Norm
873e21f090
chore: update eslint
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
2022-12-07 16:27:53 -05:00
Norm
2afe54c121
eslint: allow backticks to avoid escaping single/double quotes
2022-12-07 16:27:39 -05:00
Norm
b66f7550ab
server: auto-fix lints
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
2022-12-07 13:39:21 -05:00
Johann150
18664dbca3
server: add missing paren
...
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
How did this not break yet?
2022-12-07 18:29:04 +01:00
Johann150
0f3f42eb39
remove rndstr dependency
...
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
This dependency was unused in the client.
The use of it in the server can be replaced entirely by the
secureRndstr function, with some slight modifications.
That function could probably be refactored a bit more as well.
2022-12-07 18:08:09 +01:00
Andy
d3f1ad9a88
chore: remove unused packages
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
ci/woodpecker/pr/lint-backend Pipeline failed
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/lint-client Pipeline failed
ci/woodpecker/pr/test Pipeline failed
2022-12-06 23:18:27 +01:00
Andy
1aa3898db5
server: remove unused import
2022-12-06 23:12:45 +01:00
Andy
b023741f50
server: remove integrations field from user
2022-12-06 23:00:08 +01:00
Andy
4cc5b734e7
activitypub: remove integration fields from person and nodeinfo
2022-12-06 21:49:19 +01:00
Andy
5d32872999
server: remove integration API routes
2022-12-06 21:48:31 +01:00
Andy
b4b1204f77
server: remove integration-related fields from meta
2022-12-06 21:47:59 +01:00
Norm
c1a51547a9
BREAKING: server: remove wildcard blocking and instead block subdomains ( #269 )
...
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: #269
Changelog: Changed
2022-12-05 17:55:38 +00:00
Chloe Kudryavtsev
4e74d26e45
backend: fix ratelimit typo
...
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Changelog: Fixed
2022-12-05 15:49:33 +01:00
Johann150
a421dd401c
activitypub: refactor to always apply recursion limit
...
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Refactor to remove as many "new Resolver" as possible.
2022-12-04 21:11:44 +01:00
Johann150
c4211761e6
server: refactor resolveSelf to just return the webfinger href
...
Since the href seems to be the only attribute that is used, and I didn't
want to add a full type definition this was the easier option.
2022-12-04 21:11:43 +01:00
Johann150
03b673165f
server: refactor "authUser" functions into separate file
...
They did not really fit into the DbResolver because they may fetch data
from remote instances even though DbResolver is only supposed to access
the database.
2022-12-04 21:11:35 +01:00
Johann150
de18c8306d
server: fix token-permissions migration
...
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
The table that is affected here was not properly purged of old entries. It only holds
data that is needed while a 3rd party authorization is in progress but not finished.
The code that typeorm generated for this migration is a bit wonky because it should
probably have dropped one column and created another one. But if we clear out all entries
it should work regardless and I'm feeling lazy right now. :P
2022-12-04 19:05:02 +01:00
Johann150
11e4a8cb9b
remove erroneous space
2022-12-04 15:34:05 +01:00
Johann150
946e862ecd
server: implement OAuth 2.0 Authorization Code grant
...
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Changelog: Added
Reviewed-on: #205
2022-12-04 14:06:36 +01:00
Johann150
97052b1f61
server: refactor fromHtml attribute handling
...
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Also try to recognize owncast hashtag links.
2022-12-04 03:43:22 +01:00
Johann150
cda9197700
server: increase nodeinfo caching
...
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Changelog: Changed
2022-12-04 03:26:50 +01:00
Chloe Kudryavtsev
2dde8273e2
implement separate web workers
...
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Reviewed-on: #252
2022-12-03 13:33:23 +00:00
Johann150
de927e1f30
server: handle invalid URLs in comparison
2022-12-03 10:38:33 +00:00
Johann150
bdcec2b8a7
server: implement OAuth discovery (RFC 8414)
2022-12-03 10:38:33 +00:00
Johann150
5291f29581
implement OAuth PKCE
...
This implements Proof Key for Code Exchange a.k.a. RFC 7636.
2022-12-03 10:38:33 +00:00
Johann150
15b3ab6d13
check redirect URIs
2022-12-03 10:38:33 +00:00
Johann150
79e3c20189
server: allow to grant tokens with more restricted privileges
...
This also simplifies API authentication a bit by not having to fetch
the App that is related to a token.
The restriction of 1 token per app is also lifted. This was not a
constraint in the database but it was enforced by the code and
kinda wrong schema the auth_session table had.
2022-12-03 10:38:32 +00:00
Johann150
2f2e6a58a4
docs: read scope descriptions from locale strings
2022-12-03 10:38:32 +00:00
Johann150
c65fdebe26
server: add missing auth/deny endpoint
...
This endpoint is hinted at in the client, but is not actually defined
in the backend. This commit defines it.
2022-12-03 10:38:32 +00:00
Johann150
418c88bb8f
expire AuthSessions after 15 min
2022-12-03 10:38:32 +00:00
Johann150
2b19b34196
update OpenAPI docs to OAuth
2022-12-03 10:38:32 +00:00
Johann150
7db7fdd9e2
add API route for OAuth access token retrieval
2022-12-03 10:38:32 +00:00
Johann150
a13e956af0
make authorization token granting OAuth 2.0 compatible
...
This is basically a shim on top of the existing API.
Instead of the 3rd party, the web UI generates the authorization session.
The data that the API returns is slightly adjusted so that only one
API call is necessary instead of two.
2022-12-03 10:38:32 +00:00
Norm
18cf228f89
server: readd "fetch meta only once in skippedInstances""
...
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
This reverts commit e446a11bb7
2022-12-03 05:13:30 -05:00
Norm
bdf2e14a73
server: fix TypeError in registerOrFetchInstanceDoc
...
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Changelog: Fixed
2022-12-03 04:01:51 -05:00
Norm
e446a11bb7
Revert "server: fetch meta only once in skippedInstances"
...
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
This reverts commit 81d63720f2https://toot.site/@jeder/109447151582516733
2022-12-03 02:13:18 -05:00
Johann150
194fff3603
activitypub: hashtags no longer displaying as links
...
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Some hashtags sent from Mastodon were erroneously displayed as links.
This is because Mastodon seems to mangle hashtags containing non-ASCII
codepoints (such as e.g. umlauts). This lead to the previous code which
depended on the list of hashtags to not recognize a hashtag. Instead,
the `rel="tag"` microformat is recognized instead.
This makes the `htmlToMfm` wrapper function unnecessary so it was removed.
Changelog: Fixed
2022-12-02 19:31:57 +01:00
Johann150
b4080d788d
slight refactoring & translating japanese
2022-12-02 19:00:58 +01:00
Johann150
e49b8d0ef3
server: remove unnecessary apLogger aliases
2022-12-02 18:58:19 +01:00
Johann150
7d3d0f858c
increment versions in package.json
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/tag/lint-client Pipeline was successful
ci/woodpecker/tag/build Pipeline was successful
ci/woodpecker/tag/lint-foundkey-js Pipeline was successful
ci/woodpecker/tag/lint-backend Pipeline was successful
ci/woodpecker/tag/test Pipeline was successful
2022-12-02 16:59:47 +01:00
Norm
81d63720f2
server: fetch meta only once in skippedInstances
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
2022-12-02 09:26:14 -05:00
Norm
5e6b51094e
server: fix instance skipping
...
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
This should actually make instance skipping work properly since
shouldBlockInstance is now properly awaited on now.
2022-12-02 09:10:56 -05:00
Johann150
9ad37a12f8
server: fix rendering of Follow activity when removing follow
...
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
closes #263
Changelog: Fixed
2022-12-01 21:49:38 +01:00
Norm
e10700a2be
Merge pull request 'server: add wildcard matching to blocked hosts' ( #260 ) from wildcard-block-v2 into main
...
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
Reviewed-on: #260
2022-12-01 20:12:18 +00:00
Johann150
721a327192
fixup: remove unused import
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
ci/woodpecker/pr/lint-backend Pipeline failed
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/lint-client Pipeline failed
ci/woodpecker/pr/test Pipeline failed
2022-12-01 20:46:46 +01:00
Johann150
936cbf900b
use default argument value
...
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/pr/lint-backend Pipeline failed
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/lint-client Pipeline failed
ci/woodpecker/pr/test Pipeline failed
This unifies the style with the other function in that file and fixes
the lint "no-param-reassign".
2022-12-01 20:32:57 +01:00
Norm
b3e34795c0
require punycode conversion beforehand for admins
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
ci/woodpecker/pr/lint-backend Pipeline failed
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/lint-client Pipeline failed
ci/woodpecker/pr/test Pipeline failed
2022-12-01 12:07:43 -05:00
Norm
a35c98bbd5
server: encode non-ascii domains in punycode in matchHost
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
ci/woodpecker/pr/lint-backend Pipeline failed
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/lint-client Pipeline failed
ci/woodpecker/pr/test Pipeline failed
2022-12-01 11:34:11 -05:00
Norm
075e251822
server: add wildcard matching to blocked hosts
...
This adds in wildcard matching. For instance:
- `*.bad.tld` will match: `very.bad.tld`
- `bad.*` will match: `bad.something`
- `*.bad.*` will match: `very.bad.evil`
Changelog: Changed
2022-12-01 11:29:02 -05:00
Derek Schmidt
11a6e706f4
server: Use shared resolver in featured and question accept
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/pr/lint-backend Pipeline failed
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
ci/woodpecker/pr/lint-client Pipeline failed
2022-12-01 04:40:14 -05:00
Norm
Johann150
Andy
Chloe Kudryavtsev
