Exploiting this before should already have been rather difficult because you
would need to know or guess the notification's ID. It is also of relatively
low security impact.
Changelog: Fixed
In #134, the mention `MfmNode` handler was made async to allow the
mentionedUsers query to be used there. This however changed the return
type of that handler to be a `Promise`, causing a `TypeError` in
`appendChildren`.
This fixes the `TypeError` by making every handler and the `appendChildren`
function also async and awaiting on the processed children.
This also attempts to fix the types issue with handlers by casting to
the newly defined `HandlerFunc` type instead of to `any`.
The use of `"moduleResolution": "Node16"` is to make TS use the same
module resolution as Node does when using ESM modules.
`reconnecting-websocket`'s TS definition files were copied over but
wrapped in a `declare module` block to make TS properly accept
using the default import directly without using `.default`.
I also decided to look into `autobind-decorator`'s source code and
figured that I could use the `boundMethod` annotation directly instead
of using the `autobind` default export.
Technically, ESM modules require imports to include file extensions.
For whatever reason this didn't seem to be required when importing into
the client, but it does seem to be required for use in the backend.
The mentionedUsers query was being run on every post, regardless of
whether a mention was in it or not.
This resulted in an SQL query ending in `WHERE userId IN ()` which is
not allowed in PostgreSQL.
Reference: FoundKeyGang/FoundKey#132
Changelog: Fixed
In #49, the AiScript functionality was removed from pages as they've
been simplified to a simple textarea.
This setting now effectively does nothing as a result.
Changelog: Removed
The column mentionedRemoteUsers on the note table in the database is
firstly in the wrong type since it contains JSON data but is typed as
text. Secondly it seems redundant, since that data can be acquired by
using the note.mentions column to fetch the respective data instead.
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Removed the misc/get-note-html module which was only used in one place.
Instead of it, the general MFM to HTML functionality has been improved to
take care of the use cases of that module as well.
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
In current state, service worker overloads every "connection error"
kind of reaction to a plaintext 200 saying "Offline.", which leads
to terribly undebuggable situations as the browser decides to cache
this as an image, and then someone's pfp is broken literally
forever unless you Ctrl+Shift+R every time you reload frontend.
This change removes the handler, because it is unclear how we even
benefit from it being there.