21 commits

Author	SHA1	Message	Date
Johann150	624157f03e	server: forbid activitypub requests on unexpected routes ... ActivityPub requests on routes which do not support activitypub are now replying with HTTP status code 406 "Not Acceptable". ActivityPub clients are required by the W3C TR to set the `Accept` header. If this accept header is detected on an unexpected route, the whole request will be aborted with the status code above. This is an additional measure for clients who might not be aware of having to check the content-type header of the reply. Ref: https://github.com/w3c/activitypub/issues/432 Changelog: Security	2024-03-26 21:05:13 +01:00
Johann150	597de07465	server: refactor HTTP signature validation	2023-06-27 21:46:00 +02:00
Hélène	b600efae0d	BREAKING: activitypub: validate fetch signatures ... Enforces HTTP signatures on object fetches, and rejects fetches from blocked instances. This should mean proper and full blocking of remote instances. This is now default behavior, which makes it a breaking change. To disable it (mostly for development purposes), the configuration item `allowUnsignedFetches` can be set to true. It is not the default for development environments as it is important to have as close as possible behavior to real environments for ActivityPub development. Co-authored-by: nullobsi <me@nullob.si> Co-authored-by: Norm <normandy@biribiri.dev> Changelog: Added	2023-06-25 20:42:14 +02:00
Johann150	808ad2a505	server: HTTP signature requires date header ... The default of the library used is to require either of the "date" or "x-date" headers. It does not seem sensible to pass on this default. It may be to fix federation with another software but that software should be considered broken, and it does not seem reasonable to potentially get an outdated signature just to fix federation with some buggy software.	2023-04-13 11:04:35 +02:00
Johann150	9458045c8f	server: refactor note/renote rendering to separate file	2023-02-04 15:32:25 +01:00
Norm	021d523d5f	backend: fix activitypub.ts lints	2022-11-16 19:38:32 -05:00
Johann150	a27a29b371	server: redirect browsers to human readable page ... Also added/translated more comments.	2022-11-11 17:54:11 +01:00
Johann150	2ed46aaebb	fix: check visibility when serving Like activity	2022-09-02 14:34:32 +02:00
Johann150	37e47a257e	fix lints "import/order" and "import/no-duplicate" ... Also simplified some import paths by replacing relative with absolute paths.	2022-08-03 14:05:50 +02:00
Johann150	32dff28460	fix: add id for activitypub follows (#8689) ... * add id for activitypub follows * fix lint * fix: follower must be local, followee must be remote Misskey will only use ActivityPub follow requests for users that are local and are requesting to follow a remote user. This check is to ensure that this endpoint can not be used by other services or instances. * fix: missing import * render block with id * fix comment	2022-06-04 13:52:42 +09:00
Johann150	9c80403072	use http-signature module that supports hs2019 (#8635)	2022-05-26 09:12:17 +09:00
syuilo	fa1a53270e	refactor	2022-03-26 19:33:18 +09:00
syuilo	1c67c26bd8	refactor: migrate to typeorm 3.0 (#8443) ... * wip * wip * wip * Update following.ts * wip * wip * wip * Update resolve-user.ts * maxQueryExecutionTime * wip * wip	2022-03-26 15:34:00 +09:00
syuilo	083b913dd2	refactor	2022-03-25 01:51:34 +09:00
syuilo	0d05f05610	chore: add note	2022-03-21 05:43:52 +09:00
syuilo	6f2e93c6a1	perf(server): reduce db query	2022-03-21 05:21:37 +09:00
syuilo	c8070fc544	fix esm	2022-03-01 01:36:50 +09:00
syuilo	d071d18dd7	refactor: Use ESM (#8358) ... * wip * wip * fix * clean up * Update tsconfig.json * Update activitypub.ts * wip	2022-02-27 11:07:39 +09:00
syuilo	69e08abaef	refactor(backend): fix type	2022-01-26 18:52:40 +09:00
syuilo	c69b72e199	fix lint	2021-12-09 23:58:30 +09:00
syuilo	0e4a111f81	refactoring ... Resolve #7779	2021-11-12 02:02:25 +09:00

Renamed from src/server/activitypub.ts (Browse further)