Merge remote-tracking branch 'origin/develop' into webhooks_

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>

.gitlab-ci.yml

@@ -1,11 +1,13 @@
 image: git.pleroma.social:5050/pleroma/pleroma/ci-base
 
 variables: &global_variables
+  # Only used for the release
+  ELIXIR_VER: 1.12.3
   POSTGRES_DB: pleroma_test
   POSTGRES_USER: postgres
   POSTGRES_PASSWORD: postgres
   DB_HOST: postgres
-  DB_PORT: 5432
+  DB_PORT: "5432"
   MIX_ENV: test
 
 workflow:
@@ -152,22 +154,6 @@ unit-testing-erratic:
     - mix ecto.migrate
     - mix test --only=erratic
 
-# Removed to fix CI issue. In this early state it wasn't adding much value anyway.
-# TODO Fix and reinstate federated testing
-# federated-testing:
-#   stage: test
-#   cache: *testing_cache_policy
-#   services:
-#   - name: minibikini/postgres-with-rum:12
-#     alias: postgres
-#     command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
-#   script:
-#     - mix deps.get
-#     - mix ecto.create
-#     - mix ecto.migrate
-#     - epmd -daemon
-#     - mix test --trace --only federated
-
 unit-testing-rum:
   extends:
   - .build_changes_policy
@@ -175,7 +161,7 @@ unit-testing-rum:
   stage: test
   cache: *testing_cache_policy
   services:
-  - name: minibikini/postgres-with-rum:12
+  - name: git.pleroma.social:5050/pleroma/pleroma/postgres-with-rum-13
     alias: postgres
     command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
   variables:
@@ -189,7 +175,7 @@ unit-testing-rum:
 
 lint:
   extends: .build_changes_policy
-  image: &current_elixir elixir:1.12-alpine
+  image: &current_elixir elixir:1.13-alpine
   stage: test
   cache: *testing_cache_policy
   before_script: &current_bfr_script
@@ -294,7 +280,7 @@ stop_review_app:
 
 amd64:
   stage: release
-  image: elixir:1.11.4
+  image: elixir:$ELIXIR_VER
   only: &release-only
   - stable@pleroma/pleroma
   - develop@pleroma/pleroma
@@ -318,8 +304,9 @@ amd64:
           - deps
   variables: &release-variables
     MIX_ENV: prod
+    VIX_COMPILATION_MODE: PLATFORM_PROVIDED_LIBVIPS
   before_script: &before-release
-  - apt-get update && apt-get install -y cmake libmagic-dev
+  - apt-get update && apt-get install -y cmake libmagic-dev libvips-dev erlang-dev
   - echo "import Config" > config/prod.secret.exs
   - mix local.hex --force
   - mix local.rebar --force
@@ -334,13 +321,13 @@ amd64-musl:
   stage: release
   artifacts: *release-artifacts
   only: *release-only
-  image: elixir:1.11.4-alpine
+  image: elixir:$ELIXIR_VER-alpine
   tags:
     - amd64
   cache: *release-cache
   variables: *release-variables
   before_script: &before-release-musl
-  - apk add git build-base cmake file-dev openssl
+  - apk add git build-base cmake file-dev openssl vips-dev
   - echo "import Config" > config/prod.secret.exs
   - mix local.hex --force
   - mix local.rebar --force
@@ -352,7 +339,7 @@ arm:
   only: *release-only
   tags:
     - arm32-specified
-  image: arm32v7/elixir:1.11.4
+  image: arm32v7/elixir:$ELIXIR_VER
   cache: *release-cache
   variables: *release-variables
   before_script: *before-release
@@ -364,7 +351,7 @@ arm-musl:
   only: *release-only
   tags:
     - arm32-specified
-  image: arm32v7/elixir:1.11.4-alpine
+  image: arm32v7/elixir:$ELIXIR_VER-alpine
   cache: *release-cache
   variables: *release-variables
   before_script: *before-release-musl
@@ -376,7 +363,7 @@ arm64:
   only: *release-only
   tags:
     - arm
-  image: arm64v8/elixir:1.11.4
+  image: arm64v8/elixir:$ELIXIR_VER
   cache: *release-cache
   variables: *release-variables
   before_script: *before-release
@@ -388,7 +375,7 @@ arm64-musl:
   only: *release-only
   tags:
     - arm
-  image: arm64v8/elixir:1.11.4-alpine
+  image: arm64v8/elixir:$ELIXIR_VER-alpine
   cache: *release-cache
   variables: *release-variables
   before_script: *before-release-musl

.gitlab/merge_request_templates/Default.md

@@ -3,7 +3,7 @@
 
   `<code>` can be anything, but we recommend using a more or less unique identifier to avoid collisions, such as the branch name.
 
-  `<type>` can be `add`, `remove`, `fix`, `security` or `skip`. `skip` is only used if there is no user-visible change in the MR (for example, only editing comments in the code). Otherwise, choose a type that corresponds to your change.
+  `<type>` can be `add`, `change`, `remove`, `fix`, `security` or `skip`. `skip` is only used if there is no user-visible change in the MR (for example, only editing comments in the code). Otherwise, choose a type that corresponds to your change.
 
   In the file, write the changelog entry. For example, if an MR adds group functionality, we can create a file named `group.add` and write `Add group functionality` in it.
 

.gitlab/merge_request_templates/Release.md

@@ -1,6 +1,6 @@
 ### Release checklist
 * [ ] Bump version in `mix.exs`
-* [ ] Compile a changelog
+* [ ] Compile a changelog with the `tools/collect-changelog` script
 * [ ] Create an MR with an announcement to pleroma.social
 #### post-merge
 * [ ] Tag the release on the merge commit

.rgignore

@@ -0,0 +1 @@
+priv/static

CHANGELOG.md

@@ -4,19 +4,76 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
-## Unreleased
-
+## 2.6.1
 ### Changed
+- - Document maximum supported version of Erlang & Elixir
+
+### Added
+- [docs] add frontends management documentation
+
+### Fixed
+- TwitterAPI: Return proper error when healthcheck is disabled
+- Fix eblurhash and elixir-captcha not using system cflags
+
+## 2.6.0
+### Security
+- Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes.
+- CommonAPI: Prevent users from accessing media of other users by creating a status with reused attachment ID
+- Disable XML entity resolution completely to fix a dos vulnerability
 
 ### Added
 - Support for Image activities, namely from Hubzilla
+- Add OAuth scope descriptions
+- Allow lang attribute in status text
+- OnlyMedia Upload Filter
+- Implement MRF policy to reject or delist according to emojis
+- (hardening) Add no_new_privs=yes to OpenRC service files
+- Implement quotes
+- Add unified streaming endpoint
 
 ### Fixed
-
 - rel="me" was missing its cache
+- MediaProxy responses now return a sandbox CSP header
+- Filter context activities using Visibility.visible_for_user?
+- UploadedMedia: Add missing disposition_type to Content-Disposition
+- fix not being able to fetch flash file from remote instance
+- Fix abnormal behaviour when refetching a poll
+- Allow non-HTTP(s) URIs in "url" fields for compatibility with "FEP-fffd: Proxy Objects"
+- Fix opengraph and twitter card meta tags
+- ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts
+- OEmbed HTML tags are now filtered
+- Restrict attachments to only uploaded files only
+- Fix error 404 when deleting status of a banned user
+- Fix config ownership in dockerfile to pass restriction test
+- Fix user fetch completely broken if featured collection is not in a supported form
+- Correctly handle the situation when a poll has both "anyOf" and "oneOf" but one of them being empty
+- Fix handling report from a deactivated user
+- Prevent using the .json format to bypass authorized fetch mode
+- Fix mentioning punycode domains when using Markdown
+- Show more informative errors when profile exceeds char limits
 
 ### Removed
 - BREAKING: Support for passwords generated with `crypt(3)` (Gnu Social migration artifact)
+- remove BBS/SSH feature, replaced by an external bridge.
+- Remove a few unused indexes.
+- Cleanup OStatus-era user upgrades and ap_enabled indicator
+- Deprecate Pleroma's audio scrobbling
+
+## 2.5.4
+
+## Security
+- Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem
+
+## 2.5.3
+
+### Security
+- Emoji pack loader sanitizes pack names
+- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories
+
+## 2.5.5
+
+## Security
+- Prevent users from accessing media of other users by creating a status with reused attachment ID
 
 ## 2.5.4
 

Dockerfile

@@ -1,5 +1,5 @@
 ARG ELIXIR_IMG=hexpm/elixir
-ARG ELIXIR_VER=1.11.4
+ARG ELIXIR_VER=1.12.3
 ARG ERLANG_VER=24.2.1
 ARG ALPINE_VER=3.17.0
 
@@ -8,8 +8,9 @@ FROM ${ELIXIR_IMG}:${ELIXIR_VER}-erlang-${ERLANG_VER}-alpine-${ALPINE_VER} as bu
 COPY . .
 
 ENV MIX_ENV=prod
+ENV VIX_COMPILATION_MODE=PLATFORM_PROVIDED_LIBVIPS
 
-RUN apk add git gcc g++ musl-dev make cmake file-dev &&\
+RUN apk add git gcc g++ musl-dev make cmake file-dev vips-dev &&\
 	echo "import Config" > config/prod.secret.exs &&\
 	mix local.hex --force &&\
 	mix local.rebar --force &&\
@@ -37,7 +38,7 @@ ARG HOME=/opt/pleroma
 ARG DATA=/var/lib/pleroma
 
 RUN apk update &&\
-	apk add exiftool ffmpeg imagemagick libmagic ncurses postgresql-client &&\
+	apk add exiftool ffmpeg vips libmagic ncurses postgresql-client &&\
 	adduser --system --shell /bin/false --home ${HOME} pleroma &&\
 	mkdir -p ${DATA}/uploads &&\
 	mkdir -p ${DATA}/static &&\

benchmarks/mix/tasks/pleroma/benchmark.ex

@@ -3,8 +3,20 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Mix.Tasks.Pleroma.Benchmark do
-  import Mix.Pleroma
+  @shortdoc "Benchmarks"
+  @moduledoc """
+  Benchmark tasks available:
+  
+  adapters 
+  render_timeline
+  search
+  tag
+
+  MIX_ENV=benchmark mix pleroma.benchmark adapters
+  """
+
   use Mix.Task
+  import Mix.Pleroma
 
   def run(["search"]) do
     start_pleroma()
@@ -63,7 +75,7 @@ defmodule Mix.Tasks.Pleroma.Benchmark do
 
     Benchee.run(
       %{
-        "Standart rendering" => fn activities ->
+        "Standard rendering" => fn activities ->
           Pleroma.Web.MastodonAPI.StatusView.render("index.json", %{
             activities: activities,
             for: user,

changelog.d/3126.fix

@@ -1 +0,0 @@
-MediaProxy responses now return a sandbox CSP header

changelog.d/3801.fix

@@ -1 +0,0 @@
-Filter context activities using Visibility.visible_for_user?

changelog.d/3848.add

@@ -1 +0,0 @@
-Add OAuth scope descriptions

changelog.d/3872.remove

@@ -1 +0,0 @@
-remove BBS/SSH feature, replaced by an external bridge.

changelog.d/3873.fix

@@ -1 +0,0 @@
-UploadedMedia: Add missing disposition_type to Content-Disposition

changelog.d/3874.remove

@@ -1 +0,0 @@
-Remove a few unused indexes.

changelog.d/3880.remove

@@ -1 +0,0 @@
-Cleanup OStatus-era user upgrades and ap_enabled indicator

changelog.d/3882.add

@@ -1 +0,0 @@
-Allow lang attribute in status text

changelog.d/3883.fix

@@ -1 +0,0 @@
-Fix abnormal behaviour when refetching a poll

changelog.d/3884.fix

@@ -1 +0,0 @@
-Allow non-HTTP(s) URIs in "url" fields for compatibility with "FEP-fffd: Proxy Objects"

changelog.d/3885.fix

@@ -1 +0,0 @@
-Fix opengraph and twitter card meta tags

changelog.d/3888.fix

@@ -1 +0,0 @@
-ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts

changelog.d/3891.fix

@@ -1 +0,0 @@
-OEmbed HTML tags are now filtered

changelog.d/3897.add

@@ -1 +0,0 @@
-OnlyMedia Upload Filter

changelog.d/3900.change

@@ -0,0 +1 @@
+Update to Phoenix 1.7

changelog.d/3901.security

@@ -1 +0,0 @@
-Preload: Make generated JSON html-safe. It already was html safe because it only consists of config data that is base64 encoded, but this will keep it safe it that ever changes.

changelog.d/3987.fix

@@ -0,0 +1 @@
+Remove checking ImageMagick's commands for Pleroma.Upload.Filter.AnalyzeMetadata

changelog.d/add-outbox.fix

@@ -0,0 +1 @@
+ap userview: add outbox field.

changelog.d/akkoma-xml-remote-entities.security

@@ -1 +0,0 @@
-Fix XML External Entity (XXE) loading vulnerability allowing to fetch arbitary files from the server's filesystem

changelog.d/anonymous-exception-else.fix

@@ -0,0 +1 @@
+Fix #strip_report_status_data

changelog.d/attachment-type-check.fix

@@ -1 +0,0 @@
-Restrict attachments to only uploaded files only

changelog.d/authorize-interaction.add

@@ -0,0 +1 @@
+Support /authorize-interaction route used by Mastodon

changelog.d/bad_inbox_request.change

@@ -0,0 +1 @@
+Invalid activities delivered to the inbox will be rejected with a 400 Bad Request

changelog.d/blurhash.change

@@ -0,0 +1 @@
+Replace eblurhash with rinpatch_blurhash. This also removes a dependency on ImageMagick.

changelog.d/delete-status-of-banned-user.fix

@@ -1 +0,0 @@
-Fix error 404 when deleting status of a banned user

changelog.d/deprecate-scrobbles.remove

@@ -1 +0,0 @@
-Deprecate Pleroma's audio scrobbling

changelog.d/deprecations.skip

@@ -0,0 +1 @@
+

changelog.d/digest_emails.fix

@@ -0,0 +1 @@
+Fix the processing of email digest jobs.

changelog.d/disable-xml-entity-resolution.security

@@ -1 +0,0 @@
-Disable XML entity resolution completely to fix a dos vulnerability

changelog.d/dockerfile-config-perms.fix

@@ -1 +0,0 @@
-- Fix config ownership in dockerfile to pass restriction test

changelog.d/docs-max-elixir-erlang.change

@@ -0,0 +1 @@
+- Document maximum supported version of Erlang & Elixir

changelog.d/emoji-pack-sanitization.security

@@ -1 +0,0 @@
-Emoji pack loader sanitizes pack names

changelog.d/emoji-policy.add

@@ -1 +0,0 @@
-Implement MRF policy to reject or delist according to emojis

changelog.d/favicon.add

@@ -0,0 +1 @@
+Add support for configuring favicon, embed favicon and PWA manifest in server-generated meta

changelog.d/featured-collection-shouldnt-break-user-fetch.fix

@@ -1 +0,0 @@
-Fix user fetch completely broken if featured collection is not in a supported form

changelog.d/federation_status-access.change

@@ -0,0 +1 @@
+- Make `/api/v1/pleroma/federation_status` publicly available

changelog.d/fix-object-test.fix

@@ -1 +0,0 @@
-Correctly handle the situation when a poll has both "anyOf" and "oneOf" but one of them being empty

changelog.d/frontend-management.add

@@ -0,0 +1 @@
+[docs] add frontends management documentation

changelog.d/handle-report-from-deactivated-user.fix

@@ -1 +0,0 @@
-Fix handling report from a deactivated user

changelog.d/healthcheck-disabled-error.fix

@@ -0,0 +1 @@
+TwitterAPI: Return proper error when healthcheck is disabled

changelog.d/instance-v2.add

@@ -0,0 +1 @@
+Implement /api/v2/instance route

changelog.d/last_status_at.change

@@ -0,0 +1 @@
+- Change AccountView `last_status_at` from a datetime to a date (as done in Mastodon 3.1.0)

changelog.d/meilisearch.add

@@ -0,0 +1 @@
+Add meilisearch, make search engines pluggable

changelog.d/migration-fix.skip

@@ -0,0 +1 @@
+

changelog.d/no_new_privs.add

@@ -1 +0,0 @@
-(hardening) Add no_new_privs=yes to OpenRC service files

changelog.d/opengraph-rich-media-proxy.add

@@ -0,0 +1 @@
+Add media proxy to opengraph rich media cards

changelog.d/optimistic-inbox.change

@@ -0,0 +1 @@
+Optimistic Inbox reduces the processing overhead of incoming activities without instantly verifiable signatures.

changelog.d/otp_perms.security

@@ -1 +0,0 @@
-- Reduced permissions of config files and directories, distros requiring greater permissions like group-read need to pre-create the directories

changelog.d/prevent-bypassing-authorized-fetch-mode.fix

@@ -1 +0,0 @@
-Prevent using the .json format to bypass authorized fetch mode

changelog.d/prioritize-direct-recipients.add

@@ -0,0 +1 @@
+- Prioritize mentioned recipients (i.e., those that are not just followers) when federating.

changelog.d/promex.change

@@ -0,0 +1 @@
+Change the prometheus library to PromEx.

changelog.d/reachability.change

@@ -0,0 +1 @@
+Reduce the reachability timestamp update to a single upsert query

changelog.d/scrobble-url.add

@@ -0,0 +1 @@
+Adds the capability to add a URL to a scrobble (optional field)

changelog.d/scrubbers-html4-GtS.add

@@ -0,0 +1 @@
+- scrubbers/default: Add more formatting elements from HTML4 / GoToSocial (acronym, bdo, big, cite, dfn, ins, kbd, q, samp, s, tt, var, wbr)

changelog.d/system-cflags.fix

@@ -0,0 +1 @@
+- Fix eblurhash and elixir-captcha not using system cflags

changelog.d/update-credentials-limit-error.fix

@@ -1 +0,0 @@
-Show more informative errors when profile exceeds char limits

changelog.d/vips.change

@@ -0,0 +1 @@
+Change mediaproxy previews to use vips to generate thumbnails instead of ImageMagick

changelog.d/web_push.fix

@@ -0,0 +1 @@
+Fix web push notifications not successfully delivering

ci/Dockerfile

@@ -1,4 +1,4 @@
-FROM elixir:1.11.4
+FROM elixir:1.12.3
 
 # Single RUN statement, otherwise intermediate images are created
 # https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run

ci/postgres_rum/Dockerfile

@@ -0,0 +1,3 @@
+FROM postgres:13-bullseye
+
+RUN apt-get update && apt-get install -y postgresql-13-rum/bullseye-pgdg

ci/postgres_rum/build_and_push.sh

@@ -0,0 +1 @@
+docker buildx build --platform linux/amd64,linux/arm64 -t git.pleroma.social:5050/pleroma/pleroma/postgres-with-rum-13:latest --push .

config/benchmark.exs

@@ -14,7 +14,7 @@ config :pleroma, Pleroma.Captcha,
   method: Pleroma.Captcha.Mock
 
 # Print only warnings and errors during test
-config :logger, level: :warn
+config :logger, level: :warning
 
 config :pleroma, :auth, oauth_consumer_strategies: []
 

config/config.exs

@@ -110,17 +110,6 @@ config :pleroma, :uri_schemes,
     "xmpp"
   ]
 
-websocket_config = [
-  path: "/websocket",
-  serializer: [
-    {Phoenix.Socket.V1.JSONSerializer, "~> 1.0.0"},
-    {Phoenix.Socket.V2.JSONSerializer, "~> 2.0.0"}
-  ],
-  timeout: 60_000,
-  transport_log: false,
-  compress: false
-]
-
 # Configures the endpoint
 config :pleroma, Pleroma.Web.Endpoint,
   url: [host: "localhost"],
@@ -130,10 +119,7 @@ config :pleroma, Pleroma.Web.Endpoint,
       {:_,
        [
          {"/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler, []},
-         {"/websocket", Phoenix.Endpoint.CowboyWebSocket,
-          {Phoenix.Transports.WebSocket,
-           {Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, websocket_config}}},
-         {:_, Phoenix.Endpoint.Cowboy2Handler, {Pleroma.Web.Endpoint, []}}
+         {:_, Plug.Cowboy.Handler, {Pleroma.Web.Endpoint, []}}
        ]}
     ]
   ],
@@ -185,6 +171,7 @@ config :pleroma, :instance,
   short_description: "",
   background_image: "/images/city.jpg",
   instance_thumbnail: "/instance/thumbnail.jpeg",
+  favicon: "/favicon.png",
   limit: 5_000,
   description_limit: 5_000,
   remote_limit: 100_000,
@@ -360,6 +347,8 @@ config :pleroma, :manifest,
   icons: [
     %{
       src: "/static/logo.svg",
+      sizes: "144x144",
+      purpose: "any",
       type: "image/svg+xml"
     }
   ],
@@ -434,6 +423,8 @@ config :pleroma, :mrf_object_age,
 
 config :pleroma, :mrf_follow_bot, follower_nickname: nil
 
+config :pleroma, :mrf_inline_quote, template: "<bdi>RT:</bdi> {url}"
+
 config :pleroma, :rich_media,
   enabled: true,
   ignore_hosts: [],
@@ -589,7 +580,8 @@ config :pleroma, Oban,
     remote_fetcher: 2,
     attachments_cleanup: 1,
     new_users_digest: 1,
-    mute_expire: 5
+    mute_expire: 5,
+    search_indexing: 10
   ],
   plugins: [Oban.Plugins.Pruner],
   crontab: [
@@ -600,7 +592,8 @@ config :pleroma, Oban,
 config :pleroma, :workers,
   retries: [
     federator_incoming: 5,
-    federator_outgoing: 5
+    federator_outgoing: 5,
+    search_indexing: 2
   ]
 
 config :pleroma, Pleroma.Formatter,
@@ -658,12 +651,26 @@ config :pleroma, Pleroma.Emails.UserEmail,
 
 config :pleroma, Pleroma.Emails.NewUsersDigestEmail, enabled: false
 
-config :prometheus, Pleroma.Web.Endpoint.MetricsExporter,
-  enabled: false,
-  auth: false,
-  ip_whitelist: [],
-  path: "/api/pleroma/app_metrics",
-  format: :text
+config :pleroma, Pleroma.PromEx,
+  disabled: false,
+  manual_metrics_start_delay: :no_delay,
+  drop_metrics_groups: [],
+  grafana: [
+    host: System.get_env("GRAFANA_HOST", "http://localhost:3000"),
+    auth_token: System.get_env("GRAFANA_TOKEN"),
+    upload_dashboards_on_start: false,
+    folder_name: "BEAM",
+    annotate_app_lifecycle: true
+  ],
+  metrics_server: [
+    port: 4021,
+    path: "/metrics",
+    protocol: :http,
+    pool_size: 5,
+    cowboy_opts: [],
+    auth_strategy: :none
+  ],
+  datasource: "Prometheus"
 
 config :pleroma, Pleroma.ScheduledActivity,
   daily_user_limit: 25,
@@ -858,7 +865,11 @@ config :pleroma, :restrict_unauthenticated,
 config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false
 
 config :pleroma, :mrf,
-  policies: [Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy, Pleroma.Web.ActivityPub.MRF.TagPolicy],
+  policies: [
+    Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy,
+    Pleroma.Web.ActivityPub.MRF.TagPolicy,
+    Pleroma.Web.ActivityPub.MRF.InlineQuotePolicy
+  ],
   transparency: true,
   transparency_exclusions: []
 
@@ -884,11 +895,19 @@ config :pleroma, Pleroma.User.Backup,
 config :pleroma, ConcurrentLimiter, [
   {Pleroma.Web.RichMedia.Helpers, [max_running: 5, max_waiting: 5]},
   {Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy, [max_running: 5, max_waiting: 5]},
+  {Pleroma.Search, [max_running: 30, max_waiting: 50]},
   {Pleroma.Webhook.Notify, [max_running: 5, max_waiting: 200]}
 ]
 
 config :pleroma, Pleroma.Web.WebFinger, domain: nil, update_nickname_on_user_fetch: true
 
+config :pleroma, Pleroma.Search, module: Pleroma.Search.DatabaseSearch
+
+config :pleroma, Pleroma.Search.Meilisearch,
+  url: "http://127.0.0.1:7700/",
+  private_key: nil,
+  initial_indexing_chunk_size: 100_000
+
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
 import_config "#{Mix.env()}.exs"

config/description.exs

@@ -987,6 +987,12 @@ config :pleroma, :config_description, [
           "The instance thumbnail can be any image that represents your instance and is used by some apps or services when they display information about your instance.",
         suggestions: ["/instance/thumbnail.jpeg"]
       },
+      %{
+        key: :favicon,
+        type: {:string, :image},
+        description: "Favicon of the instance",
+        suggestions: ["/favicon.png"]
+      },
       %{
         key: :show_reactions,
         type: :boolean,
@@ -1181,7 +1187,7 @@ config :pleroma, :config_description, [
         type: [:atom, :tuple, :module],
         description:
           "Where logs will be sent, :console - send logs to stdout, { ExSyslogger, :ex_syslogger } - to syslog, Quack.Logger - to Slack.",
-        suggestions: [:console, {ExSyslogger, :ex_syslogger}, Quack.Logger]
+        suggestions: [:console, {ExSyslogger, :ex_syslogger}]
       }
     ]
   },
@@ -1196,7 +1202,7 @@ config :pleroma, :config_description, [
         key: :level,
         type: {:dropdown, :atom},
         description: "Log level",
-        suggestions: [:debug, :info, :warn, :error]
+        suggestions: [:debug, :info, :warning, :error]
       },
       %{
         key: :ident,
@@ -1229,7 +1235,7 @@ config :pleroma, :config_description, [
         key: :level,
         type: {:dropdown, :atom},
         description: "Log level",
-        suggestions: [:debug, :info, :warn, :error]
+        suggestions: [:debug, :info, :warning, :error]
       },
       %{
         key: :format,
@@ -1931,7 +1937,7 @@ config :pleroma, :config_description, [
         key: :log,
         type: {:dropdown, :atom},
         description: "Logs verbose mode",
-        suggestions: [false, :error, :warn, :info, :debug]
+        suggestions: [false, :error, :warning, :info, :debug]
       },
       %{
         key: :queues,
@@ -3486,5 +3492,48 @@ config :pleroma, :config_description, [
         ]
       }
     ]
+  },
+  %{
+    group: :pleroma,
+    key: Pleroma.Search,
+    type: :group,
+    description: "General search settings.",
+    children: [
+      %{
+        key: :module,
+        type: :keyword,
+        description: "Selected search module.",
+        suggestion: [Pleroma.Search.DatabaseSearch, Pleroma.Search.Meilisearch]
+      }
+    ]
+  },
+  %{
+    group: :pleroma,
+    key: Pleroma.Search.Meilisearch,
+    type: :group,
+    description: "Meilisearch settings.",
+    children: [
+      %{
+        key: :url,
+        type: :string,
+        description: "Meilisearch URL.",
+        suggestion: ["http://127.0.0.1:7700/"]
+      },
+      %{
+        key: :private_key,
+        type: :string,
+        description:
+          "Private key for meilisearch authentication, or `nil` to disable private key authentication.",
+        suggestion: [nil]
+      },
+      %{
+        key: :initial_indexing_chunk_size,
+        type: :int,
+        description:
+          "Amount of posts in a batch when running the initial indexing operation. Should probably not be more than 100000" <>
+            " since there's a limit on maximum insert size",
+        suggestion: [100_000]
+      }
+    ]
   }
 ]

config/test.exs

@@ -16,7 +16,7 @@ config :pleroma, Pleroma.Captcha,
 
 # Print only warnings and errors during test
 config :logger, :console,
-  level: :warn,
+  level: :warning,
   format: "\n[$level] $message\n"
 
 config :pleroma, :auth, oauth_consumer_strategies: []
@@ -133,10 +133,35 @@ config :pleroma, :side_effects,
   ap_streamer: Pleroma.Web.ActivityPub.ActivityPubMock,
   logger: Pleroma.LoggerMock
 
+config :pleroma, Pleroma.Search, module: Pleroma.Search.DatabaseSearch
+
+config :pleroma, Pleroma.Search.Meilisearch, url: "http://127.0.0.1:7700/", private_key: nil
+
 # Reduce recompilation time
 # https://dashbit.co/blog/speeding-up-re-compilation-of-elixir-projects
 config :phoenix, :plug_init_mode, :runtime
 
+config :pleroma, :config_impl, Pleroma.UnstubbedConfigMock
+
+config :pleroma, Pleroma.PromEx, disabled: true
+
+# Mox definitions. Only read during compile time.
+config :pleroma, Pleroma.User.Backup, config_impl: Pleroma.UnstubbedConfigMock
+config :pleroma, Pleroma.Uploaders.S3, ex_aws_impl: Pleroma.Uploaders.S3.ExAwsMock
+config :pleroma, Pleroma.Uploaders.S3, config_impl: Pleroma.UnstubbedConfigMock
+config :pleroma, Pleroma.Upload, config_impl: Pleroma.UnstubbedConfigMock
+config :pleroma, Pleroma.ScheduledActivity, config_impl: Pleroma.UnstubbedConfigMock
+config :pleroma, Pleroma.Web.RichMedia.Helpers, config_impl: Pleroma.StaticStubbedConfigMock
+
+peer_module =
+  if String.to_integer(System.otp_release()) >= 25 do
+    :peer
+  else
+    :slave
+  end
+
+config :pleroma, Pleroma.Cluster, peer_module: peer_module
+
 if File.exists?("./config/test.secret.exs") do
   import_config "test.secret.exs"
 else

docs/administration/frontends-management.md

@@ -0,0 +1,71 @@
+# Managing installed frontends
+
+Pleroma lets you install multiple frontends including multiple versions of same frontend. Right now it's only possible to switch which frontend is the default, but in the future it would be possible for user to select which frontend they prefer to use.
+
+As of 2.6.0 there are two ways of managing frontends - through PleromaFE's Admin Dashboard (preferred, easier method) or through AdminFE (clunky but also works on versions older than 2.6.0).
+
+!!! note
+    Managing frontends through UI requires [in-database configuration](../configuration/howto_database_config.md) to be enabled (default on newer instances but might be off on older ones).
+
+## How it works
+
+When installing frontends, it creates a folder in [static directory](../configuration/static_dir.md) that follows this pattern: `/frontends/${front-end name}/${front-end version}/`, puts contents of the built frontend in there. Then when accessing the server backend checks what front-end name and version are set to be default and serves index.html and assets from appropriate path.
+
+!!! warning
+
+    If you've been putting your frontend build directly into static dir as an antiquated way of serving custom frontend, this system will not work and will still serve the custom index.html you put in there. You can still serve custom frontend builds if you put your build into `/frontends/$name/$version` instead and set the "default frontend" fields appropriately.
+    
+Currently, there is no backup system, i.e. when installing `master` version it _will_ overwrite installed `master` version, for now if you want to keep previous version you should back it up manually, i.e. running `cp -r ./frontends/pleroma-fe/master ./frontends/pleroma-fe/master_old` in your static dir.
+
+## Managing front-ends through Admin Dashboard
+
+Open up Admin Dashboard (gauge icon in top bar, same as where link to AdminFE was),__
+![location of Admin Dashboard icon](../assets/admin_dash_location.png)
+switch to "Front-ends" tab.  
+![screenshot of Front-ends tab](../assets/frontends_tab.png)
+This page is designed to be self-explanatory and easy to use, while avoiding issues and pitfalls of AdminFE, but it's also early in development, everything is subject to change.
+
+!!! warning
+    This goes without saying, but if you set default frontend to anything except >2.6.0 version of PleromaFE you'll lose the access to Admin Dashboard and will have to use AdminFE to get it back. See below on how to use AdminFE.
+
+### Limitations 
+
+Currently the list of available for install frontends is essentially hard-coded in backend's configuration, each providing only one version, with exception for PleromaFE which overrides 'pleroma-fe' to also include `develop` version. There is no way to manually install build with a URL (coming soon) nor add more available frontends to the repository (it's broken).
+
+There is also no way to tell if there is an update available or not, for now you should watch for [announcements](https://pleroma.social/announcements/) of new PleromaFE stable releases to see if there is new stable version. For `develop` version it's up to you whether you want to follow the development process or just reinstall it periodically hoping for new stuff.
+
+## Using AdminFE to manage frontends
+
+Access AdminFE either directly by going to `/pleroma/admin` of your instance or by opening Admin Dashboard and clicking the link at the bottom of the window  
+![link to open old AdminFE](../assets/old_adminfe_link.png)
+
+
+Go to Settings -> Frontend.
+
+### Installing front-ends
+
+At the very top of the page there's a list of available frontends and button to install custom front-end
+
+!!! tip
+    Remember to click "Submit" in bottom right corner to save your changes!
+
+!!! bug
+    **Available Frontends** section lets you _install_ frontends but **NOT** update/reinstall them. It's only useful for installing a frontend once.
+    
+Due to aforementioned bug, preferred way of installing frontends in AdminFE is by clicking the "Install another frontend"  
+![screenshot of admin-fe with instructions on how to install a frontend](../assets/way_to_install_frontends.png)
+and filling in the fields. Unfortunately AdminFE does not provide the raw data necessary for you to fill those fields, so your best bet is to see what backend returns in browser's devtools or refer to the [source code](https://git.pleroma.social/pleroma/pleroma/-/blob/develop/config/config.exs?ref_type=heads#L742-791). For the most part, only **Name**, **Ref** (i.e. version) and **Build URL** fields are required, although some frontends might also require **Build Directory** to work. 
+
+For pleroma-fe you can use either `master` or `develop` refs, or potentially any ref in GitLab that has artifacts for `build` job, but that's outside scope of this document.
+
+### Selecting default frontend
+
+Scroll page waaaaay down, search for "Frontends" section, subtitled "Installed frontends management", change the name and reference of the "Primary" frontend.  
+![screenshot of admin-fe with instructions on how to install a frontend](../assets/primary_frontend_section.png)
+
+
+!!! danger
+    If you change "Admin" frontend name/reference you risk losing access to AdminFE as well.
+    
+!!! warning
+    Don't put anything into the "Available" section as it will break the list of available frontends completely, including the "add another frontend" button. If you accidentally put something in there, click the trashbin icon next to "Available" to reset it and restore the frontends list.

docs/configuration/cheatsheet.md

@@ -160,6 +160,8 @@ To add configuration to your config file, you can copy it from the base config.
     * `Pleroma.Web.ActivityPub.MRF.AntiFollowbotPolicy`: Drops follow requests from followbots. Users can still allow bots to follow them by first following the bot.
     * `Pleroma.Web.ActivityPub.MRF.KeywordPolicy`: Rejects or removes from the federated timeline or replaces keywords. (See [`:mrf_keyword`](#mrf_keyword)).
     * `Pleroma.Web.ActivityPub.MRF.ForceMentionsInContent`: Forces every mentioned user to be reflected in the post content.
+    * `Pleroma.Web.ActivityPub.MRF.InlineQuotePolicy`: Forces quote post URLs to be reflected in the message content inline.
+    * `Pleroma.Web.ActivityPub.MRF.QuoteToLinkTagPolicy`: Force a Link tag for posts quoting another post. (may break outgoing federation of quote posts with older Pleroma versions)
 * `transparency`: Make the content of your Message Rewrite Facility settings public (via nodeinfo).
 * `transparency_exclusions`: Exclude specific instance names from MRF transparency.  The use of the exclusions feature will be disclosed in nodeinfo as a boolean value.
 
@@ -267,6 +269,9 @@ Notes:
 * `federated_timeline_removal_url`: A list of patterns which result in message with emojis whose URLs match being removed from federated timelines (a.k.a unlisted). This will apply only to statuses. Each pattern can be a string or a [regular expression](https://hexdocs.pm/elixir/Regex.html).
 * `federated_timeline_removal_shortcode`: A list of patterns which result in message with emojis whose shortcodes match being removed from federated timelines (a.k.a unlisted). This will apply only to statuses. Each pattern can be a string or a [regular expression](https://hexdocs.pm/elixir/Regex.html).
 
+#### :mrf_inline_quote
+* `template`: The template to append to the post. `{url}` will be replaced with the actual link to the quoted post. Default: `<bdi>RT:</bdi> {url}`
+
 ### :activitypub
 * `unfollow_blocked`: Whether blocks result in people getting unfollowed
 * `outgoing_blocks`: Whether to federate blocks to other instances

docs/configuration/search.md

@@ -0,0 +1,123 @@
+# Configuring search
+
+{! backend/administration/CLI_tasks/general_cli_task_info.include !}
+
+## Built-in search
+
+To use built-in search that has no external dependencies, set the search module to `Pleroma.Activity`:
+
+> config :pleroma, Pleroma.Search, module: Pleroma.Search.DatabaseSearch
+
+While it has no external dependencies, it has problems with performance and relevancy.
+
+## Meilisearch
+
+Note that it's quite a bit more memory hungry than PostgreSQL (around 4-5G for ~1.2 million
+posts while idle and up to 7G while indexing initially). The disk usage for this additional index is also
+around 4 gigabytes. Like [RUM](./cheatsheet.md#rum-indexing-for-full-text-search) indexes, it offers considerably
+higher performance and ordering by timestamp in a reasonable amount of time.
+Additionally, the search results seem to be more accurate.
+
+Due to high memory usage, it may be best to set it up on a different machine, if running pleroma on a low-resource
+computer, and use private key authentication to secure the remote search instance.
+
+To use [meilisearch](https://www.meilisearch.com/), set the search module to `Pleroma.Search.Meilisearch`:
+
+> config :pleroma, Pleroma.Search, module: Pleroma.Search.Meilisearch
+
+You then need to set the address of the meilisearch instance, and optionally the private key for authentication. You might
+also want to change the `initial_indexing_chunk_size` to be smaller if you're server is not very powerful, but not higher than `100_000`,
+because meilisearch will refuse to process it if it's too big. However, in general you want this to be as big as possible, because meilisearch
+indexes faster when it can process many posts in a single batch.
+
+> config :pleroma, Pleroma.Search.Meilisearch,
+>    url: "http://127.0.0.1:7700/",
+>    private_key: "private key",
+>    initial_indexing_chunk_size: 100_000
+
+Information about setting up meilisearch can be found in the
+[official documentation](https://docs.meilisearch.com/learn/getting_started/installation.html).
+You probably want to start it with `MEILI_NO_ANALYTICS=true` environment variable to disable analytics.
+At least version 0.25.0 is required, but you are strongly adviced to use at least 0.26.0, as it introduces
+the `--enable-auto-batching` option which drastically improves performance. Without this option, the search
+is hardly usable on a somewhat big instance.
+
+### Private key authentication (optional)
+
+To set the private key, use the `MEILI_MASTER_KEY` environment variable when starting. After setting the _master key_,
+you have to get the _private key_, which is actually used for authentication.
+
+=== "OTP"
+    ```sh
+    ./bin/pleroma_ctl search.meilisearch show-keys <your master key here>
+    ```
+
+=== "From Source"
+    ```sh
+    mix pleroma.search.meilisearch show-keys <your master key here>
+    ```
+
+You will see a "Default Admin API Key", this is the key you actually put into your configuration file.
+
+### Initial indexing
+
+After setting up the configuration, you'll want to index all of your already existsing posts. Only public posts are indexed.  You'll only
+have to do it one time, but it might take a while, depending on the amount of posts your instance has seen. This is also a fairly RAM
+consuming process for `meilisearch`, and it will take a lot of RAM when running if you have a lot of posts (seems to be around 5G for ~1.2
+million posts while idle and up to 7G while indexing initially, but your experience may be different).
+
+The sequence of actions is as follows:
+
+1. First, change the configuration to use `Pleroma.Search.Meilisearch` as the search backend
+2. Restart your instance, at this point it can be used while the search indexing is running, though search won't return anything
+3. Start the initial indexing process (as described below with `index`),
+   and wait until the task says it sent everything from the database to index
+4. Wait until everything is actually indexed (by checking with `stats` as described below),
+   at this point you don't have to do anything, just wait a while.
+
+To start the initial indexing, run the `index` command:
+
+=== "OTP"
+    ```sh
+    ./bin/pleroma_ctl search.meilisearch index
+    ```
+
+=== "From Source"
+    ```sh
+    mix pleroma.search.meilisearch index
+    ```
+
+This will show you the total amount of posts to index, and then show you the amount of posts indexed currently, until the numbers eventually
+become the same. The posts are indexed in big batches and meilisearch will take some time to actually index them, even after you have
+inserted all the posts into it. Depending on the amount of posts, this may be as long as several hours. To get information about the status
+of indexing and how many posts have actually been indexed, use the `stats` command:
+
+=== "OTP"
+    ```sh
+    ./bin/pleroma_ctl search.meilisearch stats
+    ```
+
+=== "From Source"
+    ```sh
+    mix pleroma.search.meilisearch stats
+    ```
+
+### Clearing the index
+
+In case you need to clear the index (for example, to re-index from scratch, if that needs to happen for some reason), you can
+use the `clear` command:
+
+=== "OTP"
+    ```sh
+    ./bin/pleroma_ctl search.meilisearch clear
+    ```
+
+=== "From Source"
+    ```sh
+    mix pleroma.search.meilisearch clear
+    ```
+
+This will clear **all** the posts from the search index. Note, that deleted posts are also removed from index by the instance itself, so
+there is no need to actually clear the whole index, unless you want **all** of it gone. That said, the index does not hold any information
+that cannot be re-created from the database, it should also generally be a lot smaller than the size of your database. Still, the size
+depends on the amount of text in posts.