From fad649c8eb78a8394a1a1772c60f3359775625b8 Mon Sep 17 00:00:00 2001 From: tykayn Date: Thu, 21 Jan 2021 11:24:58 +0100 Subject: [PATCH] up homepage and footer --- CHANGELOG.md | 52 ++++-- README.md | 29 ++-- SECURITY.md | 32 ++-- docker-compose.test.yml | 2 +- docker-compose.yml | 4 +- js/src/common.scss | 43 ++--- js/src/components/Event/EventListCard.vue | 2 +- js/src/components/Footer.vue | 13 +- js/src/components/NavBar.vue | 11 +- js/src/variables.scss | 68 ++++---- js/src/views/Group/Group.vue | 1 - js/src/views/Home.vue | 20 ++- js/src/views/User/Register.vue | 1 - test/fixtures/mastodon-accept-activity.json | 2 +- test/fixtures/mastodon-follow-activity.json | 2 +- test/fixtures/mastodon-like.json | 2 +- .../mastodon-post-activity-hashtag.json | 124 +++++++------- test/fixtures/mastodon-post-activity.json | 114 ++++++------- test/fixtures/mastodon-undo-announce.json | 88 +++++----- test/fixtures/mastodon-undo-like.json | 2 +- test/fixtures/mastodon-unfollow-activity.json | 64 +++---- test/fixtures/mobilizon-invite-activity.json | 2 +- test/fixtures/mobilizon-join-activity.json | 2 +- test/fixtures/mobilizon-leave-activity.json | 2 +- .../mobilizon-members-collection.json | 160 +++++++++--------- test/fixtures/prismo-url-map.json | 120 +++++++------ .../activity_pub/activity_object_bogus.json | 2 +- .../activity_pub/event_update_activities.json | 2 +- .../fetch_framapiaf.org_users_tcit.json | 2 +- .../fetch_framapiaf_framasoft_status.json | 2 +- .../fetch_framasoft_framapiaf_reply.json | 2 +- .../fetch_mobilizon_post_activity.json | 2 +- .../fetch_reply_to_framatube.json | 2 +- .../fetch_tcit@framapiaf.org.json | 2 +- .../mastodon_activity_hashtag.json | 2 +- .../mastodon_announce_activity.json | 2 +- .../mastodon_announce_existing_activity.json | 2 +- .../mastodon_follow_activity.json | 2 +- .../activity_pub/mastodon_post_activity.json | 2 +- .../mastodon_unannounce_activity.json | 2 +- .../activity_pub/object_bogus_origin.json | 2 +- .../signature/invalid_not_found.json | 2 +- .../signature/invalid_payload.json | 2 +- .../activity_pub/signature/valid.json | 2 +- .../activity_pub/signature/valid_payload.json | 2 +- .../unfollow_existing_follow_activity.json | 2 +- .../activity_pub/update_actor_activity.json | 2 +- .../mastodon-post-activity_actor_call.json | 2 +- .../actors/remote_actor_mastodon_tcit.json | 2 +- ...ote_actor_mastodon_tcit_actor_deleted.json | 2 +- .../remote_actor_mastodon_tcit_bad_key.json | 2 +- .../relay/fetch_relay_unfollow.json | 2 +- .../vcr_cassettes/webfinger/friendica.json | 2 +- .../vcr_cassettes/webfinger/mastodon.json | 2 +- .../vcr_cassettes/webfinger/peertube.json | 2 +- .../vcr_cassettes/webfinger/pleroma.json | 2 +- tsconfig.json | 4 +- 57 files changed, 521 insertions(+), 505 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0acd887f4..3f230c294 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ # Changelog + All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), @@ -12,23 +13,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Special operations -* **Reattach media files to their entity.** +- **Reattach media files to their entity.** When media files were uploaded and added in events and posts bodies, they were only attached to the profile that uploaded them, not to the event or post. This task attaches them back to their entity so that the command to clean orphan media files doesn't remove them. - * Source install + - Source install `MIX_ENV=prod mix mobilizon.maintenance.fix_unattached_media_in_body` - * Docker + - Docker `docker-compose exec mobilizon mobilizon_ctl maintenance.fix_unattached_media_in_body` -* **Refresh remote profiles to save avatars locally** +- **Refresh remote profiles to save avatars locally** Profile avatars and banners were previously only proxified and cached. Now we save them locally. Refreshing all remote actors will save profile media locally instead. - * Source install + - Source install `MIX_ENV=prod mix mobilizon.actors.refresh --all` - * Docker + - Docker `docker-compose exec mobilizon mobilizon_ctl actors.refresh --all` -* **imagemagick and webp are now a required dependency** to build Mobilizon. +- **imagemagick and webp are now a required dependency** to build Mobilizon. Optimized versions of Mobilizon's pictures are now produced during front-end build. See [the documentation](https://docs.joinmobilizon.org/administration/dependencies/#misc) to make sure these dependencies are installed. @@ -71,7 +72,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Fixed error message not showing up when you are already an anonymous participant for an event - Fixed error message not showing up when you pick an username already in user for a new profile or a group - Fixed translations not fallbacking properly to english when not found -- +- ### Security @@ -80,6 +81,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Translations Updated translations: + - Catalan - Dutch - English @@ -252,20 +254,21 @@ Updated translations: ### Special operations -* We added `application/ld+json` as acceptable MIME type for ActivityPub requests, so you'll need to recompile the `mime` library we use before recompiling Mobilizon: - ``` - MIX_ENV=prod mix deps.clean mime --build - ``` +- We added `application/ld+json` as acceptable MIME type for ActivityPub requests, so you'll need to recompile the `mime` library we use before recompiling Mobilizon: -* The [nginx configuration](https://framagit.org/framasoft/mobilizon/-/blob/master/support/nginx/mobilizon.conf) has been changed with improvements and support for custom error pages. + ``` + MIX_ENV=prod mix deps.clean mime --build + ``` -* The cmake dependency has been added (see [our documentation](https://docs.joinmobilizon.org/administration/dependencies/#basic-tools)) +- The [nginx configuration](https://framagit.org/framasoft/mobilizon/-/blob/master/support/nginx/mobilizon.conf) has been changed with improvements and support for custom error pages. + +- The cmake dependency has been added (see [our documentation](https://docs.joinmobilizon.org/administration/dependencies/#basic-tools)) ### Added - Possibility to login using LDAP - Possibility to login using OAuth providers -- Enabled group features in production mode +- Enabled group features in production mode - including posts (that can be public, unlisted, or restricted to your group members) - resources (collections of links, with folders, accessible to your group members) - discussions (group private and organized chats) @@ -289,11 +292,12 @@ Updated translations: ### Security - Fix group settings being accessible and editable by non-group-admins (thx @pigpig for reporting this responsibly) -- Fix events being editable by profiles without permissions (thx @pigpig for reporting this responsibly) +- Fix events being editable by profiles without permissions (thx @pigpig for reporting this responsibly) ## [1.0.0-beta.3] - 2020-06-24 ### Special operations + Config has moved from `.env` files to a more traditional way to handle things in the Elixir world, with `.exs` files. To migrate existing configuration, you can simply run `mix mobilizon.instance gen` and fill in the adequate values previously in `.env` files (you don't need to perform the operations to create the database). @@ -303,6 +307,7 @@ A minimal file template [is available](https://framagit.org/framasoft/mobilizon/ Also make sure to remove the `EnvironmentFile=` line from the systemd service and set `Environment=MIX_ENV=prod` instead. See [the updated file](https://framagit.org/framasoft/mobilizon/blob/master/support/systemd/mobilizon.service). ### Added + - Possibility to participate to an event without an account (confirmation through email required) - Possibility to participate to a remote event (being redirected by providing federated identity) - Possibility to add a note as a participant when event participation is manually validated (required when participating without an account) @@ -319,6 +324,7 @@ Also make sure to remove the `EnvironmentFile=` line from the systemd service an - Allow user to change language ### Changed + - Configuration handling (see above) - Improved a bit color theme - Signature validation also now checks if `Date` header has acceptable values @@ -329,6 +335,7 @@ Also make sure to remove the `EnvironmentFile=` line from the systemd service an - Improved public event page ### Fixed + - Fixed URL search - Fixed content accessed through URL search being public - Fix event links in some emails @@ -336,17 +343,21 @@ Also make sure to remove the `EnvironmentFile=` line from the systemd service an ## [1.0.0-beta.2] - 2019-12-18 ### Special operations + These two operations couldn't be handled during migrations. They are optional, but you won't be able to search or get participant stats on existing events if they are not executed. These commands will be removed in Mobilizon 1.0.0-beta.3. In order to populate search index for existing events, you need to run the following command (with prod environment): -* `mix mobilizon.setup_search` + +- `mix mobilizon.setup_search` In order to move participant stats to the event table for existing events, you need to run the following command (with prod environment): -* `mix mobilizon.move_participant_stats` + +- `mix mobilizon.move_participant_stats` ### Added + - Federation is active - Added an interface for admins to view and manage instance followers and followings - Ability to comment below events @@ -371,6 +382,7 @@ In order to move participant stats to the event table for existing events, you n - Upgraded frontend and backend dependencies ### Changed + - Move participant stats to event table **(read special instructions above)** - Limit length (20 characters) and number (10) of tags allowed - Added some backend changes and validation for field length @@ -384,6 +396,7 @@ In order to move participant stats to the event table for existing events, you n - Also consider the PeerTube `CommentsEnabled` property to know if you can reply to an event ### Fixed + - Fix event URL validation and check if hostname is correct before showing it - Fix participations stats on the MyEvents page - Fix event description lists margin @@ -413,8 +426,11 @@ In order to move participant stats to the event table for existing events, you n - Fixed event HTML representation when `GET` request has no `Accept` header ### Security + - Sanitize event title to avoid XSS ## [1.0.0-beta.1] - 2019-10-15 + ### Added + - Initial release diff --git a/README.md b/README.md index 831e17974..aad87c9d7 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Mobilizon is your federated organization and mobilization platform. Gather peopl Mobilizon is a tool designed to create platforms for managing communities and events. Its purpose is to help as many people as possible to free themselves from Facebook groups and events, from Meetup, etc. -The Mobilizon software is under a Free licence, so anyone can host a Mobilizon server, called an instance. These instances may federate with each other, so any person with an account on *ExampleMeet* will be able to register to an event created on *SpecimenEvent*. +The Mobilizon software is under a Free licence, so anyone can host a Mobilizon server, called an instance. These instances may federate with each other, so any person with an account on _ExampleMeet_ will be able to register to an event created on _SpecimenEvent_. ## ✨ Features @@ -33,7 +33,7 @@ You will have the power to create multiple identities from the same account, lik ### πŸ“… Events and groups -Create your events and make sure they will appeal to everybody. +Create your events and make sure they will appeal to everybody. Privacy settings and participants roles are supported. There's no lock-in, you can interact with the event without registration. @@ -46,23 +46,26 @@ We appreciate any contribution to Mobilizon. Check our [CONTRIBUTING](CONTRIBUTI ## Links ### Learn more - * 🌐 Official website: [https://joinmobilizon.org](https://joinmobilizon.org) - * πŸ”’ Pick an instance [https://mobilizon.org](https://mobilizon.org) - * πŸ’» Source: [https://framagit.org/framasoft/mobilizon](https://framagit.org/framasoft/mobilizon) - * πŸ“œ Documentation [https://docs.joinmobilizon.org](https://docs.joinmobilizon.org) - + +- 🌐 Official website: [https://joinmobilizon.org](https://joinmobilizon.org) +- πŸ”’ Pick an instance [https://mobilizon.org](https://mobilizon.org) +- πŸ’» Source: [https://framagit.org/framasoft/mobilizon](https://framagit.org/framasoft/mobilizon) +- πŸ“œ Documentation [https://docs.joinmobilizon.org](https://docs.joinmobilizon.org) + ### Discuss - * πŸ’¬ Element/Matrix: [https://matrix.to/#/#Mobilizon:matrix.org](https://matrix.to/#/#Mobilizon:matrix.org) - * πŸ—£οΈ Forum: [https://framacolibri.org/c/mobilizon](https://framacolibri.org/c/mobilizon) + +- πŸ’¬ Element/Matrix: [https://matrix.to/#/#Mobilizon:matrix.org](https://matrix.to/#/#Mobilizon:matrix.org) +- πŸ—£οΈ Forum: [https://framacolibri.org/c/mobilizon](https://framacolibri.org/c/mobilizon) ### Follow - * 🐘 Mastodon: [https://framapiaf.org/@mobilizon](https://framapiaf.org/@mobilizon) - * 🐦 Twitter [https://twitter.com/@joinmobilizon](https://twitter.com/@joinmobilizon) - + +- 🐘 Mastodon: [https://framapiaf.org/@mobilizon](https://framapiaf.org/@mobilizon) +- 🐦 Twitter [https://twitter.com/@joinmobilizon](https://twitter.com/@joinmobilizon) + Note: Most federation code comes from [Pleroma](https://pleroma.social), which is `Copyright Β© 2017-2018 Pleroma Authors - AGPL-3.0`. - ## ❀️ Supports of our crowdfunding + --- We have run [a crowdfunding campaign](https://framablog.org/2019/05/14/mobilizon-lets-finance-a-software-to-free-our-events-from-facebook/) to pave the road to the version 1.0.0 of Mobilizon. Thanks to everyone who pitched in and shared the news around! The list of [everyone who donated is available here](https://joinmobilizon.org/hall-of-fame). diff --git a/SECURITY.md b/SECURITY.md index be9788c4d..6ca34ad69 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -5,15 +5,15 @@ Framasoft, the Mobilizon maintainer team and community take all security bugs in ### Goals -* Mobilizon users can understand the distinctions between public data and private data/metadata on Mobilizon. +- Mobilizon users can understand the distinctions between public data and private data/metadata on Mobilizon. -* Users always know where their private data/metadata resides, who has access to it, and are able to access, export, and delete it. +- Users always know where their private data/metadata resides, who has access to it, and are able to access, export, and delete it. -* Protect private user data/metadata, not just from hackers but also (as much as is possible) from other users, instance admins, community moderators, and external applications. +- Protect private user data/metadata, not just from hackers but also (as much as is possible) from other users, instance admins, community moderators, and external applications. -* Secure from malicious creation, alteration or deletion of public data. +- Secure from malicious creation, alteration or deletion of public data. -* GDPR compliance. +- GDPR compliance. Framasoft is both a developer of open-source/free/libre self-hosted software, and a service provider with users in the European Union. As a result, we are putting user privacy, data sovereignty, and GDPR compliance into our security plans, including asking both the Framasoft community and outside hackers to review our approaches and implementations. @@ -21,11 +21,11 @@ Framasoft is both a developer of open-source/free/libre self-hosted software, an [Mobilizon](https://joinmobilizon.org) will be challenging to keep secure, as it is: -* open source, both back-end and front-end +- open source, both back-end and front-end -* self-hosted by diverse organisations and individuals +- self-hosted by diverse organisations and individuals -* federated (data is transmitted between different hosted instances) +- federated (data is transmitted between different hosted instances) This means there are more attack surfaces compared to typical proprietary, centralised platforms, but also means that hackers and even users can review every part of Mobilizon and make sure that it works as expected. This should result in more secure software, and higher trust in the application and its ecosystem. @@ -33,14 +33,14 @@ This means there are more attack surfaces compared to typical proprietary, centr We are committed to working with security researchers to verify, reproduce, and respond to legitimate reported vulnerabilities. You can help us by following these simple guidelines: -* Alert us about the vulnerability as soon as you become aware of it by emailing the lead maintainer at tcit+mobilizon@framasoft.org. -* Provide details needed to reproduce and validate the vulnerability and a Proof of Concept (PoC) as soon as possible -* Act in good faith to avoid privacy violations, destruction of data, and interruption or degradation of services -* Do not access or modify users’ private data, without explicit permission of the owner. Only interact with your own accounts or test accounts for security research purposes; -* Contact Framasoft or a maintainer of the Mobilizon project (or the instance admin) immediately if you do inadvertently encounter user data. Do not view, alter, save, store, transfer, or otherwise access the data, and immediately purge any local information upon reporting the vulnerability; -* The lead maintainer will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. -* Give us time to confirm, determine the affected versions and prepare fixes to correct the issue before disclosing it to other parties (if after waiting a reasonable amount of time, we are clearly unable or unwilling to do anything about it, please do hold us accountable!) -* Please test against a local instance of the software, and refrain from running any Denial of Service or automated testing tools against Framasoft's (and our partners') infrastructure +- Alert us about the vulnerability as soon as you become aware of it by emailing the lead maintainer at tcit+mobilizon@framasoft.org. +- Provide details needed to reproduce and validate the vulnerability and a Proof of Concept (PoC) as soon as possible +- Act in good faith to avoid privacy violations, destruction of data, and interruption or degradation of services +- Do not access or modify users’ private data, without explicit permission of the owner. Only interact with your own accounts or test accounts for security research purposes; +- Contact Framasoft or a maintainer of the Mobilizon project (or the instance admin) immediately if you do inadvertently encounter user data. Do not view, alter, save, store, transfer, or otherwise access the data, and immediately purge any local information upon reporting the vulnerability; +- The lead maintainer will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. +- Give us time to confirm, determine the affected versions and prepare fixes to correct the issue before disclosing it to other parties (if after waiting a reasonable amount of time, we are clearly unable or unwilling to do anything about it, please do hold us accountable!) +- Please test against a local instance of the software, and refrain from running any Denial of Service or automated testing tools against Framasoft's (and our partners') infrastructure Note : Please report security bugs in third-party modules to the person or team maintaining the module. diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 8d84def25..c88fe34bc 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -1,4 +1,4 @@ -version: '3' +version: "3" services: postgres: diff --git a/docker-compose.yml b/docker-compose.yml index 3df763f40..8e12be6be 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3' +version: "3" services: postgres: @@ -15,7 +15,7 @@ services: restart: unless-stopped build: . volumes: - - '.:/app' + - ".:/app" ports: - "4000:4000" depends_on: diff --git a/js/src/common.scss b/js/src/common.scss index 7146d4f61..d6f44d29f 100644 --- a/js/src/common.scss +++ b/js/src/common.scss @@ -23,11 +23,10 @@ main > .container { background: $whitest; min-height: 70vh; } -.step-content{ +.step-content { height: auto; } - a.out, .content a, .ProseMirror a { @@ -45,17 +44,18 @@ main { min-height: 80vh; } } - > #homepage{ + > #homepage { background: $whitest; - #featured_events{ + #featured_events { background: $whitest; } - #picture{ - .container, .section{ + #picture { + .container, + .section { background: $whitest; } } - > .container{ + > .container { min-height: 25vh; } } @@ -63,7 +63,6 @@ main { .section { padding: 1rem 1% 4rem; - } figure img.is-rounded { @@ -109,11 +108,10 @@ body { background: $body-background-color; font-family: BlinkMacSystemFont, Roboto, Oxygen, Ubuntu, Cantarell, "Segoe UI", "Fira Sans", "Droid Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; - } -#mobilizon{ - > main{ +#mobilizon { + > main { background: $body-background-color; } > .container > .message { @@ -173,12 +171,17 @@ a.list-item { .setting-title { margin-top: 2rem; margin-bottom: 1rem; - h1,h2,h3,h4,h5,h6{ + h1, + h2, + h3, + h4, + h5, + h6 { background: $secondary; - color : $white; - span{ + color: $white; + span { background: $secondary !important; - color : $white !important; + color: $white !important; } } h2 { @@ -190,11 +193,11 @@ a.list-item { } } -.hero-body{ +.hero-body { background-color: $chapril_blue_light; } -.columns{ +.columns { background: $whitest; } .setting-menu-item { @@ -219,9 +222,7 @@ a.list-item { } } - - -.time.datetime-container{ +.time.datetime-container { color: $white; background: $chapril_blue_light; span.month { @@ -233,7 +234,7 @@ a.list-item { footer */ -footer.footer[data-v-40ab164b] span.select select{ +footer.footer[data-v-40ab164b] span.select select { background: $chapril_blue_light; color: $footer-text-color; } diff --git a/js/src/components/Event/EventListCard.vue b/js/src/components/Event/EventListCard.vue index baea0741b..9fe0cc896 100644 --- a/js/src/components/Event/EventListCard.vue +++ b/js/src/components/Event/EventListCard.vue @@ -440,7 +440,7 @@ article.box { line-height: 1em; margin-top: 0.5em; } -.participation-actor{ +.participation-actor { margin-top: 1em; } diff --git a/js/src/components/Footer.vue b/js/src/components/Footer.vue index 2c7b0d61f..c1904d002 100644 --- a/js/src/components/Footer.vue +++ b/js/src/components/Footer.vue @@ -35,21 +35,26 @@ }}
  • - + Mentions lΓ©gales - +
  • - {{ $t("Terms") }} + {{ + $t("Terms") + }}
  • {{ $t("License") }}
    • +
  • + {{ $t("Contact") }} +