sendnrw/misskey
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
26,501 Commits 45 Branches 1,101 Tags
2b6638e1607e5c44eb6f6dc987e9e893927f1829
Commit Graph

863 Commits

Author SHA1 Message Date
syuilo
2b6638e160 feat: google analytics (#15451) 
* wip backend

* wip frontend

* build misskey-js

* implement control panel

* fix

* introduce analytics wrapper

* spdx

* Update analytics.ts

* Update common.ts

* wip

* wip

* wip

* wip

* wip

* Update CHANGELOG.md

---------

Co-authored-by: kakkokari-gtyih <67428053+kakkokari-gtyih@users.noreply.github.com>
 2025-02-25 11:51:23 +00:00
饺子w (Yumechi)
25052164c0 Merge commit from fork 
* fix(backend): Fix an issue where the origin of ActivityPub lookup response was not validated correctly.

[GHSA-6w2c-vf6f-xf26](https://github.com/misskey-dev/misskey/security/advisories/GHSA-6w2c-vf6f-xf26)

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* Enhance: Add configuration option to disable all external redirects when responding to an ActivityPub lookup (config.disallowExternalApRedirect)

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* fixup! fix(backend): Fix an issue where the origin of ActivityPub lookup response was not validated correctly.

* docs & one edge case

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* apply suggestions

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* remove stale frontend reference to _responseInvalidIdHostNotMatch

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* apply suggestions

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

---------

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
 2025-02-23 19:21:34 +09:00
syuilo
ffd8cf07e6 update deps (#15311) 
* wip

* bump misskey-dev/eslint-plugin

* lint fixes (backend)

* lint fixes (frontend)

* lint fixes (frontend-embed)

* rollback nsfwjs to 4.2.0

ref: infinitered/nsfwjs#904

* rollback openapi-typescript to v6

v7でOpenAPIのバリデーションが入るようになった関係でスコープ外での変更が避けられないため一時的に戻した

* lint fixes (misskey-js)

* temporarily disable errored lint rule (frontend-shared)

* fix lint

* temporarily ignore errored file for lint (frontend-shared)

* rollback simplewebauthn/server to 12.0.0

v13 contains breaking changes that require some decision making

* lint fixes (frontend-shared)

* build misskey-js with types

* fix(backend): migrate simplewebauthn/server to v12

* fix(misskey-js/autogen): ignore indent rules to generate consistent output

* attempt to fix test

changes due to capricorn86/happy-dom#1617 (XMLSerializer now produces valid XML)

* attempt to fix test

changes due to capricorn86/happy-dom#1617 (XMLSerializer now produces valid XML)

* fix test

* fix test

* fix test

* Apply suggestions from code review

Co-authored-by: anatawa12 <anatawa12@icloud.com>

* bump summaly to v5.2.0

* update tabler-icons to v3.30.0-based

---------

Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>
Co-authored-by: anatawa12 <anatawa12@icloud.com>
 2025-02-15 10:24:22 +09:00
lqvp
e339293673 feat: アクセストークン発行時に通知するように (#15422) 
* feat: アクセストークン発行時に通知するように (misskey-dev/misskey#13353)

* fix: 不要な翻訳を削除/インデントを揃えるように

* chore(backend): 不要なawaitを削除

* chore: changelogへ追加
 2025-02-11 01:15:33 +00:00
zyoshoka
dc608aada0 fix(backend): correct admin/meta response schema (#15434) 2025-02-09 07:17:48 +00:00
Esurio/1673beta
231c2c2e54 fix(backend): following/invalidateでフォロワーを解除しようとしているユーザーの情報を返すように (#15430) 2025-02-08 12:51:30 +00:00
zyoshoka
54fc232a23 fix(backend): use unique operationId in the OpenAPI schema (#15420) 
* fix(backend): use unique `operationId` in the OpenAPI schema

* fix: read with UTF-8 encoding
 2025-02-08 08:29:24 +00:00
syuilo
fbc6d0de54 enhance: ページslugに使用可能な文字を限定 (#15395) 
* wip

* paramの正規表現で弾くように

* apiWithDialogを使用するように

* Update CHANGELOG.md

---------

Co-authored-by: kakkokari-gtyih <67428053+kakkokari-gtyih@users.noreply.github.com>
 2025-02-05 01:39:46 +00:00
anatawa12
8d7b1f285f refactor: Refactor Endpoints to improve Developer Experience for adding Endpoints (#15301) 
* chore: reorder endpoints to lexicographic code unit order

* refactor: import endpoints in one module and use them for generating EndpointsModule and endpoints
 2025-01-20 12:15:23 +00:00
おさむのひと
f9ad127aaf feat: 新カスタム絵文字管理画面(β)の追加 (#13473) 
* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* fix

* fix

* fix

* fix size

* fix register logs

* fix img autosize

* fix row selection

* support delete

* fix border rendering

* fix display:none

* tweak comments

* support choose pc file and drive file

* support directory drag-drop

* fix

* fix comment

* support context menu on data area

* fix autogen

* wip イベント整理

* イベントの整理

* refactor grid

* fix cell re-render bugs

* fix row remove

* fix comment

* fix validation

* fix utils

* list maximum

* add mimetype check

* fix

* fix number cell focus

* fix over 100 file drop

* remove log

* fix patchData

* fix performance

* fix

* support update and delete

* support remote import

* fix layout

* heightやめる

* fix performance

* add list v2 endpoint

* support pagination

* fix api call

* fix no clickable input text

* fix limit

* fix paging

* fix

* fix

* support search

* tweak logs

* tweak cell selection

* fix range select

* block delete

* add comment

* fix

* support import log

* fix dialog

* refactor

* add confirm dialog

* fix name

* fix autogen

* wip

* support image change and highlight row

* add columns

* wip

* support sort

* add role name

* add index to emoji

* refine context menu setting

* support role select

* remove unused buttons

* fix url

* fix MkRoleSelectDialog.vue

* add route

* refine remote page

* enter key search

* fix paste bugs

* fix copy/paste

* fix keyEvent

* fix copy/paste and delete

* fix comment

* fix MkRoleSelectDialog.vue and storybook scenario

* fix MkRoleSelectDialog.vue and storybook scenario

* add MkGrid.stories.impl.ts

* fix

* [wip] add custom-emojis-manager2.stories.impl.ts

* [wip] add custom-emojis-manager2.stories.impl.ts

* wip

* 課題はまだ残っているが、ひとまず完了

* fix validation and register roles

* fix upload

* optimize import

* patch from dev

* i18n

* revert excess fixes

* separate sort order component

* add SPDX

* revert excess fixes

* fix pre test

* fix bugs

* add type column

* fix types

* fix CHANGELOG.md

* fix lit

* lint

* tweak style

* refactor

* fix ci

* autogen

* Update types.ts

* CSS Module化

* fix log

* 縦スクロールを無効化

* MkStickyContainer化

* regenerate locales index.d.ts

* fix

* fix

* テスト

* ランダム値によるUI変更の抑制

* テスト

* tableタグやめる

* fix last-child css

* fix overflow css

* fix endpoint.ts

* tweak css

* 最新への追従とレイアウト微調整

* ソートキーの指定方法を他と合わせた

* fix focus

* fix layout

* v2エンドポイントのルールに対応

* 表示条件などを微調整

* fix MkDataCell.vue

* fix error code

* fix error

* add comment to MkModal.vue

* Update index.d.ts

* fix CHANGELOG.md

* fix color theme

* fix CHANGELOG.md

* fix CHANGELOG.md

* fix center

* fix: テーブルにフォーカスがあり、通常状態であるときはキーイベントの伝搬を止める

* fix: ロール選択用のダイアログにてコンディショナルロールを×ボタンで除外できなかったのを修正

* fix remote list folder

* sticky footers

* chore: fix ci error(just single line-break diff)

* fix loading

* fix like

* comma to space

* fix ci

* fix ci

* removed align-center

---------

Co-authored-by: osamu <46447427+sam-osamu@users.noreply.github.com>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
 2025-01-20 11:35:37 +00:00
zyoshoka
1ef62e9e33 fix(backend): clone schema before converting to OAS schema to avoid mutation (#15294) 
* fix(backend): clone schema before converting to OAS schema to avoid mutation

* Update CHANGELOG.md

* fix: use deepClone
 2025-01-18 04:05:33 +00:00
果物リン
a328d52008 よくわからないリアクションに関するログが流れっぱなしなのを修正 (#15303) 2025-01-17 10:27:48 +00:00
anatawa12
145c6cf2b5 fix: node.js の punycode モジュールが使用されている場所がある問題 (#15248) 
* fix: punycode.js が使用されていない場所がある問題

* fix: use punycode/punycode.js on backend

* fix: use punycode/punycode.es6.js on backend

* fix: d.ts missing declare keyword

* chore: don't use punycode.js on backend

* update pnpm-lock.yaml

* chore: remove punycode.d.ts

* chore: use punycode.js instead of punycode npm package

* chore: bump psl to 1.15.0

* chore: bump nsfwjs to 4.2.0

4.2.1 is not usable because of https://github.com/infinitered/nsfwjs/issues/904

* chore: prevent loading node-fetch from tensorflow

* chore: DOMWindow['document'] => Document

IDK why DOMWindow['document'] fails, but might be related to tsc internal complexity limit

* fix: disable --trace-deprecation

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2025-01-14 12:37:39 +00:00
かっこかり
da9e05582d fix(backend): pages/updateのnameの重複チェックはnameプロパティがある時のみ行うように (#15104) 
* fix(backend): pagesのnameの重複チェックはnameプロパティがある時のみ行うように

* Update Changelog

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2025-01-14 11:30:49 +00:00
おさむのひと
64501c69a1 feat(frontend): Botプロテクションの設定変更時は実際に検証を通過しないと保存できないようにする (#15151) 
* feat(frontend): CAPTCHAの設定変更時は実際に検証を通過しないと保存できないようにする

* なしでも保存できるようにした

* fix CHANGELOG.md

* フォームが増殖するのを修正

* add comment

* add server-side verify

* fix ci

* fix

* fix

* fix i18n

* add current.ts

* fix text

* fix

* regenerate locales

* fix MkFormFooter.vue

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2025-01-14 10:57:58 +00:00
4ster1sk
020882edcf fix(backend): アプリ作成方式で作成したトークンの権限を表示するように (#15177) 2025-01-04 06:06:19 +00:00
かっこかり
f123be38b9 enhance(frontend): 照会の際にエラーを表示するように (#15147) 
* enhance: 照会の失敗理由を表示するように

* Update Changelog

* fix

* fix test

* lookupErrors-> remoteLookupErrors
 2024-12-19 16:05:33 +09:00
かっこかり
d176db517f fix(backend/misskey-js): タイポ修正 (#15046) 2024-11-24 15:23:07 +09:00
かっこかり
c1f19fad1e fix(backend): fix apResolver (#15010) 
* fix(backend): fix apResolver

* fix

* add comments

* tweak comment
 2024-11-21 14:36:24 +09:00
かっこかり
53e827b18c fix(backend): fix security patches (#15008) 2024-11-21 10:30:30 +09:00
syuilo
0f59adc436 fix ap/show 2024-11-21 09:25:18 +09:00
Julia
5f675201f2 Merge commit from fork 
* enhance: Add a few validation fixes from Sharkey

See the original MR on the GitLab instance:
https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484

Co-Authored-By: Dakkar <dakkar@thenautilus.net>

* fix: primitive 2: acceptance of cross-origin alternate

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 3: validation of non-final url

* fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities

* fix: primitives 5 & 8: reject activities with non
string identifiers

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 6: reject anonymous objects that were fetched by their id

* fix: primitives 9, 10 & 11: http signature validation
doesn't enforce required headers or specify auth header name

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections

* fix: code style for primitive 14

* fix: primitive 15: improper same-origin validation for
note uri and url

Co-Authored-By: Laura Hausmann <laura@hausmann.dev>

* fix: primitive 16: improper same-origin validation for user uri and url

* fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array

* fix: code style for primitive 17

* fix: check attribution against actor in notes

While this isn't strictly required to fix the exploits at hand, this
mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a
preemptive countermeasure.

* fix: primitive 18: `ap/get` bypasses access checks

One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.

* fix: primitive 19 & 20: respect blocks and hide more

Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.

* fix: primitives 21, 22, and 23: reuse resolver

This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.

* fix: primitives 25-33: proper local instance checks

* revert: fix: primitive 19 & 20

This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c.

---------

Co-authored-by: Dakkar <dakkar@thenautilus.net>
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-11-21 08:20:09 +09:00
zawa-ch.
763c708253 Fix(backend): アカウント削除のモデレーションログが動作していないのを修正 (#14996) (#14997) 
* アカウント削除のモデレーションログが動作していないのを修正

* update CHANGELOG
 2024-11-19 21:12:40 +09:00
饺子w (Yumechi)
e800c0f85a fix(backend): お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 (#14990) 
* fix(backend): アナウンスメントを作成ときに画像URLを後悔できないのを修正

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* Update CHANGELOG.md

Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>

---------

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>
 2024-11-19 10:29:42 +09:00
かっこかり
c0d1682604 feat: 送信したフォローリクエストを確認できるように (#14856) 
* FEAT: Allow users to view pending follow requests they sent

This commit implements the `following/requests/sent` interface firstly
implemented on Firefish, and provides a UI interface to view the pending
follow requests users sent.

* ux: should not show follow requests tab when have no pending sent follow req

* fix default followreq tab

* fix default followreq tab

* restore missing hasPendingReceivedFollowRequest in navbar

* refactor

* use tabler icons

* tweak design

* Revert "ux: should not show follow requests tab when have no pending sent follow req"

This reverts commit e580b92c37.

* Update Changelog

* Update Changelog

* change tab titles

---------

Co-authored-by: Lhc_fl <lhcfl@outlook.com>
Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
 2024-11-15 17:30:54 +09:00
4ster1sk
794cb9ffe2 fix(backend): followedMessageではなくdescriptionになっていたのを修正 (#14908) 2024-11-07 17:16:51 +09:00
4ster1sk
bca690f256 fix(backend): フォロワーへのメッセージの絵文字をemojisに含めるように (#14904) 2024-11-07 15:10:10 +09:00
かっこかり
b1c82213a3 fix(backend): FTT無効時にユーザーリストタイムラインが使用できない問題を修正 (#14878) 
* fix: return getfromdb when FanoutTimeline is not enabled

* Update Changelog

* fix

---------

Co-authored-by: Lhc_fl <lhcfl@outlook.com>
 2024-11-06 22:01:21 +09:00
syuilo
74847bce30 enhance: アイコンデコレーション管理画面の改善 2024-10-28 20:42:14 +09:00
かっこかり
eeea4ec00b fix(backend): 招待コード発行可能残り数算出に使用すべきロールポリシーの値が違うのを修正 (#14834) 
* fix: should use invite limit cycle to calculate invite/limit

* Update Changelog

* Update changelog

---------

Co-authored-by: Lhc_fl <lhcfl@outlook.com>
 2024-10-25 15:09:37 +09:00
syuilo
952fec5665 feat: 過去のノートを非公開化/フォロワーのみ表示可能にできる機能 (#14814) 
* wip

* Update CHANGELOG.md

* wip

* wip

* wip

* Update privacy.vue

* wip
 2024-10-22 17:08:53 +09:00
syuilo
5c79d8db20 feat: ノートの閲覧にログイン必須にする設定 (#14799) 
* wip

* wip

* wip

* Update packages/frontend/src/pages/note.vue

Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>

* wip

* Update WebhookTestService.ts

* Update privacy.vue

* wip

* rename

* Update locales/ja-JP.yml

Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>

* 🎨

* wip

---------

Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
 2024-10-21 12:49:29 +09:00
syuilo
ff47fef572 feat: リモートサーバーのサーバー情報を収集しないオプション (#14634) 
* wip

* wip

* Update FetchInstanceMetadataService.ts

* Update FetchInstanceMetadataService.ts

* Update types.ts
 2024-10-13 20:22:16 +09:00
かっこかり
45d42b8641 feat: ユーザーの名前に禁止ワードを設定できるように (#14756) 
* wip

* 🎨

* Enhance: モデレーター以上は制限の影響を受けないように

* refactor

* better error handling

* fix

* Revert "better error handling"

This reverts commit 5670b29cfa.

* error handling

* エラーが出ないのを修正

* translation

* Update Changelog

* status code

* ✌️

* モデレーター以上は影響ないことを明記

* 🎨

* update changelog

* spdx

* Update update.ts

* refactor

* eliminate `screen name`

* remove untracked file

---------

Co-authored-by: KanariKanaru <93921745+kanarikanaru@users.noreply.github.com>
 2024-10-13 20:21:25 +09:00
syuilo
af1cbc131f wip (#14745) 2024-10-11 21:05:53 +09:00
おさむのひと
a2cd6a7709 feat(backend): 7日間運営のアクティビティがないサーバを自動的に招待制にする (#14746) 
* feat(backend): 7日間運営のアクティビティがないサーバを自動的に招待制にする

* fix RoleService.

* fix

* fix

* fix

* add test and fix

* fix

* fix CHANGELOG.md

* fix test
 2024-10-11 20:59:36 +09:00
FineArchs
12bc671511 fix: admin/emoji/update で不正なエラーが発生する (#14750) 
* fix emoji updating bug

* update changelog

* type fix

* " -> '

* conprehensiveness check

* lint

* undefined -> null
 2024-10-11 17:17:45 +09:00
zyoshoka
ddf8e2a3dc fix(backend): correct admin/abuse-user-reports schema (#14711) 
* fix(backend): correct `abuse-user-reports` schema

* Update CHANGELOG.md
 2024-10-05 18:35:37 +09:00
syuilo
d8cb7305ef feat: 通報の強化 (#14704) 
* wip

* Update CHANGELOG.md

* lint

* Update types.ts

* wip

* ✌️

* Update MkAbuseReport.vue

* tweak
 2024-10-05 16:20:15 +09:00
おさむのひと
0d7d1091c8 enhance: 人気のPlayを10件以上表示できるように (#14443) 
Co-authored-by: osamu <46447427+sam-osamu@users.noreply.github.com>
 2024-10-05 14:37:52 +09:00
かっこかり
d8bf1ff7e9 #14675 レビューの修正 (#14705) 2024-10-05 13:47:50 +09:00
かっこかり
ae3c155490 fix: signin の資格情報が足りないだけの場合はエラーにせず200を返すように (#14700) 
* fix: signin の資格情報が足りないだけの場合はエラーにせず200を返すように

* run api extractor

* fix

* fix

* fix test

* /signin -> /signin-flow

* fix

* fix lint

* rename

* fix

* fix
 2024-10-05 12:03:47 +09:00
かっこかり
975c2e7bc5 enhance(frontend): サインイン画面の改善 (#14658) 
* wip

* Update MkSignin.vue

* Update MkSignin.vue

* wip

* Update CHANGELOG.md

* enhance(frontend): サインイン画面の改善

* Update Changelog

* 14655の変更取り込み

* spdx

* fix

* fix

* fix

* 🎨

* 🎨

* 🎨

* 🎨

* Captchaがリセットされない問題を修正

* 次の処理をsignin apiから読み取るように

* Add Comments

* fix

* fix test

* attempt to fix test

* fix test

* fix test

* fix test

* fix

* fix test

* fix: 一部のエラーがちゃんと出るように

* Update Changelog

* 🎨

* 🎨

* remove border

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-10-04 15:23:33 +09:00
syuilo
d2175a9b9f initialPassword -> setupPassword 2024-10-03 20:40:39 +09:00
zyoshoka
2a4ab0e187 fix(misskey-js): type fixes related to signup and signin (#14679) 2024-10-03 18:33:56 +09:00
かっこかり
2c1a7470d3 feat: サーバー初期設定時に初期パスワードを要求できるように (#14626) 
* feat: サーバー初期設定時専用の初期パスワードを設定できるように

* 無いのに入力された場合もエラーにする

* 🎨

* 🎨

* cypress-devcontainerにもpassを設定(テストが失敗するため)

* [ci skip] 🎨

* ✌️

* test: please revert this commit before merge

* Revert "test: please revert this commit before merge"

This reverts commit 66b2b48f66.

* Update locales/ja-JP.yml

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>

* build assets

* Update Changelog

* fix condition

* fix condition

* add comment

* change error code

* 他のエラーコードと合わせる

* Update CHANGELOG.md

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
 2024-10-03 18:18:00 +09:00
Kisaragi
a722ea8ccd fix(backend): 連合限定先が間違って連合しない先に代入されているのを修正 (#14662) 
* fix(backend): 連合限定先が間違って連合しない先に代入されているのを修正

* build: fix property typo
 2024-10-03 17:05:14 +09:00
syuilo
83db116c46 enhance(backend): notify new login (#14673) 
* wip

* Update CHANGELOG.md

* wip

* fix

* Update index.d.ts

* Update SigninService.ts

* Update MkNotification.vue
 2024-10-03 15:06:04 +09:00
syuilo
1074d625ed enhance: require captcha for signin (#14655) 
* wip

* Update MkSignin.vue

* Update MkSignin.vue

* wip

* Update CHANGELOG.md
 2024-10-03 12:11:09 +09:00
syuilo
f0d0cd2e50 wip (#14643) 2024-09-28 18:15:32 +09:00