sendnrw/misskey
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
26,451 Commits 45 Branches 1,101 Tags
231c2c2e5419612949d24db8bd89cb5d78a5ccb4
Commit Graph

2148 Commits

Author SHA1 Message Date
Julia
b9cb949eb1 Merge commit from fork 
* Fix poll update spoofing

* fix: Disallow negative poll counts

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-11-21 08:24:50 +09:00
Julia
5f675201f2 Merge commit from fork 
* enhance: Add a few validation fixes from Sharkey

See the original MR on the GitLab instance:
https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484

Co-Authored-By: Dakkar <dakkar@thenautilus.net>

* fix: primitive 2: acceptance of cross-origin alternate

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 3: validation of non-final url

* fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities

* fix: primitives 5 & 8: reject activities with non
string identifiers

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 6: reject anonymous objects that were fetched by their id

* fix: primitives 9, 10 & 11: http signature validation
doesn't enforce required headers or specify auth header name

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections

* fix: code style for primitive 14

* fix: primitive 15: improper same-origin validation for
note uri and url

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 16: improper same-origin validation for user uri and url

* fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array

* fix: code style for primitive 17

* fix: check attribution against actor in notes

While this isn't strictly required to fix the exploits at hand, this
mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a
preemptive countermeasure.

* fix: primitive 18: `ap/get` bypasses access checks

One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.

* fix: primitive 19 & 20: respect blocks and hide more

Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.

* fix: primitives 21, 22, and 23: reuse resolver

This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.

* fix: primitives 25-33: proper local instance checks

* revert: fix: primitive 19 & 20

This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c.

---------

Co-authored-by: Dakkar <dakkar@thenautilus.net>
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-11-21 08:20:09 +09:00
Sayamame-beans
aa48a0e207 Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正 (#15006) 
* fix(backend): renoteMute doesn't work for note notification

* docs(changelog): update changelog
 2024-11-21 08:00:50 +09:00
syuilo
f0c3a4cc0b perf(frontend): reduce api requests for non-logged-in enviroment (#15001) 
* wip

* Update CHANGELOG.md

* wip
 2024-11-21 07:58:34 +09:00
zawa-ch.
763c708253 Fix(backend): アカウント削除のモデレーションログが動作していないのを修正 (#14996) (#14997) 
* アカウント削除のモデレーションログが動作していないのを修正

* update CHANGELOG
 2024-11-19 21:12:40 +09:00
おさむのひと
7b9c884a5d refactor(backend): SystemWebhookで送信されるペイロードの型を追加 (#14980) 2024-11-19 10:41:39 +09:00
饺子w (Yumechi)
e800c0f85a fix(backend): お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 (#14990) 
* fix(backend): アナウンスメントを作成ときに画像URLを後悔できないのを修正

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* Update CHANGELOG.md

Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>

---------

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>
 2024-11-19 10:29:42 +09:00
CDN
b3c2de2b26 fix(backend): fallback sharedInbox to null in ApPersonService (#14970) 2024-11-16 18:53:28 +09:00
syuilo
eef0c895bc use execa 8.0.1 
#14966
 2024-11-15 19:48:31 +09:00
syuilo
d9d92bcfbf Revert "use nodemon 3.0.2" 
This reverts commit ce1f84e5a3.
 2024-11-15 19:40:12 +09:00
syuilo
ce1f84e5a3 use nodemon 3.0.2 
#14966
 2024-11-15 19:33:50 +09:00
かっこかり
c0d1682604 feat: 送信したフォローリクエストを確認できるように (#14856) 
* FEAT: Allow users to view pending follow requests they sent

This commit implements the `following/requests/sent` interface firstly
implemented on Firefish, and provides a UI interface to view the pending
follow requests users sent.

* ux: should not show follow requests tab when have no pending sent follow req

* fix default followreq tab

* fix default followreq tab

* restore missing hasPendingReceivedFollowRequest in navbar

* refactor

* use tabler icons

* tweak design

* Revert "ux: should not show follow requests tab when have no pending sent follow req"

This reverts commit e580b92c37.

* Update Changelog

* Update Changelog

* change tab titles

---------

Co-authored-by: Lhc_fl <lhcfl@outlook.com>
Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
 2024-11-15 17:30:54 +09:00
syuilo
e26e24b610 update deps (#14950) 
* update deps

* wip

* Revert "wip"

This reverts commit 393de249fe.

* wip

* wip

* wip

* wip
 2024-11-15 17:22:00 +09:00
饺子w (Yumechi)
a11b77a415 fix(backend): Webhook Test一致性 (#14863) 
* fix(backend): Webhook Test一致性

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* UserWebhookPayload<'followed'> 修正

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

---------

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
 2024-11-12 09:51:18 +09:00
かっこかり
4a62051ce7 fix(backend): ローカルユーザーへのメンションを含むノートが連合される際に正しいURLに変換されないことがある問題を修正 (#14879) 
* fix: make sure mentions of local users get rendered correctly during AP delivery (resolves #645)

* Update Changelog

* indent

---------

Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-11-09 10:58:09 +09:00
momoirodouhu
a4c5ce1413 enhance(backend) : リモートユーザーの照会をオリジナルにリダイレクトするように (#12892) (#14897) 
* enhance(backend) : リモートユーザーの照会をオリジナルにリダイレクトするように (#12892)

* オリジンリダイレクトのテストをtodoとして追加。

e2eテストにリモートユーザー考慮のテストがなさそうなので。

次のコマンドで動くことは確認済みです。
curl "http://localhost:3000/@foo@bar" -H "accept: application/activity+json" -L

* Acctのパースを既存のパーサーでするように修正

* lint
 2024-11-09 10:54:44 +09:00
かっこかり
e75b62f3f5 enhance(frontend): 個別お知らせページではmetaタグを出力するように (#14902) 
* enhance(frontend): 個別お知らせページではmetaタグを出力するように

* Update Changelog
 2024-11-09 10:53:09 +09:00
かっこかり
98b4717c45 fix(backend): SQLのサニタイズを強化 (#14920) 
* Fix code scanning alert no. 28: Incomplete string escaping or encoding (MisskeyIO#800)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
(cherry picked from commit 443335c662b14f609d6a81a8f3807e95709aebc1)

* ✌️

---------

Co-authored-by: あわわわとーにゅ <17376330+u1-liquid@users.noreply.github.com>
 2024-11-09 10:51:28 +09:00
4ster1sk
794cb9ffe2 fix(backend): followedMessageではなくdescriptionになっていたのを修正 (#14908) 2024-11-07 17:16:51 +09:00
4ster1sk
bca690f256 fix(backend): フォロワーへのメッセージの絵文字をemojisに含めるように (#14904) 2024-11-07 15:10:10 +09:00
かっこかり
b1c82213a3 fix(backend): FTT無効時にユーザーリストタイムラインが使用できない問題を修正 (#14878) 
* fix: return getfromdb when FanoutTimeline is not enabled

* Update Changelog

* fix

---------

Co-authored-by: Lhc_fl <lhcfl@outlook.com>
 2024-11-06 22:01:21 +09:00
かっこかり
6718a54f6f fix(backend): ノートを連合する際にリモートユーザーのacctの大小文字を区別して処理している問題を修正 (#14880) 
* fix: make sure outgoing remote mentions get resolved correctly if referenced with non-canonical casing (resolves #646)

* Update Changelog

* Update Changelog

* indent

---------

Co-authored-by: Laura Hausmann <laura@hausmann.dev>
 2024-11-03 08:26:51 +09:00
かっこかり
f30d19051f enhance(backend): check_connect.js で全RedisとDBへの接続を確認するように (#14853) 
* fix race conditions in check_connect.js

(cherry picked from commit 524ddb96770690455b82522104a543c5b0b1f3b3)

* fix

* Update Changelog

---------

Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
 2024-10-28 21:06:54 +09:00
Tamme Schichler
8eb7749e44 fix(backend): Accept arrays in ActivityPub icon and image properties (#14825) 
This is allowed according to the Activity vocabulary: https://www.w3.org/TR/activitystreams-vocabulary/#dfn-icon
The issue is noticeable in combination with Bridgy Fed: https://github.com/snarfed/bridgy-fed/issues/1408
 2024-10-28 21:06:16 +09:00
syuilo
74847bce30 enhance: アイコンデコレーション管理画面の改善 2024-10-28 20:42:14 +09:00
かっこかり
ec4358d1e8 fix(misskey-js): WebSocketの型定義をReconnectingWebsocketに依存するように (#14850) 
* fix(misskey-js): WebSocketの型定義をReconnectingWebsocketに依存するように

* Update Changelog

* run api extractor

* fix

* fix
 2024-10-28 11:43:05 +09:00
かっこかり
eeea4ec00b fix(backend): 招待コード発行可能残り数算出に使用すべきロールポリシーの値が違うのを修正 (#14834) 
* fix: should use invite limit cycle to calculate invite/limit

* Update Changelog

* Update changelog

---------

Co-authored-by: Lhc_fl <lhcfl@outlook.com>
 2024-10-25 15:09:37 +09:00
饺子w (Yumechi)
48d1539f3b Merge commit from fork 
[ghsa-gq5q-c77c-v236](https://github.com/misskey-dev/misskey/security/advisories/ghsa-gq5q-c77c-v236)

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
 2024-10-22 18:17:56 +09:00
syuilo
952fec5665 feat: 過去のノートを非公開化/フォロワーのみ表示可能にできる機能 (#14814) 
* wip

* Update CHANGELOG.md

* wip

* wip

* wip

* Update privacy.vue

* wip
 2024-10-22 17:08:53 +09:00
syuilo
5c79d8db20 feat: ノートの閲覧にログイン必須にする設定 (#14799) 
* wip

* wip

* wip

* Update packages/frontend/src/pages/note.vue

Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>

* wip

* Update WebhookTestService.ts

* Update privacy.vue

* wip

* rename

* Update locales/ja-JP.yml

Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>

* 🎨

* wip

---------

Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
 2024-10-21 12:49:29 +09:00
かっこかり
a3a99467f0 enhance(frontend): Bull Dashboard に relationship queue を追加 (#14777) 
* spec(frontend): Bull Dashboard に relationship queue を追加 (MisskeyIO#751)

(cherry picked from commit a8bbccbefa67ca0f2c1ec0880da88dfc7517b6a0)

* Update Changelog

* Update Changelog

---------

Co-authored-by: riku6460 <17585784+riku6460@users.noreply.github.com>
 2024-10-19 17:25:11 +09:00
zyoshoka
b990ae6b23 test(backend): add federation test (#14582) 
* test(backend): add federation test

* fix(ci): install pnpm

* fix(ci): cd

* fix(ci): build entire project

* fix(ci): skip frontend build

* fix(ci): pull submodule when checkout

* chore: show log for debugging

* Revert "chore: show log for debugging"

This reverts commit a930964b8d.

* fix(ci): build entire project

* chore: omit unused globals

* refactor: use strictEqual and simplify some asserts

* test: follow requests

* refactor: add resolveRemoteNote function

* refactor: refine resolveRemoteUser function

* refactor: cache admin credentials

* refactor: simplify assertion with excluded fields

* refactor: use assert

* test: note

* chore: labeler detect federation

* test: blocking

* test: move

* fix: use appropriate TLD

* chore: shorter purge interval

* fix(ci): change TLD

* refactor: delete trivial comment

* test(user): isCat

* chore: use jest

* chore: omit logs

* chore: add memo

* fix(ci): omit unnecessary build

* test: pinning Note

* fix: build daemon in container

* style: indent

* test(streaming): timeline

* chore: rename

* fix: delete role after test

* refactor: resolve users by uri

* fix: delete antenna after test

* test: api timeline

* test: Note deletion

* refactor: sleep function

* test: notification

* style: indent

* refactor: type-safe host

* docs: update description

* refactor: resolve function params

* fix(block): wrong test name

* fix: invalid type

* fix: longer timeout for fire testing

* test(timeline): hashtag

* test(note): vote delivery

* fix: wrong description

* fix: hashtag channel param type

* refactor: wrap basic cases

* test(timeline): add homeTimeline tests

* fix(timeline): correct wrong case and description

* test(notification): add tests for Note

* refactor(user): wrap profile consistency with describe

* chore(note): add issue link

* test(timeline): add test

* test(user): suspension

* test: emoji

* refactor: fetch admin first

* perf: faster tests

* test(drive): sensitive flag

* test(emoji): add tests

* chore: ignore .config/docker.env

* chore: hard-coded tester IP address

* test(emoji): custom emoji are surrounded by zero width space

* refactor: client and username as property

* test(notification): mute

* fix(notification): correct description

* test(block): mention

* refactor(emoji): addCustomEmoji function

* fix: typo

* test(note): add reaction tests

* test(timeline): Note deletion

* fix: unnecessary ts-expect-error

* refactor: unnecessary fetch mocking

* chore: add TODO comments

* test(user): deletion

* chore: enable --frozen-lockfile

* fix(ci): copying configs

* docs: update CONTRIBUTING.md

* docs: fix typo

* chore: set default sleep duration

* fix(notification): omit flaky tests

* fix(notification): correct type

* test(notification): add api endpoint tests

* chore: remove redundant mute test

* refactor: use param client

* fix: start timer after trigger

* refactor: remove unnecessary any

* chore: shorter timeout for checking if fired

* fix(block): remove outdated comment

* refactor: shorten remote user variable name

* refactor(block): use existing function

* refactor: file upload

* docs: update description

* test(user): ffVisibility

* fix: `/api/signin` -> `/api/signin-flow`

* test: abuse report

* refactor: use existing type

* refactor: extract duplicate configs to template file

* fix: typo

* fix: avoid conflict

* refactor: change container dependency

* perf: start misskey parallelly

* fix: remove dependency

* chore(backend): add typecheck

* test: add check for #14728

* chore: enable eslint check

* perf: don't start linked services when test

* test(note): remote note deletion for moderation

* chore: define config template

* chore: write setup script

* refactor: omit unnecessary conditional

* refactor: clarify scope

* refactor: omit type assertion

* refactor: omit logs

* style

* refactor: redundant promise

* refactor: unnecessary imports

* refactor: use readable error code

* refactor: cache set in signin function

* refactor: optimize import
 2024-10-15 13:37:00 +09:00
syuilo
b5de525548 add note 2024-10-15 10:32:00 +09:00
syuilo
5005cc8ae3 add note 2024-10-14 21:00:20 +09:00
syuilo
f13c3909a0 refactor(backend): remove unnecessary any 2024-10-14 17:54:27 +09:00
syuilo
77ebabb3dc Revert "refactor" 
This reverts commit 7fd8ef344b.
 2024-10-14 17:51:47 +09:00
syuilo
7fd8ef344b refactor 2024-10-14 17:43:44 +09:00
かっこかり
8b7290d6b0 enhance(backend): 個人宛のお知らせはわかったを押すとアーカイブするように (#14762) 
* enhance(backend): 個人宛のお知らせはわかったを押すとアーカイブするように

* Update Changelog

* enhance(frontend): アーカイブ済みのものを読み込めるように

* Update Changelog

* fix changelog

* 🎨
 2024-10-14 11:23:26 +09:00
syuilo
064d6ca56f fix(backend): RBT有効時、リノートのリアクションが反映されない問題を修正 2024-10-14 09:11:03 +09:00
おさむのひと
33b34ad7b8 feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知 (#14757) 
* feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知

* fix misskey-js.api.md

* Revert "feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知"

This reverts commit 3ab953bdf8.

* 通知をやめてユーザ単位でのお知らせ機能に変更

* テスト用実装を戻す

* Update packages/backend/src/queue/processors/CheckModeratorsActivityProcessorService.ts

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>

* fix remove empty then

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-10-13 20:32:12 +09:00
syuilo
5229f5de4d refactor(backend): remove unnecessary .then 2024-10-13 20:32:02 +09:00
syuilo
ff47fef572 feat: リモートサーバーのサーバー情報を収集しないオプション (#14634) 
* wip

* wip

* Update FetchInstanceMetadataService.ts

* Update FetchInstanceMetadataService.ts

* Update types.ts
 2024-10-13 20:22:16 +09:00
かっこかり
45d42b8641 feat: ユーザーの名前に禁止ワードを設定できるように (#14756) 
* wip

* 🎨

* Enhance: モデレーター以上は制限の影響を受けないように

* refactor

* better error handling

* fix

* Revert "better error handling"

This reverts commit 5670b29cfa.

* error handling

* エラーが出ないのを修正

* translation

* Update Changelog

* status code

* ✌️

* モデレーター以上は影響ないことを明記

* 🎨

* update changelog

* spdx

* Update update.ts

* refactor

* eliminate `screen name`

* remove untracked file

---------

Co-authored-by: KanariKanaru <93921745+kanarikanaru@users.noreply.github.com>
 2024-10-13 20:21:25 +09:00
かっこかり
2f09d69773 fix(backend): キューのエラーログを簡略化するように (#14748) 
* reduce federation log spam

* Don't record stack trace for unrecoverable errors.
* Avoid logging duplicate stace traces.

(cherry picked from commit ed0570110bf8cb8e8959591dccfa3c35999106ce)

* improve error summaries

(cherry picked from commit 20dd66f735d9778df0371001e303549dce619260)

* fix lint errors

(cherry picked from commit 83869e1c470b12b3bf4b23d885514d926620662a)

* condense job info

(cherry picked from commit 786702e076ad1af14538849512ad31c0ced7afe6)

* fix maxAttempts calculation

(cherry picked from commit b4d10aa8f821e594ec9c907eb2a5bdb3c73c67d5)

* condense error info

(cherry picked from commit f62cd8941ced74a4865aa5eae4f4a1c7aa1d30f1)

* normalize ID logging

(cherry picked from commit d8e1e4890d28347239162e26235eb68b1ff96654)

* further condense error details

(cherry picked from commit d867c2089b3b24680df0713a2aa0914789e45670)

* collapse AbortErrors

(cherry picked from commit 5171ba7113ebc7242527768afb9ab4cec534e3b3)

* don't log job name unless it has one

(cherry picked from commit a5316c06ed770b60f7b4c7ff5aa8c71cc0558db7)

* Update Changelog

* Record origin

---------

Co-authored-by: Hazel K <acomputerdog@gmail.com>
 2024-10-11 21:29:03 +09:00
syuilo
af1cbc131f wip (#14745) 2024-10-11 21:05:53 +09:00
おさむのひと
a2cd6a7709 feat(backend): 7日間運営のアクティビティがないサーバを自動的に招待制にする (#14746) 
* feat(backend): 7日間運営のアクティビティがないサーバを自動的に招待制にする

* fix RoleService.

* fix

* fix

* fix

* add test and fix

* fix

* fix CHANGELOG.md

* fix test
 2024-10-11 20:59:36 +09:00
FineArchs
12bc671511 fix: admin/emoji/update で不正なエラーが発生する (#14750) 
* fix emoji updating bug

* update changelog

* type fix

* " -> '

* conprehensiveness check

* lint

* undefined -> null
 2024-10-11 17:17:45 +09:00
syuilo
4a356f1ba7 refactor(frontend): prefix css variables (#14725) 
* wip

* Update index.d.ts

* remove unnecessary codes
 2024-10-09 18:08:14 +09:00
syuilo
d0213962bf Update packages/backend/src/core/entities/FlashEntityService.ts 
Co-authored-by: zyoshoka <107108195+zyoshoka@users.noreply.github.com>
 2024-10-08 18:59:10 +09:00
zyoshoka
ddf8e2a3dc fix(backend): correct admin/abuse-user-reports schema (#14711) 
* fix(backend): correct `abuse-user-reports` schema

* Update CHANGELOG.md
 2024-10-05 18:35:37 +09:00