diff --git a/patches/0001-remove-IP-logging.patch b/patches/0001-remove-IP-logging.patch index f57d8a7..cb4c2f1 100644 --- a/patches/0001-remove-IP-logging.patch +++ b/patches/0001-remove-IP-logging.patch @@ -1,21 +1,87 @@ -From c22ef18844748f5ba5d6ba5032c7ab430435e885 Mon Sep 17 00:00:00 2001 -From: hnrd -Date: Sat, 27 May 2023 11:27:56 +0200 +From abfddd90073a3f3056526429b1b9dc4aa5c252b9 Mon Sep 17 00:00:00 2001 +From: chris +Date: Wed, 24 Jan 2024 13:00:53 +0100 Subject: [PATCH 1/6] remove IP logging Replace unneeded logging of IPs and User-Agent strings with meaningless static data. --- - app/Http/Controllers/Auth/LoginController.php | 4 ++-- - app/Http/Controllers/Settings/HomeSettings.php | 8 ++++---- - app/Listeners/AuthLogin.php | 4 ++-- - app/Listeners/LogFailedLogin.php | 4 ++-- - 4 files changed, 10 insertions(+), 10 deletions(-) + app/Http/Controllers/Api/ApiV1Dot1Controller.php | 16 ++++++++-------- + app/Http/Controllers/Auth/LoginController.php | 4 ++-- + app/Http/Controllers/RemoteAuthController.php | 4 ++-- + app/Http/Controllers/SeasonalController.php | 4 ++-- + app/Http/Controllers/Settings/HomeSettings.php | 8 ++++---- + .../Controllers/UserEmailForgotController.php | 4 ++-- + app/Listeners/AuthLogin.php | 4 ++-- + app/Listeners/LogFailedLogin.php | 4 ++-- + 8 files changed, 24 insertions(+), 24 deletions(-) +diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php +index 75d0fe98..88948276 100644 +--- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php ++++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php +@@ -280,8 +280,8 @@ class ApiV1Dot1Controller extends Controller + $log->action = 'account.edit.password'; + $log->message = 'Password changed'; + $log->link = null; +- $log->ip_address = $request->ip(); +- $log->user_agent = $request->userAgent(); ++ $log->ip_address = "127.0.0.23"; ++ $log->user_agent = "Pixelfed.de"; + $log->save(); + + Mail::to($request->user())->send(new PasswordChange($user)); +@@ -303,7 +303,7 @@ class ApiV1Dot1Controller extends Controller + abort_if(BouncerService::checkIp($request->ip()), 404); + } + $agent = new Agent(); +- $currentIp = $request->ip(); ++ $currentIp = "127.0.0.23"; + + $activity = AccountLog::whereUserId($user->id) + ->whereAction('auth.login') +@@ -316,8 +316,8 @@ class ApiV1Dot1Controller extends Controller + return [ + 'id' => $item->id, + 'action' => $item->action, +- 'ip' => $item->ip_address, +- 'ip_current' => $item->ip_address === $currentIp, ++ 'ip' => "127.0.0.23", ++ 'ip_current' => "127.0.0.23" === $currentIp, + 'is_mobile' => $agent->isMobile(), + 'device' => $agent->device(), + 'browser' => $agent->browser(), +@@ -474,7 +474,7 @@ class ApiV1Dot1Controller extends Controller + abort_if(BouncerService::checkIp($request->ip()), 404); + } + +- $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function(){}, config('pixelfed.app_registration_rate_limit_decay', 1800)); ++ $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.Str::Random(10), config('pixelfed.app_registration_rate_limit_attempts', 3), function(){}, config('pixelfed.app_registration_rate_limit_decay', 1800)); + abort_if(!$rl, 400, 'Too many requests'); + + $this->validate($request, [ +@@ -546,7 +546,7 @@ class ApiV1Dot1Controller extends Controller + $user->email = $email; + $user->password = Hash::make($password); + $user->register_source = 'app'; +- $user->app_register_ip = $request->ip(); ++ $user->app_register_ip = "127.0.0.23"; + $user->app_register_token = Str::random(40); + $user->save(); + +@@ -603,7 +603,7 @@ class ApiV1Dot1Controller extends Controller + abort_if(BouncerService::checkIp($request->ip()), 404); + } + +- $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function(){}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800)); ++ $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.Str::Random(10), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function(){}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800)); + abort_if(!$rl, 429, 'Too many requests'); + + $this->validate($request, [ diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php -index 3861d327..e6b345a6 100644 +index 627a879c..1d7af486 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php -@@ -108,8 +108,8 @@ class LoginController extends Controller +@@ -109,8 +109,8 @@ class LoginController extends Controller $log->action = 'auth.login'; $log->message = 'Account Login'; $log->link = null; @@ -26,34 +92,86 @@ index 3861d327..e6b345a6 100644 $log->save(); } +diff --git a/app/Http/Controllers/RemoteAuthController.php b/app/Http/Controllers/RemoteAuthController.php +index e068f5d7..37e4dfad 100644 +--- a/app/Http/Controllers/RemoteAuthController.php ++++ b/app/Http/Controllers/RemoteAuthController.php +@@ -320,7 +320,7 @@ class RemoteAuthController extends Controller + 'webfinger' => $res['_webfinger'], + ], [ + 'software' => 'mastodon', +- 'ip_address' => $request->ip(), ++ 'ip_address' => "127.0.0.23", + 'bearer_token' => $token, + 'verify_credentials' => $res, + 'last_verify_credentials_at' => now(), +@@ -702,7 +702,7 @@ class RemoteAuthController extends Controller + 'email' => $data['email'], + 'password' => Hash::make($data['password']), + 'email_verified_at' => config('remote-auth.mastodon.contraints.skip_email_verification') ? now() : null, +- 'app_register_ip' => request()->ip(), ++ 'app_register_ip' => "127.0.0.23", + 'register_source' => 'mastodon' + ]))); + +diff --git a/app/Http/Controllers/SeasonalController.php b/app/Http/Controllers/SeasonalController.php +index a9f1f98c..c3c4cc43 100644 +--- a/app/Http/Controllers/SeasonalController.php ++++ b/app/Http/Controllers/SeasonalController.php +@@ -230,8 +230,8 @@ class SeasonalController extends Controller + 'action' => 'seasonal.my2020.view' + ], + [ +- 'ip_address' => $request->ip(), +- 'user_agent' => $request->userAgent() ++ 'ip_address' => "127.0.0.23", ++ 'user_agent' => "Pixelfed.de" + ] + ]); + return response()->json(200); diff --git a/app/Http/Controllers/Settings/HomeSettings.php b/app/Http/Controllers/Settings/HomeSettings.php -index 082a72af..63448905 100644 +index 99326c09..6fc5030b 100644 --- a/app/Http/Controllers/Settings/HomeSettings.php +++ b/app/Http/Controllers/Settings/HomeSettings.php @@ -139,8 +139,8 @@ trait HomeSettings - $log->action = 'account.edit.password'; - $log->message = 'Password changed'; - $log->link = null; -- $log->ip_address = $request->ip(); -- $log->user_agent = $request->userAgent(); -+ $log->ip_address = "127.0.0.23"; -+ $log->user_agent = "Pixelfed.de"; - $log->save(); + $log->action = 'account.edit.password'; + $log->message = 'Password changed'; + $log->link = null; +- $log->ip_address = $request->ip(); +- $log->user_agent = $request->userAgent(); ++ $log->ip_address = "127.0.0.23"; ++ $log->user_agent = "Pixelfed.de"; + $log->save(); - Mail::to($request->user())->send(new PasswordChange($user)); -@@ -185,8 +185,8 @@ trait HomeSettings - $log->action = 'account.edit.email'; - $log->message = 'Email changed'; - $log->link = null; -- $log->ip_address = $request->ip(); -- $log->user_agent = $request->userAgent(); -+ $log->ip_address = "127.0.0.23"; -+ $log->user_agent = "Pixelfed.de"; - $log->save(); - } + Mail::to($request->user())->send(new PasswordChange($user)); +@@ -186,8 +186,8 @@ trait HomeSettings + $log->action = 'account.edit.email'; + $log->message = 'Email changed'; + $log->link = null; +- $log->ip_address = $request->ip(); +- $log->user_agent = $request->userAgent(); ++ $log->ip_address = "127.0.0.23"; ++ $log->user_agent = "Pixelfed.de"; + $log->save(); + } + +diff --git a/app/Http/Controllers/UserEmailForgotController.php b/app/Http/Controllers/UserEmailForgotController.php +index 33378c4d..e6f1be45 100644 +--- a/app/Http/Controllers/UserEmailForgotController.php ++++ b/app/Http/Controllers/UserEmailForgotController.php +@@ -80,8 +80,8 @@ class UserEmailForgotController extends Controller + { + UserEmailForgot::create([ + 'user_id' => $user->id, +- 'ip_address' => $request->ip(), +- 'user_agent' => $request->userAgent(), ++ 'ip_address' => "127.0.0.23", ++ 'user_agent' => "Pixelfed.de", + 'email_sent_at' => now() + ]); diff --git a/app/Listeners/AuthLogin.php b/app/Listeners/AuthLogin.php -index 90806965..d0261ecc 100644 +index 90806965..ffc67d79 100644 --- a/app/Listeners/AuthLogin.php +++ b/app/Listeners/AuthLogin.php @@ -122,8 +122,8 @@ class AuthLogin @@ -63,7 +181,7 @@ index 90806965..d0261ecc 100644 - 'ip' => request()->ip(), - 'user_agent' => str_limit(request()->userAgent(), 180), + 'ip' => "127.0.0.23", -+ 'user_agent' => "Pixelfed.de", ++ 'user_agent' => "Pixelfed.de", ]); }); } @@ -83,5 +201,5 @@ index c6ba3305..9442bfd0 100644 } } -- -2.42.0 +2.43.0 diff --git a/patches/0002-hardcode-discovery-settings.patch b/patches/0002-hardcode-discovery-settings.patch index e3bf9e8..8b9c368 100644 --- a/patches/0002-hardcode-discovery-settings.patch +++ b/patches/0002-hardcode-discovery-settings.patch @@ -1,6 +1,6 @@ -From b165fa5c54e810263d597a1734189ea5181ba6ec Mon Sep 17 00:00:00 2001 -From: hnrd -Date: Mon, 10 Apr 2023 18:04:17 +0200 +From 642ea8df27cd7c3ddb2c36cf0ba30f4ba0d94e40 Mon Sep 17 00:00:00 2001 +From: chris +Date: Wed, 24 Jan 2024 13:02:16 +0100 Subject: [PATCH 2/6] hardcode discovery settings force enable discovery (as dynamic settings are not saved properly) @@ -34,5 +34,5 @@ index 4bb7277a..41251adb 100644 'server' => [ 'enabled' => false, -- -2.42.0 +2.43.0 diff --git a/patches/0003-point-to-modified-sourcecode.patch b/patches/0003-point-to-modified-sourcecode.patch index d7ae3d4..48e1aba 100644 --- a/patches/0003-point-to-modified-sourcecode.patch +++ b/patches/0003-point-to-modified-sourcecode.patch @@ -1,6 +1,6 @@ -From 5e05c14b6ea197c44486ead1b778224a27106b06 Mon Sep 17 00:00:00 2001 -From: hnrd -Date: Mon, 10 Apr 2023 18:35:40 +0200 +From 0a410cf815d7a66a4544b9c5915dfa38468ec379 Mon Sep 17 00:00:00 2001 +From: chris +Date: Wed, 24 Jan 2024 13:04:05 +0100 Subject: [PATCH 3/6] point to modified sourcecode as per AGPL license of original source, modifications must be disclosed. @@ -22,5 +22,5 @@ index cb2e7c77..63645f0c 100644 @endsection -- -2.42.0 +2.43.0 diff --git a/patches/0004-disable-beagle-service.patch b/patches/0004-disable-beagle-service.patch index cd8d095..052d9ad 100644 --- a/patches/0004-disable-beagle-service.patch +++ b/patches/0004-disable-beagle-service.patch @@ -1,6 +1,6 @@ -From 9797f7237d4b4a242b284ae0e6f219f51465cbd5 Mon Sep 17 00:00:00 2001 -From: hnrd -Date: Mon, 17 Jul 2023 10:47:39 +0200 +From c6c208aef154d2ab683d794bb5b95fa508c757da Mon Sep 17 00:00:00 2001 +From: chris +Date: Wed, 24 Jan 2024 13:05:34 +0100 Subject: [PATCH 4/6] disable beagle service beagle is a remote API service provided by dansup and used for centralised lookups. @@ -11,14 +11,14 @@ As it's not configurable at the moment this patch disables remote communication 1 file changed, 3 insertions(+) diff --git a/app/Services/Account/RemoteAuthService.php b/app/Services/Account/RemoteAuthService.php -index 4412352a..14b4d625 100644 +index 4412352a..667265be 100644 --- a/app/Services/Account/RemoteAuthService.php +++ b/app/Services/Account/RemoteAuthService.php @@ -120,6 +120,7 @@ class RemoteAuthService } return Cache::remember(self::CACHE_KEY . 'domain-compatible:' . $domain, 14400, function() use($domain) { -+ return true; ++ return true; try { $res = Http::timeout(20)->retry(3, 750)->get('https://beagle.pixelfed.net/api/v1/raa/domain?domain=' . $domain); if(!$res->ok()) { @@ -26,7 +26,7 @@ index 4412352a..14b4d625 100644 public static function lookupWebfingerUses($wf) { -+ return 0; ++ return 0; try { $res = Http::timeout(20)->retry(3, 750)->get('https://beagle.pixelfed.net/api/v1/raa/lookup?webfinger=' . $wf); if(!$res->ok()) { @@ -34,10 +34,10 @@ index 4412352a..14b4d625 100644 public static function submitToBeagle($ow, $ou, $dw, $du) { -+ return; ++ return; try { $url = 'https://beagle.pixelfed.net/api/v1/raa/submit'; $res = Http::throw()->timeout(10)->get($url, [ -- -2.42.0 +2.43.0 diff --git a/patches/0005-allow-30-char-usernames.patch b/patches/0005-allow-30-char-usernames.patch index f712bc5..af80da8 100644 --- a/patches/0005-allow-30-char-usernames.patch +++ b/patches/0005-allow-30-char-usernames.patch @@ -1,6 +1,6 @@ -From 94c12502b7170bb036c53eb19132c53f00dc54dc Mon Sep 17 00:00:00 2001 -From: hnrd -Date: Thu, 27 Jul 2023 12:49:01 +0200 +From 2eaeb254502b00f9d25eeaec607f10f8692e96a2 Mon Sep 17 00:00:00 2001 +From: chris +Date: Wed, 24 Jan 2024 13:06:07 +0100 Subject: [PATCH 5/6] allow 30 char usernames raise maximum username length, because why not? @@ -9,7 +9,7 @@ raise maximum username length, because why not? 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php -index 5eb1159f..227bf06d 100644 +index 8c10e5d0..12b8c1b3 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -70,7 +70,7 @@ class RegisterController extends Controller @@ -22,5 +22,5 @@ index 5eb1159f..227bf06d 100644 function ($attribute, $value, $fail) { $dash = substr_count($value, '-'); -- -2.42.0 +2.43.0 diff --git a/patches/0006-Link-legal-notice.patch b/patches/0006-Link-legal-notice.patch index fd78476..e3e1c24 100644 --- a/patches/0006-Link-legal-notice.patch +++ b/patches/0006-Link-legal-notice.patch @@ -1,6 +1,6 @@ -From e65a182dd60353ab718f854863fdac68c9d8a2f5 Mon Sep 17 00:00:00 2001 +From 208c085e4a01f3aa29725b0a24409b7856122195 Mon Sep 17 00:00:00 2001 From: chris -Date: Wed, 25 Oct 2023 11:39:14 +0200 +Date: Wed, 24 Jan 2024 13:17:45 +0100 Subject: [PATCH 6/6] Link legal notice local jurisdiction requires a prominent link to a legal notice at the frontpage. @@ -48,5 +48,5 @@ index 5fb4e27d..6188d2f3 100644

© {{date('Y')}} {{config('pixelfed.domain.app')}} -- -2.42.0 +2.43.0 diff --git a/patches/README.md b/patches/README.md new file mode 100644 index 0000000..6830254 --- /dev/null +++ b/patches/README.md @@ -0,0 +1,3 @@ +Various patches against [https://github.com/pixelfed/pixelfed](dansups pixelfed). + +All patches except for patch 006 (adding legal notice links to the frontpage) are included in my prebuilt images, zknt/pixelfed on docker hub and quay.io.