Merge branch 'dev'

.gitignore

@@ -36,4 +36,6 @@ node_modules/
 .idea/*.iml
 .idea/modules
 *.iml
-*.ipr
+*.ipr
+
+pom.xml.new-version

Dockerfile

@@ -2,6 +2,7 @@ FROM maven:3.8.6-eclipse-temurin-17 as builder
 
 WORKDIR /usr/src/app
 COPY . .
+ARG MAVEN_OPTS
 RUN mvn package -DskipTests=true
 RUN java LibVipsDownloader.java
 
@@ -15,4 +16,4 @@ COPY --from=builder /usr/src/app/*.so /opt/smithereen/
 RUN echo -e '#!/bin/bash\njava -jar /opt/smithereen/smithereen.jar /usr/local/etc/config.properties init_admin' > smithereen-init-admin && chmod +x smithereen-init-admin
 
 EXPOSE 4567
-ENTRYPOINT java -Djna.library.path=/opt/smithereen -jar /opt/smithereen/smithereen.jar /usr/local/etc/config.properties
+ENTRYPOINT java -Djna.library.path=/opt/smithereen -jar /opt/smithereen/smithereen.jar /usr/local/etc/config.properties

FEDERATION.md

@@ -226,4 +226,40 @@ collection=http%3A%2F%2Fsmithereen.local%3A8080%2Fusers%2F1%2Ffriends&item=http%
 </details>
 
 ### Add and Remove activities for collections
-For `sm:friends` and `sm:groups` collections for users, as well as `sm:members` and `sm:tentativeMembers` for groups and events, their owning actors send `Add` and `Remove` activities to their followers to help keep these lists in sync across servers. Smithereen also uses these activities to display entries like "John Smith added Jane Doe as a friend" in the news feed.
+For `sm:friends` and `sm:groups` collections for users, as well as `sm:members` and `sm:tentativeMembers` for groups and events, their owning actors send `Add` and `Remove` activities to their followers to help keep these lists in sync across servers. Smithereen also uses these activities to display entries like "John Smith added Jane Doe as a friend" in the news feed.
+
+### Privacy settings
+Smithereen allows users to specify privacy settings. These come in two types: **interactions** and **visibility**. The **interaction** settings restrict who can perform actions with this user's account and the content they created, e.g. commenting on posts or sending direct messages. The **visibility** settings specify who can see certain types of content.
+
+Privacy settings are specified in the `sm:privacySettings` field in the user actor object. The following keys are currently defined:
+- `sm:wallPosting`: who can create posts on this user's wall.
+- `sm:wallPostVisibility`: who can see others' posts on this user's wall. If no one on your server can see the posts of this user, the `sm:wall` collection will only contain this user's own posts.
+- `sm:commenting`: who can comment on this user's posts, both their own and posts made by others on their wall.
+- `sm:groupInvitations`: who can invite this user to join groups and events (the `Invite{Group}` activity).
+- `sm:directMessages`: who can send this user direct messages, i.e. `Note`s that are addressed neither to `as:Public` nor to anyone's followers or friends collections.
+
+Each key corresponds to a privacy settings object. The format of this object is:
+- `sm:allowedTo`: an array of actor or collection IDs to whom access is allowed. If it is allowed to everyone, this contains `as:Public` as a single element. If it is not allowed to anyone, this is an empty array or `null`.
+  - Supported collections are: `followers`, `following`, and `sm:friends`.
+  - If the access is allowed to **friends and their friends** (i.e. friends themselves + anyone who has mutual friends with this user), the array would contain 2 elements: the ID of the `sm:friends` collection and a special value `sm:FriendsOfFriends`.
+- `sm:except`: an array of actor IDs who, even if they match `sm:allowedTo`, are not allowed to perform the action or access the content.
+
+The actor ID lists are filtered by the domain of the server that's receiving the actor object to protect that user's privacy. When the user actor is fetched by its URL, the domain of the requesting server is determined by the HTTP signature, so it is important to sign GET requests for actors at all times.
+
+When a user updates their privacy settings, an `Update{Person}` is sent to all affected servers or all followers, whichever set is smaller.
+
+The default value for all privacy settings is "everyone":
+```json
+{
+  "sm:allowedTo": ["as:Public"],
+  "sm:except": []
+}
+```
+
+If a server still sends an activity that is not allowed by the user's privacy settings, Smithereen would respond with a 403 HTTP error.
+
+#### Special exception for direct messages
+If a user sends a message to someone who can't send **them** messages, the recipient is temporarily allowed to send them messages. The exception lasts for a week (168 hours) or 10 messages, whichever comes first. Every outgoing message resets the time and the message count.
+
+### Read receipts for direct messages
+When a recipient views a direct message (a `Note` that is only addressed to actors and no collections) for the first time, Smithereen will send a `Read{Note}` activity to its sender.

crowdin.yml

@@ -1,3 +1,3 @@
 files:
-  - source: /src/main/resources/langs/en.json
-    translation: /src/main/resources/langs/%two_letters_code%.json
+  - source: /src/main/resources/langs/en/*.json
+    translation: /src/main/resources/langs/%two_letters_code%/%file_name%.json

pom.xml

@@ -188,20 +188,19 @@
 
 	<dependencies>
 		<dependency>
-			<groupId>com.sparkjava</groupId>
+			<groupId>me.grishka.sparkjava</groupId>
 			<artifactId>spark-core</artifactId>
-			<version>2.9.4</version>
+			<version>2.9.4+patch.1</version>
 		</dependency>
 		<dependency>
 			<groupId>io.pebbletemplates</groupId>
 			<artifactId>pebble</artifactId>
-			<version>3.1.5</version>
+			<version>3.2.1</version>
 		</dependency>
 		<dependency>
-			<groupId>mysql</groupId>
-			<artifactId>mysql-connector-java</artifactId>
-			<!-- TODO remove all uses of resultSet.first() and upgrade this -->
-			<version>8.0.18</version>
+			<groupId>com.mysql</groupId>
+			<artifactId>mysql-connector-j</artifactId>
+			<version>8.1.0</version>
 		</dependency>
 		<dependency>
 			<groupId>org.jetbrains</groupId>
@@ -213,7 +212,7 @@
 			<!-- jsoup HTML parser library @ https://jsoup.org/ -->
 			<groupId>org.jsoup</groupId>
 			<artifactId>jsoup</artifactId>
-			<version>1.14.3</version>
+			<version>1.15.3</version>
 		</dependency>
 		<dependency>
 			<groupId>com.squareup.okhttp3</groupId>
@@ -239,7 +238,7 @@
 		<dependency>
 			<groupId>com.google.code.gson</groupId>
 			<artifactId>gson</artifactId>
-			<version>2.9.0</version>
+			<version>2.10.1</version>
 		</dependency>
 		<dependency>
 			<groupId>cz.jirutka.unidecode</groupId>

schema.sql

@@ -1,8 +1,8 @@
--- MySQL dump 10.13  Distrib 8.0.28, for macos12.2 (arm64)
+-- MySQL dump 10.13  Distrib 8.0.32, for macos13.0 (arm64)
 --
 -- Host: localhost    Database: smithereen
 -- ------------------------------------------------------
--- Server version	8.0.28
+-- Server version	8.0.32
 /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
 
 --
@@ -252,8 +252,67 @@ CREATE TABLE `likes` (
   `ap_id` varchar(300) CHARACTER SET ascii COLLATE ascii_general_ci DEFAULT NULL,
   UNIQUE KEY `user_id` (`user_id`,`object_id`,`object_type`),
   UNIQUE KEY `id` (`id`),
-  KEY `object_type` (`object_type`,`object_id`),
-  CONSTRAINT `likes_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`)
+  KEY `object_type` (`object_type`,`object_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+--
+-- Table structure for table `mail_messages`
+--
+
+CREATE TABLE `mail_messages` (
+  `id` bigint unsigned NOT NULL AUTO_INCREMENT,
+  `owner_id` int unsigned NOT NULL,
+  `sender_id` int unsigned NOT NULL,
+  `to` varbinary(1024) NOT NULL,
+  `cc` varbinary(1024) DEFAULT NULL,
+  `text` text NOT NULL,
+  `subject` text NOT NULL,
+  `attachments` json DEFAULT NULL,
+  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `updated_at` timestamp NULL DEFAULT NULL,
+  `deleted_at` timestamp NULL DEFAULT NULL,
+  `read_receipts` varbinary(1024) DEFAULT NULL,
+  `ap_id` varchar(300) CHARACTER SET ascii COLLATE ascii_general_ci DEFAULT NULL,
+  `reply_info` json DEFAULT NULL,
+  `related_message_ids` varbinary(1024) DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  KEY `owner_id` (`owner_id`),
+  KEY `sender_id` (`sender_id`),
+  KEY `ap_id` (`ap_id`),
+  KEY `deleted_at` (`deleted_at`),
+  KEY `read_receipts` (`read_receipts`),
+  FULLTEXT KEY `text` (`text`,`subject`),
+  CONSTRAINT `mail_messages_ibfk_1` FOREIGN KEY (`owner_id`) REFERENCES `users` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+--
+-- Table structure for table `mail_messages_peers`
+--
+
+CREATE TABLE `mail_messages_peers` (
+  `owner_id` int unsigned NOT NULL,
+  `peer_id` int unsigned NOT NULL,
+  `message_id` bigint unsigned NOT NULL,
+  KEY `owner_id` (`owner_id`),
+  KEY `message_id` (`message_id`),
+  KEY `peer_id` (`peer_id`),
+  CONSTRAINT `mail_messages_peers_ibfk_1` FOREIGN KEY (`owner_id`) REFERENCES `users` (`id`) ON DELETE CASCADE,
+  CONSTRAINT `mail_messages_peers_ibfk_2` FOREIGN KEY (`message_id`) REFERENCES `mail_messages` (`id`) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+--
+-- Table structure for table `mail_privacy_grants`
+--
+
+CREATE TABLE `mail_privacy_grants` (
+  `owner_id` int unsigned NOT NULL,
+  `user_id` int unsigned NOT NULL,
+  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `messages_remain` int unsigned NOT NULL,
+  PRIMARY KEY (`owner_id`,`user_id`),
+  KEY `user_id` (`user_id`),
+  CONSTRAINT `mail_privacy_grants_ibfk_1` FOREIGN KEY (`owner_id`) REFERENCES `users` (`id`) ON DELETE CASCADE,
+  CONSTRAINT `mail_privacy_grants_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 --
@@ -351,7 +410,6 @@ CREATE TABLE `poll_votes` (
   KEY `user_id` (`user_id`),
   KEY `poll_id` (`poll_id`),
   KEY `option_id` (`option_id`),
-  CONSTRAINT `poll_votes_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`),
   CONSTRAINT `poll_votes_ibfk_2` FOREIGN KEY (`poll_id`) REFERENCES `polls` (`id`) ON DELETE CASCADE,
   CONSTRAINT `poll_votes_ibfk_3` FOREIGN KEY (`option_id`) REFERENCES `poll_options` (`id`) ON DELETE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
@@ -399,17 +457,15 @@ CREATE TABLE `reports` (
   `target_type` tinyint unsigned NOT NULL,
   `content_type` tinyint unsigned DEFAULT NULL,
   `target_id` int unsigned NOT NULL,
-  `content_id` int unsigned DEFAULT NULL,
+  `content_id` bigint unsigned DEFAULT NULL,
   `comment` text NOT NULL,
   `moderator_id` int unsigned DEFAULT NULL,
   `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
   `action_time` timestamp NULL DEFAULT NULL,
   `server_domain` varchar(100) DEFAULT NULL,
   PRIMARY KEY (`id`),
   KEY `reporter_id` (`reporter_id`),
-  KEY `moderator_id` (`moderator_id`),
-  CONSTRAINT `reports_ibfk_1` FOREIGN KEY (`reporter_id`) REFERENCES `users` (`id`),
-  CONSTRAINT `reports_ibfk_2` FOREIGN KEY (`moderator_id`) REFERENCES `users` (`id`)
+  KEY `moderator_id` (`moderator_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 --
@@ -521,6 +577,7 @@ CREATE TABLE `users` (
   `last_updated` timestamp NULL DEFAULT NULL,
   `flags` bigint unsigned NOT NULL,
   `endpoints` json DEFAULT NULL,
+  `privacy` json DEFAULT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `username` (`username`,`domain`),
   UNIQUE KEY `ap_id` (`ap_id`)
@@ -536,7 +593,7 @@ CREATE TABLE `wall_posts` (
   `owner_user_id` int unsigned DEFAULT NULL,
   `owner_group_id` int unsigned DEFAULT NULL,
   `text` text,
-  `attachments` text,
+  `attachments` json DEFAULT NULL,
   `repost_of` int unsigned DEFAULT NULL,
   `ap_url` varchar(300) DEFAULT NULL,
   `ap_id` varchar(300) CHARACTER SET ascii COLLATE ascii_general_ci DEFAULT NULL,
@@ -551,6 +608,7 @@ CREATE TABLE `wall_posts` (
   `federation_state` tinyint unsigned NOT NULL DEFAULT '0',
   `source` text,
   `source_format` tinyint unsigned DEFAULT NULL,
+  `privacy` tinyint unsigned NOT NULL DEFAULT '0',
   PRIMARY KEY (`id`),
   UNIQUE KEY `ap_id` (`ap_id`),
   KEY `owner_user_id` (`owner_user_id`),
@@ -561,10 +619,9 @@ CREATE TABLE `wall_posts` (
   KEY `poll_id` (`poll_id`),
   CONSTRAINT `wall_posts_ibfk_1` FOREIGN KEY (`owner_user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE,
   CONSTRAINT `wall_posts_ibfk_2` FOREIGN KEY (`repost_of`) REFERENCES `wall_posts` (`id`) ON DELETE SET NULL,
-  CONSTRAINT `wall_posts_ibfk_3` FOREIGN KEY (`author_id`) REFERENCES `users` (`id`) ON DELETE CASCADE,
   CONSTRAINT `wall_posts_ibfk_4` FOREIGN KEY (`owner_group_id`) REFERENCES `groups` (`id`) ON DELETE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
 
--- Dump completed on 2023-01-20 21:59:28
+-- Dump completed on 2023-10-26 17:12:16

src/main/java/smithereen/ApplicationContext.java

@@ -3,6 +3,7 @@
 import smithereen.activitypub.ActivityPubWorker;
 import smithereen.controllers.FriendsController;
 import smithereen.controllers.GroupsController;
+import smithereen.controllers.MailController;
 import smithereen.controllers.ModerationController;
 import smithereen.controllers.NewsfeedController;
 import smithereen.controllers.NotificationsController;
@@ -26,6 +27,7 @@ public class ApplicationContext{
 	private final NotificationsController notificationsController;
 	private final ModerationController moderationController;
 	private final StatsController statsController;
+	private final MailController mailController;
 
 	public ApplicationContext(){
 		wallController=new WallController(this);
@@ -40,6 +42,7 @@ public ApplicationContext(){
 		notificationsController=new NotificationsController(this);
 		moderationController=new ModerationController(this);
 		statsController=new StatsController(this);
+		mailController=new MailController(this);
 	}
 
 	public WallController getWallController(){
@@ -89,4 +92,8 @@ public ModerationController getModerationController(){
 	public StatsController getStatsController(){
 		return statsController;
 	}
+
+	public MailController getMailController(){
+		return mailController;
+	}
 }

src/main/java/smithereen/CLI.java

@@ -4,8 +4,8 @@
 import java.io.IOError;
 import java.sql.SQLException;
 
-import smithereen.data.Account;
-import smithereen.data.User;
+import smithereen.model.Account;
+import smithereen.model.User;
 import smithereen.storage.SessionStorage;
 import smithereen.storage.UserStorage;