yume/paricafe
1
0
Fork 0
mirror of https://github.com/paricafe/misskey.git synced 2024-12-28 09:56:43 -06:00
Code Issues Projects Releases Packages Wiki Activity
26922 commits 7 branches 900 tags 251 MiB
Commit graph

2274 commits

Author SHA1 Message Date
かっこかり
53e827b18c
fix(backend): fix security patches (#15008) 2024-11-21 10:30:30 +09:00
syuilo
0f59adc436 fix ap/show 2024-11-21 09:25:18 +09:00
syuilo
9fdabe3666 fix(backend): use atomic command to improve security 
Co-Authored-By: Acid Chicken <root@acid-chicken.com>
 2024-11-21 09:22:15 +09:00
rectcoordsystem
090e9392cd
Merge commit from fork 
* fix(backend): check target IP before sending HTTP request

* fix(backend): allow accessing private IP when testing

* Apply suggestions from code review

Co-authored-by: anatawa12 <anatawa12@icloud.com>

* fix(backend): lint and typecheck

* fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService)

* fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses

---------

Co-authored-by: anatawa12 <anatawa12@icloud.com>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-11-21 08:27:09 +09:00
Julia
b9cb949eb1
Merge commit from fork 
* Fix poll update spoofing

* fix: Disallow negative poll counts

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-11-21 08:24:50 +09:00
Julia
5f675201f2
Merge commit from fork 
* enhance: Add a few validation fixes from Sharkey

See the original MR on the GitLab instance:
https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484

Co-Authored-By: Dakkar <dakkar@thenautilus.net>

* fix: primitive 2: acceptance of cross-origin alternate

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 3: validation of non-final url

* fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities

* fix: primitives 5 & 8: reject activities with non
string identifiers

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 6: reject anonymous objects that were fetched by their id

* fix: primitives 9, 10 & 11: http signature validation
doesn't enforce required headers or specify auth header name

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections

* fix: code style for primitive 14

* fix: primitive 15: improper same-origin validation for
note uri and url

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 16: improper same-origin validation for user uri and url

* fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array

* fix: code style for primitive 17

* fix: check attribution against actor in notes

While this isn't strictly required to fix the exploits at hand, this
mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a
preemptive countermeasure.

* fix: primitive 18: `ap/get` bypasses access checks

One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.

* fix: primitive 19 & 20: respect blocks and hide more

Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.

* fix: primitives 21, 22, and 23: reuse resolver

This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.

* fix: primitives 25-33: proper local instance checks

* revert: fix: primitive 19 & 20

This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c.

---------

Co-authored-by: Dakkar <dakkar@thenautilus.net>
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-11-21 08:20:09 +09:00
Sayamame-beans
aa48a0e207
Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正 (#15006) 
* fix(backend): renoteMute doesn't work for note notification

* docs(changelog): update changelog
 2024-11-21 08:00:50 +09:00
syuilo
f0c3a4cc0b
perf(frontend): reduce api requests for non-logged-in enviroment (#15001) 
* wip

* Update CHANGELOG.md

* wip
 2024-11-21 07:58:34 +09:00
fly_mc
1eec109e33 backend: restore NoteDeleteService 2024-11-21 00:15:43 +08:00
fly_mc
5459bc395b removed unsed files 2024-11-20 23:40:42 +08:00
fly_mc
5dc938cb93 backend: fixes 2024-11-20 23:37:16 +08:00
eternal-flame-AD
3dcb376b23 improve emoji packing 
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
 2024-11-20 01:02:00 +08:00
fly_mc
a131e4d9e9 backend: fix make emoji categories and names case insensitive 2024-11-20 00:32:08 +08:00
fly_mc
75d49c9262 make emoji categories and names case insensitive 2024-11-19 22:58:15 +08:00
fly_mc
f61376fce8 Merge branch 'develop' into pari 2024-11-19 22:52:15 +08:00
fly_mc
7a90b3c4f9 Revert "frontend: tweak custom fonts" 
This reverts commit eb5b3e4683.
 2024-11-19 22:45:48 +08:00
fly_mc
eb5b3e4683 frontend: tweak custom fonts 2024-11-19 22:28:55 +08:00
fly_mc
1f4638b547 frontend: use local tinyld 2024-11-19 20:58:15 +08:00
zawa-ch.
763c708253
Fix(backend): アカウント削除のモデレーションログが動作していないのを修正 (#14996) (#14997) 
* アカウント削除のモデレーションログが動作していないのを修正

* update CHANGELOG
 2024-11-19 21:12:40 +09:00
おさむのひと
7b9c884a5d
refactor(backend): SystemWebhookで送信されるペイロードの型を追加 (#14980) 2024-11-19 10:41:39 +09:00
饺子w (Yumechi)
e800c0f85a
fix(backend): お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 (#14990) 
* fix(backend): アナウンスメントを作成ときに画像URLを後悔できないのを修正

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* Update CHANGELOG.md

Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>

---------

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>
 2024-11-19 10:29:42 +09:00
fly_mc
472891a42f backend: some validation fixes?? 2024-11-19 02:16:35 +08:00
fly_mc
20ece1c408 backend: fix ApPersonService.ts 2024-11-19 02:10:00 +08:00
fly_mc
6fd7427a52 Feat: export accounts data 2024-11-19 01:56:55 +08:00
fly_mc
0be5e1c2e3 backend: check against url 2024-11-19 01:06:55 +08:00
fly_mc
5923a7f360 update avatar deco showBelow 2024-11-19 00:20:55 +08:00
fly_mc
df398ce63a backend: use text for DriveFile comment 2024-11-19 00:13:25 +08:00
fly_mc
a380f0dbf1 backend: ImportCustomEmojis normalization 2024-11-19 00:09:00 +08:00
fly_mc
d64b0b3865 backend: match Unicode in exporting emojis 2024-11-19 00:06:45 +08:00
fly_mc
8f366a39c8 backend: update CleanRemoteFileProcessorService 2024-11-19 00:04:19 +08:00
fly_mc
9b0b716d6f backend: delete reactions when deleting accounts 2024-11-19 00:03:01 +08:00
fly_mc
52f118bc2c backend: change HASHTAG_RANKING_WINDOW 2024-11-19 00:00:02 +08:00
fly_mc
9f71b3f3a0 backend: fetch full following counts 2024-11-18 23:46:48 +08:00
fly_mc
ecd0211226 fix 2024-11-18 23:35:46 +08:00
fly_mc
9263c485c4 backend: fix ApInboxService 2024-11-18 23:27:31 +08:00
fly_mc
fc2f68f1d6 backend: ap refetch key 2024-11-18 23:17:52 +08:00
fly_mc
ad51752f38 backend: tweak get-note-summary 2024-11-18 23:02:36 +08:00
fly_mc
1f85626fad fix sqlLikeEscape 2024-11-18 23:00:45 +08:00
fly_mc
e19373ea90 fix ap type.ts 2024-11-18 22:51:00 +08:00
fly_mc
d0e2f46412 Revert "try: fix: return null instead of throw error when recursively fetching note" 
This reverts commit be295b19a6.
 2024-11-18 10:35:47 +08:00
fly_mc
cb9385e229 Reapply "update SearchService" 
This reverts commit 6c9dd99083.
 2024-11-18 02:43:08 +08:00
fly_mc
1471039199 Revert "update SearchService" 
This reverts commit a9acf532c1.
 2024-11-18 02:41:44 +08:00
fly_mc
23a5f68e94 recursionLimit 2024-11-18 02:38:45 +08:00
fly_mc
be295b19a6 try: fix: return null instead of throw error when recursively fetching note 2024-11-18 02:36:56 +08:00
fly_mc
a9acf532c1 update SearchService 2024-11-17 19:10:22 +08:00
fly_mc
6c9dd99083 Revert "update SearchService" 
This reverts commit e692e7ac6f.
 2024-11-17 19:04:47 +08:00
CDN
b0d04713e0 fix(backend): fallback sharedInbox to null in ApPersonService (#14970) 2024-11-16 22:23:49 +08:00
fly_mc
d30db97b59 increase character limits 2024-11-16 18:27:27 +08:00
fly_mc
e692e7ac6f update SearchService 2024-11-16 18:18:06 +08:00
CDN
b3c2de2b26
fix(backend): fallback sharedInbox to null in ApPersonService (#14970) 2024-11-16 18:53:28 +09:00
fly_mc
32e835883b Merge branch 'develop' into pari 2024-11-15 21:53:41 +08:00
syuilo
eef0c895bc use execa 8.0.1 
#14966
 2024-11-15 19:48:31 +09:00
syuilo
d9d92bcfbf Revert "use nodemon 3.0.2" 
This reverts commit ce1f84e5a3.
 2024-11-15 19:40:12 +09:00
syuilo
ce1f84e5a3 use nodemon 3.0.2 
#14966
 2024-11-15 19:33:50 +09:00
かっこかり
c0d1682604
feat: 送信したフォローリクエストを確認できるように (#14856) 
* FEAT: Allow users to view pending follow requests they sent

This commit implements the `following/requests/sent` interface firstly
implemented on Firefish, and provides a UI interface to view the pending
follow requests users sent.

* ux: should not show follow requests tab when have no pending sent follow req

* fix default followreq tab

* fix default followreq tab

* restore missing hasPendingReceivedFollowRequest in navbar

* refactor

* use tabler icons

* tweak design

* Revert "ux: should not show follow requests tab when have no pending sent follow req"

This reverts commit e580b92c37f27c2849c6d27e22ca4c47086081bb.

* Update Changelog

* Update Changelog

* change tab titles

---------

Co-authored-by: Lhc_fl <lhcfl@outlook.com>
Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
 2024-11-15 17:30:54 +09:00
syuilo
e26e24b610
update deps (#14950) 
* update deps

* wip

* Revert "wip"

This reverts commit 393de249fe248ae181221266e0b7828a3ac53152.

* wip

* wip

* wip

* wip
 2024-11-15 17:22:00 +09:00
fly_mc
2ed8d247e1 Merge branch 'develop' into pari 2024-11-12 15:02:06 +08:00
饺子w (Yumechi)
a11b77a415
fix(backend): Webhook Test一致性 (#14863) 
* fix(backend): Webhook Test一致性

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* UserWebhookPayload<'followed'> 修正

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

---------

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
 2024-11-12 09:51:18 +09:00
eternal-flame-AD
584ae24743 restore activeHalfYear and activeMonth 
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
 2024-11-11 22:16:39 +08:00
fly_mc
59aa6b1509 allow setting separate timeout / max size for imports 2024-11-11 22:06:04 +08:00
fly_mc
edd83acaab fix cw text pgroonga 2024-11-11 21:46:05 +08:00
fly_mc
df51d063bb canImportNotes 2024-11-11 21:41:23 +08:00
fly_mc
8c7157e36f canImportNotes 2024-11-11 21:29:14 +08:00
fly_mc
6dcd38e746 Merge branch 'develop' into pari-20241009 2024-11-10 01:55:29 +08:00
かっこかり
4a62051ce7
fix(backend): ローカルユーザーへのメンションを含むノートが連合される際に正しいURLに変換されないことがある問題を修正 (#14879) 
* fix: make sure mentions of local users get rendered correctly during AP delivery (resolves #645)

* Update Changelog

* indent

---------

Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-11-09 10:58:09 +09:00
momoirodouhu
a4c5ce1413
enhance(backend) : リモートユーザーの照会をオリジナルにリダイレクトするように (#12892) (#14897) 
* enhance(backend) : リモートユーザーの照会をオリジナルにリダイレクトするように (#12892)

* オリジンリダイレクトのテストをtodoとして追加。

e2eテストにリモートユーザー考慮のテストがなさそうなので。

次のコマンドで動くことは確認済みです。
curl "http://localhost:3000/@foo@bar" -H "accept: application/activity+json" -L

* Acctのパースを既存のパーサーでするように修正

* lint
 2024-11-09 10:54:44 +09:00
かっこかり
e75b62f3f5
enhance(frontend): 個別お知らせページではmetaタグを出力するように (#14902) 
* enhance(frontend): 個別お知らせページではmetaタグを出力するように

* Update Changelog
 2024-11-09 10:53:09 +09:00
かっこかり
98b4717c45
fix(backend): SQLのサニタイズを強化 (#14920) 
* Fix code scanning alert no. 28: Incomplete string escaping or encoding (MisskeyIO#800)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
(cherry picked from commit 443335c662b14f609d6a81a8f3807e95709aebc1)

* ✌️

---------

Co-authored-by: あわわわとーにゅ <17376330+u1-liquid@users.noreply.github.com>
 2024-11-09 10:51:28 +09:00
fly_mc
23a7660a59 Merge branch 'develop' into pari-20241009 2024-11-07 22:08:06 +08:00
4ster1sk
794cb9ffe2
fix(backend): followedMessageではなくdescriptionになっていたのを修正 (#14908) 2024-11-07 17:16:51 +09:00
4ster1sk
bca690f256
fix(backend): フォロワーへのメッセージの絵文字をemojisに含めるように (#14904) 2024-11-07 15:10:10 +09:00
fly_mc
9cfc475b0e removed unused assets 2024-11-07 01:15:48 +08:00
fly_mc
a9e337bbf2 Merge branch 'develop' into pari-20241009 2024-11-06 23:05:48 +08:00
かっこかり
b1c82213a3
fix(backend): FTT無効時にユーザーリストタイムラインが使用できない問題を修正 (#14878) 
* fix: return getfromdb when FanoutTimeline is not enabled

* Update Changelog

* fix

---------

Co-authored-by: Lhc_fl <lhcfl@outlook.com>
 2024-11-06 22:01:21 +09:00
fly_mc
a8bf0192db Merge branch 'develop' into pari-20241009 2024-11-03 21:10:58 +08:00
かっこかり
6718a54f6f
fix(backend): ノートを連合する際にリモートユーザーのacctの大小文字を区別して処理している問題を修正 (#14880) 
* fix: make sure outgoing remote mentions get resolved correctly if referenced with non-canonical casing (resolves #646)

* Update Changelog

* Update Changelog

* indent

---------

Co-authored-by: Laura Hausmann <laura@hausmann.dev>
 2024-11-03 08:26:51 +09:00
eternal-flame-AD
22b906e700 fix lint 
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
 2024-10-30 23:46:43 +08:00
eternal-flame-AD
96b759b884 fix(backend): Serve valid headers for HSTS and HSTS preload 
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
 2024-10-30 23:46:33 +08:00
fly_mc
0ab61c4679 Merge branch 'develop' into pari-20241009 2024-10-28 21:10:42 +08:00
かっこかり
f30d19051f
enhance(backend): check_connect.js で全RedisとDBへの接続を確認するように (#14853) 
* fix race conditions in check_connect.js

(cherry picked from commit 524ddb96770690455b82522104a543c5b0b1f3b3)

* fix

* Update Changelog

---------

Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
 2024-10-28 21:06:54 +09:00
Tamme Schichler
8eb7749e44
fix(backend): Accept arrays in ActivityPub icon and image properties (#14825) 
This is allowed according to the Activity vocabulary: https://www.w3.org/TR/activitystreams-vocabulary/#dfn-icon
The issue is noticeable in combination with Bridgy Fed: https://github.com/snarfed/bridgy-fed/issues/1408
 2024-10-28 21:06:16 +09:00
syuilo
74847bce30 enhance: アイコンデコレーション管理画面の改善 2024-10-28 20:42:14 +09:00
かっこかり
ec4358d1e8
fix(misskey-js): WebSocketの型定義をReconnectingWebsocketに依存するように (#14850) 
* fix(misskey-js): WebSocketの型定義をReconnectingWebsocketに依存するように

* Update Changelog

* run api extractor

* fix

* fix
 2024-10-28 11:43:05 +09:00
fly_mc
70b525ef15 fix 2024-10-28 00:06:06 +08:00
fly_mc
b49277f61d Pari Plus! add default font settings 2024-10-26 00:46:11 +08:00
fly_mc
4cfc6d0e2c tweak default font size 2024-10-25 22:56:03 +08:00
fly_mc
9fbd77a30d Merge branch 'develop' into pari-20241009 2024-10-25 21:14:01 +08:00
かっこかり
eeea4ec00b
fix(backend): 招待コード発行可能残り数算出に使用すべきロールポリシーの値が違うのを修正 (#14834) 
* fix: should use invite limit cycle to calculate invite/limit

* Update Changelog

* Update changelog

---------

Co-authored-by: Lhc_fl <lhcfl@outlook.com>
 2024-10-25 15:09:37 +09:00
fly_mc
9832482660 Merge branch 'develop' into pari-20241009 2024-10-23 00:27:42 +08:00
饺子w (Yumechi)
48d1539f3b
Merge commit from fork 
[ghsa-gq5q-c77c-v236](https://github.com/misskey-dev/misskey/security/advisories/ghsa-gq5q-c77c-v236)

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
 2024-10-22 18:17:56 +09:00
syuilo
952fec5665
feat: 過去のノートを非公開化/フォロワーのみ表示可能にできる機能 (#14814) 
* wip

* Update CHANGELOG.md

* wip

* wip

* wip

* Update privacy.vue

* wip
 2024-10-22 17:08:53 +09:00
fly_mc
17e417e0d6 Merge branch 'develop' into pari-20241009 2024-10-21 12:03:26 +08:00
syuilo
5c79d8db20
feat: ノートの閲覧にログイン必須にする設定 (#14799) 
* wip

* wip

* wip

* Update packages/frontend/src/pages/note.vue

Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>

* wip

* Update WebhookTestService.ts

* Update privacy.vue

* wip

* rename

* Update locales/ja-JP.yml

Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>

* 🎨

* wip

---------

Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
 2024-10-21 12:49:29 +09:00
fly_mc
0c18136af3 add SPDX in Pgroonga migration 2024-10-21 01:27:28 +08:00
fly_mc
731df076f0 Merge branch 'develop' into pari-20241009 2024-10-20 13:22:32 +08:00
かっこかり
a3a99467f0
enhance(frontend): Bull Dashboard に relationship queue を追加 (#14777) 
* spec(frontend): Bull Dashboard に relationship queue を追加 (MisskeyIO#751)

(cherry picked from commit a8bbccbefa67ca0f2c1ec0880da88dfc7517b6a0)

* Update Changelog

* Update Changelog

---------

Co-authored-by: riku6460 <17585784+riku6460@users.noreply.github.com>
 2024-10-19 17:25:11 +09:00
Lhc_fl
66d0958db9 ux: make 16px default and change max font size 2024-10-18 14:48:42 +08:00
Lhc_fl
f124666e58 allow incoming ruby tag 2024-10-18 11:51:22 +08:00
fly_mc
3fca39abd2 fix: dont retry too many mentions error notes for inbox 2024-10-16 20:57:42 +08:00
fly_mc
b62907fe56 Merge branch 'develop' into pari-20241009 2024-10-15 14:13:22 +08:00