5291f29581
implement OAuth PKCE
...
This implements Proof Key for Code Exchange a.k.a. RFC 7636.
2022-12-03 10:38:33 +00:00
15b3ab6d13
check redirect URIs
2022-12-03 10:38:33 +00:00
79e3c20189
server: allow to grant tokens with more restricted privileges
...
This also simplifies API authentication a bit by not having to fetch
the App that is related to a token.
The restriction of 1 token per app is also lifted. This was not a
constraint in the database but it was enforced by the code and
kinda wrong schema the auth_session table had.
2022-12-03 10:38:32 +00:00
2f2e6a58a4
docs: read scope descriptions from locale strings
2022-12-03 10:38:32 +00:00
c5568cfdf3
client: fix auth page layout
...
This also includes better rendering when no permissions are requested.
Also removed the app's id from the page as it makes no sense to show
this to a user.
Changelog: Fixed
2022-12-03 10:38:32 +00:00
c65fdebe26
server: add missing auth/deny endpoint
...
This endpoint is hinted at in the client, but is not actually defined
in the backend. This commit defines it.
2022-12-03 10:38:32 +00:00
418c88bb8f
expire AuthSessions after 15 min
2022-12-03 10:38:32 +00:00
2b19b34196
update OpenAPI docs to OAuth
2022-12-03 10:38:32 +00:00
7db7fdd9e2
add API route for OAuth access token retrieval
2022-12-03 10:38:32 +00:00
a13e956af0
make authorization token granting OAuth 2.0 compatible
...
This is basically a shim on top of the existing API.
Instead of the 3rd party, the web UI generates the authorization session.
The data that the API returns is slightly adjusted so that only one
API call is necessary instead of two.
2022-12-03 10:38:32 +00:00
18cf228f89
server: readd "fetch meta only once in skippedInstances""
...
This reverts commit e446a11bb7
.
Turns out this wasn't really the source of the referenced issue and
someone was able to run with the original commit fine, so adding this
back for now.
2022-12-03 05:13:30 -05:00
bdf2e14a73
server: fix TypeError in registerOrFetchInstanceDoc
...
Changelog: Fixed
2022-12-03 04:01:51 -05:00
c5cf167ffa
server: fix ReferenceError: meta is undefined
...
Ref: e446a11bb7
Changelog: Fixed
2022-12-03 02:18:08 -05:00
e446a11bb7
Revert "server: fetch meta only once in skippedInstances"
...
This reverts commit 81d63720f2
since it
seems to cause a ReferenceError for some reason.
Ref: https://toot.site/@jeder/109447151582516733
2022-12-03 02:13:18 -05:00
5b6b2b214d
Translated using Weblate (German)
...
Currently translated at 100.0% (1214 of 1214 strings)
Co-authored-by: Johann <johann@qwertqwefsday.eu>
Translate-URL: http://translate.akkoma.dev/projects/foundkey/foundkey/de/
Translation: Foundkey/foundkey
2022-12-02 21:17:39 +00:00
194fff3603
activitypub: hashtags no longer displaying as links
...
Some hashtags sent from Mastodon were erroneously displayed as links.
This is because Mastodon seems to mangle hashtags containing non-ASCII
codepoints (such as e.g. umlauts). This lead to the previous code which
depended on the list of hashtags to not recognize a hashtag. Instead,
the `rel="tag"` microformat is recognized instead.
This makes the `htmlToMfm` wrapper function unnecessary so it was removed.
Changelog: Fixed
2022-12-02 19:31:57 +01:00
b4080d788d
slight refactoring & translating japanese
2022-12-02 19:00:58 +01:00
e49b8d0ef3
server: remove unnecessary apLogger aliases
2022-12-02 18:58:19 +01:00
7d3d0f858c
increment versions in package.json
2022-12-02 16:59:47 +01:00
5ec34577c0
update changelog
2022-12-02 16:59:35 +01:00
81d63720f2
server: fetch meta only once in skippedInstances
2022-12-02 09:26:14 -05:00
5e6b51094e
server: fix instance skipping
...
This should actually make instance skipping work properly since
shouldBlockInstance is now properly awaited on now.
2022-12-02 09:10:56 -05:00
9ad37a12f8
server: fix rendering of Follow activity when removing follow
...
closes FoundKeyGang/FoundKey#263
Changelog: Fixed
2022-12-01 21:49:38 +01:00
e10700a2be
Merge pull request 'server: add wildcard matching to blocked hosts' ( #260 ) from wildcard-block-v2 into main
...
Reviewed-on: FoundKeyGang/FoundKey#260
2022-12-01 20:12:18 +00:00
dc7533baa4
Merge pull request 'server: Add recursion limit to resolver' ( #261 ) from recursion-limit into main
...
Reviewed-on: FoundKeyGang/FoundKey#261
2022-12-01 20:11:40 +00:00
721a327192
fixup: remove unused import
2022-12-01 20:46:46 +01:00
936cbf900b
use default argument value
...
This unifies the style with the other function in that file and fixes
the lint "no-param-reassign".
2022-12-01 20:32:57 +01:00
bc62d0ba9f
client: update emoji list
...
This corrects the gender-specific variants in general, adds a few
missing ones, replaces names that are just Unicode codepoints with
actual names, and makes the keywords more consistent.
Some data for this was taken from the annotations in the Unicode
CLDR version 42.
Reviewed-on: FoundKeyGang/FoundKey#262
2022-12-01 20:10:14 +01:00
749015807a
client: also autocomplete flag emoji
...
Changelog: Changed
2022-12-01 20:08:55 +01:00
b3e34795c0
require punycode conversion beforehand for admins
2022-12-01 12:07:43 -05:00
a35c98bbd5
server: encode non-ascii domains in punycode in matchHost
2022-12-01 11:34:11 -05:00
075e251822
server: add wildcard matching to blocked hosts
...
This adds in wildcard matching. For instance:
- `*.bad.tld` will match: `very.bad.tld`
- `bad.*` will match: `bad.something`
- `*.bad.*` will match: `very.bad.evil`
Changelog: Changed
2022-12-01 11:29:02 -05:00
b030ced51c
docs: Replace references of misskey with foundkey in nginx guide
2022-12-01 04:50:30 -05:00
Derek Schmidt
11a6e706f4
server: Use shared resolver in featured and question accept
2022-12-01 04:40:14 -05:00
Derek Schmidt
d3af00a912
server: Add recursion limit to resolver
...
Changelog: Security
2022-12-01 04:40:07 -05:00
97288cb75f
docs: Make IRC stuff a proper subsection in install/migration guides
2022-12-01 00:32:24 -05:00
9c22d904bf
docs: Add IRC contact to migration guide
...
Makes it consistent with the install guide and helps users reach the appropriate place to get support.
2022-12-01 00:59:40 +00:00
2edb41adb1
docs: Update migration guide with additional info ( #257 )
...
Reviewed-on: FoundKeyGang/FoundKey#257
Co-authored-by: SuperDicq <info@jiyu.dev>
Co-committed-by: SuperDicq <info@jiyu.dev>
2022-12-01 00:41:56 +00:00
Weblate
a96fae65c2
Update translation files
...
Updated by "Cleanup translation files" hook in Weblate.
Update translation files
Updated by "Cleanup translation files" hook in Weblate.
Update translation files
Updated by "Cleanup translation files" hook in Weblate.
Update translation files
Updated by "Cleanup translation files" hook in Weblate.
Update translation files
Updated by "Cleanup translation files" hook in Weblate.
Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: http://translate.akkoma.dev/projects/foundkey/foundkey/
Translation: Foundkey/foundkey
2022-11-29 22:40:37 +00:00
e0777191da
chore: Remove serviceworker settings locale strings
...
As of commit 973bd4532b
the serviceworker
settings have been removed, meaning the corresponding strings are no longer
used.
2022-11-29 17:38:34 -05:00
973bd4532b
Merge pull request 'server: always enable push notifications' ( #235 ) from enable-push-notifs into main
...
Reviewed-on: FoundKeyGang/FoundKey#235
Changelog: Changed
2022-11-29 21:51:10 +00:00
13fda0c9c7
client: refactor emoji autocomplete & make case insensitive
...
Changelog: Changed
2022-11-29 21:13:20 +01:00
cdb8922336
client: make all unicode emoji names lowercase
2022-11-29 20:35:23 +01:00
5b574d40f9
client: use native Notifications API ( #234 )
...
Reviewed-on: FoundKeyGang/FoundKey#234
Changelog: Changed
2022-11-29 12:35:36 -05:00
Weblate
6efc3b7989
Update translation files
...
Updated by "Cleanup translation files" hook in Weblate.
Update translation files
Updated by "Cleanup translation files" hook in Weblate.
Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: http://translate.akkoma.dev/projects/foundkey/foundkey/
Translation: Foundkey/foundkey
2022-11-28 20:48:05 +00:00
76b2f6cfab
Translated using Weblate (French)
...
Currently translated at 100.0% (1385 of 1385 strings)
Co-authored-by: m33 <m33_akkomadev@tok715.net>
Translate-URL: http://translate.akkoma.dev/projects/foundkey/foundkey/fr/
Translation: Foundkey/foundkey
2022-11-28 20:48:04 +00:00
07370a3b84
client: put back button to remove all following
...
Changelog: Added
2022-11-28 21:47:17 +01:00
a6a4ae870d
chore: remove some unused locale strings
2022-11-28 19:41:22 +01:00
97233fab69
client: add link to weblate
2022-11-28 18:37:54 +01:00
Weblate
2876c5d76c
Update translation files
...
Updated by "Cleanup translation files" hook in Weblate.
Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: http://translate.akkoma.dev/projects/foundkey/foundkey/
Translation: Foundkey/foundkey
2022-11-28 17:03:20 +00:00