Advanced Settings (#1449)

* Advanced Settings

* fix phpcs

* fix phpdoc

* Add changelog

* add option support

* enable "Advanced Settings" tab if one of the advanced settings were already changed

* fix phpcs

* add missing punctuation mark

* phpcs fixes

* Add `WP Admin` feature

* simplify function

* added changelog file

* more descriptive function name

* fix phpcs

* bring back relays

* Add settings

* save settings the same way we do with the welcome page

* use consistent wording

* fix phpcs

* remove unused code

* output escaping

* added backslashes

* re-add interaction settings

* fix settings

* Fix phpcs

* remove migration

* register user meta instead of setting

* Update includes/wp-admin/class-settings-fields.php

Co-authored-by: Konstantin Obenland <[email protected]>

* Update includes/functions.php

Co-authored-by: Konstantin Obenland <[email protected]>

* Update includes/wp-admin/class-settings.php

Co-authored-by: Konstantin Obenland <[email protected]>

* Update includes/wp-admin/class-advanced-settings-fields.php

Co-authored-by: Konstantin Obenland <[email protected]>

* re-order

* do not show if const is used

* define as global

* define as global

* moved it to the wrong place

😂

---------

Co-authored-by: Konstantin Obenland <[email protected]>

Author: pfefferle

.github/changelog/add-advanced-settings

@@ -0,0 +1,4 @@
+Significance: minor
+Type: added
+
+Advanced Settings tab, with special settings for advanced users.

activitypub.php

@@ -100,6 +100,7 @@ function plugin_admin_init() {
 	\add_action( 'admin_init', array( __NAMESPACE__ . '\WP_Admin\Settings', 'init' ) );
 	\add_action( 'admin_init', array( __NAMESPACE__ . '\WP_Admin\Settings_Fields', 'init' ) );
 	\add_action( 'admin_init', array( __NAMESPACE__ . '\WP_Admin\Welcome_Fields', 'init' ) );
+	\add_action( 'admin_init', array( __NAMESPACE__ . '\WP_Admin\Advanced_Settings_Fields', 'init' ) );
 	\add_action( 'admin_init', array( __NAMESPACE__ . '\WP_Admin\Blog_Settings_Fields', 'init' ) );
 	\add_action( 'admin_init', array( __NAMESPACE__ . '\WP_Admin\User_Settings_Fields', 'init' ) );
 

includes/class-activitypub.php

@@ -49,7 +49,8 @@ public static function init() {
 
 		\add_action( 'updated_postmeta', array( self::class, 'updated_postmeta' ), 10, 4 );
 		\add_action( 'added_post_meta', array( self::class, 'updated_postmeta' ), 10, 4 );
-		\add_filter( 'pre_option_activitypub_actor_mode', array( self::class, 'pre_get_option' ) );
+		\add_filter( 'pre_option_activitypub_actor_mode', array( self::class, 'pre_option_activitypub_actor_mode' ) );
+		\add_filter( 'pre_option_activitypub_authorized_fetch', array( self::class, 'pre_option_activitypub_authorized_fetch' ) );
 
 		\add_action( 'init', array( self::class, 'register_user_meta' ), 11 );
 
@@ -397,7 +398,7 @@ public static function pre_get_avatar_data( $args, $id_or_email ) {
 	 *
 	 * @return string|false The actor mode or false if it should not be filtered.
 	 */
-	public static function pre_get_option( $pre ) {
+	public static function pre_option_activitypub_actor_mode( $pre ) {
 		if ( \defined( 'ACTIVITYPUB_SINGLE_USER_MODE' ) && ACTIVITYPUB_SINGLE_USER_MODE ) {
 			return ACTIVITYPUB_BLOG_MODE;
 		}
@@ -413,6 +414,25 @@ public static function pre_get_option( $pre ) {
 		return $pre;
 	}
 
+	/**
+	 * Pre-get option filter for the Authorized Fetch.
+	 *
+	 * @param string $pre The pre-get option value.
+	 *
+	 * @return string If the constant is defined, return the value, otherwise return the pre-get option value.
+	 */
+	public static function pre_option_activitypub_authorized_fetch( $pre ) {
+		if ( ! \defined( 'ACTIVITYPUB_AUTHORIZED_FETCH' ) ) {
+			return $pre;
+		}
+
+		if ( ACTIVITYPUB_AUTHORIZED_FETCH ) {
+			return '1';
+		}
+
+		return '0';
+	}
+
 	/**
 	 * Store permalink in meta, to send delete Activity.
 	 *
@@ -832,6 +852,18 @@ public static function register_user_meta() {
 				'sanitize_callback' => 'absint',
 			)
 		);
+
+		\register_meta(
+			'user',
+			'activitypub_show_advanced_tab',
+			array(
+				'type'              => 'integer',
+				'description'       => 'Whether to show the advanced tab.',
+				'single'            => true,
+				'default'           => 0,
+				'sanitize_callback' => 'absint',
+			)
+		);
 	}
 
 	/**

includes/functions.php

@@ -1414,14 +1414,7 @@ function get_upload_baseurl() {
  * @return boolean True if Authorized-Fetch is enabled, false otherwise.
  */
 function use_authorized_fetch() {
-	$use = false;
-
-	// Prefer the constant over the option.
-	if ( \defined( 'ACTIVITYPUB_AUTHORIZED_FETCH' ) ) {
-		$use = ACTIVITYPUB_AUTHORIZED_FETCH;
-	} else {
-		$use = (bool) \get_option( 'activitypub_authorized_fetch', '0' );
-	}
+	$use = (bool) \get_option( 'activitypub_authorized_fetch' );
 
 	/**
 	 * Filters whether to use Authorized-Fetch.

includes/wp-admin/class-advanced-settings-fields.php

@@ -0,0 +1,113 @@
+<?php
+/**
+ * Advanced Settings Fields file.
+ *
+ * @package ActivityPub
+ */
+
+namespace ActivityPub\WP_Admin;
+
+/**
+ * Advanced Settings Fields class.
+ */
+class Advanced_Settings_Fields {
+
+	/**
+	 * Initialize.
+	 */
+	public static function init() {
+		\add_action( 'load-settings_page_activitypub', array( self::class, 'register_advanced_fields' ) );
+	}
+
+	/**
+	 * Register settings.
+	 */
+	public static function register_advanced_fields() {
+		\add_settings_section(
+			'activitypub_advanced_settings',
+			\__( 'Advanced Settings', 'activitypub' ),
+			array( self::class, 'render_advanced_settings_section' ),
+			'activitypub_advanced_settings'
+		);
+
+		\add_settings_field(
+			'activitypub_outbox_purge_days',
+			\__( 'Outbox Retention Period', 'activitypub' ),
+			array( self::class, 'render_outbox_purge_days_field' ),
+			'activitypub_advanced_settings',
+			'activitypub_advanced_settings',
+			array( 'label_for' => 'activitypub_outbox_purge_days' )
+		);
+
+		if ( ! defined( 'ACTIVITYPUB_AUTHORIZED_FETCH' ) ) {
+			\add_settings_field(
+				'activitypub_authorized_fetch',
+				\__( 'Authorized Fetch', 'activitypub' ),
+				array( self::class, 'render_authorized_fetch_field' ),
+				'activitypub_advanced_settings',
+				'activitypub_advanced_settings',
+				array( 'label_for' => 'activitypub_authorized_fetch' )
+			);
+		}
+	}
+
+	/**
+	 * Render Advanced Settings Section.
+	 */
+	public static function render_advanced_settings_section() {
+		?>
+		<p>
+			<?php
+			$allowed_html = array(
+				'a' => array(
+					'href'   => true,
+					'target' => true,
+				),
+			);
+			echo \wp_kses( \__( 'Advanced settings allow deep customization but can affect your site&#8217;s functionality, security, or performance if misconfigured. Only proceed if you fully understand the changes, and always back up your site beforehand. If unsure, consult <a href="https://github.com/Automattic/wordpress-activitypub/tree/trunk/docs" target="_blank">documentation</a> or seek <a href="https://wordpress.org/support/plugin/activitypub/" target="_blank">expert advice</a>.', 'activitypub' ), $allowed_html );
+			?>
+		</p>
+		<?php
+	}
+
+	/**
+	 * Render outbox purge days field.
+	 */
+	public static function render_outbox_purge_days_field() {
+		$value = \get_option( 'activitypub_outbox_purge_days', 180 );
+		echo '<input type="number" id="activitypub_outbox_purge_days" name="activitypub_outbox_purge_days" value="' . esc_attr( $value ) . '" class="small-text" min="0" max="365" />';
+		echo '<p class="description">' . \wp_kses(
+			sprintf(
+				// translators: 1: Definition of Outbox; 2: Default value (180).
+				\__( 'Maximum number of days to keep items in the <abbr title="%1$s">Outbox</abbr>. A lower value might be better for sites with lots of activity to maintain site performance. Default: <code>%2$s</code>', 'activitypub' ),
+				\esc_attr__( 'A virtual location on a user&#8217;s profile where all the activities (posts, likes, replies) they publish are stored, acting as a feed that other users can access to see their publicly shared content', 'activitypub' ),
+				\esc_html( 180 )
+			),
+			array(
+				'abbr' => array( 'title' => array() ),
+				'code' => array(),
+			)
+		) . '</p>';
+	}
+
+	/**
+	 * Render use Authorized Fetch field.
+	 */
+	public static function render_authorized_fetch_field() {
+		$value = \get_option( 'activitypub_authorized_fetch', '1' );
+		?>
+		<p>
+			<label>
+				<input type="checkbox" id="activitypub_authorized_fetch" name="activitypub_authorized_fetch" value="1" <?php checked( '1', $value ); ?> />
+				<?php \esc_html_e( 'Require HTTP signature authentication on ActivityPub representations of public posts and profiles.', 'activitypub' ); ?>
+			</label>
+		</p>
+		<p class="description">
+			<?php \esc_html_e( '⚠ Secure mode has its limitations, which is why it is not enabled by default. It is not fully supported by all software in the fediverse, and some features may break, especially when interacting with Mastodon servers older than version 3.0. Additionally, since it requires authentication for public content, caching is not possible, leading to higher computational costs.', 'activitypub' ); ?>
+		</p>
+		<p class="description">
+			<?php \esc_html_e( '⚠ Secure mode does not hide the HTML representations of public posts and profiles. While HTML is a less consistent format (that potentially changes often) compared to first-class ActivityPub representations or the REST API, it still poses a potential risk for content scraping.', 'activitypub' ); ?>
+		</p>
+		<?php
+	}
+}