include patches

2023-10-08 15:00:18 +02:00 · 2023-10-08 15:00:18 +02:00 · 8ad1f9b8a2
parent 6d9842c969
commit 8ad1f9b8a2
8 changed files with 287 additions and 23 deletions
--- a/20
+++ b/20
@ -4,12 +4,6 @@ ARG VERSION=dev

 ARG DATE

-ENV IP_PATCH=14cca91255bca69dec195112ce2fbd110e2406ca
-ENV DISCOVERY_PATCH=f4a01bc97efeb259fd0c6e2016949c90675cc555
-ENV GITHUB_PATCH=06bcf80133f6c212f1674d280974c669b4524283
-ENV BEAGLE_PATCH=f45a489d5e45de21d648437880ef525a2e957b7b
-ENV USERNAME_PATCH=737319bff8697263df19b9b4c0a2ee7cc8055476
-
 RUN set -xe;\
  apt-get update &&\
  apt-get install --no-install-recommends -y git locales libcurl4-openssl-dev libzip-dev libicu-dev libxml2-dev libjpeg62-turbo-dev libpng-dev libmagickwand-dev libpq-dev libxpm-dev libwebp-dev &&\
@ -27,21 +21,23 @@ RUN set -xe;\
  curl https://raw.githubusercontent.com/composer/getcomposer.org/0a51b6fe383f7f61cf1d250c742ec655aa044c94/web/installer | php -- --quiet --2.2 &&\
  mv composer.phar /usr/local/bin/composer

+COPY patches/ /patches/
+
 RUN set -xe;\
  cd /var && rm -rf www &&\
  git clone https://github.com/pixelfed/pixelfed.git www &&\
  cd www &&\
  git checkout $VERSION &&\
-  curl -L https://git.zknt.org/chris/pixelfed/commit/${IP_PATCH}.patch | git apply &&\
-  curl -L https://git.zknt.org/chris/pixelfed/commit/${DISCOVERY_PATCH}.patch | git apply &&\
-  curl -L https://git.zknt.org/chris/pixelfed/commit/${GITHUB_PATCH}.patch | git apply &&\
-  curl -L https://git.zknt.org/chris/pixelfed/commit/${BEAGLE_PATCH}.patch | git apply &&\
-  curl -L https://git.zknt.org/chris/pixelfed/commit/${USERNAME_PATCH}.patch | git apply &&\
+  git apply /patches/0001-remove-IP-logging.patch &&\
+  git apply /patches/0002-hardcode-discovery-settings.patch &&\
+  git apply /patches/0003-point-to-modified-sourcecode.patch &&\
+  git apply /patches/0004-disable-beagle-service.patch &&\
+  git apply /patches/0005-allow-30-char-usernames.patch &&\
  composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
  ln -s public html &&\
  chown -R www-data:www-data /var/www &&\
  cp -r storage storage.skel &&\
-  rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore
+  rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore /patches

 FROM docker.io/php:8.1-apache-bullseye
 ARG DATE
--- a/Containerfile.fpm
+++ b/Containerfile.fpm
@ -3,12 +3,6 @@ FROM docker.io/php:8.1-fpm-bullseye as builder
 ARG VERSION=dev
 ARG DATE

-ENV IP_PATCH=14cca91255bca69dec195112ce2fbd110e2406ca
-ENV DISCOVERY_PATCH=f4a01bc97efeb259fd0c6e2016949c90675cc555
-ENV GITHUB_PATCH=06bcf80133f6c212f1674d280974c669b4524283
-ENV BEAGLE_PATCH=f45a489d5e45de21d648437880ef525a2e957b7b
-ENV USERNAME_PATCH=737319bff8697263df19b9b4c0a2ee7cc8055476
-
 RUN set -xe;\
  apt-get update &&\
  apt-get install --no-install-recommends -y git locales libcurl4-openssl-dev libzip-dev libicu-dev libxml2-dev libjpeg62-turbo-dev libpng-dev libmagickwand-dev libpq-dev libxpm-dev libwebp-dev &&\
@ -26,16 +20,18 @@ RUN set -xe;\
  curl https://raw.githubusercontent.com/composer/getcomposer.org/0a51b6fe383f7f61cf1d250c742ec655aa044c94/web/installer | php -- --quiet --2.2 &&\
  mv composer.phar /usr/local/bin/composer

+COPY patches/ /patches/
+
 RUN set -xe;\
  cd /var && rm -rf www &&\
  git clone https://github.com/pixelfed/pixelfed.git www &&\
  cd www &&\
  git checkout $VERSION &&\
-  curl -L https://git.zknt.org/chris/pixelfed/commit/${IP_PATCH}.patch | git apply &&\
-  curl -L https://git.zknt.org/chris/pixelfed/commit/${DISCOVERY_PATCH}.patch | git apply &&\
-  curl -L https://git.zknt.org/chris/pixelfed/commit/${GITHUB_PATCH}.patch | git apply &&\
-  curl -L https://git.zknt.org/chris/pixelfed/commit/${BEAGLE_PATCH}.patch | git apply &&\
-  curl -L https://git.zknt.org/chris/pixelfed/commit/${USERNAME_PATCH}.patch | git apply &&\
+  git apply /patches/0001-remove-IP-logging.patch &&\
+  git apply /patches/0002-hardcode-discovery-settings.patch &&\
+  git apply /patches/0003-point-to-modified-sourcecode.patch &&\
+  git apply /patches/0004-disable-beagle-service.patch &&\
+  git apply /patches/0005-allow-30-char-usernames.patch &&\
  composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
  ln -s public html &&\
  chown -R www-data:www-data /var/www &&\
--- a/patches/0001-remove-IP-logging.patch
+++ b/patches/0001-remove-IP-logging.patch
@ -0,0 +1,87 @@
+From 983309a3f92c3cc40d70f46d0eb0ba8eb752d7ff Mon Sep 17 00:00:00 2001
+From: hnrd <cg@zknt.org>
+Date: Sat, 27 May 2023 11:27:56 +0200
+Subject: [PATCH 1/6] remove IP logging
+
+Replace unneeded logging of IPs and User-Agent strings with meaningless static data.
+---
+ app/Http/Controllers/Auth/LoginController.php  | 4 ++--
+ app/Http/Controllers/Settings/HomeSettings.php | 8 ++++----
+ app/Listeners/AuthLogin.php                    | 4 ++--
+ app/Listeners/LogFailedLogin.php               | 4 ++--
+ 4 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
+index 3861d327..e6b345a6 100644
+--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
+@@ -108,8 +108,8 @@ class LoginController extends Controller
+         $log->action = 'auth.login';
+         $log->message = 'Account Login';
+         $log->link = null;
+-        $log->ip_address = $request->ip();
+-        $log->user_agent = $request->userAgent();
+	$log->ip_address = "127.0.0.23";
+	$log->user_agent = "Pixelfed.de";
+         $log->save();
+     }
+ 
+diff --git a/app/Http/Controllers/Settings/HomeSettings.php b/app/Http/Controllers/Settings/HomeSettings.php
+index 082a72af..63448905 100644
+--- a/app/Http/Controllers/Settings/HomeSettings.php
+++ b/app/Http/Controllers/Settings/HomeSettings.php
+@@ -139,8 +139,8 @@ trait HomeSettings
+ 			$log->action = 'account.edit.password';
+ 			$log->message = 'Password changed';
+ 			$log->link = null;
+-			$log->ip_address = $request->ip();
+-			$log->user_agent = $request->userAgent();
+			$log->ip_address = "127.0.0.23";
+			$log->user_agent = "Pixelfed.de";
+ 			$log->save();
+ 
+ 			Mail::to($request->user())->send(new PasswordChange($user));
+@@ -185,8 +185,8 @@ trait HomeSettings
+ 			$log->action = 'account.edit.email';
+ 			$log->message = 'Email changed';
+ 			$log->link = null;
+-			$log->ip_address = $request->ip();
+-			$log->user_agent = $request->userAgent();
+			$log->ip_address = "127.0.0.23";
+			$log->user_agent = "Pixelfed.de";
+ 			$log->save();
+ 		}
+ 
+diff --git a/app/Listeners/AuthLogin.php b/app/Listeners/AuthLogin.php
+index 90806965..d0261ecc 100644
+--- a/app/Listeners/AuthLogin.php
+++ b/app/Listeners/AuthLogin.php
+@@ -122,8 +122,8 @@ class AuthLogin
+         $device = DB::transaction(function() use($user) {
+             return UserDevice::firstOrCreate([
+                 'user_id'       => $user->id,
+-                'ip'            => request()->ip(),
+-                'user_agent'    => str_limit(request()->userAgent(), 180),
+		'ip'            => "127.0.0.23",
+		'user_agent'    => "Pixelfed.de",
+             ]);
+         });
+     }
+diff --git a/app/Listeners/LogFailedLogin.php b/app/Listeners/LogFailedLogin.php
+index c6ba3305..9442bfd0 100644
+--- a/app/Listeners/LogFailedLogin.php
+++ b/app/Listeners/LogFailedLogin.php
+@@ -41,8 +41,8 @@ class LogFailedLogin
+         $log->action = 'auth.failed';
+         $log->message = 'Failed login attempt';
+         $log->link = null;
+-        $log->ip_address = $request->ip();
+-        $log->user_agent = $request->userAgent();
+	$log->ip_address = "127.0.0.23";
+        $log->user_agent = "Pixelfed.de";
+         $log->save();
+     }
+ }
+-- 
+2.42.0
+
--- a/patches/0002-hardcode-discovery-settings.patch
+++ b/patches/0002-hardcode-discovery-settings.patch
@ -0,0 +1,38 @@
+From 2e602bea61489ff59c8084a24de4bc33f44971ad Mon Sep 17 00:00:00 2001
+From: hnrd <cg@zknt.org>
+Date: Mon, 10 Apr 2023 18:04:17 +0200
+Subject: [PATCH 2/6] hardcode discovery settings
+
+force enable discovery (as dynamic settings are not saved properly)
+---
+ app/Http/Controllers/DiscoverController.php | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/app/Http/Controllers/DiscoverController.php b/app/Http/Controllers/DiscoverController.php
+index 4bb7277a..41251adb 100644
+--- a/app/Http/Controllers/DiscoverController.php
+++ b/app/Http/Controllers/DiscoverController.php
+@@ -279,16 +279,16 @@ class DiscoverController extends Controller
+ 		}
+ 		return [
+ 			'hashtags' => [
+-				'enabled' => false,
+				'enabled' => true,
+ 			],
+ 			'memories' => [
+-				'enabled' => false,
+				'enabled' => true,
+ 			],
+ 			'insights' => [
+-				'enabled' => false,
+				'enabled' => true,
+ 			],
+ 			'friends' => [
+-				'enabled' => false,
+				'enabled' => true,
+ 			],
+ 			'server' => [
+ 				'enabled' => false,
+-- 
+2.42.0
+
--- a/patches/0003-point-to-modified-sourcecode.patch
+++ b/patches/0003-point-to-modified-sourcecode.patch
@ -0,0 +1,26 @@
+From 812e130d0ec6841bc822a3506485147eeae381d6 Mon Sep 17 00:00:00 2001
+From: hnrd <cg@zknt.org>
+Date: Mon, 10 Apr 2023 18:35:40 +0200
+Subject: [PATCH 3/6] point to modified sourcecode
+
+as per AGPL license of original source, modifications must be disclosed.
+---
+ resources/views/site/opensource.blade.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/resources/views/site/opensource.blade.php b/resources/views/site/opensource.blade.php
+index cb2e7c77..63645f0c 100644
+--- a/resources/views/site/opensource.blade.php
+++ b/resources/views/site/opensource.blade.php
+@@ -7,7 +7,7 @@
+   </div>
+   <hr>
+   <section>
+-    <p class="lead">The software that powers this website is called <a href="https://pixelfed.org">Pixelfed</a> and anyone can <a href="https://github.com/pixelfed/pixelfed">download</a> or <a href="https://github.com/pixelfed/pixelfed">view</a> the source code and run their own instance!</p>
+    <p class="lead">This website runs a modified version of the Pixelfed software, which you can find on <a href="https://git.zknt.org/chris/pixelfed/">Git</a> (original, unmodified software: <a href="https://github.com/pixelfed/pixelfed/">here on Github</a></p>
+   </section>
+ @endsection
+ 
+-- 
+2.42.0
+
--- a/patches/0004-disable-beagle-service.patch
+++ b/patches/0004-disable-beagle-service.patch
@ -0,0 +1,43 @@
+From 13995f061214886fa9dda3f64341b543c2df5646 Mon Sep 17 00:00:00 2001
+From: hnrd <cg@zknt.org>
+Date: Mon, 17 Jul 2023 10:47:39 +0200
+Subject: [PATCH 4/6] disable beagle service
+
+beagle is a remote API service provided by dansup and used for centralised lookups.
+Using the beagle service without users explicit consent violates GDPR.
+As it's not configurable at the moment this patch disables remote communication with beagle.
+---
+ app/Services/Account/RemoteAuthService.php | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/app/Services/Account/RemoteAuthService.php b/app/Services/Account/RemoteAuthService.php
+index 4412352a..14b4d625 100644
+--- a/app/Services/Account/RemoteAuthService.php
+++ b/app/Services/Account/RemoteAuthService.php
+@@ -120,6 +120,7 @@ class RemoteAuthService
+         }
+ 
+         return Cache::remember(self::CACHE_KEY . 'domain-compatible:' . $domain, 14400, function() use($domain) {
+	    return true;
+             try {
+                 $res = Http::timeout(20)->retry(3, 750)->get('https://beagle.pixelfed.net/api/v1/raa/domain?domain=' . $domain);
+                 if(!$res->ok()) {
+@@ -144,6 +145,7 @@ class RemoteAuthService
+ 
+     public static function lookupWebfingerUses($wf)
+     {
+	return 0;
+         try {
+             $res = Http::timeout(20)->retry(3, 750)->get('https://beagle.pixelfed.net/api/v1/raa/lookup?webfinger=' . $wf);
+             if(!$res->ok()) {
+@@ -166,6 +168,7 @@ class RemoteAuthService
+ 
+     public static function submitToBeagle($ow, $ou, $dw, $du)
+     {
+	return;
+         try {
+             $url = 'https://beagle.pixelfed.net/api/v1/raa/submit';
+             $res = Http::throw()->timeout(10)->get($url, [
+-- 
+2.42.0
+
--- a/patches/0005-allow-30-char-usernames.patch
+++ b/patches/0005-allow-30-char-usernames.patch
@ -0,0 +1,26 @@
+From e860abb64b9f5f29b519dd85c976918152878437 Mon Sep 17 00:00:00 2001
+From: hnrd <cg@zknt.org>
+Date: Thu, 27 Jul 2023 12:49:01 +0200
+Subject: [PATCH 5/6] allow 30 char usernames
+
+raise maximum username length, because why not?
+---
+ app/Http/Controllers/Auth/RegisterController.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
+index 5eb1159f..227bf06d 100644
+--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
+@@ -70,7 +70,7 @@ class RegisterController extends Controller
+ 		$usernameRules = [
+ 			'required',
+ 			'min:2',
+-			'max:15',
+			'max:30',
+ 			'unique:users',
+ 			function ($attribute, $value, $fail) {
+ 				$dash = substr_count($value, '-');
+-- 
+2.42.0
+
--- a/patches/0006-Link-legal-notice.patch
+++ b/patches/0006-Link-legal-notice.patch