Resolve merge conflicts

Roadmap.md

@@ -103,3 +103,43 @@ I realize that is less than professional, but this project is a hobby :shrug:.
 - Direct videos don't have thumbnail attributes, but ones hosted via pict-rs can add ?format=webp to the URL.  Add this and enable direct videos to not be embedded if that option is set.
 
 - Detect Youtube/Piped/Invidious links in post bodies and comments.  Optionally render those inline depending on user setting
+
+## Feature Ideas (not guaranteed to be implemented, just ideas)
+Based on user feedback and my own annoyances, here are the current goals to be implemented in the 1.2.9.x release series. 
+
+### Image Overlay / Gallery
+- Click images in the feed/post to enlarge them fullscreen and zoom.
+- Parse post body for image tags and add those to the gallery component
+
+### Re-write Post Creation Form
+- Semi-tabbed interface (similar to Reddit's) with form elements optimized for the post type
+- Post Types:
+  - Text Post (no URL, just text)
+  - Link (news articles, blog posts, etc).
+  - Images (Allow multiple images for a gallery. The first will be the post image and the rest will be in the body.  Gallery plugin will parse the ones in the body.
+
+### WYSIWYG Markdown Editor
+Replace the custom markdown editor with Toast-UI editor.  Not sure yet if I will replace `markdown-it` completely (may leave it for rendering), but the Toast-UI editor is much more user-friendly.
+
+### Update Settings Cloud Sync
+The current method to sync your Tesseract settings, groups, and communities to Lemmy API is a one-off manual process.  This is intentional as it's basically an experimental feature that is abusing the `theme` field of your Lemmy profile (it's only used by Lemmy-UI and can hold arbitrary text).  The plan is to automate this and put it behind a user setting with appropriate warnings about how it will break Lemmy-UI's CSS.  When enabled, changes to your app settings will automatically sync to/from Lemmy.  Will update the "restore" button functionality to also disable sync.
+
+### Moderation Templates
+- Replace the static user-defined template with the ability to have custom moderation presets
+- Add ability to make them community-specific
+- Save to profile and make exportable to JSON/API
+
+### Moderation Presets and Report Handling
+The groundwork for this exists in the current release, but I didn't have time to fully flesh them out.
+- Set pre-defined actions (lock post, remove comment/post, ban community/instance, set reasons, etc.)
+- Select from a list of your presets which can be community-specific
+- Select multiple open reports to apply the preset to all (e.g. you have 7 spam reports that should all be handled the same way)
+    - May or may not implement this or at least do it such that banning is not available to a mass-option.
+    - The report revamp was to give additional insight to make more informed mod decisions. Adding the capability to mass ban without looking at the details thoroughly runs antiethical to that goal.
+
+### Under the Hood Stuff
+- Move all modals to a common modal container (similar to removal modals) as to allow calling them from anywhere without extra hacks to make sure they're not constrained by a fixed container div
+- Make preparations and lay initial foundation for offline support
+    - Re-implement local profile to keep stored locally/persistently (rather than a background fetch to fill in the blanks).
+    - Decide if posts/comments should be stored in LocalStorage or IndexDB
+    - Create an action queue (upvote/downvote, reply, etc) to allow actions to be queued when offline and sent to API when online

docs/DomainBlacklisting.md

@@ -0,0 +1,86 @@
+# Domain Blacklisting
+Tesseract can deny submissions (currently only in the post URL) to a set of admin-defined list of domains.  
+
+## Blacklist Types
+There are 3 independent blacklists which can be specified:
+
+- General
+- Link Shorteners
+- Fake news
+
+There is also an option to deny submitting links to domains MBFC has flagged as "fake news" and low credibility.  Unfortunately, this is all-or-nothing and cannot be configured on a per-community basis.
+
+Each of those lists has a unique reason if it is denied during validation.  You _can_ just use the general list for everything, but utilizing the other two will be more informative to users who submit a link to a blacklisted domain.
+
+This method will not prevent all submissions as it only applies to the Tesseract UI; someone can just use another UI or the API to submit things that are blocked here. Regardless, it's at least attempting to address the problem and can be educational for the casual / naive poster.
+
+
+
+
+## Configuration Example
+By default, all of the blacklists are disabled unless explicitly configured and enabled by the admin.  The fake news, low cred sources, and link shorteners need to be explicitly enabled while the domain blacklist will be applied automatically if the admin defines any domains.
+
+A list of link shorteners comes included/hardcoded.  You can add more if need be or override that list by adding them to the link shortener allow list.
+
+```yaml
+      # Domain blacklisting tests
+      - PUBLIC_BLACKLIST_DENY_FAKE_NEWS=true
+      - PUBLIC_BLACKLIST_DENY_LOW_CRED_MBFC=true
+      - PUBLIC_BLACKLIST_DENY_LINK_SHORTENERS=true
+
+      # General purpose blacklist (be sure to add the trailing commas in the multi-line YAML.
+      - |-
+        PUBLIC_DOMAIN_BLACKLIST=
+          google.com,
+          bing.com
+      
+      # Counterfeit news websites used to spread disinformation
+      - |-
+        PUBLIC_FAKE_NEWS_BLACKLIST=
+          www.infoterkiniviral.com,
+          tass.com
+      # These link shorteners are already on the list,  but using them here for example
+      - |-
+        PUBLIC_LINK_SHORTENER_BLACKLIST=
+          bit.ly,
+          goo.gl
+      
+      # These are on the default deny list for link shorteners, but we want to allow them
+      - |-
+        PUBLIC_LINK_SHORTENER_ALLOWLIST=
+          apple.news,
+          archive.ph
+```
+
+## Why Block Link Shorteners?
+Several reasons. 
+
+1) They're pretty pointless on a medium where you can just click the link.  
+1) They obfuscate the target and can be used for anything from spreading malware, evading bans/filters, spreading fake news/propaganda, etc.
+1) They are sometimes ephemeral and will no longer work after a period of time
+1) They often are used to track clicks 
+1) They can sometimes be altered later. e.g. a short link to a legitimate site can be later stealth edited to point somewhere bad.
+1) Did I mention how pointless they are when you can just _click the link_? 
+
+### Default List of Link Shorteners
+Archive sites, Apple News, etc. are included here because they are frequently used to obfuscate the source of a news article.  Sources should _always_ be readily visible for any given news headline so the reader knows where the information is coming from and whether it should be regarded as trustworthy.  
+
+e.g. Apple News for example, just redirects to the official article link via an Apple URL; they do not host any news themselves.  Thus, it is a link shortener / source obfuscator and is included in this list as such.
+
+You are free to disagree with that, but you will need to define the environment variables to remove those from the link shortener blacklist or choose to not enable that list; it is disabled by default.
+
+```
+    'apple.news',
+    'archive.is',
+    'archive.ph',
+    'bit.ly',
+    'bl.ink',
+    'ghostarchive.org',
+    'goo.gl',
+    'ow.ly',
+    'rb.gy',
+    'short.cm',
+    'tinyurl.com',
+    'web.archive.org',
+    'zpr.io',
+```

docs/EnvironmentOptions.md

@@ -0,0 +1,249 @@
+### PUBLIC_INSTANCE_URL
+ The domain of your instance's API.  Should be just the hostname without scheme.
+
+**Example:**  `lemmy.example.com`
+
+**Default:** `lemmy.world`
+
+**Required:** No, but you should really set this.
+
+---
+
+### PUBLIC_LOCK_TO_INSTANCE [*bool*]
+Set to `true` if you want to disallow users from logging into other instances.  Set to `false` if you want to allow users to login to accounts on multiple instances.
+
+**Default:** `true` if `PUBLIC_INSTANCE_URL` is defined.
+
+---
+
+### PUBLIC_THEME 
+Whether to default to dark mode, light mode, or system.
+
+**Valid Values:** `system`, `dark`, `light`
+
+**Default:** `system`
+
+---
+
+### PUBLIC_MARK_READ_POSTS
+Sets the default user option to fade the titles of read posts.
+
+**Valid Values:** `true`, `false`
+
+**Default:** `true`
+
+---
+
+### PUBLIC_SHOW_COMPACT_POSTS
+If `true`, sets the default view to compact.  Set to `false` or leave undefined to have card be the default view for posts.
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `false`
+
+---
+
+### PUBLIC_DEFAULT_FEED_SORT
+Sets the default sorting method for users.  Users can change this in their settings, but this will be the default until they do.
+
+Note:  Do not set this to `Scaled`.  Once 0.18.x support is dropped, it will be safe to do so.  For versions prior to 1.4.0 (not yet in development), use the 0.18.5 sort types.
+
+**Valid Values**:  See [Lemmy sort types](https://github.com/LemmyNet/lemmy-js-client/blob/main/src/types/SortType.ts)
+
+**Default**: `Active`
+
+--- 
+
+### PUBLIC_DEFAULT_FEED
+Sets the default listing type for users. Users can change this in their settings, but this will be the default until they do.
+
+**Valid Values**: See [Lemmy listing types](https://github.com/LemmyNet/lemmy-js-client/blob/main/src/types/ListingType.ts)
+
+**Default**: `Local`
+
+---
+
+### PUBLIC_DEFAULT_COMMENT_SORT
+Sets the default comment sort direction for users.  Users can change this in their settings, but this will be the default until they do.
+
+**Valid Values**: `Hot`, `Top`, `New`
+
+**Default**: `Hot`
+
+---
+
+### PUBLIC_HIDE_DELETED
+Sets the default option to hide deleted posts/comments.  May not be relevant for normal users (the API keeps changing behavior grrrr). 
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `true`
+
+--- 
+
+### PUBLIC_HIDE_REMOVED
+Sets the default option to hide removed posts/comments.  May not be relevant for normal users (the API keeps changing behavior grrrr). 
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `false`
+
+--- 
+
+### PUBLIC_DISPLAY_NAMES
+Use display names instead of usernames when showing users.  Will fall back to username if no display name is set.
+
+**Valid Values**: `true`, `false`
+
+**Default**: `true`
+
+---
+
+### PUBLIC_NSFW_BLUR
+Set the default user option to blur posts flagged NSFW.  Users can change this in their settings, but this will provide a default value unless changed.
+
+**Valid Values**:  `true`, `false`
+
+**Default**:  `true`
+
+---
+
+### PUBLIC_OPEN_LINKS_NEW_TAB
+Sets the default user settings for whether external links should be opened in a new tab. 
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `false`
+
+---
+
+### PUBLIC_ENABLE_EMBEDDED_MEDIA_FEED
+Set the default option for whether media embeds shold be enabed in the feed.
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `true`
+
+---
+### PUBLIC_ENABLE_EMBEDDED_MEDIA_POST
+Sets the default option for whether media embeds should be enabled when clicking into posts.
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `true`
+
+---
+
+### PUBLIC_YOUTUBE_FRONTEND
+Sets the default YouTube frontend.  Note that enabling media in the feed and selecting Invidious as the default YT frontend _may_ result in rate limiting errors.
+
+**Valid Values**:  `YouTube` , `Invidious`
+
+**Default**:  `YouTube`
+
+---
+
+### PUBLIC_CUSTOM_INVIDIOUS
+A comma-delimited list of custom Invidious domains to use as possible frontends (selectable in user options) or to detect Invidious videos in posts.
+
+**Example Value**:  Can be a single, comma-delimited string or multi-line YAML.  The two examples below are functionally identical.
+
+```
+# Single Line Format
+PUBLIC_CUSTOM_INVIDIOUS=invid.example.com, iv.foo.com, iv.bar.net
+
+# Multi-line format
+- |-
+  PUBLIC_CUSTOM_INVIDIOUS=
+    invid.example.com,
+    iv.foo.com,
+    iv.bar.net
+
+```
+
+---
+
+### PUBLIC_CUSTOM_PIPED
+A comma-delimited list of custom Piped domains to use as possible frontends (selectable in user options) or to detect Piped videos in posts.
+
+**Example Value**:  Can be a single, comma-delimited string or multi-line YAML.  The two examples below are functionally identical.
+
+```
+# Single Line Format
+PUBLIC_CUSTOM_PIPED=piped.example.com, piped.foo.com, piped.bar.net
+
+# Multi-line format
+- |-
+  PUBLIC_CUSTOM_PIPED=
+    piped.example.com,
+    piped.foo.com,
+    piped.bar.net
+
+```
+
+---
+### PUBLIC_ENABLE_USER_MEDIA_PROXY
+Sets the default user option to enable redirecting media through Tesseract's media proxy.  Useless unless the [media proxying subsystem](./MediaProxy.md) is enabled and configured.
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `false`
+
+---
+
+### PUBLIC_ENABLE_FEDISEER_BADGES
+Whether to show Fediseer badges on posts by default.
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `false`
+
+---
+
+### PUBLIC_ENABLE_MBFC_BADGES
+Whether to show MBFC credibility badges on posts by default.
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `true`
+
+---
+
+### PUBLIC_STRETCH_CARD_BANNERS
+Whether to stretch the background banner images on the site, community, and user cards.
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `false`
+
+---
+
+### PUBLIC_MATCH_XPOST_TITLE
+Whether to match crossposts in the feed by title as well as by URL.  Note:  Some communities require that posts be titled a specific way.  This can cause undesirable roll-ups.  For that reason, it's recommended to leave the default option disabled and allow the user to set this themselves.
+
+**Valid Values**:  `true`, `false`
+
+**Default**: `false`
+
+---
+### PUBLIC_FEATURED_INSTANCES
+A list of instances you approve of that will be made available in the community browser (`/communities`).  Users can quick-select one of these instances or supply a custom instance to browse.
+
+Like `PUBLIC_INSTANCE_URL`, only the base domain of the instances should be provided.
+
+**Example Value**:  Can be a single, comma-delimited string or multi-line YAML.  The two examples below are functionally identical.
+
+```
+# Single Line Format
+PUBLIC_FEATURED_INSTANCES=lemmy.world, beehaw.org, mander.xyz, lemmy.ca, programming.dev
+
+# Multi-line format
+- |-
+  PUBLIC_FEATURED_INSTANCES=
+    lemmy.world, 
+    beehaw.org, 
+    mander.xyz, 
+    lemmy.ca, 
+    programming.dev
+
+```