No description
Find a file
kim 223025fc27
[security] transport.Controller{} and transport.Transport{} security and performance improvements (#564)
* cache transports in controller by privkey-generated pubkey, add retry logic to transport requests

Signed-off-by: kim <grufwub@gmail.com>

* update code comments, defer mutex unlocks

Signed-off-by: kim <grufwub@gmail.com>

* add count to 'performing request' log message

Signed-off-by: kim <grufwub@gmail.com>

* reduce repeated conversions of same url.URL object

Signed-off-by: kim <grufwub@gmail.com>

* move worker.Worker to concurrency subpackage, add WorkQueue type, limit transport http client use by WorkQueue

Signed-off-by: kim <grufwub@gmail.com>

* fix security advisories regarding max outgoing conns, max rsp body size

- implemented by a new httpclient.Client{} that wraps an underlying
  client with a queue to limit connections, and limit reader wrapping
  a response body with a configured maximum size
- update pub.HttpClient args passed around to be this new httpclient.Client{}

Signed-off-by: kim <grufwub@gmail.com>

* add httpclient tests, move ip validation to separate package + change mechanism

Signed-off-by: kim <grufwub@gmail.com>

* fix merge conflicts

Signed-off-by: kim <grufwub@gmail.com>

* use singular mutex in transport rather than separate signer mus

Signed-off-by: kim <grufwub@gmail.com>

* improved useragent string

Signed-off-by: kim <grufwub@gmail.com>

* add note regarding missing test

Signed-off-by: kim <grufwub@gmail.com>

* remove useragent field from transport (instead store in controller)

Signed-off-by: kim <grufwub@gmail.com>

* shutup linter

Signed-off-by: kim <grufwub@gmail.com>

* reset other signing headers on each loop iteration

Signed-off-by: kim <grufwub@gmail.com>

* respect request ctx during retry-backoff sleep period

Signed-off-by: kim <grufwub@gmail.com>

* use external pkg with docs explaining performance "hack"

Signed-off-by: kim <grufwub@gmail.com>

* use http package constants instead of string method literals

Signed-off-by: kim <grufwub@gmail.com>

* add license file headers

Signed-off-by: kim <grufwub@gmail.com>

* update code comment to match new func names

Signed-off-by: kim <grufwub@gmail.com>

* updates to user-agent string

Signed-off-by: kim <grufwub@gmail.com>

* update signed testrig models to fit with new transport logic (instead uses separate signer now)

Signed-off-by: kim <grufwub@gmail.com>

* fuck you linter

Signed-off-by: kim <grufwub@gmail.com>
2022-05-15 11:16:43 +02:00
.github documentation updates (#211) 2021-09-11 16:45:50 +02:00
cmd/gotosocial [security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) 2022-05-15 11:16:43 +02:00
docs [documentation] Admin Panel installation + usage (#552) 2022-05-11 12:25:53 +02:00
example [Documentation] Simplify docker-compose documentation + example (#468) 2022-04-19 12:45:54 +02:00
internal [security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) 2022-05-15 11:16:43 +02:00
scripts Add support for running profiling when debug build-tags provided (#491) 2022-04-28 13:32:53 +01:00
test [feature] Add log-db-queries config option (#465) 2022-04-18 16:47:11 +02:00
testrig [security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) 2022-05-15 11:16:43 +02:00
vendor [security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) 2022-05-15 11:16:43 +02:00
web [feature] Web profile pages for accounts (#449) 2022-04-15 14:33:01 +02:00
.dockerignore [packaging] Use buildx for multi-arch Docker builds (#413) 2022-02-27 13:03:37 +01:00
.drone.yml [chore] Update Go version to 1.18 (#444) 2022-04-02 15:40:09 +02:00
.gitignore [documentation] Creates Docker documentation and docker-compose.yaml (#416) 2022-03-01 14:17:36 +01:00
.golangci.yml Enable stricter linting with golangci-lint (#316) 2021-11-22 08:46:19 +01:00
.goreleaser.yml [chore] Update Go version to 1.18 (#444) 2022-04-02 15:40:09 +02:00
.readthedocs.yaml requirements.txt for RtD 2021-07-31 17:54:50 +02:00
CONTRIBUTING.md [chore] Update Go version to 1.18 (#444) 2022-04-02 15:40:09 +02:00
Dockerfile [packaging] Use buildx for multi-arch Docker builds (#413) 2022-02-27 13:03:37 +01:00
go.mod [security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) 2022-05-15 11:16:43 +02:00
go.sum [security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) 2022-05-15 11:16:43 +02:00
LICENSE add docs and a bunch of other stuff 2021-02-28 15:17:18 +01:00
mkdocs.yml [Documentation] Update glossary, expand entry for dereferencing (#542) 2022-05-04 14:33:24 +02:00
README.md [documentation] Add known issues + project links in readme and docs (#541) 2022-05-04 11:36:20 +02:00
ROADMAP.md [documentation] Add project roadmap (#514) 2022-04-30 17:14:57 +02:00

GoToSocial

patrons receives Build Status

GoToSocial is an ActivityPub social network server, written in Golang.

With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to!

Documentation is at docs.gotosocial.org. You can skip straight to the API documentation here.

Here's a screenshot of the instance landing page!

Screenshot of the landing page for the GoToSocial instance goblin.technology. It shows basic information about the instance; number of users and posts etc.

Table of Contents

What is GoToSocial?

GoToSocial provides a lightweight, customizable, and safety-focused entryway into the Fediverse, and is comparable to (but distinct from) existing projects such as Mastodon, Pleroma, Friendica, and PixelFed.

If you've ever used something like Twitter or Tumblr (or even Myspace!) GoToSocial will probably feel familiar to you: You can follow people and have followers, you make posts which people can favourite and reply to and share, and you scroll through posts from people you follow using a timeline. You can write long posts or short posts, or just post images, it's up to you. You can also, of course, block people or otherwise limit interactions that you don't want by posting just to your friends.

Screenshot of the web view of a profile in GoToSocial, showing header and avatar, bio, and numbers of followers/following.

GoToSocial does NOT use algorithms or collect data about you to suggest content or 'improve your experience'. The timeline is chronological: whatever you see at the top of your timeline is there because it's just been posted, not because it's been selected as interesting (or controversial) based on your personal profile.

GoToSocial is not designed for 'must-follow' influencers with tens of thousands of followers, and it's not designed to be addictive. Your timeline and your experience is shaped by who you follow and how you interact with people, not by metrics of engagement!

GoToSocial doesn't claim to be better than any other application, but it offers something that might be better for you in particular.

Federation

Because GoToSocial uses ActivityPub, you can hang out not just with people on your home server, but with people all over the Fediverse, seamlessly.

the activitypub logo

Federation means that your home server is part of a network of servers all over the world that all communicate using the same protocol. Your data is no longer centralized on one company's servers, but resides on your own server and is shared -- as you see fit -- across a resilient web of servers run by other people.

This federated approach also means that you aren't beholden to arbitrary rules from some gigantic corporation potentially thousands of miles away. Your server has its own rules and culture; your fellow server residents are your neighbors; you will likely get to know your server admins and moderators, or be an admin yourself.

GoToSocial advocates for many small, weird, specialist servers where people can feel at home, rather than a few big and generic ones where one person's voice can get lost in the crowd.

History and Status

This project sprang up in February/March 2021 out of a dissatisfaction with the safety + privacy features of other Federated microblogging/social media applications, and a desire to implement something a little different.

It began as a solo project, and then picked up steam as more developers became interested and jumped on.

The project is still alpha software, but is already deployable and very useable, and it federates cleanly with many other Fediverse servers (not yet all).

For a detailed view on what's implemented and what's not, and progress made towards beta release, please see the roadmap document.

Features

Mastodon API compatibility

The Mastodon API has become the de-facto standard for client communication with federated servers, so GoToSocial has implemented and extended the API with custom functionality.

In short this means full support for modern, beautiful apps like Tusky and Pinafore.

Tusky Pinafore
An image of GoToSocial in Tusky An image of GoToSocial in Pinafore

If you're used to using Mastodon with Tusky or Pinafore, you'll find using GoToSocial a breeze.

Granular post settings

It's important that when you post something, you can choose who sees it.

GoToSocial offers public/unlisted/friends-only/mutuals-only/and direct posts (slide in DMs! -- with consent).

It also allows you to customize how people interact with your posts:

  • Local-only posts.
  • Rebloggable/boostable toggle.
  • 'Likeable' toggle.
  • 'Replyable' toggle.

Customizability for admins

Lots of config options for admins to play around with, including:

  • Easily-adjustable post length.
  • Media upload size settings.

Easy to run

No external dependencies apart from a database (or just use SQLite!). Simply download the binary + assets (or Docker container), and run.

GoToSocial plays nice with lower-powered machines like Raspberry Pi, old laptops and tiny $5/month VPSes.

Safety + security features

  • Built-in, automatic support for secure HTTPS with LetsEncrypt.
  • Strict privacy enforcement for posts and strict blocking logic.
  • Import and export allowlists and denylists. Subscribe to community-created blocklists (think Adblocker, but for federation!).
  • HTTP signature authentication: GoToSocial requires HTTP Signatures when sending and receiving messages, to ensure that your messages can't be tampered with and your identity can't be forged.

Various federation modes

GoToSocial doesn't apply a one-size-fits-all approach to federation. Who your server federates with should be up to you.

  • 'Normal' federation; discover new servers.
  • Allowlist-only federation; choose which servers you talk to.
  • Zero federation; keep your server private.

OIDC integration

GoToSocial supports OpenID Connect (OIDC) identity providers, meaning you can integrate it with existing user management services like Auth0, Gitlab, etc, or run your own and hook GtS up to that (we recommend Dex).

Backend-first design

Unlike other federated server projects, GoToSocial doesn't include an integrated client front-end (ie., a webapp).

Instead, like Matrix.org's Synapse project, it provides a relatively generic backend server implementation, some beautiful static pages for profiles and posts, and a well-documented API.

On top of this API, web developers are encouraged to build any front-end implementation or mobile application that they wish, whether Tumblr-like, Facebook-like, Twitter-like, or something else entirely.

Wishlist

These cool things will be implemented if time allows (because we really want them):

  • Groups and group posting!
  • Reputation-based 'slow' federation.
  • Community decision making for federation and moderation actions.
  • User-selectable custom templates for rendering public posts:
    • Twitter-style
    • Blogpost
    • Gallery
    • Etc.

Getting Started

All docs for installation and configuration are hosted at docs.gotosocial.org.

Third-Party Packaging

Thank you so much to the cool people who have put time and energy into packaging GoToSocial! Known third-party packaging projects are listed below:

These packages are not maintained by GoToSocial, so please direct questions and issues to the repository maintainers (and donate to them!).

Known Issues

Since GoToSocial is still in alpha, there are plenty of bugs. We use Github issues to track these. Check them out here.

Client App Issues

GoToSocial works great with Tusky and Pinafore, but some other client applications still need work or have issues connecting to GoToSocial. We're tracking them right here. It's our goal to make any app that's compatible with the Mastodon API work seamlessly with GoToSocial.

Federation Issues

Since every ActivityPub server implementation has a slightly different interpretation of the protocol, some servers don't quite federate properly with GoToSocial yet. We're tracking these issues in this project. Eventually we want to make sure that any implementation that can federate nicely with Mastodon should also be able to federate with GoToSocial.

Contributing

You wanna contribute to GtS? Great! ❤️❤️❤️ Check out the issues page to see if there's anything you wanna jump in on, and read the CONTRIBUTING.md file for guidelines and setting up your dev environment.

Contact

For questions and comments, you can join our Matrix channel at #gotosocial:superseriousbusiness.org. This is the quickest way to reach the devs. You can also mail admin@gotosocial.org.

For bugs and feature requests, please check to see if there's already an issue, and if not, open one or use one of the above channels to make a request (if you don't have a Github account).

Credits

Libraries

The following libraries and frameworks are used by GoToSocial, with gratitude 💕

Image Attribution

Sloth logo by Anna Abramek, Copyright (C) 2021-2022 the GoToSocial Authors.

Developers

In alphabetical order:

Special Thanks

A huge thank you to CJ from go-fed: without your work GoToSocial would not have been possible.

Thanks to everyone who has used GtS, opened an issue, suggested something, given funding, and otherwise encouraged or supported the project!

Sponsorship + Funding

Currently, this project is funded using Liberapay, to put bread on the table while work continues on it.

If you want to sponsor this project, you can do so here! <3

GoToSocial has NO CORPORATE SPONSORS and does not desire corporate sponsorship.

License

the gnu AGPL logo

GoToSocial is free software, licensed under the GNU AGPL v3 LICENSE. We encourage forking and changing the code, hacking around with it, and experimenting.

See here for the differences between AGPL versus GPL licensing, and here for FAQ's about GPL licenses, including the AGPL.

If you modify the GoToSocial source code, and run that modified code in a way that's accessible over a network, you must make your modifications to the source code available following the guidelines of the license:

I

Copyright (C) 2021-2022 the GoToSocial Authors.