87e1e658f2
locales: remove integration-related locales
2022-12-06 22:03:34 +01:00
7e8d5c3b79
foundkey-js: remove integration fields from instance type
2022-12-06 21:52:16 +01:00
c785fbab6e
client: remove integration signin options
2022-12-06 21:51:01 +01:00
547a1f81d4
client: remove integration settings
2022-12-06 21:50:34 +01:00
95384d0bb2
client: remove integration admin settings
2022-12-06 21:50:20 +01:00
4cc5b734e7
activitypub: remove integration fields from person and nodeinfo
2022-12-06 21:49:19 +01:00
5d32872999
server: remove integration API routes
2022-12-06 21:48:31 +01:00
b4b1204f77
server: remove integration-related fields from meta
2022-12-06 21:47:59 +01:00
c1a51547a9
BREAKING: server: remove wildcard blocking and instead block subdomains ( #269 )
...
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: FoundKeyGang/FoundKey#269
Changelog: Changed
2022-12-05 17:55:38 +00:00
4e74d26e45
backend: fix ratelimit typo
...
Changelog: Fixed
2022-12-05 15:49:33 +01:00
a421dd401c
activitypub: refactor to always apply recursion limit
...
Refactor to remove as many "new Resolver" as possible.
2022-12-04 21:11:44 +01:00
c4211761e6
server: refactor resolveSelf to just return the webfinger href
...
Since the href seems to be the only attribute that is used, and I didn't
want to add a full type definition this was the easier option.
2022-12-04 21:11:43 +01:00
03b673165f
server: refactor "authUser" functions into separate file
...
They did not really fit into the DbResolver because they may fetch data
from remote instances even though DbResolver is only supposed to access
the database.
2022-12-04 21:11:35 +01:00
de18c8306d
server: fix token-permissions migration
...
The table that is affected here was not properly purged of old entries. It only holds
data that is needed while a 3rd party authorization is in progress but not finished.
The code that typeorm generated for this migration is a bit wonky because it should
probably have dropped one column and created another one. But if we clear out all entries
it should work regardless and I'm feeling lazy right now. :P
2022-12-04 19:05:02 +01:00
38df8dc734
client: set display name limit same as server
...
Changelog: Fixed
2022-12-04 15:35:43 +01:00
11e4a8cb9b
remove erroneous space
2022-12-04 15:34:05 +01:00
d1e0d79c19
client: unify different error dialogs
...
Changelog: Fixed
2022-12-04 14:27:53 +01:00
946e862ecd
server: implement OAuth 2.0 Authorization Code grant
...
Changelog: Added
Reviewed-on: FoundKeyGang/FoundKey#205
2022-12-04 14:06:36 +01:00
97052b1f61
server: refactor fromHtml attribute handling
...
Also try to recognize owncast hashtag links.
2022-12-04 03:43:22 +01:00
cda9197700
server: increase nodeinfo caching
...
Changelog: Changed
2022-12-04 03:26:50 +01:00
2dde8273e2
implement separate web workers
...
Reviewed-on: FoundKeyGang/FoundKey#252
2022-12-03 13:33:23 +00:00
7924d5d01b
add oauth documentation
2022-12-03 10:38:33 +00:00
de927e1f30
server: handle invalid URLs in comparison
2022-12-03 10:38:33 +00:00
bdcec2b8a7
server: implement OAuth discovery (RFC 8414)
2022-12-03 10:38:33 +00:00
5291f29581
implement OAuth PKCE
...
This implements Proof Key for Code Exchange a.k.a. RFC 7636.
2022-12-03 10:38:33 +00:00
15b3ab6d13
check redirect URIs
2022-12-03 10:38:33 +00:00
79e3c20189
server: allow to grant tokens with more restricted privileges
...
This also simplifies API authentication a bit by not having to fetch
the App that is related to a token.
The restriction of 1 token per app is also lifted. This was not a
constraint in the database but it was enforced by the code and
kinda wrong schema the auth_session table had.
2022-12-03 10:38:32 +00:00
2f2e6a58a4
docs: read scope descriptions from locale strings
2022-12-03 10:38:32 +00:00
c5568cfdf3
client: fix auth page layout
...
This also includes better rendering when no permissions are requested.
Also removed the app's id from the page as it makes no sense to show
this to a user.
Changelog: Fixed
2022-12-03 10:38:32 +00:00
c65fdebe26
server: add missing auth/deny endpoint
...
This endpoint is hinted at in the client, but is not actually defined
in the backend. This commit defines it.
2022-12-03 10:38:32 +00:00
418c88bb8f
expire AuthSessions after 15 min
2022-12-03 10:38:32 +00:00
2b19b34196
update OpenAPI docs to OAuth
2022-12-03 10:38:32 +00:00
7db7fdd9e2
add API route for OAuth access token retrieval
2022-12-03 10:38:32 +00:00
a13e956af0
make authorization token granting OAuth 2.0 compatible
...
This is basically a shim on top of the existing API.
Instead of the 3rd party, the web UI generates the authorization session.
The data that the API returns is slightly adjusted so that only one
API call is necessary instead of two.
2022-12-03 10:38:32 +00:00
18cf228f89
server: readd "fetch meta only once in skippedInstances""
...
This reverts commit e446a11bb7
.
Turns out this wasn't really the source of the referenced issue and
someone was able to run with the original commit fine, so adding this
back for now.
2022-12-03 05:13:30 -05:00
bdf2e14a73
server: fix TypeError in registerOrFetchInstanceDoc
...
Changelog: Fixed
2022-12-03 04:01:51 -05:00
c5cf167ffa
server: fix ReferenceError: meta is undefined
...
Ref: e446a11bb7
Changelog: Fixed
2022-12-03 02:18:08 -05:00
e446a11bb7
Revert "server: fetch meta only once in skippedInstances"
...
This reverts commit 81d63720f2
since it
seems to cause a ReferenceError for some reason.
Ref: https://toot.site/@jeder/109447151582516733
2022-12-03 02:13:18 -05:00
5b6b2b214d
Translated using Weblate (German)
...
Currently translated at 100.0% (1214 of 1214 strings)
Co-authored-by: Johann <johann@qwertqwefsday.eu>
Translate-URL: http://translate.akkoma.dev/projects/foundkey/foundkey/de/
Translation: Foundkey/foundkey
2022-12-02 21:17:39 +00:00
194fff3603
activitypub: hashtags no longer displaying as links
...
Some hashtags sent from Mastodon were erroneously displayed as links.
This is because Mastodon seems to mangle hashtags containing non-ASCII
codepoints (such as e.g. umlauts). This lead to the previous code which
depended on the list of hashtags to not recognize a hashtag. Instead,
the `rel="tag"` microformat is recognized instead.
This makes the `htmlToMfm` wrapper function unnecessary so it was removed.
Changelog: Fixed
2022-12-02 19:31:57 +01:00
b4080d788d
slight refactoring & translating japanese
2022-12-02 19:00:58 +01:00
e49b8d0ef3
server: remove unnecessary apLogger aliases
2022-12-02 18:58:19 +01:00
7d3d0f858c
increment versions in package.json
2022-12-02 16:59:47 +01:00
5ec34577c0
update changelog
2022-12-02 16:59:35 +01:00
81d63720f2
server: fetch meta only once in skippedInstances
2022-12-02 09:26:14 -05:00
5e6b51094e
server: fix instance skipping
...
This should actually make instance skipping work properly since
shouldBlockInstance is now properly awaited on now.
2022-12-02 09:10:56 -05:00
9ad37a12f8
server: fix rendering of Follow activity when removing follow
...
closes FoundKeyGang/FoundKey#263
Changelog: Fixed
2022-12-01 21:49:38 +01:00
e10700a2be
Merge pull request 'server: add wildcard matching to blocked hosts' ( #260 ) from wildcard-block-v2 into main
...
Reviewed-on: FoundKeyGang/FoundKey#260
2022-12-01 20:12:18 +00:00
dc7533baa4
Merge pull request 'server: Add recursion limit to resolver' ( #261 ) from recursion-limit into main
...
Reviewed-on: FoundKeyGang/FoundKey#261
2022-12-01 20:11:40 +00:00
721a327192
fixup: remove unused import
2022-12-01 20:46:46 +01:00