Commit graph

1146 commits

Author SHA1 Message Date
b8b69f825a
activitypub: strict id check
TBH I'm still not quite convinced that this is really necessary but also
since treating an id mismatch like a redirect, I also don't think it
should break anything.
2024-03-30 16:40:57 +01:00
01f8c5d7da
activitypub: disallow cross-origin redirects
Changelog: Security
2024-03-30 16:12:26 +01:00
7e37a8fd88
use decrementing amount of redirects
This makes `redirects` contain the number of remaining redirects, which
makes it easier to limit the number of further redirects that should be
allowed.
2024-03-30 16:12:26 +01:00
e2311a6f4b
refactor function placement 2024-03-30 16:12:22 +01:00
ac1ef641f5
server: fix cache expiring
Some checks failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
2024-03-30 08:39:47 +01:00
1af0687423
server: refactor fetching private key
Especially in the case where the private key is used in an "array deliver",
it makes sense to only get the private key once instead of having the overhead
of fetching the key for each HTTP request.
2024-03-27 21:22:25 +01:00
f285281b5a
fixup! server: properly expire public key cache 2024-03-26 21:06:21 +01:00
624157f03e
server: forbid activitypub requests on unexpected routes
ActivityPub requests on routes which do not support activitypub
are now replying with HTTP status code 406 "Not Acceptable".

ActivityPub clients are required by the W3C TR to set the `Accept`
header. If this accept header is detected on an unexpected route,
the whole request will be aborted with the status code above.

This is an additional measure for clients who might not be aware of
having to check the content-type header of the reply.

Ref: https://github.com/w3c/activitypub/issues/432
Changelog: Security
2024-03-26 21:05:13 +01:00
e366116ac1
add/translate comments 2024-03-22 09:41:45 +01:00
2b5a35147a
activitypub: stop accepting collections in inbox
Changelog: Removed
2024-03-20 06:27:01 +01:00
1098b3a038
activitypub: remove sending read receipts for chat
Changelog: Removed
2024-03-20 06:10:51 +01:00
6501c542b2
server: only cache public keys for 15min
Some checks failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/test Pipeline failed
2024-03-19 19:16:07 +01:00
ab22a1afa0
more compact notifications
Some checks failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/test Pipeline failed
Don't show the entire renoted note in notifications and some other places.

Changelog: Changed
2024-03-19 19:09:34 +01:00
2c55f8968c
fixup! server: return report id when reporting
Some checks failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/test Pipeline failed
2024-03-19 18:46:00 +01:00
fc733a4a86
server: properly expire public key cache
Changelog: Fixed
2024-03-19 18:40:34 +01:00
5636534d03
server: fix user deletes being stuck in queue
Some checks failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
The user was already deleted from the user cache, so requesting the
user returned null. Because the key was not null, there was a non-null
return, in turn making further code think, fetching the user was
successful.
2024-03-19 18:07:41 +01:00
4b121e7615
format package.json, update lockfile
Some checks failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/test Pipeline failed
2024-03-17 17:31:36 +01:00
5664c9fdf7
fixup! remove unused hashtag chart
Some checks failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline failed
Apparently the sequence is automatically deleted.
2024-03-17 17:21:02 +01:00
d82c72a111
remove unused hashtag chart
Some checks failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline failed
Changelog: Removed
2024-03-17 16:48:36 +01:00
d4a5ed29db
server: return report id when reporting
Some checks failed
ci/woodpecker/push/lint-foundkey-js Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-backend Pipeline failed
This can be useful when adding a feature for admins and moderators
where they will be able to immediately deal with their own report,
i.e. forwarding it to the other instance.

Changelog: Added
2024-02-19 08:19:23 +01:00
fba8536743
stop retries after wrong content-type
It does not make sense to re-request the same resource with the same
parameters and expect a different content-type to be returned. Also
this makes the error message more sensible and understandable.
2024-02-19 07:50:19 +01:00
47b3277201
check content-type header on AP requests
Some checks failed
ci/woodpecker/push/lint-foundkey-js Pipeline failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
Changelog: Security
Ref: GHSA-jhrq-qvrm-qr36
2024-02-17 09:04:36 +01:00
Laura Hausmann
c8f8e4c01d
activitypub: fix typo in audience.ts isPublic check
Some checks failed
ci/woodpecker/push/build Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
2024-02-11 13:12:43 +01:00
6ee8a369b3
remove private-ip
Matching IP addresses against Regex does not seem like a smart idea.
Also it depends on ipaddr.js so that is already in the dependency
tree for us anyway.
2024-02-03 12:49:04 +01:00
c504091c61
server: AbortError at lower log level
Some checks failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
AbortErrors happen when a connection times out, which is a quite
common occurrence and not worthy of a warning level log message.
2024-01-24 01:16:30 +01:00
aac1c40657
server: only decrement deletion ref count on final fail
Changelog: Fixed
2024-01-24 01:15:47 +01:00
83bce62672
server: prefer IPv6
Some checks failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
> wild, it seems they had a bug about A/AAAA fallback a while ago but the
> way they fixed it is "v6 if v4 fails", not the other way around
>
> https://github.com/szmarczak/cacheable-lookup/issues/27
> b2348d5aed
>
> javascript community pls
-- @sn0w@cofe.rocks
2024-01-23 19:57:37 +01:00
6fd422f2b0
server: use AbortSignal.timeout
Using AbortSignal.timeout is a cleaner solution that using an
AbortController and triggering it ourselves with setTimeout.
2024-01-23 19:46:11 +01:00
b94aeb2df2
server: try to fix link parsing from wafrn.net
Some checks failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
Changelog: Fixed
2024-01-05 14:15:53 +01:00
ada577bde6
server: fix/document strange requirements for emoji packs
Some checks failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/test Pipeline failed
The change in the emoji export logic should fix the case where emoji
packs exported with Foundkey should be used in any other Misskey fork.

I've opted not to change the import logic and instead document the
strange behaviour because it would also not be accepted by Misskey.
2024-01-04 21:31:04 +01:00
3968a6ca07
server: fix wrong emoji regex in backend
Some checks failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/test Pipeline failed
Changelog: Fixed
2024-01-04 17:43:05 +01:00
24f6177b94
server: endpoint to fetch votes count
Changelog: Added
2024-01-03 17:29:46 +01:00
78359daac6
server: remove denormalized note visibility field
Some checks failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
Changelog: Fixed
2024-01-03 16:13:13 +01:00
2cf80a8ccf
remove pinned users
Changelog: Removed
2024-01-03 16:01:56 +01:00
66560f9977 Add missing else in log level checking
Some checks failed
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/lint-client Pipeline was successful
ci/woodpecker/pr/lint-backend Pipeline was successful
ci/woodpecker/pr/lint-sw Pipeline was successful
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
I was getting confused for a good while on why this message showed up
even though I set the environment properly
2023-12-18 05:26:44 +02:00
c67ff44207
make webfinger server stuff more readable
Some checks failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/test Pipeline failed
2023-12-16 09:59:51 +01:00
bed6a1e2d8
redirect webfinger of domain to instance actor
(Johann150 yells at cloud)
2023-12-16 09:59:17 +01:00
89761c86ab
server: add endpoint to delete multiple notes
Changelog: Added
2023-12-03 14:37:11 +01:00
d1cde9c75e
server: remove unused import 2023-12-03 14:30:51 +01:00
b7dc3cca22
activitypub: send all cascade deletes
The `deleteNotes` function would not correctly handle cases where cascade
deleted notes were from a different user than the initially deleted note.

Changelog: Fixed
2023-12-03 14:18:34 +01:00
101ea21747
server: don't cache users for infinity
Some checks failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
If the cache runs for an infinite amount of time, the users may as well
be stored in memory directly.

Changelog: Fixed
2023-11-04 11:54:13 +01:00
8d78113907
server: fix cache eviction
Previously due to bad logic it was impossible for cache entries to ever
be evicted. Ideally this should not be done again but should just use redis
but that can be done another day.

Changelog: Fixed
2023-11-04 11:52:57 +01:00
6367fcca79
fix pagination for shuffled timeline
Some checks failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
2023-10-30 17:41:44 +01:00
0bcbb38ecc
add shuffled note timeline
Some checks failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/test Pipeline failed
Changelog: Added
2023-09-25 21:14:28 +02:00
2fcea24817
activitypub: parse MathML to MFM
Some checks failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
Ref: FEP-dc88
Changelog: Changed
2023-09-24 19:28:55 +02:00
f6c3d44265
activitypub: add MathML rendering
Ref: #343 (comment)
Ref: FEP-dc88
Changelog: Changed
2023-09-24 17:58:49 +02:00
1e7d2cf54c
move dependency to right package
Some checks failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/test Pipeline failed
The backend depends on argon2 since it is used for hashing passwords. Since
it is not used for building the package, the dependency is by the backend
package itself.
2023-09-24 17:02:14 +02:00
37658f5162
server: try to fix queue errors
Some checks failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
Some errors in the queue are not properly handled. For example a blocked instance
will cause the respective queue job to be retried. this should of course not happen
and instead the job should be dropped. This is trying to correct that.

Changelog: Fixed
2023-09-24 16:29:27 +02:00
2c69cb4a92
server: check inbox URLs
Some checks failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/test Pipeline failed
This adds a check for inbox and sharedInbox URLs to be both
valid and also absolute URLs. If the normal inbox URL is invalid,
the actor will be rejected. If the sharedInbox URL is invalid, it
will be ignored.

Changelog: Fixed
2023-08-16 19:21:37 +02:00
c669e9212f
docs: add descriptions for some endpoints
Some checks failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/test Pipeline failed
2023-07-27 18:17:36 +02:00