diff --git a/CHANGELOG b/CHANGELOG index 0b8505669..e5444df94 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -189,19 +189,11 @@ in the server block, then reload your nginx server:: gzip_vary on; gzip_types - application/atom+xml application/javascript - application/json - application/ld+json - application/activity+json - application/manifest+json - application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json - application/xhtml+xml - application/xml font/opentype image/bmp image/svg+xml diff --git a/changes/changelog.d/668.bugfix b/changes/changelog.d/668.bugfix new file mode 100644 index 000000000..5f4f878d3 --- /dev/null +++ b/changes/changelog.d/668.bugfix @@ -0,0 +1 @@ +Fixed list icon alignement on landing page (#668) diff --git a/changes/changelog.d/678.bugfix b/changes/changelog.d/678.bugfix new file mode 100644 index 000000000..ba508bb87 --- /dev/null +++ b/changes/changelog.d/678.bugfix @@ -0,0 +1 @@ +Removed potential BREACH exploit because of Gzip compression (#678) diff --git a/changes/changelog.d/upload.doc b/changes/changelog.d/upload.doc new file mode 100644 index 000000000..0b2506fc4 --- /dev/null +++ b/changes/changelog.d/upload.doc @@ -0,0 +1 @@ +Added user upload documentation diff --git a/changes/notes.rst b/changes/notes.rst index 8e54adf8b..1276dd010 100644 --- a/changes/notes.rst +++ b/changes/notes.rst @@ -6,6 +6,49 @@ Next release notes Those release notes refer to the current development branch and are reset after each release. +Fix Gzip compression to avoid BREACH exploit [security] [manual action required] +-------------------------------------------------------------------------------- + +In the 0.18 release, we've enabled Gzip compression by default for various +content types, including HTML and JSON. Unfortunately, enabling Gzip compression +on such content types could make BREACH-type exploits possible. + +We've removed the risky content-types from our nginx template files, to ensure new +instances are safe, however, if you already have an instance, you need +to double check that your host nginx virtualhost do not include the following +values for the ``gzip_types`` settings:: + + application/atom+xml + application/json + application/ld+json + application/activity+json + application/manifest+json + application/rss+xml + application/xhtml+xml + application/xml + +For convenience, you can also replace the whole setting with the following snippet:: + + gzip_types + application/javascript + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; + + Fix Apache configuration file for 0.18 [manual action required] ---------------------------------------------------------- @@ -39,4 +82,3 @@ In case you are using custom css and theming, you also need to match this block: ProxyPass "/custom" "!" Alias /custom /srv/funkwhale/custom - diff --git a/deploy/docker.proxy.template b/deploy/docker.proxy.template index c4f89057d..0fbed2f73 100644 --- a/deploy/docker.proxy.template +++ b/deploy/docker.proxy.template @@ -37,19 +37,11 @@ server { gzip_vary on; gzip_types - application/atom+xml application/javascript - application/json - application/ld+json - application/activity+json - application/manifest+json - application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json - application/xhtml+xml - application/xml font/opentype image/bmp image/svg+xml diff --git a/deploy/nginx.template b/deploy/nginx.template index 125397ea3..7cdee70f4 100644 --- a/deploy/nginx.template +++ b/deploy/nginx.template @@ -51,19 +51,11 @@ server { gzip_vary on; gzip_types - application/atom+xml application/javascript - application/json - application/ld+json - application/activity+json - application/manifest+json - application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json - application/xhtml+xml - application/xml font/opentype image/bmp image/svg+xml diff --git a/docker/nginx/conf.dev b/docker/nginx/conf.dev index ecb1c1d0c..50c3cbc2e 100644 --- a/docker/nginx/conf.dev +++ b/docker/nginx/conf.dev @@ -51,19 +51,11 @@ http { gzip_vary on; gzip_types - application/atom+xml application/javascript - application/json - application/ld+json - application/activity+json - application/manifest+json - application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json - application/xhtml+xml - application/xml font/opentype image/bmp image/svg+xml diff --git a/docs/users/index.rst b/docs/users/index.rst index 215fe959e..69745d7fa 100644 --- a/docs/users/index.rst +++ b/docs/users/index.rst @@ -14,3 +14,4 @@ Funkwhale's users documentation :maxdepth: 2 apps + upload diff --git a/docs/users/upload.rst b/docs/users/upload.rst new file mode 100644 index 000000000..5699686d4 --- /dev/null +++ b/docs/users/upload.rst @@ -0,0 +1,146 @@ +Uploading content on Funkwhale +============================== + +To upload content on any Funkwhale instance, you need: + +1. An account on that instance +2. :ref:`Storage space ` +3. :ref:`A library ` +4. :ref:`Properly tagged files ` +5. :ref:`To upload your files ` + +In this document, we'll guide you through steps 2 to 5. + +.. _upload-storage: + +Storage space +------------- + +Once you have an account on a Funkwhale instance, as a user, you are granted the +default upload quota (1GB by default). This default quota can be increased, +reduced or completely removed by your instance admins depending on their policy. + +Additionnaly, instance admins can grant you storage space manually. Get in touch with them +if you'd like some additionnal storage space. + +You can view your current quota and usage at any time by visiting ``/content/libraries/`` on your instance, +or clicking the "Add content" link in the sidebar, then visiting the "Upload audio content" section. + +.. _upload-library: + +Creating a library +------------------ + +In Funkwhale's world, a library is a collection of audio files with an associated visibility level. A library can either be: + +- Public: anyone can follow the library to automatically access its content (including users on other instances) +- Local: other users from your instance can follow the library to automatically access its content +- Private: nobody will access the library content + +Regardless of this visibility settings, you can share the library link to specific users +and accept their follow request in order to grant then access to its content. Typically, this +is useful when you have a private library you want to share with friends or family. + +You can create your first library by visiting ``/content/libraries/`` or clicking the "Add content" link in the sidebar, then visiting the "Upload audio content" section. + +Before you upload your content, you need to know the content audience and license: + +- If the content is under an open license (like Creative Commons licenses), it's usually fine to upload it in a public library +- If you are uploading content purchased from other platforms or stores, you should upload it in a private library + +.. note:: + + As a rule of thumb, only use public and local libraries for content for which you own the copyright or for content you know you can share with a wider audience. + +.. _upload-tagging: + +Tagging files +------------- + +Funkwhale relies on embedded file metadata (also known as tags) to infer the artist, +album and track associated with a given upload. Most stores and platforms include +those tags by default, but it's possible the tags are missing or incomplete, in which case +Funkwhale will not be able to process the upload and display an error. + +The minimum required tags are: + +- Title +- Artist +- Album + +However, Funkwhale can understand and use additionnal tags to enhance user experience and display more information. The full list of supported tags is available below: + ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| Name | Example value | Description | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``Title`` (required) | ``Letting you`` | The track title | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``Album`` (required) | ``The Slip`` | The album title | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``Artist`` (required) | ``Nine Inch Nails`` | The artist name | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``Album artist`` | ``Trent Reznor`` | The album artist name (can be different than the track | +| | | artist) | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``Track number`` | ``4`` | The position of the track in the album/release | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``Disc number`` | ``1`` | The disc number (in case of multi-disc albums) | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``Date`` | ``2019`` | The release date of the track or album | +| | | | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``License`` | ``CC-BY 3.0: http://creativecommons | The license associated with this work. The first found URL | +| | .org/licenses/cc-by/3.0/`` | will be checked against `our list of supported licenses`_ | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``Copyright`` | ``CC-BY 3.0: http://creativecommons | The license associated with this work. The first found URL | +| | .org/licenses/cc-by/3.0/`` | will be checked against `our list of supported licenses`_. | +| | | Used if no license found in the License tag | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``Pictures`` | | The first embeded picture found will be used as the album | +| | | covers | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``MusicBrainz Recording ID`` | ``99244237-850b-4a93-904d-57305bcadb4e`` | The MusicBrainz ID for this recording | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``MusicBrainz Album ID`` | ``bca982fd-ab73-3c9f-ad07-9104a4f53a32`` | The MusicBrainz ID for this album | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``MusicBrainz Artist ID`` | ``b7ffd2af-418f-4be2-bdd1-22f8b48613da`` | The MusicBrainz ID for this artist | +| | | | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ +| ``MusicBrainz Album Artist ID`` | ``b7ffd2af-418f-4be2-bdd1-22f8b48613da`` | The MusicBrainz ID for this album artist | ++----------------------------------+--------------------------------------------+---------------------------------------------------------------+ + +.. _our list of supported licenses: https://dev.funkwhale.audio/funkwhale/funkwhale/blob/develop/api/tests/music/licenses.json + +The easiest way to inspect and edit file tags is with `MusicBrainz Picard `_, a free +software, that works on Windows, MacOS and Linux. Picard is able to automatically tag many files, +and include non-necessary but nice to have information, such as album covers. + +.. _upload-upload: + +Uploading your files +-------------------- + +Once you've chose the library and have properly tagged files, you can start the actual upload. +Simply visit ``/content/libraries/`` or click the "Add content" link in the sidebar, then visit the "Upload audio content" section. Click on +the "Upload" button next to the library of your choice, and follow the instructions. + +You can queue as many files as you want for the upload, simply leave your browser window open on the upload page +until all files are uploaded. + +By default, Funkwhale accepts files up to 100MB in size, but this limit can be increased or reduced +by instance admins. + +Once uploaded, your files should be processed shortly. It's usually a matter of seconds, but +can vary depending on server load. diff --git a/front/src/style/_main.scss b/front/src/style/_main.scss index d6c5ff61c..311e0e9dc 100644 --- a/front/src/style/_main.scss +++ b/front/src/style/_main.scss @@ -267,3 +267,7 @@ label .tooltip { canvas.color-thief { display: none; } + +.ui.list .list.icon { + padding-left: 0; +}