This should reduce the performance hit when adding large numbers of
instances to the deliver queue by making the check for suspended and
dead instances a bulk operation.
Changelog: Changed
Reviewed-on: FoundKeyGang/FoundKey#215
The UUIDs are no longer used for errors and all errors should now have
a descriptive message attached to them. Also, all errors should now have
the proper HTTP status code for a reply instead of the generic 400 and 500
response codes. Because the errors all have more specific error codes, the
"kind" of client or server is also abolished.
- Add a rate limit analogous to request-reset-password.
See also a0ef32f4f6.
- Delete an expired reset request if found.
- Return a proper error.
- Use time constants.
Changelog: Changed
Since you are also allowed to react to your own notes, it seems sensible
that you should be allowed to like your own gallery posts.
Analogous to commit 4c5aa9e538.
Changelog: Changed
`createdAt` in `insertNote` now will default to the current date.
Also refactor poll insert:
Instead of testing hasPoll, just do a null check on data.poll since it's
a more reliable indicator for whether a poll exists (and also tsc won't
complain about data.poll being possibly null).
This should also have better latency due to being a single query.
Furthermore, it's no longer a linear scan, since host is indexed.
Would be cool to simplify it further to a single query for blocks also...
Why exactly are blocks not in the db?
It works by having a day-long cache of
"when did we last successfully communicate with this instance?"
Anything over a specified threshold (1 month) will act as though the instance
is suspended - all outgoing jobs are dropped on processing.
The day-long cache is in place because the ordering is necessarily a
linear scan.
Once an instance comes back online, we will detect that is the case as soon as
we receive an activity from them (which will update the "last communicated at")
field.
Potential future TODOs:
* Improve the caching system, it's actually pretty inefficient as it is.
CacheBox with a call override?
* Think of ways to make it not-a-linear-scan, since the instances table can get
pretty big. It's around 4500 on toast cafe.
ChangeLog: Added
I'm not sure how it managed to work so far, but the function is the default
export, using the namespace like a function should not have worked,
maybe something under the hood was correcting it back
This is oriented on this paragraph from the AP spec:
> Additionally, if an object is addressed to the Public special collection,
> a server MAY deliver that object to all known sharedInbox endpoints
> on the network.
This makes it consistent with `outgoingAddressFamily`, reducing
potential confusion.
For compatibility reasons, numbers are still permitted for `redis.family`
with the following mapping:
- `dual` = `0`
- `ipv4` = `4`
- `ipv6` = `6`
Changelog: Changed
This adds a new optional `sourceLang` parameter to the `notes/translate`
endpoint. If not set, the old behaviour is used, else this sets the
`source_lang` parameter to the DeepL API call which makes it use the
source language specified instead of using autodetection.
Changelog: Changed
Ref: FoundKeyGang/FoundKey#33
HTTP GET parameters are not to be specified in the requestBody but in
the parameters. This commit fixes that although admittedly it is kind
of a bodge and not perfect, but it is a start.
Changelog: Fixed
Also remove the contributors list from about-foundkey (renamed from
about-misskey).
Some comments that referenced Misskey were also translated to English.
Closes: FoundKeyGang/FoundKey#141
GNU Social's follow request IDs are larger than the 128 character limit
of the follow_request.requestId column. This prevents follow requests
from GNU Social instances from being handled by Foundkey instances.
The solution is to make the requestId column larger.
Fixes FoundKeyGang/FoundKey#146
Turns out `getMany` doesn't work with the specific query used, so use
`getRawMany` instead.
Also fixup the predicate used in userInfo to use the correct field
names.
Exploiting this before should already have been rather difficult because you
would need to know or guess the notification's ID. It is also of relatively
low security impact.
Changelog: Fixed
In #134, the mention `MfmNode` handler was made async to allow the
mentionedUsers query to be used there. This however changed the return
type of that handler to be a `Promise`, causing a `TypeError` in
`appendChildren`.
This fixes the `TypeError` by making every handler and the `appendChildren`
function also async and awaiting on the processed children.
This also attempts to fix the types issue with handlers by casting to
the newly defined `HandlerFunc` type instead of to `any`.
The mentionedUsers query was being run on every post, regardless of
whether a mention was in it or not.
This resulted in an SQL query ending in `WHERE userId IN ()` which is
not allowed in PostgreSQL.
Reference: FoundKeyGang/FoundKey#132
Changelog: Fixed
The column mentionedRemoteUsers on the note table in the database is
firstly in the wrong type since it contains JSON data but is typed as
text. Secondly it seems redundant, since that data can be acquired by
using the note.mentions column to fetch the respective data instead.
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Removed the misc/get-note-html module which was only used in one place.
Instead of it, the general MFM to HTML functionality has been improved to
take care of the use cases of that module as well.
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
This isn't being used anymore since
4e41fa8767.
In any case, age calculation really doesn't need to involve a 3rd party
library.
Ref: FoundKeyGang/FoundKey#90
This version of multer contains a fix for
CVE-2022-24434 which affects a transitive dependency.
> This affects all versions of package dicer. A malicious attacker can
> send a modified form to server, and crash the nodejs service. An
> attacker could sent the payload again and again so that the service
> continuously crashes.
Ref: https://nvd.nist.gov/vuln/detail/CVE-2022-24434
This flag means to hide warnings which is not generally desirable.
Even if warnings do not affect the end result of running CI it would
still be nice to be able to see the warnings when running the lints
normally or in CI.
This API endpoint is not working correctly and can cause unintended data loss:
It may remove emojis that have been imported from other instances.
See also https://github.com/misskey-dev/misskey/issues/8222
There was some code to detect if a note is a quote renote. However this
code was unused and it seems the kind of reversed detection of checking
if something is a pure renote is more useful.
Instead of packing the note for public user before passing it to
streams, the note is now either packed for the user the respective
stream belongs to (`mainStream`) or not packed at all and then packed
later (`notesStream`).
Because this is a new common task between different channels, a shared
implementation of packing a note from notesStream is created. This
implementation will simply skip a note if it is not visible to the user
that the channel belongs to.
Instead of just hiding specific fields, the entire note is hidden. This means
that metadata of the note such as who is the author, when was it sent are
completely hidden.
Instead of putting the URL in the report text, it is stored separately
so that users do not accidentally change or remove it.
This way it can easily be used when forwarding reports to different
instances to tell them what exactly was reported.
These two URLs are static so there is no reason to keep them in the
database. They are also not even used anywhere by the API, so they can
also be removed from there.
Where they are used is in the nodeinfo, where they are now hardcoded.
While editing the nodeinfo, also uncommented nodeinfo version 2.1.
Although these are configurable, there seems to be no benefit of being
able to configure these. The expected use of configuration methods other
than "aid" is expected to be low.
* fix: muted user query also checks instances
This way it can be ensured that the instance mute is used everywhere it
is required without checking the whole codebase again. Muted users and
muted instances should be used together anyways.
* fix lint
* reuse single meId parameter
* unify code style
Use template string to avoid having to use escaped quote marks.
* fix: follower only notes are visible to mentioned users
This synchronizes the visibility rules with the Notes.isVisibleForMe
method from packages/backend/src/models/repositories/note.ts
* add comment
* docs: category & description for reset password
* docs: category & description for testing
* docs: descriptions for groups endpoints
* docs: descriptions for drive file endpoints
* docs: descriptions for sw endpoints
* docs: descriptions for user list endpoints
* docs: descriptions & result type for gallery posts
* docs: descriptions & result type for user endpoints
* docs: add return type for stats
* add id for activitypub follows
* fix lint
* fix: follower must be local, followee must be remote
Misskey will only use ActivityPub follow requests for users that are local
and are requesting to follow a remote user. This check is to ensure that
this endpoint can not be used by other services or instances.
* fix: missing import
* render block with id
* fix comment
* refactor: parseUri types and checks
The type has been refined to better represent what it actually is. Uses of
parseUri are now also checking the parsed object type before resolving.
* cannot resolve URLs with fragments
* also take remaining part of URL into account
Needed for parsing the follows URIs.
* Resolver uses DbResolver for local
* remove unnecessary use of DbResolver
Using DbResolver would mean that the URL is parsed and handled again.
This duplicated processing can be avoided by querying the database directly.
* fix missing property name
Ensure that the _misskey_content attribute will always exist. Because
the API endpoint does not require the existence of the `text` field,
that field may be `undefined`. By using `?? null` it can be ensured
that the value is at least `null`.
Furthermore, the rendered HTML of a note with empty text will also be
the empty string. From git blame it seems that this behaviour was added
because of a Mastodon bug that might have previously existed. Hoever,
this seems to be no longer the case as I can find mastodon posts that
have empty content.
The code could be made a bit more succinct by using the null coercion
operator.
* add more user details for admins to see
* fix some issues
* small style fix
as suggested by Johann150
Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
* fix
Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
* remove unnecessary if
`Array.prototype.some` already returns a boolean so an if to return
true or false is completely unnecessary in this case.
* perf: use count instead of find
When using `count` instead of `findOneBy`, the data is not
unnecessarily loaded.
* remove duplicate null check
The variable is checked for null in the lines above and the function
returns if so. Therefore, it can not be null at this point.
* simplify `getJsonSchema`
Because the assigned value is `null` and the used keys are only
shallow, use of `nestedProperty.set` seems inappropriate. Because the
value is not read, the initial for loop can be replaced by a `for..in`
loop.
Since all keys will be assigned `null`, the condition of the ternary
expression in the nested function will always be true. Therefore the
recursion case will never happen. With this the nested function can be
eliminated.
* remove duplicate condition
The code above already checks `dragging` and returns if it is truthy.
Checking it again later is therefore unnecessary.
To make this more obvious the `return` is removed in favour of using
an if...else construct.
* remove impossible "unknown" time
The `ago` variable will always be a number and all non-negative numbers
are already covered by other cases, the negative case is handled with
`future` so there is no case when `unkown` could be achieved.
* enhance: rate limit works without signed in user
* fix: make limit key required for limiter
As before the fallback limiter key will be set from the endpoint name.
* enhance: use limiter for signin
* Revert "CAPTCHA求めるのは2fa認証が無効になっているときだけにした"
This reverts commit 02a43a310f.
* Revert "feat: make captcha required when signin to improve security"
This reverts commit b21b058005.
* fix undefined reference
* fix: better error message
* enhance: only handle prefix of IPv6
Misskey does not know if two remote users are following each other.
Because ActivityPub actions would otherwise fail on followers only
notes, we have to assume that two remote users are following each other
when an interaction about a remote note occurs.
* simplify temporary files for thumbnails
Because only a single file will be written to the directory, creating a
separate directory seems unnecessary. If only a temporary file is created,
the code from `createTemp` can be reused here as well.
* refactor: deduplicate code for temporary files/directories
To follow the DRY principle, the same code should not be duplicated
across different files. Instead an already existing function is used.
Because temporary directories are also create in multiple locations,
a function for this is also newly added to reduce duplication.
* fix: clean up identicon temp files
The temporary files for identicons are not reused and can be deleted
after they are fully read. This condition is met when the stream is closed
and so the file can be cleaned up using the events API of the stream.
* fix: ensure cleanup is called when download fails
* fix: ensure cleanup is called in error conditions
This covers import/export queue jobs and is mostly just wrapping all
code in a try...finally statement where the finally runs the cleanup.
* fix: use correct type instead of `any`
* enhance: make theme color format uniform
All newly fetched instance theme colors will be uniformely formatted
as hashtag followed by 6 hexadecimal digits.
Colors are checked for validity and invalid colors are not handled.
* better input validation for own theme color
* migration to unify theme color formats
Fixes theme colors of other instances as well as the local instance.
* add changelog entry
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>