Commit graph

1908 commits

Author SHA1 Message Date
9317d25078
server: expire notifications after 3 months
closes FoundKeyGang/FoundKey#292

Changelog: Added
2022-12-21 21:46:45 +01:00
fc36bb8880
server: reduce code duplication in check-expired queue job 2022-12-21 21:46:27 +01:00
711bb8be7d
fixup: add missing redirect argument 2022-12-21 21:23:23 +01:00
275136cf8b
allow redirects in API ap/* endpoints 2022-12-21 20:45:55 +01:00
aa33708b90
server: handle redirects in signed get
part of FoundKeyGang/FoundKey#288

Changelog: Fixed
2022-12-20 22:07:24 +01:00
99c459a21a
server: better upload limit error
Ref: FoundKeyGang/FoundKey#293
2022-12-19 21:29:29 +01:00
bd68096ea9
server: refactor API error 2022-12-19 21:24:39 +01:00
c411669133
client: fix token-generate-window component 2022-12-18 20:42:05 +01:00
639fa74d43
client: restyle app token view 2022-12-18 19:37:52 +01:00
3bf7deb233
client: remove unused styling classes 2022-12-18 00:50:02 +01:00
2520633210
client: move MFM animations to MFM component 2022-12-18 00:49:28 +01:00
4574db523a
client: add default margin to FormSwitch and MkButton 2022-12-18 00:11:32 +01:00
263fb94f3f
client: unify import names of form ui components 2022-12-18 00:04:53 +01:00
0e3321c106
client: unify import names of MkButton component 2022-12-17 23:32:25 +01:00
677ee537d1
client: remove unused component 2022-12-17 22:39:18 +01:00
1e539e6af5
client: add missing space
see FoundKeyGang/FoundKey#291
2022-12-17 22:34:49 +01:00
0e5f744560
client: 2fa is not its own settings page 2022-12-17 22:34:49 +01:00
6c7f1774e3
server: fix thread mutes not applying to renotes
Changelog: Fixed
2022-12-15 21:20:24 +01:00
af43df15ca
reduce duplication in secureRndstr 2022-12-15 20:46:17 +01:00
5f83383ab8
fix import error in tests 2022-12-15 20:45:55 +01:00
8c759dde6c
server: fix error about duplicate resolve 2022-12-15 19:44:55 +01:00
84d83d908a
client: add button to unrenote
Changelog: Added
2022-12-15 17:52:19 +01:00
16d091497a
server: use extractDbHost instead of toPuny, translate comments
Also swapped logical or for nullish coalescing operator in some places.
2022-12-15 00:32:15 +01:00
ef53ec276a
activitypub: simplify some URI/id related checks
followup on previous commit
2022-12-15 00:31:23 +01:00
3582fd8260
activitypub: centrally check id matches URL in resolver
This makes some duplicated checks in models/note and models/person
unnecessary.
2022-12-15 00:29:39 +01:00
6256ddbd30
client: remove unused variables 2022-12-14 22:09:29 +01:00
00fcc238f7
client: remove broken instance ticker from landing page 2022-12-14 22:08:27 +01:00
9f1670d5fd
server: fix default not found error image 2022-12-14 19:05:41 +01:00
ff31b8b06d server: remove bios and cli
The BIOS and CLI functionality were mainly for debugging purposes.
If a user has to use those to resolve an issue with the server, that
really should be fixed at the source instead.

Closes: FoundKeyGang/FoundKey#283
Changelog: Removed
2022-12-14 17:59:25 +00:00
398ee6435b
client: replace repo link with foundkey link 2022-12-14 18:21:24 +01:00
ffff2ae5ef
server: fix missing import
closes FoundKeyGang/FoundKey#286
2022-12-14 18:08:44 +01:00
ccc8bf0289
chore: fix more miscellaneous lints 2022-12-13 23:09:32 +01:00
a231b36d59
chore: fix lint about unused variables in entities 2022-12-13 23:09:32 +01:00
8e9c65fab0
chore: fix some import related lints 2022-12-13 23:09:31 +01:00
78a3051313
remove unneeded TODO 2022-12-13 16:46:29 -05:00
78717e85d3
server: change JSON.parse/stringify to structuredClone
structuredClone is more typesafe than using JSON.parse and
JSON.stringify.

Now that Node 18.x is the new baseline, this should be safe to use now.

See https://developer.mozilla.org/en-US/docs/Web/API/structuredClone
for details.
2022-12-13 16:45:38 -05:00
a9d3cae511
server: add return type to extractApMentions 2022-12-13 16:31:15 -05:00
bd27b7ca3a
server: add typing for renderFollowRelay 2022-12-13 16:06:18 -05:00
e28a9eb8e8
use tsc --noEmit for backend and client
See https://github.com/misskey-dev/misskey/pull/9316
2022-12-13 16:02:06 -05:00
e5a4c5d2d0
chore: update @typescript-eslint packages 2022-12-13 15:57:26 -05:00
6bba55c196
sw: add TypeScript type checking
This implements the upstream changes from
https://github.com/misskey-dev/misskey/pull/9314 but updated to our
version of ESLint.

Also updates TypeScript to 4.9.4 for all packages.
2022-12-13 15:42:08 -05:00
1d469f3c34
fix import typo 2022-12-13 15:12:29 -05:00
3f0228e14c
server: use color-convert KEYWORD instead of extracting parameter type 2022-12-13 15:11:29 -05:00
73f81177b4
foundkey-js: adjust type definition 2022-12-13 20:54:50 +01:00
6a26da3516
client: use configurable images 2022-12-13 20:54:49 +01:00
5ea744b1b2
server: use configurable images 2022-12-13 20:54:49 +01:00
ae6ba05306
add config for error images
Changelog: Added
2022-12-13 20:54:49 +01:00
Sam Smucny
21069223e3
client: add tooltips to visibility icons
Changelog: Changed
2022-12-13 20:49:17 +01:00
d4d1e03479
server: fix errors for replies and state when note doesnt exist 2022-12-13 20:35:46 +01:00
030394b30d
refactor: remove default export for boot 2022-12-11 14:42:55 -05:00
768d9bbdfb
refactor: remove default export for perform 2022-12-11 18:23:19 +01:00
3ef1a4b0f9
refactor: remove default export for Resolver 2022-12-11 18:23:07 +01:00
ae59ce51b0
refactor: remove default export for DbResolver 2022-12-11 18:16:48 +01:00
14a9b9bedd
refactor: remove default export for request 2022-12-11 18:16:45 +01:00
985a13f47f
refactor: remove default export for DeliverManager 2022-12-11 17:56:25 +01:00
507b328fdf
activitypub: also forward resolver to resolveNote 2022-12-10 11:23:10 +01:00
3cf673960b server: Fix typing for user token
Also fix a comment in the User model that wrongly states that the token
is null if the user is local, when it's the opposite.
2022-12-08 23:20:41 -05:00
cbfd866122 server: make fetcher key non-null 2022-12-08 23:19:39 -05:00
b23a8dbaed server: translate comments 2022-12-08 23:18:45 -05:00
80a73a7510 server: remove unused imports from suspend-user.ts 2022-12-08 23:18:45 -05:00
3dec9a47f0 server: fix various type errors in services 2022-12-08 23:18:45 -05:00
b8fb7a38cc server: improve Logger typing information and docs 2022-12-08 23:18:45 -05:00
fdc682e810 server: remove sendEmailNotification
The functions have their bodies completely comented out,
which means they are doing nothing.
2022-12-08 23:18:45 -05:00
fde751df8f
fix: properly supply resolver (2) 2022-12-08 19:06:55 +01:00
1faf1035f9
server: handle users getting deleted somewhere else
I don't know why but several jobs got stuck in my inbox queue because
of errors like 'Could not find any entity of type "User" matching...'.
2022-12-08 18:12:24 +01:00
e2ce599aca
fix: properly supply resolver 2022-12-08 18:12:05 +01:00
73870e85cd
client: make headlines in queue widget links
The headlines "inbox queue" and "deliver queue" are now links to the
admin panel page about the queue.

Changelog: Changed
2022-12-07 23:23:16 +01:00
350f21d955
server: fix typing for skippedInstances query 2022-12-07 16:41:34 -05:00
873e21f090
chore: update eslint 2022-12-07 16:27:53 -05:00
2afe54c121
eslint: allow backticks to avoid escaping single/double quotes 2022-12-07 16:27:39 -05:00
501cf834c8
client: fix issue of search only working once
closes FoundKeyGang/FoundKey#274

Changelog: Fixed
2022-12-07 21:56:27 +01:00
b66f7550ab
server: auto-fix lints 2022-12-07 13:39:21 -05:00
18664dbca3
server: add missing paren
How did this not break yet?
2022-12-07 18:29:04 +01:00
0f3f42eb39
remove rndstr dependency
This dependency was unused in the client.

The use of it in the server can be replaced entirely by the
secureRndstr function, with some slight modifications.

That function could probably be refactored a bit more as well.
2022-12-07 18:08:09 +01:00
d3f1ad9a88 chore: remove unused packages 2022-12-06 23:18:27 +01:00
1aa3898db5 server: remove unused import 2022-12-06 23:12:45 +01:00
96c3744555 client: remove integration settings menu entry 2022-12-06 23:00:32 +01:00
b023741f50 server: remove integrations field from user 2022-12-06 23:00:08 +01:00
7e8d5c3b79 foundkey-js: remove integration fields from instance type 2022-12-06 21:52:16 +01:00
c785fbab6e client: remove integration signin options 2022-12-06 21:51:01 +01:00
547a1f81d4 client: remove integration settings 2022-12-06 21:50:34 +01:00
95384d0bb2 client: remove integration admin settings 2022-12-06 21:50:20 +01:00
4cc5b734e7 activitypub: remove integration fields from person and nodeinfo 2022-12-06 21:49:19 +01:00
5d32872999 server: remove integration API routes 2022-12-06 21:48:31 +01:00
b4b1204f77 server: remove integration-related fields from meta 2022-12-06 21:47:59 +01:00
c1a51547a9 BREAKING: server: remove wildcard blocking and instead block subdomains (#269)
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: FoundKeyGang/FoundKey#269
Changelog: Changed
2022-12-05 17:55:38 +00:00
4e74d26e45 backend: fix ratelimit typo
Changelog: Fixed
2022-12-05 15:49:33 +01:00
a421dd401c
activitypub: refactor to always apply recursion limit
Refactor to remove as many "new Resolver" as possible.
2022-12-04 21:11:44 +01:00
c4211761e6
server: refactor resolveSelf to just return the webfinger href
Since the href seems to be the only attribute that is used, and I didn't
want to add a full type definition this was the easier option.
2022-12-04 21:11:43 +01:00
03b673165f
server: refactor "authUser" functions into separate file
They did not really fit into the DbResolver because they may fetch data
from remote instances even though DbResolver is only supposed to access
the database.
2022-12-04 21:11:35 +01:00
de18c8306d
server: fix token-permissions migration
The table that is affected here was not properly purged of old entries. It only holds
data that is needed while a 3rd party authorization is in progress but not finished.

The code that typeorm generated for this migration is a bit wonky because it should
probably have dropped one column and created another one. But if we clear out all entries
it should work regardless and I'm feeling lazy right now. :P
2022-12-04 19:05:02 +01:00
38df8dc734
client: set display name limit same as server
Changelog: Fixed
2022-12-04 15:35:43 +01:00
11e4a8cb9b
remove erroneous space 2022-12-04 15:34:05 +01:00
d1e0d79c19
client: unify different error dialogs
Changelog: Fixed
2022-12-04 14:27:53 +01:00
946e862ecd
server: implement OAuth 2.0 Authorization Code grant
Changelog: Added
Reviewed-on: FoundKeyGang/FoundKey#205
2022-12-04 14:06:36 +01:00
97052b1f61
server: refactor fromHtml attribute handling
Also try to recognize owncast hashtag links.
2022-12-04 03:43:22 +01:00
cda9197700
server: increase nodeinfo caching
Changelog: Changed
2022-12-04 03:26:50 +01:00
2dde8273e2 implement separate web workers
Reviewed-on: FoundKeyGang/FoundKey#252
2022-12-03 13:33:23 +00:00
de927e1f30 server: handle invalid URLs in comparison 2022-12-03 10:38:33 +00:00
bdcec2b8a7 server: implement OAuth discovery (RFC 8414) 2022-12-03 10:38:33 +00:00
5291f29581 implement OAuth PKCE
This implements Proof Key for Code Exchange a.k.a. RFC 7636.
2022-12-03 10:38:33 +00:00
15b3ab6d13 check redirect URIs 2022-12-03 10:38:33 +00:00
79e3c20189 server: allow to grant tokens with more restricted privileges
This also simplifies API authentication a bit by not having to fetch
the App that is related to a token.

The restriction of 1 token per app is also lifted. This was not a
constraint in the database but it was enforced by the code and
kinda wrong schema the auth_session table had.
2022-12-03 10:38:32 +00:00
2f2e6a58a4 docs: read scope descriptions from locale strings 2022-12-03 10:38:32 +00:00
c5568cfdf3 client: fix auth page layout
This also includes better rendering when no permissions are requested.

Also removed the app's id from the page as it makes no sense to show
this to a user.

Changelog: Fixed
2022-12-03 10:38:32 +00:00
c65fdebe26 server: add missing auth/deny endpoint
This endpoint is hinted at in the client, but is not actually defined
in the backend. This commit defines it.
2022-12-03 10:38:32 +00:00
418c88bb8f expire AuthSessions after 15 min 2022-12-03 10:38:32 +00:00
2b19b34196 update OpenAPI docs to OAuth 2022-12-03 10:38:32 +00:00
7db7fdd9e2 add API route for OAuth access token retrieval 2022-12-03 10:38:32 +00:00
a13e956af0 make authorization token granting OAuth 2.0 compatible
This is basically a shim on top of the existing API.
Instead of the 3rd party, the web UI generates the authorization session.

The data that the API returns is slightly adjusted so that only one
API call is necessary instead of two.
2022-12-03 10:38:32 +00:00
18cf228f89
server: readd "fetch meta only once in skippedInstances""
This reverts commit e446a11bb7.

Turns out this wasn't really the source of the referenced issue and
someone was able to run with the original commit fine, so adding this
back for now.
2022-12-03 05:13:30 -05:00
bdf2e14a73
server: fix TypeError in registerOrFetchInstanceDoc
Changelog: Fixed
2022-12-03 04:01:51 -05:00
e446a11bb7
Revert "server: fetch meta only once in skippedInstances"
This reverts commit 81d63720f2 since it
seems to cause a ReferenceError for some reason.

Ref: https://toot.site/@jeder/109447151582516733
2022-12-03 02:13:18 -05:00
194fff3603
activitypub: hashtags no longer displaying as links
Some hashtags sent from Mastodon were erroneously displayed as links.
This is because Mastodon seems to mangle hashtags containing non-ASCII
codepoints (such as e.g. umlauts). This lead to the previous code which
depended on the list of hashtags to not recognize a hashtag. Instead,
the `rel="tag"` microformat is recognized instead.

This makes the `htmlToMfm` wrapper function unnecessary so it was removed.

Changelog: Fixed
2022-12-02 19:31:57 +01:00
b4080d788d
slight refactoring & translating japanese 2022-12-02 19:00:58 +01:00
e49b8d0ef3
server: remove unnecessary apLogger aliases 2022-12-02 18:58:19 +01:00
7d3d0f858c
increment versions in package.json 2022-12-02 16:59:47 +01:00
81d63720f2
server: fetch meta only once in skippedInstances 2022-12-02 09:26:14 -05:00
5e6b51094e
server: fix instance skipping
This should actually make instance skipping work properly since
shouldBlockInstance is now properly awaited on now.
2022-12-02 09:10:56 -05:00
9ad37a12f8
server: fix rendering of Follow activity when removing follow
closes FoundKeyGang/FoundKey#263

Changelog: Fixed
2022-12-01 21:49:38 +01:00
e10700a2be Merge pull request 'server: add wildcard matching to blocked hosts' (#260) from wildcard-block-v2 into main
Reviewed-on: FoundKeyGang/FoundKey#260
2022-12-01 20:12:18 +00:00
dc7533baa4 Merge pull request 'server: Add recursion limit to resolver' (#261) from recursion-limit into main
Reviewed-on: FoundKeyGang/FoundKey#261
2022-12-01 20:11:40 +00:00
721a327192
fixup: remove unused import 2022-12-01 20:46:46 +01:00
936cbf900b
use default argument value
This unifies the style with the other function in that file and fixes
the lint "no-param-reassign".
2022-12-01 20:32:57 +01:00
bc62d0ba9f
client: update emoji list
This corrects the gender-specific variants in general, adds a few
missing ones, replaces names that are just Unicode codepoints with
actual names, and makes the keywords more consistent.

Some data for this was taken from the annotations in the Unicode
CLDR version 42.

Reviewed-on: FoundKeyGang/FoundKey#262
2022-12-01 20:10:14 +01:00
749015807a
client: also autocomplete flag emoji
Changelog: Changed
2022-12-01 20:08:55 +01:00
b3e34795c0
require punycode conversion beforehand for admins 2022-12-01 12:07:43 -05:00
a35c98bbd5
server: encode non-ascii domains in punycode in matchHost 2022-12-01 11:34:11 -05:00
075e251822
server: add wildcard matching to blocked hosts
This adds in wildcard matching. For instance:
- `*.bad.tld` will match: `very.bad.tld`
- `bad.*` will match: `bad.something`
- `*.bad.*` will match: `very.bad.evil`

Changelog: Changed
2022-12-01 11:29:02 -05:00
Derek Schmidt
11a6e706f4
server: Use shared resolver in featured and question accept 2022-12-01 04:40:14 -05:00
Derek Schmidt
d3af00a912
server: Add recursion limit to resolver
Changelog: Security
2022-12-01 04:40:07 -05:00
973bd4532b Merge pull request 'server: always enable push notifications' (#235) from enable-push-notifs into main
Reviewed-on: FoundKeyGang/FoundKey#235
Changelog: Changed
2022-11-29 21:51:10 +00:00
13fda0c9c7
client: refactor emoji autocomplete & make case insensitive
Changelog: Changed
2022-11-29 21:13:20 +01:00
cdb8922336
client: make all unicode emoji names lowercase 2022-11-29 20:35:23 +01:00
5b574d40f9
client: use native Notifications API (#234)
Reviewed-on: FoundKeyGang/FoundKey#234
Changelog: Changed
2022-11-29 12:35:36 -05:00
07370a3b84
client: put back button to remove all following
Changelog: Added
2022-11-28 21:47:17 +01:00
97233fab69
client: add link to weblate 2022-11-28 18:37:54 +01:00
5733f127ca
backend: update re2 to 1.17.8
This should fix Node 19 compatibility.

Fixes: FoundKeyGang/FoundKey#238
2022-11-28 12:02:24 -05:00
8130a2a9b1
server: remove deeplIsPro setting
This setting is unnecessary because DeepL free keys can be detected
easily according to <https://www.deepl.com/docs-api/api-access/authentication/>:
> DeepL API Free authentication keys can be identified easily by the suffix ":fx"

Changelog: Removed
2022-11-27 12:12:56 +01:00
9fd23b5dae
server: remove quote urls, 3rd try
First try was 66a7c62342 but classList is
not in parse5 DOM. Second try was 7ee6a09cf2
but forgot the contents of this commit.
2022-11-27 09:30:51 +01:00
a6e05226ab
client: update vue and eslint-plugin-vue 2022-11-26 19:07:57 -05:00
1f037e18d6
client: autofocus on search input field
This should better replicate the previous behaviour of the text input dialog.
2022-11-27 00:14:42 +01:00
24506ba557
client: remove unused notification-toast component 2022-11-26 16:37:11 +01:00
8a807db02e
client: pass along notifications if push notifs disabled 2022-11-26 16:37:11 +01:00
1e8e551ee3
service worker: refactor message event handler
It is now possible for the client to trigger notifications "manually"
if push notifications are not configured on the server.
2022-11-26 16:37:10 +01:00
c34bebdf46
service worker: also show notifications if client is connected 2022-11-26 16:37:08 +01:00
a1f3b212fe
client: translate comments 2022-11-26 16:34:45 +01:00
f9ba3ab996
client: fix undefined variable when searching for handle 2022-11-26 16:26:38 +01:00
6600f6e52e fixup: make cluster limit into a per-mode warning rather than error 2022-11-26 13:28:39 +01:00
d0c504ec85
server: fix unknown variable in signin endpoint 2022-11-25 19:09:08 +01:00