From 3d3bfad5d0b30f37ebff5017e4adc2dee2136069 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Tue, 19 Nov 2024 03:15:48 -0600
Subject: [PATCH 01/29] fixup! more path sanitization

---
 .../backend/src/server/api/endpoints/drive/folders/update.ts    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/backend/src/server/api/endpoints/drive/folders/update.ts b/packages/backend/src/server/api/endpoints/drive/folders/update.ts
index cc45bd8c58..2374c754f7 100644
--- a/packages/backend/src/server/api/endpoints/drive/folders/update.ts
+++ b/packages/backend/src/server/api/endpoints/drive/folders/update.ts
@@ -96,7 +96,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 					// Check if the circular reference will occur
 					const checkCircle = async (folderId: string, limit: number = 32): Promise<boolean> => {
 						if (limit <= 0) {
-							return false;
+							return true;
 						}
 						const folder2 = await this.driveFoldersRepository.findOneByOrFail({
 							id: folderId,

From 763c708253161d67358a8e36c27af3b02d133298 Mon Sep 17 00:00:00 2001
From: "zawa-ch." <satellite.2e1834097@gmail.com>
Date: Tue, 19 Nov 2024 21:12:40 +0900
Subject: [PATCH 02/29] =?UTF-8?q?Fix(backend):=20=E3=82=A2=E3=82=AB?=
 =?UTF-8?q?=E3=82=A6=E3=83=B3=E3=83=88=E5=89=8A=E9=99=A4=E3=81=AE=E3=83=A2?=
 =?UTF-8?q?=E3=83=87=E3=83=AC=E3=83=BC=E3=82=B7=E3=83=A7=E3=83=B3=E3=83=AD?=
 =?UTF-8?q?=E3=82=B0=E3=81=8C=E5=8B=95=E4=BD=9C=E3=81=97=E3=81=A6=E3=81=84?=
 =?UTF-8?q?=E3=81=AA=E3=81=84=E3=81=AE=E3=82=92=E4=BF=AE=E6=AD=A3=20(#1499?=
 =?UTF-8?q?6)=20(#14997)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* アカウント削除のモデレーションログが動作していないのを修正

* update CHANGELOG
---
 CHANGELOG.md                                                  | 1 +
 .../backend/src/server/api/endpoints/admin/accounts/delete.ts | 2 +-
 .../backend/src/server/api/endpoints/admin/delete-account.ts  | 4 ++--
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 058e41c486..befe237b09 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -64,6 +64,7 @@
 - Fix: FTT無効時にユーザーリストタイムラインが使用できない問題を修正  
   (Cherry-picked from https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/709)
 - Fix: User Webhookテスト機能のMock Payloadを修正  
+- Fix: アカウント削除のモデレーションログが動作していないのを修正 (#14996)  
 
 ### Misskey.js
 - Fix: Stream初期化時、別途WebSocketを指定する場合の型定義を修正
diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
index 01dea703a3..ece1984cff 100644
--- a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
@@ -46,7 +46,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				throw new Error('cannot delete a root account');
 			}
 
-			await this.deleteAccoountService.deleteAccount(user);
+			await this.deleteAccoountService.deleteAccount(user, me);
 		});
 	}
 }
diff --git a/packages/backend/src/server/api/endpoints/admin/delete-account.ts b/packages/backend/src/server/api/endpoints/admin/delete-account.ts
index b6f0f22d60..9065a71f6a 100644
--- a/packages/backend/src/server/api/endpoints/admin/delete-account.ts
+++ b/packages/backend/src/server/api/endpoints/admin/delete-account.ts
@@ -33,13 +33,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 		private deleteAccountService: DeleteAccountService,
 	) {
-		super(meta, paramDef, async (ps) => {
+		super(meta, paramDef, async (ps, me) => {
 			const user = await this.usersRepository.findOneByOrFail({ id: ps.userId });
 			if (user.isDeleted) {
 				return;
 			}
 
-			await this.deleteAccountService.deleteAccount(user);
+			await this.deleteAccountService.deleteAccount(user, me);
 		});
 	}
 }

From a236bbb8d436cd69d2201039b381e9598e545c9b Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Tue, 19 Nov 2024 06:17:23 -0600
Subject: [PATCH 03/29] CSP: allow blob images for cropping avatars

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/server/csp.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/backend/src/server/csp.ts b/packages/backend/src/server/csp.ts
index aeee4eab3a..3e1e7962b8 100644
--- a/packages/backend/src/server/csp.ts
+++ b/packages/backend/src/server/csp.ts
@@ -30,6 +30,7 @@ export function generateCSP(hashedMap: Map<string, CSPHashed>, options: {
             [
                 '\'self\'',
                 'data:',
+                'blob:',
                 // 'https://avatars.githubusercontent.com', // uncomment this for contributor avatars to work
                 options.mediaProxy
             ].filter(Boolean)],

From 416d71002a8730d04e71771d0d687da1c22e3fce Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Tue, 19 Nov 2024 10:35:56 -0600
Subject: [PATCH 04/29] improve emoji packing

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 .../src/core/entities/EmojiEntityService.ts   | 67 ++++++++++++++-----
 .../src/server/api/endpoints/emojis.ts        | 17 ++---
 2 files changed, 57 insertions(+), 27 deletions(-)

diff --git a/packages/backend/src/core/entities/EmojiEntityService.ts b/packages/backend/src/core/entities/EmojiEntityService.ts
index 841bd731c0..8929d4e640 100644
--- a/packages/backend/src/core/entities/EmojiEntityService.ts
+++ b/packages/backend/src/core/entities/EmojiEntityService.ts
@@ -10,6 +10,7 @@ import type { Packed } from '@/misc/json-schema.js';
 import type { } from '@/models/Blocking.js';
 import type { MiEmoji } from '@/models/Emoji.js';
 import { bindThis } from '@/decorators.js';
+import { In } from 'typeorm';
 
 @Injectable()
 export class EmojiEntityService {
@@ -20,11 +21,9 @@ export class EmojiEntityService {
 	}
 
 	@bindThis
-	public async packSimple(
-		src: MiEmoji['id'] | MiEmoji,
-	): Promise<Packed<'EmojiSimple'>> {
-		const emoji = typeof src === 'object' ? src : await this.emojisRepository.findOneByOrFail({ id: src });
-
+	public packSimpleNoQuery(
+		emoji: MiEmoji,
+	): Packed<'EmojiSimple'> {
 		return {
 			aliases: emoji.aliases,
 			name: emoji.name,
@@ -38,18 +37,34 @@ export class EmojiEntityService {
 	}
 
 	@bindThis
-	public packSimpleMany(
-		emojis: any[],
-	) {
-		return Promise.all(emojis.map(x => this.packSimple(x)));
+	public async packSimple(
+		src: MiEmoji['id'] | MiEmoji,
+	): Promise<Packed<'EmojiSimple'>> {
+		const emoji = typeof src === 'object' ? src : await this.emojisRepository.findOneByOrFail({ id: src });
+
+		return this.packSimpleNoQuery(emoji);
 	}
 
 	@bindThis
-	public async packDetailed(
-		src: MiEmoji['id'] | MiEmoji,
-	): Promise<Packed<'EmojiDetailed'>> {
-		const emoji = typeof src === 'object' ? src : await this.emojisRepository.findOneByOrFail({ id: src });
+	public async packSimpleMany(
+		emojis: MiEmoji['id'][] | MiEmoji[],
+	): Promise<Packed<'EmojiSimple'>[]> {
+		if (emojis.length === 0) {
+			return [];
+		}
+		
+		if (typeof emojis[0] === 'string') {
+			const res = await this.emojisRepository.findBy({ id: In(emojis as MiEmoji['id'][]) });
+			return res.map(this.packSimpleNoQuery);
+		}
 
+		return (emojis as MiEmoji[]).map(this.packSimpleNoQuery);
+	}
+
+	@bindThis
+	public packDetailedNoQuery(
+		emoji: MiEmoji,
+	): Packed<'EmojiDetailed'> {
 		return {
 			id: emoji.id,
 			aliases: emoji.aliases,
@@ -66,10 +81,28 @@ export class EmojiEntityService {
 	}
 
 	@bindThis
-	public packDetailedMany(
-		emojis: any[],
-	) {
-		return Promise.all(emojis.map(x => this.packDetailed(x)));
+	public async packDetailed(
+		src: MiEmoji['id'] | MiEmoji,
+	): Promise<Packed<'EmojiDetailed'>> {
+		const emoji = typeof src === 'object' ? src : await this.emojisRepository.findOneByOrFail({ id: src });
+
+		return this.packDetailedNoQuery(emoji);
+	}
+
+	@bindThis
+	public async packDetailedMany(
+		emojis: MiEmoji['id'][] | MiEmoji[],
+	) : Promise<Packed<'EmojiDetailed'>[]> {
+		if (emojis.length === 0) {
+			return [];
+		}
+		
+		if (typeof emojis[0] === 'string') {
+			const res = await this.emojisRepository.findBy({ id: In(emojis as MiEmoji['id'][]) });
+			return res.map(this.packDetailedNoQuery);
+		}
+
+		return (emojis as MiEmoji[]).map(this.packDetailedNoQuery);
 	}
 }
 
diff --git a/packages/backend/src/server/api/endpoints/emojis.ts b/packages/backend/src/server/api/endpoints/emojis.ts
index 46ef4eca1b..7888e65794 100644
--- a/packages/backend/src/server/api/endpoints/emojis.ts
+++ b/packages/backend/src/server/api/endpoints/emojis.ts
@@ -50,18 +50,15 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private emojiEntityService: EmojiEntityService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
-			const emojis = await this.emojisRepository.find({
-				where: {
-					host: IsNull(),
-				},
-				order: {
-					category: 'ASC',
-					name: 'ASC',
-				},
-			});
+			const emojis = await this.emojisRepository
+			.createQueryBuilder()
+			.where({ host: IsNull() })
+			.orderBy('LOWER(category)', 'ASC')
+			.addOrderBy('LOWER(name)', 'ASC')
+			.getMany();
 
 			return {
-				emojis: await this.emojiEntityService.packSimpleMany(emojis),
+				emojis: emojis.map(this.emojiEntityService.packSimpleNoQuery),			
 			};
 		});
 	}

From 4ba0357d4914b026b812cc3c27f9e4380b5375c6 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Tue, 19 Nov 2024 21:07:02 -0600
Subject: [PATCH 05/29] fix(backend): Atomically mark remote account deletions

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 .../1732071810971-IndexUserDeleted.js         | 16 +++++
 .../backend/src/core/DeleteAccountService.ts  |  4 ++
 packages/backend/src/core/RoleService.ts      |  1 +
 .../src/core/activitypub/ApInboxService.ts    |  9 +--
 .../activitypub/models/ApPersonService.ts     |  6 +-
 .../DeleteAccountProcessorService.ts          | 62 ++++++++++++++++---
 .../src/server/api/endpoints/users/show.ts    |  1 +
 7 files changed, 80 insertions(+), 19 deletions(-)
 create mode 100644 packages/backend/migration/1732071810971-IndexUserDeleted.js

diff --git a/packages/backend/migration/1732071810971-IndexUserDeleted.js b/packages/backend/migration/1732071810971-IndexUserDeleted.js
new file mode 100644
index 0000000000..b4c3d714ad
--- /dev/null
+++ b/packages/backend/migration/1732071810971-IndexUserDeleted.js
@@ -0,0 +1,16 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project and yumechi
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+export class IndexUserDeleted1732071810971 {
+    name = 'IndexUserDeleted1732071810971'
+
+    async up(queryRunner) {
+        await queryRunner.query(`CREATE INDEX IF NOT EXISTS "IDX_199b79e682bdc5ba946f491686" ON "user" ("isDeleted")`);
+    }
+
+    async down(queryRunner) {
+        await queryRunner.query(`DROP INDEX IF EXISTS "IDX_199b79e682bdc5ba946f491686"`);
+    }
+}
diff --git a/packages/backend/src/core/DeleteAccountService.ts b/packages/backend/src/core/DeleteAccountService.ts
index 7f1b8f3efb..a5b0f60fbf 100644
--- a/packages/backend/src/core/DeleteAccountService.ts
+++ b/packages/backend/src/core/DeleteAccountService.ts
@@ -47,6 +47,10 @@ export class DeleteAccountService {
 			});
 		}
 
+		if (!(await this.usersRepository.update({ id: user.id, isDeleted: false }, { isDeleted: true })).affected) {
+			return;
+		}
+
 		// 物理削除する前にDelete activityを送信する
 		if (this.userEntityService.isLocalUser(user)) {
 			// 知り得る全SharedInboxにDelete配信
diff --git a/packages/backend/src/core/RoleService.ts b/packages/backend/src/core/RoleService.ts
index 5af6b05942..ba4507d206 100644
--- a/packages/backend/src/core/RoleService.ts
+++ b/packages/backend/src/core/RoleService.ts
@@ -488,6 +488,7 @@ export class RoleService implements OnApplicationShutdown, OnModuleInit {
 		return ids.length > 0
 			? await this.usersRepository.findBy({
 				id: In(ids),
+				isDeleted: false,
 			})
 			: [];
 	}
diff --git a/packages/backend/src/core/activitypub/ApInboxService.ts b/packages/backend/src/core/activitypub/ApInboxService.ts
index f3aa46292e..fccf86cb91 100644
--- a/packages/backend/src/core/activitypub/ApInboxService.ts
+++ b/packages/backend/src/core/activitypub/ApInboxService.ts
@@ -509,19 +509,12 @@ export class ApInboxService {
 			return `skip: delete actor ${actor.uri} !== ${uri}`;
 		}
 
-		const user = await this.usersRepository.findOneBy({ id: actor.id });
-		if (user == null) {
-			return 'skip: actor not found';
-		} else if (user.isDeleted) {
+		if (!(await this.usersRepository.update({ id: actor.id, isDeleted: false }, { isDeleted: true })).affected) {
 			return 'skip: already deleted';
 		}
 
 		const job = await this.queueService.createDeleteAccountJob(actor);
 
-		await this.usersRepository.update(actor.id, {
-			isDeleted: true,
-		});
-
 		this.globalEventService.publishInternalEvent('remoteUserUpdated', { id: actor.id });
 
 		return `ok: queued ${job.name} ${job.id}`;
diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts
index 8c4e40c561..e01b098194 100644
--- a/packages/backend/src/core/activitypub/models/ApPersonService.ts
+++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts
@@ -557,7 +557,9 @@ export class ApPersonService implements OnModuleInit {
 		if (moving) updates.movedAt = new Date();
 
 		// Update user
-		await this.usersRepository.update(exist.id, updates);
+		if (!(await this.usersRepository.update({ id: exist.id, isDeleted: false }, updates)).affected) {
+			return 'skip';
+		}
 
 		if (person.publicKey) {
 			await this.userPublickeysRepository.update({ userId: exist.id }, {
@@ -662,7 +664,7 @@ export class ApPersonService implements OnModuleInit {
 
 	@bindThis
 	public async updateFeatured(userId: MiUser['id'], resolver?: Resolver): Promise<void> {
-		const user = await this.usersRepository.findOneByOrFail({ id: userId });
+		const user = await this.usersRepository.findOneByOrFail({ id: userId, isDeleted: false });
 		if (!this.userEntityService.isRemoteUser(user)) return;
 		if (!user.featured) return;
 
diff --git a/packages/backend/src/queue/processors/DeleteAccountProcessorService.ts b/packages/backend/src/queue/processors/DeleteAccountProcessorService.ts
index 14a53e0c42..05be2e02f0 100644
--- a/packages/backend/src/queue/processors/DeleteAccountProcessorService.ts
+++ b/packages/backend/src/queue/processors/DeleteAccountProcessorService.ts
@@ -4,9 +4,9 @@
  */
 
 import { Inject, Injectable } from '@nestjs/common';
-import { MoreThan } from 'typeorm';
+import { DataSource, MoreThan, QueryFailedError, TypeORMError } from 'typeorm';
 import { DI } from '@/di-symbols.js';
-import type { DriveFilesRepository, NotesRepository, UserProfilesRepository, UsersRepository } from '@/models/_.js';
+import { MiUser, type DriveFilesRepository, type NotesRepository, type UserProfilesRepository, type UsersRepository } from '@/models/_.js';
 import type Logger from '@/logger.js';
 import { DriveService } from '@/core/DriveService.js';
 import type { MiDriveFile } from '@/models/DriveFile.js';
@@ -26,6 +26,9 @@ export class DeleteAccountProcessorService {
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
 
+		@Inject(DI.db)
+		private db: DataSource,
+
 		@Inject(DI.userProfilesRepository)
 		private userProfilesRepository: UserProfilesRepository,
 
@@ -52,6 +55,14 @@ export class DeleteAccountProcessorService {
 			return;
 		}
 
+		if (!user.isDeleted) {
+			this.logger.warn('User is not pre-marked as deleted, this is likely a bug');
+			if (process.env.NODE_ENV !== 'production') {
+				throw new Error('User is not pre-marked as deleted'); // make some noise to make sure tests fail
+			}
+			await this.usersRepository.update({ id: user.id }, { isDeleted: true });
+		}
+
 		{ // Delete notes
 			let cursor: MiNote['id'] | null = null;
 
@@ -121,13 +132,46 @@ export class DeleteAccountProcessorService {
 			}
 		}
 
-		// soft指定されている場合は物理削除しない
-		if (job.data.soft) {
-		// nop
-		} else {
-			await this.usersRepository.delete(job.data.user.id);
+		// Deadlockが発生した場合にリトライする
+		for (let remaining = 3; remaining > 0; remaining--) {
+			try {
+				// soft指定されている場合は物理削除しない
+				await this.db.transaction(async txn => {
+					// soft指定してもデータをすべで削除する
+					await txn.delete(MiUser, user.id);
+					if (job.data.soft) {
+						await txn.insert(MiUser, {
+							...user,
+							isRoot: false,
+							updatedAt: new Date(),
+							emojis: [],
+							hideOnlineStatus: true,
+							followersCount: 0,
+							followingCount: 0,
+							avatarUrl: null,
+							avatarId: null,
+							notesCount: 0,
+							inbox: null,
+							sharedInbox: null,
+							featured: null,
+							uri: null,
+							followersUri: null,
+							token: null,
+							isDeleted: true,
+						});
+					}
+				});
+				return 'Account deleted';
+			} catch (e) {
+				// 40P01 = deadlock_detected
+				// https://www.postgresql.org/docs/current/errcodes-appendix.html
+				if (remaining > 0 && e instanceof QueryFailedError && e.driverError.code === '40P01') {
+					this.logger.warn(`Deadlock occurred, retrying after 1s... [${remaining - 1} remaining]`);
+					await new Promise(resolve => setTimeout(resolve, 1000));
+					continue;
+				}
+				throw e;
+			}
 		}
-
-		return 'Account deleted';
 	}
 }
diff --git a/packages/backend/src/server/api/endpoints/users/show.ts b/packages/backend/src/server/api/endpoints/users/show.ts
index 062326e28d..6daed35372 100644
--- a/packages/backend/src/server/api/endpoints/users/show.ts
+++ b/packages/backend/src/server/api/endpoints/users/show.ts
@@ -106,6 +106,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 					id: In(ps.userIds),
 				} : {
 					id: In(ps.userIds),
+					isDeleted: false,
 					isSuspended: false,
 				});
 

From 95d3fb08f40adfcd5535fa4d199158640b51d305 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Wed, 20 Nov 2024 01:59:48 -0600
Subject: [PATCH 06/29] Prefix all calls to Image and Video Processing service

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/core/CoreModule.ts       |  16 +-
 packages/backend/src/core/DriveService.ts     |  18 +-
 .../src/core/ImageProcessingService.ts        |   4 +-
 .../src/core/VideoProcessingService.ts        |   8 +-
 .../core/entities/DriveFileEntityService.ts   |   8 +-
 .../backend/src/server/FileServerService.ts   | 481 ++++--------------
 6 files changed, 126 insertions(+), 409 deletions(-)

diff --git a/packages/backend/src/core/CoreModule.ts b/packages/backend/src/core/CoreModule.ts
index 734d135648..9fdaf5eb86 100644
--- a/packages/backend/src/core/CoreModule.ts
+++ b/packages/backend/src/core/CoreModule.ts
@@ -36,7 +36,7 @@ import { GlobalEventService } from './GlobalEventService.js';
 import { HashtagService } from './HashtagService.js';
 import { HttpRequestService } from './HttpRequestService.js';
 import { IdService } from './IdService.js';
-import { ImageProcessingService } from './ImageProcessingService.js';
+import { __YUME_PRIVATE_ImageProcessingService } from './ImageProcessingService.js';
 import { InstanceActorService } from './InstanceActorService.js';
 import { InternalStorageService } from './InternalStorageService.js';
 import { MetaService } from './MetaService.js';
@@ -67,7 +67,7 @@ import { UserMutingService } from './UserMutingService.js';
 import { UserRenoteMutingService } from './UserRenoteMutingService.js';
 import { UserSuspendService } from './UserSuspendService.js';
 import { UserAuthService } from './UserAuthService.js';
-import { VideoProcessingService } from './VideoProcessingService.js';
+import { __YUME_PRIVATE_VideoProcessingService } from './VideoProcessingService.js';
 import { UserWebhookService } from './UserWebhookService.js';
 import { ProxyAccountService } from './ProxyAccountService.js';
 import { UtilityService } from './UtilityService.js';
@@ -179,7 +179,7 @@ const $GlobalEventService: Provider = { provide: 'GlobalEventService', useExisti
 const $HashtagService: Provider = { provide: 'HashtagService', useExisting: HashtagService };
 const $HttpRequestService: Provider = { provide: 'HttpRequestService', useExisting: HttpRequestService };
 const $IdService: Provider = { provide: 'IdService', useExisting: IdService };
-const $ImageProcessingService: Provider = { provide: 'ImageProcessingService', useExisting: ImageProcessingService };
+const $ImageProcessingService: Provider = { provide: '__YUME_PRIVATE_ImageProcessingService', useExisting: __YUME_PRIVATE_ImageProcessingService };
 const $InstanceActorService: Provider = { provide: 'InstanceActorService', useExisting: InstanceActorService };
 const $InternalStorageService: Provider = { provide: 'InternalStorageService', useExisting: InternalStorageService };
 const $MetaService: Provider = { provide: 'MetaService', useExisting: MetaService };
@@ -212,7 +212,7 @@ const $UserRenoteMutingService: Provider = { provide: 'UserRenoteMutingService',
 const $UserSearchService: Provider = { provide: 'UserSearchService', useExisting: UserSearchService };
 const $UserSuspendService: Provider = { provide: 'UserSuspendService', useExisting: UserSuspendService };
 const $UserAuthService: Provider = { provide: 'UserAuthService', useExisting: UserAuthService };
-const $VideoProcessingService: Provider = { provide: 'VideoProcessingService', useExisting: VideoProcessingService };
+const $VideoProcessingService: Provider = { provide: '__YUME_PRIVATE_VideoProcessingService', useExisting: __YUME_PRIVATE_VideoProcessingService };
 const $UserWebhookService: Provider = { provide: 'UserWebhookService', useExisting: UserWebhookService };
 const $SystemWebhookService: Provider = { provide: 'SystemWebhookService', useExisting: SystemWebhookService };
 const $WebhookTestService: Provider = { provide: 'WebhookTestService', useExisting: WebhookTestService };
@@ -330,7 +330,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		HashtagService,
 		HttpRequestService,
 		IdService,
-		ImageProcessingService,
+		__YUME_PRIVATE_ImageProcessingService,
 		InstanceActorService,
 		InternalStorageService,
 		MetaService,
@@ -363,7 +363,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		UserSearchService,
 		UserSuspendService,
 		UserAuthService,
-		VideoProcessingService,
+		__YUME_PRIVATE_VideoProcessingService,
 		UserWebhookService,
 		SystemWebhookService,
 		WebhookTestService,
@@ -625,7 +625,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		HashtagService,
 		HttpRequestService,
 		IdService,
-		ImageProcessingService,
+		__YUME_PRIVATE_ImageProcessingService,
 		InstanceActorService,
 		InternalStorageService,
 		MetaService,
@@ -658,7 +658,7 @@ const $ApQuestionService: Provider = { provide: 'ApQuestionService', useExisting
 		UserSearchService,
 		UserSuspendService,
 		UserAuthService,
-		VideoProcessingService,
+		__YUME_PRIVATE_VideoProcessingService,
 		UserWebhookService,
 		SystemWebhookService,
 		WebhookTestService,
diff --git a/packages/backend/src/core/DriveService.ts b/packages/backend/src/core/DriveService.ts
index 495d67a93b..517a682753 100644
--- a/packages/backend/src/core/DriveService.ts
+++ b/packages/backend/src/core/DriveService.ts
@@ -22,8 +22,8 @@ import { FILE_TYPE_BROWSERSAFE } from '@/const.js';
 import { IdentifiableError } from '@/misc/identifiable-error.js';
 import { contentDisposition } from '@/misc/content-disposition.js';
 import { GlobalEventService } from '@/core/GlobalEventService.js';
-import { VideoProcessingService } from '@/core/VideoProcessingService.js';
-import { ImageProcessingService } from '@/core/ImageProcessingService.js';
+import { __YUME_PRIVATE_VideoProcessingService } from '@/core/VideoProcessingService.js';
+import { __YUME_PRIVATE_ImageProcessingService } from '@/core/ImageProcessingService.js';
 import type { IImage } from '@/core/ImageProcessingService.js';
 import { QueueService } from '@/core/QueueService.js';
 import type { MiDriveFolder } from '@/models/DriveFolder.js';
@@ -120,8 +120,8 @@ export class DriveService {
 		private downloadService: DownloadService,
 		private internalStorageService: InternalStorageService,
 		private s3Service: S3Service,
-		private imageProcessingService: ImageProcessingService,
-		private videoProcessingService: VideoProcessingService,
+		private privateImageProcessingService: __YUME_PRIVATE_ImageProcessingService,
+		private privateVideoProcessingService: __YUME_PRIVATE_VideoProcessingService,
 		private globalEventService: GlobalEventService,
 		private queueService: QueueService,
 		private roleService: RoleService,
@@ -277,7 +277,7 @@ export class DriveService {
 			}
 
 			try {
-				const thumbnail = await this.videoProcessingService.generateVideoThumbnail(path);
+				const thumbnail = await this.privateVideoProcessingService.generateVideoThumbnail(path);
 				return {
 					webpublic: null,
 					thumbnail,
@@ -331,9 +331,9 @@ export class DriveService {
 
 			try {
 				if (['image/jpeg', 'image/webp', 'image/avif'].includes(type)) {
-					webpublic = await this.imageProcessingService.convertSharpToWebp(img, 2048, 2048);
+					webpublic = await this.privateImageProcessingService.convertSharpToWebp(img, 2048, 2048);
 				} else if (['image/png', 'image/bmp', 'image/svg+xml'].includes(type)) {
-					webpublic = await this.imageProcessingService.convertSharpToPng(img, 2048, 2048);
+					webpublic = await this.privateImageProcessingService.convertSharpToPng(img, 2048, 2048);
 				} else {
 					this.registerLogger.debug('web image not created (not an required image)');
 				}
@@ -352,9 +352,9 @@ export class DriveService {
 
 		try {
 			if (isAnimated) {
-				thumbnail = await this.imageProcessingService.convertSharpToWebp(sharp(path, { animated: true }), 374, 317, { alphaQuality: 70 });
+				thumbnail = await this.privateImageProcessingService.convertSharpToWebp(sharp(path, { animated: true }), 374, 317, { alphaQuality: 70 });
 			} else {
-				thumbnail = await this.imageProcessingService.convertSharpToWebp(img, 498, 422);
+				thumbnail = await this.privateImageProcessingService.convertSharpToWebp(img, 498, 422);
 			}
 		} catch (err) {
 			this.registerLogger.warn('thumbnail not created (an error occurred)', err as Error);
diff --git a/packages/backend/src/core/ImageProcessingService.ts b/packages/backend/src/core/ImageProcessingService.ts
index 6f978b34c8..6aa25decc8 100644
--- a/packages/backend/src/core/ImageProcessingService.ts
+++ b/packages/backend/src/core/ImageProcessingService.ts
@@ -46,7 +46,9 @@ import { bindThis } from '@/decorators.js';
 import { Readable } from 'node:stream';
 
 @Injectable()
-export class ImageProcessingService {
+// Prevent accidental import by upstream merge
+// eslint-disable-next-line
+export class __YUME_PRIVATE_ImageProcessingService {
 	constructor(
 	) {
 	}
diff --git a/packages/backend/src/core/VideoProcessingService.ts b/packages/backend/src/core/VideoProcessingService.ts
index 747fe4fc7e..461e427b0d 100644
--- a/packages/backend/src/core/VideoProcessingService.ts
+++ b/packages/backend/src/core/VideoProcessingService.ts
@@ -7,19 +7,21 @@ import { Inject, Injectable } from '@nestjs/common';
 import FFmpeg from 'fluent-ffmpeg';
 import { DI } from '@/di-symbols.js';
 import type { Config } from '@/config.js';
-import { ImageProcessingService } from '@/core/ImageProcessingService.js';
+import { __YUME_PRIVATE_ImageProcessingService } from '@/core/ImageProcessingService.js';
 import type { IImage } from '@/core/ImageProcessingService.js';
 import { createTempDir } from '@/misc/create-temp.js';
 import { bindThis } from '@/decorators.js';
 import { appendQuery, query } from '@/misc/prelude/url.js';
 
 @Injectable()
-export class VideoProcessingService {
+// Prevent accidental import by upstream merge
+// eslint-disable-next-line
+export class __YUME_PRIVATE_VideoProcessingService {
 	constructor(
 		@Inject(DI.config)
 		private config: Config,
 
-		private imageProcessingService: ImageProcessingService,
+		private imageProcessingService: __YUME_PRIVATE_ImageProcessingService,
 	) {
 	}
 
diff --git a/packages/backend/src/core/entities/DriveFileEntityService.ts b/packages/backend/src/core/entities/DriveFileEntityService.ts
index c485555f90..a1dbef36da 100644
--- a/packages/backend/src/core/entities/DriveFileEntityService.ts
+++ b/packages/backend/src/core/entities/DriveFileEntityService.ts
@@ -18,7 +18,6 @@ import { bindThis } from '@/decorators.js';
 import { isMimeImage } from '@/misc/is-mime-image.js';
 import { IdService } from '@/core/IdService.js';
 import { UtilityService } from '../UtilityService.js';
-import { VideoProcessingService } from '../VideoProcessingService.js';
 import { UserEntityService } from './UserEntityService.js';
 import { DriveFolderEntityService } from './DriveFolderEntityService.js';
 
@@ -43,7 +42,6 @@ export class DriveFileEntityService {
 
 		private utilityService: UtilityService,
 		private driveFolderEntityService: DriveFolderEntityService,
-		private videoProcessingService: VideoProcessingService,
 		private idService: IdService,
 	) {
 	}
@@ -86,11 +84,7 @@ export class DriveFileEntityService {
 
 	@bindThis
 	public getThumbnailUrl(file: MiDriveFile): string | null {
-		if (file.type.startsWith('video')) {
-			if (file.thumbnailUrl) return file.thumbnailUrl;
-
-			return this.videoProcessingService.getExternalVideoThumbnailUrl(file.webpublicUrl ?? file.url);
-		} else if (file.uri != null && file.userHost != null && this.config.externalMediaProxyEnabled) {
+		if (file.uri != null && file.userHost != null && this.config.externalMediaProxyEnabled) {
 			// 動画ではなくリモートかつメディアプロキシ
 			return this.getProxiedUrl(file.uri, 'static');
 		}
diff --git a/packages/backend/src/server/FileServerService.ts b/packages/backend/src/server/FileServerService.ts
index 91d826382d..1bdcdbe2a0 100644
--- a/packages/backend/src/server/FileServerService.ts
+++ b/packages/backend/src/server/FileServerService.ts
@@ -8,27 +8,19 @@ import { fileURLToPath } from 'node:url';
 import { dirname } from 'node:path';
 import { Inject, Injectable } from '@nestjs/common';
 import rename from 'rename';
-import sharp from 'sharp';
-import { sharpBmp } from '@misskey-dev/sharp-read-bmp';
 import type { Config } from '@/config.js';
 import type { MiDriveFile, DriveFilesRepository } from '@/models/_.js';
 import { DI } from '@/di-symbols.js';
-import { createTemp } from '@/misc/create-temp.js';
 import { FILE_TYPE_BROWSERSAFE } from '@/const.js';
 import { StatusError } from '@/misc/status-error.js';
 import type Logger from '@/logger.js';
-import { DownloadService } from '@/core/DownloadService.js';
-import { IImageStreamable, ImageProcessingService, webpDefault } from '@/core/ImageProcessingService.js';
-import { VideoProcessingService } from '@/core/VideoProcessingService.js';
-import { InternalStorageService } from '@/core/InternalStorageService.js';
 import { contentDisposition } from '@/misc/content-disposition.js';
 import { FileInfoService } from '@/core/FileInfoService.js';
 import { LoggerService } from '@/core/LoggerService.js';
 import { bindThis } from '@/decorators.js';
-import { isMimeImage } from '@/misc/is-mime-image.js';
-import { correctFilename } from '@/misc/correct-filename.js';
 import { handleRequestRedirectToOmitSearch } from '@/misc/fastify-hook-handlers.js';
 import type { FastifyInstance, FastifyRequest, FastifyReply, FastifyPluginOptions } from 'fastify';
+import { InternalStorageService } from '@/core/InternalStorageService.js';
 
 const _filename = fileURLToPath(import.meta.url);
 const _dirname = dirname(_filename);
@@ -46,11 +38,8 @@ export class FileServerService {
 		@Inject(DI.driveFilesRepository)
 		private driveFilesRepository: DriveFilesRepository,
 
-		private fileInfoService: FileInfoService,
-		private downloadService: DownloadService,
-		private imageProcessingService: ImageProcessingService,
-		private videoProcessingService: VideoProcessingService,
 		private internalStorageService: InternalStorageService,
+		private fileInfoService: FileInfoService,
 		private loggerService: LoggerService,
 	) {
 		this.logger = this.loggerService.getLogger('server', 'gray');
@@ -134,165 +123,78 @@ export class FileServerService {
 			return;
 		}
 
-		try {
-			if (file.state === 'remote') {
-				let image: IImageStreamable | null = null;
+		if (file.state === 'remote') {
+			const url = new URL(`${this.config.mediaProxy}/`);
 
-				if (file.fileRole === 'thumbnail') {
-					if (isMimeImage(file.mime, 'sharp-convertible-image-with-bmp')) {
-						reply.header('Cache-Control', 'max-age=31536000, immutable');
+			url.searchParams.set('url', file.url);
 
-						const url = new URL(`${this.config.mediaProxy}/static.webp`);
-						url.searchParams.set('url', file.url);
-						url.searchParams.set('static', '1');
+			return await reply.redirect(url.toString(), 301);
+		}
 
-						file.cleanup();
-						return await reply.redirect(url.toString(), 301);
-					} else if (file.mime.startsWith('video/')) {
-						const externalThumbnail = this.videoProcessingService.getExternalVideoThumbnailUrl(file.url);
-						if (externalThumbnail) {
-							file.cleanup();
-							return await reply.redirect(externalThumbnail, 301);
-						}
+		if (file.fileRole !== 'original') {
+			const filename = rename(file.filename, {
+				suffix: file.fileRole === 'thumbnail' ? '-thumb' : '-web',
+				extname: file.ext ? `.${file.ext}` : '.unknown',
+			}).toString();
 
-						image = await this.videoProcessingService.generateVideoThumbnail(file.path);
-					}
+			reply.header('Content-Type', FILE_TYPE_BROWSERSAFE.includes(file.mime) ? file.mime : 'application/octet-stream');
+			reply.header('Cache-Control', 'max-age=31536000, immutable');
+			reply.header('Content-Disposition', contentDisposition('inline', filename));
+
+			if (request.headers.range && file.file.size > 0) {
+				const range = request.headers.range as string;
+				const parts = range.replace(/bytes=/, '').split('-');
+				const start = parseInt(parts[0], 10);
+				let end = parts[1] ? parseInt(parts[1], 10) : file.file.size - 1;
+				if (end > file.file.size) {
+					end = file.file.size - 1;
 				}
-
-				if (file.fileRole === 'webpublic') {
-					if (['image/svg+xml'].includes(file.mime)) {
-						reply.header('Cache-Control', 'max-age=31536000, immutable');
-
-						const url = new URL(`${this.config.mediaProxy}/svg.webp`);
-						url.searchParams.set('url', file.url);
-
-						file.cleanup();
-						return await reply.redirect(url.toString(), 301);
-					}
-				}
-
-				if (!image) {
-					if (request.headers.range && file.file.size > 0) {
-						const range = request.headers.range as string;
-						const parts = range.replace(/bytes=/, '').split('-');
-						const start = parseInt(parts[0], 10);
-						let end = parts[1] ? parseInt(parts[1], 10) : file.file.size - 1;
-						if (end > file.file.size) {
-							end = file.file.size - 1;
-						}
-						const chunksize = end - start + 1;
-
-						image = {
-							data: fs.createReadStream(file.path, {
-								start,
-								end,
-							}),
-							ext: file.ext,
-							type: file.mime,
-						};
-
-						reply.header('Content-Range', `bytes ${start}-${end}/${file.file.size}`);
-						reply.header('Accept-Ranges', 'bytes');
-						reply.header('Content-Length', chunksize);
-						reply.code(206);
-					} else {
-						image = {
-							data: fs.createReadStream(file.path),
-							ext: file.ext,
-							type: file.mime,
-						};
-					}
-				}
-
-				if ('pipe' in image.data && typeof image.data.pipe === 'function') {
-					// image.dataがstreamなら、stream終了後にcleanup
-					image.data.on('end', file.cleanup);
-					image.data.on('close', file.cleanup);
-				} else {
-					// image.dataがstreamでないなら直ちにcleanup
-					file.cleanup();
-				}
-
-				reply.header('Content-Type', FILE_TYPE_BROWSERSAFE.includes(image.type) ? image.type : 'application/octet-stream');
-				reply.header('Content-Length', file.file.size);
-				reply.header('Cache-Control', 'max-age=31536000, immutable');
-				reply.header('Content-Disposition',
-					contentDisposition(
-						'inline',
-						correctFilename(file.filename, image.ext),
-					),
-				);
-				return image.data;
+				const chunksize = end - start + 1;
+				const fileStream = fs.createReadStream(file.path, {
+					start,
+					end,
+				});
+				reply.header('Content-Range', `bytes ${start}-${end}/${file.file.size}`);
+				reply.header('Accept-Ranges', 'bytes');
+				reply.header('Content-Length', chunksize);
+				reply.code(206);
+				return fileStream;
 			}
 
-			if (file.fileRole !== 'original') {
-				const filename = rename(file.filename, {
-					suffix: file.fileRole === 'thumbnail' ? '-thumb' : '-web',
-					extname: file.ext ? `.${file.ext}` : '.unknown',
-				}).toString();
+			return fs.createReadStream(file.path);
+		} else {
+			reply.header('Content-Type', FILE_TYPE_BROWSERSAFE.includes(file.file.type) ? file.file.type : 'application/octet-stream');
+			reply.header('Content-Length', file.file.size);
+			reply.header('Cache-Control', 'max-age=31536000, immutable');
+			reply.header('Content-Disposition', contentDisposition('inline', file.filename));
 
-				reply.header('Content-Type', FILE_TYPE_BROWSERSAFE.includes(file.mime) ? file.mime : 'application/octet-stream');
-				reply.header('Cache-Control', 'max-age=31536000, immutable');
-				reply.header('Content-Disposition', contentDisposition('inline', filename));
-
-				if (request.headers.range && file.file.size > 0) {
-					const range = request.headers.range as string;
-					const parts = range.replace(/bytes=/, '').split('-');
-					const start = parseInt(parts[0], 10);
-					let end = parts[1] ? parseInt(parts[1], 10) : file.file.size - 1;
-					if (end > file.file.size) {
-						end = file.file.size - 1;
-					}
-					const chunksize = end - start + 1;
-					const fileStream = fs.createReadStream(file.path, {
-						start,
-						end,
-					});
-					reply.header('Content-Range', `bytes ${start}-${end}/${file.file.size}`);
-					reply.header('Accept-Ranges', 'bytes');
-					reply.header('Content-Length', chunksize);
-					reply.code(206);
-					return fileStream;
+			if (request.headers.range && file.file.size > 0) {
+				const range = request.headers.range as string;
+				const parts = range.replace(/bytes=/, '').split('-');
+				const start = parseInt(parts[0], 10);
+				let end = parts[1] ? parseInt(parts[1], 10) : file.file.size - 1;
+				if (end > file.file.size) {
+					end = file.file.size - 1;
 				}
-
-				return fs.createReadStream(file.path);
-			} else {
-				reply.header('Content-Type', FILE_TYPE_BROWSERSAFE.includes(file.file.type) ? file.file.type : 'application/octet-stream');
-				reply.header('Content-Length', file.file.size);
-				reply.header('Cache-Control', 'max-age=31536000, immutable');
-				reply.header('Content-Disposition', contentDisposition('inline', file.filename));
-
-				if (request.headers.range && file.file.size > 0) {
-					const range = request.headers.range as string;
-					const parts = range.replace(/bytes=/, '').split('-');
-					const start = parseInt(parts[0], 10);
-					let end = parts[1] ? parseInt(parts[1], 10) : file.file.size - 1;
-					if (end > file.file.size) {
-						end = file.file.size - 1;
-					}
-					const chunksize = end - start + 1;
-					const fileStream = fs.createReadStream(file.path, {
-						start,
-						end,
-					});
-					reply.header('Content-Range', `bytes ${start}-${end}/${file.file.size}`);
-					reply.header('Accept-Ranges', 'bytes');
-					reply.header('Content-Length', chunksize);
-					reply.code(206);
-					return fileStream;
-				}
-
-				return fs.createReadStream(file.path);
+				const chunksize = end - start + 1;
+				const fileStream = fs.createReadStream(file.path, {
+					start,
+					end,
+				});
+				reply.header('Content-Range', `bytes ${start}-${end}/${file.file.size}`);
+				reply.header('Accept-Ranges', 'bytes');
+				reply.header('Content-Length', chunksize);
+				reply.code(206);
+				return fileStream;
 			}
-		} catch (e) {
-			if ('cleanup' in file) file.cleanup();
-			throw e;
+
+			return fs.createReadStream(file.path);
 		}
 	}
 
 	@bindThis
 	private async proxyHandler(request: FastifyRequest<{ Params: { url: string; }; Querystring: { url?: string; }; }>, reply: FastifyReply) {
-		let url = 'url' in request.query ? request.query.url : 'https://' + request.params.url;
+		const url = 'url' in request.query ? request.query.url : 'https://' + request.params.url;
 
 		if (typeof url !== 'string') {
 			reply.code(400);
@@ -302,234 +204,56 @@ export class FileServerService {
 		// アバタークロップなど、どうしてもオリジンである必要がある場合
 		const mustOrigin = 'origin' in request.query;
 
-		if (this.config.externalMediaProxyEnabled) {
-			// 外部のメディアプロキシが有効なら、そちらにリダイレクト
-
-			reply.header('Cache-Control', 'public, max-age=259200'); // 3 days
-
-			const externalURL = new URL(`${this.config.mediaProxy}/${request.params.url || ''}`);
-
-			for (const [key, value] of Object.entries(request.query)) {
-				externalURL.searchParams.append(key, value);
-			}
-
-			if (mustOrigin) {
-				url = `${this.config.mediaProxy}?url=${encodeURIComponent(url)}`;
-			} else {
-				return await reply.redirect(
-					externalURL.toString(),
-					301,
-				);
-			}
+		if (!this.config.mediaProxy) {
+			reply.code(501);
 		}
 
-		if (!request.headers['user-agent']) {
-			throw new StatusError('User-Agent is required', 400, 'User-Agent is required');
-		} else if (request.headers['user-agent'].toLowerCase().indexOf('misskey/') !== -1) {
-			throw new StatusError('Refusing to proxy a request from another proxy', 403, 'Proxy is recursive');
+		const proxiedURL = new URL(`${this.config.mediaProxy}/?url=${encodeURIComponent(url)}`);
+
+		for (const [key, value] of Object.entries(request.query)) {
+			if (key.toLowerCase() === 'url') continue;
+			proxiedURL.searchParams.append(key, value);
 		}
 
-		if (!request.headers['user-agent']) {
-			throw new StatusError('User-Agent is required', 400, 'User-Agent is required');
-		} else if (request.headers['user-agent'].toLowerCase().indexOf('misskey/') !== -1) {
-			throw new StatusError('Refusing to proxy a request from another proxy', 403, 'Proxy is recursive');
-		}
-
-		// Create temp file
-		const file = await this.getStreamAndTypeFromUrl(url);
-		if (file === '404') {
-			reply.code(404);
-			reply.header('Cache-Control', 'max-age=86400');
-			return reply.sendFile('/dummy.png', assets);
-		}
-
-		if (file === '204') {
-			reply.code(204);
-			reply.header('Cache-Control', 'max-age=86400');
-			return;
-		}
-
-		try {
-			const isConvertibleImage = isMimeImage(file.mime, 'sharp-convertible-image-with-bmp');
-			const isAnimationConvertibleImage = isMimeImage(file.mime, 'sharp-animation-convertible-image-with-bmp');
-
-			if (
-				'emoji' in request.query ||
-				'avatar' in request.query ||
-				'static' in request.query ||
-				'preview' in request.query ||
-				'badge' in request.query
-			) {
-				if (!isConvertibleImage) {
-					// 画像でないなら404でお茶を濁す
-					throw new StatusError('Unexpected mime', 404);
-				}
-			}
-
-			let image: IImageStreamable | null = null;
-			if ('emoji' in request.query || 'avatar' in request.query) {
-				if (!isAnimationConvertibleImage && !('static' in request.query)) {
-					image = {
-						data: fs.createReadStream(file.path),
-						ext: file.ext,
-						type: file.mime,
-					};
-				} else {
-					const data = (await sharpBmp(file.path, file.mime, { animated: !('static' in request.query) }))
-						.resize({
-							height: 'emoji' in request.query ? 128 : 320,
-							withoutEnlargement: true,
-						})
-						.webp(webpDefault);
-
-					image = {
-						data,
-						ext: 'webp',
-						type: 'image/webp',
-					};
-				}
-			} else if ('static' in request.query) {
-				image = this.imageProcessingService.convertSharpToWebpStream(await sharpBmp(file.path, file.mime), 498, 422);
-			} else if ('preview' in request.query) {
-				image = this.imageProcessingService.convertSharpToWebpStream(await sharpBmp(file.path, file.mime), 200, 200);
-			} else if ('badge' in request.query) {
-				const mask = (await sharpBmp(file.path, file.mime))
-					.resize(96, 96, {
-						fit: 'contain',
-						position: 'centre',
-						withoutEnlargement: false,
-					})
-					.greyscale()
-					.normalise()
-					.linear(1.75, -(128 * 1.75) + 128) // 1.75x contrast
-					.flatten({ background: '#000' })
-					.toColorspace('b-w');
-
-				const stats = await mask.clone().stats();
-
-				if (stats.entropy < 0.1) {
-					// エントロピーがあまりない場合は404にする
-					throw new StatusError('Skip to provide badge', 404);
-				}
-
-				const data = sharp({
-					create: { width: 96, height: 96, channels: 4, background: { r: 0, g: 0, b: 0, alpha: 0 } },
-				})
-					.pipelineColorspace('b-w')
-					.boolean(await mask.png().toBuffer(), 'eor');
-
-				image = {
-					data: await data.png().toBuffer(),
-					ext: 'png',
-					type: 'image/png',
-				};
-			} else if (file.mime === 'image/svg+xml') {
-				image = this.imageProcessingService.convertToWebpStream(file.path, 2048, 2048);
-			} else if (!file.mime.startsWith('image/') || !FILE_TYPE_BROWSERSAFE.includes(file.mime)) {
-				throw new StatusError('Rejected type', 403, 'Rejected type');
-			}
-
-			if (!image) {
-				if (request.headers.range && file.file && file.file.size > 0) {
-					const range = request.headers.range as string;
-					const parts = range.replace(/bytes=/, '').split('-');
-					const start = parseInt(parts[0], 10);
-					let end = parts[1] ? parseInt(parts[1], 10) : file.file.size - 1;
-					if (end > file.file.size) {
-						end = file.file.size - 1;
-					}
-					const chunksize = end - start + 1;
-
-					image = {
-						data: fs.createReadStream(file.path, {
-							start,
-							end,
-						}),
-						ext: file.ext,
-						type: file.mime,
-					};
-
-					reply.header('Content-Range', `bytes ${start}-${end}/${file.file.size}`);
-					reply.header('Accept-Ranges', 'bytes');
-					reply.header('Content-Length', chunksize);
-					reply.code(206);
-				} else {
-					image = {
-						data: fs.createReadStream(file.path),
-						ext: file.ext,
-						type: file.mime,
-					};
-				}
-			}
-
-			if ('cleanup' in file) {
-				if ('pipe' in image.data && typeof image.data.pipe === 'function') {
-					// image.dataがstreamなら、stream終了後にcleanup
-					image.data.on('end', file.cleanup);
-					image.data.on('close', file.cleanup);
-				} else {
-					// image.dataがstreamでないなら直ちにcleanup
-					file.cleanup();
-				}
-			}
-
-			reply.header('Content-Type', image.type);
-			reply.header('Cache-Control', 'max-age=31536000, immutable');
-			reply.header('Content-Disposition',
-				contentDisposition(
-					'inline',
-					correctFilename(file.filename, image.ext),
-				),
+		if (!mustOrigin) {
+			return await reply.redirect(
+				proxiedURL.toString(),
+				301,
 			);
-			return image.data;
-		} catch (e) {
-			if ('cleanup' in file) file.cleanup();
-			throw e;
-		}
-	}
-
-	@bindThis
-	private async getStreamAndTypeFromUrl(url: string): Promise<
-		{ state: 'remote'; fileRole?: 'thumbnail' | 'webpublic' | 'original'; file?: MiDriveFile; mime: string; ext: string | null; path: string; cleanup: () => void; filename: string; }
-		| { state: 'stored_internal'; fileRole: 'thumbnail' | 'webpublic' | 'original'; file: MiDriveFile; filename: string; mime: string; ext: string | null; path: string; }
-		| '404'
-		| '204'
-	> {
-		if (url.startsWith(`${this.config.url}/files/`)) {
-			const key = url.replace(`${this.config.url}/files/`, '').split('/').shift();
-			if (!key) throw new StatusError('Invalid File Key', 400, 'Invalid File Key');
-
-			return await this.getFileFromKey(key);
 		}
 
-		return await this.downloadAndDetectTypeFromUrl(url);
-	}
+		reply.header('Cache-Control', 'public, max-age=259200'); // 3 days
 
-	@bindThis
-	private async downloadAndDetectTypeFromUrl(url: string): Promise<
-		{ state: 'remote' ; mime: string; ext: string | null; path: string; cleanup: () => void; filename: string; }
-	> {
-		const [path, cleanup] = await createTemp();
-		try {
-			const { filename } = await this.downloadService.downloadUrl(url, path);
-
-			const { mime, ext } = await this.fileInfoService.detectType(path);
-
-			return {
-				state: 'remote',
-				mime, ext,
-				path, cleanup,
-				filename,
-			};
-		} catch (e) {
-			cleanup();
-			throw e;
+		if (!request.headers['user-agent']) {
+			throw new StatusError('User-Agent is required', 400, 'User-Agent is required');
+		} else if (request.headers['user-agent'].toLowerCase().indexOf('misskey/') !== -1) {
+			throw new StatusError('Refusing to proxy a request from another proxy', 403, 'Proxy is recursive');
 		}
+
+		if (!request.headers['user-agent']) {
+			throw new StatusError('User-Agent is required', 400, 'User-Agent is required');
+		} else if (request.headers['user-agent'].toLowerCase().indexOf('misskey/') !== -1) {
+			throw new StatusError('Refusing to proxy a request from another proxy', 403, 'Proxy is recursive');
+		}
+
+		// directly proxy request through
+		const res = await fetch(proxiedURL, {
+			headers: {
+				'X-Forwarded-For': request.headers['x-forwarded-for']?.at(0) ?? request.ip,
+				'User-Agent': request.headers['user-agent'],
+			},
+		});
+
+		reply.code(res.status);
+		for (const [key, value] of res.headers.entries()) {
+			reply.header(key, value);
+		}
+		reply.send(res.body);
 	}
 
 	@bindThis
 	private async getFileFromKey(key: string): Promise<
-		{ state: 'remote'; fileRole: 'thumbnail' | 'webpublic' | 'original'; file: MiDriveFile; filename: string; url: string; mime: string; ext: string | null; path: string; cleanup: () => void; }
+		{ state: 'remote'; fileRole: 'thumbnail' | 'webpublic' | 'original'; filename: string; url: string; }
 		| { state: 'stored_internal'; fileRole: 'thumbnail' | 'webpublic' | 'original'; file: MiDriveFile; filename: string; mime: string; ext: string | null; path: string; }
 		| '404'
 		| '204'
@@ -548,15 +272,10 @@ export class FileServerService {
 
 		if (!file.storedInternal) {
 			if (!(file.isLink && file.uri)) return '204';
-			const result = await this.downloadAndDetectTypeFromUrl(file.uri);
-			file.size = (await fs.promises.stat(result.path)).size;	// DB file.sizeは正確とは限らないので
-			return {
-				...result,
-				url: file.uri,
-				fileRole: isThumbnail ? 'thumbnail' : isWebpublic ? 'webpublic' : 'original',
-				file,
-				filename: file.name,
-			};
+			return { state: 'remote', 
+					fileRole: isThumbnail ? 'thumbnail' : isWebpublic ? 'webpublic' : 'original', 
+					filename: file.name 
+					, url: file.uri };
 		}
 
 		const path = this.internalStorageService.resolvePath(key);

From 4603ab67bb96da39f6c4186ab655e8011fdcb740 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=B4=87=E5=B3=B0=20=E6=9C=94=E8=8F=AF?=
 <160555157+sakuhanight@users.noreply.github.com>
Date: Wed, 20 Nov 2024 20:08:26 +0900
Subject: [PATCH 07/29] =?UTF-8?q?feat:=20=E7=B5=B5=E6=96=87=E5=AD=97?=
 =?UTF-8?q?=E3=81=AE=E3=83=9D=E3=83=83=E3=83=97=E3=82=A2=E3=83=83=E3=83=97?=
 =?UTF-8?q?=E3=83=A1=E3=83=8B=E3=83=A5=E3=83=BC=E3=81=AB=E7=B7=A8=E9=9B=86?=
 =?UTF-8?q?=E3=82=92=E8=BF=BD=E5=8A=A0=20(#15004)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Mod: 絵文字のポップアップメニューに編集を追加

* fix: code styleの修正

* fix: code styleの修正

* fix
---
 .../src/components/global/MkCustomEmoji.vue   | 29 +++++++++++++++++--
 packages/frontend/src/pages/emojis.emoji.vue  | 28 ++++++++++++++++--
 2 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/packages/frontend/src/components/global/MkCustomEmoji.vue b/packages/frontend/src/components/global/MkCustomEmoji.vue
index 66f82a7898..ec1d859080 100644
--- a/packages/frontend/src/components/global/MkCustomEmoji.vue
+++ b/packages/frontend/src/components/global/MkCustomEmoji.vue
@@ -25,17 +25,18 @@ SPDX-License-Identifier: AGPL-3.0-only
 </template>
 
 <script lang="ts" setup>
-import { computed, inject, ref } from 'vue';
+import { computed, defineAsyncComponent, inject, ref } from 'vue';
+import type { MenuItem } from '@/types/menu.js';
 import { getProxiedImageUrl, getStaticImageUrl } from '@/scripts/media-proxy.js';
 import { defaultStore } from '@/store.js';
 import { customEmojisMap } from '@/custom-emojis.js';
 import * as os from '@/os.js';
-import { misskeyApiGet } from '@/scripts/misskey-api.js';
+import { misskeyApi, misskeyApiGet } from '@/scripts/misskey-api.js';
 import { copyToClipboard } from '@/scripts/copy-to-clipboard.js';
 import * as sound from '@/scripts/sound.js';
 import { i18n } from '@/i18n.js';
 import MkCustomEmojiDetailedDialog from '@/components/MkCustomEmojiDetailedDialog.vue';
-import type { MenuItem } from '@/types/menu.js';
+import { $i } from '@/account.js';
 
 const props = defineProps<{
 	name: string;
@@ -125,9 +126,31 @@ function onClick(ev: MouseEvent) {
 			},
 		});
 
+		if ($i?.isModerator ?? $i?.isAdmin) {
+			menuItems.push({
+				text: i18n.ts.edit,
+				icon: 'ti ti-pencil',
+				action: async () => {
+					await edit(props.name);
+				},
+			});
+		}
+
 		os.popupMenu(menuItems, ev.currentTarget ?? ev.target);
 	}
 }
+
+async function edit(name: string) {
+	const emoji = await misskeyApi('emoji', {
+		name: name,
+	});
+	const { dispose } = os.popup(defineAsyncComponent(() => import('@/pages/emoji-edit-dialog.vue')), {
+		emoji: emoji,
+	}, {
+		closed: () => dispose(),
+	});
+}
+
 </script>
 
 <style lang="scss" module>
diff --git a/packages/frontend/src/pages/emojis.emoji.vue b/packages/frontend/src/pages/emojis.emoji.vue
index fcd22155b7..979d50966e 100644
--- a/packages/frontend/src/pages/emojis.emoji.vue
+++ b/packages/frontend/src/pages/emojis.emoji.vue
@@ -15,18 +15,22 @@ SPDX-License-Identifier: AGPL-3.0-only
 
 <script lang="ts" setup>
 import * as Misskey from 'misskey-js';
+import { defineAsyncComponent } from 'vue';
+import type { MenuItem } from '@/types/menu.js';
 import * as os from '@/os.js';
 import { misskeyApiGet } from '@/scripts/misskey-api.js';
 import { copyToClipboard } from '@/scripts/copy-to-clipboard.js';
 import { i18n } from '@/i18n.js';
 import MkCustomEmojiDetailedDialog from '@/components/MkCustomEmojiDetailedDialog.vue';
+import { $i } from '@/account.js';
 
 const props = defineProps<{
   emoji: Misskey.entities.EmojiSimple;
 }>();
 
 function menu(ev) {
-	os.popupMenu([{
+	const menuItems: MenuItem[] = [];
+	menuItems.push({
 		type: 'label',
 		text: ':' + props.emoji.name + ':',
 	}, {
@@ -48,8 +52,28 @@ function menu(ev) {
 				closed: () => dispose(),
 			});
 		},
-	}], ev.currentTarget ?? ev.target);
+	});
+
+	if ($i?.isModerator ?? $i?.isAdmin) {
+		menuItems.push({
+			text: i18n.ts.edit,
+			icon: 'ti ti-pencil',
+			action: () => {
+				edit(props.emoji);
+			},
+		});
+	}
+
+	os.popupMenu(menuItems, ev.currentTarget ?? ev.target);
 }
+
+const edit = async (emoji) => {
+	const { dispose } = os.popup(defineAsyncComponent(() => import('@/pages/emoji-edit-dialog.vue')), {
+		emoji: emoji,
+	}, {
+		closed: () => dispose(),
+	});
+};
 </script>
 
 <style lang="scss" module>

From 7a7aef71cd6344c486d129789aff64f6e79a2824 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Wed, 20 Nov 2024 12:53:29 -0600
Subject: [PATCH 08/29] do not use media proxy if emoji is local

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 .../src/core/entities/EmojiEntityService.ts   | 28 ++++++++++++++--
 packages/backend/src/models/Following.ts      |  3 +-
 packages/backend/src/server/ServerService.ts  | 32 ++++++++++++++++---
 3 files changed, 56 insertions(+), 7 deletions(-)

diff --git a/packages/backend/src/core/entities/EmojiEntityService.ts b/packages/backend/src/core/entities/EmojiEntityService.ts
index 8929d4e640..391d972320 100644
--- a/packages/backend/src/core/entities/EmojiEntityService.ts
+++ b/packages/backend/src/core/entities/EmojiEntityService.ts
@@ -11,15 +11,39 @@ import type { } from '@/models/Blocking.js';
 import type { MiEmoji } from '@/models/Emoji.js';
 import { bindThis } from '@/decorators.js';
 import { In } from 'typeorm';
+import type { Config } from '@/config.js';
 
 @Injectable()
 export class EmojiEntityService {
 	constructor(
 		@Inject(DI.emojisRepository)
 		private emojisRepository: EmojisRepository,
+
+		@Inject(DI.config)
+		private config: Config,
 	) {
 	}
 
+	private stripProxyIfOrigin(url: string): string {
+		try {
+			const u = new URL(url);
+			let origin = u.origin;
+			if (u.origin === new URL(this.config.mediaProxy).origin) {
+				const innerUrl = u.searchParams.get('url');
+				if (innerUrl) {
+					origin = new URL(innerUrl).origin;
+				}
+			}
+			if (origin === u.origin) {
+				return url;
+			}
+		} catch (e) {
+			return url;
+		}
+
+		return url;
+	}
+
 	@bindThis
 	public packSimpleNoQuery(
 		emoji: MiEmoji,
@@ -29,7 +53,7 @@ export class EmojiEntityService {
 			name: emoji.name,
 			category: emoji.category,
 			// || emoji.originalUrl してるのは後方互換性のため（publicUrlはstringなので??はだめ）
-			url: emoji.publicUrl || emoji.originalUrl,
+			url: this.stripProxyIfOrigin(emoji.publicUrl || emoji.originalUrl),
 			localOnly: emoji.localOnly ? true : undefined,
 			isSensitive: emoji.isSensitive ? true : undefined,
 			roleIdsThatCanBeUsedThisEmojiAsReaction: emoji.roleIdsThatCanBeUsedThisEmojiAsReaction.length > 0 ? emoji.roleIdsThatCanBeUsedThisEmojiAsReaction : undefined,
@@ -72,7 +96,7 @@ export class EmojiEntityService {
 			category: emoji.category,
 			host: emoji.host,
 			// || emoji.originalUrl してるのは後方互換性のため（publicUrlはstringなので??はだめ）
-			url: emoji.publicUrl || emoji.originalUrl,
+			url: this.stripProxyIfOrigin(emoji.publicUrl || emoji.originalUrl),
 			license: emoji.license,
 			isSensitive: emoji.isSensitive,
 			localOnly: emoji.localOnly,
diff --git a/packages/backend/src/models/Following.ts b/packages/backend/src/models/Following.ts
index 62cbc29f26..a64d1a4caf 100644
--- a/packages/backend/src/models/Following.ts
+++ b/packages/backend/src/models/Following.ts
@@ -3,7 +3,7 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
-import { PrimaryColumn, Entity, Index, JoinColumn, Column, ManyToOne } from 'typeorm';
+import { PrimaryColumn, Entity, Index, JoinColumn, Column, ManyToOne, ViewEntity } from 'typeorm';
 import { id } from './util/id.js';
 import { MiUser } from './User.js';
 
@@ -98,3 +98,4 @@ export class MiFollowing {
 	public followeeSharedInbox: string | null;
 	//#endregion
 }
+
diff --git a/packages/backend/src/server/ServerService.ts b/packages/backend/src/server/ServerService.ts
index e49ea9432b..e55a52fcab 100644
--- a/packages/backend/src/server/ServerService.ts
+++ b/packages/backend/src/server/ServerService.ts
@@ -33,7 +33,6 @@ import { OpenApiServerService } from './api/openapi/OpenApiServerService.js';
 import { OAuth2ProviderService } from './oauth/OAuth2ProviderService.js';
 import { makeHstsHook } from './hsts.js';
 import { generateCSP } from './csp.js';
-import * as prom from 'prom-client';
 import { sanitizeRequestURI } from '@/misc/log-sanitization.js';
 import { metricCounter, metricGauge, metricHistogram, MetricsService } from './api/MetricsService.js';
 
@@ -110,6 +109,11 @@ const mLastSuccessfulRequest = metricGauge({
 	labelNames: [],
 });
 
+// This function is used to determine if a path is safe to redirect to.
+function redirectSafePath(path: string): boolean {
+	return ['/files/', '/identicon/', '/proxy/', '/static-assets/', '/vite/', '/embed_vite/'].some(prefix => path.startsWith(prefix));
+}
+
 @Injectable()
 export class ServerService implements OnApplicationShutdown {
 	private logger: Logger;
@@ -348,7 +352,7 @@ export class ServerService implements OnApplicationShutdown {
 				name: name,
 			});
 
-			reply.header('Content-Security-Policy', 'default-src \'none\'; style-src \'unsafe-inline\'');
+			reply.header('Content-Security-Policy', 'default-src \'none\'');
 
 			if (emoji == null) {
 				if ('fallback' in request.query) {
@@ -359,16 +363,26 @@ export class ServerService implements OnApplicationShutdown {
 				}
 			}
 
+			const dbUrl = emoji?.publicUrl || emoji?.originalUrl;
+			const dbUrlParsed = new URL(dbUrl);
+			const instanceUrl = new URL(this.config.url);
+			if (dbUrlParsed.origin === instanceUrl.origin) {
+				if (!redirectSafePath(dbUrlParsed.pathname)) {
+					return await reply.status(508);
+				}
+				return await reply.redirect(dbUrl, 301);
+			}
+
 			let url: URL;
 			if ('badge' in request.query) {
 				url = new URL(`${this.config.mediaProxy}/emoji.png`);
 				// || emoji.originalUrl してるのは後方互換性のため（publicUrlはstringなので??はだめ）
-				url.searchParams.set('url', emoji.publicUrl || emoji.originalUrl);
+				url.searchParams.set('url', dbUrl);
 				url.searchParams.set('badge', '1');
 			} else {
 				url = new URL(`${this.config.mediaProxy}/emoji.webp`);
 				// || emoji.originalUrl してるのは後方互換性のため（publicUrlはstringなので??はだめ）
-				url.searchParams.set('url', emoji.publicUrl || emoji.originalUrl);
+				url.searchParams.set('url', dbUrl);
 				url.searchParams.set('emoji', '1');
 				if ('static' in request.query) url.searchParams.set('static', '1');
 			}
@@ -392,6 +406,16 @@ export class ServerService implements OnApplicationShutdown {
 			reply.header('Cache-Control', 'public, max-age=86400');
 
 			if (user) {
+				const dbUrl = user?.avatarUrl ?? this.userEntityService.getIdenticonUrl(user);
+				const dbUrlParsed = new URL(dbUrl);
+				const instanceUrl = new URL(this.config.url);
+				if (dbUrlParsed.origin === instanceUrl.origin) {
+					if (!redirectSafePath(dbUrlParsed.pathname)) {
+						return await reply.status(508);
+					}
+					return await reply.redirect(dbUrl, 301);
+				}
+
 				reply.redirect(user.avatarUrl ?? this.userEntityService.getIdenticonUrl(user));
 			} else {
 				reply.redirect('/static-assets/user-unknown.png');

From 9b8d02d1c3892f7f0e973bf488123a432896b753 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 00:47:39 -0600
Subject: [PATCH 09/29] type-safe sanitization of AP objects

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 .../backend/src/core/HttpRequestService.ts    |  12 +-
 .../src/core/RemoteUserResolveService.ts      |   4 +-
 .../src/core/activitypub/ApInboxService.ts    | 155 +++---
 .../src/core/activitypub/ApRendererService.ts | 106 ++---
 .../src/core/activitypub/ApResolverService.ts |  17 +-
 .../core/activitypub/models/ApNoteService.ts  |   7 +-
 .../activitypub/models/ApPersonService.ts     |   5 +-
 packages/backend/src/core/activitypub/type.ts | 441 ++++++++++++++++--
 .../queue/processors/InboxProcessorService.ts |   2 +-
 .../src/server/api/endpoints/ap/show.ts       |   4 +-
 packages/backend/test/unit/activitypub.ts     |  43 +-
 11 files changed, 626 insertions(+), 170 deletions(-)

diff --git a/packages/backend/src/core/HttpRequestService.ts b/packages/backend/src/core/HttpRequestService.ts
index bea5dee6ab..60ecc03e4a 100644
--- a/packages/backend/src/core/HttpRequestService.ts
+++ b/packages/backend/src/core/HttpRequestService.ts
@@ -18,7 +18,7 @@ import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/val
 import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
 import type { IObject } from '@/core/activitypub/type.js';
 import type { Response } from 'node-fetch';
-import type { URL } from 'node:url';
+import { URL } from 'node:url';
 
 export type HttpRequestSendOptions = {
 	throwErrorWhenResponseNotOk: boolean;
@@ -183,6 +183,16 @@ export class HttpRequestService {
 			controller.abort();
 		}, timeout);
 
+		const urlParsed = new URL(url);
+
+		if (urlParsed.protocol !== 'https:') {
+			throw new Error('Invalid protocol');
+		}
+
+		if (urlParsed.port && urlParsed.port !== '443') {
+			throw new Error('Invalid port');
+		}
+
 		const res = await fetch(url, {
 			method: args.method ?? 'GET',
 			headers: {
diff --git a/packages/backend/src/core/RemoteUserResolveService.ts b/packages/backend/src/core/RemoteUserResolveService.ts
index f5a55eb8bc..29d17328ca 100644
--- a/packages/backend/src/core/RemoteUserResolveService.ts
+++ b/packages/backend/src/core/RemoteUserResolveService.ts
@@ -18,6 +18,7 @@ import { RemoteLoggerService } from '@/core/RemoteLoggerService.js';
 import { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js';
 import { ApPersonService } from '@/core/activitypub/models/ApPersonService.js';
 import { bindThis } from '@/decorators.js';
+import { ApResolverService } from './activitypub/ApResolverService.js';
 
 @Injectable()
 export class RemoteUserResolveService {
@@ -35,6 +36,7 @@ export class RemoteUserResolveService {
 		private remoteLoggerService: RemoteLoggerService,
 		private apDbResolverService: ApDbResolverService,
 		private apPersonService: ApPersonService,
+		private apResolverService: ApResolverService,
 	) {
 		this.logger = this.remoteLoggerService.logger.createSubLogger('resolve-user');
 	}
@@ -91,7 +93,7 @@ export class RemoteUserResolveService {
 			}
 
 			this.logger.succ(`return new remote user: ${chalk.magenta(acctLower)}`);
-			return await this.apPersonService.createPerson(self.href);
+			return await this.apPersonService.createPerson(self.href, this.apResolverService.createResolver());
 		}
 
 		// ユーザー情報が古い場合は、WebFingerからやりなおして返す
diff --git a/packages/backend/src/core/activitypub/ApInboxService.ts b/packages/backend/src/core/activitypub/ApInboxService.ts
index fccf86cb91..1b28b4b4a5 100644
--- a/packages/backend/src/core/activitypub/ApInboxService.ts
+++ b/packages/backend/src/core/activitypub/ApInboxService.ts
@@ -29,7 +29,7 @@ import { bindThis } from '@/decorators.js';
 import type { MiRemoteUser } from '@/models/User.js';
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { AbuseReportService } from '@/core/AbuseReportService.js';
-import { getApHrefNullable, getApId, getApIds, getApType, isAccept, isActor, isAdd, isAnnounce, isBlock, isCollection, isCollectionOrOrderedCollection, isCreate, isDelete, isFlag, isFollow, isLike, isMove, isPost, isReject, isRemove, isTombstone, isUndo, isUpdate, validActor, validPost } from './type.js';
+import { getApHrefNullable, getApId, getApIds, getApType, isActor, isCollection, isCollectionOrOrderedCollection, isPost, isTombstone, validActor, validPost, yumeDowncastAccept, yumeDowncastAdd, yumeDowncastAnnounce, yumeDowncastBlock, yumeDowncastCreate, yumeDowncastDelete, yumeDowncastFlag, yumeDowncastFollow, yumeDowncastLike, yumeDowncastMove, yumeDowncastReject, yumeDowncastRemove, yumeDowncastUndo, yumeDowncastUpdate } from './type.js';
 import { ApNoteService } from './models/ApNoteService.js';
 import { ApLoggerService } from './ApLoggerService.js';
 import { ApDbResolverService } from './ApDbResolverService.js';
@@ -138,52 +138,92 @@ export class ApInboxService {
 	public async performOneActivity(actor: MiRemoteUser, activity: IObject): Promise<string | void> {
 		if (actor.isSuspended) return;
 
-		if (isCreate(activity)) {
+		const create = yumeDowncastCreate(activity);
+		if (create) {
 			mInboxReceived?.inc({ host: actor.host, type: 'create' });
-			return await this.create(actor, activity);
-		} else if (isDelete(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'delete' });
-			return await this.delete(actor, activity);
-		} else if (isUpdate(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'update' });
-			return await this.update(actor, activity);
-		} else if (isFollow(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'follow' });
-			return await this.follow(actor, activity);
-		} else if (isAccept(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'accept' });
-			return await this.accept(actor, activity);
-		} else if (isReject(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'reject' });
-			return await this.reject(actor, activity);
-		} else if (isAdd(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'add' });
-			return await this.add(actor, activity);
-		} else if (isRemove(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'remove' });
-			return await this.remove(actor, activity);
-		} else if (isAnnounce(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'announce' });
-			return await this.announce(actor, activity);
-		} else if (isLike(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'like' });
-			return await this.like(actor, activity);
-		} else if (isUndo(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'undo' });
-			return await this.undo(actor, activity);
-		} else if (isBlock(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'block' });
-			return await this.block(actor, activity);
-		} else if (isFlag(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'flag' });
-			return await this.flag(actor, activity);
-		} else if (isMove(activity)) {
-			mInboxReceived?.inc({ host: actor.host, type: 'move' });
-			return await this.move(actor, activity);
-		} else {
-			mInboxReceived?.inc({ host: actor.host, type: 'unknown' });
-			return `unrecognized activity type: ${activity.type}`;
+			return await this.create(actor, create);
 		}
+
+		const update = yumeDowncastUpdate(activity);
+		if (update) {
+			mInboxReceived?.inc({ host: actor.host, type: 'update' });
+			return await this.update(actor, update);
+		}
+
+		const del = yumeDowncastDelete(activity);
+		if (del) {
+			mInboxReceived?.inc({ host: actor.host, type: 'delete' });
+			return await this.delete(actor, del);
+		}
+
+		const follow = yumeDowncastFollow(activity);
+		if (follow) {
+			mInboxReceived?.inc({ host: actor.host, type: 'follow' });
+			return await this.follow(actor, follow);
+		}
+
+		const accept = yumeDowncastAccept(activity);
+		if (accept) {
+			mInboxReceived?.inc({ host: actor.host, type: 'accept' });
+			return await this.accept(actor, accept);
+		}
+
+		const reject = yumeDowncastReject(activity);
+		if (reject) {
+			mInboxReceived?.inc({ host: actor.host, type: 'reject' });
+			return await this.reject(actor, reject);
+		}
+
+		const add = yumeDowncastAdd(activity);
+		if (add) {
+			mInboxReceived?.inc({ host: actor.host, type: 'add' });
+			return await this.add(actor, add);
+		}
+
+		const remove = yumeDowncastRemove(activity);
+		if (remove) {
+			mInboxReceived?.inc({ host: actor.host, type: 'remove' });
+			return await this.remove(actor, remove);
+		}
+
+		const announce = yumeDowncastAnnounce(activity);
+		if (announce) {
+			mInboxReceived?.inc({ host: actor.host, type: 'announce' });
+			return await this.announce(actor, announce);
+		}
+
+		const like = yumeDowncastLike(activity);
+		if (like) {
+			mInboxReceived?.inc({ host: actor.host, type: 'like' });
+			return await this.like(actor, like);
+		}
+
+		const move = yumeDowncastMove(activity);
+		if (move) {
+			mInboxReceived?.inc({ host: actor.host, type: 'move' });
+			return await this.move(actor, move);
+		}
+
+		const undo = yumeDowncastUndo(activity);
+		if (undo) {
+			mInboxReceived?.inc({ host: actor.host, type: 'undo' });
+			return await this.undo(actor, undo);
+		}
+
+		const block = yumeDowncastBlock(activity);
+		if (block) {
+			mInboxReceived?.inc({ host: actor.host, type: 'block' });
+			return await this.block(actor, block);
+		}
+
+		const flag = yumeDowncastFlag(activity);
+		if (flag) {
+			mInboxReceived?.inc({ host: actor.host, type: 'flag' });
+			return await this.flag(actor, flag);
+		}
+
+		mInboxReceived?.inc({ host: actor.host, type: 'unknown' });
+		return `unrecognized activity type: ${activity.type}`;
 	}
 
 	@bindThis
@@ -234,7 +274,8 @@ export class ApInboxService {
 			throw err;
 		});
 
-		if (isFollow(object)) return await this.acceptFollow(actor, object);
+		const follow = yumeDowncastFollow(object);
+		if (follow) return await this.acceptFollow(actor, follow);
 
 		return `skip: Unknown Accept type: ${getApType(object)}`;
 	}
@@ -583,7 +624,8 @@ export class ApInboxService {
 			throw e;
 		});
 
-		if (isFollow(object)) return await this.rejectFollow(actor, object);
+		const follow = yumeDowncastFollow(object);
+		if (follow) return await this.rejectFollow(actor, follow);
 
 		return `skip: Unknown Reject type: ${getApType(object)}`;
 	}
@@ -650,11 +692,20 @@ export class ApInboxService {
 		});
 
 		// don't queue because the sender may attempt again when timeout
-		if (isFollow(object)) return await this.undoFollow(actor, object);
-		if (isBlock(object)) return await this.undoBlock(actor, object);
-		if (isLike(object)) return await this.undoLike(actor, object);
-		if (isAnnounce(object)) return await this.undoAnnounce(actor, object);
-		if (isAccept(object)) return await this.undoAccept(actor, object);
+		const follow = yumeDowncastFollow(object);
+		if (follow) return await this.undoFollow(actor, follow);
+
+		const block = yumeDowncastBlock(object);
+		if (block) return await this.undoBlock(actor, block);
+
+		const like = yumeDowncastLike(object);
+		if (like) return await this.undoLike(actor, like);
+
+		const announce = yumeDowncastAnnounce(object);
+		if (announce) return await this.undoAnnounce(actor, announce);
+
+		const accept = yumeDowncastAccept(object);
+		if (accept) return await this.undoAccept(actor, accept);
 
 		return `skip: unknown object type ${getApType(object)}`;
 	}
diff --git a/packages/backend/src/core/activitypub/ApRendererService.ts b/packages/backend/src/core/activitypub/ApRendererService.ts
index 5617a29bab..106e2a880c 100644
--- a/packages/backend/src/core/activitypub/ApRendererService.ts
+++ b/packages/backend/src/core/activitypub/ApRendererService.ts
@@ -30,7 +30,7 @@ import { IdService } from '@/core/IdService.js';
 import { JsonLdService } from './JsonLdService.js';
 import { ApMfmService } from './ApMfmService.js';
 import { CONTEXT } from './misc/contexts.js';
-import type { IAccept, IActivity, IAdd, IAnnounce, IApDocument, IApEmoji, IApHashtag, IApImage, IApMention, IBlock, ICreate, IDelete, IFlag, IFollow, IKey, ILike, IMove, IObject, IPost, IQuestion, IReject, IRemove, ITombstone, IUndo, IUpdate } from './type.js';
+import { markOutgoing, type IAccept, type IActivity, type IAdd, type IAnnounce, type IApDocument, type IApEmoji, type IApHashtag, type IApImage, type IApMention, type IBlock, type ICreate, type IDelete, type IFlag, type IFollow, type IKey, type ILike, type IMove, type IObject, type IPost, type IQuestion, type IReject, type IRemove, type ITombstone, type IUndo, type IUpdate } from './type.js';
 
 @Injectable()
 export class ApRendererService {
@@ -66,21 +66,21 @@ export class ApRendererService {
 
 	@bindThis
 	public renderAccept(object: string | IObject, user: { id: MiUser['id']; host: null }): IAccept {
-		return {
+		return markOutgoing({
 			type: 'Accept',
 			actor: this.userEntityService.genLocalUserUri(user.id),
 			object,
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderAdd(user: MiLocalUser, target: string | IObject | undefined, object: string | IObject): IAdd {
-		return {
+		return markOutgoing({
 			type: 'Add',
 			actor: this.userEntityService.genLocalUserUri(user.id),
 			target,
 			object,
-		};
+		}, undefined);
 	}
 
 	@bindThis
@@ -103,7 +103,7 @@ export class ApRendererService {
 			throw new Error('renderAnnounce: cannot render non-public note');
 		}
 
-		return {
+		return markOutgoing({
 			id: `${this.config.url}/notes/${note.id}/activity`,
 			actor: this.userEntityService.genLocalUserUri(note.userId),
 			type: 'Announce',
@@ -111,7 +111,7 @@ export class ApRendererService {
 			to,
 			cc,
 			object,
-		};
+		}, undefined);
 	}
 
 	/**
@@ -125,23 +125,23 @@ export class ApRendererService {
 			throw new Error('renderBlock: missing blockee uri');
 		}
 
-		return {
+		return markOutgoing({
 			type: 'Block',
 			id: `${this.config.url}/blocks/${block.id}`,
 			actor: this.userEntityService.genLocalUserUri(block.blockerId),
 			object: block.blockee.uri,
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderCreate(object: IObject, note: MiNote): ICreate {
-		const activity: ICreate = {
+		const activity: ICreate = markOutgoing({
 			id: `${this.config.url}/notes/${note.id}/activity`,
 			actor: this.userEntityService.genLocalUserUri(note.userId),
 			type: 'Create',
 			published: this.idService.parse(note.id).date.toISOString(),
 			object,
-		};
+		}, undefined);
 
 		if (object.to) activity.to = object.to;
 		if (object.cc) activity.cc = object.cc;
@@ -151,28 +151,28 @@ export class ApRendererService {
 
 	@bindThis
 	public renderDelete(object: IObject | string, user: { id: MiUser['id']; host: null }): IDelete {
-		return {
+		return markOutgoing({
 			type: 'Delete',
 			actor: this.userEntityService.genLocalUserUri(user.id),
 			object,
 			published: new Date().toISOString(),
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderDocument(file: MiDriveFile): IApDocument {
-		return {
+		return markOutgoing({
 			type: 'Document',
 			mediaType: file.webpublicType ?? file.type,
 			url: this.driveFileEntityService.getPublicUrl(file),
 			name: file.comment,
 			sensitive: file.isSensitive,
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderEmoji(emoji: MiEmoji): IApEmoji {
-		return {
+		return markOutgoing( {
 			id: `${this.config.url}/emojis/${emoji.name}`,
 			type: 'Emoji',
 			name: `:${emoji.name}:`,
@@ -183,28 +183,28 @@ export class ApRendererService {
 				// || emoji.originalUrl してるのは後方互換性のため（publicUrlはstringなので??はだめ）
 				url: emoji.publicUrl || emoji.originalUrl,
 			},
-		};
+		}, undefined);
 	}
 
 	// to anonymise reporters, the reporting actor must be a system user
 	@bindThis
 	public renderFlag(user: MiLocalUser, object: IObject | string, content: string): IFlag {
-		return {
+		return markOutgoing({
 			type: 'Flag',
 			actor: this.userEntityService.genLocalUserUri(user.id),
 			content,
 			object,
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderFollowRelay(relay: MiRelay, relayActor: MiLocalUser): IFollow {
-		return {
+		return markOutgoing({
 			id: `${this.config.url}/activities/follow-relay/${relay.id}`,
 			type: 'Follow',
 			actor: this.userEntityService.genLocalUserUri(relayActor.id),
 			object: 'https://www.w3.org/ns/activitystreams#Public',
-		};
+		}, undefined);
 	}
 
 	/**
@@ -223,36 +223,36 @@ export class ApRendererService {
 		followee: MiPartialLocalUser | MiPartialRemoteUser,
 		requestId?: string,
 	): IFollow {
-		return {
+		return markOutgoing({
 			id: requestId ?? `${this.config.url}/follows/${follower.id}/${followee.id}`,
 			type: 'Follow',
 			actor: this.userEntityService.getUserUri(follower),
 			object: this.userEntityService.getUserUri(followee),
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderHashtag(tag: string): IApHashtag {
-		return {
+		return markOutgoing({
 			type: 'Hashtag',
 			href: `${this.config.url}/tags/${encodeURIComponent(tag)}`,
 			name: `#${tag}`,
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderImage(file: MiDriveFile): IApImage {
-		return {
+		return markOutgoing({
 			type: 'Image',
 			url: this.driveFileEntityService.getPublicUrl(file),
 			sensitive: file.isSensitive,
 			name: file.comment,
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderKey(user: MiLocalUser, key: MiUserKeypair, postfix?: string): IKey {
-		return {
+		return markOutgoing({
 			id: `${this.config.url}/users/${user.id}${postfix ?? '/publickey'}`,
 			type: 'Key',
 			owner: this.userEntityService.genLocalUserUri(user.id),
@@ -260,21 +260,21 @@ export class ApRendererService {
 				type: 'spki',
 				format: 'pem',
 			}),
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public async renderLike(noteReaction: MiNoteReaction, note: { uri: string | null }): Promise<ILike> {
 		const reaction = noteReaction.reaction;
 
-		const object: ILike = {
+		const object: ILike = markOutgoing({
 			type: 'Like',
 			id: `${this.config.url}/likes/${noteReaction.id}`,
 			actor: `${this.config.url}/users/${noteReaction.userId}`,
 			object: note.uri ? note.uri : `${this.config.url}/notes/${noteReaction.noteId}`,
 			content: reaction,
 			_misskey_reaction: reaction,
-		};
+		}, undefined);
 
 		if (reaction.startsWith(':')) {
 			const name = reaction.replaceAll(':', '');
@@ -288,11 +288,11 @@ export class ApRendererService {
 
 	@bindThis
 	public renderMention(mention: MiPartialLocalUser | MiPartialRemoteUser): IApMention {
-		return {
+		return markOutgoing({
 			type: 'Mention',
 			href: this.userEntityService.getUserUri(mention),
 			name: this.userEntityService.isRemoteUser(mention) ? `@${mention.username}@${mention.host}` : `@${(mention as MiLocalUser).username}`,
-		};
+		}, undefined);
 	}
 
 	@bindThis
@@ -302,13 +302,13 @@ export class ApRendererService {
 	): IMove {
 		const actor = this.userEntityService.getUserUri(src);
 		const target = this.userEntityService.getUserUri(dst);
-		return {
+		return markOutgoing({
 			id: `${this.config.url}/moves/${src.id}/${dst.id}`,
 			actor,
 			type: 'Move',
 			object: actor,
 			target,
-		};
+		}, undefined);
 	}
 
 	@bindThis
@@ -422,7 +422,7 @@ export class ApRendererService {
 			})),
 		} as const : {};
 
-		return {
+		return markOutgoing({
 			id: `${this.config.url}/notes/${note.id}`,
 			type: 'Note',
 			attributedTo,
@@ -445,7 +445,7 @@ export class ApRendererService {
 			sensitive: note.cw != null || files.some(file => file.isSensitive),
 			tag,
 			...asPoll,
-		};
+		}, undefined);
 	}
 
 	@bindThis
@@ -529,7 +529,7 @@ export class ApRendererService {
 
 	@bindThis
 	public renderQuestion(user: { id: MiUser['id'] }, note: MiNote, poll: MiPoll): IQuestion {
-		return {
+		return markOutgoing({
 			type: 'Question',
 			id: `${this.config.url}/questions/${note.id}`,
 			actor: this.userEntityService.genLocalUserUri(user.id),
@@ -542,78 +542,78 @@ export class ApRendererService {
 					totalItems: poll.votes[i],
 				},
 			})),
-		};
+		}, 'question');
 	}
 
 	@bindThis
 	public renderReject(object: string | IObject, user: { id: MiUser['id'] }): IReject {
-		return {
+		return markOutgoing({
 			type: 'Reject',
 			actor: this.userEntityService.genLocalUserUri(user.id),
 			object,
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderRemove(user: { id: MiUser['id'] }, target: string | IObject | undefined, object: string | IObject): IRemove {
-		return {
+		return markOutgoing({
 			type: 'Remove',
 			actor: this.userEntityService.genLocalUserUri(user.id),
 			target,
 			object,
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderTombstone(id: string): ITombstone {
-		return {
+		return markOutgoing({
 			id,
 			type: 'Tombstone',
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderUndo(object: string | IObject, user: { id: MiUser['id'] }): IUndo {
 		const id = typeof object !== 'string' && typeof object.id === 'string' && object.id.startsWith(this.config.url) ? `${object.id}/undo` : undefined;
 
-		return {
+		return markOutgoing({
 			type: 'Undo',
 			...(id ? { id } : {}),
 			actor: this.userEntityService.genLocalUserUri(user.id),
 			object,
 			published: new Date().toISOString(),
-		};
+		}, undefined);
 	}
 
 	@bindThis
 	public renderUpdate(object: string | IObject, user: { id: MiUser['id'] }): IUpdate {
-		return {
+		return markOutgoing( {
 			id: `${this.config.url}/users/${user.id}#updates/${new Date().getTime()}`,
 			actor: this.userEntityService.genLocalUserUri(user.id),
 			type: 'Update',
 			to: ['https://www.w3.org/ns/activitystreams#Public'],
 			object,
 			published: new Date().toISOString(),
-		};
+		}, 	undefined);
 	}
 
 	@bindThis
 	public renderVote(user: { id: MiUser['id'] }, vote: MiPollVote, note: MiNote, poll: MiPoll, pollOwner: MiRemoteUser): ICreate {
-		return {
+		return markOutgoing({
 			id: `${this.config.url}/users/${user.id}#votes/${vote.id}/activity`,
 			actor: this.userEntityService.genLocalUserUri(user.id),
 			type: 'Create',
 			to: [pollOwner.uri],
 			published: new Date().toISOString(),
-			object: {
+			object: markOutgoing({
 				id: `${this.config.url}/users/${user.id}#votes/${vote.id}`,
 				type: 'Note',
 				attributedTo: this.userEntityService.genLocalUserUri(user.id),
 				to: [pollOwner.uri],
 				inReplyTo: note.uri,
 				name: poll.choices[vote.choice],
-			},
-		};
+			}, undefined),
+		}, undefined);
 	}
 
 	@bindThis
diff --git a/packages/backend/src/core/activitypub/ApResolverService.ts b/packages/backend/src/core/activitypub/ApResolverService.ts
index d38fb71f5b..5244de43de 100644
--- a/packages/backend/src/core/activitypub/ApResolverService.ts
+++ b/packages/backend/src/core/activitypub/ApResolverService.ts
@@ -16,11 +16,11 @@ import { UtilityService } from '@/core/UtilityService.js';
 import { bindThis } from '@/decorators.js';
 import { LoggerService } from '@/core/LoggerService.js';
 import type Logger from '@/logger.js';
-import { isCollectionOrOrderedCollection } from './type.js';
+import { isCollectionOrOrderedCollection, yumeNormalizeObject } from './type.js';
 import { ApDbResolverService } from './ApDbResolverService.js';
 import { ApRendererService } from './ApRendererService.js';
 import { ApRequestService } from './ApRequestService.js';
-import type { IObject, ICollection, IOrderedCollection } from './type.js';
+import type { IObject, ICollection, IOrderedCollection, IUnsanitizedObject } from './type.js';
 
 export class Resolver {
 	private history: Set<string>;
@@ -67,7 +67,7 @@ export class Resolver {
 	}
 
 	@bindThis
-	public async resolve(value: string | IObject): Promise<IObject> {
+	public async resolveNotNormalized(value: string | IObject): Promise<IUnsanitizedObject> {
 		if (typeof value !== 'string') {
 			return value;
 		}
@@ -103,8 +103,8 @@ export class Resolver {
 		}
 
 		const object = (this.user
-			? await this.apRequestService.signedGet(value, this.user) as IObject
-			: await this.httpRequestService.getActivityJson(value)) as IObject;
+			? await this.apRequestService.signedGet(value, this.user) as IUnsanitizedObject
+			: await this.httpRequestService.getActivityJson(value)) as IUnsanitizedObject;
 
 		if (
 			Array.isArray(object['@context']) ?
@@ -117,6 +117,13 @@ export class Resolver {
 		return object;
 	}
 
+	@bindThis
+	public async resolve(value: string | IObject): Promise<IObject> {
+		const object = await this.resolveNotNormalized(value);
+
+		return yumeNormalizeObject(object);
+	}
+
 	@bindThis
 	private resolveLocal(url: string): Promise<IObject> {
 		const parsed = this.apDbResolverService.parseUri(url);
diff --git a/packages/backend/src/core/activitypub/models/ApNoteService.ts b/packages/backend/src/core/activitypub/models/ApNoteService.ts
index 2d333b3634..43c4994706 100644
--- a/packages/backend/src/core/activitypub/models/ApNoteService.ts
+++ b/packages/backend/src/core/activitypub/models/ApNoteService.ts
@@ -115,10 +115,7 @@ export class ApNoteService {
 	 * Noteを作成します。
 	 */
 	@bindThis
-	public async createNote(value: string | IObject, resolver?: Resolver, silent = false): Promise<MiNote | null> {
-		// eslint-disable-next-line no-param-reassign
-		if (resolver == null) resolver = this.apResolverService.createResolver();
-
+	public async createNote(value: string | IObject, resolver: Resolver, silent = false): Promise<MiNote | null> {
 		const object = await resolver.resolve(value);
 
 		const entryUri = getApId(value);
@@ -356,7 +353,7 @@ export class ApNoteService {
 			// ここでuriの代わりに添付されてきたNote Objectが指定されていると、サーバーフェッチを経ずにノートが生成されるが
 			// 添付されてきたNote Objectは偽装されている可能性があるため、常にuriを指定してサーバーフェッチを行う。
 			const createFrom = options.sentFrom?.origin === new URL(uri).origin ? value : uri;
-			return await this.createNote(createFrom, options.resolver, true);
+			return await this.createNote(createFrom, this.apResolverService.createResolver(), true);
 		} finally {
 			unlock();
 		}
diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts
index e01b098194..d02701da52 100644
--- a/packages/backend/src/core/activitypub/models/ApPersonService.ts
+++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts
@@ -277,16 +277,13 @@ export class ApPersonService implements OnModuleInit {
 	 * Personを作成します。
 	 */
 	@bindThis
-	public async createPerson(uri: string, resolver?: Resolver): Promise<MiRemoteUser> {
+	public async createPerson(uri: string, resolver: Resolver): Promise<MiRemoteUser> {
 		if (typeof uri !== 'string') throw new Error('uri is not string');
 
 		if (uri.startsWith(this.config.url)) {
 			throw new StatusError('cannot resolve local user', 400, 'cannot resolve local user');
 		}
 
-		// eslint-disable-next-line no-param-reassign
-		if (resolver == null) resolver = this.apResolverService.createResolver();
-
 		const object = await resolver.resolve(uri);
 		if (object.id == null) throw new Error('invalid object.id: ' + object.id);
 
diff --git a/packages/backend/src/core/activitypub/type.ts b/packages/backend/src/core/activitypub/type.ts
index 7496315f09..c42a1b4769 100644
--- a/packages/backend/src/core/activitypub/type.ts
+++ b/packages/backend/src/core/activitypub/type.ts
@@ -3,20 +3,44 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
+import { target } from "happy-dom/lib/PropertySymbol.js";
+import { toASCII } from "node:punycode";
+
 export type Obj = { [x: string]: any };
 export type ApObject = IObject | string | (IObject | string)[];
 
-export interface IObject {
+export interface MisskeyVendorKeys {
+	_misskey_summary: string;
+	_misskey_followedMessage: string | null;
+	_misskey_requireSigninToViewContents: boolean;
+	_misskey_makeNotesFollowersOnlyBefore: number | null;
+	_misskey_makeNotesHiddenBefore: number | null;
+	_misskey_quote: string;
+	_misskey_content: string;
+	_misskey_reaction: string;
+	_misskey_votes: number;
+}
+
+function extractMisskeyVendorKeys(object: IObject): Partial<MisskeyVendorKeys> {
+	return {
+		_misskey_summary: object._misskey_summary,
+		_misskey_followedMessage: object._misskey_followedMessage,
+		_misskey_requireSigninToViewContents: object._misskey_requireSigninToViewContents,
+		_misskey_makeNotesFollowersOnlyBefore: object._misskey_makeNotesFollowersOnlyBefore,
+		_misskey_makeNotesHiddenBefore: object._misskey_makeNotesHiddenBefore,
+		_misskey_quote: object._misskey_quote,
+		_misskey_content: object._misskey_content,
+		_misskey_reaction: object._misskey_reaction,
+		_misskey_votes: object._misskey_votes,
+	};
+}
+
+export interface IUnsanitizedObject extends Partial<MisskeyVendorKeys> {
 	'@context'?: string | string[] | Obj | Obj[];
 	type: string | string[];
 	id?: string;
 	name?: string | null;
 	summary?: string;
-	_misskey_summary?: string;
-	_misskey_followedMessage?: string | null;
-	_misskey_requireSigninToViewContents?: boolean;
-	_misskey_makeNotesFollowersOnlyBefore?: number | null;
-	_misskey_makeNotesHiddenBefore?: number | null;
 	published?: string;
 	cc?: ApObject;
 	to?: ApObject;
@@ -34,6 +58,78 @@ export interface IObject {
 	href?: string;
 	tag?: IObject | IObject[];
 	sensitive?: boolean;
+
+	visibility?: string;
+	mentionedUsers?: any[];
+	visibleUsers?: any[];
+}
+
+export interface IObject extends IUnsanitizedObject {
+	__yume_normalized_object: true | 'outgoing';
+};
+
+export interface YumeDowncastSanitizedBadge<L extends 'question' | undefined> {
+	__yume_normalized_badge: L | 'outgoing';
+};
+
+export function markOutgoing<T, L extends 'question' | undefined>(object: T, _badge: L): T & IObject & YumeDowncastSanitizedBadge<L> {
+	return object as T & IObject & YumeDowncastSanitizedBadge<L>;
+}
+
+export function yumeNormalizeURL(url: string): string {
+	const u = new URL(url);
+	u.hash = '';
+	u.host = toASCII(u.host);
+	if (u.protocol && u.protocol !== 'https:') {
+		throw new Error('protocol is not https');
+	}
+	u.protocol = 'https:';
+	if (u.port && u.port !== '443') {
+		throw new Error('port is not 443');
+	}
+	return u.toString();
+}
+
+export function yumeNormalizeRecursive<O extends IUnsanitizedObject | string | (IUnsanitizedObject | string)[]>(object: O, depth = 0):
+	IObject | string | (IObject | string)[] {
+	if (depth > 16) {
+		throw new Error('recursion limit exceeded');
+	}
+
+	if (typeof object === 'string') {
+		return yumeNormalizeURL(object);
+	}
+	if (Array.isArray(object)) {
+		if (object.length > 64) {
+			throw new Error('array length limit exceeded');
+		}
+		return object.flatMap(yumeNormalizeRecursive);
+	}
+
+	return yumeNormalizeObject(object);
+}
+
+export function yumeNormalizeObject(object: IUnsanitizedObject): IObject {
+	if (object.cc) {
+		object.cc = yumeNormalizeRecursive(object.cc);
+	}
+	if (object.id) {
+		object.id = yumeNormalizeURL(object.id);
+	}
+
+	if (object.url) {
+		object.url = yumeNormalizeRecursive(object.url);
+	}
+
+	if (object.attachment) {
+		object.attachment = object.attachment.map(yumeNormalizeRecursive);
+	}
+	
+	if (object.inReplyTo) {
+		object.inReplyTo = yumeNormalizeRecursive(object.inReplyTo);
+	}
+
+	return object as IObject;
 }
 
 /**
@@ -80,7 +176,7 @@ export function getOneApHrefNullable(value: ApObject | undefined): string | unde
 }
 
 export function getApHrefNullable(value: string | IObject | undefined): string | undefined {
-	if (typeof value === 'string') return value;
+if (typeof value === 'string') return value;
 	if (typeof value?.href === 'string') return value.href;
 	return undefined;
 }
@@ -101,6 +197,24 @@ export interface IActivity extends IObject {
 	};
 }
 
+export interface SafeList {
+	id: string;
+	published: string;
+	visibility: string;
+	mentionedUsers: any[];
+	visibleUsers: any[];
+}
+
+function extractSafe(object: IObject): Partial<SafeList> {
+	return {
+		id: object.id,
+		published: object.published,
+		visibility: object.visibility,
+		mentionedUsers: object.mentionedUsers,
+		visibleUsers: object.visibleUsers,
+	};
+}
+
 export interface ICollection extends IObject {
 	type: 'Collection';
 	totalItems: number;
@@ -122,7 +236,7 @@ export const isPost = (object: IObject): object is IPost => {
 	return type != null && validPost.includes(type);
 };
 
-export interface IPost extends IObject {
+export interface IPost extends IObject{
 	type: 'Note' | 'Question' | 'Article' | 'Audio' | 'Document' | 'Image' | 'Page' | 'Video' | 'Event';
 	source?: {
 		content: string;
@@ -133,7 +247,7 @@ export interface IPost extends IObject {
 	quoteUrl?: string;
 }
 
-export interface IQuestion extends IObject {
+export interface IUnsanitizedQuestion extends IObject {
 	type: 'Note' | 'Question';
 	actor: string;
 	source?: {
@@ -148,7 +262,25 @@ export interface IQuestion extends IObject {
 	closed?: Date;
 }
 
-export const isQuestion = (object: IObject): object is IQuestion =>
+export interface IQuestion extends IUnsanitizedQuestion, YumeDowncastSanitizedBadge<'question'> {}
+
+export function yumeSanitizeQuestion(object: IUnsanitizedQuestion): IQuestion {
+	return {
+		type: object.type,
+		actor: yumeNormalizeURL(object.actor),
+		source: object.source,
+		_misskey_quote: object._misskey_quote,
+		quoteUrl: object.quoteUrl ? yumeNormalizeURL(object.quoteUrl) : '',
+		oneOf: object.oneOf,
+		anyOf: object.anyOf,
+		endTime: object.endTime,
+		closed: object.closed,
+		__yume_normalized_object: true,
+		__yume_normalized_badge: 'question',
+	};
+}
+
+export const isQuestion = (object: IObject): object is IUnsanitizedQuestion =>
 	getApType(object) === 'Note' || getApType(object) === 'Question';
 
 interface IQuestionChoice {
@@ -264,88 +396,307 @@ export const isDocument = (object: IObject): object is IApDocument => {
 	return type != null && validDocumentTypes.includes(type);
 };
 
-export interface IApImage extends IApDocument {
+export interface IApImage extends IApDocument, Partial<SafeList> {
 	type: 'Image';
 }
 
-export interface ICreate extends IActivity {
+export interface ICreate extends IActivity, Partial<SafeList> {
 	type: 'Create';
 }
 
-export interface IDelete extends IActivity {
+export interface IDelete extends IActivity, Partial<SafeList> {
 	type: 'Delete';
 }
 
-export interface IUpdate extends IActivity {
+export interface IUpdate extends IActivity, Partial<SafeList> {
 	type: 'Update';
 }
 
-export interface IRead extends IActivity {
+export interface IRead extends IActivity, Partial<SafeList> {
 	type: 'Read';
 }
 
-export interface IUndo extends IActivity {
+export interface IUndo extends IActivity, Partial<SafeList> {
 	type: 'Undo';
 }
 
-export interface IFollow extends IActivity {
+export interface IFollow extends IActivity, Partial<SafeList> {
 	type: 'Follow';
 }
 
-export interface IAccept extends IActivity {
+export interface IAccept extends IActivity, Partial<SafeList> {
 	type: 'Accept';
 }
 
-export interface IReject extends IActivity {
+export interface IReject extends IActivity, Partial<SafeList> {
 	type: 'Reject';
 }
 
-export interface IAdd extends IActivity {
+export interface IAdd extends IActivity, Partial<SafeList> {
 	type: 'Add';
 }
 
-export interface IRemove extends IActivity {
+export interface IRemove extends IActivity, Partial<SafeList> {
 	type: 'Remove';
 }
 
-export interface ILike extends IActivity {
+export interface ILike extends IActivity, Partial<SafeList> {
 	type: 'Like' | 'EmojiReaction' | 'EmojiReact';
 	_misskey_reaction?: string;
 }
 
-export interface IAnnounce extends IActivity {
+export interface IAnnounce extends IActivity, Partial<SafeList> {
 	type: 'Announce';
 }
 
-export interface IBlock extends IActivity {
+export interface IBlock extends IActivity, Partial<SafeList> {
 	type: 'Block';
 }
 
-export interface IFlag extends IActivity {
+export interface IFlag extends IActivity, Partial<SafeList> {
 	type: 'Flag';
 }
 
-export interface IMove extends IActivity {
+export interface IMove extends IActivity, Partial<SafeList> {
 	type: 'Move';
 	target: IObject | string;
 }
 
-export const isCreate = (object: IObject): object is ICreate => getApType(object) === 'Create';
-export const isDelete = (object: IObject): object is IDelete => getApType(object) === 'Delete';
-export const isUpdate = (object: IObject): object is IUpdate => getApType(object) === 'Update';
-export const isRead = (object: IObject): object is IRead => getApType(object) === 'Read';
-export const isUndo = (object: IObject): object is IUndo => getApType(object) === 'Undo';
-export const isFollow = (object: IObject): object is IFollow => getApType(object) === 'Follow';
-export const isAccept = (object: IObject): object is IAccept => getApType(object) === 'Accept';
-export const isReject = (object: IObject): object is IReject => getApType(object) === 'Reject';
-export const isAdd = (object: IObject): object is IAdd => getApType(object) === 'Add';
-export const isRemove = (object: IObject): object is IRemove => getApType(object) === 'Remove';
-export const isLike = (object: IObject): object is ILike => {
-	const type = getApType(object);
-	return type != null && ['Like', 'EmojiReaction', 'EmojiReact'].includes(type);
-};
-export const isAnnounce = (object: IObject): object is IAnnounce => getApType(object) === 'Announce';
-export const isBlock = (object: IObject): object is IBlock => getApType(object) === 'Block';
-export const isFlag = (object: IObject): object is IFlag => getApType(object) === 'Flag';
-export const isMove = (object: IObject): object is IMove => getApType(object) === 'Move';
-export const isNote = (object: IObject): object is IPost => getApType(object) === 'Note';
+export function yumeDowncastCreate(object: IObject): ICreate | null {
+	if (getApType(object) !== 'Create') return null;
+	const obj = object as ICreate;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Create',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastDelete(object: IObject): IDelete | null {
+	if (getApType(object) !== 'Delete') return null;
+	const obj = object as IDelete;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Delete',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastUpdate(object: IObject): IUpdate | null {
+	if (getApType(object) !== 'Update') return null;
+	const obj = object as IUpdate;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Update',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastRead(object: IObject): IRead | null {
+	if (getApType(object) !== 'Read') return null;
+	const obj = object as IRead;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Read',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastUndo(object: IObject): IUndo | null {
+	if (getApType(object) !== 'Undo') return null;
+	const obj = object as IUndo;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Undo',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastFollow(object: IObject): IFollow | null {
+	if (getApType(object) !== 'Follow') return null;
+	const obj = object as IFollow;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Follow',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastAccept(object: IObject): IAccept | null {
+	if (getApType(object) !== 'Accept') return null;
+	const obj = object as IAccept;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Accept',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastReject(object: IObject): IReject | null {
+	if (getApType(object) !== 'Reject') return null;
+	const obj = object as IReject;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Reject',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastAdd(object: IObject): IAdd | null {
+	if (getApType(object) !== 'Add') return null;
+	const obj = object as IAdd;
+	if (!obj.actor || !obj.object ) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Add',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastRemove(object: IObject): IRemove | null {
+	if (getApType(object) !== 'Remove') return null;
+	const obj = object as IRemove;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Remove',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastLike(object: IObject): ILike | null {
+	if (getApType(object) !== 'Like') return null;
+	const obj = object as ILike;
+	if (!obj.actor || !obj.object || !obj.target) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Like',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastAnnounce(object: IObject): IAnnounce | null {
+	if (getApType(object) !== 'Announce') return null;
+	const obj = object as IAnnounce;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		// ...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Announce',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastBlock(object: IObject): IBlock | null {
+	if (getApType(object) !== 'Block') return null;
+	const obj = object as IBlock;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Block',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastFlag(object: IObject): IFlag | null {
+	if (getApType(object) !== 'Flag') return null;
+	const obj = object as IFlag;
+	if (!obj.actor || !obj.object) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Flag',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: obj.target ? (typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target)) : undefined,
+		__yume_normalized_object: true,
+	};
+}
+
+export function yumeDowncastMove(object: IObject): IMove | null {
+	if (getApType(object) !== 'Move') return null;
+	const obj = object as IMove;
+	if (!obj.actor || !obj.object || !obj.target) return null;
+	return {
+		...extractMisskeyVendorKeys(object),
+		...extractSafe(object),
+		type: 'Move',
+		actor: typeof obj.actor === 'string' ? yumeNormalizeURL(obj.actor) : yumeNormalizeObject(obj.actor),
+		object: typeof obj.object === 'string' ? yumeNormalizeURL(obj.object) : yumeNormalizeObject(obj.object),
+		target: typeof obj.target === 'string' ? yumeNormalizeURL(obj.target) : yumeNormalizeObject(obj.target),
+		__yume_normalized_object: true,
+	};
+}
+export function yumeDowncastMention(object: IObject): IApMention |	null {
+	if (getApType(object) !== 'Mention') {
+		 return null;
+	}
+
+	const href = getApHrefNullable(object);
+	
+	return {
+		...object,
+		type: 'Mention',
+		href: href ? yumeNormalizeURL(href) : '',
+		name: object.name ?? '',
+	};
+}
diff --git a/packages/backend/src/queue/processors/InboxProcessorService.ts b/packages/backend/src/queue/processors/InboxProcessorService.ts
index 2e674b0548..ca7e4275de 100644
--- a/packages/backend/src/queue/processors/InboxProcessorService.ts
+++ b/packages/backend/src/queue/processors/InboxProcessorService.ts
@@ -67,7 +67,7 @@ const mIncomingApReject = metricCounter({
 const mincomingApProcessingError = metricCounter({
 	name: 'misskey_incoming_ap_processing_error',
 	help: 'Incoming AP processing error',
-	labelNames: ['incoming_host', 'incoming_type'],
+	labelNames: ['incoming_host', 'incoming_type', 'reason'],
 });
 
 @Injectable()
diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts
index c52608cefb..6127e104ce 100644
--- a/packages/backend/src/server/api/endpoints/ap/show.ts
+++ b/packages/backend/src/server/api/endpoints/ap/show.ts
@@ -134,8 +134,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 		return await this.mergePack(
 			me,
-			isActor(object) ? await this.apPersonService.createPerson(getApId(object)) : null,
-			isPost(object) ? await this.apNoteService.createNote(getApId(object), undefined, true) : null,
+			isActor(object) ? await this.apPersonService.createPerson(getApId(object), resolver) : null,
+			isPost(object) ? await this.apNoteService.createNote(getApId(object), resolver, true) : null,
 		);
 	}
 
diff --git a/packages/backend/test/unit/activitypub.ts b/packages/backend/test/unit/activitypub.ts
index 2fc08aec91..fe336a0252 100644
--- a/packages/backend/test/unit/activitypub.ts
+++ b/packages/backend/test/unit/activitypub.ts
@@ -19,7 +19,7 @@ import { GlobalModule } from '@/GlobalModule.js';
 import { CoreModule } from '@/core/CoreModule.js';
 import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
 import { LoggerService } from '@/core/LoggerService.js';
-import type { IActor, IApDocument, ICollection, IObject, IPost } from '@/core/activitypub/type.js';
+import { yumeNormalizeObject, type IActor, type IApDocument, type ICollection, type IObject, type IPost } from '@/core/activitypub/type.js';
 import { MiMeta, MiNote, UserProfilesRepository } from '@/models/_.js';
 import { DI } from '@/di-symbols.js';
 import { secureRndstr } from '@/misc/secure-rndstr.js';
@@ -42,6 +42,7 @@ function createRandomActor({ actorHost = host } = {}): NonTransientIActor {
 		id: actorId,
 		type: 'Person',
 		preferredUsername,
+		__yume_normalized_object: true,
 		inbox: `${actorId}/inbox`,
 		outbox: `${actorId}/outbox`,
 	};
@@ -55,6 +56,7 @@ function createRandomNote(actor: NonTransientIActor): NonTransientIPost {
 		id: noteId,
 		type: 'Note',
 		attributedTo: actor.id,
+		__yume_normalized_object: true,
 		content: 'test test foo',
 	};
 }
@@ -71,6 +73,7 @@ function createRandomFeaturedCollection(actor: NonTransientIActor, length: numbe
 		type: 'Collection',
 		id: actor.outbox as string,
 		totalItems: items.length,
+		__yume_normalized_object: true,
 		items,
 	};
 }
@@ -162,6 +165,34 @@ describe('ActivityPub', () => {
 			content: 'あ',
 		};
 
+		const punnyPost = {
+			'@context': 'https://www.w3.org/ns/activitystreams',
+			id: `https://あ.com/users/あ`,
+			type: 'Note',
+			attributedTo: actor.id,
+			to: 'https://www.w3.org/ns/activitystreams#Public',
+			content: 'あ',
+		};
+
+		test('punnyPost normalization', async () => {
+			const normalized = yumeNormalizeObject(punnyPost);
+			assert.strictEqual(normalized.id, 'https://xn--l8j.com/users/あ');
+		});
+
+		const portedHost = {
+			'@context': 'https://www.w3.org/ns/activitystreams',
+			id: `https://あ.com:12443/users/${secureRndstr(8)}`,
+			type: 'Note',
+			to: 'https://www.w3.org/ns/activitystreams#Public',
+			content: 'あ',
+		}
+
+		test('actor with port should be rejected', async () => {
+			assert.throws(() => {
+				yumeNormalizeObject(portedHost);
+			});
+		});
+
 		test('Minimum Actor', async () => {
 			resolver.register(actor.id, actor);
 
@@ -220,6 +251,7 @@ describe('ActivityPub', () => {
 				type: 'OrderedCollection',
 				totalItems: 0,
 				first: `${actor.id}/following?page=1`,
+				__yume_normalized_object: true,
 			};
 			actor.followers = `${actor.id}/followers`;
 
@@ -229,6 +261,7 @@ describe('ActivityPub', () => {
 				type: 'OrderedCollection',
 				totalItems: 0,
 				first: `${actor.followers}?page=1`,
+				__yume_normalized_object: true,
 			});
 
 			const user = await personService.createPerson(actor.id, resolver);
@@ -244,6 +277,7 @@ describe('ActivityPub', () => {
 				id: `${actor.id}/following`,
 				type: 'OrderedCollection',
 				totalItems: 0,
+				__yume_normalized_object: true,
 				// first: …
 			};
 			actor.followers = `${actor.id}/followers`;
@@ -348,6 +382,7 @@ describe('ActivityPub', () => {
 				mediaType: 'image/png',
 				url: 'http://host1.test/foo.png',
 				name: '',
+				__yume_normalized_object: true,
 			};
 			const driveFile = await imageService.createImage(
 				await createRandomRemoteUser(resolver, personService),
@@ -361,6 +396,7 @@ describe('ActivityPub', () => {
 				url: 'http://host1.test/bar.png',
 				name: '',
 				sensitive: true,
+				__yume_normalized_object: true,
 			};
 			const sensitiveDriveFile = await imageService.createImage(
 				await createRandomRemoteUser(resolver, personService),
@@ -377,6 +413,7 @@ describe('ActivityPub', () => {
 				mediaType: 'image/png',
 				url: 'http://host1.test/foo.png',
 				name: '',
+				__yume_normalized_object: true,
 			};
 			const driveFile = await imageService.createImage(
 				await createRandomRemoteUser(resolver, personService),
@@ -390,6 +427,7 @@ describe('ActivityPub', () => {
 				url: 'http://host1.test/bar.png',
 				name: '',
 				sensitive: true,
+				__yume_normalized_object: true,
 			};
 			const sensitiveDriveFile = await imageService.createImage(
 				await createRandomRemoteUser(resolver, personService),
@@ -406,6 +444,7 @@ describe('ActivityPub', () => {
 				mediaType: 'image/png',
 				url: 'http://host1.test/foo.png',
 				name: '',
+				__yume_normalized_object: true,
 			};
 			const driveFile = await imageService.createImage(
 				await createRandomRemoteUser(resolver, personService),
@@ -419,6 +458,7 @@ describe('ActivityPub', () => {
 				url: 'http://host1.test/bar.png',
 				name: '',
 				sensitive: true,
+				__yume_normalized_object: true,
 			};
 			const sensitiveDriveFile = await imageService.createImage(
 				await createRandomRemoteUser(resolver, personService),
@@ -431,6 +471,7 @@ describe('ActivityPub', () => {
 			const linkObject: IObject = {
 				type: 'Link',
 				href: 'https://example.com/',
+				__yume_normalized_object: true,
 			};
 			const driveFile = await imageService.createImage(
 				await createRandomRemoteUser(resolver, personService),

From 5b6e8cc11032a29cb7945428f1dc08f233b39261 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 03:12:47 -0600
Subject: [PATCH 10/29] reject all non TLSv1.2 AP queries

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 .../backend/src/core/HttpRequestService.ts    | 42 +++++--------------
 1 file changed, 10 insertions(+), 32 deletions(-)

diff --git a/packages/backend/src/core/HttpRequestService.ts b/packages/backend/src/core/HttpRequestService.ts
index 60ecc03e4a..8a6d978232 100644
--- a/packages/backend/src/core/HttpRequestService.ts
+++ b/packages/backend/src/core/HttpRequestService.ts
@@ -27,21 +27,11 @@ export type HttpRequestSendOptions = {
 
 @Injectable()
 export class HttpRequestService {
-	/**
-	 * Get http non-proxy agent
-	 */
-	private http: http.Agent;
-
 	/**
 	 * Get https non-proxy agent
 	 */
 	private https: https.Agent;
 
-	/**
-	 * Get http proxy or non-proxy agent
-	 */
-	public httpAgent: http.Agent;
-
 	/**
 	 * Get https proxy or non-proxy agent
 	 */
@@ -57,34 +47,16 @@ export class HttpRequestService {
 			lookup: false,	// nativeのdns.lookupにfallbackしない
 		});
 
-		this.http = new http.Agent({
-			keepAlive: true,
-			keepAliveMsecs: 30 * 1000,
-			lookup: cache.lookup as unknown as net.LookupFunction,
-			localAddress: config.outgoingAddress,
-		});
-
 		this.https = new https.Agent({
 			keepAlive: true,
 			keepAliveMsecs: 30 * 1000,
 			lookup: cache.lookup as unknown as net.LookupFunction,
 			localAddress: config.outgoingAddress,
+			minVersion: 'TLSv1.2',
 		});
 
 		const maxSockets = Math.max(256, config.deliverJobConcurrency ?? 128);
 
-		this.httpAgent = config.proxy
-			? new HttpProxyAgent({
-				keepAlive: true,
-				keepAliveMsecs: 30 * 1000,
-				maxSockets,
-				maxFreeSockets: 256,
-				scheduling: 'lifo',
-				proxy: config.proxy,
-				localAddress: config.outgoingAddress,
-			})
-			: this.http;
-
 		this.httpsAgent = config.proxy
 			? new HttpsProxyAgent({
 				keepAlive: true,
@@ -104,11 +76,17 @@ export class HttpRequestService {
 	 * @param bypassProxy Allways bypass proxy
 	 */
 	@bindThis
-	public getAgentByUrl(url: URL, bypassProxy = false): http.Agent | https.Agent {
+	public getAgentByUrl(url: URL, bypassProxy = false): https.Agent {
+		if (url.protocol !== 'https:') {
+			throw new Error('Invalid protocol');
+		}
+		if (url.port && url.port !== '443') {
+			throw new Error('Invalid port');
+		}
 		if (bypassProxy || (this.config.proxyBypassHosts ?? []).includes(url.hostname)) {
-			return url.protocol === 'http:' ? this.http : this.https;
+			return this.https;
 		} else {
-			return url.protocol === 'http:' ? this.httpAgent : this.httpsAgent;
+			return this.httpsAgent;
 		}
 	}
 

From 599c265530029223a6adc5fd77ea9276ac7d6f14 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 03:40:59 -0600
Subject: [PATCH 11/29] make sanitization failures permanent

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/core/activitypub/type.ts            | 9 +++++----
 .../src/queue/processors/InboxProcessorService.ts        | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/packages/backend/src/core/activitypub/type.ts b/packages/backend/src/core/activitypub/type.ts
index c42a1b4769..c14c6aa55f 100644
--- a/packages/backend/src/core/activitypub/type.ts
+++ b/packages/backend/src/core/activitypub/type.ts
@@ -5,6 +5,7 @@
 
 import { target } from "happy-dom/lib/PropertySymbol.js";
 import { toASCII } from "node:punycode";
+import * as bull from "bullmq";
 
 export type Obj = { [x: string]: any };
 export type ApObject = IObject | string | (IObject | string)[];
@@ -81,11 +82,11 @@ export function yumeNormalizeURL(url: string): string {
 	u.hash = '';
 	u.host = toASCII(u.host);
 	if (u.protocol && u.protocol !== 'https:') {
-		throw new Error('protocol is not https');
+		throw new bull.UnrecoverableError('protocol is not https');
 	}
 	u.protocol = 'https:';
 	if (u.port && u.port !== '443') {
-		throw new Error('port is not 443');
+		throw new bull.UnrecoverableError('port is not 443');
 	}
 	return u.toString();
 }
@@ -93,7 +94,7 @@ export function yumeNormalizeURL(url: string): string {
 export function yumeNormalizeRecursive<O extends IUnsanitizedObject | string | (IUnsanitizedObject | string)[]>(object: O, depth = 0):
 	IObject | string | (IObject | string)[] {
 	if (depth > 16) {
-		throw new Error('recursion limit exceeded');
+		throw new bull.UnrecoverableError('recursion limit exceeded');
 	}
 
 	if (typeof object === 'string') {
@@ -101,7 +102,7 @@ export function yumeNormalizeRecursive<O extends IUnsanitizedObject | string | (
 	}
 	if (Array.isArray(object)) {
 		if (object.length > 64) {
-			throw new Error('array length limit exceeded');
+			throw new bull.UnrecoverableError('array length limit exceeded');
 		}
 		return object.flatMap(yumeNormalizeRecursive);
 	}
diff --git a/packages/backend/src/queue/processors/InboxProcessorService.ts b/packages/backend/src/queue/processors/InboxProcessorService.ts
index ca7e4275de..8dbba7f51e 100644
--- a/packages/backend/src/queue/processors/InboxProcessorService.ts
+++ b/packages/backend/src/queue/processors/InboxProcessorService.ts
@@ -67,7 +67,7 @@ const mIncomingApReject = metricCounter({
 const mincomingApProcessingError = metricCounter({
 	name: 'misskey_incoming_ap_processing_error',
 	help: 'Incoming AP processing error',
-	labelNames: ['incoming_host', 'incoming_type', 'reason'],
+	labelNames: ['incoming_host', 'incoming_type'],
 });
 
 @Injectable()
@@ -307,7 +307,7 @@ export class InboxProcessorService implements OnApplicationShutdown {
 			}
 			const end = +new Date();
 			observeHistogram(mIncomingApProcessingTime, { success: 'false' }, (end - begin) / 1000);
-			incCounter(mincomingApProcessingError, { reason: 'unknown' });
+			incCounter(mincomingApProcessingError, {});
 			throw e;
 		}
 		observeHistogram(mIncomingApProcessingTime, { success: 'true' }, (+new Date() - begin) / 1000);

From e01e82aa65db92798ddd973d239e83bb6d884765 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 03:40:59 -0600
Subject: [PATCH 12/29] make sanitization failures permanent

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/core/activitypub/type.ts       | 13 +++++--------
 .../src/queue/processors/InboxProcessorService.ts   |  4 ++--
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/packages/backend/src/core/activitypub/type.ts b/packages/backend/src/core/activitypub/type.ts
index c42a1b4769..6c77ef92d0 100644
--- a/packages/backend/src/core/activitypub/type.ts
+++ b/packages/backend/src/core/activitypub/type.ts
@@ -5,6 +5,7 @@
 
 import { target } from "happy-dom/lib/PropertySymbol.js";
 import { toASCII } from "node:punycode";
+import * as bull from "bullmq";
 
 export type Obj = { [x: string]: any };
 export type ApObject = IObject | string | (IObject | string)[];
@@ -81,11 +82,11 @@ export function yumeNormalizeURL(url: string): string {
 	u.hash = '';
 	u.host = toASCII(u.host);
 	if (u.protocol && u.protocol !== 'https:') {
-		throw new Error('protocol is not https');
+		throw new bull.UnrecoverableError('protocol is not https');
 	}
 	u.protocol = 'https:';
 	if (u.port && u.port !== '443') {
-		throw new Error('port is not 443');
+		throw new bull.UnrecoverableError('port is not 443');
 	}
 	return u.toString();
 }
@@ -93,7 +94,7 @@ export function yumeNormalizeURL(url: string): string {
 export function yumeNormalizeRecursive<O extends IUnsanitizedObject | string | (IUnsanitizedObject | string)[]>(object: O, depth = 0):
 	IObject | string | (IObject | string)[] {
 	if (depth > 16) {
-		throw new Error('recursion limit exceeded');
+		throw new bull.UnrecoverableError('recursion limit exceeded');
 	}
 
 	if (typeof object === 'string') {
@@ -101,7 +102,7 @@ export function yumeNormalizeRecursive<O extends IUnsanitizedObject | string | (
 	}
 	if (Array.isArray(object)) {
 		if (object.length > 64) {
-			throw new Error('array length limit exceeded');
+			throw new bull.UnrecoverableError('array length limit exceeded');
 		}
 		return object.flatMap(yumeNormalizeRecursive);
 	}
@@ -121,10 +122,6 @@ export function yumeNormalizeObject(object: IUnsanitizedObject): IObject {
 		object.url = yumeNormalizeRecursive(object.url);
 	}
 
-	if (object.attachment) {
-		object.attachment = object.attachment.map(yumeNormalizeRecursive);
-	}
-	
 	if (object.inReplyTo) {
 		object.inReplyTo = yumeNormalizeRecursive(object.inReplyTo);
 	}
diff --git a/packages/backend/src/queue/processors/InboxProcessorService.ts b/packages/backend/src/queue/processors/InboxProcessorService.ts
index ca7e4275de..8dbba7f51e 100644
--- a/packages/backend/src/queue/processors/InboxProcessorService.ts
+++ b/packages/backend/src/queue/processors/InboxProcessorService.ts
@@ -67,7 +67,7 @@ const mIncomingApReject = metricCounter({
 const mincomingApProcessingError = metricCounter({
 	name: 'misskey_incoming_ap_processing_error',
 	help: 'Incoming AP processing error',
-	labelNames: ['incoming_host', 'incoming_type', 'reason'],
+	labelNames: ['incoming_host', 'incoming_type'],
 });
 
 @Injectable()
@@ -307,7 +307,7 @@ export class InboxProcessorService implements OnApplicationShutdown {
 			}
 			const end = +new Date();
 			observeHistogram(mIncomingApProcessingTime, { success: 'false' }, (end - begin) / 1000);
-			incCounter(mincomingApProcessingError, { reason: 'unknown' });
+			incCounter(mincomingApProcessingError, {});
 			throw e;
 		}
 		observeHistogram(mIncomingApProcessingTime, { success: 'true' }, (+new Date() - begin) / 1000);

From 504ead526af92fa27cd768955b867afb980eee31 Mon Sep 17 00:00:00 2001
From: Julia <julia@insertdomain.name>
Date: Wed, 20 Nov 2024 18:20:09 -0500
Subject: [PATCH 13/29] Partial Merge of
 5f675201f261d5db6a58d3099a190372bb2f09f0

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/core/DownloadService.ts  |  1 -
 .../backend/src/core/HttpRequestService.ts    |  2 +-
 .../core/activitypub/ApDbResolverService.ts   |  5 +-
 .../src/core/activitypub/ApInboxService.ts    |  2 +-
 .../src/core/activitypub/ApRequestService.ts  | 10 +++-
 .../src/core/activitypub/ApResolverService.ts | 22 ++++++++
 .../src/core/activitypub/misc/validator.ts    | 22 ++++++++
 .../core/activitypub/models/ApNoteService.ts  | 51 ++++++++++++++-----
 .../activitypub/models/ApPersonService.ts     |  2 +-
 .../activitypub/models/ApQuestionService.ts   | 12 +++--
 .../queue/processors/InboxProcessorService.ts |  2 +
 .../src/server/ActivityPubServerService.ts    |  2 +-
 .../src/server/api/endpoints/ap/get.ts        |  1 +
 .../src/server/api/endpoints/ap/show.ts       |  7 ++-
 .../src/server/web/UrlPreviewService.ts       |  1 -
 packages/backend/test/unit/activitypub.ts     |  4 +-
 16 files changed, 117 insertions(+), 29 deletions(-)

diff --git a/packages/backend/src/core/DownloadService.ts b/packages/backend/src/core/DownloadService.ts
index 93f4a38246..6266e51496 100644
--- a/packages/backend/src/core/DownloadService.ts
+++ b/packages/backend/src/core/DownloadService.ts
@@ -61,7 +61,6 @@ export class DownloadService {
 				request: operationTimeout,	// whole operation timeout
 			},
 			agent: {
-				http: this.httpRequestService.httpAgent,
 				https: this.httpRequestService.httpsAgent,
 			},
 			http2: false,	// default
diff --git a/packages/backend/src/core/HttpRequestService.ts b/packages/backend/src/core/HttpRequestService.ts
index 8a6d978232..0f39c0536b 100644
--- a/packages/backend/src/core/HttpRequestService.ts
+++ b/packages/backend/src/core/HttpRequestService.ts
@@ -107,7 +107,7 @@ export class HttpRequestService {
 		const finalUrl = res.url; // redirects may have been involved
 		const activity = await res.json() as IObject;
 
-		assertActivityMatchesUrls(activity, [url, finalUrl]);
+		assertActivityMatchesUrls(activity, [finalUrl]);
 
 		return activity;
 	}
diff --git a/packages/backend/src/core/activitypub/ApDbResolverService.ts b/packages/backend/src/core/activitypub/ApDbResolverService.ts
index 4192e8659a..6cc3ebab52 100644
--- a/packages/backend/src/core/activitypub/ApDbResolverService.ts
+++ b/packages/backend/src/core/activitypub/ApDbResolverService.ts
@@ -16,6 +16,7 @@ import { MiLocalUser, MiRemoteUser } from '@/models/User.js';
 import { getApId } from './type.js';
 import { ApPersonService } from './models/ApPersonService.js';
 import type { IObject } from './type.js';
+import { toASCII } from 'node:punycode';
 
 export type UriParseResult = {
 	/** wether the URI was generated by us */
@@ -63,7 +64,9 @@ export class ApDbResolverService implements OnApplicationShutdown {
 		const separator = '/';
 
 		const uri = new URL(getApId(value));
-		if (uri.origin !== this.config.url) return { local: false, uri: uri.href };
+		if (toASCII(uri.host) !== toASCII(this.config.host)) {
+			return { local: false, uri: uri.href };
+		}
 
 		const [, type, id, ...rest] = uri.pathname.split(separator);
 		return {
diff --git a/packages/backend/src/core/activitypub/ApInboxService.ts b/packages/backend/src/core/activitypub/ApInboxService.ts
index 1b28b4b4a5..64ddd76bfa 100644
--- a/packages/backend/src/core/activitypub/ApInboxService.ts
+++ b/packages/backend/src/core/activitypub/ApInboxService.ts
@@ -487,7 +487,7 @@ export class ApInboxService {
 			const exist = await this.apNoteService.fetchNote(note);
 			if (exist) return 'skip: note exists';
 
-			await this.apNoteService.createNote(note, resolver, silent);
+			await this.apNoteService.createNote(note, actor, resolver, silent);
 			return 'ok';
 		} catch (err) {
 			if (err instanceof StatusError && !err.isRetryable) {
diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts
index c7d19adfd5..500104d0f9 100644
--- a/packages/backend/src/core/activitypub/ApRequestService.ts
+++ b/packages/backend/src/core/activitypub/ApRequestService.ts
@@ -11,11 +11,14 @@ import { DI } from '@/di-symbols.js';
 import type { Config } from '@/config.js';
 import type { MiUser } from '@/models/User.js';
 import { UserKeypairService } from '@/core/UserKeypairService.js';
+import { UtilityService } from '@/core/UtilityService.js';
 import { HttpRequestService } from '@/core/HttpRequestService.js';
 import { LoggerService } from '@/core/LoggerService.js';
 import { bindThis } from '@/decorators.js';
 import type Logger from '@/logger.js';
 import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
+import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
+import type { IObject } from './type.js';
 
 type Request = {
 	url: string;
@@ -145,6 +148,7 @@ export class ApRequestService {
 		private userKeypairService: UserKeypairService,
 		private httpRequestService: HttpRequestService,
 		private loggerService: LoggerService,
+		private utilityService: UtilityService,
 	) {
 		// eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
 		this.logger = this.loggerService?.getLogger('ap-request'); // なぜか TypeError: Cannot read properties of undefined (reading 'getLogger') と言われる
@@ -251,7 +255,11 @@ export class ApRequestService {
 		//#endregion
 
 		validateContentTypeSetAsActivityPub(res);
+		const finalUrl = res.url; // redirects may have been involved
+		const activity = await res.json() as IObject;
 
-		return await res.json();
+		assertActivityMatchesUrls(activity, [url, finalUrl]);
+
+		return activity;
 	}
 }
diff --git a/packages/backend/src/core/activitypub/ApResolverService.ts b/packages/backend/src/core/activitypub/ApResolverService.ts
index 5244de43de..b4fbaf24e4 100644
--- a/packages/backend/src/core/activitypub/ApResolverService.ts
+++ b/packages/backend/src/core/activitypub/ApResolverService.ts
@@ -21,6 +21,8 @@ import { ApDbResolverService } from './ApDbResolverService.js';
 import { ApRendererService } from './ApRendererService.js';
 import { ApRequestService } from './ApRequestService.js';
 import type { IObject, ICollection, IOrderedCollection, IUnsanitizedObject } from './type.js';
+import { toASCII } from 'node:punycode';
+import { yumeAssertAcceptableURL } from './misc/validator.js';
 
 export class Resolver {
 	private history: Set<string>;
@@ -53,6 +55,11 @@ export class Resolver {
 		return Array.from(this.history);
 	}
 
+	@bindThis
+	public getRecursionLimit(): number {
+		return this.recursionLimit;
+	}
+
 	@bindThis
 	public async resolveCollection(value: string | IObject): Promise<ICollection | IOrderedCollection> {
 		const collection = typeof value === 'string'
@@ -114,6 +121,21 @@ export class Resolver {
 			throw new Error('invalid response');
 		}
 
+		// HttpRequestService / ApRequestService have already checked that
+		// `object.id` or `object.url` matches the URL used to fetch the
+		// object after redirects; here we double-check that no redirects
+		// bounced between hosts
+		if (object.id == null) {
+			throw new Error('invalid AP object: missing id');
+		}
+
+		const idURL = yumeAssertAcceptableURL(object.id);
+		const valueURL = yumeAssertAcceptableURL(value);
+
+		if (toASCII(idURL.host) !== toASCII(valueURL.host)) {
+			throw new Bull.UnrecoverableError(`invalid AP object ${value}: id ${object.id} has different host`);
+		}
+
 		return object;
 	}
 
diff --git a/packages/backend/src/core/activitypub/misc/validator.ts b/packages/backend/src/core/activitypub/misc/validator.ts
index 690beeffef..8470d0c6ec 100644
--- a/packages/backend/src/core/activitypub/misc/validator.ts
+++ b/packages/backend/src/core/activitypub/misc/validator.ts
@@ -4,6 +4,28 @@
  */
 
 import type { Response } from 'node-fetch';
+import * as Bull from 'bullmq';
+import { toASCII } from 'node:punycode';
+
+export function yumeAssertAcceptableURL(url: string | URL): URL {
+	const urlParsed = url instanceof URL ? url : new URL(url);
+
+	if (urlParsed.search.length + urlParsed.pathname.length > 1024) {
+		throw new Bull.UnrecoverableError('URL is too long');
+	}
+
+	if (urlParsed.protocol !== 'https:') {
+		throw new Bull.UnrecoverableError('URL protocol is not https');
+	}
+
+	if (urlParsed.port && urlParsed.port !== '443') {
+		throw new Bull.UnrecoverableError('URL port is not 443');
+	}
+
+	urlParsed.hostname = toASCII(urlParsed.hostname);
+
+	return urlParsed;
+}
 
 export function validateContentTypeSetAsActivityPub(response: Response): void {
 	const contentType = (response.headers.get('content-type') ?? '').toLowerCase();
diff --git a/packages/backend/src/core/activitypub/models/ApNoteService.ts b/packages/backend/src/core/activitypub/models/ApNoteService.ts
index 43c4994706..d9d004a9cf 100644
--- a/packages/backend/src/core/activitypub/models/ApNoteService.ts
+++ b/packages/backend/src/core/activitypub/models/ApNoteService.ts
@@ -36,6 +36,7 @@ import { ApQuestionService } from './ApQuestionService.js';
 import { ApImageService } from './ApImageService.js';
 import type { Resolver } from '../ApResolverService.js';
 import type { IObject, IPost } from '../type.js';
+import { yumeAssertAcceptableURL } from '../misc/validator.js';
 
 @Injectable()
 export class ApNoteService {
@@ -77,7 +78,7 @@ export class ApNoteService {
 	}
 
 	@bindThis
-	public validateNote(object: IObject, uri: string): Error | null {
+	public validateNote(object: IObject, uri: string, actor?: MiRemoteUser): Error | null {
 		const expectHost = this.utilityService.extractDbHost(uri);
 		const apType = getApType(object);
 
@@ -98,6 +99,14 @@ export class ApNoteService {
 			return new IdentifiableError('d450b8a9-48e4-4dab-ae36-f4db763fda7c', 'invalid Note: published timestamp is malformed');
 		}
 
+		if (actor) {
+			const attribution = (object.attributedTo) ? getOneApId(object.attributedTo) : actor.uri;
+
+			if (attribution !== actor.uri) {
+				return new IdentifiableError('d450b8a9-48e4-4dab-ae36-f4db763fda7c', `invalid Note: attribution does not match the actor that send it. attribution: ${attribution}, actor: ${actor.uri}`);
+			}
+		}
+
 		return null;
 	}
 
@@ -115,11 +124,14 @@ export class ApNoteService {
 	 * Noteを作成します。
 	 */
 	@bindThis
-	public async createNote(value: string | IObject, resolver: Resolver, silent = false): Promise<MiNote | null> {
+	public async createNote(value: string | IObject, actor?: MiRemoteUser, resolver?: Resolver, silent = false): Promise<MiNote | null> {
+		// eslint-disable-next-line no-param-reassign
+		if (resolver == null) resolver = this.apResolverService.createResolver();
+
 		const object = await resolver.resolve(value);
 
 		const entryUri = getApId(value);
-		const err = this.validateNote(object, entryUri);
+		const err = this.validateNote(object, entryUri, actor);
 		if (err) {
 			this.logger.error(err.message, {
 				resolver: { history: resolver.getHistory() },
@@ -133,14 +145,27 @@ export class ApNoteService {
 
 		this.logger.debug(`Note fetched: ${JSON.stringify(note, null, 2)}`);
 
-		if (note.id && !checkHttps(note.id)) {
+		if (note.id == null) {
+			throw new Error('Refusing to create note without id');
+		}
+
+		if (!checkHttps(note.id)) {
 			throw new Error('unexpected schema of note.id: ' + note.id);
 		}
 
 		const url = getOneApHrefNullable(note.url);
 
-		if (url && !checkHttps(url)) {
-			throw new Error('unexpected schema of note url: ' + url);
+		if (url != null) {
+			if (!checkHttps(url)) {
+				throw new Error('unexpected schema of note url: ' + url);
+			}
+
+			const actUrl = yumeAssertAcceptableURL(url);
+			const noteUrl = yumeAssertAcceptableURL(note.id);
+
+			if (noteUrl.host !== actUrl.host) {
+				throw new Error(`note url & uri host mismatch: note url: ${url}, note uri: ${note.id}`);
+			}
 		}
 
 		this.logger.info(`Creating the Note: ${note.id}`);
@@ -153,8 +178,9 @@ export class ApNoteService {
 		const uri = getOneApId(note.attributedTo);
 
 		// ローカルで投稿者を検索し、もし凍結されていたらスキップ
-		const cachedActor = await this.apPersonService.fetchPerson(uri) as MiRemoteUser;
-		if (cachedActor && cachedActor.isSuspended) {
+		// eslint-disable-next-line no-param-reassign
+		actor ??= await this.apPersonService.fetchPerson(uri) as MiRemoteUser | undefined;
+		if (actor && actor.isSuspended) {
 			throw new IdentifiableError('85ab9bd7-3a41-4530-959d-f07073900109', 'actor has been suspended');
 		}
 
@@ -186,7 +212,8 @@ export class ApNoteService {
 		}
 		//#endregion
 
-		const actor = cachedActor ?? await this.apPersonService.resolvePerson(uri, resolver) as MiRemoteUser;
+		// eslint-disable-next-line no-param-reassign
+		actor ??= await this.apPersonService.resolvePerson(uri, resolver) as MiRemoteUser;
 
 		// 解決した投稿者が凍結されていたらスキップ
 		if (actor.isSuspended) {
@@ -345,15 +372,11 @@ export class ApNoteService {
 			if (exist) return exist;
 			//#endregion
 
-			if (uri.startsWith(this.config.url)) {
-				throw new StatusError('cannot resolve local note', 400, 'cannot resolve local note');
-			}
-
 			// リモートサーバーからフェッチしてきて登録
 			// ここでuriの代わりに添付されてきたNote Objectが指定されていると、サーバーフェッチを経ずにノートが生成されるが
 			// 添付されてきたNote Objectは偽装されている可能性があるため、常にuriを指定してサーバーフェッチを行う。
 			const createFrom = options.sentFrom?.origin === new URL(uri).origin ? value : uri;
-			return await this.createNote(createFrom, this.apResolverService.createResolver(), true);
+			return await this.createNote(createFrom, undefined, options.resolver, true);
 		} finally {
 			unlock();
 		}
diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts
index d02701da52..00c9d1cf89 100644
--- a/packages/backend/src/core/activitypub/models/ApPersonService.ts
+++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts
@@ -661,7 +661,7 @@ export class ApPersonService implements OnModuleInit {
 
 	@bindThis
 	public async updateFeatured(userId: MiUser['id'], resolver?: Resolver): Promise<void> {
-		const user = await this.usersRepository.findOneByOrFail({ id: userId, isDeleted: false });
+		const user = await this.usersRepository.findOneByOrFail({ id: userId });
 		if (!this.userEntityService.isRemoteUser(user)) return;
 		if (!user.featured) return;
 
diff --git a/packages/backend/src/core/activitypub/models/ApQuestionService.ts b/packages/backend/src/core/activitypub/models/ApQuestionService.ts
index 73004d10b0..7a040aa7e8 100644
--- a/packages/backend/src/core/activitypub/models/ApQuestionService.ts
+++ b/packages/backend/src/core/activitypub/models/ApQuestionService.ts
@@ -15,6 +15,8 @@ import { ApLoggerService } from '../ApLoggerService.js';
 import { ApResolverService } from '../ApResolverService.js';
 import type { Resolver } from '../ApResolverService.js';
 import type { IObject, IQuestion } from '../type.js';
+import { yumeAssertAcceptableURL } from '../misc/validator.js';
+import { toASCII } from 'punycode';
 
 @Injectable()
 export class ApQuestionService {
@@ -66,14 +68,16 @@ export class ApQuestionService {
 	 */
 	@bindThis
 	public async updateQuestion(value: string | IObject, resolver?: Resolver): Promise<boolean> {
-		const uri = typeof value === 'string' ? value : value.id;
-		if (uri == null) throw new Error('uri is null');
+		const uriIn = typeof value === 'string' ? value : value.id;
+		if (uriIn == null) throw new Error('uri is null');
 
 		// URIがこのサーバーを指しているならスキップ
-		if (uri.startsWith(this.config.url + '/')) throw new Error('uri points local');
+		const uri = yumeAssertAcceptableURL(uriIn);
+
+		if (toASCII(this.config.host) === uri.host) throw new Error('uri points local');
 
 		//#region このサーバーに既に登録されているか
-		const note = await this.notesRepository.findOneBy({ uri });
+		const note = await this.notesRepository.findOneBy({ uri: uriIn });
 		if (note == null) throw new Error('Question is not registered');
 
 		const poll = await this.pollsRepository.findOneBy({ noteId: note.id });
diff --git a/packages/backend/src/queue/processors/InboxProcessorService.ts b/packages/backend/src/queue/processors/InboxProcessorService.ts
index 8dbba7f51e..c8d4bdb84a 100644
--- a/packages/backend/src/queue/processors/InboxProcessorService.ts
+++ b/packages/backend/src/queue/processors/InboxProcessorService.ts
@@ -255,6 +255,8 @@ export class InboxProcessorService implements OnApplicationShutdown {
 				incCounter(mIncomingApReject, 'host_signature_mismatch');
 				throw new Bull.UnrecoverableError(`skip: signerHost(${signerHost}) !== activity.id host(${activityIdHost}`);
 			}
+		} else {
+			throw new Bull.UnrecoverableError('skip: activity id is not a string');
 		}
 
 		this.apRequestChart.inbox();
diff --git a/packages/backend/src/server/ActivityPubServerService.ts b/packages/backend/src/server/ActivityPubServerService.ts
index ba2342b630..f34f6583d3 100644
--- a/packages/backend/src/server/ActivityPubServerService.ts
+++ b/packages/backend/src/server/ActivityPubServerService.ts
@@ -105,7 +105,7 @@ export class ActivityPubServerService {
 		let signature;
 
 		try {
-			signature = httpSignature.parseRequest(request.raw, { 'headers': [] });
+			signature = httpSignature.parseRequest(request.raw, { 'headers': ['(request-target)', 'host', 'date'], authorizationHeaderName: 'signature' });
 		} catch (e) {
 			reply.code(401);
 			return;
diff --git a/packages/backend/src/server/api/endpoints/ap/get.ts b/packages/backend/src/server/api/endpoints/ap/get.ts
index d8c55de7ec..14286bc23e 100644
--- a/packages/backend/src/server/api/endpoints/ap/get.ts
+++ b/packages/backend/src/server/api/endpoints/ap/get.ts
@@ -11,6 +11,7 @@ import { ApResolverService } from '@/core/activitypub/ApResolverService.js';
 export const meta = {
 	tags: ['federation'],
 
+	requireAdmin: true,
 	requireCredential: true,
 	kind: 'read:federation',
 
diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts
index 6127e104ce..bf99834c17 100644
--- a/packages/backend/src/server/api/endpoints/ap/show.ts
+++ b/packages/backend/src/server/api/endpoints/ap/show.ts
@@ -118,6 +118,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		]));
 		if (local != null) return local;
 
+		const host = this.utilityService.extractDbHost(uri);
+
+		// local object, not found in db? fail
+		if (this.utilityService.isSelfHost(host)) return null;
+
 		// リモートから一旦オブジェクトフェッチ
 		const resolver = this.apResolverService.createResolver();
 		const object = await resolver.resolve(uri) as any;
@@ -135,7 +140,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		return await this.mergePack(
 			me,
 			isActor(object) ? await this.apPersonService.createPerson(getApId(object), resolver) : null,
-			isPost(object) ? await this.apNoteService.createNote(getApId(object), resolver, true) : null,
+			isPost(object) ? await this.apNoteService.createNote(getApId(object), undefined, resolver, true) : null,
 		);
 	}
 
diff --git a/packages/backend/src/server/web/UrlPreviewService.ts b/packages/backend/src/server/web/UrlPreviewService.ts
index 5d493c2c46..94b4a9fd90 100644
--- a/packages/backend/src/server/web/UrlPreviewService.ts
+++ b/packages/backend/src/server/web/UrlPreviewService.ts
@@ -118,7 +118,6 @@ export class UrlPreviewService {
 	private fetchSummary(url: string, meta: MiMeta, lang?: string): Promise<SummalyResult> {
 		const agent = this.config.proxy
 			? {
-				http: this.httpRequestService.httpAgent,
 				https: this.httpRequestService.httpsAgent,
 			}
 			: undefined;
diff --git a/packages/backend/test/unit/activitypub.ts b/packages/backend/test/unit/activitypub.ts
index fe336a0252..954bf8a62e 100644
--- a/packages/backend/test/unit/activitypub.ts
+++ b/packages/backend/test/unit/activitypub.ts
@@ -207,7 +207,7 @@ describe('ActivityPub', () => {
 			resolver.register(actor.id, actor);
 			resolver.register(post.id, post);
 
-			const note = await noteService.createNote(post.id, resolver, true);
+			const note = await noteService.createNote(post.id, undefined, resolver, true);
 
 			assert.deepStrictEqual(note?.uri, post.id);
 			assert.deepStrictEqual(note.visibility, 'public');
@@ -370,7 +370,7 @@ describe('ActivityPub', () => {
 			resolver.register(actor.featured, featured);
 			resolver.register(firstNote.id, firstNote);
 
-			const note = await noteService.createNote(firstNote.id as string, resolver);
+			const note = await noteService.createNote(firstNote.id as string, undefined, resolver);
 			assert.strictEqual(note?.uri, firstNote.id);
 		});
 	});

From f0a754eaa8ba07641247b5bbaab5ce3d8adf4670 Mon Sep 17 00:00:00 2001
From: "zawa-ch." <satellite.2e1834097@gmail.com>
Date: Tue, 19 Nov 2024 21:12:40 +0900
Subject: [PATCH 14/29] =?UTF-8?q?Fix(backend):=20=E3=82=A2=E3=82=AB?=
 =?UTF-8?q?=E3=82=A6=E3=83=B3=E3=83=88=E5=89=8A=E9=99=A4=E3=81=AE=E3=83=A2?=
 =?UTF-8?q?=E3=83=87=E3=83=AC=E3=83=BC=E3=82=B7=E3=83=A7=E3=83=B3=E3=83=AD?=
 =?UTF-8?q?=E3=82=B0=E3=81=8C=E5=8B=95=E4=BD=9C=E3=81=97=E3=81=A6=E3=81=84?=
 =?UTF-8?q?=E3=81=AA=E3=81=84=E3=81=AE=E3=82=92=E4=BF=AE=E6=AD=A3=20(#1499?=
 =?UTF-8?q?6)=20(#14997)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* アカウント削除のモデレーションログが動作していないのを修正

* update CHANGELOG

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 CHANGELOG.md                                                  | 1 +
 .../backend/src/server/api/endpoints/admin/accounts/delete.ts | 2 +-
 .../backend/src/server/api/endpoints/admin/delete-account.ts  | 4 ++--
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index db8d6704fc..1e41073015 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -92,6 +92,7 @@ PgroongaのCWサーチ (github.com/paricafe/misskey#d30db97b59d264450901c1dd8680
 - Fix: FTT無効時にユーザーリストタイムラインが使用できない問題を修正  
   (Cherry-picked from https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/709)
 - Fix: User Webhookテスト機能のMock Payloadを修正  
+- Fix: アカウント削除のモデレーションログが動作していないのを修正 (#14996)  
 
 ### Misskey.js
 - Fix: Stream初期化時、別途WebSocketを指定する場合の型定義を修正
diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
index 01dea703a3..ece1984cff 100644
--- a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
@@ -46,7 +46,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				throw new Error('cannot delete a root account');
 			}
 
-			await this.deleteAccoountService.deleteAccount(user);
+			await this.deleteAccoountService.deleteAccount(user, me);
 		});
 	}
 }
diff --git a/packages/backend/src/server/api/endpoints/admin/delete-account.ts b/packages/backend/src/server/api/endpoints/admin/delete-account.ts
index b6f0f22d60..9065a71f6a 100644
--- a/packages/backend/src/server/api/endpoints/admin/delete-account.ts
+++ b/packages/backend/src/server/api/endpoints/admin/delete-account.ts
@@ -33,13 +33,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 		private deleteAccountService: DeleteAccountService,
 	) {
-		super(meta, paramDef, async (ps) => {
+		super(meta, paramDef, async (ps, me) => {
 			const user = await this.usersRepository.findOneByOrFail({ id: ps.userId });
 			if (user.isDeleted) {
 				return;
 			}
 
-			await this.deleteAccountService.deleteAccount(user);
+			await this.deleteAccountService.deleteAccount(user, me);
 		});
 	}
 }

From 329995f4a3e1787ad19838c20d23d6b66d70fc0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=B4=87=E5=B3=B0=20=E6=9C=94=E8=8F=AF?=
 <160555157+sakuhanight@users.noreply.github.com>
Date: Wed, 20 Nov 2024 20:08:26 +0900
Subject: [PATCH 15/29] =?UTF-8?q?feat:=20=E7=B5=B5=E6=96=87=E5=AD=97?=
 =?UTF-8?q?=E3=81=AE=E3=83=9D=E3=83=83=E3=83=97=E3=82=A2=E3=83=83=E3=83=97?=
 =?UTF-8?q?=E3=83=A1=E3=83=8B=E3=83=A5=E3=83=BC=E3=81=AB=E7=B7=A8=E9=9B=86?=
 =?UTF-8?q?=E3=82=92=E8=BF=BD=E5=8A=A0=20(#15004)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Mod: 絵文字のポップアップメニューに編集を追加

* fix: code styleの修正

* fix: code styleの修正

* fix

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 .../src/components/global/MkCustomEmoji.vue   | 29 +++++++++++++++++--
 packages/frontend/src/pages/emojis.emoji.vue  | 28 ++++++++++++++++--
 2 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/packages/frontend/src/components/global/MkCustomEmoji.vue b/packages/frontend/src/components/global/MkCustomEmoji.vue
index 66f82a7898..ec1d859080 100644
--- a/packages/frontend/src/components/global/MkCustomEmoji.vue
+++ b/packages/frontend/src/components/global/MkCustomEmoji.vue
@@ -25,17 +25,18 @@ SPDX-License-Identifier: AGPL-3.0-only
 </template>
 
 <script lang="ts" setup>
-import { computed, inject, ref } from 'vue';
+import { computed, defineAsyncComponent, inject, ref } from 'vue';
+import type { MenuItem } from '@/types/menu.js';
 import { getProxiedImageUrl, getStaticImageUrl } from '@/scripts/media-proxy.js';
 import { defaultStore } from '@/store.js';
 import { customEmojisMap } from '@/custom-emojis.js';
 import * as os from '@/os.js';
-import { misskeyApiGet } from '@/scripts/misskey-api.js';
+import { misskeyApi, misskeyApiGet } from '@/scripts/misskey-api.js';
 import { copyToClipboard } from '@/scripts/copy-to-clipboard.js';
 import * as sound from '@/scripts/sound.js';
 import { i18n } from '@/i18n.js';
 import MkCustomEmojiDetailedDialog from '@/components/MkCustomEmojiDetailedDialog.vue';
-import type { MenuItem } from '@/types/menu.js';
+import { $i } from '@/account.js';
 
 const props = defineProps<{
 	name: string;
@@ -125,9 +126,31 @@ function onClick(ev: MouseEvent) {
 			},
 		});
 
+		if ($i?.isModerator ?? $i?.isAdmin) {
+			menuItems.push({
+				text: i18n.ts.edit,
+				icon: 'ti ti-pencil',
+				action: async () => {
+					await edit(props.name);
+				},
+			});
+		}
+
 		os.popupMenu(menuItems, ev.currentTarget ?? ev.target);
 	}
 }
+
+async function edit(name: string) {
+	const emoji = await misskeyApi('emoji', {
+		name: name,
+	});
+	const { dispose } = os.popup(defineAsyncComponent(() => import('@/pages/emoji-edit-dialog.vue')), {
+		emoji: emoji,
+	}, {
+		closed: () => dispose(),
+	});
+}
+
 </script>
 
 <style lang="scss" module>
diff --git a/packages/frontend/src/pages/emojis.emoji.vue b/packages/frontend/src/pages/emojis.emoji.vue
index fcd22155b7..979d50966e 100644
--- a/packages/frontend/src/pages/emojis.emoji.vue
+++ b/packages/frontend/src/pages/emojis.emoji.vue
@@ -15,18 +15,22 @@ SPDX-License-Identifier: AGPL-3.0-only
 
 <script lang="ts" setup>
 import * as Misskey from 'misskey-js';
+import { defineAsyncComponent } from 'vue';
+import type { MenuItem } from '@/types/menu.js';
 import * as os from '@/os.js';
 import { misskeyApiGet } from '@/scripts/misskey-api.js';
 import { copyToClipboard } from '@/scripts/copy-to-clipboard.js';
 import { i18n } from '@/i18n.js';
 import MkCustomEmojiDetailedDialog from '@/components/MkCustomEmojiDetailedDialog.vue';
+import { $i } from '@/account.js';
 
 const props = defineProps<{
   emoji: Misskey.entities.EmojiSimple;
 }>();
 
 function menu(ev) {
-	os.popupMenu([{
+	const menuItems: MenuItem[] = [];
+	menuItems.push({
 		type: 'label',
 		text: ':' + props.emoji.name + ':',
 	}, {
@@ -48,8 +52,28 @@ function menu(ev) {
 				closed: () => dispose(),
 			});
 		},
-	}], ev.currentTarget ?? ev.target);
+	});
+
+	if ($i?.isModerator ?? $i?.isAdmin) {
+		menuItems.push({
+			text: i18n.ts.edit,
+			icon: 'ti ti-pencil',
+			action: () => {
+				edit(props.emoji);
+			},
+		});
+	}
+
+	os.popupMenu(menuItems, ev.currentTarget ?? ev.target);
 }
+
+const edit = async (emoji) => {
+	const { dispose } = os.popup(defineAsyncComponent(() => import('@/pages/emoji-edit-dialog.vue')), {
+		emoji: emoji,
+	}, {
+		closed: () => dispose(),
+	});
+};
 </script>
 
 <style lang="scss" module>

From c427e10f173d348d181b568ced9c35edd83ee03f Mon Sep 17 00:00:00 2001
From: syuilo <4439005+syuilo@users.noreply.github.com>
Date: Thu, 21 Nov 2024 07:58:34 +0900
Subject: [PATCH 16/29] perf(frontend): reduce api requests for non-logged-in
 enviroment (#15001)

* wip

* Update CHANGELOG.md

* wip

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 CHANGELOG.md                                  |  1 +
 .../src/server/web/ClientServerService.ts     | 14 ++++++++++-
 .../backend/src/server/web/views/base.pug     |  3 +++
 packages/frontend/src/pages/clip.vue          | 14 ++++++++---
 packages/frontend/src/pages/note.vue          | 11 ++++++++-
 packages/frontend/src/pages/user/index.vue    | 18 +++++++++++++--
 packages/frontend/src/server-context.ts       | 23 +++++++++++++++++++
 7 files changed, 77 insertions(+), 7 deletions(-)
 create mode 100644 packages/frontend/src/server-context.ts

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1e41073015..7cd084495b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -58,6 +58,7 @@ PgroongaのCWサーチ (github.com/paricafe/misskey#d30db97b59d264450901c1dd8680
   (Based on https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/663)
 - Enhance: サイドバーを簡単に展開・折りたたみできるように ( #14981 )
 - Enhance: リノートメニューに「リノートの詳細」を追加
+- Enhance: 非ログイン状態でMisskeyを開いた際のパフォーマンスを向上
 - Fix: 通知の範囲指定の設定項目が必要ない通知設定でも範囲指定の設定がでている問題を修正
 - Fix: Turnstileが失敗・期限切れした際にも成功扱いとなってしまう問題を修正  
   (Cherry-picked from https://github.com/MisskeyIO/misskey/pull/768)
diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts
index a50e37b49a..8dcd76ee71 100644
--- a/packages/backend/src/server/web/ClientServerService.ts
+++ b/packages/backend/src/server/web/ClientServerService.ts
@@ -611,7 +611,7 @@ export class ClientServerService {
 			}
 		});
 
-		//#region SSR (for crawlers)
+		//#region SSR
 		// User
 		fastify.get<{ Params: { user: string; sub?: string; } }>('/@:user/:sub?', async (request, reply) => {
 			const { username, host } = Acct.parse(request.params.user);
@@ -636,11 +636,17 @@ export class ClientServerService {
 					reply.header('X-Robots-Tag', 'noimageai');
 					reply.header('X-Robots-Tag', 'noai');
 				}
+
+				const _user = await this.userEntityService.pack(user);
+
 				return await reply.view('user', {
 					user, profile, me,
 					avatarUrl: user.avatarUrl ?? this.userEntityService.getIdenticonUrl(user),
 					sub: request.params.sub,
 					...await this.generateCommonPugData(this.meta),
+					clientCtx: htmlSafeJsonStringify({
+						user: _user,
+					}),
 				});
 			} else {
 				// リモートユーザーなので
@@ -693,6 +699,9 @@ export class ClientServerService {
 					// TODO: Let locale changeable by instance setting
 					summary: getNoteSummary(_note),
 					...await this.generateCommonPugData(this.meta),
+					clientCtx: htmlSafeJsonStringify({
+						note: _note,
+					}),
 				});
 			} else {
 				return await renderBase(reply);
@@ -781,6 +790,9 @@ export class ClientServerService {
 					profile,
 					avatarUrl: _clip.user.avatarUrl,
 					...await this.generateCommonPugData(this.meta),
+					clientCtx: htmlSafeJsonStringify({
+						clip: _clip,
+					}),
 				});
 			} else {
 				return await renderBase(reply);
diff --git a/packages/backend/src/server/web/views/base.pug b/packages/backend/src/server/web/views/base.pug
index 03eab87233..88aabda04f 100644
--- a/packages/backend/src/server/web/views/base.pug
+++ b/packages/backend/src/server/web/views/base.pug
@@ -72,6 +72,9 @@ html
 
 		script(type='application/json' id='misskey_meta' data-generated-at=now)
 			!= metaJson
+		
+		script(type='application/json' id='misskey_clientCtx' data-generated-at=now)
+			!= clientCtx
 
 		script(integrity=bootJS.integrity) !{bootJS.content}
 
diff --git a/packages/frontend/src/pages/clip.vue b/packages/frontend/src/pages/clip.vue
index 7b1737fece..891d59d605 100644
--- a/packages/frontend/src/pages/clip.vue
+++ b/packages/frontend/src/pages/clip.vue
@@ -33,25 +33,28 @@ SPDX-License-Identifier: AGPL-3.0-only
 <script lang="ts" setup>
 import { computed, watch, provide, ref } from 'vue';
 import * as Misskey from 'misskey-js';
+import { url } from '@@/js/config.js';
+import type { MenuItem } from '@/types/menu.js';
 import MkNotes from '@/components/MkNotes.vue';
 import { $i } from '@/account.js';
 import { i18n } from '@/i18n.js';
 import * as os from '@/os.js';
 import { misskeyApi } from '@/scripts/misskey-api.js';
 import { definePageMetadata } from '@/scripts/page-metadata.js';
-import { url } from '@@/js/config.js';
 import MkButton from '@/components/MkButton.vue';
 import { clipsCache } from '@/cache.js';
 import { isSupportShare } from '@/scripts/navigator.js';
 import { copyToClipboard } from '@/scripts/copy-to-clipboard.js';
 import { genEmbedCode } from '@/scripts/get-embed-code.js';
-import type { MenuItem } from '@/types/menu.js';
+import { getServerContext } from '@/server-context.js';
+
+const CTX_CLIP = getServerContext('clip');
 
 const props = defineProps<{
 	clipId: string,
 }>();
 
-const clip = ref<Misskey.entities.Clip | null>(null);
+const clip = ref<Misskey.entities.Clip | null>(CTX_CLIP);
 const favorited = ref(false);
 const pagination = {
 	endpoint: 'clips/notes' as const,
@@ -64,6 +67,11 @@ const pagination = {
 const isOwned = computed<boolean | null>(() => $i && clip.value && ($i.id === clip.value.userId));
 
 watch(() => props.clipId, async () => {
+	if (CTX_CLIP && CTX_CLIP.id === props.clipId) {
+		clip.value = CTX_CLIP;
+		return;
+	}
+
 	clip.value = await misskeyApi('clips/show', {
 		clipId: props.clipId,
 	});
diff --git a/packages/frontend/src/pages/note.vue b/packages/frontend/src/pages/note.vue
index 454ee3c6bc..3e1d04bd6d 100644
--- a/packages/frontend/src/pages/note.vue
+++ b/packages/frontend/src/pages/note.vue
@@ -62,13 +62,16 @@ import { dateString } from '@/filters/date.js';
 import MkClipPreview from '@/components/MkClipPreview.vue';
 import { defaultStore } from '@/store.js';
 import { pleaseLogin } from '@/scripts/please-login.js';
+import { getServerContext } from '@/server-context.js';
+
+const CTX_NOTE = getServerContext('note');
 
 const props = defineProps<{
 	noteId: string;
 	initialTab?: string;
 }>();
 
-const note = ref<null | Misskey.entities.Note>();
+const note = ref<null | Misskey.entities.Note>(CTX_NOTE);
 const clips = ref<Misskey.entities.Clip[]>();
 const showPrev = ref<'user' | 'channel' | false>(false);
 const showNext = ref<'user' | 'channel' | false>(false);
@@ -116,6 +119,12 @@ function fetchNote() {
 	showPrev.value = false;
 	showNext.value = false;
 	note.value = null;
+
+	if (CTX_NOTE && CTX_NOTE.id === props.noteId) {
+		note.value = CTX_NOTE;
+		return;
+	}
+
 	misskeyApi('notes/show', {
 		noteId: props.noteId,
 	}).then(res => {
diff --git a/packages/frontend/src/pages/user/index.vue b/packages/frontend/src/pages/user/index.vue
index a6244e2a93..d862387401 100644
--- a/packages/frontend/src/pages/user/index.vue
+++ b/packages/frontend/src/pages/user/index.vue
@@ -39,6 +39,7 @@ import { definePageMetadata } from '@/scripts/page-metadata.js';
 import { i18n } from '@/i18n.js';
 import { $i } from '@/account.js';
 import MkHorizontalSwipe from '@/components/MkHorizontalSwipe.vue';
+import { getServerContext } from '@/server-context.js';
 
 const XHome = defineAsyncComponent(() => import('./home.vue'));
 const XTimeline = defineAsyncComponent(() => import('./index.timeline.vue'));
@@ -52,6 +53,8 @@ const XFlashs = defineAsyncComponent(() => import('./flashs.vue'));
 const XGallery = defineAsyncComponent(() => import('./gallery.vue'));
 const XRaw = defineAsyncComponent(() => import('./raw.vue'));
 
+const CTX_USER = getServerContext('user');
+
 const props = withDefaults(defineProps<{
 	acct: string;
 	page?: string;
@@ -61,13 +64,24 @@ const props = withDefaults(defineProps<{
 
 const tab = ref(props.page);
 
-const user = ref<null | Misskey.entities.UserDetailed>(null);
+const user = ref<null | Misskey.entities.UserDetailed>(CTX_USER);
 const error = ref<any>(null);
 
 function fetchUser(): void {
 	if (props.acct == null) return;
+
+	const { username, host } = Misskey.acct.parse(props.acct);
+
+	if (CTX_USER && CTX_USER.username === username && CTX_USER.host === host) {
+		user.value = CTX_USER;
+		return;
+	}
+
 	user.value = null;
-	misskeyApi('users/show', Misskey.acct.parse(props.acct)).then(u => {
+	misskeyApi('users/show', {
+		username,
+		host,
+	}).then(u => {
 		user.value = u;
 	}).catch(err => {
 		error.value = err;
diff --git a/packages/frontend/src/server-context.ts b/packages/frontend/src/server-context.ts
new file mode 100644
index 0000000000..aa44a10290
--- /dev/null
+++ b/packages/frontend/src/server-context.ts
@@ -0,0 +1,23 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+import * as Misskey from 'misskey-js';
+import { $i } from '@/account.js';
+
+const providedContextEl = document.getElementById('misskey_clientCtx');
+
+export type ServerContext = {
+	clip?: Misskey.entities.Clip;
+	note?: Misskey.entities.Note;
+	user?: Misskey.entities.UserLite;
+} | null;
+
+export const serverContext: ServerContext = (providedContextEl && providedContextEl.textContent) ? JSON.parse(providedContextEl.textContent) : null;
+
+export function getServerContext<K extends keyof NonNullable<ServerContext>>(entity: K): Required<Pick<NonNullable<ServerContext>, K>> | null {
+	// contextは非ログイン状態の情報しかないためログイン時は利用できない
+	if ($i) return null;
+
+	return serverContext ? (serverContext[entity] ?? null) : null;
+}

From 323de25075a072401b16dc5b710c97a5116aed74 Mon Sep 17 00:00:00 2001
From: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
Date: Thu, 21 Nov 2024 08:00:50 +0900
Subject: [PATCH 17/29] =?UTF-8?q?Fix:=20=E3=83=AA=E3=83=8E=E3=83=BC?=
 =?UTF-8?q?=E3=83=88=E3=83=9F=E3=83=A5=E3=83=BC=E3=83=88=E3=81=8C=E6=96=B0?=
 =?UTF-8?q?=E8=A6=8F=E6=8A=95=E7=A8=BF=E9=80=9A=E7=9F=A5=E3=81=AB=E5=AF=BE?=
 =?UTF-8?q?=E3=81=97=E3=81=A6=E4=BD=9C=E7=94=A8=E3=81=97=E3=81=A6=E3=81=84?=
 =?UTF-8?q?=E3=81=AA=E3=81=8B=E3=81=A3=E3=81=9F=E5=95=8F=E9=A1=8C=E3=82=92?=
 =?UTF-8?q?=E4=BF=AE=E6=AD=A3=20(#15006)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix(backend): renoteMute doesn't work for note notification

* docs(changelog): update changelog

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 CHANGELOG.md                                   |  1 +
 packages/backend/src/core/NoteCreateService.ts | 18 ++++++++++++++----
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7cd084495b..52e76a8318 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -94,6 +94,7 @@ PgroongaのCWサーチ (github.com/paricafe/misskey#d30db97b59d264450901c1dd8680
   (Cherry-picked from https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/709)
 - Fix: User Webhookテスト機能のMock Payloadを修正  
 - Fix: アカウント削除のモデレーションログが動作していないのを修正 (#14996)  
+- Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正
 
 ### Misskey.js
 - Fix: Stream初期化時、別途WebSocketを指定する場合の型定義を修正
diff --git a/packages/backend/src/core/NoteCreateService.ts b/packages/backend/src/core/NoteCreateService.ts
index 3647fa7231..56ddcefd7c 100644
--- a/packages/backend/src/core/NoteCreateService.ts
+++ b/packages/backend/src/core/NoteCreateService.ts
@@ -56,6 +56,7 @@ import { isReply } from '@/misc/is-reply.js';
 import { trackPromise } from '@/misc/promise-tracker.js';
 import { IdentifiableError } from '@/misc/identifiable-error.js';
 import { CollapsedQueue } from '@/misc/collapsed-queue.js';
+import { CacheService } from '@/core/CacheService.js';
 
 type NotificationType = 'reply' | 'renote' | 'quote' | 'mention';
 
@@ -217,6 +218,7 @@ export class NoteCreateService implements OnApplicationShutdown {
 		private instanceChart: InstanceChart,
 		private utilityService: UtilityService,
 		private userBlockingService: UserBlockingService,
+		private cacheService: CacheService,
 	) {
 		this.updateNotesCountQueue = new CollapsedQueue(process.env.NODE_ENV !== 'test' ? 60 * 1000 * 5 : 0, this.collapseNotesCount, this.performUpdateNotesCount);
 	}
@@ -543,13 +545,21 @@ export class NoteCreateService implements OnApplicationShutdown {
 			this.followingsRepository.findBy({
 				followeeId: user.id,
 				notify: 'normal',
-			}).then(followings => {
+			}).then(async followings => {
 				if (note.visibility !== 'specified') {
+					const isPureRenote = this.isRenote(data) && !this.isQuote(data) ? true : false;
 					for (const following of followings) {
 						// TODO: ワードミュート考慮
-						this.notificationService.createNotification(following.followerId, 'note', {
-							noteId: note.id,
-						}, user.id);
+						let isRenoteMuted = false;
+						if (isPureRenote) {
+							const userIdsWhoMeMutingRenotes = await this.cacheService.renoteMutingsCache.fetch(following.followerId);
+							isRenoteMuted = userIdsWhoMeMutingRenotes.has(user.id);
+						}
+						if (!isRenoteMuted) {
+							this.notificationService.createNotification(following.followerId, 'note', {
+								noteId: note.id,
+							}, user.id);
+						}
 					}
 				}
 			});

From 3b804799c32f73fb2a122d2a9018066ea1973584 Mon Sep 17 00:00:00 2001
From: syuilo <4439005+syuilo@users.noreply.github.com>
Date: Thu, 21 Nov 2024 08:01:42 +0900
Subject: [PATCH 18/29] New Crowdin updates (#15000)

* New translations ja-jp.yml (Catalan)

* New translations ja-jp.yml (English)

* New translations ja-jp.yml (Korean)

* New translations ja-jp.yml (Chinese Simplified)

* New translations ja-jp.yml (Chinese Traditional)

* New translations ja-jp.yml (German)

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 locales/ca-ES.yml | 1 +
 locales/de-DE.yml | 5 +++++
 locales/en-US.yml | 1 +
 locales/ko-KR.yml | 7 +++++++
 locales/zh-CN.yml | 4 ++--
 locales/zh-TW.yml | 1 +
 6 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/locales/ca-ES.yml b/locales/ca-ES.yml
index b301780972..1aca3390e6 100644
--- a/locales/ca-ES.yml
+++ b/locales/ca-ES.yml
@@ -586,6 +586,7 @@ masterVolume: "Volum principal"
 notUseSound: "Sense so"
 useSoundOnlyWhenActive: "Reproduir sons només quan Misskey estigui actiu"
 details: "Detalls"
+renoteDetails: "Més informació sobre l'impuls "
 chooseEmoji: "Tria un emoji"
 unableToProcess: "L'operació no pot ser completada "
 recentUsed: "Utilitzat recentment"
diff --git a/locales/de-DE.yml b/locales/de-DE.yml
index 1b3925ef38..d85c930b73 100644
--- a/locales/de-DE.yml
+++ b/locales/de-DE.yml
@@ -1242,6 +1242,7 @@ keepOriginalFilenameDescription: "Wenn diese Einstellung deaktiviert ist, wird d
 noDescription: "Keine Beschreibung vorhanden"
 tryAgain: "Bitte später erneut versuchen"
 confirmWhenRevealingSensitiveMedia: "Das Anzeigen von sensiblen Medien bestätigen"
+sensitiveMediaRevealConfirm: "Es könnte sich um sensible Medien handeln. Möchtest du sie anzeigen?"
 createdLists: "Erstellte Listen"
 createdAntennas: "Erstellte Antennen"
 fromX: "Von {x}"
@@ -1253,6 +1254,8 @@ thereAreNChanges: "Es gibt {n} Änderung(en)"
 signinWithPasskey: "Mit Passkey anmelden"
 passkeyVerificationFailed: "Die Passkey-Verifizierung ist fehlgeschlagen."
 passkeyVerificationSucceededButPasswordlessLoginDisabled: "Die Verifizierung des Passkeys war erfolgreich, aber die passwortlose Anmeldung ist deaktiviert."
+messageToFollower: "Nachricht an die Follower"
+testCaptchaWarning: "Diese Funktion ist für CAPTCHA-Testzwecke gedacht.\n<strong>Nicht in einer Produktivumgebung verwenden.</strong>"
 prohibitedWordsForNameOfUser: "Verbotene Begriffe für Benutzernamen"
 prohibitedWordsForNameOfUserDescription: "Wenn eine Zeichenfolge aus dieser Liste im Namen eines Benutzers enthalten ist, wird der Benutzername abgelehnt. Benutzer mit Moderatorenrechten sind von dieser Einschränkung nicht betroffen."
 yourNameContainsProhibitedWords: "Dein Name enthält einen verbotenen Begriff"
@@ -1264,6 +1267,7 @@ _accountSettings:
   requireSigninToViewContentsDescription1: "Erfordere eine Anmeldung, um alle Notizen und andere Inhalte anzuzeigen, die du erstellt hast. Dadurch wird verhindert, dass Crawler deine Informationen sammeln."
   requireSigninToViewContentsDescription3: "Diese Einschränkungen gelten möglicherweise nicht für föderierte Inhalte von anderen Servern."
   makeNotesFollowersOnlyBefore: "Macht frühere Notizen nur für Follower sichtbar"
+  makeNotesHiddenBefore: "Frühere Notizen privat machen"
   mayNotEffectForFederatedNotes: "Dies hat möglicherweise keine Auswirkungen auf Notizen, die an andere Server föderiert werden."
 _abuseUserReport:
   forward: "Weiterleiten"
@@ -1274,6 +1278,7 @@ _delivery:
   stop: "Gesperrt"
   _type:
     none: "Wird veröffentlicht"
+    manuallySuspended: "Manuell gesperrt"
 _bubbleGame:
   howToPlay: "Wie man spielt"
   hold: "Halten"
diff --git a/locales/en-US.yml b/locales/en-US.yml
index 872cc4eb18..9ffc4263ef 100644
--- a/locales/en-US.yml
+++ b/locales/en-US.yml
@@ -586,6 +586,7 @@ masterVolume: "Master volume"
 notUseSound: "Disable sound"
 useSoundOnlyWhenActive: "Output sounds only if Misskey is active."
 details: "Details"
+renoteDetails: "Renote details"
 chooseEmoji: "Select an emoji"
 unableToProcess: "The operation could not be completed"
 recentUsed: "Recently used"
diff --git a/locales/ko-KR.yml b/locales/ko-KR.yml
index d20a9754b1..d694d2dbae 100644
--- a/locales/ko-KR.yml
+++ b/locales/ko-KR.yml
@@ -586,6 +586,7 @@ masterVolume: "마스터 볼륨"
 notUseSound: "음소거 하기"
 useSoundOnlyWhenActive: "Misskey를 활성화한 때에만 소리를 출력하기"
 details: "자세히"
+renoteDetails: "리노트 상세 내용"
 chooseEmoji: "이모지 선택"
 unableToProcess: "작업을 완료할 수 없습니다"
 recentUsed: "최근 사용"
@@ -1299,6 +1300,7 @@ thisContentsAreMarkedAsSigninRequiredByAuthor: "게시자에 의해 로그인해
 lockdown: "잠금"
 pleaseSelectAccount: "계정을 선택해주세요."
 availableRoles: "사용 가능한 역할"
+acknowledgeNotesAndEnable: "활성화 하기 전에 주의 사항을 확인했습니다."
 _accountSettings:
   requireSigninToViewContents: "콘텐츠 열람을 위해 로그인으 필수로 설정하기"
   requireSigninToViewContentsDescription1: "자신이 작성한 모든 노트 등의 콘텐츠를 보기 위해 로그인을 필수로 설정합니다. 크롤러가 정보 수집하는 것을 방지하는 효과를 기대할 수 있습니다."
@@ -1455,6 +1457,8 @@ _serverSettings:
   reactionsBufferingDescription: "활성화 한 경우, 리액션 작성 퍼포먼스가 대폭 향상되어 DB의 부하를 줄일 수 있으나, Redis의 메모리 사용량이 많아집니다."
   inquiryUrl: "문의처 URL"
   inquiryUrlDescription: "서버 운영자에게 보내는 문의 양식의 URL이나 운영자의 연락처 등이 적힌 웹 페이지의 URL을 설정합니다."
+  openRegistration: "회원 가입을 활성화 하기"
+  openRegistrationWarning: "회원 가입을 개방하는 것은 리스크가 따릅니다. 서버를 항상 감시할 수 있고, 문제가 발생했을 때 바로 대응할 수 있는 상태에서만 활성화 하는 것을 권장합니다."
   thisSettingWillAutomaticallyOffWhenModeratorsInactive: "일정 기간동안 모더레이터의 활동이 감지되지 않는 경우, 스팸 방지를 위해 이 설정은 자동으로 꺼집니다."
 _accountMigration:
   moveFrom: "다른 계정에서 이 계정으로 이사"
@@ -2737,3 +2741,6 @@ _selfXssPrevention:
   description1: "여기에 무언가를 붙여넣으면 악의적인 사용자에게 계정을 탈취당하거나 개인정보를 도용당할 수 있습니다."
   description2: "붙여 넣으려는 항목이 무엇인지 정확히 이해하지 못하는 경우, %c지금 바로 작업을 중단하고 이 창을 닫으십시오."
   description3: "자세한 내용은 여기를 확인해 주세요.  {link}"
+_followRequest:
+  recieved: "받은 신청"
+  sent: "보낸 신청"
diff --git a/locales/zh-CN.yml b/locales/zh-CN.yml
index c5a581035d..08e007df7f 100644
--- a/locales/zh-CN.yml
+++ b/locales/zh-CN.yml
@@ -1707,9 +1707,9 @@ _achievements:
       description: "在元旦登入"
       flavor: "今年也请对本服务器多多指教！"
     _cookieClicked:
-      title: "点击饼干小游戏"
+      title: "饼干点点乐"
       description: "点击了饼干"
-      flavor: "用错软件了？"
+      flavor: "穿越了？"
     _brainDiver:
       title: "Brain Diver"
       description: "发布了包含 Brain Diver 链接的帖子"
diff --git a/locales/zh-TW.yml b/locales/zh-TW.yml
index 1e8e27c7bd..d4ffb28c76 100644
--- a/locales/zh-TW.yml
+++ b/locales/zh-TW.yml
@@ -586,6 +586,7 @@ masterVolume: "主音量"
 notUseSound: "關閉音效"
 useSoundOnlyWhenActive: "瀏覽器在前景運作時，Misskey 才會發出音效"
 details: "詳細資訊"
+renoteDetails: "轉發貼文的細節"
 chooseEmoji: "選擇您的表情符號"
 unableToProcess: "操作無法完成"
 recentUsed: "最近使用"

From a3ad95c058c02fa94d3f72ce49f5068d4215a436 Mon Sep 17 00:00:00 2001
From: Julia <julia@insertdomain.name>
Date: Wed, 20 Nov 2024 18:24:50 -0500
Subject: [PATCH 19/29] Merge commit from fork

* Fix poll update spoofing

* fix: Disallow negative poll counts

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 .../src/core/activitypub/ApInboxService.ts    |  2 +-
 .../activitypub/models/ApQuestionService.ts   | 29 ++++++++++++++-----
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/packages/backend/src/core/activitypub/ApInboxService.ts b/packages/backend/src/core/activitypub/ApInboxService.ts
index 64ddd76bfa..9d0d8f486c 100644
--- a/packages/backend/src/core/activitypub/ApInboxService.ts
+++ b/packages/backend/src/core/activitypub/ApInboxService.ts
@@ -835,7 +835,7 @@ export class ApInboxService {
 			await this.apPersonService.updatePerson(actor.uri, resolver, object);
 			return 'ok: Person updated';
 		} else if (getApType(object) === 'Question') {
-			await this.apQuestionService.updateQuestion(object, resolver).catch(err => console.error(err));
+			await this.apQuestionService.updateQuestion(object, actor, resolver).catch(err => console.error(err));
 			return 'ok: Question updated';
 		} else {
 			return `skip: Unknown type: ${getApType(object)}`;
diff --git a/packages/backend/src/core/activitypub/models/ApQuestionService.ts b/packages/backend/src/core/activitypub/models/ApQuestionService.ts
index 7a040aa7e8..33fbbd54c3 100644
--- a/packages/backend/src/core/activitypub/models/ApQuestionService.ts
+++ b/packages/backend/src/core/activitypub/models/ApQuestionService.ts
@@ -5,16 +5,17 @@
 
 import { Inject, Injectable } from '@nestjs/common';
 import { DI } from '@/di-symbols.js';
-import type { NotesRepository, PollsRepository } from '@/models/_.js';
+import type { UsersRepository, NotesRepository, PollsRepository } from '@/models/_.js';
 import type { Config } from '@/config.js';
 import type { IPoll } from '@/models/Poll.js';
+import type { MiRemoteUser } from '@/models/User.js';
 import type Logger from '@/logger.js';
 import { bindThis } from '@/decorators.js';
-import { isQuestion } from '../type.js';
+import { getOneApId, isQuestion } from '../type.js';
 import { ApLoggerService } from '../ApLoggerService.js';
 import { ApResolverService } from '../ApResolverService.js';
 import type { Resolver } from '../ApResolverService.js';
-import type { IObject, IQuestion } from '../type.js';
+import type { IObject } from '../type.js';
 import { yumeAssertAcceptableURL } from '../misc/validator.js';
 import { toASCII } from 'punycode';
 
@@ -26,6 +27,9 @@ export class ApQuestionService {
 		@Inject(DI.config)
 		private config: Config,
 
+		@Inject(DI.usersRepository)
+		private usersRepository: UsersRepository,
+
 		@Inject(DI.notesRepository)
 		private notesRepository: NotesRepository,
 
@@ -67,7 +71,7 @@ export class ApQuestionService {
 	 * @returns true if updated
 	 */
 	@bindThis
-	public async updateQuestion(value: string | IObject, resolver?: Resolver): Promise<boolean> {
+	public async updateQuestion(value: string | IObject, actor?: MiRemoteUser, resolver?: Resolver): Promise<boolean> {
 		const uriIn = typeof value === 'string' ? value : value.id;
 		if (uriIn == null) throw new Error('uri is null');
 
@@ -82,15 +86,26 @@ export class ApQuestionService {
 
 		const poll = await this.pollsRepository.findOneBy({ noteId: note.id });
 		if (poll == null) throw new Error('Question is not registered');
+
+		const user = await this.usersRepository.findOneBy({ id: poll.userId });
+		if (user == null) throw new Error('Question is not registered');
 		//#endregion
 
 		// resolve new Question object
 		// eslint-disable-next-line no-param-reassign
 		if (resolver == null) resolver = this.apResolverService.createResolver();
-		const question = await resolver.resolve(value) as IQuestion;
+		const question = await resolver.resolve(value);
 		this.logger.debug(`fetched question: ${JSON.stringify(question, null, 2)}`);
 
-		if (question.type !== 'Question') throw new Error('object is not a Question');
+		if (!isQuestion(question)) throw new Error('object is not a Question');
+
+		const attribution = (question.attributedTo) ? getOneApId(question.attributedTo) : user.uri;
+		const attributionMatchesExisting = attribution === user.uri;
+		const actorMatchesAttribution = (actor) ? attribution === actor.uri : true;
+
+		if (!attributionMatchesExisting || !actorMatchesAttribution) {
+			throw new Error('Refusing to ingest update for poll by different user');
+		}
 
 		const apChoices = question.oneOf ?? question.anyOf;
 		if (apChoices == null) throw new Error('invalid apChoices: ' + apChoices);
@@ -100,7 +115,7 @@ export class ApQuestionService {
 		for (const choice of poll.choices) {
 			const oldCount = poll.votes[poll.choices.indexOf(choice)];
 			const newCount = apChoices.filter(ap => ap.name === choice).at(0)?.replies?.totalItems;
-			if (newCount == null) throw new Error('invalid newCount: ' + newCount);
+			if (newCount == null || !(Number.isInteger(newCount) && newCount >= 0)) throw new Error('invalid newCount: ' + newCount);
 
 			if (oldCount !== newCount) {
 				changed = true;

From ce08d2c82793d44d50d5b49c7b555cd0480afe2a Mon Sep 17 00:00:00 2001
From: rectcoordsystem <37621004+rectcoordsystem@users.noreply.github.com>
Date: Thu, 21 Nov 2024 08:27:09 +0900
Subject: [PATCH 20/29] Merge commit from fork

* fix(backend): check target IP before sending HTTP request

* fix(backend): allow accessing private IP when testing

* Apply suggestions from code review

Co-authored-by: anatawa12 <anatawa12@icloud.com>

* fix(backend): lint and typecheck

* fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService)

* fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses

---------

Co-authored-by: anatawa12 <anatawa12@icloud.com>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/core/DownloadService.ts  |  22 ----
 packages/backend/src/core/EmailService.ts     |   1 +
 .../backend/src/core/HttpRequestService.ts    | 115 ++++++++++++++++--
 .../src/server/web/UrlPreviewService.ts       |   2 +-
 4 files changed, 109 insertions(+), 31 deletions(-)

diff --git a/packages/backend/src/core/DownloadService.ts b/packages/backend/src/core/DownloadService.ts
index 6266e51496..8921b7e3f2 100644
--- a/packages/backend/src/core/DownloadService.ts
+++ b/packages/backend/src/core/DownloadService.ts
@@ -6,7 +6,6 @@
 import * as fs from 'node:fs';
 import * as stream from 'node:stream/promises';
 import { Inject, Injectable } from '@nestjs/common';
-import ipaddr from 'ipaddr.js';
 import chalk from 'chalk';
 import got, * as Got from 'got';
 import { parse } from 'content-disposition';
@@ -69,13 +68,6 @@ export class DownloadService {
 			},
 			enableUnixSockets: false,
 		}).on('response', (res: Got.Response) => {
-			if ((process.env.NODE_ENV === 'production' || process.env.NODE_ENV === 'test') && !this.config.proxy && res.ip) {
-				if (this.isPrivateIp(res.ip)) {
-					this.logger.warn(`Blocked address: ${res.ip}`);
-					req.destroy();
-				}
-			}
-
 			const contentLength = res.headers['content-length'];
 			if (contentLength != null) {
 				const size = Number(contentLength);
@@ -138,18 +130,4 @@ export class DownloadService {
 			cleanup();
 		}
 	}
-
-	@bindThis
-	private isPrivateIp(ip: string): boolean {
-		const parsedIp = ipaddr.parse(ip);
-
-		for (const net of this.config.allowedPrivateNetworks ?? []) {
-			const cidr = ipaddr.parseCIDR(net);
-			if (cidr[0].kind() === parsedIp.kind() && parsedIp.match(ipaddr.parseCIDR(net))) {
-				return false;
-			}
-		}
-
-		return parsedIp.range() !== 'unicast';
-	}
 }
diff --git a/packages/backend/src/core/EmailService.ts b/packages/backend/src/core/EmailService.ts
index 609cb70448..f38e0565ac 100644
--- a/packages/backend/src/core/EmailService.ts
+++ b/packages/backend/src/core/EmailService.ts
@@ -313,6 +313,7 @@ export class EmailService {
 					Accept: 'application/json',
 					Authorization: truemailAuthKey,
 				},
+				isLocalAddressAllowed: true,
 			});
 
 			const json = (await res.json()) as {
diff --git a/packages/backend/src/core/HttpRequestService.ts b/packages/backend/src/core/HttpRequestService.ts
index 0f39c0536b..d7db1acd8c 100644
--- a/packages/backend/src/core/HttpRequestService.ts
+++ b/packages/backend/src/core/HttpRequestService.ts
@@ -6,9 +6,10 @@
 import * as http from 'node:http';
 import * as https from 'node:https';
 import * as net from 'node:net';
+import ipaddr from 'ipaddr.js';
 import CacheableLookup from 'cacheable-lookup';
 import fetch from 'node-fetch';
-import { HttpProxyAgent, HttpsProxyAgent } from 'hpagent';
+import { HttpsProxyAgent } from 'hpagent';
 import { Inject, Injectable } from '@nestjs/common';
 import { DI } from '@/di-symbols.js';
 import type { Config } from '@/config.js';
@@ -25,8 +26,97 @@ export type HttpRequestSendOptions = {
 	validators?: ((res: Response) => void)[];
 };
 
+declare module 'node:http' {
+	interface Agent {
+		createConnection(options: net.NetConnectOpts, callback?: (err: unknown, stream: net.Socket) => void): net.Socket;
+	}
+}
+
+class HttpRequestServiceAgent extends http.Agent {
+	constructor(
+		private config: Config,
+		options?: http.AgentOptions,
+	) {
+		super(options);
+	}
+
+	@bindThis
+	public createConnection(options: net.NetConnectOpts, callback?: (err: unknown, stream: net.Socket) => void): net.Socket {
+		const socket = super.createConnection(options, callback)
+			.on('connect', () => {
+				const address = socket.remoteAddress;
+				if (process.env.NODE_ENV === 'production') {
+					if (address && ipaddr.isValid(address)) {
+						if (this.isPrivateIp(address)) {
+							socket.destroy(new Error(`Blocked address: ${address}`));
+						}
+					}
+				}
+			});
+		return socket;
+	};
+
+	@bindThis
+	private isPrivateIp(ip: string): boolean {
+		const parsedIp = ipaddr.parse(ip);
+	
+		for (const net of this.config.allowedPrivateNetworks ?? []) {
+			const cidr = ipaddr.parseCIDR(net);
+			if (cidr[0].kind() === parsedIp.kind() && parsedIp.match(ipaddr.parseCIDR(net))) {
+				return false;
+			}
+		}
+	
+		return parsedIp.range() !== 'unicast';
+	}
+}
+
+class HttpsRequestServiceAgent extends https.Agent {
+	constructor(
+		private config: Config,
+		options?: https.AgentOptions,
+	) {
+		super(options);
+	}
+
+	@bindThis
+	public createConnection(options: net.NetConnectOpts, callback?: (err: unknown, stream: net.Socket) => void): net.Socket {
+		const socket = super.createConnection(options, callback)
+			.on('connect', () => {
+				const address = socket.remoteAddress;
+				if (process.env.NODE_ENV === 'production') {
+					if (address && ipaddr.isValid(address)) {
+						if (this.isPrivateIp(address)) {
+							socket.destroy(new Error(`Blocked address: ${address}`));
+						}
+					}
+				}
+			});
+		return socket;
+	};
+
+	@bindThis
+	private isPrivateIp(ip: string): boolean {
+		const parsedIp = ipaddr.parse(ip);
+	
+		for (const net of this.config.allowedPrivateNetworks ?? []) {
+			const cidr = ipaddr.parseCIDR(net);
+			if (cidr[0].kind() === parsedIp.kind() && parsedIp.match(ipaddr.parseCIDR(net))) {
+				return false;
+			}
+		}
+	
+		return parsedIp.range() !== 'unicast';
+	}
+}
+
 @Injectable()
 export class HttpRequestService {
+	/**
+	 * Get https non-proxy agent (without local address filtering)
+	 */
+	private httpsNative: https.Agent;
+
 	/**
 	 * Get https non-proxy agent
 	 */
@@ -47,13 +137,18 @@ export class HttpRequestService {
 			lookup: false,	// nativeのdns.lookupにfallbackしない
 		});
 
-		this.https = new https.Agent({
+		const agentOption = {
 			keepAlive: true,
 			keepAliveMsecs: 30 * 1000,
 			lookup: cache.lookup as unknown as net.LookupFunction,
 			localAddress: config.outgoingAddress,
-			minVersion: 'TLSv1.2',
-		});
+			minVersion: 'TLSv1.2' as const,
+		};
+
+
+		this.httpsNative = new https.Agent(agentOption);
+
+		this.https = new HttpsRequestServiceAgent(config, agentOption);
 
 		const maxSockets = Math.max(256, config.deliverJobConcurrency ?? 128);
 
@@ -91,7 +186,7 @@ export class HttpRequestService {
 	}
 
 	@bindThis
-	public async getActivityJson(url: string): Promise<IObject> {
+	public async getActivityJson(url: string, isLocalAddressAllowed = false): Promise<IObject> {
 		const res = await this.send(url, {
 			method: 'GET',
 			headers: {
@@ -99,6 +194,7 @@ export class HttpRequestService {
 			},
 			timeout: 5000,
 			size: 1024 * 256,
+			isLocalAddressAllowed: isLocalAddressAllowed,
 		}, {
 			throwErrorWhenResponseNotOk: true,
 			validators: [validateContentTypeSetAsActivityPub],
@@ -113,7 +209,7 @@ export class HttpRequestService {
 	}
 
 	@bindThis
-	public async getJson<T = unknown>(url: string, accept = 'application/json, */*', headers?: Record<string, string>): Promise<T> {
+	public async getJson<T = unknown>(url: string, accept = 'application/json, */*', headers?: Record<string, string>, isLocalAddressAllowed = false): Promise<T> {
 		const res = await this.send(url, {
 			method: 'GET',
 			headers: Object.assign({
@@ -121,19 +217,21 @@ export class HttpRequestService {
 			}, headers ?? {}),
 			timeout: 5000,
 			size: 1024 * 256,
+			isLocalAddressAllowed: isLocalAddressAllowed,
 		});
 
 		return await res.json() as T;
 	}
 
 	@bindThis
-	public async getHtml(url: string, accept = 'text/html, */*', headers?: Record<string, string>): Promise<string> {
+	public async getHtml(url: string, accept = 'text/html, */*', headers?: Record<string, string>, isLocalAddressAllowed = false): Promise<string> {
 		const res = await this.send(url, {
 			method: 'GET',
 			headers: Object.assign({
 				Accept: accept,
 			}, headers ?? {}),
 			timeout: 5000,
+			isLocalAddressAllowed: isLocalAddressAllowed,
 		});
 
 		return await res.text();
@@ -148,6 +246,7 @@ export class HttpRequestService {
 			headers?: Record<string, string>,
 			timeout?: number,
 			size?: number,
+			isLocalAddressAllowed?: boolean,
 		} = {},
 		extra: HttpRequestSendOptions = {
 			throwErrorWhenResponseNotOk: true,
@@ -179,7 +278,7 @@ export class HttpRequestService {
 			},
 			body: args.body,
 			size: args.size ?? 10 * 1024 * 1024,
-			agent: (url) => this.getAgentByUrl(url),
+			agent: (url) => this.getAgentByUrl(url, false),
 			signal: controller.signal,
 		});
 
diff --git a/packages/backend/src/server/web/UrlPreviewService.ts b/packages/backend/src/server/web/UrlPreviewService.ts
index 94b4a9fd90..3642c358c0 100644
--- a/packages/backend/src/server/web/UrlPreviewService.ts
+++ b/packages/backend/src/server/web/UrlPreviewService.ts
@@ -144,6 +144,6 @@ export class UrlPreviewService {
 			contentLengthRequired: meta.urlPreviewRequireContentLength,
 		});
 
-		return this.httpRequestService.getJson<SummalyResult>(`${proxy}?${queryStr}`);
+		return this.httpRequestService.getJson<SummalyResult>(`${proxy}?${queryStr}`, 'application/json, */*', undefined, true);
 	}
 }

From d621657f165e5b0ebf8f0771b71e7da774ffe7c1 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 05:50:15 -0600
Subject: [PATCH 21/29] remove e2e testing

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 .forgejo/workflows/test-backend.yml | 74 ++++++++++++++---------------
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/.forgejo/workflows/test-backend.yml b/.forgejo/workflows/test-backend.yml
index 493c706723..2f562ebb28 100644
--- a/.forgejo/workflows/test-backend.yml
+++ b/.forgejo/workflows/test-backend.yml
@@ -59,40 +59,40 @@ jobs:
     - name: Test
       run: pnpm --filter backend test-and-coverage
 
-  e2e:
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        node-version: [22.11.0]
-
-    services:
-      postgres:
-        image: l1drm/postgres-pgroonga:alpine-15-znver4
-        env:
-          POSTGRES_DB: test-misskey
-          POSTGRES_HOST_AUTH_METHOD: trust
-      redis:
-        image: redis:7
-
-    steps:
-      - uses: actions/checkout@v4.1.1
-        with:
-          submodules: true
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4.0.4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: 'pnpm'
-      - run: corepack enable
-      - run: pnpm i --frozen-lockfile
-      - name: Check pnpm-lock.yaml
-        run: git diff --exit-code pnpm-lock.yaml
-      - name: Copy Configure
-        run: cp .forgejo/misskey/test.yml .config
-      - name: Build
-        run: pnpm build
-      - name: Test
-        run: pnpm --filter backend test-and-coverage:e2e
\ No newline at end of file
+#   e2e:
+#     runs-on: ubuntu-latest
+# 
+#     strategy:
+#       matrix:
+#         node-version: [22.11.0]
+# 
+#     services:
+#       postgres:
+#         image: l1drm/postgres-pgroonga:alpine-15-znver4
+#         env:
+#           POSTGRES_DB: test-misskey
+#           POSTGRES_HOST_AUTH_METHOD: trust
+#       redis:
+#         image: redis:7
+# 
+#     steps:
+#       - uses: actions/checkout@v4.1.1
+#         with:
+#           submodules: true
+#       - name: Install pnpm
+#         uses: pnpm/action-setup@v4
+#       - name: Use Node.js ${{ matrix.node-version }}
+#         uses: actions/setup-node@v4.0.4
+#         with:
+#           node-version: ${{ matrix.node-version }}
+#           cache: 'pnpm'
+#       - run: corepack enable
+#       - run: pnpm i --frozen-lockfile
+#       - name: Check pnpm-lock.yaml
+#         run: git diff --exit-code pnpm-lock.yaml
+#       - name: Copy Configure
+#         run: cp .forgejo/misskey/test.yml .config
+#       - name: Build
+#         run: pnpm build
+#       - name: Test
+#         run: pnpm --filter backend test-and-coverage:e2e
\ No newline at end of file

From 9bb310e0d1b31d39bd175610f7518b60e015db54 Mon Sep 17 00:00:00 2001
From: FLY_MC <me@flymc.cc>
Date: Thu, 21 Nov 2024 05:54:22 -0600
Subject: [PATCH 22/29] pick pari sw.ts

---
 packages/sw/src/sw.ts | 412 ++++++++++++++++++++++++------------------
 1 file changed, 240 insertions(+), 172 deletions(-)

diff --git a/packages/sw/src/sw.ts b/packages/sw/src/sw.ts
index bf980b83a4..124e24a98a 100644
--- a/packages/sw/src/sw.ts
+++ b/packages/sw/src/sw.ts
@@ -12,209 +12,277 @@ import { createEmptyNotification, createNotification } from '@/scripts/create-no
 import { swLang } from '@/scripts/lang.js';
 import * as swos from '@/scripts/operations.js';
 
-globalThis.addEventListener('install', () => {
-	// ev.waitUntil(globalThis.skipWaiting());
+const STATIC_CACHE_NAME = `misskey-static-${_VERSION_}`;
+const PATHS_TO_CACHE = ['/assets/', '/static-assets/', '/emoji/', '/twemoji/', '/fluent-emoji/', '/vite/'];
+
+async function requestStorage() {
+    try {
+        if (navigator.storage && navigator.storage.persisted) {
+            await navigator.storage.persisted();
+        }
+        if (navigator.storage && navigator.storage.estimate) {
+            const quota = await navigator.storage.estimate();
+            if (quota.quota && quota.quota < 2 * 1024 * 1024 * 1024) {
+                await navigator.storage.estimate;
+            }
+        }
+    } catch {
+			console.error('Failed to request storage');
+    }
+}
+
+async function cacheWithFallback(cache, paths) {
+    for (const path of paths) {
+        try {
+            await cache.add(new Request(path, { credentials: 'same-origin' }));
+        } catch (error) {}
+    }
+}
+
+globalThis.addEventListener('install', (ev) => {
+    ev.waitUntil((async () => {
+        await requestStorage();
+        const cache = await caches.open(STATIC_CACHE_NAME);
+        await cacheWithFallback(cache, PATHS_TO_CACHE);
+        await globalThis.skipWaiting();
+    })());
 });
 
 globalThis.addEventListener('activate', ev => {
-	ev.waitUntil(
-		caches.keys()
-			.then(cacheNames => Promise.all(
-				cacheNames
-					.filter((v) => v !== swLang.cacheName)
-					.map(name => caches.delete(name)),
-			))
-			.then(() => globalThis.clients.claim()),
-	);
+    ev.waitUntil(
+        caches.keys()
+            .then(cacheNames => Promise.all(
+                cacheNames
+                    .filter((v) => v !== STATIC_CACHE_NAME && v !== swLang.cacheName)
+                    .map(name => caches.delete(name)),
+            ))
+            .then(() => globalThis.clients.claim()),
+    );
 });
 
 async function offlineContentHTML() {
-	const i18n = await (swLang.i18n ?? swLang.fetchLocale()) as Partial<I18n<Locale>>;
-	const messages = {
-		title: i18n.ts?._offlineScreen.title ?? 'Offline - Could not connect to server',
-		header: i18n.ts?._offlineScreen.header ?? 'Could not connect to server',
-		reload: i18n.ts?.reload ?? 'Reload',
-	};
+    const i18n = await (swLang.i18n ?? swLang.fetchLocale()) as Partial<I18n<Locale>>;
+    const messages = {
+        title: i18n.ts?._offlineScreen.title ?? 'Offline - Could not connect to server',
+        header: i18n.ts?._offlineScreen.header ?? 'Could not connect to server',
+        reload: i18n.ts?.reload ?? 'Reload',
+    };
 
-	return `<!DOCTYPE html><html lang="ja"><head><meta charset="UTF-8"><meta content="width=device-width,initial-scale=1"name="viewport"><title>${messages.title}</title><style>body{background-color:#0c1210;color:#dee7e4;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:24px;box-sizing:border-box}.icon{max-width:120px;width:100%;height:auto;margin-bottom:20px;}.message{text-align:center;font-size:20px;font-weight:700;margin-bottom:20px}.version{text-align:center;font-size:90%;margin-bottom:20px}button{padding:7px 14px;min-width:100px;font-weight:700;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;border-radius:99rem;background-color:#b4e900;color:#192320;border:none;cursor:pointer;-webkit-tap-highlight-color:transparent}button:hover{background-color:#c6ff03}</style></head><body><svg class="icon"fill="none"height="24"stroke="currentColor"stroke-linecap="round"stroke-linejoin="round"stroke-width="2"viewBox="0 0 24 24"width="24"xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z"fill="none"stroke="none"/><path d="M9.58 5.548c.24 -.11 .492 -.207 .752 -.286c1.88 -.572 3.956 -.193 5.444 1c1.488 1.19 2.162 3.007 1.77 4.769h.99c1.913 0 3.464 1.56 3.464 3.486c0 .957 -.383 1.824 -1.003 2.454m-2.997 1.033h-11.343c-2.572 -.004 -4.657 -2.011 -4.657 -4.487c0 -2.475 2.085 -4.482 4.657 -4.482c.13 -.582 .37 -1.128 .7 -1.62"/><path d="M3 3l18 18"/></svg><div class="message">${messages.header}</div><div class="version">v${_VERSION_}</div><button onclick="reloadPage()">${messages.reload}</button><script>function reloadPage(){location.reload(!0)}</script></body></html>`;
+    return `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta content="width=device-width,initial-scale=1"name="viewport"><title>${messages.title}</title><style>body{background-color:#0c1210;color:#dee7e4;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:24px;box-sizing:border-box}.icon{max-width:120px;width:100%;height:auto;margin-bottom:20px;}.message{text-align:center;font-size:20px;font-weight:700;margin-bottom:20px}.version{text-align:center;font-size:90%;margin-bottom:20px}button{padding:7px 14px;min-width:100px;font-weight:700;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;border-radius:99rem;background-color:#ff82ab;color:#192320;border:none;cursor:pointer;-webkit-tap-highlight-color:transparent}button:hover{background-color:#fac5eb}</style></head><body><svg class="icon"fill="none"height="24"stroke="currentColor"stroke-linecap="round"stroke-linejoin="round"stroke-width="2"viewBox="0 0 24 24"width="24"xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z"fill="none"stroke="none"/><path d="M9.58 5.548c.24 -.11 .492 -.207 .752 -.286c1.88 -.572 3.956 -.193 5.444 1c1.488 1.19 2.162 3.007 1.77 4.769h.99c1.913 0 3.464 1.56 3.464 3.486c0 .957 -.383 1.824 -1.003 2.454m-2.997 1.033h-11.343c-2.572 -.004 -4.657 -2.011 -4.657 -4.487c0 -2.475 2.085 -4.482 4.657 -4.482c.13 -.582 .37 -1.128 .7 -1.62"/><path d="M3 3l18 18"/></svg><div class="message">${messages.header}</div><div class="version">v${_VERSION_}</div><button onclick="reloadPage()">${messages.reload}</button><script>function reloadPage(){location.reload(!0)}</script></body></html>`;
 }
 
 globalThis.addEventListener('fetch', ev => {
-	let isHTMLRequest = false;
-	if (ev.request.headers.get('sec-fetch-dest') === 'document') {
-		isHTMLRequest = true;
-	} else if (ev.request.headers.get('accept')?.includes('/html')) {
-		isHTMLRequest = true;
-	} else if (ev.request.url.endsWith('/')) {
-		isHTMLRequest = true;
-	}
+    const shouldCache = PATHS_TO_CACHE.some(path => ev.request.url.includes(path));
 
-	if (!isHTMLRequest) return;
-	ev.respondWith(
-		fetch(ev.request)
-			.catch(async () => {
-				const html = await offlineContentHTML();
-				return new Response(html, {
-					status: 200,
-					headers: {
-						'content-type': 'text/html',
-					},
-				});
-			}),
-	);
+    if (shouldCache) {
+        ev.respondWith(
+            caches.match(ev.request)
+                .then(async response => {
+                    if (response) return response;
+
+                    try {
+                        const fetchResponse = await fetch(ev.request);
+                        if (!fetchResponse || fetchResponse.status !== 200 || fetchResponse.type !== 'basic') {
+                            return fetchResponse;
+                        }
+
+                        const responseToCache = fetchResponse.clone();
+                        const cache = await caches.open(STATIC_CACHE_NAME);
+
+                        try {
+                            await cache.put(ev.request, responseToCache);
+                        } catch (err) {
+                            const keys = await cache.keys();
+                            if (keys.length > 0) {
+                                const deleteCount = Math.ceil(keys.length * 0.2);
+                                for (let i = 0; i < deleteCount; i++) {
+                                    await cache.delete(keys[i]);
+                                }
+                                await cache.put(ev.request, responseToCache.clone());
+                            }
+                        }
+
+                        return fetchResponse;
+                    } catch {
+                        return response;
+                    }
+                })
+        );
+        return;
+    }
+
+    let isHTMLRequest = false;
+    if (ev.request.headers.get('sec-fetch-dest') === 'document') {
+        isHTMLRequest = true;
+    } else if (ev.request.headers.get('accept')?.includes('/html')) {
+        isHTMLRequest = true;
+    } else if (ev.request.url.endsWith('/')) {
+        isHTMLRequest = true;
+    }
+
+    if (!isHTMLRequest) return;
+    ev.respondWith(
+        fetch(ev.request)
+            .catch(async () => {
+                const html = await offlineContentHTML();
+                return new Response(html, {
+                    status: 200,
+                    headers: {
+                        'content-type': 'text/html',
+                    },
+                });
+            }),
+    );
 });
 
 globalThis.addEventListener('push', ev => {
-	// クライアント取得
-	ev.waitUntil(globalThis.clients.matchAll({
-		includeUncontrolled: true,
-		type: 'window',
-	}).then(async () => {
-		const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.data?.json();
+    ev.waitUntil(globalThis.clients.matchAll({
+        includeUncontrolled: true,
+        type: 'window',
+    }).then(async () => {
+        const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.data?.json();
 
-		switch (data.type) {
-			// case 'driveFileCreated':
-			case 'notification':
-			case 'unreadAntennaNote':
-				// 1日以上経過している場合は無視
-				if (Date.now() - data.dateTime > 1000 * 60 * 60 * 24) break;
+        switch (data.type) {
+            case 'notification':
+            case 'unreadAntennaNote':
+                if (Date.now() - data.dateTime > 1000 * 60 * 60 * 24) break;
 
-				return createNotification(data);
-			case 'readAllNotifications':
-				await globalThis.registration.getNotifications()
-					.then(notifications => notifications.forEach(n => n.tag !== 'read_notification' && n.close()));
-				break;
-		}
+                return createNotification(data);
+            case 'readAllNotifications':
+                await globalThis.registration.getNotifications()
+                    .then(notifications => notifications.forEach(n => n.tag !== 'read_notification' && n.close()));
+                break;
+        }
 
-		await createEmptyNotification();
-		return;
-	}));
+        await createEmptyNotification();
+        return;
+    }));
 });
 
 globalThis.addEventListener('notificationclick', (ev: ServiceWorkerGlobalScopeEventMap['notificationclick']) => {
-	ev.waitUntil((async (): Promise<void> => {
-		if (_DEV_) {
-			console.log('notificationclick', ev.action, ev.notification.data);
-		}
+    ev.waitUntil((async (): Promise<void> => {
+        if (_DEV_) {
+            console.log('notificationclick', ev.action, ev.notification.data);
+        }
 
-		const { action, notification } = ev;
-		const data: PushNotificationDataMap[keyof PushNotificationDataMap] = notification.data ?? {};
-		const { userId: loginId } = data;
-		let client: WindowClient | null = null;
+        const { action, notification } = ev;
+        const data: PushNotificationDataMap[keyof PushNotificationDataMap] = notification.data ?? {};
+        const { userId: loginId } = data;
+        let client: WindowClient | null = null;
 
-		switch (data.type) {
-			case 'notification':
-				switch (action) {
-					case 'follow':
-						if ('userId' in data.body) await swos.api('following/create', loginId, { userId: data.body.userId });
-						break;
-					case 'showUser':
-						if ('user' in data.body) client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
-						break;
-					case 'reply':
-						if ('note' in data.body) client = await swos.openPost({ reply: data.body.note }, loginId);
-						break;
-					case 'renote':
-						if ('note' in data.body) await swos.api('notes/create', loginId, { renoteId: data.body.note.id });
-						break;
-					case 'accept':
-						switch (data.body.type) {
-							case 'receiveFollowRequest':
-								await swos.api('following/requests/accept', loginId, { userId: data.body.userId });
-								break;
-						}
-						break;
-					case 'reject':
-						switch (data.body.type) {
-							case 'receiveFollowRequest':
-								await swos.api('following/requests/reject', loginId, { userId: data.body.userId });
-								break;
-						}
-						break;
-					case 'showFollowRequests':
-						client = await swos.openClient('push', '/my/follow-requests', loginId);
-						break;
-					default:
-						switch (data.body.type) {
-							case 'receiveFollowRequest':
-								client = await swos.openClient('push', '/my/follow-requests', loginId);
-								break;
-							case 'reaction':
-								client = await swos.openNote(data.body.note.id, loginId);
-								break;
-							default:
-								if ('note' in data.body) {
-									client = await swos.openNote(data.body.note.id, loginId);
-								} else if ('user' in data.body) {
-									client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
-								}
-								break;
-						}
-				}
-				break;
-			case 'unreadAntennaNote':
-				client = await swos.openAntenna(data.body.antenna.id, loginId);
-				break;
-			default:
-				switch (action) {
-					case 'markAllAsRead':
-						await globalThis.registration.getNotifications()
-							.then(notifications => notifications.forEach(n => n.tag !== 'read_notification' && n.close()));
-						await get<Pick<Misskey.entities.SignupResponse, 'id' | 'token'>[]>('accounts').then(accounts => {
-							return Promise.all((accounts ?? []).map(async account => {
-								await swos.sendMarkAllAsRead(account.id);
-							}));
-						});
-						break;
-					case 'settings':
-						client = await swos.openClient('push', '/settings/notifications', loginId);
-						break;
-				}
-		}
+        switch (data.type) {
+            case 'notification':
+                switch (action) {
+                    case 'follow':
+                        if ('userId' in data.body) await swos.api('following/create', loginId, { userId: data.body.userId });
+                        break;
+                    case 'showUser':
+                        if ('user' in data.body) client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
+                        break;
+                    case 'reply':
+                        if ('note' in data.body) client = await swos.openPost({ reply: data.body.note }, loginId);
+                        break;
+                    case 'renote':
+                        if ('note' in data.body) await swos.api('notes/create', loginId, { renoteId: data.body.note.id });
+                        break;
+                    case 'accept':
+                        switch (data.body.type) {
+                            case 'receiveFollowRequest':
+                                await swos.api('following/requests/accept', loginId, { userId: data.body.userId });
+                                break;
+                        }
+                        break;
+                    case 'reject':
+                        switch (data.body.type) {
+                            case 'receiveFollowRequest':
+                                await swos.api('following/requests/reject', loginId, { userId: data.body.userId });
+                                break;
+                        }
+                        break;
+                    case 'showFollowRequests':
+                        client = await swos.openClient('push', '/my/follow-requests', loginId);
+                        break;
+                    case 'edited':
+                        if ('note' in data.body) client = await swos.openPost({ reply: data.body.note }, loginId);
+                        break;
+                    default:
+                        switch (data.body.type) {
+                            case 'receiveFollowRequest':
+                                client = await swos.openClient('push', '/my/follow-requests', loginId);
+                                break;
+                            case 'reaction':
+                                client = await swos.openNote(data.body.note.id, loginId);
+                                break;
+                            default:
+                                if ('note' in data.body) {
+                                    client = await swos.openNote(data.body.note.id, loginId);
+                                } else if ('user' in data.body) {
+                                    client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
+                                }
+                                break;
+                        }
+                }
+                break;
+            case 'unreadAntennaNote':
+                client = await swos.openAntenna(data.body.antenna.id, loginId);
+                break;
+            default:
+                switch (action) {
+                    case 'markAllAsRead':
+                        await globalThis.registration.getNotifications()
+                            .then(notifications => notifications.forEach(n => n.tag !== 'read_notification' && n.close()));
+                        await get<Pick<Misskey.entities.SignupResponse, 'id' | 'token'>[]>('accounts').then(accounts => {
+                            return Promise.all((accounts ?? []).map(async account => {
+                                await swos.sendMarkAllAsRead(account.id);
+                            }));
+                        });
+                        break;
+                    case 'settings':
+                        client = await swos.openClient('push', '/settings/notifications', loginId);
+                        break;
+                }
+        }
 
-		if (client) {
-			client.focus();
-		}
-		if (data.type === 'notification') {
-			await swos.sendMarkAllAsRead(loginId);
-		}
+        if (client) {
+            client.focus();
+        }
+        if (data.type === 'notification') {
+            await swos.sendMarkAllAsRead(loginId);
+        }
 
-		notification.close();
-	})());
+        notification.close();
+    })());
 });
 
 globalThis.addEventListener('notificationclose', (ev: ServiceWorkerGlobalScopeEventMap['notificationclose']) => {
-	const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.notification.data;
+    const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.notification.data;
 
-	ev.waitUntil((async (): Promise<void> => {
-		if (data.type === 'notification') {
-			await swos.sendMarkAllAsRead(data.userId);
-		}
-		return;
-	})());
+    ev.waitUntil((async (): Promise<void> => {
+        if (data.type === 'notification') {
+            await swos.sendMarkAllAsRead(data.userId);
+        }
+        return;
+    })());
 });
 
 globalThis.addEventListener('message', (ev: ServiceWorkerGlobalScopeEventMap['message']) => {
-	ev.waitUntil((async (): Promise<void> => {
-		switch (ev.data) {
-			case 'clear':
-				// Cache Storage全削除
-				await caches.keys()
-					.then(cacheNames => Promise.all(
-						cacheNames.map(name => caches.delete(name)),
-					));
-				return; // TODO
-		}
+    ev.waitUntil((async (): Promise<void> => {
+        if (ev.data === 'clear') {
+            await caches.keys()
+                .then(cacheNames => Promise.all(
+                    cacheNames.map(name => caches.delete(name)),
+                ));
+            return;
+        }
 
-		if (typeof ev.data === 'object') {
-			// E.g. '[object Array]' → 'array'
-			const otype = Object.prototype.toString.call(ev.data).slice(8, -1).toLowerCase();
+        if (typeof ev.data === 'object') {
+            const otype = Object.prototype.toString.call(ev.data).slice(8, -1).toLowerCase();
 
-			if (otype === 'object') {
-				if (ev.data.msg === 'initialize') {
-					swLang.setLang(ev.data.lang);
-				}
-			}
-		}
-	})());
+            if (otype === 'object') {
+                if (ev.data.msg === 'initialize') {
+                    swLang.setLang(ev.data.lang);
+                }
+            }
+        }
+    })());
 });

From 5587de26c7326e48a61d849b72d6d0a012d0ccd1 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 06:05:51 -0600
Subject: [PATCH 23/29] fix sw.js initialization order

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/sw/src/sw.ts | 457 +++++++++++++++++++++---------------------
 1 file changed, 230 insertions(+), 227 deletions(-)

diff --git a/packages/sw/src/sw.ts b/packages/sw/src/sw.ts
index 124e24a98a..89754c976e 100644
--- a/packages/sw/src/sw.ts
+++ b/packages/sw/src/sw.ts
@@ -15,274 +15,277 @@ import * as swos from '@/scripts/operations.js';
 const STATIC_CACHE_NAME = `misskey-static-${_VERSION_}`;
 const PATHS_TO_CACHE = ['/assets/', '/static-assets/', '/emoji/', '/twemoji/', '/fluent-emoji/', '/vite/'];
 
-async function requestStorage() {
-    try {
-        if (navigator.storage && navigator.storage.persisted) {
-            await navigator.storage.persisted();
-        }
-        if (navigator.storage && navigator.storage.estimate) {
-            const quota = await navigator.storage.estimate();
-            if (quota.quota && quota.quota < 2 * 1024 * 1024 * 1024) {
-                await navigator.storage.estimate;
-            }
-        }
-    } catch {
-			console.error('Failed to request storage');
-    }
+async function requestStorage(): Promise<FileSystemDirectoryHandle | null> {
+	try {
+		if (navigator.storage && navigator.storage.estimate) {
+			await navigator.storage.estimate();
+			if (navigator.storage && navigator.storage.persisted) {
+				if (!await navigator.storage.persisted()) {
+					return null;
+				}
+			}
+			return navigator.storage.getDirectory();
+		}
+	} catch {
+		console.error('Failed to request storage');
+	}
+	return null;
 }
 
 async function cacheWithFallback(cache, paths) {
-    for (const path of paths) {
-        try {
-            await cache.add(new Request(path, { credentials: 'same-origin' }));
-        } catch (error) {}
-    }
+	for (const path of paths) {
+		try {
+			await cache.add(new Request(path, { credentials: 'same-origin' }));
+		} catch (error) { }
+	}
 }
 
 globalThis.addEventListener('install', (ev) => {
-    ev.waitUntil((async () => {
-        await requestStorage();
-        const cache = await caches.open(STATIC_CACHE_NAME);
-        await cacheWithFallback(cache, PATHS_TO_CACHE);
-        await globalThis.skipWaiting();
-    })());
+	ev.waitUntil((async () => {
+		const storage = await requestStorage();
+		registerFetchHandler(storage);
+		const cache = await caches.open(STATIC_CACHE_NAME);
+		await cacheWithFallback(cache, PATHS_TO_CACHE);
+		await globalThis.skipWaiting();
+	})());
 });
 
 globalThis.addEventListener('activate', ev => {
-    ev.waitUntil(
-        caches.keys()
-            .then(cacheNames => Promise.all(
-                cacheNames
-                    .filter((v) => v !== STATIC_CACHE_NAME && v !== swLang.cacheName)
-                    .map(name => caches.delete(name)),
-            ))
-            .then(() => globalThis.clients.claim()),
-    );
+	ev.waitUntil(
+		caches.keys()
+			.then(cacheNames => Promise.all(
+				cacheNames
+					.filter((v) => v !== STATIC_CACHE_NAME && v !== swLang.cacheName)
+					.map(name => caches.delete(name)),
+			))
+			.then(() => globalThis.clients.claim()),
+	);
 });
 
 async function offlineContentHTML() {
-    const i18n = await (swLang.i18n ?? swLang.fetchLocale()) as Partial<I18n<Locale>>;
-    const messages = {
-        title: i18n.ts?._offlineScreen.title ?? 'Offline - Could not connect to server',
-        header: i18n.ts?._offlineScreen.header ?? 'Could not connect to server',
-        reload: i18n.ts?.reload ?? 'Reload',
-    };
+	const i18n = await (swLang.i18n ?? swLang.fetchLocale()) as Partial<I18n<Locale>>;
+	const messages = {
+		title: i18n.ts?._offlineScreen.title ?? 'Offline - Could not connect to server',
+		header: i18n.ts?._offlineScreen.header ?? 'Could not connect to server',
+		reload: i18n.ts?.reload ?? 'Reload',
+	};
 
-    return `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta content="width=device-width,initial-scale=1"name="viewport"><title>${messages.title}</title><style>body{background-color:#0c1210;color:#dee7e4;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:24px;box-sizing:border-box}.icon{max-width:120px;width:100%;height:auto;margin-bottom:20px;}.message{text-align:center;font-size:20px;font-weight:700;margin-bottom:20px}.version{text-align:center;font-size:90%;margin-bottom:20px}button{padding:7px 14px;min-width:100px;font-weight:700;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;border-radius:99rem;background-color:#ff82ab;color:#192320;border:none;cursor:pointer;-webkit-tap-highlight-color:transparent}button:hover{background-color:#fac5eb}</style></head><body><svg class="icon"fill="none"height="24"stroke="currentColor"stroke-linecap="round"stroke-linejoin="round"stroke-width="2"viewBox="0 0 24 24"width="24"xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z"fill="none"stroke="none"/><path d="M9.58 5.548c.24 -.11 .492 -.207 .752 -.286c1.88 -.572 3.956 -.193 5.444 1c1.488 1.19 2.162 3.007 1.77 4.769h.99c1.913 0 3.464 1.56 3.464 3.486c0 .957 -.383 1.824 -1.003 2.454m-2.997 1.033h-11.343c-2.572 -.004 -4.657 -2.011 -4.657 -4.487c0 -2.475 2.085 -4.482 4.657 -4.482c.13 -.582 .37 -1.128 .7 -1.62"/><path d="M3 3l18 18"/></svg><div class="message">${messages.header}</div><div class="version">v${_VERSION_}</div><button onclick="reloadPage()">${messages.reload}</button><script>function reloadPage(){location.reload(!0)}</script></body></html>`;
+	return `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta content="width=device-width,initial-scale=1"name="viewport"><title>${messages.title}</title><style>body{background-color:#0c1210;color:#dee7e4;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:24px;box-sizing:border-box}.icon{max-width:120px;width:100%;height:auto;margin-bottom:20px;}.message{text-align:center;font-size:20px;font-weight:700;margin-bottom:20px}.version{text-align:center;font-size:90%;margin-bottom:20px}button{padding:7px 14px;min-width:100px;font-weight:700;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;border-radius:99rem;background-color:#ff82ab;color:#192320;border:none;cursor:pointer;-webkit-tap-highlight-color:transparent}button:hover{background-color:#fac5eb}</style></head><body><svg class="icon"fill="none"height="24"stroke="currentColor"stroke-linecap="round"stroke-linejoin="round"stroke-width="2"viewBox="0 0 24 24"width="24"xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z"fill="none"stroke="none"/><path d="M9.58 5.548c.24 -.11 .492 -.207 .752 -.286c1.88 -.572 3.956 -.193 5.444 1c1.488 1.19 2.162 3.007 1.77 4.769h.99c1.913 0 3.464 1.56 3.464 3.486c0 .957 -.383 1.824 -1.003 2.454m-2.997 1.033h-11.343c-2.572 -.004 -4.657 -2.011 -4.657 -4.487c0 -2.475 2.085 -4.482 4.657 -4.482c.13 -.582 .37 -1.128 .7 -1.62"/><path d="M3 3l18 18"/></svg><div class="message">${messages.header}</div><div class="version">v${_VERSION_}</div><button onclick="reloadPage()">${messages.reload}</button><script>function reloadPage(){location.reload(!0)}</script></body></html>`;
 }
 
-globalThis.addEventListener('fetch', ev => {
-    const shouldCache = PATHS_TO_CACHE.some(path => ev.request.url.includes(path));
+async function registerFetchHandler(root: FileSystemDirectoryHandle | null) {
+	console.debug('rootfs:', root);
 
-    if (shouldCache) {
-        ev.respondWith(
-            caches.match(ev.request)
-                .then(async response => {
-                    if (response) return response;
+	globalThis.addEventListener('fetch', ev => {
+		const shouldCache = PATHS_TO_CACHE.some(path => ev.request.url.includes(path));
 
-                    try {
-                        const fetchResponse = await fetch(ev.request);
-                        if (!fetchResponse || fetchResponse.status !== 200 || fetchResponse.type !== 'basic') {
-                            return fetchResponse;
-                        }
+		if (shouldCache) {
+			ev.respondWith(
+				caches.match(ev.request)
+					.then(async response => {
+						if (response) return response;
 
-                        const responseToCache = fetchResponse.clone();
-                        const cache = await caches.open(STATIC_CACHE_NAME);
+						const fetchResponse = await fetch(ev.request);
+						if (!fetchResponse || fetchResponse.status !== 200 || fetchResponse.type !== 'basic') {
+							return fetchResponse;
+						}
 
-                        try {
-                            await cache.put(ev.request, responseToCache);
-                        } catch (err) {
-                            const keys = await cache.keys();
-                            if (keys.length > 0) {
-                                const deleteCount = Math.ceil(keys.length * 0.2);
-                                for (let i = 0; i < deleteCount; i++) {
-                                    await cache.delete(keys[i]);
-                                }
-                                await cache.put(ev.request, responseToCache.clone());
-                            }
-                        }
+						const responseToCache = fetchResponse.clone();
+						const cache = await caches.open(STATIC_CACHE_NAME);
 
-                        return fetchResponse;
-                    } catch {
-                        return response;
-                    }
-                })
-        );
-        return;
-    }
+						try {
+							await cache.put(ev.request, responseToCache);
+						} catch (err) {
+							const keys = await cache.keys();
+							if (keys.length > 0) {
+								const deleteCount = Math.ceil(keys.length * 0.2);
+								for (let i = 0; i < deleteCount; i++) {
+									await cache.delete(keys[i]);
+								}
+								await cache.put(ev.request, responseToCache.clone());
+							}
+						}
 
-    let isHTMLRequest = false;
-    if (ev.request.headers.get('sec-fetch-dest') === 'document') {
-        isHTMLRequest = true;
-    } else if (ev.request.headers.get('accept')?.includes('/html')) {
-        isHTMLRequest = true;
-    } else if (ev.request.url.endsWith('/')) {
-        isHTMLRequest = true;
-    }
+						return fetchResponse;
+					})
+			);
+			return;
+		}
+
+		let isHTMLRequest = false;
+		if (ev.request.headers.get('sec-fetch-dest') === 'document') {
+			isHTMLRequest = true;
+		} else if (ev.request.headers.get('accept')?.includes('/html')) {
+			isHTMLRequest = true;
+		} else if (ev.request.url.endsWith('/')) {
+			isHTMLRequest = true;
+		}
+
+		if (!isHTMLRequest) return;
+		ev.respondWith(
+			fetch(ev.request)
+				.catch(async () => {
+					const html = await offlineContentHTML();
+					return new Response(html, {
+						status: 200,
+						headers: {
+							'content-type': 'text/html',
+						},
+					});
+				}),
+		);
+	});
+}
 
-    if (!isHTMLRequest) return;
-    ev.respondWith(
-        fetch(ev.request)
-            .catch(async () => {
-                const html = await offlineContentHTML();
-                return new Response(html, {
-                    status: 200,
-                    headers: {
-                        'content-type': 'text/html',
-                    },
-                });
-            }),
-    );
-});
 
 globalThis.addEventListener('push', ev => {
-    ev.waitUntil(globalThis.clients.matchAll({
-        includeUncontrolled: true,
-        type: 'window',
-    }).then(async () => {
-        const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.data?.json();
+	ev.waitUntil(globalThis.clients.matchAll({
+		includeUncontrolled: true,
+		type: 'window',
+	}).then(async () => {
+		const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.data?.json();
 
-        switch (data.type) {
-            case 'notification':
-            case 'unreadAntennaNote':
-                if (Date.now() - data.dateTime > 1000 * 60 * 60 * 24) break;
+		switch (data.type) {
+			case 'notification':
+			case 'unreadAntennaNote':
+				if (Date.now() - data.dateTime > 1000 * 60 * 60 * 24) break;
 
-                return createNotification(data);
-            case 'readAllNotifications':
-                await globalThis.registration.getNotifications()
-                    .then(notifications => notifications.forEach(n => n.tag !== 'read_notification' && n.close()));
-                break;
-        }
+				return createNotification(data);
+			case 'readAllNotifications':
+				await globalThis.registration.getNotifications()
+					.then(notifications => notifications.forEach(n => n.tag !== 'read_notification' && n.close()));
+				break;
+		}
 
-        await createEmptyNotification();
-        return;
-    }));
+		await createEmptyNotification();
+		return;
+	}));
 });
 
 globalThis.addEventListener('notificationclick', (ev: ServiceWorkerGlobalScopeEventMap['notificationclick']) => {
-    ev.waitUntil((async (): Promise<void> => {
-        if (_DEV_) {
-            console.log('notificationclick', ev.action, ev.notification.data);
-        }
+	ev.waitUntil((async (): Promise<void> => {
+		if (_DEV_) {
+			console.log('notificationclick', ev.action, ev.notification.data);
+		}
 
-        const { action, notification } = ev;
-        const data: PushNotificationDataMap[keyof PushNotificationDataMap] = notification.data ?? {};
-        const { userId: loginId } = data;
-        let client: WindowClient | null = null;
+		const { action, notification } = ev;
+		const data: PushNotificationDataMap[keyof PushNotificationDataMap] = notification.data ?? {};
+		const { userId: loginId } = data;
+		let client: WindowClient | null = null;
 
-        switch (data.type) {
-            case 'notification':
-                switch (action) {
-                    case 'follow':
-                        if ('userId' in data.body) await swos.api('following/create', loginId, { userId: data.body.userId });
-                        break;
-                    case 'showUser':
-                        if ('user' in data.body) client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
-                        break;
-                    case 'reply':
-                        if ('note' in data.body) client = await swos.openPost({ reply: data.body.note }, loginId);
-                        break;
-                    case 'renote':
-                        if ('note' in data.body) await swos.api('notes/create', loginId, { renoteId: data.body.note.id });
-                        break;
-                    case 'accept':
-                        switch (data.body.type) {
-                            case 'receiveFollowRequest':
-                                await swos.api('following/requests/accept', loginId, { userId: data.body.userId });
-                                break;
-                        }
-                        break;
-                    case 'reject':
-                        switch (data.body.type) {
-                            case 'receiveFollowRequest':
-                                await swos.api('following/requests/reject', loginId, { userId: data.body.userId });
-                                break;
-                        }
-                        break;
-                    case 'showFollowRequests':
-                        client = await swos.openClient('push', '/my/follow-requests', loginId);
-                        break;
-                    case 'edited':
-                        if ('note' in data.body) client = await swos.openPost({ reply: data.body.note }, loginId);
-                        break;
-                    default:
-                        switch (data.body.type) {
-                            case 'receiveFollowRequest':
-                                client = await swos.openClient('push', '/my/follow-requests', loginId);
-                                break;
-                            case 'reaction':
-                                client = await swos.openNote(data.body.note.id, loginId);
-                                break;
-                            default:
-                                if ('note' in data.body) {
-                                    client = await swos.openNote(data.body.note.id, loginId);
-                                } else if ('user' in data.body) {
-                                    client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
-                                }
-                                break;
-                        }
-                }
-                break;
-            case 'unreadAntennaNote':
-                client = await swos.openAntenna(data.body.antenna.id, loginId);
-                break;
-            default:
-                switch (action) {
-                    case 'markAllAsRead':
-                        await globalThis.registration.getNotifications()
-                            .then(notifications => notifications.forEach(n => n.tag !== 'read_notification' && n.close()));
-                        await get<Pick<Misskey.entities.SignupResponse, 'id' | 'token'>[]>('accounts').then(accounts => {
-                            return Promise.all((accounts ?? []).map(async account => {
-                                await swos.sendMarkAllAsRead(account.id);
-                            }));
-                        });
-                        break;
-                    case 'settings':
-                        client = await swos.openClient('push', '/settings/notifications', loginId);
-                        break;
-                }
-        }
+		switch (data.type) {
+			case 'notification':
+				switch (action) {
+					case 'follow':
+						if ('userId' in data.body) await swos.api('following/create', loginId, { userId: data.body.userId });
+						break;
+					case 'showUser':
+						if ('user' in data.body) client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
+						break;
+					case 'reply':
+						if ('note' in data.body) client = await swos.openPost({ reply: data.body.note }, loginId);
+						break;
+					case 'renote':
+						if ('note' in data.body) await swos.api('notes/create', loginId, { renoteId: data.body.note.id });
+						break;
+					case 'accept':
+						switch (data.body.type) {
+							case 'receiveFollowRequest':
+								await swos.api('following/requests/accept', loginId, { userId: data.body.userId });
+								break;
+						}
+						break;
+					case 'reject':
+						switch (data.body.type) {
+							case 'receiveFollowRequest':
+								await swos.api('following/requests/reject', loginId, { userId: data.body.userId });
+								break;
+						}
+						break;
+					case 'showFollowRequests':
+						client = await swos.openClient('push', '/my/follow-requests', loginId);
+						break;
+					case 'edited':
+						if ('note' in data.body) client = await swos.openPost({ reply: data.body.note }, loginId);
+						break;
+					default:
+						switch (data.body.type) {
+							case 'receiveFollowRequest':
+								client = await swos.openClient('push', '/my/follow-requests', loginId);
+								break;
+							case 'reaction':
+								client = await swos.openNote(data.body.note.id, loginId);
+								break;
+							default:
+								if ('note' in data.body) {
+									client = await swos.openNote(data.body.note.id, loginId);
+								} else if ('user' in data.body) {
+									client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
+								}
+								break;
+						}
+				}
+				break;
+			case 'unreadAntennaNote':
+				client = await swos.openAntenna(data.body.antenna.id, loginId);
+				break;
+			default:
+				switch (action) {
+					case 'markAllAsRead':
+						await globalThis.registration.getNotifications()
+							.then(notifications => notifications.forEach(n => n.tag !== 'read_notification' && n.close()));
+						await get<Pick<Misskey.entities.SignupResponse, 'id' | 'token'>[]>('accounts').then(accounts => {
+							return Promise.all((accounts ?? []).map(async account => {
+								await swos.sendMarkAllAsRead(account.id);
+							}));
+						});
+						break;
+					case 'settings':
+						client = await swos.openClient('push', '/settings/notifications', loginId);
+						break;
+				}
+		}
 
-        if (client) {
-            client.focus();
-        }
-        if (data.type === 'notification') {
-            await swos.sendMarkAllAsRead(loginId);
-        }
+		if (client) {
+			client.focus();
+		}
+		if (data.type === 'notification') {
+			await swos.sendMarkAllAsRead(loginId);
+		}
 
-        notification.close();
-    })());
+		notification.close();
+	})());
 });
 
 globalThis.addEventListener('notificationclose', (ev: ServiceWorkerGlobalScopeEventMap['notificationclose']) => {
-    const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.notification.data;
+	const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.notification.data;
 
-    ev.waitUntil((async (): Promise<void> => {
-        if (data.type === 'notification') {
-            await swos.sendMarkAllAsRead(data.userId);
-        }
-        return;
-    })());
+	ev.waitUntil((async (): Promise<void> => {
+		if (data.type === 'notification') {
+			await swos.sendMarkAllAsRead(data.userId);
+		}
+		return;
+	})());
 });
 
 globalThis.addEventListener('message', (ev: ServiceWorkerGlobalScopeEventMap['message']) => {
-    ev.waitUntil((async (): Promise<void> => {
-        if (ev.data === 'clear') {
-            await caches.keys()
-                .then(cacheNames => Promise.all(
-                    cacheNames.map(name => caches.delete(name)),
-                ));
-            return;
-        }
+	ev.waitUntil((async (): Promise<void> => {
+		if (ev.data === 'clear') {
+			await caches.keys()
+				.then(cacheNames => Promise.all(
+					cacheNames.map(name => caches.delete(name)),
+				));
+			return;
+		}
 
-        if (typeof ev.data === 'object') {
-            const otype = Object.prototype.toString.call(ev.data).slice(8, -1).toLowerCase();
+		if (typeof ev.data === 'object') {
+			const otype = Object.prototype.toString.call(ev.data).slice(8, -1).toLowerCase();
 
-            if (otype === 'object') {
-                if (ev.data.msg === 'initialize') {
-                    swLang.setLang(ev.data.lang);
-                }
-            }
-        }
-    })());
+			if (otype === 'object') {
+				if (ev.data.msg === 'initialize') {
+					swLang.setLang(ev.data.lang);
+				}
+			}
+		}
+	})());
 });

From 8d48909e4f0e8dbbf9af85b42e3dd26884eb3c9c Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 06:06:30 -0600
Subject: [PATCH 24/29] remove unused httpAgent

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/core/DownloadService.ts         | 1 -
 packages/backend/src/server/web/UrlPreviewService.ts | 1 -
 packages/sw/src/sw.ts                                | 8 +++++++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/packages/backend/src/core/DownloadService.ts b/packages/backend/src/core/DownloadService.ts
index 93f4a38246..6266e51496 100644
--- a/packages/backend/src/core/DownloadService.ts
+++ b/packages/backend/src/core/DownloadService.ts
@@ -61,7 +61,6 @@ export class DownloadService {
 				request: operationTimeout,	// whole operation timeout
 			},
 			agent: {
-				http: this.httpRequestService.httpAgent,
 				https: this.httpRequestService.httpsAgent,
 			},
 			http2: false,	// default
diff --git a/packages/backend/src/server/web/UrlPreviewService.ts b/packages/backend/src/server/web/UrlPreviewService.ts
index 5d493c2c46..94b4a9fd90 100644
--- a/packages/backend/src/server/web/UrlPreviewService.ts
+++ b/packages/backend/src/server/web/UrlPreviewService.ts
@@ -118,7 +118,6 @@ export class UrlPreviewService {
 	private fetchSummary(url: string, meta: MiMeta, lang?: string): Promise<SummalyResult> {
 		const agent = this.config.proxy
 			? {
-				http: this.httpRequestService.httpAgent,
 				https: this.httpRequestService.httpsAgent,
 			}
 			: undefined;
diff --git a/packages/sw/src/sw.ts b/packages/sw/src/sw.ts
index 89754c976e..dba5bd55ad 100644
--- a/packages/sw/src/sw.ts
+++ b/packages/sw/src/sw.ts
@@ -43,7 +43,7 @@ async function cacheWithFallback(cache, paths) {
 globalThis.addEventListener('install', (ev) => {
 	ev.waitUntil((async () => {
 		const storage = await requestStorage();
-		registerFetchHandler(storage);
+		await registerFetchHandler(storage);
 		const cache = await caches.open(STATIC_CACHE_NAME);
 		await cacheWithFallback(cache, PATHS_TO_CACHE);
 		await globalThis.skipWaiting();
@@ -75,6 +75,12 @@ async function offlineContentHTML() {
 
 async function registerFetchHandler(root: FileSystemDirectoryHandle | null) {
 	console.debug('rootfs:', root);
+	const state = await root?.getFileHandle('state.json', { create: true })
+	await state?.createWritable().then(async writable => {
+		await writable.write(JSON.stringify({ started: Date.now() }));
+		await writable.close();
+	});
+
 
 	globalThis.addEventListener('fetch', ev => {
 		const shouldCache = PATHS_TO_CACHE.some(path => ev.request.url.includes(path));

From 748685e53e2800da283bdaefee5b142a267c56d6 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 10:11:42 -0600
Subject: [PATCH 25/29] fix handling of private renotes

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/core/NoteCreateService.ts | 5 +++--
 packages/backend/src/core/activitypub/type.ts  | 1 -
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/backend/src/core/NoteCreateService.ts b/packages/backend/src/core/NoteCreateService.ts
index 3647fa7231..6f5773058b 100644
--- a/packages/backend/src/core/NoteCreateService.ts
+++ b/packages/backend/src/core/NoteCreateService.ts
@@ -7,6 +7,7 @@ import { setImmediate } from 'node:timers/promises';
 import * as mfm from 'mfm-js';
 import { In, DataSource, IsNull, LessThan } from 'typeorm';
 import * as Redis from 'ioredis';
+import * as Bull from 'bullmq';
 import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';
 import { extractMentions } from '@/misc/extract-mentions.js';
 import { extractCustomEmojisFromMfm } from '@/misc/extract-custom-emojis-from-mfm.js';
@@ -291,7 +292,7 @@ export class NoteCreateService implements OnApplicationShutdown {
 				case 'followers':
 					// 他人のfollowers noteはreject
 					if (data.renote.userId !== user.id) {
-						throw new Error('Renote target is not public or home');
+						throw new Bull.UnrecoverableError('Renote target is not public or home');
 					}
 
 					// Renote対象がfollowersならfollowersにする
@@ -299,7 +300,7 @@ export class NoteCreateService implements OnApplicationShutdown {
 					break;
 				case 'specified':
 					// specified / direct noteはreject
-					throw new Error('Renote target is not public or home');
+					throw new Bull.UnrecoverableError('Renote target is not public or home');
 			}
 		}
 
diff --git a/packages/backend/src/core/activitypub/type.ts b/packages/backend/src/core/activitypub/type.ts
index 6c77ef92d0..57dc2fe5f8 100644
--- a/packages/backend/src/core/activitypub/type.ts
+++ b/packages/backend/src/core/activitypub/type.ts
@@ -79,7 +79,6 @@ export function markOutgoing<T, L extends 'question' | undefined>(object: T, _ba
 
 export function yumeNormalizeURL(url: string): string {
 	const u = new URL(url);
-	u.hash = '';
 	u.host = toASCII(u.host);
 	if (u.protocol && u.protocol !== 'https:') {
 		throw new bull.UnrecoverableError('protocol is not https');

From 9052a025989eadce8f9a720f5cc4b9dbde9147c8 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 10:20:20 -0600
Subject: [PATCH 26/29] fix a mishap during merging upstream

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/core/activitypub/type.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/backend/src/core/activitypub/type.ts b/packages/backend/src/core/activitypub/type.ts
index 57dc2fe5f8..79c561d933 100644
--- a/packages/backend/src/core/activitypub/type.ts
+++ b/packages/backend/src/core/activitypub/type.ts
@@ -611,7 +611,7 @@ export function yumeDowncastRemove(object: IObject): IRemove | null {
 export function yumeDowncastLike(object: IObject): ILike | null {
 	if (getApType(object) !== 'Like') return null;
 	const obj = object as ILike;
-	if (!obj.actor || !obj.object || !obj.target) return null;
+	if (!obj.actor || !obj.object) return null;
 	return {
 		...extractMisskeyVendorKeys(object),
 		...extractSafe(object),

From 8e508b921ca21fd0e8722b73e037009cbb692c90 Mon Sep 17 00:00:00 2001
From: fly_mc <me@flymc.cc>
Date: Fri, 22 Nov 2024 00:40:28 +0800
Subject: [PATCH 27/29] Pick pari sw.ts

---
 packages/sw/src/sw.ts | 442 +++++++++++++++++++-----------------------
 1 file changed, 199 insertions(+), 243 deletions(-)

diff --git a/packages/sw/src/sw.ts b/packages/sw/src/sw.ts
index dba5bd55ad..042ce570da 100644
--- a/packages/sw/src/sw.ts
+++ b/packages/sw/src/sw.ts
@@ -15,283 +15,239 @@ import * as swos from '@/scripts/operations.js';
 const STATIC_CACHE_NAME = `misskey-static-${_VERSION_}`;
 const PATHS_TO_CACHE = ['/assets/', '/static-assets/', '/emoji/', '/twemoji/', '/fluent-emoji/', '/vite/'];
 
-async function requestStorage(): Promise<FileSystemDirectoryHandle | null> {
-	try {
-		if (navigator.storage && navigator.storage.estimate) {
-			await navigator.storage.estimate();
-			if (navigator.storage && navigator.storage.persisted) {
-				if (!await navigator.storage.persisted()) {
-					return null;
-				}
-			}
-			return navigator.storage.getDirectory();
-		}
-	} catch {
-		console.error('Failed to request storage');
-	}
-	return null;
-}
-
 async function cacheWithFallback(cache, paths) {
-	for (const path of paths) {
-		try {
-			await cache.add(new Request(path, { credentials: 'same-origin' }));
-		} catch (error) { }
-	}
+    for (const path of paths) {
+        try {
+            await cache.add(new Request(path, { credentials: 'same-origin' }));
+        } catch (error) {
+            // eslint-disable-next-line no-empty
+        }
+    }
 }
 
 globalThis.addEventListener('install', (ev) => {
-	ev.waitUntil((async () => {
-		const storage = await requestStorage();
-		await registerFetchHandler(storage);
-		const cache = await caches.open(STATIC_CACHE_NAME);
-		await cacheWithFallback(cache, PATHS_TO_CACHE);
-		await globalThis.skipWaiting();
-	})());
+    ev.waitUntil((async () => {
+        const cache = await caches.open(STATIC_CACHE_NAME);
+        await cacheWithFallback(cache, PATHS_TO_CACHE);
+        await globalThis.skipWaiting();
+    })());
 });
 
-globalThis.addEventListener('activate', ev => {
-	ev.waitUntil(
-		caches.keys()
-			.then(cacheNames => Promise.all(
-				cacheNames
-					.filter((v) => v !== STATIC_CACHE_NAME && v !== swLang.cacheName)
-					.map(name => caches.delete(name)),
-			))
-			.then(() => globalThis.clients.claim()),
-	);
+globalThis.addEventListener('activate', (ev) => {
+    ev.waitUntil(
+        caches.keys()
+            .then((cacheNames) => Promise.all(
+                cacheNames
+                    .filter((v) => v !== STATIC_CACHE_NAME && v !== swLang.cacheName)
+                    .map((name) => caches.delete(name)),
+            ))
+            .then(() => globalThis.clients.claim()),
+    );
 });
 
 async function offlineContentHTML() {
-	const i18n = await (swLang.i18n ?? swLang.fetchLocale()) as Partial<I18n<Locale>>;
-	const messages = {
-		title: i18n.ts?._offlineScreen.title ?? 'Offline - Could not connect to server',
-		header: i18n.ts?._offlineScreen.header ?? 'Could not connect to server',
-		reload: i18n.ts?.reload ?? 'Reload',
-	};
+    const i18n = await (swLang.i18n ?? swLang.fetchLocale()) as Partial<I18n<Locale>>;
+    const messages = {
+        title: i18n.ts?._offlineScreen.title ?? 'Offline - Could not connect to server',
+        header: i18n.ts?._offlineScreen.header ?? 'Could not connect to server',
+        reload: i18n.ts?.reload ?? 'Reload',
+    };
 
-	return `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta content="width=device-width,initial-scale=1"name="viewport"><title>${messages.title}</title><style>body{background-color:#0c1210;color:#dee7e4;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:24px;box-sizing:border-box}.icon{max-width:120px;width:100%;height:auto;margin-bottom:20px;}.message{text-align:center;font-size:20px;font-weight:700;margin-bottom:20px}.version{text-align:center;font-size:90%;margin-bottom:20px}button{padding:7px 14px;min-width:100px;font-weight:700;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;border-radius:99rem;background-color:#ff82ab;color:#192320;border:none;cursor:pointer;-webkit-tap-highlight-color:transparent}button:hover{background-color:#fac5eb}</style></head><body><svg class="icon"fill="none"height="24"stroke="currentColor"stroke-linecap="round"stroke-linejoin="round"stroke-width="2"viewBox="0 0 24 24"width="24"xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z"fill="none"stroke="none"/><path d="M9.58 5.548c.24 -.11 .492 -.207 .752 -.286c1.88 -.572 3.956 -.193 5.444 1c1.488 1.19 2.162 3.007 1.77 4.769h.99c1.913 0 3.464 1.56 3.464 3.486c0 .957 -.383 1.824 -1.003 2.454m-2.997 1.033h-11.343c-2.572 -.004 -4.657 -2.011 -4.657 -4.487c0 -2.475 2.085 -4.482 4.657 -4.482c.13 -.582 .37 -1.128 .7 -1.62"/><path d="M3 3l18 18"/></svg><div class="message">${messages.header}</div><div class="version">v${_VERSION_}</div><button onclick="reloadPage()">${messages.reload}</button><script>function reloadPage(){location.reload(!0)}</script></body></html>`;
+    return `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta content="width=device-width,initial-scale=1" name="viewport"><title>${messages.title}</title><style>body{background-color:#0c1210;color:#dee7e4;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:24px;box-sizing:border-box}.icon{max-width:120px;width:100%;height:auto;margin-bottom:20px;}.message{text-align:center;font-size:20px;font-weight:700;margin-bottom:20px}.version{text-align:center;font-size:90%;margin-bottom:20px}button{padding:7px 14px;min-width:100px;font-weight:700;font-family:Hiragino Maru Gothic Pro,BIZ UDGothic,Roboto,HelveticaNeue,Arial,sans-serif;line-height:1.35;border-radius:99rem;background-color:#ff82ab;color:#192320;border:none;cursor:pointer;-webkit-tap-highlight-color:transparent}button:hover{background-color:#fac5eb}</style></head><body><svg class="icon" fill="none" height="24" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" viewBox="0 0 24 24" width="24" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none" stroke="none"/><path d="M9.58 5.548c.24 -.11 .492 -.207 .752 -.286c1.88 -.572 3.956 -.193 5.444 1c1.488 1.19 2.162 3.007 1.77 4.769h.99c1.913 0 3.464 1.56 3.464 3.486c0 .957 -.383 1.824 -1.003 2.454m-2.997 1.033h-11.343c-2.572 -.004 -4.657 -2.011 -4.657 -4.487c0 -2.475 2.085 -4.482 4.657 -4.482c.13 -.582 .37 -1.128 .7 -1.62"/><path d="M3 3l18 18"/></svg><div class="message">${messages.header}</div><div class="version">v${_VERSION_}</div><button onclick="reloadPage()">${messages.reload}</button><script>function reloadPage(){location.reload(true)}</script></body></html>`;
 }
 
-async function registerFetchHandler(root: FileSystemDirectoryHandle | null) {
-	console.debug('rootfs:', root);
-	const state = await root?.getFileHandle('state.json', { create: true })
-	await state?.createWritable().then(async writable => {
-		await writable.write(JSON.stringify({ started: Date.now() }));
-		await writable.close();
-	});
+globalThis.addEventListener('fetch', (ev) => {
+    const shouldCache = PATHS_TO_CACHE.some((path) => ev.request.url.includes(path));
 
+    if (shouldCache) {
+        ev.respondWith(
+            caches.match(ev.request)
+                .then((response) => {
+                    if (response) return response;
 
-	globalThis.addEventListener('fetch', ev => {
-		const shouldCache = PATHS_TO_CACHE.some(path => ev.request.url.includes(path));
+                    return fetch(ev.request).then((response) => {
+                        if (!response || response.status !== 200 || response.type !== 'basic') return response;
+                        const responseToCache = response.clone();
+                        caches.open(STATIC_CACHE_NAME)
+                            .then((cache) => {
+                                cache.put(ev.request, responseToCache);
+                            });
+                        return response;
+                    });
+                }),
+        );
+        return;
+    }
 
-		if (shouldCache) {
-			ev.respondWith(
-				caches.match(ev.request)
-					.then(async response => {
-						if (response) return response;
+    let isHTMLRequest = false;
+    if (ev.request.headers.get('sec-fetch-dest') === 'document') {
+        isHTMLRequest = true;
+    } else if (ev.request.headers.get('accept')?.includes('/html')) {
+        isHTMLRequest = true;
+    } else if (ev.request.url.endsWith('/')) {
+        isHTMLRequest = true;
+    }
 
-						const fetchResponse = await fetch(ev.request);
-						if (!fetchResponse || fetchResponse.status !== 200 || fetchResponse.type !== 'basic') {
-							return fetchResponse;
-						}
+    if (!isHTMLRequest) return;
+    ev.respondWith(
+        fetch(ev.request)
+            .catch(async () => {
+                const html = await offlineContentHTML();
+                return new Response(html, {
+                    status: 200,
+                    headers: {
+                        'content-type': 'text/html',
+                    },
+                });
+            }),
+    );
+});
 
-						const responseToCache = fetchResponse.clone();
-						const cache = await caches.open(STATIC_CACHE_NAME);
+globalThis.addEventListener('push', (ev) => {
+    ev.waitUntil(globalThis.clients.matchAll({
+        includeUncontrolled: true,
+        type: 'window',
+    }).then(async () => {
+        const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.data?.json();
 
-						try {
-							await cache.put(ev.request, responseToCache);
-						} catch (err) {
-							const keys = await cache.keys();
-							if (keys.length > 0) {
-								const deleteCount = Math.ceil(keys.length * 0.2);
-								for (let i = 0; i < deleteCount; i++) {
-									await cache.delete(keys[i]);
-								}
-								await cache.put(ev.request, responseToCache.clone());
-							}
-						}
+        switch (data.type) {
+            case 'notification':
+            case 'unreadAntennaNote':
+                if (Date.now() - data.dateTime > 1000 * 60 * 60 * 24) break;
 
-						return fetchResponse;
-					})
-			);
-			return;
-		}
+                return createNotification(data);
+            case 'readAllNotifications':
+                await globalThis.registration.getNotifications()
+                    .then((notifications) => notifications.forEach((n) => n.tag !== 'read_notification' && n.close()));
+                break;
+        }
 
-		let isHTMLRequest = false;
-		if (ev.request.headers.get('sec-fetch-dest') === 'document') {
-			isHTMLRequest = true;
-		} else if (ev.request.headers.get('accept')?.includes('/html')) {
-			isHTMLRequest = true;
-		} else if (ev.request.url.endsWith('/')) {
-			isHTMLRequest = true;
-		}
-
-		if (!isHTMLRequest) return;
-		ev.respondWith(
-			fetch(ev.request)
-				.catch(async () => {
-					const html = await offlineContentHTML();
-					return new Response(html, {
-						status: 200,
-						headers: {
-							'content-type': 'text/html',
-						},
-					});
-				}),
-		);
-	});
-}
-
-
-globalThis.addEventListener('push', ev => {
-	ev.waitUntil(globalThis.clients.matchAll({
-		includeUncontrolled: true,
-		type: 'window',
-	}).then(async () => {
-		const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.data?.json();
-
-		switch (data.type) {
-			case 'notification':
-			case 'unreadAntennaNote':
-				if (Date.now() - data.dateTime > 1000 * 60 * 60 * 24) break;
-
-				return createNotification(data);
-			case 'readAllNotifications':
-				await globalThis.registration.getNotifications()
-					.then(notifications => notifications.forEach(n => n.tag !== 'read_notification' && n.close()));
-				break;
-		}
-
-		await createEmptyNotification();
-		return;
-	}));
+        await createEmptyNotification();
+        return;
+    }));
 });
 
 globalThis.addEventListener('notificationclick', (ev: ServiceWorkerGlobalScopeEventMap['notificationclick']) => {
-	ev.waitUntil((async (): Promise<void> => {
-		if (_DEV_) {
-			console.log('notificationclick', ev.action, ev.notification.data);
-		}
+    ev.waitUntil((async (): Promise<void> => {
+        if (_DEV_) {
+            console.log('notificationclick', ev.action, ev.notification.data);
+        }
 
-		const { action, notification } = ev;
-		const data: PushNotificationDataMap[keyof PushNotificationDataMap] = notification.data ?? {};
-		const { userId: loginId } = data;
-		let client: WindowClient | null = null;
+        const { action, notification } = ev;
+        const data: PushNotificationDataMap[keyof PushNotificationDataMap] = notification.data ?? {};
+        const { userId: loginId } = data;
+        let client: WindowClient | null = null;
 
-		switch (data.type) {
-			case 'notification':
-				switch (action) {
-					case 'follow':
-						if ('userId' in data.body) await swos.api('following/create', loginId, { userId: data.body.userId });
-						break;
-					case 'showUser':
-						if ('user' in data.body) client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
-						break;
-					case 'reply':
-						if ('note' in data.body) client = await swos.openPost({ reply: data.body.note }, loginId);
-						break;
-					case 'renote':
-						if ('note' in data.body) await swos.api('notes/create', loginId, { renoteId: data.body.note.id });
-						break;
-					case 'accept':
-						switch (data.body.type) {
-							case 'receiveFollowRequest':
-								await swos.api('following/requests/accept', loginId, { userId: data.body.userId });
-								break;
-						}
-						break;
-					case 'reject':
-						switch (data.body.type) {
-							case 'receiveFollowRequest':
-								await swos.api('following/requests/reject', loginId, { userId: data.body.userId });
-								break;
-						}
-						break;
-					case 'showFollowRequests':
-						client = await swos.openClient('push', '/my/follow-requests', loginId);
-						break;
-					case 'edited':
-						if ('note' in data.body) client = await swos.openPost({ reply: data.body.note }, loginId);
-						break;
-					default:
-						switch (data.body.type) {
-							case 'receiveFollowRequest':
-								client = await swos.openClient('push', '/my/follow-requests', loginId);
-								break;
-							case 'reaction':
-								client = await swos.openNote(data.body.note.id, loginId);
-								break;
-							default:
-								if ('note' in data.body) {
-									client = await swos.openNote(data.body.note.id, loginId);
-								} else if ('user' in data.body) {
-									client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
-								}
-								break;
-						}
-				}
-				break;
-			case 'unreadAntennaNote':
-				client = await swos.openAntenna(data.body.antenna.id, loginId);
-				break;
-			default:
-				switch (action) {
-					case 'markAllAsRead':
-						await globalThis.registration.getNotifications()
-							.then(notifications => notifications.forEach(n => n.tag !== 'read_notification' && n.close()));
-						await get<Pick<Misskey.entities.SignupResponse, 'id' | 'token'>[]>('accounts').then(accounts => {
-							return Promise.all((accounts ?? []).map(async account => {
-								await swos.sendMarkAllAsRead(account.id);
-							}));
-						});
-						break;
-					case 'settings':
-						client = await swos.openClient('push', '/settings/notifications', loginId);
-						break;
-				}
-		}
+        switch (data.type) {
+            case 'notification':
+                switch (action) {
+                    case 'follow':
+                        if ('userId' in data.body) await swos.api('following/create', loginId, { userId: data.body.userId });
+                        break;
+                    case 'showUser':
+                        if ('user' in data.body) client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
+                        break;
+                    case 'reply':
+                        if ('note' in data.body) client = await swos.openPost({ reply: data.body.note }, loginId);
+                        break;
+                    case 'renote':
+                        if ('note' in data.body) await swos.api('notes/create', loginId, { renoteId: data.body.note.id });
+                        break;
+                    case 'accept':
+                        switch (data.body.type) {
+                            case 'receiveFollowRequest':
+                                await swos.api('following/requests/accept', loginId, { userId: data.body.userId });
+                                break;
+                        }
+                        break;
+                    case 'reject':
+                        switch (data.body.type) {
+                            case 'receiveFollowRequest':
+                                await swos.api('following/requests/reject', loginId, { userId: data.body.userId });
+                                break;
+                        }
+                        break;
+                    case 'showFollowRequests':
+                        client = await swos.openClient('push', '/my/follow-requests', loginId);
+                        break;
+                    default:
+                        switch (data.body.type) {
+                            case 'receiveFollowRequest':
+                                client = await swos.openClient('push', '/my/follow-requests', loginId);
+                                break;
+                            case 'reaction':
+                                client = await swos.openNote(data.body.note.id, loginId);
+                                break;
+                            default:
+                                if ('note' in data.body) {
+                                    client = await swos.openNote(data.body.note.id, loginId);
+                                } else if ('user' in data.body) {
+                                    client = await swos.openUser(Misskey.acct.toString(data.body.user), loginId);
+                                }
+                                break;
+                        }
+                }
+                break;
+            case 'unreadAntennaNote':
+                client = await swos.openAntenna(data.body.antenna.id, loginId);
+                break;
+            default:
+                switch (action) {
+                    case 'markAllAsRead':
+                        await globalThis.registration.getNotifications()
+                            .then((notifications) => notifications.forEach((n) => n.tag !== 'read_notification' && n.close()));
+                        await get<Pick<Misskey.entities.SignupResponse, 'id' | 'token'>[]>('accounts').then((accounts) => {
+                            return Promise.all((accounts ?? []).map(async (account) => {
+                                await swos.sendMarkAllAsRead(account.id);
+                            }));
+                        });
+                        break;
+                    case 'settings':
+                        client = await swos.openClient('push', '/settings/notifications', loginId);
+                        break;
+                }
+        }
 
-		if (client) {
-			client.focus();
-		}
-		if (data.type === 'notification') {
-			await swos.sendMarkAllAsRead(loginId);
-		}
+        if (client) {
+            client.focus();
+        }
+        if (data.type === 'notification') {
+            await swos.sendMarkAllAsRead(loginId);
+        }
 
-		notification.close();
-	})());
+        notification.close();
+    })());
 });
 
 globalThis.addEventListener('notificationclose', (ev: ServiceWorkerGlobalScopeEventMap['notificationclose']) => {
-	const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.notification.data;
+    const data: PushNotificationDataMap[keyof PushNotificationDataMap] = ev.notification.data;
 
-	ev.waitUntil((async (): Promise<void> => {
-		if (data.type === 'notification') {
-			await swos.sendMarkAllAsRead(data.userId);
-		}
-		return;
-	})());
+    ev.waitUntil((async (): Promise<void> => {
+        if (data.type === 'notification') {
+            await swos.sendMarkAllAsRead(data.userId);
+        }
+        return;
+    })());
 });
 
 globalThis.addEventListener('message', (ev: ServiceWorkerGlobalScopeEventMap['message']) => {
-	ev.waitUntil((async (): Promise<void> => {
-		if (ev.data === 'clear') {
-			await caches.keys()
-				.then(cacheNames => Promise.all(
-					cacheNames.map(name => caches.delete(name)),
-				));
-			return;
-		}
+    ev.waitUntil((async (): Promise<void> => {
+        if (ev.data === 'clear') {
+            await caches.keys()
+                .then((cacheNames) => Promise.all(
+                    cacheNames.map((name) => caches.delete(name)),
+                ));
+            return;
+        }
 
-		if (typeof ev.data === 'object') {
-			const otype = Object.prototype.toString.call(ev.data).slice(8, -1).toLowerCase();
+        if (typeof ev.data === 'object') {
+            const otype = Object.prototype.toString.call(ev.data).slice(8, -1).toLowerCase();
 
-			if (otype === 'object') {
-				if (ev.data.msg === 'initialize') {
-					swLang.setLang(ev.data.lang);
-				}
-			}
-		}
-	})());
+            if (otype === 'object') {
+                if (ev.data.msg === 'initialize') {
+                    swLang.setLang(ev.data.lang);
+                }
+            }
+        }
+    })());
 });

From b29f49fefc1b6353b2b9b870b216aeda9a7fe870 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 11:21:45 -0600
Subject: [PATCH 28/29] add media proxy to worker-src

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/server/csp.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/backend/src/server/csp.ts b/packages/backend/src/server/csp.ts
index 3e1e7962b8..adbebd0059 100644
--- a/packages/backend/src/server/csp.ts
+++ b/packages/backend/src/server/csp.ts
@@ -50,6 +50,7 @@ export function generateCSP(hashedMap: Map<string, CSPHashed>, options: {
             '\'wasm-unsafe-eval\'', 
             ...scripts
         ]],
+        ['worker-src', ['\'self\'', options.mediaProxy].filter(Boolean)],
         ['object-src', ['\'none\'']],
         ['base-uri', ['\'self\'']],
         ['form-action', ['\'self\'']],

From 63a98f3b413fbafc39989ac1ae58e10c76e3c600 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Thu, 21 Nov 2024 10:30:17 -0600
Subject: [PATCH 29/29] 2024.11.0-yumechinokuni.6

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 CHANGELOG.md                     | 8 ++++++++
 package.json                     | 2 +-
 packages/misskey-js/package.json | 2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7cd084495b..e0e05e51d3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 2024.11.0-yumechinokuni.6
+
+- Upstream: 2024.11.0-alpha.4 タッグをマージする
+- Performance: EmojiのリクエストをProxyでキャッシュするように
+- Performance: Service Workerのキャッシュを最適化
+- Security: AP Payloadの検証を強化
+- Security: Image/Video Processorはドライブ機能だけを使うように
+
 ## 2024.11.0-yumechinokuni.5
 
 - Upstream: 2024.11.0-alpha.2 タッグをマージする
diff --git a/package.json b/package.json
index 6e61cd1a55..fc3b559ffa 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "misskey",
-	"version": "2024.11.0-yumechinokuni.5",
+	"version": "2024.11.0-yumechinokuni.6",
 	"codename": "nasubi",
 	"repository": {
 		"type": "git",
diff --git a/packages/misskey-js/package.json b/packages/misskey-js/package.json
index 0749978fa9..6ad182c7e0 100644
--- a/packages/misskey-js/package.json
+++ b/packages/misskey-js/package.json
@@ -1,7 +1,7 @@
 {
 	"type": "module",
 	"name": "misskey-js",
-	"version": "2024.11.0-yumechinokuni.5",
+	"version": "2024.11.0-yumechinokuni.6",
 	"description": "Misskey SDK for JavaScript",
 	"license": "MIT",
 	"main": "./built/index.js",