This commit is contained in:
parent
6d9842c969
commit
8ad1f9b8a2
8 changed files with 287 additions and 23 deletions
|
@ -4,12 +4,6 @@ ARG VERSION=dev
|
|||
|
||||
ARG DATE
|
||||
|
||||
ENV IP_PATCH=14cca91255bca69dec195112ce2fbd110e2406ca
|
||||
ENV DISCOVERY_PATCH=f4a01bc97efeb259fd0c6e2016949c90675cc555
|
||||
ENV GITHUB_PATCH=06bcf80133f6c212f1674d280974c669b4524283
|
||||
ENV BEAGLE_PATCH=f45a489d5e45de21d648437880ef525a2e957b7b
|
||||
ENV USERNAME_PATCH=737319bff8697263df19b9b4c0a2ee7cc8055476
|
||||
|
||||
RUN set -xe;\
|
||||
apt-get update &&\
|
||||
apt-get install --no-install-recommends -y git locales libcurl4-openssl-dev libzip-dev libicu-dev libxml2-dev libjpeg62-turbo-dev libpng-dev libmagickwand-dev libpq-dev libxpm-dev libwebp-dev &&\
|
||||
|
@ -27,21 +21,23 @@ RUN set -xe;\
|
|||
curl https://raw.githubusercontent.com/composer/getcomposer.org/0a51b6fe383f7f61cf1d250c742ec655aa044c94/web/installer | php -- --quiet --2.2 &&\
|
||||
mv composer.phar /usr/local/bin/composer
|
||||
|
||||
COPY patches/ /patches/
|
||||
|
||||
RUN set -xe;\
|
||||
cd /var && rm -rf www &&\
|
||||
git clone https://github.com/pixelfed/pixelfed.git www &&\
|
||||
cd www &&\
|
||||
git checkout $VERSION &&\
|
||||
curl -L https://git.zknt.org/chris/pixelfed/commit/${IP_PATCH}.patch | git apply &&\
|
||||
curl -L https://git.zknt.org/chris/pixelfed/commit/${DISCOVERY_PATCH}.patch | git apply &&\
|
||||
curl -L https://git.zknt.org/chris/pixelfed/commit/${GITHUB_PATCH}.patch | git apply &&\
|
||||
curl -L https://git.zknt.org/chris/pixelfed/commit/${BEAGLE_PATCH}.patch | git apply &&\
|
||||
curl -L https://git.zknt.org/chris/pixelfed/commit/${USERNAME_PATCH}.patch | git apply &&\
|
||||
git apply /patches/0001-remove-IP-logging.patch &&\
|
||||
git apply /patches/0002-hardcode-discovery-settings.patch &&\
|
||||
git apply /patches/0003-point-to-modified-sourcecode.patch &&\
|
||||
git apply /patches/0004-disable-beagle-service.patch &&\
|
||||
git apply /patches/0005-allow-30-char-usernames.patch &&\
|
||||
composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
|
||||
ln -s public html &&\
|
||||
chown -R www-data:www-data /var/www &&\
|
||||
cp -r storage storage.skel &&\
|
||||
rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore
|
||||
rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore /patches
|
||||
|
||||
FROM docker.io/php:8.1-apache-bullseye
|
||||
ARG DATE
|
||||
|
|
|
@ -3,12 +3,6 @@ FROM docker.io/php:8.1-fpm-bullseye as builder
|
|||
ARG VERSION=dev
|
||||
ARG DATE
|
||||
|
||||
ENV IP_PATCH=14cca91255bca69dec195112ce2fbd110e2406ca
|
||||
ENV DISCOVERY_PATCH=f4a01bc97efeb259fd0c6e2016949c90675cc555
|
||||
ENV GITHUB_PATCH=06bcf80133f6c212f1674d280974c669b4524283
|
||||
ENV BEAGLE_PATCH=f45a489d5e45de21d648437880ef525a2e957b7b
|
||||
ENV USERNAME_PATCH=737319bff8697263df19b9b4c0a2ee7cc8055476
|
||||
|
||||
RUN set -xe;\
|
||||
apt-get update &&\
|
||||
apt-get install --no-install-recommends -y git locales libcurl4-openssl-dev libzip-dev libicu-dev libxml2-dev libjpeg62-turbo-dev libpng-dev libmagickwand-dev libpq-dev libxpm-dev libwebp-dev &&\
|
||||
|
@ -26,16 +20,18 @@ RUN set -xe;\
|
|||
curl https://raw.githubusercontent.com/composer/getcomposer.org/0a51b6fe383f7f61cf1d250c742ec655aa044c94/web/installer | php -- --quiet --2.2 &&\
|
||||
mv composer.phar /usr/local/bin/composer
|
||||
|
||||
COPY patches/ /patches/
|
||||
|
||||
RUN set -xe;\
|
||||
cd /var && rm -rf www &&\
|
||||
git clone https://github.com/pixelfed/pixelfed.git www &&\
|
||||
cd www &&\
|
||||
git checkout $VERSION &&\
|
||||
curl -L https://git.zknt.org/chris/pixelfed/commit/${IP_PATCH}.patch | git apply &&\
|
||||
curl -L https://git.zknt.org/chris/pixelfed/commit/${DISCOVERY_PATCH}.patch | git apply &&\
|
||||
curl -L https://git.zknt.org/chris/pixelfed/commit/${GITHUB_PATCH}.patch | git apply &&\
|
||||
curl -L https://git.zknt.org/chris/pixelfed/commit/${BEAGLE_PATCH}.patch | git apply &&\
|
||||
curl -L https://git.zknt.org/chris/pixelfed/commit/${USERNAME_PATCH}.patch | git apply &&\
|
||||
git apply /patches/0001-remove-IP-logging.patch &&\
|
||||
git apply /patches/0002-hardcode-discovery-settings.patch &&\
|
||||
git apply /patches/0003-point-to-modified-sourcecode.patch &&\
|
||||
git apply /patches/0004-disable-beagle-service.patch &&\
|
||||
git apply /patches/0005-allow-30-char-usernames.patch &&\
|
||||
composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
|
||||
ln -s public html &&\
|
||||
chown -R www-data:www-data /var/www &&\
|
||||
|
|
87
patches/0001-remove-IP-logging.patch
Normal file
87
patches/0001-remove-IP-logging.patch
Normal file
|
@ -0,0 +1,87 @@
|
|||
From 983309a3f92c3cc40d70f46d0eb0ba8eb752d7ff Mon Sep 17 00:00:00 2001
|
||||
From: hnrd <cg@zknt.org>
|
||||
Date: Sat, 27 May 2023 11:27:56 +0200
|
||||
Subject: [PATCH 1/6] remove IP logging
|
||||
|
||||
Replace unneeded logging of IPs and User-Agent strings with meaningless static data.
|
||||
---
|
||||
app/Http/Controllers/Auth/LoginController.php | 4 ++--
|
||||
app/Http/Controllers/Settings/HomeSettings.php | 8 ++++----
|
||||
app/Listeners/AuthLogin.php | 4 ++--
|
||||
app/Listeners/LogFailedLogin.php | 4 ++--
|
||||
4 files changed, 10 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
|
||||
index 3861d327..e6b345a6 100644
|
||||
--- a/app/Http/Controllers/Auth/LoginController.php
|
||||
+++ b/app/Http/Controllers/Auth/LoginController.php
|
||||
@@ -108,8 +108,8 @@ class LoginController extends Controller
|
||||
$log->action = 'auth.login';
|
||||
$log->message = 'Account Login';
|
||||
$log->link = null;
|
||||
- $log->ip_address = $request->ip();
|
||||
- $log->user_agent = $request->userAgent();
|
||||
+ $log->ip_address = "127.0.0.23";
|
||||
+ $log->user_agent = "Pixelfed.de";
|
||||
$log->save();
|
||||
}
|
||||
|
||||
diff --git a/app/Http/Controllers/Settings/HomeSettings.php b/app/Http/Controllers/Settings/HomeSettings.php
|
||||
index 082a72af..63448905 100644
|
||||
--- a/app/Http/Controllers/Settings/HomeSettings.php
|
||||
+++ b/app/Http/Controllers/Settings/HomeSettings.php
|
||||
@@ -139,8 +139,8 @@ trait HomeSettings
|
||||
$log->action = 'account.edit.password';
|
||||
$log->message = 'Password changed';
|
||||
$log->link = null;
|
||||
- $log->ip_address = $request->ip();
|
||||
- $log->user_agent = $request->userAgent();
|
||||
+ $log->ip_address = "127.0.0.23";
|
||||
+ $log->user_agent = "Pixelfed.de";
|
||||
$log->save();
|
||||
|
||||
Mail::to($request->user())->send(new PasswordChange($user));
|
||||
@@ -185,8 +185,8 @@ trait HomeSettings
|
||||
$log->action = 'account.edit.email';
|
||||
$log->message = 'Email changed';
|
||||
$log->link = null;
|
||||
- $log->ip_address = $request->ip();
|
||||
- $log->user_agent = $request->userAgent();
|
||||
+ $log->ip_address = "127.0.0.23";
|
||||
+ $log->user_agent = "Pixelfed.de";
|
||||
$log->save();
|
||||
}
|
||||
|
||||
diff --git a/app/Listeners/AuthLogin.php b/app/Listeners/AuthLogin.php
|
||||
index 90806965..d0261ecc 100644
|
||||
--- a/app/Listeners/AuthLogin.php
|
||||
+++ b/app/Listeners/AuthLogin.php
|
||||
@@ -122,8 +122,8 @@ class AuthLogin
|
||||
$device = DB::transaction(function() use($user) {
|
||||
return UserDevice::firstOrCreate([
|
||||
'user_id' => $user->id,
|
||||
- 'ip' => request()->ip(),
|
||||
- 'user_agent' => str_limit(request()->userAgent(), 180),
|
||||
+ 'ip' => "127.0.0.23",
|
||||
+ 'user_agent' => "Pixelfed.de",
|
||||
]);
|
||||
});
|
||||
}
|
||||
diff --git a/app/Listeners/LogFailedLogin.php b/app/Listeners/LogFailedLogin.php
|
||||
index c6ba3305..9442bfd0 100644
|
||||
--- a/app/Listeners/LogFailedLogin.php
|
||||
+++ b/app/Listeners/LogFailedLogin.php
|
||||
@@ -41,8 +41,8 @@ class LogFailedLogin
|
||||
$log->action = 'auth.failed';
|
||||
$log->message = 'Failed login attempt';
|
||||
$log->link = null;
|
||||
- $log->ip_address = $request->ip();
|
||||
- $log->user_agent = $request->userAgent();
|
||||
+ $log->ip_address = "127.0.0.23";
|
||||
+ $log->user_agent = "Pixelfed.de";
|
||||
$log->save();
|
||||
}
|
||||
}
|
||||
--
|
||||
2.42.0
|
||||
|
38
patches/0002-hardcode-discovery-settings.patch
Normal file
38
patches/0002-hardcode-discovery-settings.patch
Normal file
|
@ -0,0 +1,38 @@
|
|||
From 2e602bea61489ff59c8084a24de4bc33f44971ad Mon Sep 17 00:00:00 2001
|
||||
From: hnrd <cg@zknt.org>
|
||||
Date: Mon, 10 Apr 2023 18:04:17 +0200
|
||||
Subject: [PATCH 2/6] hardcode discovery settings
|
||||
|
||||
force enable discovery (as dynamic settings are not saved properly)
|
||||
---
|
||||
app/Http/Controllers/DiscoverController.php | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/app/Http/Controllers/DiscoverController.php b/app/Http/Controllers/DiscoverController.php
|
||||
index 4bb7277a..41251adb 100644
|
||||
--- a/app/Http/Controllers/DiscoverController.php
|
||||
+++ b/app/Http/Controllers/DiscoverController.php
|
||||
@@ -279,16 +279,16 @@ class DiscoverController extends Controller
|
||||
}
|
||||
return [
|
||||
'hashtags' => [
|
||||
- 'enabled' => false,
|
||||
+ 'enabled' => true,
|
||||
],
|
||||
'memories' => [
|
||||
- 'enabled' => false,
|
||||
+ 'enabled' => true,
|
||||
],
|
||||
'insights' => [
|
||||
- 'enabled' => false,
|
||||
+ 'enabled' => true,
|
||||
],
|
||||
'friends' => [
|
||||
- 'enabled' => false,
|
||||
+ 'enabled' => true,
|
||||
],
|
||||
'server' => [
|
||||
'enabled' => false,
|
||||
--
|
||||
2.42.0
|
||||
|
26
patches/0003-point-to-modified-sourcecode.patch
Normal file
26
patches/0003-point-to-modified-sourcecode.patch
Normal file
|
@ -0,0 +1,26 @@
|
|||
From 812e130d0ec6841bc822a3506485147eeae381d6 Mon Sep 17 00:00:00 2001
|
||||
From: hnrd <cg@zknt.org>
|
||||
Date: Mon, 10 Apr 2023 18:35:40 +0200
|
||||
Subject: [PATCH 3/6] point to modified sourcecode
|
||||
|
||||
as per AGPL license of original source, modifications must be disclosed.
|
||||
---
|
||||
resources/views/site/opensource.blade.php | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/resources/views/site/opensource.blade.php b/resources/views/site/opensource.blade.php
|
||||
index cb2e7c77..63645f0c 100644
|
||||
--- a/resources/views/site/opensource.blade.php
|
||||
+++ b/resources/views/site/opensource.blade.php
|
||||
@@ -7,7 +7,7 @@
|
||||
</div>
|
||||
<hr>
|
||||
<section>
|
||||
- <p class="lead">The software that powers this website is called <a href="https://pixelfed.org">Pixelfed</a> and anyone can <a href="https://github.com/pixelfed/pixelfed">download</a> or <a href="https://github.com/pixelfed/pixelfed">view</a> the source code and run their own instance!</p>
|
||||
+ <p class="lead">This website runs a modified version of the Pixelfed software, which you can find on <a href="https://git.zknt.org/chris/pixelfed/">Git</a> (original, unmodified software: <a href="https://github.com/pixelfed/pixelfed/">here on Github</a></p>
|
||||
</section>
|
||||
@endsection
|
||||
|
||||
--
|
||||
2.42.0
|
||||
|
43
patches/0004-disable-beagle-service.patch
Normal file
43
patches/0004-disable-beagle-service.patch
Normal file
|
@ -0,0 +1,43 @@
|
|||
From 13995f061214886fa9dda3f64341b543c2df5646 Mon Sep 17 00:00:00 2001
|
||||
From: hnrd <cg@zknt.org>
|
||||
Date: Mon, 17 Jul 2023 10:47:39 +0200
|
||||
Subject: [PATCH 4/6] disable beagle service
|
||||
|
||||
beagle is a remote API service provided by dansup and used for centralised lookups.
|
||||
Using the beagle service without users explicit consent violates GDPR.
|
||||
As it's not configurable at the moment this patch disables remote communication with beagle.
|
||||
---
|
||||
app/Services/Account/RemoteAuthService.php | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/app/Services/Account/RemoteAuthService.php b/app/Services/Account/RemoteAuthService.php
|
||||
index 4412352a..14b4d625 100644
|
||||
--- a/app/Services/Account/RemoteAuthService.php
|
||||
+++ b/app/Services/Account/RemoteAuthService.php
|
||||
@@ -120,6 +120,7 @@ class RemoteAuthService
|
||||
}
|
||||
|
||||
return Cache::remember(self::CACHE_KEY . 'domain-compatible:' . $domain, 14400, function() use($domain) {
|
||||
+ return true;
|
||||
try {
|
||||
$res = Http::timeout(20)->retry(3, 750)->get('https://beagle.pixelfed.net/api/v1/raa/domain?domain=' . $domain);
|
||||
if(!$res->ok()) {
|
||||
@@ -144,6 +145,7 @@ class RemoteAuthService
|
||||
|
||||
public static function lookupWebfingerUses($wf)
|
||||
{
|
||||
+ return 0;
|
||||
try {
|
||||
$res = Http::timeout(20)->retry(3, 750)->get('https://beagle.pixelfed.net/api/v1/raa/lookup?webfinger=' . $wf);
|
||||
if(!$res->ok()) {
|
||||
@@ -166,6 +168,7 @@ class RemoteAuthService
|
||||
|
||||
public static function submitToBeagle($ow, $ou, $dw, $du)
|
||||
{
|
||||
+ return;
|
||||
try {
|
||||
$url = 'https://beagle.pixelfed.net/api/v1/raa/submit';
|
||||
$res = Http::throw()->timeout(10)->get($url, [
|
||||
--
|
||||
2.42.0
|
||||
|
26
patches/0005-allow-30-char-usernames.patch
Normal file
26
patches/0005-allow-30-char-usernames.patch
Normal file
|
@ -0,0 +1,26 @@
|
|||
From e860abb64b9f5f29b519dd85c976918152878437 Mon Sep 17 00:00:00 2001
|
||||
From: hnrd <cg@zknt.org>
|
||||
Date: Thu, 27 Jul 2023 12:49:01 +0200
|
||||
Subject: [PATCH 5/6] allow 30 char usernames
|
||||
|
||||
raise maximum username length, because why not?
|
||||
---
|
||||
app/Http/Controllers/Auth/RegisterController.php | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
|
||||
index 5eb1159f..227bf06d 100644
|
||||
--- a/app/Http/Controllers/Auth/RegisterController.php
|
||||
+++ b/app/Http/Controllers/Auth/RegisterController.php
|
||||
@@ -70,7 +70,7 @@ class RegisterController extends Controller
|
||||
$usernameRules = [
|
||||
'required',
|
||||
'min:2',
|
||||
- 'max:15',
|
||||
+ 'max:30',
|
||||
'unique:users',
|
||||
function ($attribute, $value, $fail) {
|
||||
$dash = substr_count($value, '-');
|
||||
--
|
||||
2.42.0
|
||||
|
52
patches/0006-Link-legal-notice.patch
Normal file
52
patches/0006-Link-legal-notice.patch
Normal file
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue