Merge branch 'main' into release-v0.4.1
This commit is contained in:
commit
44d4e78045
54
README.md
54
README.md
|
@ -81,20 +81,28 @@ token.
|
||||||
|
|
||||||
The application needs the `admin:read:domain_blocks` OAuth scope, but
|
The application needs the `admin:read:domain_blocks` OAuth scope, but
|
||||||
unfortunately this scope isn't available in the current application screen
|
unfortunately this scope isn't available in the current application screen
|
||||||
(v4.0.2 of Mastodon at time of writing). There is a way to do it with scopes,
|
(v4.0.2 of Mastodon at time of writing, but this has been fixed in the main
|
||||||
but it's really dangerous, so I'm not going to tell you what it is here.
|
branch).
|
||||||
|
|
||||||
A better way is to ask the instance admin to connect to the PostgreSQL database
|
You can allow full `admin:read` access, but be aware that this authorizes
|
||||||
and add the scope there, like this:
|
someone to read all the data in the instance. That's asking a lot of a remote
|
||||||
|
instance admin who just wants to share domain_blocks with you.
|
||||||
|
|
||||||
|
For now, you can ask the instance admin to update the scope in the database
|
||||||
|
directly like this:
|
||||||
|
|
||||||
```
|
```
|
||||||
UPDATE oauth_access_tokens
|
UPDATE oauth_applications as app
|
||||||
SET scopes='admin:read:domain_blocks'
|
SET scopes = 'admin:read:domain_blocks'
|
||||||
WHERE token='<your_app_token>';
|
FROM oauth_access_tokens as tok
|
||||||
|
WHERE app.id = tok.application_id
|
||||||
|
AND app.name = '<the_app_name>'
|
||||||
|
;
|
||||||
```
|
```
|
||||||
|
|
||||||
When that's done, FediBlockHole should be able to use its token to read domain
|
When that's done, regenerate the token (so it has the new scopes) in the
|
||||||
blocks via the API.
|
application screen in the instance GUI. FediBlockHole should then able to use
|
||||||
|
the app token to read domain blocks via the API, but nothing else.
|
||||||
|
|
||||||
Alternately, you could ask the remote instance admin to set up FediBlockHole and
|
Alternately, you could ask the remote instance admin to set up FediBlockHole and
|
||||||
use it to dump out a CSV blocklist from their instance and then put it somewhere
|
use it to dump out a CSV blocklist from their instance and then put it somewhere
|
||||||
|
@ -104,12 +112,17 @@ as explained below.
|
||||||
### Writing instance blocklists
|
### Writing instance blocklists
|
||||||
|
|
||||||
To write domain blocks into an instance requires both the `admin:read` and
|
To write domain blocks into an instance requires both the `admin:read` and
|
||||||
`admin:write:domain_blocks` OAuth scopes. The `read` scope is used to read the
|
`admin:write:domain_blocks` OAuth scopes.
|
||||||
current list of domain blocks so we update ones that already exist, rather than
|
|
||||||
trying to add all new ones and clutter up the instance. It's also used to check
|
The tool needs `admin:read:domain_blocks` scope to read the current list of
|
||||||
if the instance has any accounts that follow accounts on a domain that is about
|
domain blocks so we update ones that already exist, rather than trying to add
|
||||||
to get `suspend`ed and automatically drop the block severity to `silence` level
|
all new ones and clutter up the instance.
|
||||||
so people have time to migrate accounts before a full defederation takes effect.
|
|
||||||
|
`admin:read` access is needed to check if the instance has any accounts that
|
||||||
|
follow accounts on a domain that is about to get `suspend`ed and automatically
|
||||||
|
drop the block severity to `silence` level so people have time to migrate
|
||||||
|
accounts before a full defederation takes effect. Unfortunately, the statistics
|
||||||
|
measure used to learn this information requires `admin:read` scope.
|
||||||
|
|
||||||
You can add `admin:read` scope in the application admin screen. Please be aware
|
You can add `admin:read` scope in the application admin screen. Please be aware
|
||||||
that this grants full read access to all information in the instance to the
|
that this grants full read access to all information in the instance to the
|
||||||
|
@ -122,12 +135,15 @@ chmod o-r <configfile>
|
||||||
|
|
||||||
You can also grant full `admin:write` scope to the application, but if you'd
|
You can also grant full `admin:write` scope to the application, but if you'd
|
||||||
prefer to keep things more tightly secured you'll need to use SQL to set the
|
prefer to keep things more tightly secured you'll need to use SQL to set the
|
||||||
scopes in the database:
|
scopes in the database and then regenerate the token:
|
||||||
|
|
||||||
```
|
```
|
||||||
UPDATE oauth_access_tokens
|
UPDATE oauth_applications as app
|
||||||
SET scopes='admin:read admin:write:domain_blocks'
|
SET scopes = 'admin:read admin:write:domain_blocks'
|
||||||
WHERE token='<your_app_token>';
|
FROM oauth_access_tokens as tok
|
||||||
|
WHERE app.id = tok.application_id
|
||||||
|
AND app.name = '<the_app_name>'
|
||||||
|
;
|
||||||
```
|
```
|
||||||
|
|
||||||
When that's done, FediBlockHole should be able to use its token to authorise
|
When that's done, FediBlockHole should be able to use its token to authorise
|
||||||
|
|
Loading…
Reference in New Issue