Commit graph

481 commits

Author SHA1 Message Date
27c56a4dcc Merge pull request 'security: update multer to 1.4.5-lts.1' (#69) from fix/multer-security into main
Reviewed-on: FoundKeyGang/FoundKey#69
2022-08-18 17:39:33 +00:00
b137a39160
merge: remove promo notes
FoundKeyGang/FoundKey#62
2022-08-18 14:26:48 +02:00
f30e02dc73 security: update multer to 1.4.5-lts.1
This version of multer contains a fix for
CVE-2022-24434 which affects a transitive dependency.

> This affects all versions of package dicer. A malicious attacker can
> send a modified form to server, and crash the nodejs service. An
> attacker could sent the payload again and again so that the service
> continuously crashes.

Ref: https://nvd.nist.gov/vuln/detail/CVE-2022-24434
2022-08-18 01:37:39 -04:00
f0bdd9666f
remove empty import statements 2022-08-14 12:26:18 +02:00
c8afce6b2c
fix blocking of remote accounts
The property name was misspelled.
2022-08-14 11:33:08 +02:00
e028a852f6
remove more code referencing promo notes 2022-08-12 19:39:48 +02:00
c7bf29fd49 Remove promo entities and endpoints 2022-08-11 23:13:09 +02:00
6ce4b3fe2f
fix some lints
Many of these were fixed automatically with eslint --fix.

Some of them (e.g. adding return types to functions) were done manually.
2022-08-11 00:09:29 +02:00
961fb0d2df
fix: use correct variable
Fixes an error introduced in commit 7a80015225.
2022-08-10 23:59:35 +02:00
7a80015225
fix lint "no-param-reassign" 2022-08-10 16:36:54 +02:00
09a7eabda1
backend: fix lint "no-throw-literal" 2022-08-04 11:00:02 +02:00
e2bf2715a6
fix spelling error 2022-08-04 10:20:48 +02:00
a3a3cb7258
remove --quiet flag from eslint
This flag means to hide warnings which is not generally desirable.
Even if warnings do not affect the end result of running CI it would
still be nice to be able to see the warnings when running the lints
normally or in CI.
2022-08-04 00:20:59 +02:00
c8f49bae76
fix lint "object-shorthand" 2022-08-03 14:58:24 +02:00
37e47a257e
fix lints "import/order" and "import/no-duplicate"
Also simplified some import paths by replacing relative with absolute paths.
2022-08-03 14:05:50 +02:00
bc1c66e16e
remove admin/drive/cleanup API
This API endpoint is not working correctly and can cause unintended data loss:
It may remove emojis that have been imported from other instances.

See also https://github.com/misskey-dev/misskey/issues/8222
2022-08-03 11:00:48 +02:00
2fa90e7f43
fix lints in backend boot 2022-08-03 00:18:31 +02:00
a6df127d3b
fix lint "quotes" 2022-08-02 23:25:36 +02:00
fbcea23ef6
fix ReferenceError in renote.ts 2022-08-02 21:23:16 +02:00
ec4fe55acf
refactor: reusable function for pure renote detection
There was some code to detect if a note is a quote renote. However this
code was unused and it seems the kind of reversed detection of checking
if something is a pure renote is more useful.
2022-08-01 00:05:10 +02:00
b7c0e26da9
fix: lint error in create.ts 2022-07-28 13:19:47 -04:00
40d9aa6219
API: visiblity cannot be less restrictive
Removed a now unnecessary provision from services/note/create as well.
2022-07-28 15:23:08 +02:00
bf16b3699e
fix: packing app includes description 2022-07-28 11:59:10 +02:00
233c39dbad
fix lints 2022-07-27 08:16:52 +02:00
Chloe Kudryavtsev
0f6d94f1e7 backend: improve mutes and blocks
Mutes and blocks now also apply recursively to replies and renotes.
Furthermore, any mentioned user being muted or blocked will also apply.
2022-07-26 08:12:49 -04:00
63c8992cb8
Add semicolon to children.ts 2022-07-25 22:07:23 -04:00
4bc9610d8b
remove unnecessary joins
These joins are no longer necessary as of commit
c35372a20d. It seems they are bad enough
for performance to break installs.
2022-07-25 21:46:45 +02:00
9ee609d700
Merge: enhance privacy of notes
FoundKeyGang/FoundKey#14
2022-07-25 18:15:21 +02:00
c35372a20d
pack children without detail 2022-07-25 16:41:47 +02:00
aca724e0bf
enable to fetch replies recursively 2022-07-25 16:41:46 +02:00
aba5b27159
remove legacy permission parsing 2022-07-24 11:45:37 +02:00
3fe351df6d
fix: catch errors from packing with detail
Packing with detail can cause an error if the reply or renote
are not visible to the user, even though the original note is
visible to the user.
2022-07-23 22:28:41 +02:00
b630cd7eac
refactor: add NoteReactions.packMany 2022-07-23 22:28:40 +02:00
6775028b1e
adjust tests 2022-07-23 22:28:40 +02:00
128d0f0d4e
remove isHidden and its uses
The `isHidden` attribute is not being set any more and is thus removed.
Handling in the client is no longer necessary.
2022-07-23 22:28:39 +02:00
cfa371b52b
refactor: remove note re-packing in streaming API
Instead of packing the note for public user before passing it to
streams, the note is now either packed for the user the respective
stream belongs to (`mainStream`) or not packed at all and then packed
later (`notesStream`).

Because this is a new common task between different channels, a shared
implementation of packing a note from notesStream is created. This
implementation will simply skip a note if it is not visible to the user
that the channel belongs to.
2022-07-23 22:27:29 +02:00
c6192ac95a
fix: handle exception in note favorites 2022-07-23 22:27:29 +02:00
2486eff747
packing notes not visible to user raises an error
Instead of just hiding specific fields, the entire note is hidden. This means
that metadata of the note such as who is the author, when was it sent are
completely hidden.
2022-07-23 22:27:29 +02:00
3c6d9cc8ab
use getNote instead of Notes.find
If a note is not visible to the requesting user, an error will be raised.
2022-07-23 22:27:28 +02:00
97edaca351
getNote checks visibility
Raise an error When a note is not visible to the requesting user.
2022-07-23 22:27:14 +02:00
f3e196528f
Merge bearer-authentication
foundKeyGang/foundKey#15
2022-07-20 15:10:47 +02:00
6060e7d220
enhance: better rendering of reports
Passing the report object reduces the number of parameters to be passed.
2022-07-19 17:18:19 +02:00
fc51ac17b1
fix: remove unnecessary null check
Because `findOneByOrFail` is used above, the null check is unnecessary.
2022-07-19 17:18:19 +02:00
d92d389cda
extract note URLs from Activity 2022-07-19 17:18:18 +02:00
9ca504784a
keep URL of reported object separate
Instead of putting the URL in the report text, it is stored separately
so that users do not accidentally change or remove it.

This way it can easily be used when forwarding reports to different
instances to tell them what exactly was reported.
2022-07-19 17:18:18 +02:00
1ec756519e
fix: move forwarded attribute to output 2022-07-19 17:18:15 +02:00
ff75382af3
handle authentication errors in stream API 2022-07-18 23:32:03 +02:00
660f6dba30
update openapi spec generator 2022-07-18 23:11:48 +02:00
edac21e8f7
improve authentication errors 2022-07-18 23:11:48 +02:00
91bdab1a9d
add OAuth 2.0 Bearer Token authentication 2022-07-18 23:11:39 +02:00