b8b69f825a
activitypub: strict id check
...
TBH I'm still not quite convinced that this is really necessary but also
since treating an id mismatch like a redirect, I also don't think it
should break anything.
2024-03-30 16:40:57 +01:00
01f8c5d7da
activitypub: disallow cross-origin redirects
...
Changelog: Security
2024-03-30 16:12:26 +01:00
7e37a8fd88
use decrementing amount of redirects
...
This makes `redirects` contain the number of remaining redirects, which
makes it easier to limit the number of further redirects that should be
allowed.
2024-03-30 16:12:26 +01:00
e2311a6f4b
refactor function placement
2024-03-30 16:12:22 +01:00
ac1ef641f5
server: fix cache expiring
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
2024-03-30 08:39:47 +01:00
1af0687423
server: refactor fetching private key
...
Especially in the case where the private key is used in an "array deliver",
it makes sense to only get the private key once instead of having the overhead
of fetching the key for each HTTP request.
2024-03-27 21:22:25 +01:00
09ff7f0c7d
client: add button to delete all shown notes in clip
...
This makes use of the API functionality in the backend which was introduced in
commit 89761c86ab
.
2024-03-27 21:12:38 +01:00
f285281b5a
fixup! server: properly expire public key cache
2024-03-26 21:06:21 +01:00
624157f03e
server: forbid activitypub requests on unexpected routes
...
ActivityPub requests on routes which do not support activitypub
are now replying with HTTP status code 406 "Not Acceptable".
ActivityPub clients are required by the W3C TR to set the `Accept`
header. If this accept header is detected on an unexpected route,
the whole request will be aborted with the status code above.
This is an additional measure for clients who might not be aware of
having to check the content-type header of the reply.
Ref: https://github.com/w3c/activitypub/issues/432
Changelog: Security
2024-03-26 21:05:13 +01:00
e366116ac1
add/translate comments
2024-03-22 09:41:45 +01:00
2b5a35147a
activitypub: stop accepting collections in inbox
...
Changelog: Removed
2024-03-20 06:27:01 +01:00
1098b3a038
activitypub: remove sending read receipts for chat
...
Changelog: Removed
2024-03-20 06:10:51 +01:00
6501c542b2
server: only cache public keys for 15min
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/test Pipeline failed
2024-03-19 19:16:07 +01:00
ab22a1afa0
more compact notifications
...
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/test Pipeline failed
Don't show the entire renoted note in notifications and some other places.
Changelog: Changed
2024-03-19 19:09:34 +01:00
5f09a44dbb
more tracking removal
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/test Pipeline failed
2024-03-19 18:50:57 +01:00
2c55f8968c
fixup! server: return report id when reporting
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/test Pipeline failed
2024-03-19 18:46:00 +01:00
fc733a4a86
server: properly expire public key cache
...
Changelog: Fixed
2024-03-19 18:40:34 +01:00
5636534d03
server: fix user deletes being stuck in queue
...
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
The user was already deleted from the user cache, so requesting the
user returned null. Because the key was not null, there was a non-null
return, in turn making further code think, fetching the user was
successful.
2024-03-19 18:07:41 +01:00
4b121e7615
format package.json, update lockfile
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/test Pipeline failed
2024-03-17 17:31:36 +01:00
5664c9fdf7
fixup! remove unused hashtag chart
...
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline failed
Apparently the sequence is automatically deleted.
2024-03-17 17:21:02 +01:00
d82c72a111
remove unused hashtag chart
...
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline failed
Changelog: Removed
2024-03-17 16:48:36 +01:00
f751941a30
client: moderators can immmediately forward reports
...
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-foundkey-js Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
Changelog: Added
2024-02-23 14:22:09 +01:00
76aef3de74
client: update URL tracking removal
ci/woodpecker/push/lint-foundkey-js Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-backend Pipeline failed
2024-02-23 12:32:15 +01:00
dbdb2b70f1
client: refactor API calling
2024-02-22 22:26:32 +01:00
d4a5ed29db
server: return report id when reporting
...
ci/woodpecker/push/lint-foundkey-js Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-backend Pipeline failed
This can be useful when adding a feature for admins and moderators
where they will be able to immediately deal with their own report,
i.e. forwarding it to the other instance.
Changelog: Added
2024-02-19 08:19:23 +01:00
fba8536743
stop retries after wrong content-type
...
It does not make sense to re-request the same resource with the same
parameters and expect a different content-type to be returned. Also
this makes the error message more sensible and understandable.
2024-02-19 07:50:19 +01:00
4b3154c22c
streamline reporting window
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline failed
2024-02-19 07:46:55 +01:00
47b3277201
check content-type header on AP requests
...
ci/woodpecker/push/lint-foundkey-js Pipeline failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
Changelog: Security
Ref: GHSA-jhrq-qvrm-qr36
2024-02-17 09:04:36 +01:00
Laura Hausmann
c8f8e4c01d
activitypub: fix typo in audience.ts isPublic check
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
2024-02-11 13:12:43 +01:00
6ee8a369b3
remove private-ip
...
Matching IP addresses against Regex does not seem like a smart idea.
Also it depends on ipaddr.js so that is already in the dependency
tree for us anyway.
2024-02-03 12:49:04 +01:00
c504091c61
server: AbortError at lower log level
...
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
AbortErrors happen when a connection times out, which is a quite
common occurrence and not worthy of a warning level log message.
2024-01-24 01:16:30 +01:00
aac1c40657
server: only decrement deletion ref count on final fail
...
Changelog: Fixed
2024-01-24 01:15:47 +01:00
83bce62672
server: prefer IPv6
...
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
> wild, it seems they had a bug about A/AAAA fallback a while ago but the
> way they fixed it is "v6 if v4 fails", not the other way around
>
> https://github.com/szmarczak/cacheable-lookup/issues/27
> b2348d5aed
>
> javascript community pls
-- @sn0w@cofe.rocks
2024-01-23 19:57:37 +01:00
6fd422f2b0
server: use AbortSignal.timeout
...
Using AbortSignal.timeout is a cleaner solution that using an
AbortController and triggering it ourselves with setTimeout.
2024-01-23 19:46:11 +01:00
b94aeb2df2
server: try to fix link parsing from wafrn.net
...
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
Changelog: Fixed
2024-01-05 14:15:53 +01:00
ada577bde6
server: fix/document strange requirements for emoji packs
...
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/test Pipeline failed
The change in the emoji export logic should fix the case where emoji
packs exported with Foundkey should be used in any other Misskey fork.
I've opted not to change the import logic and instead document the
strange behaviour because it would also not be accepted by Misskey.
2024-01-04 21:31:04 +01:00
3968a6ca07
server: fix wrong emoji regex in backend
...
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/test Pipeline failed
Changelog: Fixed
2024-01-04 17:43:05 +01:00
86565cd25b
client: link to update vote count
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/test Pipeline failed
2024-01-03 17:41:20 +01:00
24f6177b94
server: endpoint to fetch votes count
...
Changelog: Added
2024-01-03 17:29:46 +01:00
78359daac6
server: remove denormalized note visibility field
...
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
Changelog: Fixed
2024-01-03 16:13:13 +01:00
2cf80a8ccf
remove pinned users
...
Changelog: Removed
2024-01-03 16:01:56 +01:00
6bd42ab3f9
client: remove explore page
...
Changelog: Removed
2024-01-03 16:01:55 +01:00
5d60ba6c50
client: remove initial tutorial
...
Foundkey is not really intended for new users, so it seems to me harmless
to remove this therefore unnecessary tutorial.
Changelog: Removed
2024-01-03 16:01:29 +01:00
66560f9977
Add missing else in log level checking
...
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/lint-client Pipeline was successful
ci/woodpecker/pr/lint-backend Pipeline was successful
ci/woodpecker/pr/lint-sw Pipeline was successful
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
I was getting confused for a good while on why this message showed up
even though I set the environment properly
2023-12-18 05:26:44 +02:00
c67ff44207
make webfinger server stuff more readable
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/test Pipeline failed
2023-12-16 09:59:51 +01:00
bed6a1e2d8
redirect webfinger of domain to instance actor
...
(Johann150 yells at cloud)
2023-12-16 09:59:17 +01:00
89761c86ab
server: add endpoint to delete multiple notes
...
Changelog: Added
2023-12-03 14:37:11 +01:00
d1cde9c75e
server: remove unused import
2023-12-03 14:30:51 +01:00
b7dc3cca22
activitypub: send all cascade deletes
...
The `deleteNotes` function would not correctly handle cases where cascade
deleted notes were from a different user than the initially deleted note.
Changelog: Fixed
2023-12-03 14:18:34 +01:00
8b16ead35c
fix handling of plain MFM tag
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
2023-11-24 16:43:03 +01:00