puniko/FoundKey
1
0
Fork 0
forked from FoundKeyGang/FoundKey
Code Issues Pull requests Projects Releases Packages Wiki Activity
21665 commits 11 branches 0 tags 108 MiB
Commit graph

21665 commits

This branch
This branch
All branches
Author SHA1 Message Date
Johann150
e2ce599aca
fix: properly supply resolver 2022-12-08 18:12:05 +01:00
Johann150
73870e85cd
client: make headlines in queue widget links 
The headlines "inbox queue" and "deliver queue" are now links to the
admin panel page about the queue.

Changelog: Changed
 2022-12-07 23:23:16 +01:00
Francis Dinh
350f21d955
server: fix typing for skippedInstances query 2022-12-07 16:41:34 -05:00
Francis Dinh
873e21f090
chore: update eslint 2022-12-07 16:27:53 -05:00
Francis Dinh
2afe54c121
eslint: allow backticks to avoid escaping single/double quotes 2022-12-07 16:27:39 -05:00
Johann150
501cf834c8
client: fix issue of search only working once 
closes FoundKeyGang/FoundKey#274

Changelog: Fixed
 2022-12-07 21:56:27 +01:00
Francis Dinh
b66f7550ab
server: auto-fix lints 2022-12-07 13:39:21 -05:00
Johann150
18664dbca3
server: add missing paren 
How did this not break yet?
 2022-12-07 18:29:04 +01:00
Johann150
0f3f42eb39
remove rndstr dependency 
This dependency was unused in the client.

The use of it in the server can be replaced entirely by the
secureRndstr function, with some slight modifications.

That function could probably be refactored a bit more as well.
 2022-12-07 18:08:09 +01:00
Johann150
71b976ec96
BREAKING: remove integrations 
The Discord, Github and Twitter integrations have been removed to reduce
complexity and because they were only used on very few instances.

Server admins that did disable this may want to revoke the OAuth client
registrations for their instance that they made on the respective service.

Changelog: Removed
 2022-12-07 17:16:14 +01:00
Andreas Nedbal
d3f1ad9a88 chore: remove unused packages 2022-12-06 23:18:27 +01:00
Andreas Nedbal
1aa3898db5 server: remove unused import 2022-12-06 23:12:45 +01:00
Andreas Nedbal
96c3744555 client: remove integration settings menu entry 2022-12-06 23:00:32 +01:00
Andreas Nedbal
b023741f50 server: remove integrations field from user 2022-12-06 23:00:08 +01:00
Andreas Nedbal
87e1e658f2 locales: remove integration-related locales 2022-12-06 22:03:34 +01:00
Andreas Nedbal
7e8d5c3b79 foundkey-js: remove integration fields from instance type 2022-12-06 21:52:16 +01:00
Andreas Nedbal
c785fbab6e client: remove integration signin options 2022-12-06 21:51:01 +01:00
Andreas Nedbal
547a1f81d4 client: remove integration settings 2022-12-06 21:50:34 +01:00
Andreas Nedbal
95384d0bb2 client: remove integration admin settings 2022-12-06 21:50:20 +01:00
Andreas Nedbal
4cc5b734e7 activitypub: remove integration fields from person and nodeinfo 2022-12-06 21:49:19 +01:00
Andreas Nedbal
5d32872999 server: remove integration API routes 2022-12-06 21:48:31 +01:00
Andreas Nedbal
b4b1204f77 server: remove integration-related fields from meta 2022-12-06 21:47:59 +01:00
Norm
c1a51547a9 BREAKING: server: remove wildcard blocking and instead block subdomains (#269) 
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: FoundKeyGang/FoundKey#269
Changelog: Changed
 2022-12-05 17:55:38 +00:00
Chloe Kudryavtsev
4e74d26e45 backend: fix ratelimit typo 
Changelog: Fixed
 2022-12-05 15:49:33 +01:00
Johann150
a421dd401c
activitypub: refactor to always apply recursion limit 
Refactor to remove as many "new Resolver" as possible.
 2022-12-04 21:11:44 +01:00
Johann150
c4211761e6
server: refactor resolveSelf to just return the webfinger href 
Since the href seems to be the only attribute that is used, and I didn't
want to add a full type definition this was the easier option.
 2022-12-04 21:11:43 +01:00
Johann150
03b673165f
server: refactor "authUser" functions into separate file 
They did not really fit into the DbResolver because they may fetch data
from remote instances even though DbResolver is only supposed to access
the database.
 2022-12-04 21:11:35 +01:00
Johann150
de18c8306d
server: fix token-permissions migration 
The table that is affected here was not properly purged of old entries. It only holds
data that is needed while a 3rd party authorization is in progress but not finished.

The code that typeorm generated for this migration is a bit wonky because it should
probably have dropped one column and created another one. But if we clear out all entries
it should work regardless and I'm feeling lazy right now. :P
 2022-12-04 19:05:02 +01:00
Johann150
38df8dc734
client: set display name limit same as server 
Changelog: Fixed
 2022-12-04 15:35:43 +01:00
Johann150
11e4a8cb9b
remove erroneous space 2022-12-04 15:34:05 +01:00
Johann150
d1e0d79c19
client: unify different error dialogs 
Changelog: Fixed
 2022-12-04 14:27:53 +01:00
Johann150
946e862ecd
server: implement OAuth 2.0 Authorization Code grant 
Changelog: Added
Reviewed-on: FoundKeyGang/FoundKey#205
 2022-12-04 14:06:36 +01:00
Johann150
97052b1f61
server: refactor fromHtml attribute handling 
Also try to recognize owncast hashtag links.
 2022-12-04 03:43:22 +01:00
Johann150
cda9197700
server: increase nodeinfo caching 
Changelog: Changed
 2022-12-04 03:26:50 +01:00
Chloe Kudryavtsev
2dde8273e2 implement separate web workers 
Reviewed-on: FoundKeyGang/FoundKey#252
 2022-12-03 13:33:23 +00:00
Johann150
7924d5d01b add oauth documentation 2022-12-03 10:38:33 +00:00
Johann150
de927e1f30 server: handle invalid URLs in comparison 2022-12-03 10:38:33 +00:00
Johann150
bdcec2b8a7 server: implement OAuth discovery (RFC 8414) 2022-12-03 10:38:33 +00:00
Johann150
5291f29581 implement OAuth PKCE 
This implements Proof Key for Code Exchange a.k.a. RFC 7636.
 2022-12-03 10:38:33 +00:00
Johann150
15b3ab6d13 check redirect URIs 2022-12-03 10:38:33 +00:00
Johann150
79e3c20189 server: allow to grant tokens with more restricted privileges 
This also simplifies API authentication a bit by not having to fetch
the App that is related to a token.

The restriction of 1 token per app is also lifted. This was not a
constraint in the database but it was enforced by the code and
kinda wrong schema the auth_session table had.
 2022-12-03 10:38:32 +00:00
Johann150
2f2e6a58a4 docs: read scope descriptions from locale strings 2022-12-03 10:38:32 +00:00
Johann150
c5568cfdf3 client: fix auth page layout 
This also includes better rendering when no permissions are requested.

Also removed the app's id from the page as it makes no sense to show
this to a user.

Changelog: Fixed
 2022-12-03 10:38:32 +00:00
Johann150
c65fdebe26 server: add missing auth/deny endpoint 
This endpoint is hinted at in the client, but is not actually defined
in the backend. This commit defines it.
 2022-12-03 10:38:32 +00:00
Johann150
418c88bb8f expire AuthSessions after 15 min 2022-12-03 10:38:32 +00:00
Johann150
2b19b34196 update OpenAPI docs to OAuth 2022-12-03 10:38:32 +00:00
Johann150
7db7fdd9e2 add API route for OAuth access token retrieval 2022-12-03 10:38:32 +00:00
Johann150
a13e956af0 make authorization token granting OAuth 2.0 compatible 
This is basically a shim on top of the existing API.
Instead of the 3rd party, the web UI generates the authorization session.

The data that the API returns is slightly adjusted so that only one
API call is necessary instead of two.
 2022-12-03 10:38:32 +00:00
Francis Dinh
18cf228f89
server: readd "fetch meta only once in skippedInstances"" 
This reverts commit e446a11bb7.

Turns out this wasn't really the source of the referenced issue and
someone was able to run with the original commit fine, so adding this
back for now.
 2022-12-03 05:13:30 -05:00
Francis Dinh
bdf2e14a73
server: fix TypeError in registerOrFetchInstanceDoc 
Changelog: Fixed
 2022-12-03 04:01:51 -05:00