8..3e6a9c4f 100644 --- a/app/Http/Controllers/Auth/LoginController.php @@ -218,5 +218,5 @@ index c6ba3305..eff0cf71 100644 } } -- -2.44.0 +2.45.0 diff --git a/patches/0002-hardcode-discovery-settings.patch b/patches/0002-hardcode-discovery-settings.patch index 7137ade..39be2a7 100644 --- a/patches/0002-hardcode-discovery-settings.patch +++ b/patches/0002-hardcode-discovery-settings.patch @@ -1,6 +1,6 @@ -From d23c34e13c340d7181306edb85de456d3c3dc8fd Mon Sep 17 00:00:00 2001 +From bbedc315c31eab590f7a680e5f68277cfc540e9d Mon Sep 17 00:00:00 2001 From: chris -Date: Sat, 20 Apr 2024 16:20:10 +0200 +Date: Sun, 26 May 2024 13:42:23 +0200 Subject: [PATCH 2/6] hardcode discovery settings force enable discovery (as dynamic settings are not saved properly) @@ -34,5 +34,5 @@ index c9e93eec..ffeb34b4 100644 'server' => [ 'enabled' => false, -- -2.44.0 +2.45.0 diff --git a/patches/0003-point-to-modified-sourcecode.patch b/patches/0003-point-to-modified-sourcecode.patch index 3b49655..d866ba1 100644 --- a/patches/0003-point-to-modified-sourcecode.patch +++ b/patches/0003-point-to-modified-sourcecode.patch @@ -1,33 +1,13 @@ -From 507d1947f4a006edf3b0698ef63a7537be9bf739 Mon Sep 17 00:00:00 2001 +From 3561bc5f8fe01993aceeba2ced7266f4df5ceb90 Mon Sep 17 00:00:00 2001 From: chris -Date: Sat, 20 Apr 2024 16:20:26 +0200 +Date: Sun, 26 May 2024 13:42:41 +0200 Subject: [PATCH 3/6] point to modified sourcecode as per AGPL license of original source, modifications must be disclosed. --- - .gitattributes | 12 ------------ - resources/views/site/opensource.blade.php | 2 +- - 2 files changed, 1 insertion(+), 13 deletions(-) - delete mode 100644 .gitattributes + resources/views/site/opensource.blade.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/.gitattributes b/.gitattributes -deleted file mode 100644 -index 25c1b1b6..00000000 ---- a/.gitattributes -+++ /dev/null -@@ -1,12 +0,0 @@ --* text=auto --*.css linguist-vendored --*.scss linguist-vendored --*.js linguist-vendored --CHANGELOG.md export-ignore -- --# Collapse diffs for generated files: --public/**/*.js text -diff --public/**/*.json text -diff --public/**/*.css text -diff --public/img/* binary -diff --public/fonts/* binary -diff diff --git a/resources/views/site/opensource.blade.php b/resources/views/site/opensource.blade.php index cb2e7c77..63645f0c 100644 --- a/resources/views/site/opensource.blade.php @@ -42,5 +22,5 @@ index cb2e7c77..63645f0c 100644 @endsection -- -2.44.0 +2.45.0 diff --git a/patches/0004-disable-beagle-service.patch b/patches/0004-disable-beagle-service.patch index 562bcdd..1e66110 100644 --- a/patches/0004-disable-beagle-service.patch +++ b/patches/0004-disable-beagle-service.patch @@ -1,6 +1,6 @@ -From ff60dcd7310d164900ab6d667a74e0514143eff2 Mon Sep 17 00:00:00 2001 +From ab63598acd2b29b19ed1a52380b6dae71b509ff3 Mon Sep 17 00:00:00 2001 From: chris -Date: Sat, 20 Apr 2024 16:20:41 +0200 +Date: Sun, 26 May 2024 13:43:19 +0200 Subject: [PATCH 4/6] disable beagle service beagle is a remote API service provided by dansup and used for centralised lookups. @@ -58,5 +58,5 @@ index 60a4f78e..f8c9442c 100644 try { $res = Http::withOptions(['allow_redirects' => false]) -- -2.44.0 +2.45.0 diff --git a/patches/0005-allow-30-char-usernames.patch b/patches/0005-allow-30-char-usernames.patch index 4d2a157..91a44bf 100644 --- a/patches/0005-allow-30-char-usernames.patch +++ b/patches/0005-allow-30-char-usernames.patch @@ -1,6 +1,6 @@ -From 069e9cbab95d94aa77e7fd6436896a5e3e60b068 Mon Sep 17 00:00:00 2001 +From a3c06f038fd3ff5602bbf0a4e59c614ff186c722 Mon Sep 17 00:00:00 2001 From: chris -Date: Sat, 20 Apr 2024 16:21:03 +0200 +Date: Sun, 26 May 2024 13:43:34 +0200 Subject: [PATCH 5/6] allow 30 char usernames raise maximum username length, because why not? @@ -22,5 +22,5 @@ index 72c8b741..2c8a26b4 100644 function ($attribute, $value, $fail) { $dash = substr_count($value, '-'); -- -2.44.0 +2.45.0 diff --git a/patches/0006-Link-legal-notice.patch b/patches/0006-Link-legal-notice.patch index db27064..cc8eb98 100644 --- a/patches/0006-Link-legal-notice.patch +++ b/patches/0006-Link-legal-notice.patch @@ -1,6 +1,6 @@ -From a1c22f1f82437fe6d488154b7f520f58583193a0 Mon Sep 17 00:00:00 2001 +From 952b84c634d64f003c06aab3ed871c4dae580f79 Mon Sep 17 00:00:00 2001 From: chris -Date: Sat, 20 Apr 2024 16:22:37 +0200 +Date: Sun, 26 May 2024 13:43:52 +0200 Subject: [PATCH 6/6] Link legal notice local jurisdiction requires a prominent link to a legal notice at the frontpage. @@ -48,5 +48,5 @@ index 5fb4e27d..6188d2f3 100644

© {{date('Y')}} {{config('pixelfed.domain.app')}} -- -2.44.0 +2.45.0