Commit graph

742 commits

Author SHA1 Message Date
5291f29581 implement OAuth PKCE
This implements Proof Key for Code Exchange a.k.a. RFC 7636.
2022-12-03 10:38:33 +00:00
15b3ab6d13 check redirect URIs 2022-12-03 10:38:33 +00:00
79e3c20189 server: allow to grant tokens with more restricted privileges
This also simplifies API authentication a bit by not having to fetch
the App that is related to a token.

The restriction of 1 token per app is also lifted. This was not a
constraint in the database but it was enforced by the code and
kinda wrong schema the auth_session table had.
2022-12-03 10:38:32 +00:00
2f2e6a58a4 docs: read scope descriptions from locale strings 2022-12-03 10:38:32 +00:00
c65fdebe26 server: add missing auth/deny endpoint
This endpoint is hinted at in the client, but is not actually defined
in the backend. This commit defines it.
2022-12-03 10:38:32 +00:00
418c88bb8f expire AuthSessions after 15 min 2022-12-03 10:38:32 +00:00
2b19b34196 update OpenAPI docs to OAuth 2022-12-03 10:38:32 +00:00
7db7fdd9e2 add API route for OAuth access token retrieval 2022-12-03 10:38:32 +00:00
a13e956af0 make authorization token granting OAuth 2.0 compatible
This is basically a shim on top of the existing API.
Instead of the 3rd party, the web UI generates the authorization session.

The data that the API returns is slightly adjusted so that only one
API call is necessary instead of two.
2022-12-03 10:38:32 +00:00
18cf228f89
server: readd "fetch meta only once in skippedInstances""
This reverts commit e446a11bb7.

Turns out this wasn't really the source of the referenced issue and
someone was able to run with the original commit fine, so adding this
back for now.
2022-12-03 05:13:30 -05:00
bdf2e14a73
server: fix TypeError in registerOrFetchInstanceDoc
Changelog: Fixed
2022-12-03 04:01:51 -05:00
e446a11bb7
Revert "server: fetch meta only once in skippedInstances"
This reverts commit 81d63720f2 since it
seems to cause a ReferenceError for some reason.

Ref: https://toot.site/@jeder/109447151582516733
2022-12-03 02:13:18 -05:00
194fff3603
activitypub: hashtags no longer displaying as links
Some hashtags sent from Mastodon were erroneously displayed as links.
This is because Mastodon seems to mangle hashtags containing non-ASCII
codepoints (such as e.g. umlauts). This lead to the previous code which
depended on the list of hashtags to not recognize a hashtag. Instead,
the `rel="tag"` microformat is recognized instead.

This makes the `htmlToMfm` wrapper function unnecessary so it was removed.

Changelog: Fixed
2022-12-02 19:31:57 +01:00
b4080d788d
slight refactoring & translating japanese 2022-12-02 19:00:58 +01:00
e49b8d0ef3
server: remove unnecessary apLogger aliases 2022-12-02 18:58:19 +01:00
7d3d0f858c
increment versions in package.json 2022-12-02 16:59:47 +01:00
81d63720f2
server: fetch meta only once in skippedInstances 2022-12-02 09:26:14 -05:00
5e6b51094e
server: fix instance skipping
This should actually make instance skipping work properly since
shouldBlockInstance is now properly awaited on now.
2022-12-02 09:10:56 -05:00
9ad37a12f8
server: fix rendering of Follow activity when removing follow
closes FoundKeyGang/FoundKey#263

Changelog: Fixed
2022-12-01 21:49:38 +01:00
e10700a2be Merge pull request 'server: add wildcard matching to blocked hosts' (#260) from wildcard-block-v2 into main
Reviewed-on: FoundKeyGang/FoundKey#260
2022-12-01 20:12:18 +00:00
721a327192
fixup: remove unused import 2022-12-01 20:46:46 +01:00
936cbf900b
use default argument value
This unifies the style with the other function in that file and fixes
the lint "no-param-reassign".
2022-12-01 20:32:57 +01:00
b3e34795c0
require punycode conversion beforehand for admins 2022-12-01 12:07:43 -05:00
a35c98bbd5
server: encode non-ascii domains in punycode in matchHost 2022-12-01 11:34:11 -05:00
075e251822
server: add wildcard matching to blocked hosts
This adds in wildcard matching. For instance:
- `*.bad.tld` will match: `very.bad.tld`
- `bad.*` will match: `bad.something`
- `*.bad.*` will match: `very.bad.evil`

Changelog: Changed
2022-12-01 11:29:02 -05:00
Derek Schmidt
11a6e706f4
server: Use shared resolver in featured and question accept 2022-12-01 04:40:14 -05:00
Derek Schmidt
d3af00a912
server: Add recursion limit to resolver
Changelog: Security
2022-12-01 04:40:07 -05:00
973bd4532b Merge pull request 'server: always enable push notifications' (#235) from enable-push-notifs into main
Reviewed-on: FoundKeyGang/FoundKey#235
Changelog: Changed
2022-11-29 21:51:10 +00:00
5733f127ca
backend: update re2 to 1.17.8
This should fix Node 19 compatibility.

Fixes: FoundKeyGang/FoundKey#238
2022-11-28 12:02:24 -05:00
8130a2a9b1
server: remove deeplIsPro setting
This setting is unnecessary because DeepL free keys can be detected
easily according to <https://www.deepl.com/docs-api/api-access/authentication/>:
> DeepL API Free authentication keys can be identified easily by the suffix ":fx"

Changelog: Removed
2022-11-27 12:12:56 +01:00
9fd23b5dae
server: remove quote urls, 3rd try
First try was 66a7c62342 but classList is
not in parse5 DOM. Second try was 7ee6a09cf2
but forgot the contents of this commit.
2022-11-27 09:30:51 +01:00
d0c504ec85
server: fix unknown variable in signin endpoint 2022-11-25 19:09:08 +01:00
062cba1b3c
server: fix undefined variable for instance actor 2022-11-25 19:05:37 +01:00
f817d45210
update eslint and typescript-eslint 2022-11-25 02:07:21 -05:00
b67799ad3f
BREAKING: Remove support for Node 16.x and upgrade to TypeScript 4.9
Now that Node 18 is the new LTS version of Node, it should be safe to
support ES2022 features. The install docs have already been updated to
recommend Node 18.x in 41a710854e.

This will break support on Node 16.x and earlier.

Also update TypeScript to 4.9 which contains various typechecking
improvements: https://devblogs.microsoft.com/typescript/announcing-typescript-4-9/

Ref: FoundKeyGang/FoundKey#238
Changelog: Changed
2022-11-25 02:07:21 -05:00
01fa4332c2
server: set vapid keys on initial setup 2022-11-21 22:30:34 +01:00
563f3672a9
server: always enable push notifications
The thing that previously presumably hindered this was that the VAPID
keys had to be set up. Previously admins had to do this, but this is a bad
idea for multiple reasons:
1) The meaning of "public key" and "private key" was not well documented
in the settings.
2) Giving out a private key over the API, even just for admins, sounds
like a bad idea.

Co-authored-by: Francis Dinh <normandy@biribiri.dev>
2022-11-21 22:00:53 +01:00
7ee6a09cf2
fix errors from quote string removal
The parse5 tree does not have the full DOM methods and attributes.
2022-11-21 19:43:56 +01:00
9e2553909e
server: use time constants 2022-11-20 23:15:40 +01:00
66a7c62342 activitypub: remove akkoma quote URLs
Changelog: Fixed
2022-11-20 20:48:15 +00:00
512351746f Merge pull request 'Add LibreTranslate support' (#224) from libretranslate into main
Reviewed-on: FoundKeyGang/FoundKey#224
Changelog: Added
2022-11-20 16:21:17 +00:00
kabo2468
b7f32be512
server: don't nyaize quoted lines
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
Changelog: Changed
2022-11-20 11:15:03 +01:00
aefb11959f
fix: translator settings on admin/meta endpoint 2022-11-20 10:37:50 +01:00
8cde66b8ac
backend: Add LibreTranslate support 2022-11-19 23:00:33 -05:00
7ffe2181a9
server: use host parameter in note search without elasticsearch
Changelog: Fixed
2022-11-19 17:33:27 +01:00
4183c429e6
server: rewrite skipped instances query in raw SQL
This should hopefully improve performance somewhat.

Reviewed-on: FoundKeyGang/FoundKey#230
Changelog: Changed
2022-11-18 22:02:47 +01:00
28aa440bcc
server: correctly await promises when updating server info
When not awaiting promises, truncating the table and inserting again
can sometimes not work due to race conditions.
2022-11-18 20:52:19 +01:00
71b3b5a60c backend: implement not forwarding block activities (#212)
Fixes FoundKeyGang/FoundKey#211

Commits pulled from https://github.com/misskey-dev/misskey/pull/7799

Changelog: Added
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Co-authored-by: Johann150 <johann.galle@protonmail.com>
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: FoundKeyGang/FoundKey#212
2022-11-17 21:24:38 +00:00
110c645a97 Merge pull request 'backend: fix activitypub.ts lints' (#236) from refactor/activitypub-ts into main
Reviewed-on: FoundKeyGang/FoundKey#236
2022-11-17 19:48:08 +00:00
ddeb5b25f1
translate comments in chart core 2022-11-17 20:23:17 +01:00