No OneTemporary
Actions

Size

285 KB

Referenced Files

None

Subscribers

None

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.

	diff --git a/CHANGELOG.md b/CHANGELOG.md
	index c133cd9ec..22f199b3d 100644
	--- a/CHANGELOG.md
	+++ b/CHANGELOG.md
	@@ -1,507 +1,509 @@
	# Changelog
	All notable changes to this project will be documented in this file.

	The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

	## [Unreleased]
	### Removed
	- Breaking: Removed 1.0+ deprecated configurations `Pleroma.Upload, :strip_exif` and `:instance, :dedupe_media`
	- Breaking: OStatus protocol support

	### Changed
	- Breaking: Elixir >=1.8 is now required (was >= 1.7)
	- Breaking: attachment links (`config :pleroma, :instance, no_attachment_links` and `config :pleroma, Pleroma.Upload, link_name`) disabled by default
	- Replaced [pleroma_job_queue](https://git.pleroma.social/pleroma/pleroma_job_queue) and `Pleroma.Web.Federator.RetryQueue` with [Oban](https://github.com/sorentwo/oban) (see [`docs/config.md`](docs/config.md) on migrating customized worker / retry settings)
	- Introduced [quantum](https://github.com/quantum-elixir/quantum-core) job scheduler
	- Enabled `:instance, extended_nickname_format` in the default config
	- Add `rel="ugc"` to all links in statuses, to prevent SEO spam
	- Extract RSS functionality from OStatus
	- MRF (Simple Policy): Also use `:accept`/`:reject` on the actors rather than only their activities
	- OStatus: Extract RSS functionality
	- Deprecated `User.Info` embedded schema (fields moved to `User`)
	- Store status data inside Flag activity
	- Deprecated (reorganized as `UserRelationship` entity) User fields with user AP IDs (`blocks`, `mutes`, `muted_reblogs`, `muted_notifications`, `subscribers`).
	+- Logger: default log level changed from `warn` to `info`.
	<details>
	<summary>API Changes</summary>

	- Breaking Admin API: `PATCH /api/pleroma/admin/users/:nickname/force_password_reset` is now `PATCH /api/pleroma/admin/users/force_password_reset` (accepts `nicknames` array in the request body)
	- Breaking: Admin API: Return link alongside with token on password reset
	- Breaking: Admin API: `PUT /api/pleroma/admin/reports/:id` is now `PATCH /api/pleroma/admin/reports`, see admin_api.md for details
	- Breaking: `/api/pleroma/admin/users/invite_token` now uses `POST`, changed accepted params and returns full invite in json instead of only token string.
	- Breaking replying to reports is now "report notes", enpoint changed from `POST /api/pleroma/admin/reports/:id/respond` to `POST /api/pleroma/admin/reports/:id/notes`
	- Admin API: Return `total` when querying for reports
	- Mastodon API: Return `pleroma.direct_conversation_id` when creating a direct message (`POST /api/v1/statuses`)
	- Admin API: Return link alongside with token on password reset
	- Admin API: Support authentication via `x-admin-token` HTTP header
	- Mastodon API: Add `pleroma.direct_conversation_id` to the status endpoint (`GET /api/v1/statuses/:id`)
	- Mastodon API: `pleroma.thread_muted` to the Status entity
	- Mastodon API: Mark the direct conversation as read for the author when they send a new direct message
	- Mastodon API, streaming: Add `pleroma.direct_conversation_id` to the `conversation` stream event payload.
	- Admin API: Render whole status in grouped reports
	- Mastodon API: User timelines will now respect blocks, unless you are getting the user timeline of somebody you blocked (which would be empty otherwise).
	</details>

	### Added
	- `:chat_limit` option to limit chat characters.
	- Refreshing poll results for remote polls
	- Authentication: Added rate limit for password-authorized actions / login existence checks
	- Static Frontend: Add the ability to render user profiles and notices server-side without requiring JS app.
	- Mix task to re-count statuses for all users (`mix pleroma.count_statuses`)
	- Mix task to list all users (`mix pleroma.user list`)
	- Support for `X-Forwarded-For` and similar HTTP headers which used by reverse proxies to pass a real user IP address to the backend. Must not be enabled unless your instance is behind at least one reverse proxy (such as Nginx, Apache HTTPD or Varnish Cache).
	- MRF: New module which handles incoming posts based on their age. By default, all incoming posts that are older than 2 days will be unlisted and not shown to their followers.
	- User notification settings: Add `privacy_option` option.
	+- Support for custom Elixir modules (such as MRF policies)
	- User settings: Add _This account is a_ option.
	- OAuth: admin scopes support (relevant setting: `[:auth, :enforce_oauth_admin_scope_usage]`).
	<details>
	<summary>API Changes</summary>

	- Job queue stats to the healthcheck page
	- Admin API: Add ability to fetch reports, grouped by status `GET /api/pleroma/admin/grouped_reports`
	- Admin API: Add ability to require password reset
	- Mastodon API: Account entities now include `follow_requests_count` (planned Mastodon 3.x addition)
	- Pleroma API: `GET /api/v1/pleroma/accounts/:id/scrobbles` to get a list of recently scrobbled items
	- Pleroma API: `POST /api/v1/pleroma/scrobble` to scrobble a media item
	- Mastodon API: Add `upload_limit`, `avatar_upload_limit`, `background_upload_limit`, and `banner_upload_limit` to `/api/v1/instance`
	- Mastodon API: Add `pleroma.unread_conversation_count` to the Account entity
	- OAuth: support for hierarchical permissions / [Mastodon 2.4.3 OAuth permissions](https://docs.joinmastodon.org/api/permissions/)
	- Metadata Link: Atom syndication Feed
	- Mix task to re-count statuses for all users (`mix pleroma.count_statuses`)
	- Mastodon API: Add `exclude_visibilities` parameter to the timeline and notification endpoints
	- Admin API: `/users/:nickname/toggle_activation` endpoint is now deprecated in favor of: `/users/activate`, `/users/deactivate`, both accept `nicknames` array
	- Admin API: Multiple endpoints now require `nicknames` array, instead of singe `nickname`:
	- `POST/DELETE /api/pleroma/admin/users/:nickname/permission_group/:permission_group` are deprecated in favor of: `POST/DELETE /api/pleroma/admin/users/permission_group/:permission_group`
	- `DELETE /api/pleroma/admin/users` (`nickname` query param or `nickname` sent in JSON body) is deprecated in favor of: `DELETE /api/pleroma/admin/users` (`nicknames` query array param or `nicknames` sent in JSON body)
	- Admin API: Add `GET /api/pleroma/admin/relay` endpoint - lists all followed relays
	- Pleroma API: `POST /api/v1/pleroma/conversations/read` to mark all conversations as read
	- ActivityPub: Support `Move` activities
	- Mastodon API: Add `/api/v1/markers` for managing timeline read markers
	- Mastodon API: Add the `recipients` parameter to `GET /api/v1/conversations`
	- Configuration: `feed` option for user atom feed.
	- Pleroma API: Add Emoji reactions
	- Admin API: Add `/api/pleroma/admin/instances/:instance/statuses` - lists all statuses from a given instance
	- Admin API: `PATCH /api/pleroma/users/confirm_email` to confirm email for multiple users, `PATCH /api/pleroma/users/resend_confirmation_email` to resend confirmation email for multiple users
	- ActivityPub: Configurable `type` field of the actors.
	- Mastodon API: `/api/v1/accounts/:id` has `source/pleroma/actor_type` field.
	- Mastodon API: `/api/v1/update_credentials` accepts `actor_type` field.
	- Captcha: Support native provider
	- Captcha: Enable by default
	</details>

	### Fixed
	- Report emails now include functional links to profiles of remote user accounts
	- Not being able to log in to some third-party apps when logged in to MastoFE
	- MRF: `Delete` activities being exempt from MRF policies
	- OTP releases: Not being able to configure OAuth expired token cleanup interval
	- OTP releases: Not being able to configure HTML sanitization policy
	- Favorites timeline now ordered by favorite date instead of post date
	<details>
	<summary>API Changes</summary>

	- Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
	- Mastodon API: Inability to get some local users by nickname in `/api/v1/accounts/:id_or_nickname`
	- AdminAPI: If some status received reports both in the "new" format and "old" format it was considered reports on two different statuses (in the context of grouped reports)
	- Admin API: Error when trying to update reports in the "old" format
	</details>

	## [1.1.6] - 2019-11-19
	### Fixed
	- Not being able to log into to third party apps when the browser is logged into mastofe
	- Email confirmation not being required even when enabled
	- Mastodon API: conversations API crashing when one status is malformed

	### Bundled Pleroma-FE Changes
	#### Added
	- About page
	- Meme arrows

	#### Fixed
	- Image modal not closing unless clicked outside of image
	- Attachment upload spinner not being centered
	- Showing follow counters being 0 when they are actually hidden

	## [1.1.5] - 2019-11-09
	### Fixed
	- Polls having different numbers in timelines/notifications/poll api endpoints due to cache desyncronization
	- Pleroma API: OAuth token endpoint not being found when ".json" suffix is appended

	### Changed
	- Frontend bundle updated to [044c9ad0](https://git.pleroma.social/pleroma/pleroma-fe/commit/044c9ad0562af059dd961d50961a3880fca9c642)

	## [1.1.4] - 2019-11-01
	### Fixed
	- Added a migration that fills up empty user.info fields to prevent breakage after previous unsafe migrations.
	- Failure to migrate from pre-1.0.0 versions
	- Mastodon API: Notification stream not including follow notifications

	## [1.1.3] - 2019-10-25
	### Fixed
	- Blocked users showing up in notifications collapsed as if they were muted
	- `pleroma_ctl` not working on Debian's default shell

	## [1.1.2] - 2019-10-18
	### Fixed
	- `pleroma_ctl` trying to connect to a running instance when generating the config, which of course doesn't exist.

	## [1.1.1] - 2019-10-18
	### Fixed
	- One of the migrations between 1.0.0 and 1.1.0 wiping user info of the relay user because of unexpected behavior of postgresql's `jsonb_set`, resulting in inability to post in the default configuration. If you were affected, please run the following query in postgres console, the relay user will be recreated automatically:
	```
	delete from users where ap_id = 'https://your.instance.hostname/relay';
	```
	- Bad user search matches

	## [1.1.0] - 2019-10-14
	Breaking: The stable branch has been changed from `master` to `stable`. If you want to keep using 1.0, the `release/1.0` branch will receive security updates for 6 months after 1.1 release.

	OTP Note: `pleroma_ctl` in 1.0 defaults to `master` and doesn't support specifying arbitrary branches, making `./pleroma_ctl update` fail. To fix this, fetch a version of `pleroma_ctl` from 1.1 using the command below and proceed with the update normally:
	```
	curl -Lo ./bin/pleroma_ctl 'https://git.pleroma.social/pleroma/pleroma/raw/develop/rel/files/bin/pleroma_ctl'
	```
	### Security
	- Mastodon API: respect post privacy in `/api/v1/statuses/:id/{favourited,reblogged}_by`

	### Removed
	- Breaking: GNU Social API with Qvitter extensions support
	- Emoji: Remove longfox emojis.
	- Remove `Reply-To` header from report emails for admins.
	- ActivityPub: The `/objects/:uuid/likes` endpoint.

	### Changed
	- Breaking: Configuration: A setting to explicitly disable the mailer was added, defaulting to true, if you are using a mailer add `config :pleroma, Pleroma.Emails.Mailer, enabled: true` to your config
	- Breaking: Configuration: `/media/` is now removed when `base_url` is configured, append `/media/` to your `base_url` config to keep the old behaviour if desired
	- Breaking: `/api/pleroma/notifications/read` is moved to `/api/v1/pleroma/notifications/read` and now supports `max_id` and responds with Mastodon API entities.
	- Configuration: added `config/description.exs`, from which `docs/config.md` is generated
	- Configuration: OpenGraph and TwitterCard providers enabled by default
	- Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text
	- Federation: Return 403 errors when trying to request pages from a user's follower/following collections if they have `hide_followers`/`hide_follows` set
	- NodeInfo: Return `skipThreadContainment` in `metadata` for the `skip_thread_containment` option
	- NodeInfo: Return `mailerEnabled` in `metadata`
	- Mastodon API: Unsubscribe followers when they unfollow a user
	- Mastodon API: `pleroma.thread_muted` key in the Status entity
	- AdminAPI: Add "godmode" while fetching user statuses (i.e. admin can see private statuses)
	- Improve digest email template
	– Pagination: (optional) return `total` alongside with `items` when paginating
	- The `Pleroma.FlakeId` module has been replaced with the `flake_id` library.

	### Fixed
	- Following from Osada
	- Favorites timeline doing database-intensive queries
	- Metadata rendering errors resulting in the entire page being inaccessible
	- `federation_incoming_replies_max_depth` option being ignored in certain cases
	- Mastodon API: Handling of search timeouts (`/api/v1/search` and `/api/v2/search`)
	- Mastodon API: Misskey's endless polls being unable to render
	- Mastodon API: Embedded relationships not being properly rendered in the Account entity of Status entity
	- Mastodon API: Notifications endpoint crashing if one notification failed to render
	- Mastodon API: `exclude_replies` is correctly handled again.
	- Mastodon API: Add `account_id`, `type`, `offset`, and `limit` to search API (`/api/v1/search` and `/api/v2/search`)
	- Mastodon API, streaming: Fix filtering of notifications based on blocks/mutes/thread mutes
	- Mastodon API: Fix private and direct statuses not being filtered out from the public timeline for an authenticated user (`GET /api/v1/timelines/public`)
	- Mastodon API: Ensure the `account` field is not empty when rendering Notification entities.
	- Mastodon API: Inability to get some local users by nickname in `/api/v1/accounts/:id_or_nickname`
	- Mastodon API: Blocks are now treated consistently between the Streaming API and the Timeline APIs
	- Rich Media: Parser failing when no TTL can be found by image TTL setters
	- Rich Media: The crawled URL is now spliced into the rich media data.
	- ActivityPub S2S: sharedInbox usage has been mostly aligned with the rules in the AP specification.
	- ActivityPub C2S: follower/following collection pages being inaccessible even when authentifucated if `hide_followers`/ `hide_follows` was set
	- ActivityPub: Deactivated user deletion
	- ActivityPub: Fix `/users/:nickname/inbox` crashing without an authenticated user
	- MRF: fix ability to follow a relay when AntiFollowbotPolicy was enabled
	- ActivityPub: Correct addressing of Undo.
	- ActivityPub: Correct addressing of profile update activities.
	- ActivityPub: Polls are now refreshed when necessary.
	- Report emails now include functional links to profiles of remote user accounts
	- Existing user id not being preserved on insert conflict
	- Pleroma.Upload base_url was not automatically whitelisted by MediaProxy. Now your custom CDN or file hosting will be accessed directly as expected.
	- Report email not being sent to admins when the reporter is a remote user
	- Reverse Proxy limiting `max_body_length` was incorrectly defined and only checked `Content-Length` headers which may not be sufficient in some circumstances

	### Added
	- Expiring/ephemeral activites. All activities can have expires_at value set, which controls when they should be deleted automatically.
	- Mastodon API: in post_status, the expires_in parameter lets you set the number of seconds until an activity expires. It must be at least one hour.
	- Mastodon API: all status JSON responses contain a `pleroma.expires_at` item which states when an activity will expire. The value is only shown to the user who created the activity. To everyone else it's empty.
	- Configuration: `ActivityExpiration.enabled` controls whether expired activites will get deleted at the appropriate time. Enabled by default.
	- Conversations: Add Pleroma-specific conversation endpoints and status posting extensions. Run the `bump_all_conversations` task again to create the necessary data.
	- MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)
	- MRF: Support for excluding specific domains from Transparency.
	- MRF: Support for filtering posts based on who they mention (`Pleroma.Web.ActivityPub.MRF.MentionPolicy`)
	- Mastodon API: Support for the [`tagged` filter](https://github.com/tootsuite/mastodon/pull/9755) in [`GET /api/v1/accounts/:id/statuses`](https://docs.joinmastodon.org/api/rest/accounts/#get-api-v1-accounts-id-statuses)
	- Mastodon API, streaming: Add support for passing the token in the `Sec-WebSocket-Protocol` header
	- Mastodon API, extension: Ability to reset avatar, profile banner, and background
	- Mastodon API: Add support for `fields_attributes` API parameter (setting custom fields)
	- Mastodon API: Add support for categories for custom emojis by reusing the group feature. <https://github.com/tootsuite/mastodon/pull/11196>
	- Mastodon API: Add support for muting/unmuting notifications
	- Mastodon API: Add support for the `blocked_by` attribute in the relationship API (`GET /api/v1/accounts/relationships`). <https://github.com/tootsuite/mastodon/pull/10373>
	- Mastodon API: Add support for the `domain_blocking` attribute in the relationship API (`GET /api/v1/accounts/relationships`).
	- Mastodon API: Add `pleroma.deactivated` to the Account entity
	- Mastodon API: added `/auth/password` endpoint for password reset with rate limit.
	- Mastodon API: /api/v1/accounts/:id/statuses now supports nicknames or user id
	- Mastodon API: Improve support for the user profile custom fields
	- Mastodon API: Add support for `fields_attributes` API parameter (setting custom fields)
	- Mastodon API: Added an endpoint to get multiple statuses by IDs (`GET /api/v1/statuses/?ids[]=1&ids[]=2`)
	- Admin API: Return users' tags when querying reports
	- Admin API: Return avatar and display name when querying users
	- Admin API: Allow querying user by ID
	- Admin API: Added support for `tuples`.
	- Admin API: Added endpoints to run mix tasks pleroma.config migrate_to_db & pleroma.config migrate_from_db
	- Added synchronization of following/followers counters for external users
	- Configuration: `enabled` option for `Pleroma.Emails.Mailer`, defaulting to `false`.
	- Configuration: Pleroma.Plugs.RateLimiter `bucket_name`, `params` options.
	- Configuration: `user_bio_length` and `user_name_length` options.
	- Addressable lists
	- Twitter API: added rate limit for `/api/account/password_reset` endpoint.
	- ActivityPub: Add an internal service actor for fetching ActivityPub objects.
	- ActivityPub: Optional signing of ActivityPub object fetches.
	- Admin API: Endpoint for fetching latest user's statuses
	- Pleroma API: Add `/api/v1/pleroma/accounts/confirmation_resend?email=<email>` for resending account confirmation.
	- Pleroma API: Email change endpoint.
	- Admin API: Added moderation log
	- Web response cache (currently, enabled for ActivityPub)
	- Reverse Proxy: Do not retry failed requests to limit pressure on the peer

	### Changed
	- Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text
	- Admin API: changed json structure for saving config settings.
	- RichMedia: parsers and their order are configured in `rich_media` config.
	- RichMedia: add the rich media ttl based on image expiration time.

	## [1.0.7] - 2019-09-26
	### Fixed
	- Broken federation on Erlang 22 (previous versions of hackney http client were using an option that got deprecated)
	### Changed
	- ActivityPub: The first page in inboxes/outboxes is no longer embedded.

	## [1.0.6] - 2019-08-14
	### Fixed
	- MRF: fix use of unserializable keyword lists in describe() implementations
	- ActivityPub S2S: POST requests are now signed with `(request-target)` pseudo-header.

	## [1.0.5] - 2019-08-13
	### Fixed
	- Mastodon API: follower/following counters not being nullified, when `hide_follows`/`hide_followers` is set
	- Mastodon API: `muted` in the Status entity, using author's account to determine if the thread was muted
	- Mastodon API: return the actual profile URL in the Account entity's `url` property when appropriate
	- Templates: properly style anchor tags
	- Objects being re-embedded to activities after being updated (e.g faved/reposted). Running 'mix pleroma.database prune_objects' again is advised.
	- Not being able to access the Mastodon FE login page on private instances
	- MRF: ensure that subdomain_match calls are case-insensitive
	- Fix internal server error when using the healthcheck API.

	### Added
	- Breaking: MRF describe API, which adds support for exposing configuration information about MRF policies to NodeInfo.
	Custom modules will need to be updated by adding, at the very least, `def describe, do: {:ok, %{}}` to the MRF policy modules.
	- Relays: Added a task to list relay subscriptions.
	- MRF: Support for filtering posts based on ActivityStreams vocabulary (`Pleroma.Web.ActivityPub.MRF.VocabularyPolicy`)
	- MRF (Simple Policy): Support for wildcard domains.
	- Support for wildcard domains in user domain blocks setting.
	- Configuration: `quarantined_instances` support wildcard domains.
	- Mix Tasks: `mix pleroma.database fix_likes_collections`
	- Configuration: `federation_incoming_replies_max_depth` option

	### Removed
	- Federation: Remove `likes` from objects.
	- Breaking: ActivityPub: The `accept_blocks` configuration setting.

	## [1.0.4] - 2019-08-01
	### Fixed
	- Invalid SemVer version generation, when the current branch does not have commits ahead of tag/checked out on a tag

	## [1.0.3] - 2019-07-31
	### Security
	- OStatus: eliminate the possibility of a protocol downgrade attack.
	- OStatus: prevent following locked accounts, bypassing the approval process.
	- TwitterAPI: use CommonAPI to handle remote follows instead of OStatus.

	## [1.0.2] - 2019-07-28
	### Fixed
	- Not being able to pin unlisted posts
	- Mastodon API: represent poll IDs as strings
	- MediaProxy: fix matching filenames
	- MediaProxy: fix filename encoding
	- Migrations: fix a sporadic migration failure
	- Metadata rendering errors resulting in the entire page being inaccessible
	- Federation/MediaProxy not working with instances that have wrong certificate order
	- ActivityPub S2S: remote user deletions now work the same as local user deletions.

	### Changed
	- Configuration: OpenGraph and TwitterCard providers enabled by default
	- Configuration: Filter.AnonymizeFilename added ability to retain file extension with custom text

	## [1.0.1] - 2019-07-14
	### Security
	- OStatus: fix an object spoofing vulnerability.

	## [1.0.0] - 2019-06-29
	### Security
	- Mastodon API: Fix display names not being sanitized
	- Rich media: Do not crawl private IP ranges

	### Added
	- Digest email for inactive users
	- Add a generic settings store for frontends / clients to use.
	- Explicit addressing option for posting.
	- Optional SSH access mode. (Needs `erlang-ssh` package on some distributions).
	- [MongooseIM](https://github.com/esl/MongooseIM) http authentication support.
	- LDAP authentication
	- External OAuth provider authentication
	- Support for building a release using [`mix release`](https://hexdocs.pm/mix/master/Mix.Tasks.Release.html)
	- A [job queue](https://git.pleroma.social/pleroma/pleroma_job_queue) for federation, emails, web push, etc.
	- [Prometheus](https://prometheus.io/) metrics
	- Support for Mastodon's remote interaction
	- Mix Tasks: `mix pleroma.database bump_all_conversations`
	- Mix Tasks: `mix pleroma.database remove_embedded_objects`
	- Mix Tasks: `mix pleroma.database update_users_following_followers_counts`
	- Mix Tasks: `mix pleroma.user toggle_confirmed`
	- Mix Tasks: `mix pleroma.config migrate_to_db`
	- Mix Tasks: `mix pleroma.config migrate_from_db`
	- Federation: Support for `Question` and `Answer` objects
	- Federation: Support for reports
	- Configuration: `poll_limits` option
	- Configuration: `pack_extensions` option
	- Configuration: `safe_dm_mentions` option
	- Configuration: `link_name` option
	- Configuration: `fetch_initial_posts` option
	- Configuration: `notify_email` option
	- Configuration: Media proxy `whitelist` option
	- Configuration: `report_uri` option
	- Configuration: `email_notifications` option
	- Configuration: `limit_to_local_content` option
	- Pleroma API: User subscriptions
	- Pleroma API: Healthcheck endpoint
	- Pleroma API: `/api/v1/pleroma/mascot` per-user frontend mascot configuration endpoints
	- Admin API: Endpoints for listing/revoking invite tokens
	- Admin API: Endpoints for making users follow/unfollow each other
	- Admin API: added filters (role, tags, email, name) for users endpoint
	- Admin API: Endpoints for managing reports
	- Admin API: Endpoints for deleting and changing the scope of individual reported statuses
	- Admin API: Endpoints to view and change config settings.
	- AdminFE: initial release with basic user management accessible at /pleroma/admin/
	- Mastodon API: Add chat token to `verify_credentials` response
	- Mastodon API: Add background image setting to `update_credentials`
	- Mastodon API: [Scheduled statuses](https://docs.joinmastodon.org/api/rest/scheduled-statuses/)
	- Mastodon API: `/api/v1/notifications/destroy_multiple` (glitch-soc extension)
	- Mastodon API: `/api/v1/pleroma/accounts/:id/favourites` (API extension)
	- Mastodon API: [Reports](https://docs.joinmastodon.org/api/rest/reports/)
	- Mastodon API: `POST /api/v1/accounts` (account creation API)
	- Mastodon API: [Polls](https://docs.joinmastodon.org/api/rest/polls/)
	- ActivityPub C2S: OAuth endpoints
	- Metadata: RelMe provider
	- OAuth: added support for refresh tokens
	- Emoji packs and emoji pack manager
	- Object pruning (`mix pleroma.database prune_objects`)
	- OAuth: added job to clean expired access tokens
	- MRF: Support for rejecting reports from specific instances (`mrf_simple`)
	- MRF: Support for stripping avatars and banner images from specific instances (`mrf_simple`)
	- MRF: Support for running subchains.
	- Configuration: `skip_thread_containment` option
	- Configuration: `rate_limit` option. See `Pleroma.Plugs.RateLimiter` documentation for details.
	- MRF: Support for filtering out likely spam messages by rejecting posts from new users that contain links.
	- Configuration: `ignore_hosts` option
	- Configuration: `ignore_tld` option
	- Configuration: default syslog tag "Pleroma" is now lowercased to "pleroma"

	### Changed
	- Breaking: bind to 127.0.0.1 instead of 0.0.0.0 by default
	- Breaking: Configuration: move from Pleroma.Mailer to Pleroma.Emails.Mailer
	- Thread containment / test for complete visibility will be skipped by default.
	- Enforcement of OAuth scopes
	- Add multiple use/time expiring invite token
	- Restyled OAuth pages to fit with Pleroma's default theme
	- Link/mention/hashtag detection is now handled by [auto_linker](https://git.pleroma.social/pleroma/auto_linker)
	- NodeInfo: Return `safe_dm_mentions` feature flag
	- Federation: Expand the audience of delete activities to all recipients of the deleted object
	- Federation: Removed `inReplyToStatusId` from objects
	- Configuration: Dedupe enabled by default
	- Configuration: Default log level in `prod` environment is now set to `warn`
	- Configuration: Added `extra_cookie_attrs` for setting non-standard cookie attributes. Defaults to ["SameSite=Lax"] so that remote follows work.
	- Timelines: Messages involving people you have blocked will be excluded from the timeline in all cases instead of just repeats.
	- Admin API: Move the user related API to `api/pleroma/admin/users`
	- Admin API: `POST /api/pleroma/admin/users` will take list of users
	- Pleroma API: Support for emoji tags in `/api/pleroma/emoji` resulting in a breaking API change
	- Mastodon API: Support for `exclude_types`, `limit` and `min_id` in `/api/v1/notifications`
	- Mastodon API: Add `languages` and `registrations` to `/api/v1/instance`
	- Mastodon API: Provide plaintext versions of cw/content in the Status entity
	- Mastodon API: Add `pleroma.conversation_id`, `pleroma.in_reply_to_account_acct` fields to the Status entity
	- Mastodon API: Add `pleroma.tags`, `pleroma.relationship{}`, `pleroma.is_moderator`, `pleroma.is_admin`, `pleroma.confirmation_pending`, `pleroma.hide_followers`, `pleroma.hide_follows`, `pleroma.hide_favorites` fields to the User entity
	- Mastodon API: Add `pleroma.show_role`, `pleroma.no_rich_text` fields to the Source subentity
	- Mastodon API: Add support for updating `no_rich_text`, `hide_followers`, `hide_follows`, `hide_favorites`, `show_role` in `PATCH /api/v1/update_credentials`
	- Mastodon API: Add `pleroma.is_seen` to the Notification entity
	- Mastodon API: Add `pleroma.local` to the Status entity
	- Mastodon API: Add `preview` parameter to `POST /api/v1/statuses`
	- Mastodon API: Add `with_muted` parameter to timeline endpoints
	- Mastodon API: Actual reblog hiding instead of a dummy
	- Mastodon API: Remove attachment limit in the Status entity
	- Mastodon API: Added support max_id & since_id for bookmark timeline endpoints.
	- Deps: Updated Cowboy to 2.6
	- Deps: Updated Ecto to 3.0.7
	- Don't ship finmoji by default, they can be installed as an emoji pack
	- Hide deactivated users and their statuses
	- Posts which are marked sensitive or tagged nsfw no longer have link previews.
	- HTTP connection timeout is now set to 10 seconds.
	- Respond with a 404 Not implemented JSON error message when requested API is not implemented
	- Rich Media: crawl only https URLs.

	### Fixed
	- Follow requests don't get 'stuck' anymore.
	- Added an FTS index on objects. Running `vacuum analyze` and setting a larger `work_mem` is recommended.
	- Followers counter not being updated when a follower is blocked
	- Deactivated users being able to request an access token
	- Limit on request body in rich media/relme parsers being ignored resulting in a possible memory leak
	- Proper Twitter Card generation instead of a dummy
	- Deletions failing for users with a large number of posts
	- NodeInfo: Include admins in `staffAccounts`
	- ActivityPub: Crashing when requesting empty local user's outbox
	- Federation: Handling of objects without `summary` property
	- Federation: Add a language tag to activities as required by ActivityStreams 2.0
	- Federation: Do not federate avatar/banner if set to default allowing other servers/clients to use their defaults
	- Federation: Cope with missing or explicitly nulled address lists
	- Federation: Explicitly ensure activities addressed to `as:Public` become addressed to the followers collection
	- Federation: Better cope with actors which do not declare a followers collection and use `as:Public` with these semantics
	- Federation: Follow requests from remote users who have been blocked will be automatically rejected if appropriate
	- MediaProxy: Parse name from content disposition headers even for non-whitelisted types
	- MediaProxy: S3 link encoding
	- Rich Media: Reject any data which cannot be explicitly encoded into JSON
	- Pleroma API: Importing follows from Mastodon 2.8+
	- Twitter API: Exposing default scope, `no_rich_text` of the user to anyone
	- Twitter API: Returning the `role` object in user entity despite `show_role = false`
	- Mastodon API: `/api/v1/favourites` serving only public activities
	- Mastodon API: Reblogs having `in_reply_to_id` - `null` even when they are replies
	- Mastodon API: Streaming API broadcasting wrong activity id
	- Mastodon API: 500 errors when requesting a card for a private conversation
	- Mastodon API: Handling of `reblogs` in `/api/v1/accounts/:id/follow`
	- Mastodon API: Correct `reblogged`, `favourited`, and `bookmarked` values in the reblog status JSON
	- Mastodon API: Exposing default scope of the user to anyone
	- Mastodon API: Make `irreversible` field default to `false` [`POST /api/v1/filters`]
	- Mastodon API: Replace missing non-nullable Card attributes with empty strings
	- User-Agent is now sent correctly for all HTTP requests.
	- MRF: Simple policy now properly delists imported or relayed statuses

	## Removed
	- Configuration: `config :pleroma, :fe` in favor of the more flexible `config :pleroma, :frontend_configurations`

	## [0.9.99999] - 2019-05-31
	### Security
	- Mastodon API: Fix lists leaking private posts

	## [0.9.9999] - 2019-04-05
	### Security
	- Mastodon API: Fix content warnings skipping HTML sanitization

	## [0.9.999] - 2019-03-13
	Frontend changes only.
	### Added
	- Added floating action button for posting status on mobile
	### Changed
	- Changed user-settings icon to a pencil
	### Fixed
	- Keyboard shortcuts activating when typing a message
	- Gaps when scrolling down on a timeline after showing new

	## [0.9.99] - 2019-03-08
	### Changed
	- Update the frontend to the 0.9.99 tag
	### Fixed
	- Sign the date header in federation to fix Mastodon federation.

	## [0.9.9] - 2019-02-22
	This is our first stable release.
	diff --git a/config/config.exs b/config/config.exs
	index 47098858b..c8d42e83e 100644
	--- a/config/config.exs
	+++ b/config/config.exs
	@@ -1,627 +1,629 @@
	# .i;;;;i.
	# iYcviii;vXY:
	# .YXi .i1c.
	# .YC. . in7.
	# .vc. ...... ;1c.
	# i7, .. .;1;
	# i7, .. ... .Y1i
	# ,7v .6MMM@; .YX,
	# .7;. ..IMMMMMM1 :t7.
	# .;Y. ;$MMMMMM9. :tc.
	# vY. .. .nMMM@MMU. ;1v.
	# i7i ... .#MM@M@C. .....:71i
	# it: .... $MMM@9;.,i;;;i,;tti
	# :t7. ..... 0MMMWv.,iii:::,,;St.
	# .nC. ..... IMMMQ..,::::::,.,czX.
	# .ct: ....... .ZMMMI..,:::::::,,:76Y.
	# c2: ......,i..Y$M@t..:::::::,,..inZY
	# vov ......:ii..c$MBc..,,,,,,,,,,..iI9i
	# i9Y ......iii:..7@MA,..,,,,,,,,,....;AA:
	# iIS. ......:ii::..;@MI....,............;Ez.
	# .I9. ......:i::::...8M1..................C0z.
	# .z9; ......:i::::,.. .i:...................zWX.
	# vbv ......,i::::,,. ................. :AQY
	# c6Y. .,...,::::,,..:t0@@QY. ................ :8bi
	# :6S. ..,,...,:::,,,..EMMMMMMI. ............... .;bZ,
	# :6o, .,,,,..:::,,,..i#MMMMMM#v................. YW2.
	# .n8i ..,,,,,,,::,,,,.. tMMMMM@C:.................. .1Wn
	# 7Uc. .:::,,,,,::,,,,.. i1t;,..................... .UEi
	# 7C...::::::::::::,,,,.. .................... vSi.
	# ;1;...,,::::::,......... .................. Yz:
	# v97,......... .voC.
	# izAotX7777777777777777777777777777777777777777Y7n92:
	# .;CoIIIIIUAA666666699999ZZZZZZZZZZZZZZZZZZZZ6ov.
	#
	# !!! ATTENTION !!!
	# DO NOT EDIT THIS FILE! THIS FILE CONTAINS THE DEFAULT VALUES FOR THE CON-
	# FIGURATION! EDIT YOUR SECRET FILE (either prod.secret.exs, dev.secret.exs).
	#
	# This file is responsible for configuring your application
	# and its dependencies with the aid of the Mix.Config module.
	#
	# This configuration file is loaded before any dependency and
	# is restricted to this project.
	use Mix.Config

	# General application configuration
	config :pleroma, ecto_repos: [Pleroma.Repo]

	config :pleroma, Pleroma.Repo,
	types: Pleroma.PostgresTypes,
	telemetry_event: [Pleroma.Repo.Instrumenter],
	migration_lock: nil

	scheduled_jobs =
	with digest_config <- Application.get_env(:pleroma, :email_notifications)[:digest],
	true <- digest_config[:active] do
	[{digest_config[:schedule], {Pleroma.Daemons.DigestEmailDaemon, :perform, []}}]
	else
	_ -> []
	end

	config :pleroma, Pleroma.Scheduler,
	global: true,
	overlap: true,
	timezone: :utc,
	jobs: scheduled_jobs

	config :pleroma, Pleroma.Captcha,
	enabled: true,
	- seconds_valid: 60,
	+ seconds_valid: 3000,
	method: Pleroma.Captcha.Native

	config :pleroma, Pleroma.Captcha.Kocaptcha, endpoint: "https://captcha.kotobank.ch"

	config :pleroma, :hackney_pools,
	federation: [
	max_connections: 50,
	timeout: 150_000
	],
	media: [
	max_connections: 50,
	timeout: 150_000
	],
	upload: [
	max_connections: 25,
	timeout: 300_000
	]

	# Upload configuration
	config :pleroma, Pleroma.Upload,
	uploader: Pleroma.Uploaders.Local,
	filters: [Pleroma.Upload.Filter.Dedupe],
	link_name: false,
	proxy_remote: false,
	proxy_opts: [
	redirect_on_failure: false,
	max_body_length: 25 * 1_048_576,
	http: [
	follow_redirect: true,
	pool: :upload
	]
	]

	config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads"

	config :pleroma, Pleroma.Uploaders.S3,
	bucket: nil,
	streaming_enabled: true,
	public_endpoint: "https://s3.amazonaws.com"

	config :pleroma, Pleroma.Uploaders.MDII,
	cgi: "https://mdii.sakura.ne.jp/mdii-post.cgi",
	files: "https://mdii.sakura.ne.jp"

	config :pleroma, :emoji,
	shortcode_globs: ["/emoji/custom/*/.png"],
	pack_extensions: [".png", ".gif"],
	groups: [
	# Put groups that have higher priority than defaults here. Example in `docs/config/custom_emoji.md`
	Custom: ["/emoji/.png", "/emoji//.png"]
	],
	default_manifest: "https://git.pleroma.social/pleroma/emoji-index/raw/master/index.json",
	shared_pack_cache_seconds_per_file: 60

	config :pleroma, :uri_schemes,
	valid_schemes: [
	"https",
	"http",
	"dat",
	"dweb",
	"gopher",
	"ipfs",
	"ipns",
	"irc",
	"ircs",
	"magnet",
	"mailto",
	"mumble",
	"ssb",
	"xmpp"
	]

	websocket_config = [
	path: "/websocket",
	serializer: [
	{Phoenix.Socket.V1.JSONSerializer, "~> 1.0.0"},
	{Phoenix.Socket.V2.JSONSerializer, "~> 2.0.0"}
	],
	timeout: 60_000,
	transport_log: false,
	compress: false
	]

	# Configures the endpoint
	config :pleroma, Pleroma.Web.Endpoint,
	instrumenters: [Pleroma.Web.Endpoint.Instrumenter],
	url: [host: "localhost"],
	http: [
	ip: {127, 0, 0, 1},
	dispatch: [
	{:_,
	[
	{"/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler, []},
	{"/websocket", Phoenix.Endpoint.CowboyWebSocket,
	{Phoenix.Transports.WebSocket,
	{Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, websocket_config}}},
	{:_, Phoenix.Endpoint.Cowboy2Handler, {Pleroma.Web.Endpoint, []}}
	]}
	]
	],
	protocol: "https",
	secret_key_base: "aK4Abxf29xU9TTDKre9coZPUgevcVCFQJe/5xP/7Lt4BEif6idBIbjupVbOrbKxl",
	signing_salt: "CqaoopA2",
	render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)],
	pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2],
	secure_cookie_flag: true,
	extra_cookie_attrs: [
	"SameSite=Lax"
	]

	# Configures Elixir's Logger
	config :logger, :console,
	level: :debug,
	format: "\n$time $metadata[$level] $message\n",
	metadata: [:request_id]

	config :logger, :ex_syslogger,
	level: :debug,
	ident: "pleroma",
	format: "$metadata[$level] $message",
	metadata: [:request_id]

	config :quack,
	level: :warn,
	meta: [:all],
	webhook_url: "https://hooks.slack.com/services/YOUR-KEY-HERE"

	config :mime, :types, %{
	"application/xml" => ["xml"],
	"application/xrd+xml" => ["xrd+xml"],
	"application/jrd+json" => ["jrd+json"],
	"application/activity+json" => ["activity+json"],
	"application/ld+json" => ["activity+json"]
	}

	config :tesla, adapter: Tesla.Adapter.Hackney

	# Configures http settings, upstream proxy etc.
	config :pleroma, :http,
	proxy_url: nil,
	send_user_agent: true,
	user_agent: :default,
	adapter: [
	ssl_options: [
	# Workaround for remote server certificate chain issues
	partial_chain: &:hackney_connect.partial_chain/1,
	# We don't support TLS v1.3 yet
	versions: [:tlsv1, :"tlsv1.1", :"tlsv1.2"]
	]
	]

	config :pleroma, :instance,
	name: "Pleroma",
	email: "example@example.com",
	notify_email: "noreply@example.com",
	description: "A Pleroma instance, an alternative fediverse server",
	limit: 5_000,
	chat_limit: 5_000,
	remote_limit: 100_000,
	upload_limit: 16_000_000,
	avatar_upload_limit: 2_000_000,
	background_upload_limit: 4_000_000,
	banner_upload_limit: 4_000_000,
	poll_limits: %{
	max_options: 20,
	max_option_chars: 200,
	min_expiration: 0,
	max_expiration: 365 * 24 * 60 * 60
	},
	registrations_open: true,
	federating: true,
	federation_incoming_replies_max_depth: 100,
	federation_reachability_timeout_days: 7,
	federation_publisher_modules: [
	Pleroma.Web.ActivityPub.Publisher
	],
	allow_relay: true,
	rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy,
	public: true,
	quarantined_instances: [],
	managed_config: true,
	static_dir: "instance/static/",
	allowed_post_formats: [
	"text/plain",
	"text/html",
	"text/markdown",
	"text/bbcode"
	],
	mrf_transparency: true,
	mrf_transparency_exclusions: [],
	autofollowed_nicknames: [],
	max_pinned_statuses: 1,
	no_attachment_links: true,
	welcome_user_nickname: nil,
	welcome_message: nil,
	max_report_comment_size: 1000,
	safe_dm_mentions: false,
	healthcheck: false,
	remote_post_retention_days: 90,
	skip_thread_containment: true,
	limit_to_local_content: :unauthenticated,
	dynamic_configuration: false,
	user_bio_length: 5000,
	user_name_length: 100,
	max_account_fields: 10,
	max_remote_account_fields: 20,
	account_field_name_length: 512,
	account_field_value_length: 2048,
	external_user_synchronization: true,
	extended_nickname_format: true

	config :pleroma, :feed,
	post_title: %{
	max_length: 100,
	omission: "..."
	}

	config :pleroma, :markup,
	# XXX - unfortunately, inline images must be enabled by default right now, because
	# of custom emoji. Issue #275 discusses defanging that somehow.
	allow_inline_images: true,
	allow_headings: false,
	allow_tables: false,
	allow_fonts: false,
	scrub_policy: [
	Pleroma.HTML.Scrubber.Default,
	Pleroma.HTML.Transform.MediaProxy
	]

	config :pleroma, :frontend_configurations,
	pleroma_fe: %{
	theme: "pleroma-dark",
	logo: "/static/logo.png",
	background: "/images/city.jpg",
	redirectRootNoLogin: "/main/all",
	redirectRootLogin: "/main/friends",
	showInstanceSpecificPanel: true,
	scopeOptionsEnabled: false,
	formattingOptionsEnabled: false,
	collapseMessageWithSubject: false,
	hidePostStats: false,
	hideUserStats: false,
	scopeCopy: true,
	subjectLineBehavior: "email",
	alwaysShowSubjectInput: true
	},
	masto_fe: %{
	showInstanceSpecificPanel: true
	}

	config :pleroma, :assets,
	mascots: [
	pleroma_fox_tan: %{
	url: "/images/pleroma-fox-tan-smol.png",
	mime_type: "image/png"
	},
	pleroma_fox_tan_shy: %{
	url: "/images/pleroma-fox-tan-shy.png",
	mime_type: "image/png"
	}
	],
	default_mascot: :pleroma_fox_tan

	config :pleroma, :manifest,
	icons: [
	%{
	src: "/static/logo.png",
	type: "image/png"
	}
	],
	theme_color: "#282c37",
	background_color: "#191b22"

	config :pleroma, :activitypub,
	unfollow_blocked: true,
	outgoing_blocks: true,
	follow_handshake_timeout: 500,
	sign_object_fetches: true

	config :pleroma, :streamer,
	workers: 3,
	overflow_workers: 2

	config :pleroma, :user, deny_follow_blocked: true

	config :pleroma, :mrf_normalize_markup, scrub_policy: Pleroma.HTML.Scrubber.Default

	config :pleroma, :mrf_rejectnonpublic,
	allow_followersonly: false,
	allow_direct: false

	config :pleroma, :mrf_hellthread,
	delist_threshold: 10,
	reject_threshold: 20

	config :pleroma, :mrf_simple,
	media_removal: [],
	media_nsfw: [],
	federated_timeline_removal: [],
	report_removal: [],
	reject: [],
	accept: [],
	avatar_removal: [],
	banner_removal: []

	config :pleroma, :mrf_keyword,
	reject: [],
	federated_timeline_removal: [],
	replace: []

	config :pleroma, :mrf_subchain, match_actor: %{}

	config :pleroma, :mrf_vocabulary,
	accept: [],
	reject: []

	config :pleroma, :mrf_object_age,
	threshold: 172_800,
	actions: [:delist, :strip_followers]

	config :pleroma, :rich_media,
	enabled: true,
	ignore_hosts: [],
	ignore_tld: ["local", "localdomain", "lan"],
	parsers: [
	Pleroma.Web.RichMedia.Parsers.TwitterCard,
	Pleroma.Web.RichMedia.Parsers.OGP,
	Pleroma.Web.RichMedia.Parsers.OEmbed
	],
	ttl_setters: [Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl]

	config :pleroma, :media_proxy,
	enabled: false,
	proxy_opts: [
	redirect_on_failure: false,
	max_body_length: 25 * 1_048_576,
	http: [
	follow_redirect: true,
	pool: :media
	]
	],
	whitelist: []

	config :pleroma, :chat, enabled: true

	config :phoenix, :format_encoders, json: Jason

	config :phoenix, :json_library, Jason

	config :pleroma, :gopher,
	enabled: false,
	ip: {0, 0, 0, 0},
	port: 9999

	config :pleroma, Pleroma.Web.Metadata,
	providers: [
	Pleroma.Web.Metadata.Providers.OpenGraph,
	Pleroma.Web.Metadata.Providers.TwitterCard,
	Pleroma.Web.Metadata.Providers.RelMe,
	Pleroma.Web.Metadata.Providers.Feed
	],
	unfurl_nsfw: false

	config :pleroma, :suggestions,
	enabled: false,
	third_party_engine:
	"http://vinayaka.distsn.org/cgi-bin/vinayaka-user-match-suggestions-api.cgi?{{host}}+{{user}}",
	timeout: 300_000,
	limit: 40,
	web: "https://vinayaka.distsn.org"

	config :pleroma, :http_security,
	enabled: true,
	sts: false,
	sts_max_age: 31_536_000,
	ct_max_age: 2_592_000,
	referrer_policy: "same-origin"

	config :cors_plug,
	max_age: 86_400,
	methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"],
	expose: [
	"Link",
	"X-RateLimit-Reset",
	"X-RateLimit-Limit",
	"X-RateLimit-Remaining",
	"X-Request-Id",
	"Idempotency-Key"
	],
	credentials: true,
	headers: ["Authorization", "Content-Type", "Idempotency-Key"]

	config :pleroma, Pleroma.User,
	restricted_nicknames: [
	".well-known",
	"~",
	"about",
	"activities",
	"api",
	"auth",
	"check_password",
	"dev",
	"friend-requests",
	"inbox",
	"internal",
	"main",
	"media",
	"nodeinfo",
	"notice",
	"oauth",
	"objects",
	"ostatus_subscribe",
	"pleroma",
	"proxy",
	"push",
	"registration",
	"relay",
	"settings",
	"status",
	"tag",
	"user-search",
	"user_exists",
	"users",
	"web"
	]

	config :pleroma, Oban,
	repo: Pleroma.Repo,
	verbose: false,
	prune: {:maxlen, 1500},
	queues: [
	activity_expiration: 10,
	federator_incoming: 50,
	federator_outgoing: 50,
	web_push: 50,
	mailer: 10,
	transmogrifier: 20,
	scheduled_activities: 10,
	background: 5
	]

	config :pleroma, :workers,
	retries: [
	federator_incoming: 5,
	federator_outgoing: 5
	]

	config :pleroma, :fetch_initial_posts,
	enabled: false,
	pages: 5

	config :auto_linker,
	opts: [
	scheme: true,
	extra: true,
	# TODO: Set to :no_scheme when it works properly
	validate_tld: true,
	class: false,
	strip_prefix: false,
	new_window: false,
	rel: "ugc"
	]

	config :pleroma, :ldap,
	enabled: System.get_env("LDAP_ENABLED") == "true",
	host: System.get_env("LDAP_HOST") \|\| "localhost",
	port: String.to_integer(System.get_env("LDAP_PORT") \|\| "389"),
	ssl: System.get_env("LDAP_SSL") == "true",
	sslopts: [],
	tls: System.get_env("LDAP_TLS") == "true",
	tlsopts: [],
	base: System.get_env("LDAP_BASE") \|\| "dc=example,dc=com",
	uid: System.get_env("LDAP_UID") \|\| "cn"

	config :esshd,
	enabled: false

	oauth_consumer_strategies =
	System.get_env("OAUTH_CONSUMER_STRATEGIES")
	\|> to_string()
	\|> String.split()
	\|> Enum.map(&hd(String.split(&1, ":")))

	ueberauth_providers =
	for strategy <- oauth_consumer_strategies do
	strategy_module_name = "Elixir.Ueberauth.Strategy.#{String.capitalize(strategy)}"
	strategy_module = String.to_atom(strategy_module_name)
	{String.to_atom(strategy), {strategy_module, [callback_params: ["state"]]}}
	end

	config :ueberauth,
	Ueberauth,
	base_path: "/oauth",
	providers: ueberauth_providers

	config :pleroma,
	:auth,
	enforce_oauth_admin_scope_usage: false,
	oauth_consumer_strategies: oauth_consumer_strategies

	config :pleroma, Pleroma.Emails.Mailer, adapter: Swoosh.Adapters.Sendmail, enabled: false

	config :pleroma, Pleroma.Emails.UserEmail,
	logo: nil,
	styling: %{
	link_color: "#d8a070",
	background_color: "#2C3645",
	content_background_color: "#1B2635",
	header_color: "#d8a070",
	text_color: "#b9b9ba",
	text_muted_color: "#b9b9ba"
	}

	config :prometheus, Pleroma.Web.Endpoint.MetricsExporter, path: "/api/pleroma/app_metrics"

	config :pleroma, Pleroma.ScheduledActivity,
	daily_user_limit: 25,
	total_user_limit: 300,
	enabled: true

	config :pleroma, :email_notifications,
	digest: %{
	active: false,
	schedule: "0 0 * * 0",
	interval: 7,
	inactivity_threshold: 7
	}

	config :pleroma, :oauth2,
	token_expires_in: 600,
	issue_new_refresh_token: true,
	clean_expired_tokens: false,
	clean_expired_tokens_interval: 86_400_000

	config :pleroma, :database, rum_enabled: false

	config :pleroma, :env, Mix.env()

	config :http_signatures,
	adapter: Pleroma.Signature

	config :pleroma, :rate_limit, authentication: {60_000, 15}

	config :pleroma, Pleroma.ActivityExpiration, enabled: true

	config :pleroma, Pleroma.Plugs.RemoteIp, enabled: false

	config :pleroma, :static_fe, enabled: false

	config :pleroma, :web_cache_ttl,
	activity_pub: nil,
	activity_pub_question: 30_000

	+config :pleroma, :modules, runtime_dir: "instance/modules"
	+
	config :swarm, node_blacklist: [~r/myhtml_.*$/]
	# Import environment specific config. This must remain at the bottom
	# of this file so it overrides the configuration defined above.
	import_config "#{Mix.env()}.exs"
	diff --git a/config/prod.exs b/config/prod.exs
	index 25873f360..adbce5606 100644
	--- a/config/prod.exs
	+++ b/config/prod.exs
	@@ -1,69 +1,69 @@
	use Mix.Config

	# For production, we often load configuration from external
	# sources, such as your system environment. For this reason,
	# you won't find the :http configuration below, but set inside
	# Pleroma.Web.Endpoint.load_from_system_env/1 dynamically.
	# Any dynamic configuration should be moved to such function.
	#
	# Don't forget to configure the url host to something meaningful,
	# Phoenix uses this information when generating URLs.
	#
	# Finally, we also include the path to a cache manifest
	# containing the digested version of static files. This
	# manifest is generated by the mix phoenix.digest task
	# which you typically run after static files are built.
	config :pleroma, Pleroma.Web.Endpoint,
	http: [port: 4000],
	protocol: "http"

	config :phoenix, serve_endpoints: true

	# Do not print debug messages in production
	-config :logger, :console, level: :warn
	-config :logger, :ex_syslogger, level: :warn
	+config :logger, :console, level: :info
	+config :logger, :ex_syslogger, level: :info

	# ## SSL Support
	#
	# To get SSL working, you will need to add the `https` key
	# to the previous section and set your `:url` port to 443:
	#
	# config :pleroma, Pleroma.Web.Endpoint,
	# ...
	# url: [host: "example.com", port: 443],
	# https: [:inet6,
	# port: 443,
	# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
	# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")]
	#
	# Where those two env variables return an absolute path to
	# the key and cert in disk or a relative path inside priv,
	# for example "priv/ssl/server.key".
	#
	# We also recommend setting `force_ssl`, ensuring no data is
	# ever sent via http, always redirecting to https:
	#
	# config :pleroma, Pleroma.Web.Endpoint,
	# force_ssl: [hsts: true]
	#
	# Check `Plug.SSL` for all available options in `force_ssl`.

	# ## Using releases
	#
	# If you are doing OTP releases, you need to instruct Phoenix
	# to start the server for all endpoints:
	#
	# config :phoenix, :serve_endpoints, true
	#
	# Alternatively, you can configure exactly which server to
	# start per endpoint:
	#
	# config :pleroma, Pleroma.Web.Endpoint, server: true
	#

	# Finally import the config/prod.secret.exs
	# which should be versioned separately.
	import_config "prod.secret.exs"

	if File.exists?("./config/prod.exported_from_db.secret.exs"),
	do: import_config("prod.exported_from_db.secret.exs")
	diff --git a/config/releases.exs b/config/releases.exs
	index 98c5ceccd..b224960db 100644
	--- a/config/releases.exs
	+++ b/config/releases.exs
	@@ -1,19 +1,20 @@
	import Config

	config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
	config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
	+config :pleroma, :modules, runtime_dir: "/var/lib/pleroma/modules"

	config_path = System.get_env("PLEROMA_CONFIG_PATH") \|\| "/etc/pleroma/config.exs"

	if File.exists?(config_path) do
	import_config config_path
	else
	warning = [
	IO.ANSI.red(),
	IO.ANSI.bright(),
	"!!! #{config_path} not found! Please ensure it exists and that PLEROMA_CONFIG_PATH is unset or points to an existing file",
	IO.ANSI.reset()
	]

	IO.puts(warning)
	end
	diff --git a/config/test.exs b/config/test.exs
	index d52ced612..5c66a36f1 100644
	--- a/config/test.exs
	+++ b/config/test.exs
	@@ -1,104 +1,106 @@
	use Mix.Config

	# We don't run a server during test. If one is required,
	# you can enable the server option below.
	config :pleroma, Pleroma.Web.Endpoint,
	http: [port: 4001],
	url: [port: 4001],
	server: true

	# Disable captha for tests
	config :pleroma, Pleroma.Captcha,
	# It should not be enabled for automatic tests
	enabled: false,
	# A fake captcha service for tests
	method: Pleroma.Captcha.Mock

	# Print only warnings and errors during test
	config :logger, :console,
	level: :warn,
	format: "\n[$level] $message\n"

	config :pleroma, :auth, oauth_consumer_strategies: []

	config :pleroma, Pleroma.Upload, filters: [], link_name: false

	config :pleroma, Pleroma.Uploaders.Local, uploads: "test/uploads"

	config :pleroma, Pleroma.Emails.Mailer, adapter: Swoosh.Adapters.Test, enabled: true

	config :pleroma, :instance,
	email: "admin@example.com",
	notify_email: "noreply@example.com",
	skip_thread_containment: false,
	federating: false,
	external_user_synchronization: false,
	static_dir: "test/instance_static/"

	config :pleroma, :activitypub, sign_object_fetches: false

	# Configure your database
	config :pleroma, Pleroma.Repo,
	adapter: Ecto.Adapters.Postgres,
	username: "postgres",
	password: "postgres",
	database: "pleroma_test",
	hostname: System.get_env("DB_HOST") \|\| "localhost",
	pool: Ecto.Adapters.SQL.Sandbox

	# Reduce hash rounds for testing
	config :pbkdf2_elixir, rounds: 1

	config :tesla, adapter: Tesla.Mock

	config :pleroma, :rich_media,
	enabled: false,
	ignore_hosts: [],
	ignore_tld: ["local", "localdomain", "lan"]

	config :web_push_encryption, :vapid_details,
	subject: "mailto:administrator@example.com",
	public_key:
	"BLH1qVhJItRGCfxgTtONfsOKDc9VRAraXw-3NsmjMngWSh7NxOizN6bkuRA7iLTMPS82PjwJAr3UoK9EC1IFrz4",
	private_key: "_-XZ0iebPrRfZ_o0-IatTdszYa8VCH1yLN-JauK7HHA"

	config :web_push_encryption, :http_client, Pleroma.Web.WebPushHttpClientMock

	config :pleroma, Oban,
	queues: false,
	prune: :disabled

	config :pleroma, Pleroma.Scheduler,
	jobs: [],
	global: false

	config :pleroma, Pleroma.ScheduledActivity,
	daily_user_limit: 2,
	total_user_limit: 3,
	enabled: false

	config :pleroma, :rate_limit,
	search: [{1000, 30}, {1000, 30}],
	app_account_creation: {10_000, 5},
	password_reset: {1000, 30},
	ap_routes: nil

	config :pleroma, :http_security, report_uri: "https://endpoint.com"

	config :pleroma, :http, send_user_agent: false

	rum_enabled = System.get_env("RUM_ENABLED") == "true"
	config :pleroma, :database, rum_enabled: rum_enabled
	IO.puts("RUM enabled: #{rum_enabled}")

	config :joken, default_signer: "yU8uHKq+yyAkZ11Hx//jcdacWc8yQ1bxAAGrplzB0Zwwjkp35v0RK9SO8WTPr6QZ"

	config :pleroma, Pleroma.ReverseProxy.Client, Pleroma.ReverseProxy.ClientMock

	+config :pleroma, :modules, runtime_dir: "test/fixtures/modules"
	+
	if File.exists?("./config/test.secret.exs") do
	import_config "test.secret.exs"
	else
	IO.puts(
	"You may want to create test.secret.exs to declare custom database connection parameters."
	)
	end
	diff --git a/docs/API/pleroma_api.md b/docs/API/pleroma_api.md
	index 7228d805b..689edbcc2 100644
	--- a/docs/API/pleroma_api.md
	+++ b/docs/API/pleroma_api.md
	@@ -1,514 +1,461 @@
	# Pleroma API

	Requests that require it can be authenticated with [an OAuth token](https://tools.ietf.org/html/rfc6749), the `_pleroma_key` cookie, or [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization).

	Request parameters can be passed via [query strings](https://en.wikipedia.org/wiki/Query_string) or as [form data](https://www.w3.org/TR/html401/interact/forms.html). Files must be uploaded as `multipart/form-data`.

	## `/api/pleroma/emoji`
	### Lists the custom emoji on that server.
	* Method: `GET`
	* Authentication: not required
	* Params: none
	* Response: JSON
	* Example response:
	```json
	{
	"girlpower": {
	"tags": [
	"Finmoji"
	],
	"image_url": "/finmoji/128px/girlpower-128.png"
	},
	"education": {
	"tags": [
	"Finmoji"
	],
	"image_url": "/finmoji/128px/education-128.png"
	},
	"finnishlove": {
	"tags": [
	"Finmoji"
	],
	"image_url": "/finmoji/128px/finnishlove-128.png"
	}
	}
	```
	* Note: Same data as Mastodon API’s `/api/v1/custom_emojis` but in a different format

	## `/api/pleroma/follow_import`
	### Imports your follows, for example from a Mastodon CSV file.
	* Method: `POST`
	* Authentication: required
	* Params:
	* `list`: STRING or FILE containing a whitespace-separated list of accounts to follow
	* Response: HTTP 200 on success, 500 on error
	* Note: Users that can't be followed are silently skipped.

	## `/api/pleroma/captcha`
	### Get a new captcha
	* Method: `GET`
	* Authentication: not required
	* Params: none
	* Response: Provider specific JSON, the only guaranteed parameter is `type`
	* Example response: `{"type": "kocaptcha", "token": "whatever", "url": "https://captcha.kotobank.ch/endpoint"}`

	## `/api/pleroma/delete_account`
	### Delete an account
	* Method `POST`
	* Authentication: required
	* Params:
	* `password`: user's password
	* Response: JSON. Returns `{"status": "success"}` if the deletion was successful, `{"error": "[error message]"}` otherwise
	* Example response: `{"error": "Invalid password."}`

	## `/api/pleroma/disable_account`
	### Disable an account
	* Method `POST`
	* Authentication: required
	* Params:
	* `password`: user's password
	* Response: JSON. Returns `{"status": "success"}` if the account was successfully disabled, `{"error": "[error message]"}` otherwise
	* Example response: `{"error": "Invalid password."}`

	-## `/api/account/register`
	-### Register a new user
	-* Method `POST`
	-* Authentication: not required
	-* Params:
	- * `nickname`
	- * `fullname`
	- * `bio`
	- * `email`
	- * `password`
	- * `confirm`
	- * `captcha_solution`: optional, contains provider-specific captcha solution,
	- * `captcha_token`: optional, contains provider-specific captcha token
	- * `token`: invite token required when the registrations aren't public.
	-* Response: JSON. Returns a user object on success, otherwise returns `{"error": "error_msg"}`
	-* Example response:
	-```json
	-{
	- "background_image": null,
	- "cover_photo": "https://pleroma.soykaf.com/images/banner.png",
	- "created_at": "Tue Dec 18 16:55:56 +0000 2018",
	- "default_scope": "public",
	- "description": "blushy-crushy fediverse idol + pleroma dev\nlet's be friends \nぷれろまの生徒会長。謎の外人。日本語OK. \n公主病.",
	- "description_html": "blushy-crushy fediverse idol + pleroma dev.<br />let's be friends <br />ぷれろまの生徒会長。謎の外人。日本語OK. <br />公主病.",
	- "favourites_count": 0,
	- "fields": [],
	- "followers_count": 0,
	- "following": false,
	- "follows_you": false,
	- "friends_count": 0,
	- "id": 6,
	- "is_local": true,
	- "locked": false,
	- "name": "lain",
	- "name_html": "lain",
	- "no_rich_text": false,
	- "pleroma": {
	- "tags": []
	- },
	- "profile_image_url": "https://pleroma.soykaf.com/images/avi.png",
	- "profile_image_url_https": "https://pleroma.soykaf.com/images/avi.png",
	- "profile_image_url_original": "https://pleroma.soykaf.com/images/avi.png",
	- "profile_image_url_profile_size": "https://pleroma.soykaf.com/images/avi.png",
	- "rights": {
	- "delete_others_notice": false
	- },
	- "screen_name": "lain",
	- "statuses_count": 0,
	- "statusnet_blocking": false,
	- "statusnet_profile_url": "https://pleroma.soykaf.com/users/lain"
	-}
	-```
	-
	## `/api/pleroma/admin/`…
	See [Admin-API](admin_api.md)

	## `/api/v1/pleroma/notifications/read`
	### Mark notifications as read
	* Method `POST`
	* Authentication: required
	* Params (mutually exclusive):
	* `id`: a single notification id to read
	* `max_id`: read all notifications up to this id
	* Response: Notification entity/Array of Notification entities that were read. In case of `max_id`, only the first 80 read notifications will be returned.

	## `/api/v1/pleroma/accounts/:id/subscribe`
	### Subscribe to receive notifications for all statuses posted by a user
	* Method `POST`
	* Authentication: required
	* Params:
	* `id`: account id to subscribe to
	* Response: JSON, returns a mastodon relationship object on success, otherwise returns `{"error": "error_msg"}`
	* Example response:
	```json
	{
	"id": "abcdefg",
	"following": true,
	"followed_by": false,
	"blocking": false,
	"muting": false,
	"muting_notifications": false,
	"subscribing": true,
	"requested": false,
	"domain_blocking": false,
	"showing_reblogs": true,
	"endorsed": false
	}
	```

	## `/api/v1/pleroma/accounts/:id/unsubscribe`
	### Unsubscribe to stop receiving notifications from user statuses
	* Method `POST`
	* Authentication: required
	* Params:
	* `id`: account id to unsubscribe from
	* Response: JSON, returns a mastodon relationship object on success, otherwise returns `{"error": "error_msg"}`
	* Example response:
	```json
	{
	"id": "abcdefg",
	"following": true,
	"followed_by": false,
	"blocking": false,
	"muting": false,
	"muting_notifications": false,
	"subscribing": false,
	"requested": false,
	"domain_blocking": false,
	"showing_reblogs": true,
	"endorsed": false
	}
	```

	## `/api/v1/pleroma/accounts/:id/favourites`
	### Returns favorites timeline of any user
	* Method `GET`
	* Authentication: not required
	* Params:
	* `id`: the id of the account for whom to return results
	* `limit`: optional, the number of records to retrieve
	* `since_id`: optional, returns results that are more recent than the specified id
	* `max_id`: optional, returns results that are older than the specified id
	* Response: JSON, returns a list of Mastodon Status entities on success, otherwise returns `{"error": "error_msg"}`
	* Example response:
	```json
	[
	{
	"account": {
	"id": "9hptFmUF3ztxYh3Svg",
	"url": "https://pleroma.example.org/users/nick2",
	"username": "nick2",
	...
	},
	"application": {"name": "Web", "website": null},
	"bookmarked": false,
	"card": null,
	"content": "This is :moominmamma: note 0",
	"created_at": "2019-04-15T15:42:15.000Z",
	"emojis": [],
	"favourited": false,
	"favourites_count": 1,
	"id": "9hptFmVJ02khbzYJaS",
	"in_reply_to_account_id": null,
	"in_reply_to_id": null,
	"language": null,
	"media_attachments": [],
	"mentions": [],
	"muted": false,
	"pinned": false,
	"pleroma": {
	"content": {"text/plain": "This is :moominmamma: note 0"},
	"conversation_id": 13679,
	"local": true,
	"spoiler_text": {"text/plain": "2hu"}
	},
	"reblog": null,
	"reblogged": false,
	"reblogs_count": 0,
	"replies_count": 0,
	"sensitive": false,
	"spoiler_text": "2hu",
	"tags": [{"name": "2hu", "url": "/tag/2hu"}],
	"uri": "https://pleroma.example.org/objects/198ed2a1-7912-4482-b559-244a0369e984",
	"url": "https://pleroma.example.org/notice/9hptFmVJ02khbzYJaS",
	"visibility": "public"
	}
	]
	```

	## `/api/v1/pleroma/accounts/update_*`
	### Set and clear account avatar, banner, and background

	- PATCH `/api/v1/pleroma/accounts/update_avatar`: Set/clear user avatar image
	- PATCH `/api/v1/pleroma/accounts/update_banner`: Set/clear user banner image
	- PATCH `/api/v1/pleroma/accounts/update_background`: Set/clear user background image

	## `/api/v1/pleroma/accounts/confirmation_resend`
	### Resend confirmation email
	* Method `POST`
	* Params:
	* `email`: email of that needs to be verified
	* Authentication: not required
	* Response: 204 No Content

	## `/api/v1/pleroma/mascot`
	### Gets user mascot image
	* Method `GET`
	* Authentication: required

	* Response: JSON. Returns a mastodon media attachment entity.
	* Example response:
	```json
	{
	"id": "abcdefg",
	"url": "https://pleroma.example.org/media/abcdefg.png",
	"type": "image",
	"pleroma": {
	"mime_type": "image/png"
	}
	}
	```

	### Updates user mascot image
	* Method `PUT`
	* Authentication: required
	* Params:
	* `image`: Multipart image
	* Response: JSON. Returns a mastodon media attachment entity
	when successful, otherwise returns HTTP 415 `{"error": "error_msg"}`
	* Example response:
	```json
	{
	"id": "abcdefg",
	"url": "https://pleroma.example.org/media/abcdefg.png",
	"type": "image",
	"pleroma": {
	"mime_type": "image/png"
	}
	}
	```
	* Note: Behaves exactly the same as `POST /api/v1/upload`.
	Can only accept images - any attempt to upload non-image files will be met with `HTTP 415 Unsupported Media Type`.

	## `/api/pleroma/notification_settings`
	### Updates user notification settings
	* Method `PUT`
	* Authentication: required
	* Params:
	* `followers`: BOOLEAN field, receives notifications from followers
	* `follows`: BOOLEAN field, receives notifications from people the user follows
	* `remote`: BOOLEAN field, receives notifications from people on remote instances
	* `local`: BOOLEAN field, receives notifications from people on the local instance
	* `privacy_option`: BOOLEAN field. When set to true, it removes the contents of a message from the push notification.
	* Response: JSON. Returns `{"status": "success"}` if the update was successful, otherwise returns `{"error": "error_msg"}`

	## `/api/pleroma/healthcheck`
	### Healthcheck endpoint with additional system data.
	* Method `GET`
	* Authentication: not required
	* Params: none
	* Response: JSON, statuses (200 - healthy, 503 unhealthy).
	* Example response:
	```json
	{
	"pool_size": 0, # database connection pool
	"active": 0, # active processes
	"idle": 0, # idle processes
	"memory_used": 0.00, # Memory used
	"healthy": true, # Instance state
	"job_queue_stats": {} # Job queue stats
	}
	```

	## `/api/pleroma/change_email`
	### Change account email
	* Method `POST`
	* Authentication: required
	* Params:
	* `password`: user's password
	* `email`: new email
	* Response: JSON. Returns `{"status": "success"}` if the change was successful, `{"error": "[error message]"}` otherwise
	* Note: Currently, Mastodon has no API for changing email. If they add it in future it might be incompatible with Pleroma.

	# Pleroma Conversations

	Pleroma Conversations have the same general structure that Mastodon Conversations have. The behavior differs in the following ways when using these endpoints:

	1. Pleroma Conversations never add or remove recipients, unless explicitly changed by the user.
	2. Pleroma Conversations statuses can be requested by Conversation id.
	3. Pleroma Conversations can be replied to.

	Conversations have the additional field "recipients" under the "pleroma" key. This holds a list of all the accounts that will receive a message in this conversation.

	The status posting endpoint takes an additional parameter, `in_reply_to_conversation_id`, which, when set, will set the visiblity to direct and address only the people who are the recipients of that Conversation.


	## `GET /api/v1/pleroma/conversations/:id/statuses`
	### Timeline for a given conversation
	* Method `GET`
	* Authentication: required
	* Params: Like other timelines
	* Response: JSON, statuses (200 - healthy, 503 unhealthy).

	## `GET /api/v1/pleroma/conversations/:id`
	### The conversation with the given ID.
	* Method `GET`
	* Authentication: required
	* Params: None
	* Response: JSON, statuses (200 - healthy, 503 unhealthy).

	## `PATCH /api/v1/pleroma/conversations/:id`
	### Update a conversation. Used to change the set of recipients.
	* Method `PATCH`
	* Authentication: required
	* Params:
	* `recipients`: A list of ids of users that should receive posts to this conversation. This will replace the current list of recipients, so submit the full list. The owner of owner of the conversation will always be part of the set of recipients, though.
	* Response: JSON, statuses (200 - healthy, 503 unhealthy)

	## `GET /api/v1/pleroma/conversations/read`
	### Marks all user's conversations as read.
	* Method `POST`
	* Authentication: required
	* Params: None
	* Response: JSON, returns a list of Mastodon Conversation entities that were marked as read (200 - healthy, 503 unhealthy).

	## `GET /api/pleroma/emoji/packs`
	### Lists the custom emoji packs on the server
	* Method `GET`
	* Authentication: not required
	* Params: None
	* Response: JSON, "ok" and 200 status and the JSON hashmap of "pack name" to "pack contents"

	## `PUT /api/pleroma/emoji/packs/:name`
	### Creates an empty custom emoji pack
	* Method `PUT`
	* Authentication: required
	* Params: None
	* Response: JSON, "ok" and 200 status or 409 if the pack with that name already exists

	## `DELETE /api/pleroma/emoji/packs/:name`
	### Delete a custom emoji pack
	* Method `DELETE`
	* Authentication: required
	* Params: None
	* Response: JSON, "ok" and 200 status or 500 if there was an error deleting the pack

	## `POST /api/pleroma/emoji/packs/:name/update_file`
	### Update a file in a custom emoji pack
	* Method `POST`
	* Authentication: required
	* Params:
	* if the `action` is `add`, adds an emoji named `shortcode` to the pack `pack_name`,
	that means that the emoji file needs to be uploaded with the request
	(thus requiring it to be a multipart request) and be named `file`.
	There can also be an optional `filename` that will be the new emoji file name
	(if it's not there, the name will be taken from the uploaded file).
	* if the `action` is `update`, changes emoji shortcode
	(from `shortcode` to `new_shortcode` or moves the file (from the current filename to `new_filename`)
	* if the `action` is `remove`, removes the emoji named `shortcode` and it's associated file
	* Response: JSON, updated "files" section of the pack and 200 status, 409 if the trying to use a shortcode
	that is already taken, 400 if there was an error with the shortcode, filename or file (additional info
	in the "error" part of the response JSON)

	## `POST /api/pleroma/emoji/packs/:name/update_metadata`
	### Updates (replaces) pack metadata
	* Method `POST`
	* Authentication: required
	* Params:
	* `new_data`: new metadata to replace the old one
	* Response: JSON, updated "metadata" section of the pack and 200 status or 400 if there was a
	problem with the new metadata (the error is specified in the "error" part of the response JSON)

	## `POST /api/pleroma/emoji/packs/download_from`
	### Requests the instance to download the pack from another instance
	* Method `POST`
	* Authentication: required
	* Params:
	* `instance_address`: the address of the instance to download from
	* `pack_name`: the pack to download from that instance
	* Response: JSON, "ok" and 200 status if the pack was downloaded, or 500 if there were
	errors downloading the pack

	## `POST /api/pleroma/emoji/packs/list_from`
	### Requests the instance to list the packs from another instance
	* Method `POST`
	* Authentication: required
	* Params:
	* `instance_address`: the address of the instance to download from
	* Response: JSON with the pack list, same as if the request was made to that instance's
	list endpoint directly + 200 status

	## `GET /api/pleroma/emoji/packs/:name/download_shared`
	### Requests a local pack from the instance
	* Method `GET`
	* Authentication: not required
	* Params: None
	* Response: the archive of the pack with a 200 status code, 403 if the pack is not set as shared,
	404 if the pack does not exist

	## `GET /api/v1/pleroma/accounts/:id/scrobbles`
	### Requests a list of current and recent Listen activities for an account
	* Method `GET`
	* Authentication: not required
	* Params: None
	* Response: An array of media metadata entities.
	* Example response:
	```json
	[
	{
	"account": {...},
	"id": "1234",
	"title": "Some Title",
	"artist": "Some Artist",
	"album": "Some Album",
	"length": 180000,
	"created_at": "2019-09-28T12:40:45.000Z"
	}
	]
	```

	## `POST /api/v1/pleroma/scrobble`
	### Creates a new Listen activity for an account
	* Method `POST`
	* Authentication: required
	* Params:
	* `title`: the title of the media playing
	* `album`: the album of the media playing [optional]
	* `artist`: the artist of the media playing [optional]
	* `length`: the length of the media playing [optional]
	* Response: the newly created media metadata entity representing the Listen activity

	# Emoji Reactions

	Emoji reactions work a lot like favourites do. They make it possible to react to a post with a single emoji character.

	## `POST /api/v1/pleroma/statuses/:id/react_with_emoji`
	### React to a post with a unicode emoji
	* Method: `POST`
	* Authentication: required
	* Params: `emoji`: A single character unicode emoji
	* Response: JSON, the status.

	## `POST /api/v1/pleroma/statuses/:id/unreact_with_emoji`
	### Remove a reaction to a post with a unicode emoji
	* Method: `POST`
	* Authentication: required
	* Params: `emoji`: A single character unicode emoji
	* Response: JSON, the status.

	## `GET /api/v1/pleroma/statuses/:id/emoji_reactions_by`
	### Get an object of emoji to account mappings with accounts that reacted to the post
	* Method: `GET`
	* Authentication: optional
	* Params: None
	* Response: JSON, a map of emoji to account list mappings.
	* Example Response:
	```json
	{
	"😀" => [{"id" => "xyz.."...}, {"id" => "zyx..."}],
	"🗡" => [{"id" => "abc..."}]
	}
	```
	diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md
	index ce2a14210..a214b6e2f 100644
	--- a/docs/configuration/cheatsheet.md
	+++ b/docs/configuration/cheatsheet.md
	@@ -1,838 +1,842 @@
	# Configuration Cheat Sheet

	This is a cheat sheet for Pleroma configuration file, any setting possible to configure should be listed here.

	Pleroma configuration works by first importing the base config (`config/config.exs` on source installs, compiled-in on OTP releases), then overriding it by the environment config (`config/$MIX_ENV.exs` on source installs, N/A to OTP releases) and then overriding it by user config (`config/$MIX_ENV.secret.exs` on source installs, typically `/etc/pleroma/config.exs` on OTP releases).

	You shouldn't edit the base config directly to avoid breakages and merge conflicts, but it can be used as a reference if you don't understand how an option is supposed to be formatted, the latest version of it can be viewed [here](https://git.pleroma.social/pleroma/pleroma/blob/develop/config/config.exs).

	## :instance
	* `name`: The instance’s name.
	* `email`: Email used to reach an Administrator/Moderator of the instance.
	* `notify_email`: Email used for notifications.
	* `description`: The instance’s description, can be seen in nodeinfo and ``/api/v1/instance``.
	* `limit`: Posts character limit (CW/Subject included in the counter).
	* `chat_limit`: Character limit of the instance chat messages.
	* `remote_limit`: Hard character limit beyond which remote posts will be dropped.
	* `upload_limit`: File size limit of uploads (except for avatar, background, banner).
	* `avatar_upload_limit`: File size limit of user’s profile avatars.
	* `background_upload_limit`: File size limit of user’s profile backgrounds.
	* `banner_upload_limit`: File size limit of user’s profile banners.
	* `poll_limits`: A map with poll limits for local polls.
	* `max_options`: Maximum number of options.
	* `max_option_chars`: Maximum number of characters per option.
	* `min_expiration`: Minimum expiration time (in seconds).
	* `max_expiration`: Maximum expiration time (in seconds).
	* `registrations_open`: Enable registrations for anyone, invitations can be enabled when false.
	* `invites_enabled`: Enable user invitations for admins (depends on `registrations_open: false`).
	* `account_activation_required`: Require users to confirm their emails before signing in.
	* `federating`: Enable federation with other instances.
	* `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes.
	* `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it.
	* `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance.
	* `rewrite_policy`: Message Rewrite Policy, either one or a list. Here are the ones available by default:
	* `Pleroma.Web.ActivityPub.MRF.NoOpPolicy`: Doesn’t modify activities (default).
	* `Pleroma.Web.ActivityPub.MRF.DropPolicy`: Drops all activities. It generally doesn’t makes sense to use in production.
	* `Pleroma.Web.ActivityPub.MRF.SimplePolicy`: Restrict the visibility of activities from certains instances (See [`:mrf_simple`](#mrf_simple)).
	* `Pleroma.Web.ActivityPub.MRF.TagPolicy`: Applies policies to individual users based on tags, which can be set using pleroma-fe/admin-fe/any other app that supports Pleroma Admin API. For example it allows marking posts from individual users nsfw (sensitive).
	* `Pleroma.Web.ActivityPub.MRF.SubchainPolicy`: Selectively runs other MRF policies when messages match (See [`:mrf_subchain`](#mrf_subchain)).
	* `Pleroma.Web.ActivityPub.MRF.RejectNonPublic`: Drops posts with non-public visibility settings (See [`:mrf_rejectnonpublic`](#mrf_rejectnonpublic)).
	* `Pleroma.Web.ActivityPub.MRF.EnsureRePrepended`: Rewrites posts to ensure that replies to posts with subjects do not have an identical subject and instead begin with re:.
	* `Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicy`: Rejects posts from likely spambots by rejecting posts from new users that contain links.
	* `Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`: Crawls attachments using their MediaProxy URLs so that the MediaProxy cache is primed.
	* `Pleroma.Web.ActivityPub.MRF.MentionPolicy`: Drops posts mentioning configurable users. (See [`:mrf_mention`](#mrf_mention)).
	* `Pleroma.Web.ActivityPub.MRF.VocabularyPolicy`: Restricts activities to a configured set of vocabulary. (See [`:mrf_vocabulary`](#mrf_vocabulary)).
	* `Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy`: Rejects or delists posts based on their age when received. (See [`:mrf_object_age`](#mrf_object_age)).
	* `public`: Makes the client API in authentificated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network.
	* `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send.
	* `managed_config`: Whenether the config for pleroma-fe is configured in [:frontend_configurations](#frontend_configurations) or in ``static/config.json``.
	* `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML).
	* `mrf_transparency`: Make the content of your Message Rewrite Facility settings public (via nodeinfo).
	* `mrf_transparency_exclusions`: Exclude specific instance names from MRF transparency. The use of the exclusions feature will be disclosed in nodeinfo as a boolean value.
	* `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with
	older software for theses nicknames.
	* `max_pinned_statuses`: The maximum number of pinned statuses. `0` will disable the feature.
	* `autofollowed_nicknames`: Set to nicknames of (local) users that every new user should automatically follow.
	* `no_attachment_links`: Set to true to disable automatically adding attachment link text to statuses.
	* `welcome_message`: A message that will be send to a newly registered users as a direct message.
	* `welcome_user_nickname`: The nickname of the local user that sends the welcome message.
	* `max_report_comment_size`: The maximum size of the report comment (Default: `1000`).
	* `safe_dm_mentions`: If set to true, only mentions at the beginning of a post will be used to address people in direct messages. This is to prevent accidental mentioning of people when talking about them (e.g. "@friend hey i really don't like @enemy"). Default: `false`.
	* `healthcheck`: If set to true, system data will be shown on ``/api/pleroma/healthcheck``.
	* `remote_post_retention_days`: The default amount of days to retain remote posts when pruning the database.
	* `user_bio_length`: A user bio maximum length (default: `5000`).
	* `user_name_length`: A user name maximum length (default: `100`).
	* `skip_thread_containment`: Skip filter out broken threads. The default is `false`.
	* `limit_to_local_content`: Limit unauthenticated users to search for local statutes and users only. Possible values: `:unauthenticated`, `:all` and `false`. The default is `:unauthenticated`.
	* `max_account_fields`: The maximum number of custom fields in the user profile (default: `10`).
	* `max_remote_account_fields`: The maximum number of custom fields in the remote user profile (default: `20`).
	* `account_field_name_length`: An account field name maximum length (default: `512`).
	* `account_field_value_length`: An account field value maximum length (default: `2048`).
	* `external_user_synchronization`: Enabling following/followers counters synchronization for external users.

	!!! danger
	This is a Work In Progress, not usable just yet

	* `dynamic_configuration`: Allow transferring configuration to DB with the subsequent customization from Admin api.

	## Federation
	### MRF policies

	!!! note
	Configuring MRF policies is not enough for them to take effect. You have to enable them by specifying their module in `rewrite_policy` under [:instance](#instance) section.

	#### :mrf_simple
	* `media_removal`: List of instances to remove media from.
	* `media_nsfw`: List of instances to put media as NSFW(sensitive) from.
	* `federated_timeline_removal`: List of instances to remove from Federated (aka The Whole Known Network) Timeline.
	* `reject`: List of instances to reject any activities from.
	* `accept`: List of instances to accept any activities from.
	* `report_removal`: List of instances to reject reports from.
	* `avatar_removal`: List of instances to strip avatars from.
	* `banner_removal`: List of instances to strip banners from.

	#### :mrf_subchain
	This policy processes messages through an alternate pipeline when a given message matches certain criteria.
	All criteria are configured as a map of regular expressions to lists of policy modules.

	* `match_actor`: Matches a series of regular expressions against the actor field.

	Example:

	```elixir
	config :pleroma, :mrf_subchain,
	match_actor: %{
	~r/https:\/\/example.com/s => [Pleroma.Web.ActivityPub.MRF.DropPolicy]
	}
	```

	#### :mrf_rejectnonpublic
	* `allow_followersonly`: whether to allow followers-only posts.
	* `allow_direct`: whether to allow direct messages.

	#### :mrf_hellthread
	* `delist_threshold`: Number of mentioned users after which the message gets delisted (the message can still be seen, but it will not show up in public timelines and mentioned users won't get notifications about it). Set to 0 to disable.
	* `reject_threshold`: Number of mentioned users after which the messaged gets rejected. Set to 0 to disable.

	#### :mrf_keyword
	* `reject`: A list of patterns which result in message being rejected, each pattern can be a string or a [regular expression](https://hexdocs.pm/elixir/Regex.html).
	* `federated_timeline_removal`: A list of patterns which result in message being removed from federated timelines (a.k.a unlisted), each pattern can be a string or a [regular expression](https://hexdocs.pm/elixir/Regex.html).
	* `replace`: A list of tuples containing `{pattern, replacement}`, `pattern` can be a string or a [regular expression](https://hexdocs.pm/elixir/Regex.html).

	#### :mrf_mention
	* `actors`: A list of actors, for which to drop any posts mentioning.

	#### :mrf_vocabulary
	* `accept`: A list of ActivityStreams terms to accept. If empty, all supported messages are accepted.
	* `reject`: A list of ActivityStreams terms to reject. If empty, no messages are rejected.

	#### :mrf_user_allowlist

	The keys in this section are the domain names that the policy should apply to.
	Each key should be assigned a list of users that should be allowed through by
	their ActivityPub ID.

	An example:

	```elixir
	config :pleroma, :mrf_user_allowlist,
	"example.org": ["https://example.org/users/admin"]
	```

	#### :mrf_object_age
	* `threshold`: Required age (in seconds) of a post before actions are taken.
	* `actions`: A list of actions to apply to the post:
	* `:delist` removes the post from public timelines
	* `:strip_followers` removes followers from the ActivityPub recipient list, ensuring they won't be delivered to home timelines
	* `:reject` rejects the message entirely

	### :activitypub
	* ``unfollow_blocked``: Whether blocks result in people getting unfollowed
	* ``outgoing_blocks``: Whether to federate blocks to other instances
	* ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question
	* ``sign_object_fetches``: Sign object fetches with HTTP signatures

	### :fetch_initial_posts
	* `enabled`: if enabled, when a new user is federated with, fetch some of their latest posts
	* `pages`: the amount of pages to fetch

	## Pleroma.ScheduledActivity

	* `daily_user_limit`: the number of scheduled activities a user is allowed to create in a single day (Default: `25`)
	* `total_user_limit`: the number of scheduled activities a user is allowed to create in total (Default: `300`)
	* `enabled`: whether scheduled activities are sent to the job queue to be executed

	## Pleroma.ActivityExpiration

	* `enabled`: whether expired activities will be sent to the job queue to be deleted

	## Frontends

	### :frontend_configurations

	This can be used to configure a keyword list that keeps the configuration data for any kind of frontend. By default, settings for `pleroma_fe` and `masto_fe` are configured. You can find the documentation for `pleroma_fe` configuration into [Pleroma-FE configuration and customization for instance administrators](/frontend/CONFIGURATION/#options).

	Frontends can access these settings at `/api/pleroma/frontend_configurations`

	To add your own configuration for PleromaFE, use it like this:

	```elixir
	config :pleroma, :frontend_configurations,
	pleroma_fe: %{
	theme: "pleroma-dark",
	# ... see /priv/static/static/config.json for the available keys.
	},
	masto_fe: %{
	showInstanceSpecificPanel: true
	}
	```

	These settings need to be complete, they will override the defaults.

	### :static_fe

	Render profiles and posts using server-generated HTML that is viewable without using JavaScript.

	Available options:

	* `enabled` - Enables the rendering of static HTML. Defaults to `false`.

	### :assets

	This section configures assets to be used with various frontends. Currently the only option
	relates to mascots on the mastodon frontend

	* `mascots`: KeywordList of mascots, each element __MUST__ contain both a `url` and a
	`mime_type` key.
	* `default_mascot`: An element from `mascots` - This will be used as the default mascot
	on MastoFE (default: `:pleroma_fox_tan`).

	### :manifest

	This section describe PWA manifest instance-specific values. Currently this option relate only for MastoFE.

	* `icons`: Describe the icons of the app, this a list of maps describing icons in the same way as the
	[spec](https://www.w3.org/TR/appmanifest/#imageresource-and-its-members) describes it.

	Example:

	```elixir
	config :pleroma, :manifest,
	icons: [
	%{
	src: "/static/logo.png"
	},
	%{
	src: "/static/icon.png",
	type: "image/png"
	},
	%{
	src: "/static/icon.ico",
	sizes: "72x72 96x96 128x128 256x256"
	}
	]
	```

	* `theme_color`: Describe the theme color of the app. (Example: `"#282c37"`, `"rebeccapurple"`).
	* `background_color`: Describe the background color of the app. (Example: `"#191b22"`, `"aliceblue"`).

	## :emoji
	* `shortcode_globs`: Location of custom emoji files. `` can be used as a wildcard. Example `["/emoji/custom//.png"]`
	* `pack_extensions`: A list of file extensions for emojis, when no emoji.txt for a pack is present. Example `[".png", ".gif"]`
	* `groups`: Emojis are ordered in groups (tags). This is an array of key-value pairs where the key is the groupname and the value the location or array of locations. `` can be used as a wildcard. Example `[Custom: ["/emoji/.png", "/emoji/custom/*.png"]]`
	* `default_manifest`: Location of the JSON-manifest. This manifest contains information about the emoji-packs you can download. Currently only one manifest can be added (no arrays).
	* `shared_pack_cache_seconds_per_file`: When an emoji pack is shared, the archive is created and cached in
	memory for this amount of seconds multiplied by the number of files.

	## :media_proxy
	* `enabled`: Enables proxying of remote media to the instance’s proxy
	* `base_url`: The base URL to access a user-uploaded file. Useful when you want to proxy the media files via another host/CDN fronts.
	* `proxy_opts`: All options defined in `Pleroma.ReverseProxy` documentation, defaults to `[max_body_length: (25*1_048_576)]`.
	* `whitelist`: List of domains to bypass the mediaproxy

	## Link previews

	### Pleroma.Web.Metadata (provider)
	* `providers`: a list of metadata providers to enable. Providers available:
	* `Pleroma.Web.Metadata.Providers.OpenGraph`
	* `Pleroma.Web.Metadata.Providers.TwitterCard`
	* `Pleroma.Web.Metadata.Providers.RelMe` - add links from user bio with rel=me into the `<header>` as `<link rel=me>`.
	* `Pleroma.Web.Metadata.Providers.Feed` - add a link to a user's Atom feed into the `<header>` as `<link rel=alternate>`.
	* `unfurl_nsfw`: If set to `true` nsfw attachments will be shown in previews.

	### :rich_media (consumer)
	* `enabled`: if enabled the instance will parse metadata from attached links to generate link previews.
	* `ignore_hosts`: list of hosts which will be ignored by the metadata parser. For example `["accounts.google.com", "xss.website"]`, defaults to `[]`.
	* `ignore_tld`: list TLDs (top-level domains) which will ignore for parse metadata. default is ["local", "localdomain", "lan"].
	* `parsers`: list of Rich Media parsers.

	## HTTP server

	### Pleroma.Web.Endpoint

	!!! note
	`Phoenix` endpoint configuration, all configuration options can be viewed [here](https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#module-dynamic-configuration), only common options are listed here.

	* `http` - a list containing http protocol configuration, all configuration options can be viewed [here](https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html#module-options), only common options are listed here. For deployment using docker, you need to set this to `[ip: {0,0,0,0}, port: 4000]` to make pleroma accessible from other containers (such as your nginx server).
	- `ip` - a tuple consisting of 4 integers
	- `port`
	* `url` - a list containing the configuration for generating urls, accepts
	- `host` - the host without the scheme and a post (e.g `example.com`, not `https://example.com:2020`)
	- `scheme` - e.g `http`, `https`
	- `port`
	- `path`
	* `extra_cookie_attrs` - a list of `Key=Value` strings to be added as non-standard cookie attributes. Defaults to `["SameSite=Lax"]`. See the [SameSite article](https://www.owasp.org/index.php/SameSite) on OWASP for more info.

	Example:
	```elixir
	config :pleroma, Pleroma.Web.Endpoint,
	url: [host: "example.com", port: 2020, scheme: "https"],
	http: [
	port: 8080,
	ip: {127, 0, 0, 1}
	]
	```

	This will make Pleroma listen on `127.0.0.1` port `8080` and generate urls starting with `https://example.com:2020`

	### :http_security
	* ``enabled``: Whether the managed content security policy is enabled.
	* ``sts``: Whether to additionally send a `Strict-Transport-Security` header.
	* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent.
	* ``ct_max_age``: The maximum age for the `Expect-CT` header if sent.
	* ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`.
	* ``report_uri``: Adds the specified url to `report-uri` and `report-to` group in CSP header.

	### Pleroma.Plugs.RemoteIp

	!!! warning
	If your instance is not behind at least one reverse proxy, you should not enable this plug.

	`Pleroma.Plugs.RemoteIp` is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.

	Available options:

	* `enabled` - Enable/disable the plug. Defaults to `false`.
	* `headers` - A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Defaults to `~w[forwarded x-forwarded-for x-client-ip x-real-ip]`.
	* `proxies` - A list of strings in [CIDR](https://en.wikipedia.org/wiki/CIDR) notation specifying the IPs of known proxies. Defaults to `[]`.
	* `reserved` - Defaults to [localhost](https://en.wikipedia.org/wiki/Localhost) and [private network](https://en.wikipedia.org/wiki/Private_network).


	### :rate_limit

	This is an advanced feature and disabled by default.

	If your instance is behind a reverse proxy you must enable and configure [`Pleroma.Plugs.RemoteIp`](#pleroma-plugs-remoteip).

	A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where:

	* The first element: `scale` (Integer). The time scale in milliseconds.
	* The second element: `limit` (Integer). How many requests to limit in the time scale provided.

	It is also possible to have different limits for unauthenticated and authenticated users: the keyword value must be a list of two tuples where the first one is a config for unauthenticated users and the second one is for authenticated.

	Supported rate limiters:

	* `:search` for the search requests (account & status search etc.)
	* `:app_account_creation` for registering user accounts from the same IP address
	* `:relations_actions` for actions on relations with all users (follow, unfollow)
	* `:relation_id_action` for actions on relation with a specific user (follow, unfollow)
	* `:statuses_actions` for create / delete / fav / unfav / reblog / unreblog actions on any statuses
	* `:status_id_action` for fav / unfav or reblog / unreblog actions on the same status by the same user

	### :web_cache_ttl

	The expiration time for the web responses cache. Values should be in milliseconds or `nil` to disable expiration.

	Available caches:

	* `:activity_pub` - activity pub routes (except question activities). Defaults to `nil` (no expiration).
	* `:activity_pub_question` - activity pub routes (question activities). Defaults to `30_000` (30 seconds).

	## HTTP client

	### :http

	* `proxy_url`: an upstream proxy to fetch posts and/or media with, (default: `nil`)
	* `send_user_agent`: should we include a user agent with HTTP requests? (default: `true`)
	* `user_agent`: what user agent should we use? (default: `:default`), must be string or `:default`
	* `adapter`: array of hackney options


	### :hackney_pools

	Advanced. Tweaks Hackney (http client) connections pools.

	There's three pools used:

	* `:federation` for the federation jobs.
	You may want this pool max_connections to be at least equal to the number of federator jobs + retry queue jobs.
	* `:media` for rich media, media proxy
	* `:upload` for uploaded media (if using a remote uploader and `proxy_remote: true`)

	For each pool, the options are:

	* `max_connections` - how much connections a pool can hold
	* `timeout` - retention duration for connections


	## Captcha

	### Pleroma.Captcha

	* `enabled`: Whether the captcha should be shown on registration.
	* `method`: The method/service to use for captcha.
	* `seconds_valid`: The time in seconds for which the captcha is valid.

	### Captcha providers

	#### Pleroma.Captcha.Native

	A built-in captcha provider. Enabled by default.

	#### Pleroma.Captcha.Kocaptcha

	Kocaptcha is a very simple captcha service with a single API endpoint,
	the source code is here: https://github.com/koto-bank/kocaptcha. The default endpoint
	`https://captcha.kotobank.ch` is hosted by the developer.

	* `endpoint`: the Kocaptcha endpoint to use.

	## Uploads

	### Pleroma.Upload
	* `uploader`: Which one of the [uploaders](#uploaders) to use.
	* `filters`: List of [upload filters](#upload-filters) to use.
	* `link_name`: When enabled Pleroma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers when using filters like `Pleroma.Upload.Filter.Dedupe`
	* `base_url`: The base URL to access a user-uploaded file. Useful when you want to proxy the media files via another host.
	* `proxy_remote`: If you're using a remote uploader, Pleroma will proxy media requests instead of redirecting to it.
	* `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.

	!!! warning
	`strip_exif` has been replaced by `Pleroma.Upload.Filter.Mogrify`.

	### Uploaders
	#### Pleroma.Uploaders.Local
	* `uploads`: Which directory to store the user-uploads in, relative to pleroma’s working directory.

	#### Pleroma.Uploaders.S3
	* `bucket`: S3 bucket name.
	* `bucket_namespace`: S3 bucket namespace.
	* `public_endpoint`: S3 endpoint that the user finally accesses(ex. "https://s3.dualstack.ap-northeast-1.amazonaws.com")
	* `truncated_namespace`: If you use S3 compatible service such as Digital Ocean Spaces or CDN, set folder name or "" etc.
	For example, when using CDN to S3 virtual host format, set "".
	At this time, write CNAME to CDN in public_endpoint.
	* `streaming_enabled`: Enable streaming uploads, when enabled the file will be sent to the server in chunks as it's being read. This may be unsupported by some providers, try disabling this if you have upload problems.


	### Upload filters

	#### Pleroma.Upload.Filter.Mogrify

	* `args`: List of actions for the `mogrify` command like `"strip"` or `["strip", "auto-orient", {"implode", "1"}]`.

	#### Pleroma.Upload.Filter.Dedupe

	No specific configuration.

	#### Pleroma.Upload.Filter.AnonymizeFilename

	This filter replaces the filename (not the path) of an upload. For complete obfuscation, add
	`Pleroma.Upload.Filter.Dedupe` before AnonymizeFilename.

	* `text`: Text to replace filenames in links. If empty, `{random}.extension` will be used. You can get the original filename extension by using `{extension}`, for example `custom-file-name.{extension}`.

	## Email

	### Pleroma.Emails.Mailer
	* `adapter`: one of the mail adapters listed in [Swoosh readme](https://github.com/swoosh/swoosh#adapters), or `Swoosh.Adapters.Local` for in-memory mailbox.
	* `api_key` / `password` and / or other adapter-specific settings, per the above documentation.
	* `enabled`: Allows enable/disable send emails. Default: `false`.

	An example for Sendgrid adapter:

	```elixir
	config :pleroma, Pleroma.Emails.Mailer,
	adapter: Swoosh.Adapters.Sendgrid,
	api_key: "YOUR_API_KEY"
	```

	An example for SMTP adapter:

	```elixir
	config :pleroma, Pleroma.Emails.Mailer,
	adapter: Swoosh.Adapters.SMTP,
	relay: "smtp.gmail.com",
	username: "YOUR_USERNAME@gmail.com",
	password: "YOUR_SMTP_PASSWORD",
	port: 465,
	ssl: true,
	tls: :always,
	auth: :always
	```

	### :email_notifications

	Email notifications settings.

	- digest - emails of "what you've missed" for users who have been
	inactive for a while.
	- active: globally enable or disable digest emails
	- schedule: When to send digest email, in [crontab format](https://en.wikipedia.org/wiki/Cron).
	"0 0 * * 0" is the default, meaning "once a week at midnight on Sunday morning"
	- interval: Minimum interval between digest emails to one user
	- inactivity_threshold: Minimum user inactivity threshold

	### Pleroma.Emails.UserEmail

	- `:logo` - a path to a custom logo. Set it to `nil` to use the default Pleroma logo.
	- `:styling` - a map with color settings for email templates.

	## Background jobs

	### Oban

	[Oban](https://github.com/sorentwo/oban) asynchronous job processor configuration.

	Configuration options described in [Oban readme](https://github.com/sorentwo/oban#usage):

	* `repo` - app's Ecto repo (`Pleroma.Repo`)
	* `verbose` - logs verbosity
	* `prune` - non-retryable jobs [pruning settings](https://github.com/sorentwo/oban#pruning) (`:disabled` / `{:maxlen, value}` / `{:maxage, value}`)
	* `queues` - job queues (see below)

	Pleroma has the following queues:

	* `activity_expiration` - Activity expiration
	* `federator_outgoing` - Outgoing federation
	* `federator_incoming` - Incoming federation
	* `mailer` - Email sender, see [`Pleroma.Emails.Mailer`](#pleromaemailsmailer)
	* `transmogrifier` - Transmogrifier
	* `web_push` - Web push notifications
	* `scheduled_activities` - Scheduled activities, see [`Pleroma.ScheduledActivity`](#pleromascheduledactivity)

	Example:

	```elixir
	config :pleroma, Oban,
	repo: Pleroma.Repo,
	verbose: false,
	prune: {:maxlen, 1500},
	queues: [
	federator_incoming: 50,
	federator_outgoing: 50
	]
	```

	This config contains two queues: `federator_incoming` and `federator_outgoing`. Both have the number of max concurrent jobs set to `50`.

	#### Migrating `pleroma_job_queue` settings

	`config :pleroma_job_queue, :queues` is replaced by `config :pleroma, Oban, :queues` and uses the same format (keys are queues' names, values are max concurrent jobs numbers).

	### :workers

	Includes custom worker options not interpretable directly by `Oban`.

	* `retries` — keyword lists where keys are `Oban` queues (see above) and values are numbers of max attempts for failed jobs.

	Example:

	```elixir
	config :pleroma, :workers,
	retries: [
	federator_incoming: 5,
	federator_outgoing: 5
	]
	```

	#### Migrating `Pleroma.Web.Federator.RetryQueue` settings

	* `max_retries` is replaced with `config :pleroma, :workers, retries: [federator_outgoing: 5]`
	* `enabled: false` corresponds to `config :pleroma, :workers, retries: [federator_outgoing: 1]`
	* deprecated options: `max_jobs`, `initial_timeout`

	### Pleroma.Scheduler

	Configuration for [Quantum](https://github.com/quantum-elixir/quantum-core) jobs scheduler.

	See [Quantum readme](https://github.com/quantum-elixir/quantum-core#usage) for the list of supported options.

	Example:

	```elixir
	config :pleroma, Pleroma.Scheduler,
	global: true,
	overlap: true,
	timezone: :utc,
	jobs: [{"0 /6 * * *", {Pleroma.Web.Websub, :refresh_subscriptions, []}}]
	```

	The above example defines a single job which invokes `Pleroma.Web.Websub.refresh_subscriptions()` every 6 hours ("0 /6 * * *", [crontab format](https://en.wikipedia.org/wiki/Cron)).

	## :web_push_encryption, :vapid_details

	Web Push Notifications configuration. You can use the mix task `mix web_push.gen.keypair` to generate it.

	* ``subject``: a mailto link for the administrative contact. It’s best if this email is not a personal email address, but rather a group email so that if a person leaves an organization, is unavailable for an extended period, or otherwise can’t respond, someone else on the list can.
	* ``public_key``: VAPID public key
	* ``private_key``: VAPID private key

	## :logger
	* `backends`: `:console` is used to send logs to stdout, `{ExSyslogger, :ex_syslogger}` to log to syslog, and `Quack.Logger` to log to Slack

	An example to enable ONLY ExSyslogger (f/ex in ``prod.secret.exs``) with info and debug suppressed:
	```elixir
	config :logger,
	backends: [{ExSyslogger, :ex_syslogger}]

	config :logger, :ex_syslogger,
	level: :warn
	```

	Another example, keeping console output and adding the pid to syslog output:
	```elixir
	config :logger,
	backends: [:console, {ExSyslogger, :ex_syslogger}]

	config :logger, :ex_syslogger,
	level: :warn,
	option: [:pid, :ndelay]
	```

	See: [logger’s documentation](https://hexdocs.pm/logger/Logger.html) and [ex_syslogger’s documentation](https://hexdocs.pm/ex_syslogger/)

	An example of logging info to local syslog, but warn to a Slack channel:
	```elixir
	config :logger,
	backends: [ {ExSyslogger, :ex_syslogger}, Quack.Logger ],
	level: :info

	config :logger, :ex_syslogger,
	level: :info,
	ident: "pleroma",
	format: "$metadata[$level] $message"

	config :quack,
	level: :warn,
	meta: [:all],
	webhook_url: "https://hooks.slack.com/services/YOUR-API-KEY-HERE"
	```

	See the [Quack Github](https://github.com/azohra/quack) for more details



	## Database options

	### RUM indexing for full text search

	!!! warning
	It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions.

	* `rum_enabled`: If RUM indexes should be used. Defaults to `false`.

	RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. While they may eventually be mainlined, for now they have to be installed as a PostgreSQL extension from https://github.com/postgrespro/rum.

	Their advantage over the standard GIN indexes is that they allow efficient ordering of search results by timestamp, which makes search queries a lot faster on larger servers, by one or two orders of magnitude. They take up around 3 times as much space as GIN indexes.

	To enable them, both the `rum_enabled` flag has to be set and the following special migration has to be run:

	`mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/`

	This will probably take a long time.

	## Alternative client protocols

	### BBS / SSH access

	To enable simple command line interface accessible over ssh, add a setting like this to your configuration file:

	```exs
	app_dir = File.cwd!
	priv_dir = Path.join([app_dir, "priv/ssh_keys"])

	config :esshd,
	enabled: true,
	priv_dir: priv_dir,
	handler: "Pleroma.BBS.Handler",
	port: 10_022,
	password_authenticator: "Pleroma.BBS.Authenticator"
	```

	Feel free to adjust the priv_dir and port number. Then you will have to create the key for the keys (in the example `priv/ssh_keys`) and create the host keys with `ssh-keygen -m PEM -N "" -b 2048 -t rsa -f ssh_host_rsa_key`. After restarting, you should be able to connect to your Pleroma instance with `ssh username@server -p $PORT`

	### :gopher
	* `enabled`: Enables the gopher interface
	* `ip`: IP address to bind to
	* `port`: Port to bind to
	* `dstport`: Port advertised in urls (optional, defaults to `port`)


	## Authentication

	### :admin_token

	Allows to set a token that can be used to authenticate with the admin api without using an actual user by giving it as the `admin_token` parameter or `x-admin-token` HTTP header. Example:

	```elixir
	config :pleroma, :admin_token, "somerandomtoken"
	```

	You can then do

	```shell
	curl "http://localhost:4000/api/pleroma/admin/users/invites?admin_token=somerandomtoken"
	```

	or

	```shell
	curl -H "X-Admin-Token: somerandomtoken" "http://localhost:4000/api/pleroma/admin/users/invites"
	```

	### :auth

	* `Pleroma.Web.Auth.PleromaAuthenticator`: default database authenticator.
	* `Pleroma.Web.Auth.LDAPAuthenticator`: LDAP authentication.

	Authentication / authorization settings.

	* `auth_template`: authentication form template. By default it's `show.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/show.html.eex`.
	* `oauth_consumer_template`: OAuth consumer mode authentication form template. By default it's `consumer.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/consumer.html.eex`.
	* `oauth_consumer_strategies`: the list of enabled OAuth consumer strategies; by default it's set by `OAUTH_CONSUMER_STRATEGIES` environment variable. Each entry in this space-delimited string should be of format `<strategy>` or `<strategy>:<dependency>` (e.g. `twitter` or `keycloak:ueberauth_keycloak_strategy` in case dependency is named differently than `ueberauth_<strategy>`).

	### Pleroma.Web.Auth.Authenticator

	* `Pleroma.Web.Auth.PleromaAuthenticator`: default database authenticator.
	* `Pleroma.Web.Auth.LDAPAuthenticator`: LDAP authentication.

	### :ldap

	Use LDAP for user authentication. When a user logs in to the Pleroma
	instance, the name and password will be verified by trying to authenticate
	(bind) to an LDAP server. If a user exists in the LDAP directory but there
	is no account with the same name yet on the Pleroma instance then a new
	Pleroma account will be created with the same name as the LDAP user name.

	* `enabled`: enables LDAP authentication
	* `host`: LDAP server hostname
	* `port`: LDAP port, e.g. 389 or 636
	* `ssl`: true to use SSL, usually implies the port 636
	* `sslopts`: additional SSL options
	* `tls`: true to start TLS, usually implies the port 389
	* `tlsopts`: additional TLS options
	* `base`: LDAP base, e.g. "dc=example,dc=com"
	* `uid`: LDAP attribute name to authenticate the user, e.g. when "cn", the filter will be "cn=username,base"

	### OAuth consumer mode

	OAuth consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.).
	Implementation is based on Ueberauth; see the list of [available strategies](https://github.com/ueberauth/ueberauth/wiki/List-of-Strategies).

	!!! note
	Each strategy is shipped as a separate dependency; in order to get the strategies, run `OAUTH_CONSUMER_STRATEGIES="..." mix deps.get`, e.g. `OAUTH_CONSUMER_STRATEGIES="twitter facebook google microsoft" mix deps.get`. The server should also be started with `OAUTH_CONSUMER_STRATEGIES="..." mix phx.server` in case you enable any strategies.

	!!! note
	Each strategy requires separate setup (on external provider side and Pleroma side). Below are the guidelines on setting up most popular strategies.

	!!! note
	Make sure that `"SameSite=Lax"` is set in `extra_cookie_attrs` when you have this feature enabled. OAuth consumer mode will not work with `"SameSite=Strict"`

	* For Twitter, [register an app](https://developer.twitter.com/en/apps), configure callback URL to https://<your_host>/oauth/twitter/callback

	* For Facebook, [register an app](https://developers.facebook.com/apps), configure callback URL to https://<your_host>/oauth/facebook/callback, enable Facebook Login service at https://developers.facebook.com/apps/<app_id>/fb-login/settings/

	* For Google, [register an app](https://console.developers.google.com), configure callback URL to https://<your_host>/oauth/google/callback

	* For Microsoft, [register an app](https://portal.azure.com), configure callback URL to https://<your_host>/oauth/microsoft/callback

	Once the app is configured on external OAuth provider side, add app's credentials and strategy-specific settings (if any — e.g. see Microsoft below) to `config/prod.secret.exs`,
	per strategy's documentation (e.g. [ueberauth_twitter](https://github.com/ueberauth/ueberauth_twitter)). Example config basing on environment variables:

	```elixir
	# Twitter
	config :ueberauth, Ueberauth.Strategy.Twitter.OAuth,
	consumer_key: System.get_env("TWITTER_CONSUMER_KEY"),
	consumer_secret: System.get_env("TWITTER_CONSUMER_SECRET")

	# Facebook
	config :ueberauth, Ueberauth.Strategy.Facebook.OAuth,
	client_id: System.get_env("FACEBOOK_APP_ID"),
	client_secret: System.get_env("FACEBOOK_APP_SECRET"),
	redirect_uri: System.get_env("FACEBOOK_REDIRECT_URI")

	# Google
	config :ueberauth, Ueberauth.Strategy.Google.OAuth,
	client_id: System.get_env("GOOGLE_CLIENT_ID"),
	client_secret: System.get_env("GOOGLE_CLIENT_SECRET"),
	redirect_uri: System.get_env("GOOGLE_REDIRECT_URI")

	# Microsoft
	config :ueberauth, Ueberauth.Strategy.Microsoft.OAuth,
	client_id: System.get_env("MICROSOFT_CLIENT_ID"),
	client_secret: System.get_env("MICROSOFT_CLIENT_SECRET")

	config :ueberauth, Ueberauth,
	providers: [
	microsoft: {Ueberauth.Strategy.Microsoft, [callback_params: []]}
	]

	# Keycloak
	# Note: make sure to add `keycloak:ueberauth_keycloak_strategy` entry to `OAUTH_CONSUMER_STRATEGIES` environment variable
	keycloak_url = "https://publicly-reachable-keycloak-instance.org:8080"

	config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
	client_id: System.get_env("KEYCLOAK_CLIENT_ID"),
	client_secret: System.get_env("KEYCLOAK_CLIENT_SECRET"),
	site: keycloak_url,
	authorize_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/auth",
	token_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/token",
	userinfo_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/userinfo",
	token_method: :post

	config :ueberauth, Ueberauth,
	providers: [
	keycloak: {Ueberauth.Strategy.Keycloak, [uid_field: :email]}
	]
	```

	### OAuth 2.0 provider - :oauth2

	Configure OAuth 2 provider capabilities:

	* `token_expires_in` - The lifetime in seconds of the access token.
	* `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
	* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
	* `clean_expired_tokens_interval` - Interval to run the job to clean expired tokens. Defaults to `86_400_000` (24 hours).

	## Link parsing

	### :uri_schemes
	* `valid_schemes`: List of the scheme part that is considered valid to be an URL.

	### :auto_linker

	Configuration for the `auto_linker` library:

	* `class: "auto-linker"` - specify the class to be added to the generated link. false to clear.
	* `rel: "noopener noreferrer"` - override the rel attribute. false to clear.
	* `new_window: true` - set to false to remove `target='_blank'` attribute.
	* `scheme: false` - Set to true to link urls with schema `http://google.com`.
	* `truncate: false` - Set to a number to truncate urls longer then the number. Truncated urls will end in `..`.
	* `strip_prefix: true` - Strip the scheme prefix.
	* `extra: false` - link urls with rarely used schemes (magnet, ipfs, irc, etc.).

	Example:

	```elixir
	config :auto_linker,
	opts: [
	scheme: true,
	extra: true,
	class: false,
	strip_prefix: false,
	new_window: false,
	rel: "ugc"
	]
	```
	+
	+## Custom Runtime Modules (`:modules`)
	+
	+* `runtime_dir`: A path to custom Elixir modules (such as MRF policies).
	diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex
	index 5b844aa41..2ae052069 100644
	--- a/lib/pleroma/application.ex
	+++ b/lib/pleroma/application.ex
	@@ -1,188 +1,212 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Application do
	import Cachex.Spec
	use Application
	+ require Logger

	@name Mix.Project.config()[:name]
	@version Mix.Project.config()[:version]
	@repository Mix.Project.config()[:source_url]
	@env Mix.env()

	def name, do: @name
	def version, do: @version
	def named_version, do: @name <> " " <> @version
	def repository, do: @repository

	def user_agent do
	case Pleroma.Config.get([:http, :user_agent], :default) do
	:default ->
	info = "#{Pleroma.Web.base_url()} <#{Pleroma.Config.get([:instance, :email], "")}>"
	named_version() <> "; " <> info

	custom ->
	custom
	end
	end

	# See http://elixir-lang.org/docs/stable/elixir/Application.html
	# for more information on OTP Applications
	def start(_type, _args) do
	Pleroma.HTML.compile_scrubbers()
	Pleroma.Config.DeprecationWarnings.warn()
	setup_instrumenters()
	+ load_custom_modules()

	# Define workers and child supervisors to be supervised
	children =
	[
	Pleroma.Repo,
	Pleroma.Scheduler,
	Pleroma.Config.TransferTask,
	Pleroma.Emoji,
	Pleroma.Captcha,
	Pleroma.Daemons.ScheduledActivityDaemon,
	Pleroma.Daemons.ActivityExpirationDaemon,
	Pleroma.Plugs.RateLimiter.Supervisor
	] ++
	cachex_children() ++
	hackney_pool_children() ++
	[
	Pleroma.Stats,
	Pleroma.JobQueueMonitor,
	{Oban, Pleroma.Config.get(Oban)}
	] ++
	task_children(@env) ++
	oauth_cleanup_child(oauth_cleanup_enabled?()) ++
	streamer_child(@env) ++
	chat_child(@env, chat_enabled?()) ++
	[
	Pleroma.Web.Endpoint,
	Pleroma.Gopher.Server
	]

	# See http://elixir-lang.org/docs/stable/elixir/Supervisor.html
	# for other strategies and supported options
	opts = [strategy: :one_for_one, name: Pleroma.Supervisor]
	Supervisor.start_link(children, opts)
	end

	+ def load_custom_modules do
	+ dir = Pleroma.Config.get([:modules, :runtime_dir])
	+
	+ if dir && File.exists?(dir) do
	+ dir
	+ \|> Pleroma.Utils.compile_dir()
	+ \|> case do
	+ {:error, _errors, _warnings} ->
	+ raise "Invalid custom modules"
	+
	+ {:ok, modules, _warnings} ->
	+ if @env != :test do
	+ Enum.each(modules, fn mod ->
	+ Logger.info("Custom module loaded: #{inspect(mod)}")
	+ end)
	+ end
	+
	+ :ok
	+ end
	+ end
	+ end
	+
	defp setup_instrumenters do
	require Prometheus.Registry

	if Application.get_env(:prometheus, Pleroma.Repo.Instrumenter) do
	:ok =
	:telemetry.attach(
	"prometheus-ecto",
	[:pleroma, :repo, :query],
	&Pleroma.Repo.Instrumenter.handle_event/4,
	%{}
	)

	Pleroma.Repo.Instrumenter.setup()
	end

	Pleroma.Web.Endpoint.MetricsExporter.setup()
	Pleroma.Web.Endpoint.PipelineInstrumenter.setup()
	Pleroma.Web.Endpoint.Instrumenter.setup()
	end

	def enabled_hackney_pools do
	[:media] ++
	if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do
	[:federation]
	else
	[]
	end ++
	if Pleroma.Config.get([Pleroma.Upload, :proxy_remote]) do
	[:upload]
	else
	[]
	end
	end

	defp cachex_children do
	[
	build_cachex("used_captcha", ttl_interval: seconds_valid_interval()),
	build_cachex("user", default_ttl: 25_000, ttl_interval: 1000, limit: 2500),
	build_cachex("object", default_ttl: 25_000, ttl_interval: 1000, limit: 2500),
	build_cachex("rich_media", default_ttl: :timer.minutes(120), limit: 5000),
	build_cachex("scrubber", limit: 2500),
	build_cachex("idempotency", expiration: idempotency_expiration(), limit: 2500),
	build_cachex("web_resp", limit: 2500),
	build_cachex("emoji_packs", expiration: emoji_packs_expiration(), limit: 10),
	build_cachex("failed_proxy_url", limit: 2500)
	]
	end

	defp emoji_packs_expiration,
	do: expiration(default: :timer.seconds(5 * 60), interval: :timer.seconds(60))

	defp idempotency_expiration,
	do: expiration(default: :timer.seconds(6 * 60 * 60), interval: :timer.seconds(60))

	defp seconds_valid_interval,
	do: :timer.seconds(Pleroma.Config.get!([Pleroma.Captcha, :seconds_valid]))

	defp build_cachex(type, opts),
	do: %{
	id: String.to_atom("cachex_" <> type),
	start: {Cachex, :start_link, [String.to_atom(type <> "_cache"), opts]},
	type: :worker
	}

	defp chat_enabled?, do: Pleroma.Config.get([:chat, :enabled])

	defp oauth_cleanup_enabled?,
	do: Pleroma.Config.get([:oauth2, :clean_expired_tokens], false)

	defp streamer_child(:test), do: []

	defp streamer_child(_) do
	[Pleroma.Web.Streamer.supervisor()]
	end

	defp oauth_cleanup_child(true),
	do: [Pleroma.Web.OAuth.Token.CleanWorker]

	defp oauth_cleanup_child(_), do: []

	defp chat_child(_env, true) do
	[Pleroma.Web.ChatChannel.ChatChannelState]
	end

	defp chat_child(_, _), do: []

	defp hackney_pool_children do
	for pool <- enabled_hackney_pools() do
	options = Pleroma.Config.get([:hackney_pools, pool])
	:hackney_pool.child_spec(pool, options)
	end
	end

	defp task_children(:test) do
	[
	%{
	id: :web_push_init,
	start: {Task, :start_link, [&Pleroma.Web.Push.init/0]},
	restart: :temporary
	}
	]
	end

	defp task_children(_) do
	[
	%{
	id: :web_push_init,
	start: {Task, :start_link, [&Pleroma.Web.Push.init/0]},
	restart: :temporary
	},
	%{
	id: :internal_fetch_init,
	start: {Task, :start_link, [&Pleroma.Web.ActivityPub.InternalFetchActor.init/0]},
	restart: :temporary
	}
	]
	end
	end
	diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex
	index 2cae29f35..11513106e 100644
	--- a/lib/pleroma/html.ex
	+++ b/lib/pleroma/html.ex
	@@ -1,120 +1,118 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.HTML do
	# Scrubbers are compiled on boot so they can be configured in OTP releases
	# @on_load :compile_scrubbers

	def compile_scrubbers do
	dir = Path.join(:code.priv_dir(:pleroma), "scrubbers")

	dir
	- \|> File.ls!()
	- \|> Enum.map(&Path.join(dir, &1))
	- \|> Kernel.ParallelCompiler.compile()
	+ \|> Pleroma.Utils.compile_dir()
	\|> case do
	{:error, _errors, _warnings} ->
	raise "Compiling scrubbers failed"

	{:ok, _modules, _warnings} ->
	:ok
	end
	end

	defp get_scrubbers(scrubber) when is_atom(scrubber), do: [scrubber]
	defp get_scrubbers(scrubbers) when is_list(scrubbers), do: scrubbers
	defp get_scrubbers(_), do: [Pleroma.HTML.Scrubber.Default]

	def get_scrubbers do
	Pleroma.Config.get([:markup, :scrub_policy])
	\|> get_scrubbers
	end

	def filter_tags(html, nil) do
	filter_tags(html, get_scrubbers())
	end

	def filter_tags(html, scrubbers) when is_list(scrubbers) do
	Enum.reduce(scrubbers, html, fn scrubber, html ->
	filter_tags(html, scrubber)
	end)
	end

	def filter_tags(html, scrubber) do
	{:ok, content} = FastSanitize.Sanitizer.scrub(html, scrubber)
	content
	end

	def filter_tags(html), do: filter_tags(html, nil)
	def strip_tags(html), do: filter_tags(html, FastSanitize.Sanitizer.StripTags)

	def get_cached_scrubbed_html_for_activity(
	content,
	scrubbers,
	activity,
	key \\ "",
	callback \\ fn x -> x end
	) do
	key = "#{key}#{generate_scrubber_signature(scrubbers)}\|#{activity.id}"

	Cachex.fetch!(:scrubber_cache, key, fn _key ->
	object = Pleroma.Object.normalize(activity)
	ensure_scrubbed_html(content, scrubbers, object.data["fake"] \|\| false, callback)
	end)
	end

	def get_cached_stripped_html_for_activity(content, activity, key) do
	get_cached_scrubbed_html_for_activity(
	content,
	FastSanitize.Sanitizer.StripTags,
	activity,
	key,
	&HtmlEntities.decode/1
	)
	end

	def ensure_scrubbed_html(
	content,
	scrubbers,
	fake,
	callback
	) do
	content =
	content
	\|> filter_tags(scrubbers)
	\|> callback.()

	if fake do
	{:ignore, content}
	else
	{:commit, content}
	end
	end

	defp generate_scrubber_signature(scrubber) when is_atom(scrubber) do
	generate_scrubber_signature([scrubber])
	end

	defp generate_scrubber_signature(scrubbers) do
	Enum.reduce(scrubbers, "", fn scrubber, signature ->
	"#{signature}#{to_string(scrubber)}"
	end)
	end

	def extract_first_external_url(_, nil), do: {:error, "No content"}

	def extract_first_external_url(object, content) do
	key = "URL\|#{object.id}"

	Cachex.fetch!(:scrubber_cache, key, fn _key ->
	result =
	content
	\|> Floki.filter_out("a.mention,a.hashtag,a[rel~=\"tag\"]")
	\|> Floki.attribute("a", "href")
	\|> Enum.at(0)

	{:commit, {:ok, result}}
	end)
	end
	end
	diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex
	index 4d71c91a8..a1bde90f1 100644
	--- a/lib/pleroma/object/fetcher.ex
	+++ b/lib/pleroma/object/fetcher.ex
	@@ -1,192 +1,192 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Object.Fetcher do
	alias Pleroma.HTTP
	alias Pleroma.Object
	alias Pleroma.Object.Containment
	alias Pleroma.Repo
	alias Pleroma.Signature
	alias Pleroma.Web.ActivityPub.InternalFetchActor
	alias Pleroma.Web.ActivityPub.Transmogrifier

	require Logger
	require Pleroma.Constants

	defp touch_changeset(changeset) do
	updated_at =
	NaiveDateTime.utc_now()
	\|> NaiveDateTime.truncate(:second)

	Ecto.Changeset.put_change(changeset, :updated_at, updated_at)
	end

	defp maybe_reinject_internal_fields(data, %{data: %{} = old_data}) do
	internal_fields = Map.take(old_data, Pleroma.Constants.object_internal_fields())

	Map.merge(data, internal_fields)
	end

	defp maybe_reinject_internal_fields(data, _), do: data

	@spec reinject_object(struct(), map()) :: {:ok, Object.t()} \| {:error, any()}
	defp reinject_object(struct, data) do
	Logger.debug("Reinjecting object #{data["id"]}")

	with data <- Transmogrifier.fix_object(data),
	data <- maybe_reinject_internal_fields(data, struct),
	changeset <- Object.change(struct, %{data: data}),
	changeset <- touch_changeset(changeset),
	{:ok, object} <- Repo.insert_or_update(changeset),
	{:ok, object} <- Object.set_cache(object) do
	{:ok, object}
	else
	e ->
	Logger.error("Error while processing object: #{inspect(e)}")
	{:error, e}
	end
	end

	def refetch_object(%Object{data: %{"id" => id}} = object) do
	with {:local, false} <- {:local, Object.local?(object)},
	{:ok, data} <- fetch_and_contain_remote_object_from_id(id),
	{:ok, object} <- reinject_object(object, data) do
	{:ok, object}
	else
	{:local, true} -> {:ok, object}
	e -> {:error, e}
	end
	end

	# TODO:
	# This will create a Create activity, which we need internally at the moment.
	def fetch_object_from_id(id, options \\ []) do
	with {:fetch_object, nil} <- {:fetch_object, Object.get_cached_by_ap_id(id)},
	{:fetch, {:ok, data}} <- {:fetch, fetch_and_contain_remote_object_from_id(id)},
	{:normalize, nil} <- {:normalize, Object.normalize(data, false)},
	params <- prepare_activity_params(data),
	{:containment, :ok} <- {:containment, Containment.contain_origin(id, params)},
	{:transmogrifier, {:ok, activity}} <-
	{:transmogrifier, Transmogrifier.handle_incoming(params, options)},
	{:object, _data, %Object{} = object} <-
	{:object, data, Object.normalize(activity, false)} do
	{:ok, object}
	else
	{:containment, _} ->
	{:error, "Object containment failed."}

	{:transmogrifier, {:error, {:reject, nil}}} ->
	{:reject, nil}

	{:transmogrifier, _} ->
	{:error, "Transmogrifier failure."}

	{:object, data, nil} ->
	reinject_object(%Object{}, data)

	{:normalize, object = %Object{}} ->
	{:ok, object}

	{:fetch_object, %Object{} = object} ->
	{:ok, object}

	{:fetch, {:error, error}} ->
	{:error, error}

	e ->
	e
	end
	end

	defp prepare_activity_params(data) do
	%{
	"type" => "Create",
	"to" => data["to"],
	"cc" => data["cc"],
	# Should we seriously keep this attributedTo thing?
	"actor" => data["actor"] \|\| data["attributedTo"],
	"object" => data
	}
	end

	def fetch_object_from_id!(id, options \\ []) do
	with {:ok, object} <- fetch_object_from_id(id, options) do
	object
	else
	{:error, %Tesla.Mock.Error{}} ->
	nil

	e ->
	Logger.error("Error while fetching #{id}: #{inspect(e)}")
	nil
	end
	end

	defp make_signature(id, date) do
	uri = URI.parse(id)

	signature =
	InternalFetchActor.get_actor()
	\|> Signature.sign(%{
	"(request-target)": "get #{uri.path}",
	host: uri.host,
	date: date
	})

	[{:Signature, signature}]
	end

	defp sign_fetch(headers, id, date) do
	if Pleroma.Config.get([:activitypub, :sign_object_fetches]) do
	headers ++ make_signature(id, date)
	else
	headers
	end
	end

	defp maybe_date_fetch(headers, date) do
	if Pleroma.Config.get([:activitypub, :sign_object_fetches]) do
	headers ++ [{:Date, date}]
	else
	headers
	end
	end

	def fetch_and_contain_remote_object_from_id(id) when is_binary(id) do
	- Logger.info("Fetching object #{id} via AP")
	+ Logger.debug("Fetching object #{id} via AP")

	date = Pleroma.Signature.signed_date()

	headers =
	[{:Accept, "application/activity+json"}]
	\|> maybe_date_fetch(date)
	\|> sign_fetch(id, date)

	Logger.debug("Fetch headers: #{inspect(headers)}")

	with {:scheme, true} <- {:scheme, String.starts_with?(id, "http")},
	{:ok, %{body: body, status: code}} when code in 200..299 <- HTTP.get(id, headers),
	{:ok, data} <- Jason.decode(body),
	:ok <- Containment.contain_origin_from_id(id, data) do
	{:ok, data}
	else
	{:ok, %{status: code}} when code in [404, 410] ->
	{:error, "Object has been deleted"}

	{:scheme, _} ->
	{:error, "Unsupported URI scheme"}

	{:error, e} ->
	{:error, e}

	e ->
	{:error, e}
	end
	end

	def fetch_and_contain_remote_object_from_id(%{"id" => id}),
	do: fetch_and_contain_remote_object_from_id(id)

	def fetch_and_contain_remote_object_from_id(_id), do: {:error, "id must be a string"}
	end
	diff --git a/lib/pleroma/utils.ex b/lib/pleroma/utils.ex
	new file mode 100644
	index 000000000..8d36a0001
	--- /dev/null
	+++ b/lib/pleroma/utils.ex
	@@ -0,0 +1,12 @@
	+# Pleroma: A lightweight social networking server
	+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	+# SPDX-License-Identifier: AGPL-3.0-only
	+
	+defmodule Pleroma.Utils do
	+ def compile_dir(dir) when is_binary(dir) do
	+ dir
	+ \|> File.ls!()
	+ \|> Enum.map(&Path.join(dir, &1))
	+ \|> Kernel.ParallelCompiler.compile()
	+ end
	+end
	diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex
	index 16e6b0057..60c9e7e64 100644
	--- a/lib/pleroma/web/activity_pub/activity_pub.ex
	+++ b/lib/pleroma/web/activity_pub/activity_pub.ex
	@@ -1,1422 +1,1414 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.ActivityPub.ActivityPub do
	alias Pleroma.Activity
	alias Pleroma.Activity.Ir.Topics
	alias Pleroma.Config
	alias Pleroma.Conversation
	alias Pleroma.Conversation.Participation
	alias Pleroma.Notification
	alias Pleroma.Object
	alias Pleroma.Object.Containment
	alias Pleroma.Object.Fetcher
	alias Pleroma.Pagination
	alias Pleroma.Repo
	alias Pleroma.Upload
	alias Pleroma.User
	alias Pleroma.Web.ActivityPub.MRF
	alias Pleroma.Web.ActivityPub.Transmogrifier
	alias Pleroma.Web.ActivityPub.Utils
	alias Pleroma.Web.Streamer
	alias Pleroma.Web.WebFinger
	alias Pleroma.Workers.BackgroundWorker

	import Ecto.Query
	import Pleroma.Web.ActivityPub.Utils
	import Pleroma.Web.ActivityPub.Visibility

	require Logger
	require Pleroma.Constants

	# For Announce activities, we filter the recipients based on following status for any actors
	# that match actual users. See issue #164 for more information about why this is necessary.
	defp get_recipients(%{"type" => "Announce"} = data) do
	to = Map.get(data, "to", [])
	cc = Map.get(data, "cc", [])
	bcc = Map.get(data, "bcc", [])
	actor = User.get_cached_by_ap_id(data["actor"])

	recipients =
	Enum.filter(Enum.concat([to, cc, bcc]), fn recipient ->
	case User.get_cached_by_ap_id(recipient) do
	nil -> true
	user -> User.following?(user, actor)
	end
	end)

	{recipients, to, cc}
	end

	defp get_recipients(%{"type" => "Create"} = data) do
	to = Map.get(data, "to", [])
	cc = Map.get(data, "cc", [])
	bcc = Map.get(data, "bcc", [])
	actor = Map.get(data, "actor", [])
	recipients = [to, cc, bcc, [actor]] \|> Enum.concat() \|> Enum.uniq()
	{recipients, to, cc}
	end

	defp get_recipients(data) do
	to = Map.get(data, "to", [])
	cc = Map.get(data, "cc", [])
	bcc = Map.get(data, "bcc", [])
	recipients = Enum.concat([to, cc, bcc])
	{recipients, to, cc}
	end

	defp check_actor_is_active(actor) do
	if not is_nil(actor) do
	with user <- User.get_cached_by_ap_id(actor),
	false <- user.deactivated do
	true
	else
	_e -> false
	end
	else
	true
	end
	end

	defp check_remote_limit(%{"object" => %{"content" => content}}) when not is_nil(content) do
	limit = Config.get([:instance, :remote_limit])
	String.length(content) <= limit
	end

	defp check_remote_limit(_), do: true

	def increase_note_count_if_public(actor, object) do
	if is_public?(object), do: User.increase_note_count(actor), else: {:ok, actor}
	end

	def decrease_note_count_if_public(actor, object) do
	if is_public?(object), do: User.decrease_note_count(actor), else: {:ok, actor}
	end

	def increase_replies_count_if_reply(%{
	"object" => %{"inReplyTo" => reply_ap_id} = object,
	"type" => "Create"
	}) do
	if is_public?(object) do
	Object.increase_replies_count(reply_ap_id)
	end
	end

	def increase_replies_count_if_reply(_create_data), do: :noop

	def decrease_replies_count_if_reply(%Object{
	data: %{"inReplyTo" => reply_ap_id} = object
	}) do
	if is_public?(object) do
	Object.decrease_replies_count(reply_ap_id)
	end
	end

	def decrease_replies_count_if_reply(_object), do: :noop

	def increase_poll_votes_if_vote(%{
	"object" => %{"inReplyTo" => reply_ap_id, "name" => name},
	"type" => "Create"
	}) do
	Object.increase_vote_count(reply_ap_id, name)
	end

	def increase_poll_votes_if_vote(_create_data), do: :noop

	def insert(map, local \\ true, fake \\ false, bypass_actor_check \\ false) when is_map(map) do
	with nil <- Activity.normalize(map),
	map <- lazy_put_activity_defaults(map, fake),
	true <- bypass_actor_check \|\| check_actor_is_active(map["actor"]),
	{_, true} <- {:remote_limit_error, check_remote_limit(map)},
	{:ok, map} <- MRF.filter(map),
	{recipients, _, _} = get_recipients(map),
	{:fake, false, map, recipients} <- {:fake, fake, map, recipients},
	{:containment, :ok} <- {:containment, Containment.contain_child(map)},
	{:ok, map, object} <- insert_full_object(map) do
	{:ok, activity} =
	Repo.insert(%Activity{
	data: map,
	local: local,
	actor: map["actor"],
	recipients: recipients
	})

	# Splice in the child object if we have one.
	activity =
	if not is_nil(object) do
	Map.put(activity, :object, object)
	else
	activity
	end

	BackgroundWorker.enqueue("fetch_data_for_activity", %{"activity_id" => activity.id})

	Notification.create_notifications(activity)

	conversation = create_or_bump_conversation(activity, map["actor"])
	participations = get_participations(conversation)
	stream_out(activity)
	stream_out_participations(participations)
	{:ok, activity}
	else
	%Activity{} = activity ->
	{:ok, activity}

	{:fake, true, map, recipients} ->
	activity = %Activity{
	data: map,
	local: local,
	actor: map["actor"],
	recipients: recipients,
	id: "pleroma:fakeid"
	}

	Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity)
	{:ok, activity}

	error ->
	{:error, error}
	end
	end

	defp create_or_bump_conversation(activity, actor) do
	with {:ok, conversation} <- Conversation.create_or_bump_for(activity),
	%User{} = user <- User.get_cached_by_ap_id(actor),
	Participation.mark_as_read(user, conversation) do
	{:ok, conversation}
	end
	end

	defp get_participations({:ok, conversation}) do
	conversation
	\|> Repo.preload(:participations, force: true)
	\|> Map.get(:participations)
	end

	defp get_participations(_), do: []

	def stream_out_participations(participations) do
	participations =
	participations
	\|> Repo.preload(:user)

	Streamer.stream("participation", participations)
	end

	def stream_out_participations(%Object{data: %{"context" => context}}, user) do
	with %Conversation{} = conversation <- Conversation.get_for_ap_id(context),
	conversation = Repo.preload(conversation, :participations),
	last_activity_id =
	fetch_latest_activity_id_for_context(conversation.ap_id, %{
	"user" => user,
	"blocking_user" => user
	}) do
	if last_activity_id do
	stream_out_participations(conversation.participations)
	end
	end
	end

	def stream_out_participations(_, _), do: :noop

	def stream_out(%Activity{data: %{"type" => data_type}} = activity)
	when data_type in ["Create", "Announce", "Delete"] do
	activity
	\|> Topics.get_activity_topics()
	\|> Streamer.stream(activity)
	end

	def stream_out(_activity) do
	:noop
	end

	def create(%{to: to, actor: actor, context: context, object: object} = params, fake \\ false) do
	additional = params[:additional] \|\| %{}
	# only accept false as false value
	local = !(params[:local] == false)
	published = params[:published]
	quick_insert? = Pleroma.Config.get([:env]) == :benchmark

	with create_data <-
	make_create_data(
	%{to: to, actor: actor, published: published, context: context, object: object},
	additional
	),
	{:ok, activity} <- insert(create_data, local, fake),
	{:fake, false, activity} <- {:fake, fake, activity},
	_ <- increase_replies_count_if_reply(create_data),
	_ <- increase_poll_votes_if_vote(create_data),
	{:quick_insert, false, activity} <- {:quick_insert, quick_insert?, activity},
	{:ok, _actor} <- increase_note_count_if_public(actor, activity),
	:ok <- maybe_federate(activity) do
	{:ok, activity}
	else
	{:quick_insert, true, activity} ->
	{:ok, activity}

	{:fake, true, activity} ->
	{:ok, activity}

	{:error, message} ->
	{:error, message}
	end
	end

	def listen(%{to: to, actor: actor, context: context, object: object} = params) do
	additional = params[:additional] \|\| %{}
	# only accept false as false value
	local = !(params[:local] == false)
	published = params[:published]

	with listen_data <-
	make_listen_data(
	%{to: to, actor: actor, published: published, context: context, object: object},
	additional
	),
	{:ok, activity} <- insert(listen_data, local),
	:ok <- maybe_federate(activity) do
	{:ok, activity}
	else
	{:error, message} ->
	{:error, message}
	end
	end

	def accept(params) do
	accept_or_reject("Accept", params)
	end

	def reject(params) do
	accept_or_reject("Reject", params)
	end

	def accept_or_reject(type, %{to: to, actor: actor, object: object} = params) do
	local = Map.get(params, :local, true)
	activity_id = Map.get(params, :activity_id, nil)

	with data <-
	%{"to" => to, "type" => type, "actor" => actor.ap_id, "object" => object}
	\|> Utils.maybe_put("id", activity_id),
	{:ok, activity} <- insert(data, local),
	:ok <- maybe_federate(activity) do
	{:ok, activity}
	end
	end

	def update(%{to: to, cc: cc, actor: actor, object: object} = params) do
	local = !(params[:local] == false)
	activity_id = params[:activity_id]

	with data <- %{
	"to" => to,
	"cc" => cc,
	"type" => "Update",
	"actor" => actor,
	"object" => object
	},
	data <- Utils.maybe_put(data, "id", activity_id),
	{:ok, activity} <- insert(data, local),
	:ok <- maybe_federate(activity) do
	{:ok, activity}
	end
	end

	def react_with_emoji(user, object, emoji, options \\ []) do
	with local <- Keyword.get(options, :local, true),
	activity_id <- Keyword.get(options, :activity_id, nil),
	Pleroma.Emoji.is_unicode_emoji?(emoji),
	reaction_data <- make_emoji_reaction_data(user, object, emoji, activity_id),
	{:ok, activity} <- insert(reaction_data, local),
	{:ok, object} <- add_emoji_reaction_to_object(activity, object),
	:ok <- maybe_federate(activity) do
	{:ok, activity, object}
	end
	end

	def unreact_with_emoji(user, reaction_id, options \\ []) do
	with local <- Keyword.get(options, :local, true),
	activity_id <- Keyword.get(options, :activity_id, nil),
	user_ap_id <- user.ap_id,
	%Activity{actor: ^user_ap_id} = reaction_activity <- Activity.get_by_ap_id(reaction_id),
	object <- Object.normalize(reaction_activity),
	unreact_data <- make_undo_data(user, reaction_activity, activity_id),
	{:ok, activity} <- insert(unreact_data, local),
	{:ok, object} <- remove_emoji_reaction_from_object(reaction_activity, object),
	:ok <- maybe_federate(activity) do
	{:ok, activity, object}
	end
	end

	# TODO: This is weird, maybe we shouldn't check here if we can make the activity.
	def like(
	%User{ap_id: ap_id} = user,
	%Object{data: %{"id" => _}} = object,
	activity_id \\ nil,
	local \\ true
	) do
	with nil <- get_existing_like(ap_id, object),
	like_data <- make_like_data(user, object, activity_id),
	{:ok, activity} <- insert(like_data, local),
	{:ok, object} <- add_like_to_object(activity, object),
	:ok <- maybe_federate(activity) do
	{:ok, activity, object}
	else
	%Activity{} = activity -> {:ok, activity, object}
	error -> {:error, error}
	end
	end

	def unlike(%User{} = actor, %Object{} = object, activity_id \\ nil, local \\ true) do
	with %Activity{} = like_activity <- get_existing_like(actor.ap_id, object),
	unlike_data <- make_unlike_data(actor, like_activity, activity_id),
	{:ok, unlike_activity} <- insert(unlike_data, local),
	{:ok, _activity} <- Repo.delete(like_activity),
	{:ok, object} <- remove_like_from_object(like_activity, object),
	:ok <- maybe_federate(unlike_activity) do
	{:ok, unlike_activity, like_activity, object}
	else
	_e -> {:ok, object}
	end
	end

	def announce(
	%User{ap_id: _} = user,
	%Object{data: %{"id" => _}} = object,
	activity_id \\ nil,
	local \\ true,
	public \\ true
	) do
	with true <- is_announceable?(object, user, public),
	announce_data <- make_announce_data(user, object, activity_id, public),
	{:ok, activity} <- insert(announce_data, local),
	{:ok, object} <- add_announce_to_object(activity, object),
	:ok <- maybe_federate(activity) do
	{:ok, activity, object}
	else
	error -> {:error, error}
	end
	end

	def unannounce(
	%User{} = actor,
	%Object{} = object,
	activity_id \\ nil,
	local \\ true
	) do
	with %Activity{} = announce_activity <- get_existing_announce(actor.ap_id, object),
	unannounce_data <- make_unannounce_data(actor, announce_activity, activity_id),
	{:ok, unannounce_activity} <- insert(unannounce_data, local),
	:ok <- maybe_federate(unannounce_activity),
	{:ok, _activity} <- Repo.delete(announce_activity),
	{:ok, object} <- remove_announce_from_object(announce_activity, object) do
	{:ok, unannounce_activity, object}
	else
	_e -> {:ok, object}
	end
	end

	def follow(follower, followed, activity_id \\ nil, local \\ true) do
	with data <- make_follow_data(follower, followed, activity_id),
	{:ok, activity} <- insert(data, local),
	:ok <- maybe_federate(activity),
	_ <- User.set_follow_state_cache(follower.ap_id, followed.ap_id, activity.data["state"]) do
	{:ok, activity}
	end
	end

	def unfollow(follower, followed, activity_id \\ nil, local \\ true) do
	with %Activity{} = follow_activity <- fetch_latest_follow(follower, followed),
	{:ok, follow_activity} <- update_follow_state(follow_activity, "cancelled"),
	unfollow_data <- make_unfollow_data(follower, followed, follow_activity, activity_id),
	{:ok, activity} <- insert(unfollow_data, local),
	:ok <- maybe_federate(activity) do
	{:ok, activity}
	end
	end

	def delete(%User{ap_id: ap_id, follower_address: follower_address} = user) do
	with data <- %{
	"to" => [follower_address],
	"type" => "Delete",
	"actor" => ap_id,
	"object" => %{"type" => "Person", "id" => ap_id}
	},
	{:ok, activity} <- insert(data, true, true, true),
	:ok <- maybe_federate(activity) do
	{:ok, user}
	end
	end

	def delete(%Object{data: %{"id" => id, "actor" => actor}} = object, options \\ []) do
	local = Keyword.get(options, :local, true)
	activity_id = Keyword.get(options, :activity_id, nil)
	actor = Keyword.get(options, :actor, actor)

	user = User.get_cached_by_ap_id(actor)
	to = (object.data["to"] \|\| []) ++ (object.data["cc"] \|\| [])

	with create_activity <- Activity.get_create_by_object_ap_id(id),
	data <-
	%{
	"type" => "Delete",
	"actor" => actor,
	"object" => id,
	"to" => to,
	"deleted_activity_id" => create_activity && create_activity.id
	}
	\|> maybe_put("id", activity_id),
	{:ok, activity} <- insert(data, local, false),
	{:ok, object, _create_activity} <- Object.delete(object),
	stream_out_participations(object, user),
	_ <- decrease_replies_count_if_reply(object),
	{:ok, _actor} <- decrease_note_count_if_public(user, object),
	:ok <- maybe_federate(activity) do
	{:ok, activity}
	end
	end

	@spec block(User.t(), User.t(), String.t() \| nil, boolean) :: {:ok, Activity.t() \| nil}
	def block(blocker, blocked, activity_id \\ nil, local \\ true) do
	outgoing_blocks = Config.get([:activitypub, :outgoing_blocks])
	unfollow_blocked = Config.get([:activitypub, :unfollow_blocked])

	if unfollow_blocked do
	follow_activity = fetch_latest_follow(blocker, blocked)
	if follow_activity, do: unfollow(blocker, blocked, nil, local)
	end

	with true <- outgoing_blocks,
	block_data <- make_block_data(blocker, blocked, activity_id),
	{:ok, activity} <- insert(block_data, local),
	:ok <- maybe_federate(activity) do
	{:ok, activity}
	else
	_e -> {:ok, nil}
	end
	end

	def unblock(blocker, blocked, activity_id \\ nil, local \\ true) do
	with %Activity{} = block_activity <- fetch_latest_block(blocker, blocked),
	unblock_data <- make_unblock_data(blocker, blocked, block_activity, activity_id),
	{:ok, activity} <- insert(unblock_data, local),
	:ok <- maybe_federate(activity) do
	{:ok, activity}
	end
	end

	@spec flag(map()) :: {:ok, Activity.t()} \| any
	def flag(
	%{
	actor: actor,
	context: _context,
	account: account,
	statuses: statuses,
	content: content
	} = params
	) do
	# only accept false as false value
	local = !(params[:local] == false)
	forward = !(params[:forward] == false)

	additional = params[:additional] \|\| %{}

	additional =
	if forward do
	Map.merge(additional, %{"to" => [], "cc" => [account.ap_id]})
	else
	Map.merge(additional, %{"to" => [], "cc" => []})
	end

	with flag_data <- make_flag_data(params, additional),
	{:ok, activity} <- insert(flag_data, local),
	{:ok, stripped_activity} <- strip_report_status_data(activity),
	:ok <- maybe_federate(stripped_activity) do
	Enum.each(User.all_superusers(), fn superuser ->
	superuser
	\|> Pleroma.Emails.AdminEmail.report(actor, account, statuses, content)
	\|> Pleroma.Emails.Mailer.deliver_async()
	end)

	{:ok, activity}
	end
	end

	def move(%User{} = origin, %User{} = target, local \\ true) do
	params = %{
	"type" => "Move",
	"actor" => origin.ap_id,
	"object" => origin.ap_id,
	"target" => target.ap_id
	}

	with true <- origin.ap_id in target.also_known_as,
	{:ok, activity} <- insert(params, local) do
	maybe_federate(activity)

	BackgroundWorker.enqueue("move_following", %{
	"origin_id" => origin.id,
	"target_id" => target.id
	})

	{:ok, activity}
	else
	false -> {:error, "Target account must have the origin in `alsoKnownAs`"}
	err -> err
	end
	end

	defp fetch_activities_for_context_query(context, opts) do
	public = [Pleroma.Constants.as_public()]

	recipients =
	if opts["user"],
	do: [opts["user"].ap_id \| User.following(opts["user"])] ++ public,
	else: public

	from(activity in Activity)
	\|> maybe_preload_objects(opts)
	\|> maybe_preload_bookmarks(opts)
	\|> maybe_set_thread_muted_field(opts)
	\|> restrict_blocked(opts)
	\|> restrict_recipients(recipients, opts["user"])
	\|> where(
	[activity],
	fragment(
	"?->>'type' = ? and ?->>'context' = ?",
	activity.data,
	"Create",
	activity.data,
	^context
	)
	)
	\|> exclude_poll_votes(opts)
	\|> exclude_id(opts)
	\|> order_by([activity], desc: activity.id)
	end

	@spec fetch_activities_for_context(String.t(), keyword() \| map()) :: [Activity.t()]
	def fetch_activities_for_context(context, opts \\ %{}) do
	context
	\|> fetch_activities_for_context_query(opts)
	\|> Repo.all()
	end

	@spec fetch_latest_activity_id_for_context(String.t(), keyword() \| map()) ::
	FlakeId.Ecto.CompatType.t() \| nil
	def fetch_latest_activity_id_for_context(context, opts \\ %{}) do
	context
	\|> fetch_activities_for_context_query(Map.merge(%{"skip_preload" => true}, opts))
	\|> limit(1)
	\|> select([a], a.id)
	\|> Repo.one()
	end

	def fetch_public_activities(opts \\ %{}, pagination \\ :keyset) do
	opts = Map.drop(opts, ["user"])

	[Pleroma.Constants.as_public()]
	\|> fetch_activities_query(opts)
	\|> restrict_unlisted()
	\|> Pagination.fetch_paginated(opts, pagination)
	end

	@valid_visibilities ~w[direct unlisted public private]

	defp restrict_visibility(query, %{visibility: visibility})
	when is_list(visibility) do
	if Enum.all?(visibility, &(&1 in @valid_visibilities)) do
	query =
	from(
	a in query,
	where:
	fragment(
	"activity_visibility(?, ?, ?) = ANY (?)",
	a.actor,
	a.recipients,
	a.data,
	^visibility
	)
	)

	query
	else
	Logger.error("Could not restrict visibility to #{visibility}")
	end
	end

	defp restrict_visibility(query, %{visibility: visibility})
	when visibility in @valid_visibilities do
	from(
	a in query,
	where:
	fragment("activity_visibility(?, ?, ?) = ?", a.actor, a.recipients, a.data, ^visibility)
	)
	end

	defp restrict_visibility(_query, %{visibility: visibility})
	when visibility not in @valid_visibilities do
	Logger.error("Could not restrict visibility to #{visibility}")
	end

	defp restrict_visibility(query, _visibility), do: query

	defp exclude_visibility(query, %{"exclude_visibilities" => visibility})
	when is_list(visibility) do
	if Enum.all?(visibility, &(&1 in @valid_visibilities)) do
	from(
	a in query,
	where:
	not fragment(
	"activity_visibility(?, ?, ?) = ANY (?)",
	a.actor,
	a.recipients,
	a.data,
	^visibility
	)
	)
	else
	Logger.error("Could not exclude visibility to #{visibility}")
	query
	end
	end

	defp exclude_visibility(query, %{"exclude_visibilities" => visibility})
	when visibility in @valid_visibilities do
	from(
	a in query,
	where:
	not fragment(
	"activity_visibility(?, ?, ?) = ?",
	a.actor,
	a.recipients,
	a.data,
	^visibility
	)
	)
	end

	defp exclude_visibility(query, %{"exclude_visibilities" => visibility})
	when visibility not in @valid_visibilities do
	Logger.error("Could not exclude visibility to #{visibility}")
	query
	end

	defp exclude_visibility(query, _visibility), do: query

	defp restrict_thread_visibility(query, _, %{skip_thread_containment: true} = _),
	do: query

	defp restrict_thread_visibility(
	query,
	%{"user" => %User{skip_thread_containment: true}},
	_
	),
	do: query

	defp restrict_thread_visibility(query, %{"user" => %User{ap_id: ap_id}}, _) do
	from(
	a in query,
	where: fragment("thread_visibility(?, (?)->>'id') = true", ^ap_id, a.data)
	)
	end

	defp restrict_thread_visibility(query, _, _), do: query

	def fetch_user_abstract_activities(user, reading_user, params \\ %{}) do
	params =
	params
	\|> Map.put("user", reading_user)
	\|> Map.put("actor_id", user.ap_id)
	\|> Map.put("whole_db", true)

	recipients =
	user_activities_recipients(%{
	"godmode" => params["godmode"],
	"reading_user" => reading_user
	})

	fetch_activities(recipients, params)
	\|> Enum.reverse()
	end

	def fetch_user_activities(user, reading_user, params \\ %{}) do
	params =
	params
	\|> Map.put("type", ["Create", "Announce"])
	\|> Map.put("user", reading_user)
	\|> Map.put("actor_id", user.ap_id)
	\|> Map.put("whole_db", true)
	\|> Map.put("pinned_activity_ids", user.pinned_activities)

	params =
	if User.blocks?(reading_user, user) do
	params
	else
	params
	\|> Map.put("blocking_user", reading_user)
	\|> Map.put("muting_user", reading_user)
	end

	recipients =
	user_activities_recipients(%{
	"godmode" => params["godmode"],
	"reading_user" => reading_user
	})

	fetch_activities(recipients, params)
	\|> Enum.reverse()
	end

	def fetch_instance_activities(params) do
	params =
	params
	\|> Map.put("type", ["Create", "Announce"])
	\|> Map.put("instance", params["instance"])
	\|> Map.put("whole_db", true)

	fetch_activities([Pleroma.Constants.as_public()], params, :offset)
	\|> Enum.reverse()
	end

	defp user_activities_recipients(%{"godmode" => true}) do
	[]
	end

	defp user_activities_recipients(%{"reading_user" => reading_user}) do
	if reading_user do
	[Pleroma.Constants.as_public()] ++ [reading_user.ap_id \| User.following(reading_user)]
	else
	[Pleroma.Constants.as_public()]
	end
	end

	defp restrict_since(query, %{"since_id" => ""}), do: query

	defp restrict_since(query, %{"since_id" => since_id}) do
	from(activity in query, where: activity.id > ^since_id)
	end

	defp restrict_since(query, _), do: query

	defp restrict_tag_reject(_query, %{"tag_reject" => _tag_reject, "skip_preload" => true}) do
	raise "Can't use the child object without preloading!"
	end

	defp restrict_tag_reject(query, %{"tag_reject" => tag_reject})
	when is_list(tag_reject) and tag_reject != [] do
	from(
	[_activity, object] in query,
	where: fragment("not (?)->'tag' \\?\| (?)", object.data, ^tag_reject)
	)
	end

	defp restrict_tag_reject(query, _), do: query

	defp restrict_tag_all(_query, %{"tag_all" => _tag_all, "skip_preload" => true}) do
	raise "Can't use the child object without preloading!"
	end

	defp restrict_tag_all(query, %{"tag_all" => tag_all})
	when is_list(tag_all) and tag_all != [] do
	from(
	[_activity, object] in query,
	where: fragment("(?)->'tag' \\?& (?)", object.data, ^tag_all)
	)
	end

	defp restrict_tag_all(query, _), do: query

	defp restrict_tag(_query, %{"tag" => _tag, "skip_preload" => true}) do
	raise "Can't use the child object without preloading!"
	end

	defp restrict_tag(query, %{"tag" => tag}) when is_list(tag) do
	from(
	[_activity, object] in query,
	where: fragment("(?)->'tag' \\?\| (?)", object.data, ^tag)
	)
	end

	defp restrict_tag(query, %{"tag" => tag}) when is_binary(tag) do
	from(
	[_activity, object] in query,
	where: fragment("(?)->'tag' \\? (?)", object.data, ^tag)
	)
	end

	defp restrict_tag(query, _), do: query

	defp restrict_recipients(query, [], _user), do: query

	defp restrict_recipients(query, recipients, nil) do
	from(activity in query, where: fragment("? && ?", ^recipients, activity.recipients))
	end

	defp restrict_recipients(query, recipients, user) do
	from(
	activity in query,
	where: fragment("? && ?", ^recipients, activity.recipients),
	or_where: activity.actor == ^user.ap_id
	)
	end

	defp restrict_local(query, %{"local_only" => true}) do
	from(activity in query, where: activity.local == true)
	end

	defp restrict_local(query, _), do: query

	defp restrict_actor(query, %{"actor_id" => actor_id}) do
	from(activity in query, where: activity.actor == ^actor_id)
	end

	defp restrict_actor(query, _), do: query

	defp restrict_type(query, %{"type" => type}) when is_binary(type) do
	from(activity in query, where: fragment("?->>'type' = ?", activity.data, ^type))
	end

	defp restrict_type(query, %{"type" => type}) do
	from(activity in query, where: fragment("?->>'type' = ANY(?)", activity.data, ^type))
	end

	defp restrict_type(query, _), do: query

	defp restrict_state(query, %{"state" => state}) do
	from(activity in query, where: fragment("?->>'state' = ?", activity.data, ^state))
	end

	defp restrict_state(query, _), do: query

	defp restrict_favorited_by(query, %{"favorited_by" => ap_id}) do
	from(
	[_activity, object] in query,
	where: fragment("(?)->'likes' \\? (?)", object.data, ^ap_id)
	)
	end

	defp restrict_favorited_by(query, _), do: query

	defp restrict_media(_query, %{"only_media" => _val, "skip_preload" => true}) do
	raise "Can't use the child object without preloading!"
	end

	defp restrict_media(query, %{"only_media" => val}) when val == "true" or val == "1" do
	from(
	[_activity, object] in query,
	where: fragment("not (?)->'attachment' = (?)", object.data, ^[])
	)
	end

	defp restrict_media(query, _), do: query

	defp restrict_replies(query, %{"exclude_replies" => val}) when val == "true" or val == "1" do
	from(
	[_activity, object] in query,
	where: fragment("?->>'inReplyTo' is null", object.data)
	)
	end

	defp restrict_replies(query, _), do: query

	defp restrict_reblogs(query, %{"exclude_reblogs" => val}) when val == "true" or val == "1" do
	from(activity in query, where: fragment("?->>'type' != 'Announce'", activity.data))
	end

	defp restrict_reblogs(query, _), do: query

	defp restrict_muted(query, %{"with_muted" => val}) when val in [true, "true", "1"], do: query

	defp restrict_muted(query, %{"muting_user" => %User{} = user} = opts) do
	mutes = opts["muted_users_ap_ids"] \|\| User.muted_users_ap_ids(user)

	query =
	from([activity] in query,
	where: fragment("not (? = ANY(?))", activity.actor, ^mutes),
	where: fragment("not (?->'to' \\?\| ?)", activity.data, ^mutes)
	)

	unless opts["skip_preload"] do
	from([thread_mute: tm] in query, where: is_nil(tm.user_id))
	else
	query
	end
	end

	defp restrict_muted(query, _), do: query

	defp restrict_blocked(query, %{"blocking_user" => %User{} = user} = opts) do
	blocked_ap_ids = opts["blocked_users_ap_ids"] \|\| User.blocked_users_ap_ids(user)
	domain_blocks = user.domain_blocks \|\| []

	following_ap_ids = User.get_friends_ap_ids(user)

	query =
	if has_named_binding?(query, :object), do: query, else: Activity.with_joined_object(query)

	from(
	[activity, object: o] in query,
	where: fragment("not (? = ANY(?))", activity.actor, ^blocked_ap_ids),
	where: fragment("not (? && ?)", activity.recipients, ^blocked_ap_ids),
	where:
	fragment(
	"not (?->>'type' = 'Announce' and ?->'to' \\?\| ?)",
	activity.data,
	activity.data,
	^blocked_ap_ids
	),
	where:
	fragment(
	"(not (split_part(?, '/', 3) = ANY(?))) or ? = ANY(?)",
	activity.actor,
	^domain_blocks,
	activity.actor,
	^following_ap_ids
	),
	where:
	fragment(
	"(not (split_part(?->>'actor', '/', 3) = ANY(?))) or (?->>'actor') = ANY(?)",
	o.data,
	^domain_blocks,
	o.data,
	^following_ap_ids
	)
	)
	end

	defp restrict_blocked(query, _), do: query

	defp restrict_unlisted(query) do
	from(
	activity in query,
	where:
	fragment(
	"not (coalesce(?->'cc', '{}'::jsonb) \\?\| ?)",
	activity.data,
	^[Pleroma.Constants.as_public()]
	)
	)
	end

	defp restrict_pinned(query, %{"pinned" => "true", "pinned_activity_ids" => ids}) do
	from(activity in query, where: activity.id in ^ids)
	end

	defp restrict_pinned(query, _), do: query

	defp restrict_muted_reblogs(query, %{"muting_user" => %User{} = user} = opts) do
	muted_reblogs = opts["reblog_muted_users_ap_ids"] \|\| User.reblog_muted_users_ap_ids(user)

	from(
	activity in query,
	where:
	fragment(
	"not ( ?->>'type' = 'Announce' and ? = ANY(?))",
	activity.data,
	activity.actor,
	^muted_reblogs
	)
	)
	end

	defp restrict_muted_reblogs(query, _), do: query

	defp restrict_instance(query, %{"instance" => instance}) do
	users =
	from(
	u in User,
	select: u.ap_id,
	where: fragment("? LIKE ?", u.nickname, ^"%@#{instance}")
	)
	\|> Repo.all()

	from(activity in query, where: activity.actor in ^users)
	end

	defp restrict_instance(query, _), do: query

	defp exclude_poll_votes(query, %{"include_poll_votes" => true}), do: query

	defp exclude_poll_votes(query, _) do
	if has_named_binding?(query, :object) do
	from([activity, object: o] in query,
	where: fragment("not(?->>'type' = ?)", o.data, "Answer")
	)
	else
	query
	end
	end

	defp exclude_id(query, %{"exclude_id" => id}) when is_binary(id) do
	from(activity in query, where: activity.id != ^id)
	end

	defp exclude_id(query, _), do: query

	defp maybe_preload_objects(query, %{"skip_preload" => true}), do: query

	defp maybe_preload_objects(query, _) do
	query
	\|> Activity.with_preloaded_object()
	end

	defp maybe_preload_bookmarks(query, %{"skip_preload" => true}), do: query

	defp maybe_preload_bookmarks(query, opts) do
	query
	\|> Activity.with_preloaded_bookmark(opts["user"])
	end

	defp maybe_preload_report_notes(query, %{"preload_report_notes" => true}) do
	query
	\|> Activity.with_preloaded_report_notes()
	end

	defp maybe_preload_report_notes(query, _), do: query

	defp maybe_set_thread_muted_field(query, %{"skip_preload" => true}), do: query

	defp maybe_set_thread_muted_field(query, opts) do
	query
	\|> Activity.with_set_thread_muted_field(opts["muting_user"] \|\| opts["user"])
	end

	defp maybe_order(query, %{order: :desc}) do
	query
	\|> order_by(desc: :id)
	end

	defp maybe_order(query, %{order: :asc}) do
	query
	\|> order_by(asc: :id)
	end

	defp maybe_order(query, _), do: query

	defp fetch_activities_query_ap_ids_ops(opts) do
	source_user = opts["muting_user"]
	ap_id_relations = if source_user, do: [:mute, :reblog_mute], else: []

	ap_id_relations =
	ap_id_relations ++
	if opts["blocking_user"] && opts["blocking_user"] == source_user do
	[:block]
	else
	[]
	end

	preloaded_ap_ids = User.outgoing_relations_ap_ids(source_user, ap_id_relations)

	restrict_blocked_opts = Map.merge(%{"blocked_users_ap_ids" => preloaded_ap_ids[:block]}, opts)
	restrict_muted_opts = Map.merge(%{"muted_users_ap_ids" => preloaded_ap_ids[:mute]}, opts)

	restrict_muted_reblogs_opts =
	Map.merge(%{"reblog_muted_users_ap_ids" => preloaded_ap_ids[:reblog_mute]}, opts)

	{restrict_blocked_opts, restrict_muted_opts, restrict_muted_reblogs_opts}
	end

	def fetch_activities_query(recipients, opts \\ %{}) do
	{restrict_blocked_opts, restrict_muted_opts, restrict_muted_reblogs_opts} =
	fetch_activities_query_ap_ids_ops(opts)

	config = %{
	skip_thread_containment: Config.get([:instance, :skip_thread_containment])
	}

	Activity
	\|> maybe_preload_objects(opts)
	\|> maybe_preload_bookmarks(opts)
	\|> maybe_preload_report_notes(opts)
	\|> maybe_set_thread_muted_field(opts)
	\|> maybe_order(opts)
	\|> restrict_recipients(recipients, opts["user"])
	\|> restrict_tag(opts)
	\|> restrict_tag_reject(opts)
	\|> restrict_tag_all(opts)
	\|> restrict_since(opts)
	\|> restrict_local(opts)
	\|> restrict_actor(opts)
	\|> restrict_type(opts)
	\|> restrict_state(opts)
	\|> restrict_favorited_by(opts)
	\|> restrict_blocked(restrict_blocked_opts)
	\|> restrict_muted(restrict_muted_opts)
	\|> restrict_media(opts)
	\|> restrict_visibility(opts)
	\|> restrict_thread_visibility(opts, config)
	\|> restrict_replies(opts)
	\|> restrict_reblogs(opts)
	\|> restrict_pinned(opts)
	\|> restrict_muted_reblogs(restrict_muted_reblogs_opts)
	\|> restrict_instance(opts)
	\|> Activity.restrict_deactivated_users()
	\|> exclude_poll_votes(opts)
	\|> exclude_visibility(opts)
	end

	def fetch_activities(recipients, opts \\ %{}, pagination \\ :keyset) do
	list_memberships = Pleroma.List.memberships(opts["user"])

	fetch_activities_query(recipients ++ list_memberships, opts)
	\|> Pagination.fetch_paginated(opts, pagination)
	\|> Enum.reverse()
	\|> maybe_update_cc(list_memberships, opts["user"])
	end

	@doc """
	Fetch favorites activities of user with order by sort adds to favorites
	"""
	@spec fetch_favourites(User.t(), map(), atom()) :: list(Activity.t())
	def fetch_favourites(user, params \\ %{}, pagination \\ :keyset) do
	user.ap_id
	\|> Activity.Queries.by_actor()
	\|> Activity.Queries.by_type("Like")
	\|> Activity.with_joined_object()
	\|> Object.with_joined_activity()
	\|> select([_like, object, activity], %{activity \| object: object})
	\|> order_by([like, _, _], desc: like.id)
	\|> Pagination.fetch_paginated(
	Map.merge(params, %{"skip_order" => true}),
	pagination,
	:object_activity
	)
	end

	defp maybe_update_cc(activities, list_memberships, %User{ap_id: user_ap_id})
	when is_list(list_memberships) and length(list_memberships) > 0 do
	Enum.map(activities, fn
	%{data: %{"bcc" => bcc}} = activity when is_list(bcc) and length(bcc) > 0 ->
	if Enum.any?(bcc, &(&1 in list_memberships)) do
	update_in(activity.data["cc"], &[user_ap_id \| &1])
	else
	activity
	end

	activity ->
	activity
	end)
	end

	defp maybe_update_cc(activities, _, _), do: activities

	def fetch_activities_bounded_query(query, recipients, recipients_with_public) do
	from(activity in query,
	where:
	fragment("? && ?", activity.recipients, ^recipients) or
	(fragment("? && ?", activity.recipients, ^recipients_with_public) and
	^Pleroma.Constants.as_public() in activity.recipients)
	)
	end

	def fetch_activities_bounded(
	recipients,
	recipients_with_public,
	opts \\ %{},
	pagination \\ :keyset
	) do
	fetch_activities_query([], opts)
	\|> fetch_activities_bounded_query(recipients, recipients_with_public)
	\|> Pagination.fetch_paginated(opts, pagination)
	\|> Enum.reverse()
	end

	def upload(file, opts \\ []) do
	with {:ok, data} <- Upload.store(file, opts) do
	obj_data =
	if opts[:actor] do
	Map.put(data, "actor", opts[:actor])
	else
	data
	end

	Repo.insert(%Object{data: obj_data})
	end
	end

	defp object_to_user_data(data) do
	avatar =
	data["icon"]["url"] &&
	%{
	"type" => "Image",
	"url" => [%{"href" => data["icon"]["url"]}]
	}

	banner =
	data["image"]["url"] &&
	%{
	"type" => "Image",
	"url" => [%{"href" => data["image"]["url"]}]
	}

	fields =
	data
	\|> Map.get("attachment", [])
	\|> Enum.filter(fn %{"type" => t} -> t == "PropertyValue" end)
	\|> Enum.map(fn fields -> Map.take(fields, ["name", "value"]) end)

	locked = data["manuallyApprovesFollowers"] \|\| false
	data = Transmogrifier.maybe_fix_user_object(data)
	discoverable = data["discoverable"] \|\| false
	invisible = data["invisible"] \|\| false
	actor_type = data["type"] \|\| "Person"

	user_data = %{
	ap_id: data["id"],
	ap_enabled: true,
	source_data: data,
	banner: banner,
	fields: fields,
	locked: locked,
	discoverable: discoverable,
	invisible: invisible,
	avatar: avatar,
	name: data["name"],
	follower_address: data["followers"],
	following_address: data["following"],
	bio: data["summary"],
	actor_type: actor_type,
	also_known_as: Map.get(data, "alsoKnownAs", [])
	}

	# nickname can be nil because of virtual actors
	user_data =
	if data["preferredUsername"] do
	Map.put(
	user_data,
	:nickname,
	"#{data["preferredUsername"]}@#{URI.parse(data["id"]).host}"
	)
	else
	Map.put(user_data, :nickname, nil)
	end

	{:ok, user_data}
	end

	def fetch_follow_information_for_user(user) do
	with {:ok, following_data} <-
	Fetcher.fetch_and_contain_remote_object_from_id(user.following_address),
	- following_count when is_integer(following_count) <- following_data["totalItems"],
	{:ok, hide_follows} <- collection_private(following_data),
	{:ok, followers_data} <-
	Fetcher.fetch_and_contain_remote_object_from_id(user.follower_address),
	- followers_count when is_integer(followers_count) <- followers_data["totalItems"],
	{:ok, hide_followers} <- collection_private(followers_data) do
	{:ok,
	%{
	hide_follows: hide_follows,
	- follower_count: followers_count,
	- following_count: following_count,
	+ follower_count: normalize_counter(followers_data["totalItems"]),
	+ following_count: normalize_counter(following_data["totalItems"]),
	hide_followers: hide_followers
	}}
	else
	- {:error, _} = e ->
	- e
	-
	- e ->
	- {:error, e}
	+ {:error, _} = e -> e
	+ e -> {:error, e}
	end
	end

	+ defp normalize_counter(counter) when is_integer(counter), do: counter
	+ defp normalize_counter(_), do: 0
	+
	defp maybe_update_follow_information(data) do
	with {:enabled, true} <-
	{:enabled, Pleroma.Config.get([:instance, :external_user_synchronization])},
	{:ok, info} <- fetch_follow_information_for_user(data) do
	info = Map.merge(data[:info] \|\| %{}, info)
	Map.put(data, :info, info)
	else
	{:enabled, false} ->
	data

	e ->
	Logger.error(
	"Follower/Following counter update for #{data.ap_id} failed.\n" <> inspect(e)
	)

	data
	end
	end

	+ defp collection_private(%{"first" => %{"type" => type}})
	+ when type in ["CollectionPage", "OrderedCollectionPage"],
	+ do: {:ok, false}
	+
	defp collection_private(%{"first" => first}) do
	- if is_map(first) and
	- first["type"] in ["CollectionPage", "OrderedCollectionPage"] do
	+ with {:ok, %{"type" => type}} when type in ["CollectionPage", "OrderedCollectionPage"] <-
	+ Fetcher.fetch_and_contain_remote_object_from_id(first) do
	{:ok, false}
	else
	- with {:ok, %{"type" => type}} when type in ["CollectionPage", "OrderedCollectionPage"] <-
	- Fetcher.fetch_and_contain_remote_object_from_id(first) do
	- {:ok, false}
	- else
	- {:error, {:ok, %{status: code}}} when code in [401, 403] ->
	- {:ok, true}
	-
	- {:error, _} = e ->
	- e
	-
	- e ->
	- {:error, e}
	- end
	+ {:error, {:ok, %{status: code}}} when code in [401, 403] -> {:ok, true}
	+ {:error, _} = e -> e
	+ e -> {:error, e}
	end
	end

	defp collection_private(_data), do: {:ok, true}

	def user_data_from_user_object(data) do
	with {:ok, data} <- MRF.filter(data),
	{:ok, data} <- object_to_user_data(data) do
	{:ok, data}
	else
	e -> {:error, e}
	end
	end

	def fetch_and_prepare_user_from_ap_id(ap_id) do
	with {:ok, data} <- Fetcher.fetch_and_contain_remote_object_from_id(ap_id),
	{:ok, data} <- user_data_from_user_object(data),
	data <- maybe_update_follow_information(data) do
	{:ok, data}
	else
	e ->
	Logger.error("Could not decode user at fetch #{ap_id}, #{inspect(e)}")
	{:error, e}
	end
	end

	def make_user_from_ap_id(ap_id) do
	if _user = User.get_cached_by_ap_id(ap_id) do
	Transmogrifier.upgrade_user_from_ap_id(ap_id)
	else
	with {:ok, data} <- fetch_and_prepare_user_from_ap_id(ap_id) do
	User.insert_or_update_user(data)
	else
	e -> {:error, e}
	end
	end
	end

	def make_user_from_nickname(nickname) do
	with {:ok, %{"ap_id" => ap_id}} when not is_nil(ap_id) <- WebFinger.finger(nickname) do
	make_user_from_ap_id(ap_id)
	else
	_e -> {:error, "No AP id in WebFinger"}
	end
	end

	# filter out broken threads
	def contain_broken_threads(%Activity{} = activity, %User{} = user) do
	entire_thread_visible_for_user?(activity, user)
	end

	# do post-processing on a specific activity
	def contain_activity(%Activity{} = activity, %User{} = user) do
	contain_broken_threads(activity, user)
	end

	def fetch_direct_messages_query do
	Activity
	\|> restrict_type(%{"type" => "Create"})
	\|> restrict_visibility(%{visibility: "direct"})
	\|> order_by([activity], asc: activity.id)
	end
	end
	diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
	index dec5da0d3..5059e3984 100644
	--- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex
	+++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex
	@@ -1,509 +1,509 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.ActivityPub.ActivityPubController do
	use Pleroma.Web, :controller

	alias Pleroma.Activity
	alias Pleroma.Delivery
	alias Pleroma.Object
	alias Pleroma.Object.Fetcher
	alias Pleroma.User
	alias Pleroma.Web.ActivityPub.ActivityPub
	alias Pleroma.Web.ActivityPub.InternalFetchActor
	alias Pleroma.Web.ActivityPub.ObjectView
	alias Pleroma.Web.ActivityPub.Relay
	alias Pleroma.Web.ActivityPub.Transmogrifier
	alias Pleroma.Web.ActivityPub.UserView
	alias Pleroma.Web.ActivityPub.Utils
	alias Pleroma.Web.ActivityPub.Visibility
	alias Pleroma.Web.Federator

	require Logger

	action_fallback(:errors)

	plug(
	Pleroma.Plugs.Cache,
	[query_params: false, tracking_fun: &__MODULE__.track_object_fetch/2]
	when action in [:activity, :object]
	)

	plug(Pleroma.Web.FederatingPlug when action in [:inbox, :relay])
	plug(:set_requester_reachable when action in [:inbox])
	plug(:relay_active? when action in [:relay])

	def relay_active?(conn, _) do
	if Pleroma.Config.get([:instance, :allow_relay]) do
	conn
	else
	conn
	\|> render_error(:not_found, "not found")
	\|> halt()
	end
	end

	def user(conn, %{"nickname" => nickname}) do
	with %User{local: true} = user <- User.get_cached_by_nickname(nickname),
	{:ok, user} <- User.ensure_keys_present(user) do
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("user.json", %{user: user})
	else
	nil -> {:error, :not_found}
	%{local: false} -> {:error, :not_found}
	end
	end

	def object(conn, %{"uuid" => uuid}) do
	with ap_id <- o_status_url(conn, :object, uuid),
	%Object{} = object <- Object.get_cached_by_ap_id(ap_id),
	{_, true} <- {:public?, Visibility.is_public?(object)} do
	conn
	\|> assign(:tracking_fun_data, object.id)
	\|> set_cache_ttl_for(object)
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(ObjectView)
	\|> render("object.json", object: object)
	else
	{:public?, false} ->
	{:error, :not_found}
	end
	end

	def track_object_fetch(conn, nil), do: conn

	def track_object_fetch(conn, object_id) do
	with %{assigns: %{user: %User{id: user_id}}} <- conn do
	Delivery.create(object_id, user_id)
	end

	conn
	end

	def activity(conn, %{"uuid" => uuid}) do
	with ap_id <- o_status_url(conn, :activity, uuid),
	%Activity{} = activity <- Activity.normalize(ap_id),
	{_, true} <- {:public?, Visibility.is_public?(activity)} do
	conn
	\|> maybe_set_tracking_data(activity)
	\|> set_cache_ttl_for(activity)
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(ObjectView)
	\|> render("object.json", object: activity)
	else
	{:public?, false} -> {:error, :not_found}
	nil -> {:error, :not_found}
	end
	end

	defp maybe_set_tracking_data(conn, %Activity{data: %{"type" => "Create"}} = activity) do
	object_id = Object.normalize(activity).id
	assign(conn, :tracking_fun_data, object_id)
	end

	defp maybe_set_tracking_data(conn, _activity), do: conn

	defp set_cache_ttl_for(conn, %Activity{object: object}) do
	set_cache_ttl_for(conn, object)
	end

	defp set_cache_ttl_for(conn, entity) do
	ttl =
	case entity do
	%Object{data: %{"type" => "Question"}} ->
	Pleroma.Config.get([:web_cache_ttl, :activity_pub_question])

	%Object{} ->
	Pleroma.Config.get([:web_cache_ttl, :activity_pub])

	_ ->
	nil
	end

	assign(conn, :cache_ttl, ttl)
	end

	# GET /relay/following
	def following(%{assigns: %{relay: true}} = conn, _params) do
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("following.json", %{user: Relay.get_actor()})
	end

	def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do
	with %User{} = user <- User.get_cached_by_nickname(nickname),
	{user, for_user} <- ensure_user_keys_present_and_maybe_refresh_for_user(user, for_user),
	{:show_follows, true} <-
	{:show_follows, (for_user && for_user == user) \|\| !user.hide_follows} do
	{page, _} = Integer.parse(page)

	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("following.json", %{user: user, page: page, for: for_user})
	else
	{:show_follows, _} ->
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> send_resp(403, "")
	end
	end

	def following(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname}) do
	with %User{} = user <- User.get_cached_by_nickname(nickname),
	{user, for_user} <- ensure_user_keys_present_and_maybe_refresh_for_user(user, for_user) do
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("following.json", %{user: user, for: for_user})
	end
	end

	# GET /relay/followers
	def followers(%{assigns: %{relay: true}} = conn, _params) do
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("followers.json", %{user: Relay.get_actor()})
	end

	def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname, "page" => page}) do
	with %User{} = user <- User.get_cached_by_nickname(nickname),
	{user, for_user} <- ensure_user_keys_present_and_maybe_refresh_for_user(user, for_user),
	{:show_followers, true} <-
	{:show_followers, (for_user && for_user == user) \|\| !user.hide_followers} do
	{page, _} = Integer.parse(page)

	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("followers.json", %{user: user, page: page, for: for_user})
	else
	{:show_followers, _} ->
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> send_resp(403, "")
	end
	end

	def followers(%{assigns: %{user: for_user}} = conn, %{"nickname" => nickname}) do
	with %User{} = user <- User.get_cached_by_nickname(nickname),
	{user, for_user} <- ensure_user_keys_present_and_maybe_refresh_for_user(user, for_user) do
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("followers.json", %{user: user, for: for_user})
	end
	end

	def outbox(conn, %{"nickname" => nickname, "page" => page?} = params)
	when page? in [true, "true"] do
	with %User{} = user <- User.get_cached_by_nickname(nickname),
	{:ok, user} <- User.ensure_keys_present(user) do
	activities =
	if params["max_id"] do
	ActivityPub.fetch_user_activities(user, nil, %{
	"max_id" => params["max_id"],
	# This is a hack because postgres generates inefficient queries when filtering by
	# 'Answer', poll votes will be hidden by the visibility filter in this case anyway
	"include_poll_votes" => true,
	"limit" => 10
	})
	else
	ActivityPub.fetch_user_activities(user, nil, %{
	"limit" => 10,
	"include_poll_votes" => true
	})
	end

	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("activity_collection_page.json", %{
	activities: activities,
	iri: "#{user.ap_id}/outbox"
	})
	end
	end

	def outbox(conn, %{"nickname" => nickname}) do
	with %User{} = user <- User.get_cached_by_nickname(nickname),
	{:ok, user} <- User.ensure_keys_present(user) do
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("activity_collection.json", %{iri: "#{user.ap_id}/outbox"})
	end
	end

	def inbox(%{assigns: %{valid_signature: true}} = conn, %{"nickname" => nickname} = params) do
	with %User{} = recipient <- User.get_cached_by_nickname(nickname),
	{:ok, %User{} = actor} <- User.get_or_fetch_by_ap_id(params["actor"]),
	true <- Utils.recipient_in_message(recipient, actor, params),
	params <- Utils.maybe_splice_recipient(recipient.ap_id, params) do
	Federator.incoming_ap_doc(params)
	json(conn, "ok")
	end
	end

	def inbox(%{assigns: %{valid_signature: true}} = conn, params) do
	Federator.incoming_ap_doc(params)
	json(conn, "ok")
	end

	# only accept relayed Creates
	def inbox(conn, %{"type" => "Create"} = params) do
	- Logger.info(
	+ Logger.debug(
	"Signature missing or not from author, relayed Create message, fetching object from source"
	)

	Fetcher.fetch_object_from_id(params["object"]["id"])

	json(conn, "ok")
	end

	def inbox(conn, params) do
	headers = Enum.into(conn.req_headers, %{})

	if String.contains?(headers["signature"], params["actor"]) do
	- Logger.info(
	+ Logger.debug(
	"Signature validation error for: #{params["actor"]}, make sure you are forwarding the HTTP Host header!"
	)

	- Logger.info(inspect(conn.req_headers))
	+ Logger.debug(inspect(conn.req_headers))
	end

	json(conn, dgettext("errors", "error"))
	end

	defp represent_service_actor(%User{} = user, conn) do
	with {:ok, user} <- User.ensure_keys_present(user) do
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("user.json", %{user: user})
	else
	nil -> {:error, :not_found}
	end
	end

	defp represent_service_actor(nil, _), do: {:error, :not_found}

	def relay(conn, _params) do
	Relay.get_actor()
	\|> represent_service_actor(conn)
	end

	def internal_fetch(conn, _params) do
	InternalFetchActor.get_actor()
	\|> represent_service_actor(conn)
	end

	@doc "Returns the authenticated user's ActivityPub User object or a 404 Not Found if non-authenticated"
	def whoami(%{assigns: %{user: %User{} = user}} = conn, _params) do
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("user.json", %{user: user})
	end

	def whoami(_conn, _params), do: {:error, :not_found}

	def read_inbox(
	%{assigns: %{user: %{nickname: nickname} = user}} = conn,
	%{"nickname" => nickname, "page" => page?} = params
	)
	when page? in [true, "true"] do
	activities =
	if params["max_id"] do
	ActivityPub.fetch_activities([user.ap_id \| User.following(user)], %{
	"max_id" => params["max_id"],
	"limit" => 10
	})
	else
	ActivityPub.fetch_activities([user.ap_id \| User.following(user)], %{"limit" => 10})
	end

	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("activity_collection_page.json", %{
	activities: activities,
	iri: "#{user.ap_id}/inbox"
	})
	end

	def read_inbox(%{assigns: %{user: %{nickname: nickname} = user}} = conn, %{
	"nickname" => nickname
	}) do
	with {:ok, user} <- User.ensure_keys_present(user) do
	conn
	\|> put_resp_content_type("application/activity+json")
	\|> put_view(UserView)
	\|> render("activity_collection.json", %{iri: "#{user.ap_id}/inbox"})
	end
	end

	def read_inbox(%{assigns: %{user: nil}} = conn, %{"nickname" => nickname}) do
	err = dgettext("errors", "can't read inbox of %{nickname}", nickname: nickname)

	conn
	\|> put_status(:forbidden)
	\|> json(err)
	end

	def read_inbox(%{assigns: %{user: %{nickname: as_nickname}}} = conn, %{
	"nickname" => nickname
	}) do
	err =
	dgettext("errors", "can't read inbox of %{nickname} as %{as_nickname}",
	nickname: nickname,
	as_nickname: as_nickname
	)

	conn
	\|> put_status(:forbidden)
	\|> json(err)
	end

	def handle_user_activity(user, %{"type" => "Create"} = params) do
	object =
	params["object"]
	\|> Map.merge(Map.take(params, ["to", "cc"]))
	\|> Map.put("attributedTo", user.ap_id())
	\|> Transmogrifier.fix_object()

	ActivityPub.create(%{
	to: params["to"],
	actor: user,
	context: object["context"],
	object: object,
	additional: Map.take(params, ["cc"])
	})
	end

	def handle_user_activity(user, %{"type" => "Delete"} = params) do
	with %Object{} = object <- Object.normalize(params["object"]),
	true <- user.is_moderator \|\| user.ap_id == object.data["actor"],
	{:ok, delete} <- ActivityPub.delete(object) do
	{:ok, delete}
	else
	_ -> {:error, dgettext("errors", "Can't delete object")}
	end
	end

	def handle_user_activity(user, %{"type" => "Like"} = params) do
	with %Object{} = object <- Object.normalize(params["object"]),
	{:ok, activity, _object} <- ActivityPub.like(user, object) do
	{:ok, activity}
	else
	_ -> {:error, dgettext("errors", "Can't like object")}
	end
	end

	def handle_user_activity(_, _) do
	{:error, dgettext("errors", "Unhandled activity type")}
	end

	def update_outbox(
	%{assigns: %{user: %User{nickname: nickname} = user}} = conn,
	%{"nickname" => nickname} = params
	) do
	actor = user.ap_id()

	params =
	params
	\|> Map.drop(["id"])
	\|> Map.put("actor", actor)
	\|> Transmogrifier.fix_addressing()

	with {:ok, %Activity{} = activity} <- handle_user_activity(user, params) do
	conn
	\|> put_status(:created)
	\|> put_resp_header("location", activity.data["id"])
	\|> json(activity.data)
	else
	{:error, message} ->
	conn
	\|> put_status(:bad_request)
	\|> json(message)
	end
	end

	def update_outbox(%{assigns: %{user: user}} = conn, %{"nickname" => nickname} = _) do
	err =
	dgettext("errors", "can't update outbox of %{nickname} as %{as_nickname}",
	nickname: nickname,
	as_nickname: user.nickname
	)

	conn
	\|> put_status(:forbidden)
	\|> json(err)
	end

	def errors(conn, {:error, :not_found}) do
	conn
	\|> put_status(:not_found)
	\|> json(dgettext("errors", "Not found"))
	end

	def errors(conn, _e) do
	conn
	\|> put_status(:internal_server_error)
	\|> json(dgettext("errors", "error"))
	end

	defp set_requester_reachable(%Plug.Conn{} = conn, _) do
	with actor <- conn.params["actor"],
	true <- is_binary(actor) do
	Pleroma.Instances.set_reachable(actor)
	end

	conn
	end

	defp ensure_user_keys_present_and_maybe_refresh_for_user(user, for_user) do
	{:ok, new_user} = User.ensure_keys_present(user)

	for_user =
	if new_user != user and match?(%User{}, for_user) do
	User.get_cached_by_nickname(for_user.nickname)
	else
	for_user
	end

	{new_user, for_user}
	end

	# TODO: Add support for "object" field
	@doc """
	Endpoint based on <https://www.w3.org/wiki/SocialCG/ActivityPub/MediaUpload>

	Parameters:
	- (required) `file`: data of the media
	- (optionnal) `description`: description of the media, intended for accessibility

	Response:
	- HTTP Code: 201 Created
	- HTTP Body: ActivityPub object to be inserted into another's `attachment` field
	"""
	def upload_media(%{assigns: %{user: user}} = conn, %{"file" => file} = data) do
	with {:ok, object} <-
	ActivityPub.upload(
	file,
	actor: User.ap_id(user),
	description: Map.get(data, "description")
	) do
	Logger.debug(inspect(object))

	conn
	\|> put_status(:created)
	\|> json(object.data)
	end
	end
	end
	diff --git a/lib/pleroma/web/activity_pub/mrf/drop_policy.ex b/lib/pleroma/web/activity_pub/mrf/drop_policy.ex
	index f7831bc3e..4a5709974 100644
	--- a/lib/pleroma/web/activity_pub/mrf/drop_policy.ex
	+++ b/lib/pleroma/web/activity_pub/mrf/drop_policy.ex
	@@ -1,18 +1,18 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.ActivityPub.MRF.DropPolicy do
	require Logger
	@moduledoc "Drop and log everything received"
	@behaviour Pleroma.Web.ActivityPub.MRF

	@impl true
	def filter(object) do
	- Logger.info("REJECTING #{inspect(object)}")
	+ Logger.debug("REJECTING #{inspect(object)}")
	{:reject, object}
	end

	@impl true
	def describe, do: {:ok, %{}}
	end
	diff --git a/lib/pleroma/web/activity_pub/mrf/mediaproxy_warming_policy.ex b/lib/pleroma/web/activity_pub/mrf/mediaproxy_warming_policy.ex
	index 26b8539fe..df774b0f7 100644
	--- a/lib/pleroma/web/activity_pub/mrf/mediaproxy_warming_policy.ex
	+++ b/lib/pleroma/web/activity_pub/mrf/mediaproxy_warming_policy.ex
	@@ -1,60 +1,60 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy do
	@moduledoc "Preloads any attachments in the MediaProxy cache by prefetching them"
	@behaviour Pleroma.Web.ActivityPub.MRF

	alias Pleroma.HTTP
	alias Pleroma.Web.MediaProxy
	alias Pleroma.Workers.BackgroundWorker

	require Logger

	@hackney_options [
	pool: :media,
	recv_timeout: 10_000
	]

	def perform(:prefetch, url) do
	- Logger.info("Prefetching #{inspect(url)}")
	+ Logger.debug("Prefetching #{inspect(url)}")

	url
	\|> MediaProxy.url()
	\|> HTTP.get([], adapter: @hackney_options)
	end

	def perform(:preload, %{"object" => %{"attachment" => attachments}} = _message) do
	Enum.each(attachments, fn
	%{"url" => url} when is_list(url) ->
	url
	\|> Enum.each(fn
	%{"href" => href} ->
	BackgroundWorker.enqueue("media_proxy_prefetch", %{"url" => href})

	x ->
	Logger.debug("Unhandled attachment URL object #{inspect(x)}")
	end)

	x ->
	Logger.debug("Unhandled attachment #{inspect(x)}")
	end)
	end

	@impl true
	def filter(
	%{"type" => "Create", "object" => %{"attachment" => attachments} = _object} = message
	)
	when is_list(attachments) and length(attachments) > 0 do
	BackgroundWorker.enqueue("media_proxy_preload", %{"message" => message})

	{:ok, message}
	end

	@impl true
	def filter(message), do: {:ok, message}

	@impl true
	def describe, do: {:ok, %{}}
	end
	diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex
	index 4073d3d63..db072bad2 100644
	--- a/lib/pleroma/web/activity_pub/publisher.ex
	+++ b/lib/pleroma/web/activity_pub/publisher.ex
	@@ -1,272 +1,272 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.ActivityPub.Publisher do
	alias Pleroma.Activity
	alias Pleroma.Config
	alias Pleroma.Delivery
	alias Pleroma.HTTP
	alias Pleroma.Instances
	alias Pleroma.Object
	alias Pleroma.Repo
	alias Pleroma.User
	alias Pleroma.Web.ActivityPub.Relay
	alias Pleroma.Web.ActivityPub.Transmogrifier

	require Pleroma.Constants

	import Pleroma.Web.ActivityPub.Visibility

	@behaviour Pleroma.Web.Federator.Publisher

	require Logger

	@moduledoc """
	ActivityPub outgoing federation module.
	"""

	@doc """
	Determine if an activity can be represented by running it through Transmogrifier.
	"""
	def is_representable?(%Activity{} = activity) do
	with {:ok, _data} <- Transmogrifier.prepare_outgoing(activity.data) do
	true
	else
	_e ->
	false
	end
	end

	@doc """
	Publish a single message to a peer. Takes a struct with the following
	parameters set:

	* `inbox`: the inbox to publish to
	* `json`: the JSON message body representing the ActivityPub message
	* `actor`: the actor which is signing the message
	* `id`: the ActivityStreams URI of the message
	"""
	def publish_one(%{inbox: inbox, json: json, actor: %User{} = actor, id: id} = params) do
	- Logger.info("Federating #{id} to #{inbox}")
	+ Logger.debug("Federating #{id} to #{inbox}")
	%{host: host, path: path} = URI.parse(inbox)

	digest = "SHA-256=" <> (:crypto.hash(:sha256, json) \|> Base.encode64())

	date = Pleroma.Signature.signed_date()

	signature =
	Pleroma.Signature.sign(actor, %{
	"(request-target)": "post #{path}",
	host: host,
	"content-length": byte_size(json),
	digest: digest,
	date: date
	})

	with {:ok, %{status: code}} when code in 200..299 <-
	result =
	HTTP.post(
	inbox,
	json,
	[
	{"Content-Type", "application/activity+json"},
	{"Date", date},
	{"signature", signature},
	{"digest", digest}
	]
	) do
	if !Map.has_key?(params, :unreachable_since) \|\| params[:unreachable_since],
	do: Instances.set_reachable(inbox)

	result
	else
	{_post_result, response} ->
	unless params[:unreachable_since], do: Instances.set_unreachable(inbox)
	{:error, response}
	end
	end

	def publish_one(%{actor_id: actor_id} = params) do
	actor = User.get_cached_by_id(actor_id)

	params
	\|> Map.delete(:actor_id)
	\|> Map.put(:actor, actor)
	\|> publish_one()
	end

	defp should_federate?(inbox, public) do
	if public do
	true
	else
	%{host: host} = URI.parse(inbox)

	quarantined_instances =
	Config.get([:instance, :quarantined_instances], [])
	\|> Pleroma.Web.ActivityPub.MRF.subdomains_regex()

	!Pleroma.Web.ActivityPub.MRF.subdomain_match?(quarantined_instances, host)
	end
	end

	@spec recipients(User.t(), Activity.t()) :: list(User.t()) \| []
	defp recipients(actor, activity) do
	followers =
	if actor.follower_address in activity.recipients do
	User.get_external_followers(actor)
	else
	[]
	end

	fetchers =
	with %Activity{data: %{"type" => "Delete"}} <- activity,
	%Object{id: object_id} <- Object.normalize(activity),
	fetchers <- User.get_delivered_users_by_object_id(object_id),
	_ <- Delivery.delete_all_by_object_id(object_id) do
	fetchers
	else
	_ ->
	[]
	end

	Pleroma.Web.Federator.Publisher.remote_users(actor, activity) ++ followers ++ fetchers
	end

	defp get_cc_ap_ids(ap_id, recipients) do
	host = Map.get(URI.parse(ap_id), :host)

	recipients
	\|> Enum.filter(fn %User{ap_id: ap_id} -> Map.get(URI.parse(ap_id), :host) == host end)
	\|> Enum.map(& &1.ap_id)
	end

	defp maybe_use_sharedinbox(%User{source_data: data}),
	do: (is_map(data["endpoints"]) && Map.get(data["endpoints"], "sharedInbox")) \|\| data["inbox"]

	@doc """
	Determine a user inbox to use based on heuristics. These heuristics
	are based on an approximation of the ``sharedInbox`` rules in the
	[ActivityPub specification][ap-sharedinbox].

	Please do not edit this function (or its children) without reading
	the spec, as editing the code is likely to introduce some breakage
	without some familiarity.

	[ap-sharedinbox]: https://www.w3.org/TR/activitypub/#shared-inbox-delivery
	"""
	def determine_inbox(
	%Activity{data: activity_data},
	%User{source_data: data} = user
	) do
	to = activity_data["to"] \|\| []
	cc = activity_data["cc"] \|\| []
	type = activity_data["type"]

	cond do
	type == "Delete" ->
	maybe_use_sharedinbox(user)

	Pleroma.Constants.as_public() in to \|\| Pleroma.Constants.as_public() in cc ->
	maybe_use_sharedinbox(user)

	length(to) + length(cc) > 1 ->
	maybe_use_sharedinbox(user)

	true ->
	data["inbox"]
	end
	end

	@doc """
	Publishes an activity with BCC to all relevant peers.
	"""

	def publish(%User{} = actor, %{data: %{"bcc" => bcc}} = activity)
	when is_list(bcc) and bcc != [] do
	public = is_public?(activity)
	{:ok, data} = Transmogrifier.prepare_outgoing(activity.data)

	recipients = recipients(actor, activity)

	inboxes =
	recipients
	\|> Enum.filter(&User.ap_enabled?/1)
	\|> Enum.map(fn %{source_data: data} -> data["inbox"] end)
	\|> Enum.filter(fn inbox -> should_federate?(inbox, public) end)
	\|> Instances.filter_reachable()

	Repo.checkout(fn ->
	Enum.each(inboxes, fn {inbox, unreachable_since} ->
	%User{ap_id: ap_id} =
	Enum.find(recipients, fn %{source_data: data} -> data["inbox"] == inbox end)

	# Get all the recipients on the same host and add them to cc. Otherwise, a remote
	# instance would only accept a first message for the first recipient and ignore the rest.
	cc = get_cc_ap_ids(ap_id, recipients)

	json =
	data
	\|> Map.put("cc", cc)
	\|> Jason.encode!()

	Pleroma.Web.Federator.Publisher.enqueue_one(__MODULE__, %{
	inbox: inbox,
	json: json,
	actor_id: actor.id,
	id: activity.data["id"],
	unreachable_since: unreachable_since
	})
	end)
	end)
	end

	@doc """
	Publishes an activity to all relevant peers.
	"""
	def publish(%User{} = actor, %Activity{} = activity) do
	public = is_public?(activity)

	if public && Config.get([:instance, :allow_relay]) do
	- Logger.info(fn -> "Relaying #{activity.data["id"]} out" end)
	+ Logger.debug(fn -> "Relaying #{activity.data["id"]} out" end)
	Relay.publish(activity)
	end

	{:ok, data} = Transmogrifier.prepare_outgoing(activity.data)
	json = Jason.encode!(data)

	recipients(actor, activity)
	\|> Enum.filter(fn user -> User.ap_enabled?(user) end)
	\|> Enum.map(fn %User{} = user ->
	determine_inbox(activity, user)
	end)
	\|> Enum.uniq()
	\|> Enum.filter(fn inbox -> should_federate?(inbox, public) end)
	\|> Instances.filter_reachable()
	\|> Enum.each(fn {inbox, unreachable_since} ->
	Pleroma.Web.Federator.Publisher.enqueue_one(
	__MODULE__,
	%{
	inbox: inbox,
	json: json,
	actor_id: actor.id,
	id: activity.data["id"],
	unreachable_since: unreachable_since
	}
	)
	end)
	end

	def gather_webfinger_links(%User{} = user) do
	[
	%{"rel" => "self", "type" => "application/activity+json", "href" => user.ap_id},
	%{
	"rel" => "self",
	"type" => "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"",
	"href" => user.ap_id
	}
	]
	end

	def gather_nodeinfo_protocol_names, do: ["activitypub"]
	end
	diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
	index bbea31682..d32c38a05 100644
	--- a/lib/pleroma/web/endpoint.ex
	+++ b/lib/pleroma/web/endpoint.ex
	@@ -1,127 +1,127 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.Endpoint do
	use Phoenix.Endpoint, otp_app: :pleroma

	socket("/socket", Pleroma.Web.UserSocket)

	plug(Pleroma.Plugs.SetLocalePlug)
	plug(CORSPlug)
	plug(Pleroma.Plugs.HTTPSecurityPlug)
	plug(Pleroma.Plugs.UploadedMedia)

	@static_cache_control "public max-age=86400 must-revalidate"

	# InstanceStatic needs to be before Plug.Static to be able to override shipped-static files
	# If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well
	# Cache-control headers are duplicated in case we turn off etags in the future
	plug(Pleroma.Plugs.InstanceStatic,
	at: "/",
	gzip: true,
	cache_control_for_etags: @static_cache_control,
	headers: %{
	"cache-control" => @static_cache_control
	}
	)

	# Serve at "/" the static files from "priv/static" directory.
	#
	# You should set gzip to true if you are running phoenix.digest
	# when deploying your static files in production.
	plug(
	Plug.Static,
	at: "/",
	from: :pleroma,
	only:
	~w(index.html robots.txt static finmoji emoji packs sounds images instance sw.js sw-pleroma.js favicon.png schemas doc),
	# credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
	gzip: true,
	cache_control_for_etags: @static_cache_control,
	headers: %{
	"cache-control" => @static_cache_control
	}
	)

	plug(Plug.Static.IndexHtml, at: "/pleroma/admin/")

	plug(Plug.Static,
	at: "/pleroma/admin/",
	from: {:pleroma, "priv/static/adminfe/"}
	)

	# Code reloading can be explicitly enabled under the
	# :code_reloader configuration of your endpoint.
	if code_reloading? do
	plug(Phoenix.CodeReloader)
	end

	plug(Pleroma.Plugs.TrailingFormatPlug)
	plug(Plug.RequestId)
	- plug(Plug.Logger)
	+ plug(Plug.Logger, log: :debug)

	plug(Pleroma.Plugs.Parsers)

	plug(Plug.MethodOverride)
	plug(Plug.Head)

	secure_cookies = Pleroma.Config.get([__MODULE__, :secure_cookie_flag])

	cookie_name =
	if secure_cookies,
	do: "__Host-pleroma_key",
	else: "pleroma_key"

	extra =
	Pleroma.Config.get([__MODULE__, :extra_cookie_attrs])
	\|> Enum.join(";")

	# The session will be stored in the cookie and signed,
	# this means its contents can be read but not tampered with.
	# Set :encryption_salt if you would also like to encrypt it.
	plug(
	Plug.Session,
	store: :cookie,
	key: cookie_name,
	signing_salt: Pleroma.Config.get([__MODULE__, :signing_salt], "CqaoopA2"),
	http_only: true,
	secure: secure_cookies,
	extra: extra
	)

	plug(Pleroma.Plugs.RemoteIp)

	defmodule Instrumenter do
	use Prometheus.PhoenixInstrumenter
	end

	defmodule PipelineInstrumenter do
	use Prometheus.PlugPipelineInstrumenter
	end

	defmodule MetricsExporter do
	use Prometheus.PlugExporter
	end

	plug(PipelineInstrumenter)
	plug(MetricsExporter)

	plug(Pleroma.Web.Router)

	@doc """
	Dynamically loads configuration from the system environment
	on startup.

	It receives the endpoint configuration from the config files
	and must return the updated configuration.
	"""
	def load_from_system_env(config) do
	port = System.get_env("PORT") \|\| raise "expected the PORT environment variable to be set"
	{:ok, Keyword.put(config, :http, [:inet6, port: port])}
	end

	def websocket_url do
	String.replace_leading(url(), "http", "ws")
	end
	end
	diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex
	index e8a56ebd7..f506a7d24 100644
	--- a/lib/pleroma/web/federator/federator.ex
	+++ b/lib/pleroma/web/federator/federator.ex
	@@ -1,94 +1,94 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.Federator do
	alias Pleroma.Activity
	alias Pleroma.Object.Containment
	alias Pleroma.User
	alias Pleroma.Web.ActivityPub.ActivityPub
	alias Pleroma.Web.ActivityPub.Transmogrifier
	alias Pleroma.Web.ActivityPub.Utils
	alias Pleroma.Web.Federator.Publisher
	alias Pleroma.Workers.PublisherWorker
	alias Pleroma.Workers.ReceiverWorker

	require Logger

	@doc "Addresses [memory leaks on recursive replies fetching](https://git.pleroma.social/pleroma/pleroma/issues/161)"
	# credo:disable-for-previous-line Credo.Check.Readability.MaxLineLength
	def allowed_incoming_reply_depth?(depth) do
	max_replies_depth = Pleroma.Config.get([:instance, :federation_incoming_replies_max_depth])

	if max_replies_depth do
	(depth \|\| 1) <= max_replies_depth
	else
	true
	end
	end

	# Client API

	def incoming_ap_doc(params) do
	ReceiverWorker.enqueue("incoming_ap_doc", %{"params" => params})
	end

	def publish(%{id: "pleroma:fakeid"} = activity) do
	perform(:publish, activity)
	end

	def publish(activity) do
	PublisherWorker.enqueue("publish", %{"activity_id" => activity.id})
	end

	# Job Worker Callbacks

	@spec perform(atom(), module(), any()) :: {:ok, any()} \| {:error, any()}
	def perform(:publish_one, module, params) do
	apply(module, :publish_one, [params])
	end

	def perform(:publish, activity) do
	Logger.debug(fn -> "Running publish for #{activity.data["id"]}" end)

	with %User{} = actor <- User.get_cached_by_ap_id(activity.data["actor"]),
	{:ok, actor} <- User.ensure_keys_present(actor) do
	Publisher.publish(actor, activity)
	end
	end

	def perform(:incoming_ap_doc, params) do
	- Logger.info("Handling incoming AP activity")
	+ Logger.debug("Handling incoming AP activity")

	params = Utils.normalize_params(params)

	# NOTE: we use the actor ID to do the containment, this is fine because an
	# actor shouldn't be acting on objects outside their own AP server.
	with {:ok, _user} <- ap_enabled_actor(params["actor"]),
	nil <- Activity.normalize(params["id"]),
	:ok <- Containment.contain_origin_from_id(params["actor"], params),
	{:ok, activity} <- Transmogrifier.handle_incoming(params) do
	{:ok, activity}
	else
	%Activity{} ->
	- Logger.info("Already had #{params["id"]}")
	+ Logger.debug("Already had #{params["id"]}")
	:error

	_e ->
	# Just drop those for now
	- Logger.info("Unhandled activity")
	- Logger.info(Jason.encode!(params, pretty: true))
	+ Logger.debug("Unhandled activity")
	+ Logger.debug(Jason.encode!(params, pretty: true))
	:error
	end
	end

	def ap_enabled_actor(id) do
	user = User.get_cached_by_ap_id(id)

	if User.ap_enabled?(user) do
	{:ok, user}
	else
	ActivityPub.make_user_from_ap_id(id)
	end
	end
	end
	diff --git a/lib/pleroma/web/federator/publisher.ex b/lib/pleroma/web/federator/publisher.ex
	index fb9b26649..1d045c644 100644
	--- a/lib/pleroma/web/federator/publisher.ex
	+++ b/lib/pleroma/web/federator/publisher.ex
	@@ -1,109 +1,109 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.Federator.Publisher do
	alias Pleroma.Activity
	alias Pleroma.Config
	alias Pleroma.User
	alias Pleroma.Workers.PublisherWorker

	require Logger

	@moduledoc """
	Defines the contract used by federation implementations to publish messages to
	their peers.
	"""

	@doc """
	Determine whether an activity can be relayed using the federation module.
	"""
	@callback is_representable?(Pleroma.Activity.t()) :: boolean()

	@doc """
	Relays an activity to a specified peer, determined by the parameters. The
	parameters used are controlled by the federation module.
	"""
	@callback publish_one(Map.t()) :: {:ok, Map.t()} \| {:error, any()}

	@doc """
	Enqueue publishing a single activity.
	"""
	@spec enqueue_one(module(), Map.t()) :: :ok
	def enqueue_one(module, %{} = params) do
	PublisherWorker.enqueue(
	"publish_one",
	%{"module" => to_string(module), "params" => params}
	)
	end

	@doc """
	Relays an activity to all specified peers.
	"""
	@callback publish(User.t(), Activity.t()) :: :ok \| {:error, any()}

	@spec publish(User.t(), Activity.t()) :: :ok
	def publish(%User{} = user, %Activity{} = activity) do
	Config.get([:instance, :federation_publisher_modules])
	\|> Enum.each(fn module ->
	if module.is_representable?(activity) do
	- Logger.info("Publishing #{activity.data["id"]} using #{inspect(module)}")
	+ Logger.debug("Publishing #{activity.data["id"]} using #{inspect(module)}")
	module.publish(user, activity)
	end
	end)

	:ok
	end

	@doc """
	Gathers links used by an outgoing federation module for WebFinger output.
	"""
	@callback gather_webfinger_links(User.t()) :: list()

	@spec gather_webfinger_links(User.t()) :: list()
	def gather_webfinger_links(%User{} = user) do
	Config.get([:instance, :federation_publisher_modules])
	\|> Enum.reduce([], fn module, links ->
	links ++ module.gather_webfinger_links(user)
	end)
	end

	@doc """
	Gathers nodeinfo protocol names supported by the federation module.
	"""
	@callback gather_nodeinfo_protocol_names() :: list()

	@spec gather_nodeinfo_protocol_names() :: list()
	def gather_nodeinfo_protocol_names do
	Config.get([:instance, :federation_publisher_modules])
	\|> Enum.reduce([], fn module, links ->
	links ++ module.gather_nodeinfo_protocol_names()
	end)
	end

	@doc """
	Gathers a set of remote users given an IR envelope.
	"""
	def remote_users(%User{id: user_id}, %{data: %{"to" => to} = data}) do
	cc = Map.get(data, "cc", [])

	bcc =
	data
	\|> Map.get("bcc", [])
	\|> Enum.reduce([], fn ap_id, bcc ->
	case Pleroma.List.get_by_ap_id(ap_id) do
	%Pleroma.List{user_id: ^user_id} = list ->
	{:ok, following} = Pleroma.List.get_following(list)
	bcc ++ Enum.map(following, & &1.ap_id)

	_ ->
	bcc
	end
	end)

	[to, cc, bcc]
	\|> Enum.concat()
	\|> Enum.map(&User.get_cached_by_ap_id/1)
	\|> Enum.filter(fn user -> user && !user.local end)
	end
	end
	diff --git a/lib/pleroma/web/metadata/twitter_card.ex b/lib/pleroma/web/metadata/twitter_card.ex
	index d6a6049b3..67419a666 100644
	--- a/lib/pleroma/web/metadata/twitter_card.ex
	+++ b/lib/pleroma/web/metadata/twitter_card.ex
	@@ -1,112 +1,112 @@
	# Pleroma: A lightweight social networking server

	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.Metadata.Providers.TwitterCard do
	alias Pleroma.User
	alias Pleroma.Web.Metadata
	alias Pleroma.Web.Metadata.Providers.Provider
	alias Pleroma.Web.Metadata.Utils

	@behaviour Provider
	@media_types ["image", "audio", "video"]

	@impl Provider
	def build_tags(%{activity_id: id, object: object, user: user}) do
	attachments = build_attachments(id, object)
	scrubbed_content = Utils.scrub_html_and_truncate(object)
	# Zero width space
	content =
	if scrubbed_content != "" and scrubbed_content != "\u200B" do
	"“" <> scrubbed_content <> "”"
	else
	""
	end

	[
	title_tag(user),
	{:meta, [property: "twitter:description", content: content], []}
	] ++
	if attachments == [] or Metadata.activity_nsfw?(object) do
	[
	image_tag(user),
	- {:meta, [property: "twitter:card", content: "summary_large_image"], []}
	+ {:meta, [property: "twitter:card", content: "summary"], []}
	]
	else
	attachments
	end
	end

	@impl Provider
	def build_tags(%{user: user}) do
	with truncated_bio = Utils.scrub_html_and_truncate(user.bio \|\| "") do
	[
	title_tag(user),
	{:meta, [property: "twitter:description", content: truncated_bio], []},
	image_tag(user),
	{:meta, [property: "twitter:card", content: "summary"], []}
	]
	end
	end

	defp title_tag(user) do
	{:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []}
	end

	def image_tag(user) do
	{:meta, [property: "twitter:image", content: Utils.attachment_url(User.avatar_url(user))], []}
	end

	defp build_attachments(id, %{data: %{"attachment" => attachments}}) do
	Enum.reduce(attachments, [], fn attachment, acc ->
	rendered_tags =
	Enum.reduce(attachment["url"], [], fn url, acc ->
	# TODO: Add additional properties to objects when we have the data available.
	case Utils.fetch_media_type(@media_types, url["mediaType"]) do
	"audio" ->
	[
	{:meta, [property: "twitter:card", content: "player"], []},
	{:meta, [property: "twitter:player:width", content: "480"], []},
	{:meta, [property: "twitter:player:height", content: "80"], []},
	{:meta, [property: "twitter:player", content: player_url(id)], []}
	\| acc
	]

	"image" ->
	[
	{:meta, [property: "twitter:card", content: "summary_large_image"], []},
	{:meta,
	[
	property: "twitter:player",
	content: Utils.attachment_url(url["href"])
	], []}
	\| acc
	]

	# TODO: Need the true width and height values here or Twitter renders an iFrame with
	# a bad aspect ratio
	"video" ->
	[
	{:meta, [property: "twitter:card", content: "player"], []},
	{:meta, [property: "twitter:player", content: player_url(id)], []},
	{:meta, [property: "twitter:player:width", content: "480"], []},
	{:meta, [property: "twitter:player:height", content: "480"], []}
	\| acc
	]

	_ ->
	acc
	end
	end)

	acc ++ rendered_tags
	end)
	end

	defp build_attachments(_id, _object), do: []

	defp player_url(id) do
	Pleroma.Web.Router.Helpers.o_status_url(Pleroma.Web.Endpoint, :notice_player, id)
	end
	end
	diff --git a/test/fixtures/modules/runtime_module.ex b/test/fixtures/modules/runtime_module.ex
	new file mode 100644
	index 000000000..4711c3532
	--- /dev/null
	+++ b/test/fixtures/modules/runtime_module.ex
	@@ -0,0 +1,9 @@
	+# Pleroma: A lightweight social networking server
	+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
	+# SPDX-License-Identifier: AGPL-3.0-only
	+
	+defmodule RuntimeModule do
	+ @moduledoc """
	+ This is a dummy module to test custom runtime modules.
	+ """
	+end
	diff --git a/test/runtime_test.exs b/test/runtime_test.exs
	new file mode 100644
	index 000000000..f7b6f23d4
	--- /dev/null
	+++ b/test/runtime_test.exs
	@@ -0,0 +1,11 @@
	+# Pleroma: A lightweight social networking server
	+# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
	+# SPDX-License-Identifier: AGPL-3.0-only
	+
	+defmodule Pleroma.RuntimeTest do
	+ use ExUnit.Case, async: true
	+
	+ test "it loads custom runtime modules" do
	+ assert Code.ensure_compiled?(RuntimeModule)
	+ end
	+end
	diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs
	index 1520c8a9b..ad6b9810c 100644
	--- a/test/web/activity_pub/activity_pub_test.exs
	+++ b/test/web/activity_pub/activity_pub_test.exs
	@@ -1,1716 +1,1754 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
	use Pleroma.DataCase
	use Oban.Testing, repo: Pleroma.Repo

	alias Pleroma.Activity
	alias Pleroma.Builders.ActivityBuilder
	alias Pleroma.Notification
	alias Pleroma.Object
	alias Pleroma.User
	alias Pleroma.Web.ActivityPub.ActivityPub
	alias Pleroma.Web.ActivityPub.Utils
	alias Pleroma.Web.AdminAPI.AccountView
	alias Pleroma.Web.CommonAPI

	import Pleroma.Factory
	import Tesla.Mock
	import Mock

	setup do
	mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
	:ok
	end

	clear_config([:instance, :federating])

	describe "streaming out participations" do
	test "it streams them out" do
	user = insert(:user)
	{:ok, activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})

	{:ok, conversation} = Pleroma.Conversation.create_or_bump_for(activity)

	participations =
	conversation.participations
	\|> Repo.preload(:user)

	with_mock Pleroma.Web.Streamer,
	stream: fn _, _ -> nil end do
	ActivityPub.stream_out_participations(conversation.participations)

	assert called(Pleroma.Web.Streamer.stream("participation", participations))
	end
	end

	test "streams them out on activity creation" do
	user_one = insert(:user)
	user_two = insert(:user)

	with_mock Pleroma.Web.Streamer,
	stream: fn _, _ -> nil end do
	{:ok, activity} =
	CommonAPI.post(user_one, %{
	"status" => "@#{user_two.nickname}",
	"visibility" => "direct"
	})

	conversation =
	activity.data["context"]
	\|> Pleroma.Conversation.get_for_ap_id()
	\|> Repo.preload(participations: :user)

	assert called(Pleroma.Web.Streamer.stream("participation", conversation.participations))
	end
	end
	end

	describe "fetching restricted by visibility" do
	test "it restricts by the appropriate visibility" do
	user = insert(:user)

	{:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})

	{:ok, direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})

	{:ok, unlisted_activity} =
	CommonAPI.post(user, %{"status" => ".", "visibility" => "unlisted"})

	{:ok, private_activity} =
	CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})

	activities =
	ActivityPub.fetch_activities([], %{:visibility => "direct", "actor_id" => user.ap_id})

	assert activities == [direct_activity]

	activities =
	ActivityPub.fetch_activities([], %{:visibility => "unlisted", "actor_id" => user.ap_id})

	assert activities == [unlisted_activity]

	activities =
	ActivityPub.fetch_activities([], %{:visibility => "private", "actor_id" => user.ap_id})

	assert activities == [private_activity]

	activities =
	ActivityPub.fetch_activities([], %{:visibility => "public", "actor_id" => user.ap_id})

	assert activities == [public_activity]

	activities =
	ActivityPub.fetch_activities([], %{
	:visibility => ~w[private public],
	"actor_id" => user.ap_id
	})

	assert activities == [public_activity, private_activity]
	end
	end

	describe "fetching excluded by visibility" do
	test "it excludes by the appropriate visibility" do
	user = insert(:user)

	{:ok, public_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "public"})

	{:ok, direct_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "direct"})

	{:ok, unlisted_activity} =
	CommonAPI.post(user, %{"status" => ".", "visibility" => "unlisted"})

	{:ok, private_activity} =
	CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})

	activities =
	ActivityPub.fetch_activities([], %{
	"exclude_visibilities" => "direct",
	"actor_id" => user.ap_id
	})

	assert public_activity in activities
	assert unlisted_activity in activities
	assert private_activity in activities
	refute direct_activity in activities

	activities =
	ActivityPub.fetch_activities([], %{
	"exclude_visibilities" => "unlisted",
	"actor_id" => user.ap_id
	})

	assert public_activity in activities
	refute unlisted_activity in activities
	assert private_activity in activities
	assert direct_activity in activities

	activities =
	ActivityPub.fetch_activities([], %{
	"exclude_visibilities" => "private",
	"actor_id" => user.ap_id
	})

	assert public_activity in activities
	assert unlisted_activity in activities
	refute private_activity in activities
	assert direct_activity in activities

	activities =
	ActivityPub.fetch_activities([], %{
	"exclude_visibilities" => "public",
	"actor_id" => user.ap_id
	})

	refute public_activity in activities
	assert unlisted_activity in activities
	assert private_activity in activities
	assert direct_activity in activities
	end
	end

	describe "building a user from his ap id" do
	test "it returns a user" do
	user_id = "http://mastodon.example.org/users/admin"
	{:ok, user} = ActivityPub.make_user_from_ap_id(user_id)
	assert user.ap_id == user_id
	assert user.nickname == "admin@mastodon.example.org"
	assert user.source_data
	assert user.ap_enabled
	assert user.follower_address == "http://mastodon.example.org/users/admin/followers"
	end

	test "it returns a user that is invisible" do
	user_id = "http://mastodon.example.org/users/relay"
	{:ok, user} = ActivityPub.make_user_from_ap_id(user_id)
	assert User.invisible?(user)
	end

	test "it fetches the appropriate tag-restricted posts" do
	user = insert(:user)

	{:ok, status_one} = CommonAPI.post(user, %{"status" => ". #test"})
	{:ok, status_two} = CommonAPI.post(user, %{"status" => ". #essais"})
	{:ok, status_three} = CommonAPI.post(user, %{"status" => ". #test #reject"})

	fetch_one = ActivityPub.fetch_activities([], %{"type" => "Create", "tag" => "test"})

	fetch_two =
	ActivityPub.fetch_activities([], %{"type" => "Create", "tag" => ["test", "essais"]})

	fetch_three =
	ActivityPub.fetch_activities([], %{
	"type" => "Create",
	"tag" => ["test", "essais"],
	"tag_reject" => ["reject"]
	})

	fetch_four =
	ActivityPub.fetch_activities([], %{
	"type" => "Create",
	"tag" => ["test"],
	"tag_all" => ["test", "reject"]
	})

	assert fetch_one == [status_one, status_three]
	assert fetch_two == [status_one, status_two, status_three]
	assert fetch_three == [status_one, status_two]
	assert fetch_four == [status_three]
	end
	end

	describe "insertion" do
	test "drops activities beyond a certain limit" do
	limit = Pleroma.Config.get([:instance, :remote_limit])

	random_text =
	:crypto.strong_rand_bytes(limit + 1)
	\|> Base.encode64()
	\|> binary_part(0, limit + 1)

	data = %{
	"ok" => true,
	"object" => %{
	"content" => random_text
	}
	}

	assert {:error, {:remote_limit_error, _}} = ActivityPub.insert(data)
	end

	test "doesn't drop activities with content being null" do
	user = insert(:user)

	data = %{
	"actor" => user.ap_id,
	"to" => [],
	"object" => %{
	"actor" => user.ap_id,
	"to" => [],
	"type" => "Note",
	"content" => nil
	}
	}

	assert {:ok, _} = ActivityPub.insert(data)
	end

	test "returns the activity if one with the same id is already in" do
	activity = insert(:note_activity)
	{:ok, new_activity} = ActivityPub.insert(activity.data)

	assert activity.id == new_activity.id
	end

	test "inserts a given map into the activity database, giving it an id if it has none." do
	user = insert(:user)

	data = %{
	"actor" => user.ap_id,
	"to" => [],
	"object" => %{
	"actor" => user.ap_id,
	"to" => [],
	"type" => "Note",
	"content" => "hey"
	}
	}

	{:ok, %Activity{} = activity} = ActivityPub.insert(data)
	assert activity.data["ok"] == data["ok"]
	assert is_binary(activity.data["id"])

	given_id = "bla"

	data = %{
	"id" => given_id,
	"actor" => user.ap_id,
	"to" => [],
	"context" => "blabla",
	"object" => %{
	"actor" => user.ap_id,
	"to" => [],
	"type" => "Note",
	"content" => "hey"
	}
	}

	{:ok, %Activity{} = activity} = ActivityPub.insert(data)
	assert activity.data["ok"] == data["ok"]
	assert activity.data["id"] == given_id
	assert activity.data["context"] == "blabla"
	assert activity.data["context_id"]
	end

	test "adds a context when none is there" do
	user = insert(:user)

	data = %{
	"actor" => user.ap_id,
	"to" => [],
	"object" => %{
	"actor" => user.ap_id,
	"to" => [],
	"type" => "Note",
	"content" => "hey"
	}
	}

	{:ok, %Activity{} = activity} = ActivityPub.insert(data)
	object = Pleroma.Object.normalize(activity)

	assert is_binary(activity.data["context"])
	assert is_binary(object.data["context"])
	assert activity.data["context_id"]
	assert object.data["context_id"]
	end

	test "adds an id to a given object if it lacks one and is a note and inserts it to the object database" do
	user = insert(:user)

	data = %{
	"actor" => user.ap_id,
	"to" => [],
	"object" => %{
	"actor" => user.ap_id,
	"to" => [],
	"type" => "Note",
	"content" => "hey"
	}
	}

	{:ok, %Activity{} = activity} = ActivityPub.insert(data)
	assert object = Object.normalize(activity)
	assert is_binary(object.data["id"])
	end
	end

	describe "listen activities" do
	test "does not increase user note count" do
	user = insert(:user)

	{:ok, activity} =
	ActivityPub.listen(%{
	to: ["https://www.w3.org/ns/activitystreams#Public"],
	actor: user,
	context: "",
	object: %{
	"actor" => user.ap_id,
	"to" => ["https://www.w3.org/ns/activitystreams#Public"],
	"artist" => "lain",
	"title" => "lain radio episode 1",
	"length" => 180_000,
	"type" => "Audio"
	}
	})

	assert activity.actor == user.ap_id

	user = User.get_cached_by_id(user.id)
	assert user.note_count == 0
	end

	test "can be fetched into a timeline" do
	_listen_activity_1 = insert(:listen)
	_listen_activity_2 = insert(:listen)
	_listen_activity_3 = insert(:listen)

	timeline = ActivityPub.fetch_activities([], %{"type" => ["Listen"]})

	assert length(timeline) == 3
	end
	end

	describe "create activities" do
	test "removes doubled 'to' recipients" do
	user = insert(:user)

	{:ok, activity} =
	ActivityPub.create(%{
	to: ["user1", "user1", "user2"],
	actor: user,
	context: "",
	object: %{
	"to" => ["user1", "user1", "user2"],
	"type" => "Note",
	"content" => "testing"
	}
	})

	assert activity.data["to"] == ["user1", "user2"]
	assert activity.actor == user.ap_id
	assert activity.recipients == ["user1", "user2", user.ap_id]
	end

	test "increases user note count only for public activities" do
	user = insert(:user)

	{:ok, _} =
	CommonAPI.post(User.get_cached_by_id(user.id), %{
	"status" => "1",
	"visibility" => "public"
	})

	{:ok, _} =
	CommonAPI.post(User.get_cached_by_id(user.id), %{
	"status" => "2",
	"visibility" => "unlisted"
	})

	{:ok, _} =
	CommonAPI.post(User.get_cached_by_id(user.id), %{
	"status" => "2",
	"visibility" => "private"
	})

	{:ok, _} =
	CommonAPI.post(User.get_cached_by_id(user.id), %{
	"status" => "3",
	"visibility" => "direct"
	})

	user = User.get_cached_by_id(user.id)
	assert user.note_count == 2
	end

	test "increases replies count" do
	user = insert(:user)
	user2 = insert(:user)

	{:ok, activity} = CommonAPI.post(user, %{"status" => "1", "visibility" => "public"})
	ap_id = activity.data["id"]
	reply_data = %{"status" => "1", "in_reply_to_status_id" => activity.id}

	# public
	{:ok, _} = CommonAPI.post(user2, Map.put(reply_data, "visibility", "public"))
	assert %{data: data, object: object} = Activity.get_by_ap_id_with_object(ap_id)
	assert object.data["repliesCount"] == 1

	# unlisted
	{:ok, _} = CommonAPI.post(user2, Map.put(reply_data, "visibility", "unlisted"))
	assert %{data: data, object: object} = Activity.get_by_ap_id_with_object(ap_id)
	assert object.data["repliesCount"] == 2

	# private
	{:ok, _} = CommonAPI.post(user2, Map.put(reply_data, "visibility", "private"))
	assert %{data: data, object: object} = Activity.get_by_ap_id_with_object(ap_id)
	assert object.data["repliesCount"] == 2

	# direct
	{:ok, _} = CommonAPI.post(user2, Map.put(reply_data, "visibility", "direct"))
	assert %{data: data, object: object} = Activity.get_by_ap_id_with_object(ap_id)
	assert object.data["repliesCount"] == 2
	end
	end

	describe "fetch activities for recipients" do
	test "retrieve the activities for certain recipients" do
	{:ok, activity_one} = ActivityBuilder.insert(%{"to" => ["someone"]})
	{:ok, activity_two} = ActivityBuilder.insert(%{"to" => ["someone_else"]})
	{:ok, _activity_three} = ActivityBuilder.insert(%{"to" => ["noone"]})

	activities = ActivityPub.fetch_activities(["someone", "someone_else"])
	assert length(activities) == 2
	assert activities == [activity_one, activity_two]
	end
	end

	describe "fetch activities in context" do
	test "retrieves activities that have a given context" do
	{:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
	{:ok, activity_two} = ActivityBuilder.insert(%{"type" => "Create", "context" => "2hu"})
	{:ok, _activity_three} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"})
	{:ok, _activity_four} = ActivityBuilder.insert(%{"type" => "Announce", "context" => "2hu"})
	activity_five = insert(:note_activity)
	user = insert(:user)

	{:ok, _user_relationship} = User.block(user, %{ap_id: activity_five.data["actor"]})

	activities = ActivityPub.fetch_activities_for_context("2hu", %{"blocking_user" => user})
	assert activities == [activity_two, activity]
	end
	end

	test "doesn't return blocked activities" do
	activity_one = insert(:note_activity)
	activity_two = insert(:note_activity)
	activity_three = insert(:note_activity)
	user = insert(:user)
	booster = insert(:user)
	{:ok, _user_relationship} = User.block(user, %{ap_id: activity_one.data["actor"]})

	activities =
	ActivityPub.fetch_activities([], %{"blocking_user" => user, "skip_preload" => true})

	assert Enum.member?(activities, activity_two)
	assert Enum.member?(activities, activity_three)
	refute Enum.member?(activities, activity_one)

	{:ok, _user_block} = User.unblock(user, %{ap_id: activity_one.data["actor"]})

	activities =
	ActivityPub.fetch_activities([], %{"blocking_user" => user, "skip_preload" => true})

	assert Enum.member?(activities, activity_two)
	assert Enum.member?(activities, activity_three)
	assert Enum.member?(activities, activity_one)

	{:ok, _user_relationship} = User.block(user, %{ap_id: activity_three.data["actor"]})
	{:ok, _announce, %{data: %{"id" => id}}} = CommonAPI.repeat(activity_three.id, booster)
	%Activity{} = boost_activity = Activity.get_create_by_object_ap_id(id)
	activity_three = Activity.get_by_id(activity_three.id)

	activities =
	ActivityPub.fetch_activities([], %{"blocking_user" => user, "skip_preload" => true})

	assert Enum.member?(activities, activity_two)
	refute Enum.member?(activities, activity_three)
	refute Enum.member?(activities, boost_activity)
	assert Enum.member?(activities, activity_one)

	activities =
	ActivityPub.fetch_activities([], %{"blocking_user" => nil, "skip_preload" => true})

	assert Enum.member?(activities, activity_two)
	assert Enum.member?(activities, activity_three)
	assert Enum.member?(activities, boost_activity)
	assert Enum.member?(activities, activity_one)
	end

	test "doesn't return transitive interactions concerning blocked users" do
	blocker = insert(:user)
	blockee = insert(:user)
	friend = insert(:user)

	{:ok, _user_relationship} = User.block(blocker, blockee)

	{:ok, activity_one} = CommonAPI.post(friend, %{"status" => "hey!"})

	{:ok, activity_two} = CommonAPI.post(friend, %{"status" => "hey! @#{blockee.nickname}"})

	{:ok, activity_three} = CommonAPI.post(blockee, %{"status" => "hey! @#{friend.nickname}"})

	{:ok, activity_four} = CommonAPI.post(blockee, %{"status" => "hey! @#{blocker.nickname}"})

	activities = ActivityPub.fetch_activities([], %{"blocking_user" => blocker})

	assert Enum.member?(activities, activity_one)
	refute Enum.member?(activities, activity_two)
	refute Enum.member?(activities, activity_three)
	refute Enum.member?(activities, activity_four)
	end

	test "doesn't return announce activities concerning blocked users" do
	blocker = insert(:user)
	blockee = insert(:user)
	friend = insert(:user)

	{:ok, _user_relationship} = User.block(blocker, blockee)

	{:ok, activity_one} = CommonAPI.post(friend, %{"status" => "hey!"})

	{:ok, activity_two} = CommonAPI.post(blockee, %{"status" => "hey! @#{friend.nickname}"})

	{:ok, activity_three, _} = CommonAPI.repeat(activity_two.id, friend)

	activities =
	ActivityPub.fetch_activities([], %{"blocking_user" => blocker})
	\|> Enum.map(fn act -> act.id end)

	assert Enum.member?(activities, activity_one.id)
	refute Enum.member?(activities, activity_two.id)
	refute Enum.member?(activities, activity_three.id)
	end

	test "doesn't return activities from blocked domains" do
	domain = "dogwhistle.zone"
	domain_user = insert(:user, %{ap_id: "https://#{domain}/@pundit"})
	note = insert(:note, %{data: %{"actor" => domain_user.ap_id}})
	activity = insert(:note_activity, %{note: note})
	user = insert(:user)
	{:ok, user} = User.block_domain(user, domain)

	activities =
	ActivityPub.fetch_activities([], %{"blocking_user" => user, "skip_preload" => true})

	refute activity in activities

	followed_user = insert(:user)
	ActivityPub.follow(user, followed_user)
	{:ok, repeat_activity, _} = CommonAPI.repeat(activity.id, followed_user)

	activities =
	ActivityPub.fetch_activities([], %{"blocking_user" => user, "skip_preload" => true})

	refute repeat_activity in activities
	end

	test "does return activities from followed users on blocked domains" do
	domain = "meanies.social"
	domain_user = insert(:user, %{ap_id: "https://#{domain}/@pundit"})
	blocker = insert(:user)

	{:ok, blocker} = User.follow(blocker, domain_user)
	{:ok, blocker} = User.block_domain(blocker, domain)

	assert User.following?(blocker, domain_user)
	assert User.blocks_domain?(blocker, domain_user)
	refute User.blocks?(blocker, domain_user)

	note = insert(:note, %{data: %{"actor" => domain_user.ap_id}})
	activity = insert(:note_activity, %{note: note})

	activities =
	ActivityPub.fetch_activities([], %{"blocking_user" => blocker, "skip_preload" => true})

	assert activity in activities

	# And check that if the guy we DO follow boosts someone else from their domain,
	# that should be hidden
	another_user = insert(:user, %{ap_id: "https://#{domain}/@meanie2"})
	bad_note = insert(:note, %{data: %{"actor" => another_user.ap_id}})
	bad_activity = insert(:note_activity, %{note: bad_note})
	{:ok, repeat_activity, _} = CommonAPI.repeat(bad_activity.id, domain_user)

	activities =
	ActivityPub.fetch_activities([], %{"blocking_user" => blocker, "skip_preload" => true})

	refute repeat_activity in activities
	end

	test "doesn't return muted activities" do
	activity_one = insert(:note_activity)
	activity_two = insert(:note_activity)
	activity_three = insert(:note_activity)
	user = insert(:user)
	booster = insert(:user)

	activity_one_actor = User.get_by_ap_id(activity_one.data["actor"])
	{:ok, _user_relationships} = User.mute(user, activity_one_actor)

	activities =
	ActivityPub.fetch_activities([], %{"muting_user" => user, "skip_preload" => true})

	assert Enum.member?(activities, activity_two)
	assert Enum.member?(activities, activity_three)
	refute Enum.member?(activities, activity_one)

	# Calling with 'with_muted' will deliver muted activities, too.
	activities =
	ActivityPub.fetch_activities([], %{
	"muting_user" => user,
	"with_muted" => true,
	"skip_preload" => true
	})

	assert Enum.member?(activities, activity_two)
	assert Enum.member?(activities, activity_three)
	assert Enum.member?(activities, activity_one)

	{:ok, _user_mute} = User.unmute(user, activity_one_actor)

	activities =
	ActivityPub.fetch_activities([], %{"muting_user" => user, "skip_preload" => true})

	assert Enum.member?(activities, activity_two)
	assert Enum.member?(activities, activity_three)
	assert Enum.member?(activities, activity_one)

	activity_three_actor = User.get_by_ap_id(activity_three.data["actor"])
	{:ok, _user_relationships} = User.mute(user, activity_three_actor)
	{:ok, _announce, %{data: %{"id" => id}}} = CommonAPI.repeat(activity_three.id, booster)
	%Activity{} = boost_activity = Activity.get_create_by_object_ap_id(id)
	activity_three = Activity.get_by_id(activity_three.id)

	activities =
	ActivityPub.fetch_activities([], %{"muting_user" => user, "skip_preload" => true})

	assert Enum.member?(activities, activity_two)
	refute Enum.member?(activities, activity_three)
	refute Enum.member?(activities, boost_activity)
	assert Enum.member?(activities, activity_one)

	activities = ActivityPub.fetch_activities([], %{"muting_user" => nil, "skip_preload" => true})

	assert Enum.member?(activities, activity_two)
	assert Enum.member?(activities, activity_three)
	assert Enum.member?(activities, boost_activity)
	assert Enum.member?(activities, activity_one)
	end

	test "doesn't return thread muted activities" do
	user = insert(:user)
	_activity_one = insert(:note_activity)
	note_two = insert(:note, data: %{"context" => "suya.."})
	activity_two = insert(:note_activity, note: note_two)

	{:ok, _activity_two} = CommonAPI.add_mute(user, activity_two)

	assert [_activity_one] = ActivityPub.fetch_activities([], %{"muting_user" => user})
	end

	test "returns thread muted activities when with_muted is set" do
	user = insert(:user)
	_activity_one = insert(:note_activity)
	note_two = insert(:note, data: %{"context" => "suya.."})
	activity_two = insert(:note_activity, note: note_two)

	{:ok, _activity_two} = CommonAPI.add_mute(user, activity_two)

	assert [_activity_two, _activity_one] =
	ActivityPub.fetch_activities([], %{"muting_user" => user, "with_muted" => true})
	end

	test "does include announces on request" do
	activity_three = insert(:note_activity)
	user = insert(:user)
	booster = insert(:user)

	{:ok, user} = User.follow(user, booster)

	{:ok, announce, _object} = CommonAPI.repeat(activity_three.id, booster)

	[announce_activity] = ActivityPub.fetch_activities([user.ap_id \| User.following(user)])

	assert announce_activity.id == announce.id
	end

	test "excludes reblogs on request" do
	user = insert(:user)
	{:ok, expected_activity} = ActivityBuilder.insert(%{"type" => "Create"}, %{:user => user})
	{:ok, _} = ActivityBuilder.insert(%{"type" => "Announce"}, %{:user => user})

	[activity] = ActivityPub.fetch_user_activities(user, nil, %{"exclude_reblogs" => "true"})

	assert activity == expected_activity
	end

	describe "public fetch activities" do
	test "doesn't retrieve unlisted activities" do
	user = insert(:user)

	{:ok, _unlisted_activity} =
	CommonAPI.post(user, %{"status" => "yeah", "visibility" => "unlisted"})

	{:ok, listed_activity} = CommonAPI.post(user, %{"status" => "yeah"})

	[activity] = ActivityPub.fetch_public_activities()

	assert activity == listed_activity
	end

	test "retrieves public activities" do
	_activities = ActivityPub.fetch_public_activities()

	%{public: public} = ActivityBuilder.public_and_non_public()

	activities = ActivityPub.fetch_public_activities()
	assert length(activities) == 1
	assert Enum.at(activities, 0) == public
	end

	test "retrieves a maximum of 20 activities" do
	ActivityBuilder.insert_list(10)
	expected_activities = ActivityBuilder.insert_list(20)

	activities = ActivityPub.fetch_public_activities()

	assert collect_ids(activities) == collect_ids(expected_activities)
	assert length(activities) == 20
	end

	test "retrieves ids starting from a since_id" do
	activities = ActivityBuilder.insert_list(30)
	expected_activities = ActivityBuilder.insert_list(10)
	since_id = List.last(activities).id

	activities = ActivityPub.fetch_public_activities(%{"since_id" => since_id})

	assert collect_ids(activities) == collect_ids(expected_activities)
	assert length(activities) == 10
	end

	test "retrieves ids up to max_id" do
	ActivityBuilder.insert_list(10)
	expected_activities = ActivityBuilder.insert_list(20)

	%{id: max_id} =
	10
	\|> ActivityBuilder.insert_list()
	\|> List.first()

	activities = ActivityPub.fetch_public_activities(%{"max_id" => max_id})

	assert length(activities) == 20
	assert collect_ids(activities) == collect_ids(expected_activities)
	end

	test "paginates via offset/limit" do
	_first_part_activities = ActivityBuilder.insert_list(10)
	second_part_activities = ActivityBuilder.insert_list(10)

	later_activities = ActivityBuilder.insert_list(10)

	activities =
	ActivityPub.fetch_public_activities(%{"page" => "2", "page_size" => "20"}, :offset)

	assert length(activities) == 20

	assert collect_ids(activities) ==
	collect_ids(second_part_activities) ++ collect_ids(later_activities)
	end

	test "doesn't return reblogs for users for whom reblogs have been muted" do
	activity = insert(:note_activity)
	user = insert(:user)
	booster = insert(:user)
	{:ok, _reblog_mute} = CommonAPI.hide_reblogs(user, booster)

	{:ok, activity, _} = CommonAPI.repeat(activity.id, booster)

	activities = ActivityPub.fetch_activities([], %{"muting_user" => user})

	refute Enum.any?(activities, fn %{id: id} -> id == activity.id end)
	end

	test "returns reblogs for users for whom reblogs have not been muted" do
	activity = insert(:note_activity)
	user = insert(:user)
	booster = insert(:user)
	{:ok, _reblog_mute} = CommonAPI.hide_reblogs(user, booster)
	{:ok, _reblog_mute} = CommonAPI.show_reblogs(user, booster)

	{:ok, activity, _} = CommonAPI.repeat(activity.id, booster)

	activities = ActivityPub.fetch_activities([], %{"muting_user" => user})

	assert Enum.any?(activities, fn %{id: id} -> id == activity.id end)
	end
	end

	describe "react to an object" do
	test_with_mock "sends an activity to federation", Pleroma.Web.Federator, [:passthrough], [] do
	Pleroma.Config.put([:instance, :federating], true)
	user = insert(:user)
	reactor = insert(:user)
	{:ok, activity} = CommonAPI.post(user, %{"status" => "YASSSS queen slay"})
	assert object = Object.normalize(activity)

	{:ok, reaction_activity, _object} = ActivityPub.react_with_emoji(reactor, object, "🔥")

	assert called(Pleroma.Web.Federator.publish(reaction_activity))
	end

	test "adds an emoji reaction activity to the db" do
	user = insert(:user)
	reactor = insert(:user)
	{:ok, activity} = CommonAPI.post(user, %{"status" => "YASSSS queen slay"})
	assert object = Object.normalize(activity)

	{:ok, reaction_activity, object} = ActivityPub.react_with_emoji(reactor, object, "🔥")

	assert reaction_activity

	assert reaction_activity.data["actor"] == reactor.ap_id
	assert reaction_activity.data["type"] == "EmojiReaction"
	assert reaction_activity.data["content"] == "🔥"
	assert reaction_activity.data["object"] == object.data["id"]
	assert reaction_activity.data["to"] == [User.ap_followers(reactor), activity.data["actor"]]
	assert reaction_activity.data["context"] == object.data["context"]
	assert object.data["reaction_count"] == 1
	assert object.data["reactions"]["🔥"] == [reactor.ap_id]
	end
	end

	describe "unreacting to an object" do
	test_with_mock "sends an activity to federation", Pleroma.Web.Federator, [:passthrough], [] do
	Pleroma.Config.put([:instance, :federating], true)
	user = insert(:user)
	reactor = insert(:user)
	{:ok, activity} = CommonAPI.post(user, %{"status" => "YASSSS queen slay"})
	assert object = Object.normalize(activity)

	{:ok, reaction_activity, _object} = ActivityPub.react_with_emoji(reactor, object, "🔥")

	assert called(Pleroma.Web.Federator.publish(reaction_activity))

	{:ok, unreaction_activity, _object} =
	ActivityPub.unreact_with_emoji(reactor, reaction_activity.data["id"])

	assert called(Pleroma.Web.Federator.publish(unreaction_activity))
	end

	test "adds an undo activity to the db" do
	user = insert(:user)
	reactor = insert(:user)
	{:ok, activity} = CommonAPI.post(user, %{"status" => "YASSSS queen slay"})
	assert object = Object.normalize(activity)

	{:ok, reaction_activity, _object} = ActivityPub.react_with_emoji(reactor, object, "🔥")

	{:ok, unreaction_activity, _object} =
	ActivityPub.unreact_with_emoji(reactor, reaction_activity.data["id"])

	assert unreaction_activity.actor == reactor.ap_id
	assert unreaction_activity.data["object"] == reaction_activity.data["id"]

	object = Object.get_by_ap_id(object.data["id"])
	assert object.data["reaction_count"] == 0
	assert object.data["reactions"] == %{}
	end
	end

	describe "like an object" do
	test_with_mock "sends an activity to federation", Pleroma.Web.Federator, [:passthrough], [] do
	Pleroma.Config.put([:instance, :federating], true)
	note_activity = insert(:note_activity)
	assert object_activity = Object.normalize(note_activity)

	user = insert(:user)

	{:ok, like_activity, _object} = ActivityPub.like(user, object_activity)
	assert called(Pleroma.Web.Federator.publish(like_activity))
	end

	test "returns exist activity if object already liked" do
	note_activity = insert(:note_activity)
	assert object_activity = Object.normalize(note_activity)

	user = insert(:user)

	{:ok, like_activity, _object} = ActivityPub.like(user, object_activity)

	{:ok, like_activity_exist, _object} = ActivityPub.like(user, object_activity)
	assert like_activity == like_activity_exist
	end

	test "adds a like activity to the db" do
	note_activity = insert(:note_activity)
	assert object = Object.normalize(note_activity)

	user = insert(:user)
	user_two = insert(:user)

	{:ok, like_activity, object} = ActivityPub.like(user, object)

	assert like_activity.data["actor"] == user.ap_id
	assert like_activity.data["type"] == "Like"
	assert like_activity.data["object"] == object.data["id"]
	assert like_activity.data["to"] == [User.ap_followers(user), note_activity.data["actor"]]
	assert like_activity.data["context"] == object.data["context"]
	assert object.data["like_count"] == 1
	assert object.data["likes"] == [user.ap_id]

	# Just return the original activity if the user already liked it.
	{:ok, same_like_activity, object} = ActivityPub.like(user, object)

	assert like_activity == same_like_activity
	assert object.data["likes"] == [user.ap_id]
	assert object.data["like_count"] == 1

	{:ok, _like_activity, object} = ActivityPub.like(user_two, object)
	assert object.data["like_count"] == 2
	end
	end

	describe "unliking" do
	test_with_mock "sends an activity to federation", Pleroma.Web.Federator, [:passthrough], [] do
	Pleroma.Config.put([:instance, :federating], true)

	note_activity = insert(:note_activity)
	object = Object.normalize(note_activity)
	user = insert(:user)

	{:ok, object} = ActivityPub.unlike(user, object)
	refute called(Pleroma.Web.Federator.publish())

	{:ok, _like_activity, object} = ActivityPub.like(user, object)
	assert object.data["like_count"] == 1

	{:ok, unlike_activity, _, object} = ActivityPub.unlike(user, object)
	assert object.data["like_count"] == 0

	assert called(Pleroma.Web.Federator.publish(unlike_activity))
	end

	test "unliking a previously liked object" do
	note_activity = insert(:note_activity)
	object = Object.normalize(note_activity)
	user = insert(:user)

	# Unliking something that hasn't been liked does nothing
	{:ok, object} = ActivityPub.unlike(user, object)
	assert object.data["like_count"] == 0

	{:ok, like_activity, object} = ActivityPub.like(user, object)
	assert object.data["like_count"] == 1

	{:ok, unlike_activity, _, object} = ActivityPub.unlike(user, object)
	assert object.data["like_count"] == 0

	assert Activity.get_by_id(like_activity.id) == nil
	assert note_activity.actor in unlike_activity.recipients
	end
	end

	describe "announcing an object" do
	test "adds an announce activity to the db" do
	note_activity = insert(:note_activity)
	object = Object.normalize(note_activity)
	user = insert(:user)

	{:ok, announce_activity, object} = ActivityPub.announce(user, object)
	assert object.data["announcement_count"] == 1
	assert object.data["announcements"] == [user.ap_id]

	assert announce_activity.data["to"] == [
	User.ap_followers(user),
	note_activity.data["actor"]
	]

	assert announce_activity.data["object"] == object.data["id"]
	assert announce_activity.data["actor"] == user.ap_id
	assert announce_activity.data["context"] == object.data["context"]
	end
	end

	describe "announcing a private object" do
	test "adds an announce activity to the db if the audience is not widened" do
	user = insert(:user)
	{:ok, note_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
	object = Object.normalize(note_activity)

	{:ok, announce_activity, object} = ActivityPub.announce(user, object, nil, true, false)

	assert announce_activity.data["to"] == [User.ap_followers(user)]

	assert announce_activity.data["object"] == object.data["id"]
	assert announce_activity.data["actor"] == user.ap_id
	assert announce_activity.data["context"] == object.data["context"]
	end

	test "does not add an announce activity to the db if the audience is widened" do
	user = insert(:user)
	{:ok, note_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
	object = Object.normalize(note_activity)

	assert {:error, _} = ActivityPub.announce(user, object, nil, true, true)
	end

	test "does not add an announce activity to the db if the announcer is not the author" do
	user = insert(:user)
	announcer = insert(:user)
	{:ok, note_activity} = CommonAPI.post(user, %{"status" => ".", "visibility" => "private"})
	object = Object.normalize(note_activity)

	assert {:error, _} = ActivityPub.announce(announcer, object, nil, true, false)
	end
	end

	describe "unannouncing an object" do
	test "unannouncing a previously announced object" do
	note_activity = insert(:note_activity)
	object = Object.normalize(note_activity)
	user = insert(:user)

	# Unannouncing an object that is not announced does nothing
	# {:ok, object} = ActivityPub.unannounce(user, object)
	# assert object.data["announcement_count"] == 0

	{:ok, announce_activity, object} = ActivityPub.announce(user, object)
	assert object.data["announcement_count"] == 1

	{:ok, unannounce_activity, object} = ActivityPub.unannounce(user, object)
	assert object.data["announcement_count"] == 0

	assert unannounce_activity.data["to"] == [
	User.ap_followers(user),
	object.data["actor"]
	]

	assert unannounce_activity.data["type"] == "Undo"
	assert unannounce_activity.data["object"] == announce_activity.data
	assert unannounce_activity.data["actor"] == user.ap_id
	assert unannounce_activity.data["context"] == announce_activity.data["context"]

	assert Activity.get_by_id(announce_activity.id) == nil
	end
	end

	describe "uploading files" do
	test "copies the file to the configured folder" do
	file = %Plug.Upload{
	content_type: "image/jpg",
	path: Path.absname("test/fixtures/image.jpg"),
	filename: "an_image.jpg"
	}

	{:ok, %Object{} = object} = ActivityPub.upload(file)
	assert object.data["name"] == "an_image.jpg"
	end

	test "works with base64 encoded images" do
	file = %{
	"img" => data_uri()
	}

	{:ok, %Object{}} = ActivityPub.upload(file)
	end
	end

	describe "fetch the latest Follow" do
	test "fetches the latest Follow activity" do
	%Activity{data: %{"type" => "Follow"}} = activity = insert(:follow_activity)
	follower = Repo.get_by(User, ap_id: activity.data["actor"])
	followed = Repo.get_by(User, ap_id: activity.data["object"])

	assert activity == Utils.fetch_latest_follow(follower, followed)
	end
	end

	describe "following / unfollowing" do
	test "creates a follow activity" do
	follower = insert(:user)
	followed = insert(:user)

	{:ok, activity} = ActivityPub.follow(follower, followed)
	assert activity.data["type"] == "Follow"
	assert activity.data["actor"] == follower.ap_id
	assert activity.data["object"] == followed.ap_id
	end

	test "creates an undo activity for the last follow" do
	follower = insert(:user)
	followed = insert(:user)

	{:ok, follow_activity} = ActivityPub.follow(follower, followed)
	{:ok, activity} = ActivityPub.unfollow(follower, followed)

	assert activity.data["type"] == "Undo"
	assert activity.data["actor"] == follower.ap_id

	embedded_object = activity.data["object"]
	assert is_map(embedded_object)
	assert embedded_object["type"] == "Follow"
	assert embedded_object["object"] == followed.ap_id
	assert embedded_object["id"] == follow_activity.data["id"]
	end
	end

	describe "blocking / unblocking" do
	test "creates a block activity" do
	blocker = insert(:user)
	blocked = insert(:user)

	{:ok, activity} = ActivityPub.block(blocker, blocked)

	assert activity.data["type"] == "Block"
	assert activity.data["actor"] == blocker.ap_id
	assert activity.data["object"] == blocked.ap_id
	end

	test "creates an undo activity for the last block" do
	blocker = insert(:user)
	blocked = insert(:user)

	{:ok, block_activity} = ActivityPub.block(blocker, blocked)
	{:ok, activity} = ActivityPub.unblock(blocker, blocked)

	assert activity.data["type"] == "Undo"
	assert activity.data["actor"] == blocker.ap_id

	embedded_object = activity.data["object"]
	assert is_map(embedded_object)
	assert embedded_object["type"] == "Block"
	assert embedded_object["object"] == blocked.ap_id
	assert embedded_object["id"] == block_activity.data["id"]
	end
	end

	describe "deletion" do
	test "it creates a delete activity and deletes the original object" do
	note = insert(:note_activity)
	object = Object.normalize(note)
	{:ok, delete} = ActivityPub.delete(object)

	assert delete.data["type"] == "Delete"
	assert delete.data["actor"] == note.data["actor"]
	assert delete.data["object"] == object.data["id"]

	assert Activity.get_by_id(delete.id) != nil

	assert Repo.get(Object, object.id).data["type"] == "Tombstone"
	end

	test "decrements user note count only for public activities" do
	user = insert(:user, note_count: 10)

	{:ok, a1} =
	CommonAPI.post(User.get_cached_by_id(user.id), %{
	"status" => "yeah",
	"visibility" => "public"
	})

	{:ok, a2} =
	CommonAPI.post(User.get_cached_by_id(user.id), %{
	"status" => "yeah",
	"visibility" => "unlisted"
	})

	{:ok, a3} =
	CommonAPI.post(User.get_cached_by_id(user.id), %{
	"status" => "yeah",
	"visibility" => "private"
	})

	{:ok, a4} =
	CommonAPI.post(User.get_cached_by_id(user.id), %{
	"status" => "yeah",
	"visibility" => "direct"
	})

	{:ok, _} = Object.normalize(a1) \|> ActivityPub.delete()
	{:ok, _} = Object.normalize(a2) \|> ActivityPub.delete()
	{:ok, _} = Object.normalize(a3) \|> ActivityPub.delete()
	{:ok, _} = Object.normalize(a4) \|> ActivityPub.delete()

	user = User.get_cached_by_id(user.id)
	assert user.note_count == 10
	end

	test "it creates a delete activity and checks that it is also sent to users mentioned by the deleted object" do
	user = insert(:user)
	note = insert(:note_activity)
	object = Object.normalize(note)

	{:ok, object} =
	object
	\|> Object.change(%{
	data: %{
	"actor" => object.data["actor"],
	"id" => object.data["id"],
	"to" => [user.ap_id],
	"type" => "Note"
	}
	})
	\|> Object.update_and_set_cache()

	{:ok, delete} = ActivityPub.delete(object)

	assert user.ap_id in delete.data["to"]
	end

	test "decreases reply count" do
	user = insert(:user)
	user2 = insert(:user)

	{:ok, activity} = CommonAPI.post(user, %{"status" => "1", "visibility" => "public"})
	reply_data = %{"status" => "1", "in_reply_to_status_id" => activity.id}
	ap_id = activity.data["id"]

	{:ok, public_reply} = CommonAPI.post(user2, Map.put(reply_data, "visibility", "public"))
	{:ok, unlisted_reply} = CommonAPI.post(user2, Map.put(reply_data, "visibility", "unlisted"))
	{:ok, private_reply} = CommonAPI.post(user2, Map.put(reply_data, "visibility", "private"))
	{:ok, direct_reply} = CommonAPI.post(user2, Map.put(reply_data, "visibility", "direct"))

	_ = CommonAPI.delete(direct_reply.id, user2)
	assert %{data: data, object: object} = Activity.get_by_ap_id_with_object(ap_id)
	assert object.data["repliesCount"] == 2

	_ = CommonAPI.delete(private_reply.id, user2)
	assert %{data: data, object: object} = Activity.get_by_ap_id_with_object(ap_id)
	assert object.data["repliesCount"] == 2

	_ = CommonAPI.delete(public_reply.id, user2)
	assert %{data: data, object: object} = Activity.get_by_ap_id_with_object(ap_id)
	assert object.data["repliesCount"] == 1

	_ = CommonAPI.delete(unlisted_reply.id, user2)
	assert %{data: data, object: object} = Activity.get_by_ap_id_with_object(ap_id)
	assert object.data["repliesCount"] == 0
	end

	test "it passes delete activity through MRF before deleting the object" do
	rewrite_policy = Pleroma.Config.get([:instance, :rewrite_policy])
	Pleroma.Config.put([:instance, :rewrite_policy], Pleroma.Web.ActivityPub.MRF.DropPolicy)

	on_exit(fn -> Pleroma.Config.put([:instance, :rewrite_policy], rewrite_policy) end)

	note = insert(:note_activity)
	object = Object.normalize(note)

	{:error, {:reject, _}} = ActivityPub.delete(object)

	assert Activity.get_by_id(note.id)
	assert Repo.get(Object, object.id).data["type"] == object.data["type"]
	end
	end

	describe "timeline post-processing" do
	test "it filters broken threads" do
	user1 = insert(:user)
	user2 = insert(:user)
	user3 = insert(:user)

	{:ok, user1} = User.follow(user1, user3)
	assert User.following?(user1, user3)

	{:ok, user2} = User.follow(user2, user3)
	assert User.following?(user2, user3)

	{:ok, user3} = User.follow(user3, user2)
	assert User.following?(user3, user2)

	{:ok, public_activity} = CommonAPI.post(user3, %{"status" => "hi 1"})

	{:ok, private_activity_1} =
	CommonAPI.post(user3, %{"status" => "hi 2", "visibility" => "private"})

	{:ok, private_activity_2} =
	CommonAPI.post(user2, %{
	"status" => "hi 3",
	"visibility" => "private",
	"in_reply_to_status_id" => private_activity_1.id
	})

	{:ok, private_activity_3} =
	CommonAPI.post(user3, %{
	"status" => "hi 4",
	"visibility" => "private",
	"in_reply_to_status_id" => private_activity_2.id
	})

	activities =
	ActivityPub.fetch_activities([user1.ap_id \| User.following(user1)])
	\|> Enum.map(fn a -> a.id end)

	private_activity_1 = Activity.get_by_ap_id_with_object(private_activity_1.data["id"])

	assert [public_activity.id, private_activity_1.id, private_activity_3.id] == activities

	assert length(activities) == 3

	activities =
	ActivityPub.fetch_activities([user1.ap_id \| User.following(user1)], %{"user" => user1})
	\|> Enum.map(fn a -> a.id end)

	assert [public_activity.id, private_activity_1.id] == activities
	assert length(activities) == 2
	end
	end

	describe "update" do
	test "it creates an update activity with the new user data" do
	user = insert(:user)
	{:ok, user} = User.ensure_keys_present(user)
	user_data = Pleroma.Web.ActivityPub.UserView.render("user.json", %{user: user})

	{:ok, update} =
	ActivityPub.update(%{
	actor: user_data["id"],
	to: [user.follower_address],
	cc: [],
	object: user_data
	})

	assert update.data["actor"] == user.ap_id
	assert update.data["to"] == [user.follower_address]
	assert embedded_object = update.data["object"]
	assert embedded_object["id"] == user_data["id"]
	assert embedded_object["type"] == user_data["type"]
	end
	end

	test "returned pinned statuses" do
	Pleroma.Config.put([:instance, :max_pinned_statuses], 3)
	user = insert(:user)

	{:ok, activity_one} = CommonAPI.post(user, %{"status" => "HI!!!"})
	{:ok, activity_two} = CommonAPI.post(user, %{"status" => "HI!!!"})
	{:ok, activity_three} = CommonAPI.post(user, %{"status" => "HI!!!"})

	CommonAPI.pin(activity_one.id, user)
	user = refresh_record(user)

	CommonAPI.pin(activity_two.id, user)
	user = refresh_record(user)

	CommonAPI.pin(activity_three.id, user)
	user = refresh_record(user)

	activities = ActivityPub.fetch_user_activities(user, nil, %{"pinned" => "true"})

	assert 3 = length(activities)
	end

	describe "flag/1" do
	setup do
	reporter = insert(:user)
	target_account = insert(:user)
	content = "foobar"
	{:ok, activity} = CommonAPI.post(target_account, %{"status" => content})
	context = Utils.generate_context_id()

	reporter_ap_id = reporter.ap_id
	target_ap_id = target_account.ap_id
	activity_ap_id = activity.data["id"]

	activity_with_object = Activity.get_by_ap_id_with_object(activity_ap_id)

	{:ok,
	%{
	reporter: reporter,
	context: context,
	target_account: target_account,
	reported_activity: activity,
	content: content,
	activity_ap_id: activity_ap_id,
	activity_with_object: activity_with_object,
	reporter_ap_id: reporter_ap_id,
	target_ap_id: target_ap_id
	}}
	end

	test "it can create a Flag activity",
	%{
	reporter: reporter,
	context: context,
	target_account: target_account,
	reported_activity: reported_activity,
	content: content,
	activity_ap_id: activity_ap_id,
	activity_with_object: activity_with_object,
	reporter_ap_id: reporter_ap_id,
	target_ap_id: target_ap_id
	} do
	assert {:ok, activity} =
	ActivityPub.flag(%{
	actor: reporter,
	context: context,
	account: target_account,
	statuses: [reported_activity],
	content: content
	})

	note_obj = %{
	"type" => "Note",
	"id" => activity_ap_id,
	"content" => content,
	"published" => activity_with_object.object.data["published"],
	"actor" => AccountView.render("show.json", %{user: target_account})
	}

	assert %Activity{
	actor: ^reporter_ap_id,
	data: %{
	"type" => "Flag",
	"content" => ^content,
	"context" => ^context,
	"object" => [^target_ap_id, ^note_obj]
	}
	} = activity
	end

	test_with_mock "strips status data from Flag, before federating it",
	%{
	reporter: reporter,
	context: context,
	target_account: target_account,
	reported_activity: reported_activity,
	content: content
	},
	Utils,
	[:passthrough],
	[] do
	{:ok, activity} =
	ActivityPub.flag(%{
	actor: reporter,
	context: context,
	account: target_account,
	statuses: [reported_activity],
	content: content
	})

	new_data =
	put_in(activity.data, ["object"], [target_account.ap_id, reported_activity.data["id"]])

	assert_called(Utils.maybe_federate(%{activity \| data: new_data}))
	end
	end

	test "fetch_activities/2 returns activities addressed to a list " do
	user = insert(:user)
	member = insert(:user)
	{:ok, list} = Pleroma.List.create("foo", user)
	{:ok, list} = Pleroma.List.follow(list, member)

	{:ok, activity} =
	CommonAPI.post(user, %{"status" => "foobar", "visibility" => "list:#{list.id}"})

	activity = Repo.preload(activity, :bookmark)
	activity = %Activity{activity \| thread_muted?: !!activity.thread_muted?}

	assert ActivityPub.fetch_activities([], %{"user" => user}) == [activity]
	end

	def data_uri do
	File.read!("test/fixtures/avatar_data_uri")
	end

	describe "fetch_activities_bounded" do
	test "fetches private posts for followed users" do
	user = insert(:user)

	{:ok, activity} =
	CommonAPI.post(user, %{
	"status" => "thought I looked cute might delete later :3",
	"visibility" => "private"
	})

	[result] = ActivityPub.fetch_activities_bounded([user.follower_address], [])
	assert result.id == activity.id
	end

	test "fetches only public posts for other users" do
	user = insert(:user)
	{:ok, activity} = CommonAPI.post(user, %{"status" => "#cofe", "visibility" => "public"})

	{:ok, _private_activity} =
	CommonAPI.post(user, %{
	"status" => "why is tenshi eating a corndog so cute?",
	"visibility" => "private"
	})

	[result] = ActivityPub.fetch_activities_bounded([], [user.follower_address])
	assert result.id == activity.id
	end
	end

	describe "fetch_follow_information_for_user" do
	test "syncronizes following/followers counters" do
	user =
	insert(:user,
	local: false,
	follower_address: "http://localhost:4001/users/fuser2/followers",
	following_address: "http://localhost:4001/users/fuser2/following"
	)

	{:ok, info} = ActivityPub.fetch_follow_information_for_user(user)
	assert info.follower_count == 527
	assert info.following_count == 267
	end

	test "detects hidden followers" do
	mock(fn env ->
	case env.url do
	"http://localhost:4001/users/masto_closed/followers?page=1" ->
	%Tesla.Env{status: 403, body: ""}

	_ ->
	apply(HttpRequestMock, :request, [env])
	end
	end)

	user =
	insert(:user,
	local: false,
	follower_address: "http://localhost:4001/users/masto_closed/followers",
	following_address: "http://localhost:4001/users/masto_closed/following"
	)

	{:ok, follow_info} = ActivityPub.fetch_follow_information_for_user(user)
	assert follow_info.hide_followers == true
	assert follow_info.hide_follows == false
	end

	test "detects hidden follows" do
	mock(fn env ->
	case env.url do
	"http://localhost:4001/users/masto_closed/following?page=1" ->
	%Tesla.Env{status: 403, body: ""}

	_ ->
	apply(HttpRequestMock, :request, [env])
	end
	end)

	user =
	insert(:user,
	local: false,
	follower_address: "http://localhost:4001/users/masto_closed/followers",
	following_address: "http://localhost:4001/users/masto_closed/following"
	)

	{:ok, follow_info} = ActivityPub.fetch_follow_information_for_user(user)
	assert follow_info.hide_followers == false
	assert follow_info.hide_follows == true
	end

	test "detects hidden follows/followers for friendica" do
	user =
	insert(:user,
	local: false,
	follower_address: "http://localhost:8080/followers/fuser3",
	following_address: "http://localhost:8080/following/fuser3"
	)

	{:ok, follow_info} = ActivityPub.fetch_follow_information_for_user(user)
	assert follow_info.hide_followers == true
	assert follow_info.follower_count == 296
	assert follow_info.following_count == 32
	assert follow_info.hide_follows == true
	end
	+
	+ test "doesn't crash when follower and following counters are hidden" do
	+ mock(fn env ->
	+ case env.url do
	+ "http://localhost:4001/users/masto_hidden_counters/following" ->
	+ json(%{
	+ "@context" => "https://www.w3.org/ns/activitystreams",
	+ "id" => "http://localhost:4001/users/masto_hidden_counters/followers"
	+ })
	+
	+ "http://localhost:4001/users/masto_hidden_counters/following?page=1" ->
	+ %Tesla.Env{status: 403, body: ""}
	+
	+ "http://localhost:4001/users/masto_hidden_counters/followers" ->
	+ json(%{
	+ "@context" => "https://www.w3.org/ns/activitystreams",
	+ "id" => "http://localhost:4001/users/masto_hidden_counters/following"
	+ })
	+
	+ "http://localhost:4001/users/masto_hidden_counters/followers?page=1" ->
	+ %Tesla.Env{status: 403, body: ""}
	+ end
	+ end)
	+
	+ user =
	+ insert(:user,
	+ local: false,
	+ follower_address: "http://localhost:4001/users/masto_hidden_counters/followers",
	+ following_address: "http://localhost:4001/users/masto_hidden_counters/following"
	+ )
	+
	+ {:ok, follow_info} = ActivityPub.fetch_follow_information_for_user(user)
	+
	+ assert follow_info.hide_followers == true
	+ assert follow_info.follower_count == 0
	+ assert follow_info.hide_follows == true
	+ assert follow_info.following_count == 0
	+ end
	end

	describe "fetch_favourites/3" do
	test "returns a favourite activities sorted by adds to favorite" do
	user = insert(:user)
	other_user = insert(:user)
	user1 = insert(:user)
	user2 = insert(:user)
	{:ok, a1} = CommonAPI.post(user1, %{"status" => "bla"})
	{:ok, _a2} = CommonAPI.post(user2, %{"status" => "traps are happy"})
	{:ok, a3} = CommonAPI.post(user2, %{"status" => "Trees Are "})
	{:ok, a4} = CommonAPI.post(user2, %{"status" => "Agent Smith "})
	{:ok, a5} = CommonAPI.post(user1, %{"status" => "Red or Blue "})

	{:ok, _, _} = CommonAPI.favorite(a4.id, user)
	{:ok, _, _} = CommonAPI.favorite(a3.id, other_user)
	{:ok, _, _} = CommonAPI.favorite(a3.id, user)
	{:ok, _, _} = CommonAPI.favorite(a5.id, other_user)
	{:ok, _, _} = CommonAPI.favorite(a5.id, user)
	{:ok, _, _} = CommonAPI.favorite(a4.id, other_user)
	{:ok, _, _} = CommonAPI.favorite(a1.id, user)
	{:ok, _, _} = CommonAPI.favorite(a1.id, other_user)
	result = ActivityPub.fetch_favourites(user)

	assert Enum.map(result, & &1.id) == [a1.id, a5.id, a3.id, a4.id]

	result = ActivityPub.fetch_favourites(user, %{"limit" => 2})
	assert Enum.map(result, & &1.id) == [a1.id, a5.id]
	end
	end

	describe "Move activity" do
	test "create" do
	%{ap_id: old_ap_id} = old_user = insert(:user)
	%{ap_id: new_ap_id} = new_user = insert(:user, also_known_as: [old_ap_id])
	follower = insert(:user)
	follower_move_opted_out = insert(:user, allow_following_move: false)

	User.follow(follower, old_user)
	User.follow(follower_move_opted_out, old_user)

	assert User.following?(follower, old_user)
	assert User.following?(follower_move_opted_out, old_user)

	assert {:ok, activity} = ActivityPub.move(old_user, new_user)

	assert %Activity{
	actor: ^old_ap_id,
	data: %{
	"actor" => ^old_ap_id,
	"object" => ^old_ap_id,
	"target" => ^new_ap_id,
	"type" => "Move"
	},
	local: true
	} = activity

	params = %{
	"op" => "move_following",
	"origin_id" => old_user.id,
	"target_id" => new_user.id
	}

	assert_enqueued(worker: Pleroma.Workers.BackgroundWorker, args: params)

	Pleroma.Workers.BackgroundWorker.perform(params, nil)

	refute User.following?(follower, old_user)
	assert User.following?(follower, new_user)

	assert User.following?(follower_move_opted_out, old_user)
	refute User.following?(follower_move_opted_out, new_user)

	activity = %Activity{activity \| object: nil}

	assert [%Notification{activity: ^activity}] =
	Notification.for_user(follower, %{with_move: true})

	assert [%Notification{activity: ^activity}] =
	Notification.for_user(follower_move_opted_out, %{with_move: true})
	end

	test "old user must be in the new user's `also_known_as` list" do
	old_user = insert(:user)
	new_user = insert(:user)

	assert {:error, "Target account must have the origin in `alsoKnownAs`"} =
	ActivityPub.move(old_user, new_user)
	end
	end
	end
	diff --git a/test/web/metadata/twitter_card_test.exs b/test/web/metadata/twitter_card_test.exs
	index 0814006d2..85a654f52 100644
	--- a/test/web/metadata/twitter_card_test.exs
	+++ b/test/web/metadata/twitter_card_test.exs
	@@ -1,123 +1,148 @@
	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Web.Metadata.Providers.TwitterCardTest do
	use Pleroma.DataCase
	import Pleroma.Factory

	alias Pleroma.User
	alias Pleroma.Web.CommonAPI
	alias Pleroma.Web.Endpoint
	alias Pleroma.Web.Metadata.Providers.TwitterCard
	alias Pleroma.Web.Metadata.Utils
	alias Pleroma.Web.Router

	test "it renders twitter card for user info" do
	user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
	avatar_url = Utils.attachment_url(User.avatar_url(user))
	res = TwitterCard.build_tags(%{user: user})

	assert res == [
	{:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []},
	{:meta, [property: "twitter:description", content: "born 19 March 1994"], []},
	{:meta, [property: "twitter:image", content: avatar_url], []},
	{:meta, [property: "twitter:card", content: "summary"], []}
	]
	end

	- test "it does not render attachments if post is nsfw" do
	+ test "it uses summary twittercard if post has no attachment" do
	+ user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
	+ {:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})
	+
	+ note =
	+ insert(:note, %{
	+ data: %{
	+ "actor" => user.ap_id,
	+ "tag" => [],
	+ "id" => "https://pleroma.gov/objects/whatever",
	+ "content" => "pleroma in a nutshell"
	+ }
	+ })
	+
	+ result = TwitterCard.build_tags(%{object: note, user: user, activity_id: activity.id})
	+
	+ assert [
	+ {:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []},
	+ {:meta, [property: "twitter:description", content: "“pleroma in a nutshell”"], []},
	+ {:meta, [property: "twitter:image", content: "http://localhost:4001/images/avi.png"],
	+ []},
	+ {:meta, [property: "twitter:card", content: "summary"], []}
	+ ] == result
	+ end
	+
	+ test "it renders avatar not attachment if post is nsfw and unfurl_nsfw is disabled" do
	Pleroma.Config.put([Pleroma.Web.Metadata, :unfurl_nsfw], false)
	user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
	{:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})

	note =
	insert(:note, %{
	data: %{
	"actor" => user.ap_id,
	"tag" => [],
	"id" => "https://pleroma.gov/objects/whatever",
	"content" => "pleroma in a nutshell",
	"sensitive" => true,
	"attachment" => [
	%{
	"url" => [%{"mediaType" => "image/png", "href" => "https://pleroma.gov/tenshi.png"}]
	},
	%{
	"url" => [
	%{
	"mediaType" => "application/octet-stream",
	"href" => "https://pleroma.gov/fqa/badapple.sfc"
	}
	]
	},
	%{
	"url" => [
	%{"mediaType" => "video/webm", "href" => "https://pleroma.gov/about/juche.webm"}
	]
	}
	]
	}
	})

	result = TwitterCard.build_tags(%{object: note, user: user, activity_id: activity.id})

	assert [
	{:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []},
	{:meta, [property: "twitter:description", content: "“pleroma in a nutshell”"], []},
	{:meta, [property: "twitter:image", content: "http://localhost:4001/images/avi.png"],
	[]},
	- {:meta, [property: "twitter:card", content: "summary_large_image"], []}
	+ {:meta, [property: "twitter:card", content: "summary"], []}
	] == result
	end

	test "it renders supported types of attachments and skips unknown types" do
	user = insert(:user, name: "Jimmy Hendriks", bio: "born 19 March 1994")
	{:ok, activity} = CommonAPI.post(user, %{"status" => "HI"})

	note =
	insert(:note, %{
	data: %{
	"actor" => user.ap_id,
	"tag" => [],
	"id" => "https://pleroma.gov/objects/whatever",
	"content" => "pleroma in a nutshell",
	"attachment" => [
	%{
	"url" => [%{"mediaType" => "image/png", "href" => "https://pleroma.gov/tenshi.png"}]
	},
	%{
	"url" => [
	%{
	"mediaType" => "application/octet-stream",
	"href" => "https://pleroma.gov/fqa/badapple.sfc"
	}
	]
	},
	%{
	"url" => [
	%{"mediaType" => "video/webm", "href" => "https://pleroma.gov/about/juche.webm"}
	]
	}
	]
	}
	})

	result = TwitterCard.build_tags(%{object: note, user: user, activity_id: activity.id})

	assert [
	{:meta, [property: "twitter:title", content: Utils.user_name_string(user)], []},
	{:meta, [property: "twitter:description", content: "“pleroma in a nutshell”"], []},
	{:meta, [property: "twitter:card", content: "summary_large_image"], []},
	{:meta, [property: "twitter:player", content: "https://pleroma.gov/tenshi.png"], []},
	{:meta, [property: "twitter:card", content: "player"], []},
	{:meta,
	[
	property: "twitter:player",
	content: Router.Helpers.o_status_url(Endpoint, :notice_player, activity.id)
	], []},
	{:meta, [property: "twitter:player:width", content: "480"], []},
	{:meta, [property: "twitter:player:height", content: "480"], []}
	] == result
	end
	end

File Metadata

Mime Type: text/x-diff
Expires: Tue, Jun 24, 2:54 AM (27 m, 16 s)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 234646
Default Alt Text: (285 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions