Commit graph

1069 commits

Author SHA1 Message Date
1adf88b090
fixup: OpenGraph data generation
This is a fixup for commits 39fb7e5946 and be30e70344.
2023-02-04 16:44:30 +01:00
28c11ca7af
refactor isPureRenote to foundkey-js 2023-02-04 16:42:36 +01:00
9458045c8f
server: refactor note/renote rendering to separate file 2023-02-04 15:32:25 +01:00
a8c0e1f827
fix migration for note.url unique index
fixes FoundKeyGang/FoundKey#331

Co-authored-by: Johann150 <johann.galle@protonmail.com>
2023-02-04 11:03:29 +01:00
85a68a5eee
activitypub: properly render CW only quotes
Changelog: Fixed
2023-02-04 00:27:43 +01:00
ca257d7d0c
server: remove application level websocket ping
Changelog: Removed
2023-02-03 11:48:46 +01:00
30c26abde7
server: add websocket ping mechanism
fixes FoundKeyGang/FoundKey#336

Changelog: Fixed
2023-02-03 11:47:54 +01:00
17324e1e94
server: add unique constraint for registry items
fixes FoundKeyGang/FoundKey#335
2023-02-03 00:27:33 +01:00
8b98c9f2f4
server: remove unused 'domain' column 2023-02-02 23:29:24 +01:00
be30e70344
server: add more OpenGraph data, remove custom misskey meta tags
Changelog: Changed
2023-02-01 23:18:10 +01:00
39fb7e5946
server: improve OpenGraph data for note attachments
With this change, not all files will be proclaimed to be image files. Only
images, videos and audio files will be represented with OpenGraph data.

More properties for these files will also be represented, e.g. image alt text.

However, if the note has a CW or any of the files are marked sensitive, none
of the files will be used.

The users profile picture will not be used any more.

Changelog: Changed
2023-02-01 22:53:32 +01:00
75b14124f2
server: improve variable naming 2023-02-01 11:30:53 +01:00
7480e27c0c
server: remove twitter links from HTML templates
Since the twitter integration has been removed, this will never be true
and can therefore be removed.
2023-02-01 11:27:27 +01:00
2d32bc33d7
server: fix error for invalid URLs in profile fields
Co-authored-by: Chloe Kudryavtsev <code@code.bunkerlabs.net>
2023-01-30 19:24:15 +01:00
bb3ec8bafe Revert "server: fix user deletion race condition"
This reverts commit cc83cbe523, reversing
changes made to 8abd3ebec7.

This changeset contains:
* multiple type errors
* a foreign key incompatibility
* breaks outgoing note federation (in at least two ways)
2023-01-30 14:59:24 +01:00
cc83cbe523
server: fix user deletion race condition
Changelog: Fixed
Ref: https://github.com/misskey-dev/misskey/issues/7506
2023-01-29 12:53:29 +01:00
36031c083a
docs: adjust parameters for v2 methods other than POST 2023-01-26 13:34:13 +01:00
05f8172ce9
docs: describe /ap/ endpoints 2023-01-26 13:25:50 +01:00
151053897d
server: lower rate limit for deletion activities
Changelog: Changed
2023-01-26 13:25:50 +01:00
95a9027a66
docs: show rate limit information
Changelog: Added
2023-01-26 13:25:49 +01:00
57cf6c7163
server: indicate Retry-After when rate limiting
This refactors the rate limiting code to throw an ApiError directly.

Changelog: Added
2023-01-26 08:37:07 +01:00
9b76c805ec
fix: DriveFile folder & user undefined instead of null when unrequested 2023-01-25 22:14:53 +01:00
21b20920c2
docs: use endpoint stability to mark endpoints deprecated 2023-01-23 20:13:17 +01:00
e7644eb757
server: add index to human readable URL 2023-01-23 19:58:07 +01:00
66ec875624
server: also search human readable URL
Changelog: Fixed
2023-01-23 18:09:04 +01:00
78f5ca3792
server: fix empty array in quote detection 2023-01-22 21:47:02 +01:00
c792e4199c
server: add missing return in extractQuoteUrl 2023-01-22 21:42:49 +01:00
afa4094050
BREAKING: Remove galleries
Existing gallery posts will be made into normal notes.
If a user has gallery posts, a clip with all gallery posts will be created.

Changelog: Removed
2023-01-22 20:18:57 +01:00
c4b5952788
migrate galleries to notes/clips 2023-01-22 19:44:39 +01:00
5893a44ff5
server: parse quote tag syntax
Ref: FEP-e232
2023-01-17 21:45:57 +01:00
9bdf24d3a5
enhance: add tag for quotes
Ref: FEP-e232
2023-01-17 21:45:49 +01:00
2bbb85b472
backend: remove galleries 2023-01-16 18:53:57 +01:00
7170b86724
fixup: websocket data parsing + logger 2023-01-14 13:22:09 +01:00
3d2cfc075a
fixup: actually check whether the group joining is from the user 2023-01-13 21:55:14 +01:00
1319dc93d9
server: switch websocket to ws 2023-01-11 23:57:37 +01:00
ee2fa2e0be
fixup: import 2023-01-10 20:35:03 +01:00
57d1af1117
remove default export in streaming API 2023-01-10 20:30:47 +01:00
8c2b7e20b2
translating comments, cleanup 2023-01-09 20:44:01 +01:00
fdf30f60e6
server: remove SQL boolean comparisons 2023-01-09 20:43:12 +01:00
b245d39b6e
server: delete records of fully deleted users 2023-01-08 21:22:03 +01:00
80f72e21cd
server: track deletion completion 2023-01-08 21:22:03 +01:00
85e985d13f
server: change data structure to track deletion completion 2023-01-08 21:21:54 +01:00
4fe288f17c server: rewrite user status queries in SQL 2023-01-08 20:02:21 +00:00
cd26e3a35c
fixup: missing parenthesis 2023-01-08 19:34:03 +01:00
c7ab8839dc
BREAKING: remove admin/delete-account, change admin/accounts/delete
You should use the API endpoint admin/accounts/delete.
It has the same parameter and the same behaviour.

The admin/accounts/delete endpoint now requries administrator privileges
instead of just moderator privileges.

Changelog: Removed
2023-01-07 23:53:48 +01:00
1eda1760d1
server: refactor to always use deleteAccount service
This should reduce code duplication around how deletion of an actor is
handled.
2023-01-07 19:46:05 +01:00
8772181b6f
server: refactor remote host check to validateActor
Instead of checking that an actor is not from the local host separately,
it seems like a good idea to do it in the central place that is supposed
to validate an actor.
2023-01-07 19:46:05 +01:00
5102d0bc2e
chore: remove unused user_group_invite table
Based on `1558257926829-UserGroupInvite.js` but switched `up` and `down`
migrations around.

Closes #314
2023-01-06 02:51:44 -05:00
cdba5447e6
server: remove joins to avatar and banners in children endpoint
Reviewed-on: FoundKeyGang/FoundKey#303
2023-01-05 21:05:22 +01:00
a0c2cf328e
server: fix redirected fetch
Don't throw a StatusError on an intended redirect.
2023-01-05 20:03:38 +01:00
3efa7046bd
meta: don't type check dependencies 2023-01-04 20:59:31 +01:00
48f8fb97df
activitypub: use quoteUri instead of quoteUrl
It's not quite Mastodon, but still, I said they'd use a different approach...

Changelog: Changed
2023-01-04 20:56:06 +01:00
0230f819e2
fixup: wrong negation
This is a fixup for commit 417d252e9d.
2023-01-04 19:09:03 +01:00
08af6fda37
fix some type errors 2023-01-03 22:18:01 +01:00
0c8a3cfeec
server: fix lints 2023-01-03 03:51:38 +01:00
8bc366fde0
server: fix comma-dangle lint 2023-01-03 02:47:58 +01:00
417d252e9d
server: fix custom lint typeorm-prefer-count 2023-01-03 02:42:42 +01:00
b54e07caec
enhance typeorm-prefer-count lint rule 2023-01-03 02:41:53 +01:00
5b898c6c82
chore: update yarn files 2023-01-02 21:40:12 +01:00
6010884e62
cleanup: translate japanese, use SECOND constant 2023-01-02 21:07:56 +01:00
b423d23cf6
server: fix custom lint typeorm-prefer-count 2023-01-02 21:07:02 +01:00
29714d1ae0
add custom eslint rule to prefer countBy over findBy 2023-01-02 20:58:33 +01:00
7bf4d4426a
use count instead of find to check existence 2023-01-02 14:43:27 +01:00
d28931bf00
server: remove dateUTC function 2023-01-02 12:45:30 +01:00
2a46719f31
server: set file permissions after copy
This explicitly sets the file permissions to allow everyone to read files
since apparently multer sometimes doesn't set the permissions we expect.

Ref: FoundKeyGang/FoundKey#202
Changelog: Fixed
2023-01-02 12:44:09 +01:00
7f564431be
server: fixup sql
Fixup to 0b7c9095bf.
2023-01-02 00:11:35 +01:00
0fbd7fa492
client: fix 500 error in notifications
closes FoundKeyGang/FoundKey#73

Changelog: Fixed
2023-01-01 23:32:01 +01:00
3aaa9facc6
translate japanese to english 2023-01-01 23:30:43 +01:00
8f09b05e7c
chore: remove reversi database tables
Changelog: Fixed
2023-01-01 22:27:34 +01:00
8b0b7ff525
server: change default value for api/admin/show-users origin param
Changed from "local" to "combined" to fix a bug when the hostname is set
but origin is not.

Changelog: Changed
2023-01-01 22:11:19 +01:00
0b7c9095bf
server: don't return users twice in search 2023-01-01 21:22:53 +01:00
ed27f61a4d
client: add mod tracker
Squashed commit of the following:

commit 54f0b67b25
Author: Puniko <me@absturztaube.ch>
Date:   Thu Dec 29 21:27:15 2022 +0100

    use nextTick instead of setTimeout

commit 6998cae7e3
Author: Puniko <me@absturztaube.ch>
Date:   Thu Dec 29 21:14:55 2022 +0100

    my absolute terrible fix to the unhide issue

commit 79f546d150
Author: Puniko <me@absturztaube.ch>
Date:   Thu Dec 29 21:01:35 2022 +0100

    stop player on hide/unhide

commit 6b7f13e8ef
Author: Puniko <me@absturztaube.ch>
Date:   Thu Dec 29 10:36:59 2022 +0100

    make webkit style range slider the same

commit 8a267c5cdc
Author: Puniko <me@absturztaube.ch>
Date:   Thu Dec 29 01:16:18 2022 +0100

    restyling range inputs

commit c39e1671b2
Author: Puniko <me@absturztaube.ch>
Date:   Thu Dec 29 00:57:47 2022 +0100

    make module seekable

commit c1762f27ae
Author: Puniko <me@absturztaube.ch>
Date:   Thu Dec 29 00:14:35 2022 +0100

    remove accesskey attribs

commit 08f75a01f1
Author: Puniko <me@absturztaube.ch>
Date:   Thu Dec 29 00:12:23 2022 +0100

    v-else on play button

commit 9302a9faaa
Author: Puniko <me@absturztaube.ch>
Date:   Thu Dec 29 00:08:19 2022 +0100

    replace filter with some

commit bffd15daed
Author: Puniko <me@absturztaube.ch>
Date:   Wed Dec 28 09:13:20 2022 +0100

    add chiptune2 and libopenmpt into COPYING

commit 794298c21c
Author: Puniko <me@absturztaube.ch>
Date:   Tue Dec 27 15:32:43 2022 +0100

    little cleanup

commit f383aec1cd
Author: Puniko <me@absturztaube.ch>
Date:   Tue Dec 27 15:23:25 2022 +0100

    repeat only once and proper handling of track ending

commit fdaa9614c9
Author: Puniko <me@absturztaube.ch>
Date:   Tue Dec 27 14:52:20 2022 +0100

    prevent losing connection when downloading module

commit 6c5723c795
Author: Puniko <me@absturztaube.ch>
Date:   Tue Dec 27 14:45:59 2022 +0100

    colours!!! 🌈

commit dba4f0a4a9
Author: Puniko <me@absturztaube.ch>
Date:   Tue Dec 27 13:01:06 2022 +0100

    replace  with i18n

commit 4234dfbdbc
Author: Puniko <me@absturztaube.ch>
Date:   Mon Dec 26 15:47:10 2022 +0100

    retab

commit 0cc1ea8c3e
Author: Puniko <me@absturztaube.ch>
Date:   Mon Dec 26 15:19:28 2022 +0100

    include libopenmpt tracker to foundkey

commit c2437c696a
Author: Puniko <me@absturztaube.ch>
Date:   Mon Dec 26 12:08:49 2022 +0100

    add libopenmpt

Reviewed-on: FoundKeyGang/FoundKey#306
Changelog: Added
2022-12-29 21:36:44 +01:00
ed9d4023d4 backend: add argon2 support
Passwords will be automatically re-hashed on sign-in.
All new password hashes will be argon2 by default.

This uses argon2id and is not configurable.
In the very unlikely case someone has more specific needs,
a fork is recommended.

ChangeLog: Added

Co-authored-by: Chloe Kudryavtsev <code@toast.bunkerlabs.net>
Reviewed-on: FoundKeyGang/FoundKey#308
2022-12-29 20:13:47 +00:00
a673647fba
server: remove avatarColor and bannerColor properties
According to comments next to those properties, they were kept for backward compatibility.
However they were always being set to null.

Changelog: Removed
2022-12-26 18:52:16 +01:00
eea2eb4919
use Promise.all instead of separate promises 2022-12-25 19:04:00 +01:00
114d416de0
server: refactor password hashing & comparison to module
For easier replacement should the hash algorithm ever be changed.
2022-12-25 19:03:51 +01:00
c2372315f7
server: improve error messages
Refactor Error's to ApiError's.

Changelog: Changed
2022-12-25 16:07:48 +01:00
de3cdb5833
activitypub: block check for resolving collections 2022-12-24 18:39:44 -05:00
a732cdc1ad
activitypub: perform block check in performOneActivity 2022-12-24 18:39:44 -05:00
a8f82050c8
activitypub: perform resolver block check on objects as well 2022-12-24 18:39:44 -05:00
8e12b9a33e
server: restore original comment for skippedInstances 2022-12-24 15:01:32 -05:00
6583d0c43d
server: pass in resolved meta table to shouldBlockInstance
This should make it more friendly to use in places where the meta table
has already been resolved for other reasons.
2022-12-24 14:56:48 -05:00
85419326f8
server: use prelude function instead of separate function 2022-12-23 13:55:15 +01:00
eaa11647f0
server: rewrite drive usage queries in raw SQL 2022-12-23 13:54:12 +01:00
61a2db49df
server: always use user id for calcDriveUsageOf 2022-12-23 13:38:29 +01:00
0e1459e5cf Merge pull request 'server: refactor follow request functions to be named exports' (#296) from refactor/follow-requests into main
Reviewed-on: FoundKeyGang/FoundKey#296
2022-12-23 02:06:31 +00:00
9690244848
server: add return type for all follow reject funcs 2022-12-22 17:52:30 -05:00
4db25e4b1f
server: add doc for cancelFollowRequest 2022-12-22 16:55:08 -05:00
549302e9c0
server: add doc for createFollowRequest 2022-12-22 16:55:07 -05:00
a3354904af
server: use named export for createFollowRequest 2022-12-22 16:52:52 -05:00
28f65bebfc
server: use named export for cancelFollowRequest 2022-12-22 16:52:52 -05:00
2204adc657
server: use named export for acceptAllFollowRequests 2022-12-22 16:52:52 -05:00
b11e4053db
server: use named export for acceptFollowRequest 2022-12-22 16:52:52 -05:00
7b39483966
server: drive endpoint to fetch files and folders
Changelog: Added
2022-12-22 16:46:48 +01:00
e2ef800708
server: dont use replace for file types
No point in using replace if we already know which character we want to replace.
2022-12-22 14:46:21 +01:00
a7048f17f7
server: simplify duplicated code 2022-12-22 14:45:20 +01:00
33f0b24c56
server: add v2 routes to notes endpoints 2022-12-22 11:02:04 +01:00
7685b92511
improve fetching of endpoint arguments
including support for route parameters (e.g. '/v2/note/:noteId' giving us a 'noteId' value)

Co-authored-by: Johann150 <johann.galle@protonmail.com>
2022-12-22 11:02:04 +01:00
8276bd3bdc
generate OpenAPI spec for v2 endpoints 2022-12-22 11:02:04 +01:00
aed2752470
server: make v2 meta endpoint support GET 2022-12-22 11:01:56 +01:00
4a3b91d658
server: add additional API v2 options to endpoints
* improve type definitions for v2 method
The method has to be lowercase because it is used as an index to get
the respective method of the router.

Co-authored-by: Johann150 <johann.galle@protonmail.com>
2022-12-22 11:00:46 +01:00
9317d25078
server: expire notifications after 3 months
closes FoundKeyGang/FoundKey#292

Changelog: Added
2022-12-21 21:46:45 +01:00
fc36bb8880
server: reduce code duplication in check-expired queue job 2022-12-21 21:46:27 +01:00
711bb8be7d
fixup: add missing redirect argument 2022-12-21 21:23:23 +01:00
275136cf8b
allow redirects in API ap/* endpoints 2022-12-21 20:45:55 +01:00
aa33708b90
server: handle redirects in signed get
part of FoundKeyGang/FoundKey#288

Changelog: Fixed
2022-12-20 22:07:24 +01:00
99c459a21a
server: better upload limit error
Ref: FoundKeyGang/FoundKey#293
2022-12-19 21:29:29 +01:00
bd68096ea9
server: refactor API error 2022-12-19 21:24:39 +01:00
6c7f1774e3
server: fix thread mutes not applying to renotes
Changelog: Fixed
2022-12-15 21:20:24 +01:00
af43df15ca
reduce duplication in secureRndstr 2022-12-15 20:46:17 +01:00
5f83383ab8
fix import error in tests 2022-12-15 20:45:55 +01:00
8c759dde6c
server: fix error about duplicate resolve 2022-12-15 19:44:55 +01:00
16d091497a
server: use extractDbHost instead of toPuny, translate comments
Also swapped logical or for nullish coalescing operator in some places.
2022-12-15 00:32:15 +01:00
ef53ec276a
activitypub: simplify some URI/id related checks
followup on previous commit
2022-12-15 00:31:23 +01:00
3582fd8260
activitypub: centrally check id matches URL in resolver
This makes some duplicated checks in models/note and models/person
unnecessary.
2022-12-15 00:29:39 +01:00
9f1670d5fd
server: fix default not found error image 2022-12-14 19:05:41 +01:00
ff31b8b06d server: remove bios and cli
The BIOS and CLI functionality were mainly for debugging purposes.
If a user has to use those to resolve an issue with the server, that
really should be fixed at the source instead.

Closes: FoundKeyGang/FoundKey#283
Changelog: Removed
2022-12-14 17:59:25 +00:00
ffff2ae5ef
server: fix missing import
closes FoundKeyGang/FoundKey#286
2022-12-14 18:08:44 +01:00
ccc8bf0289
chore: fix more miscellaneous lints 2022-12-13 23:09:32 +01:00
a231b36d59
chore: fix lint about unused variables in entities 2022-12-13 23:09:32 +01:00
8e9c65fab0
chore: fix some import related lints 2022-12-13 23:09:31 +01:00
78a3051313
remove unneeded TODO 2022-12-13 16:46:29 -05:00
78717e85d3
server: change JSON.parse/stringify to structuredClone
structuredClone is more typesafe than using JSON.parse and
JSON.stringify.

Now that Node 18.x is the new baseline, this should be safe to use now.

See https://developer.mozilla.org/en-US/docs/Web/API/structuredClone
for details.
2022-12-13 16:45:38 -05:00
a9d3cae511
server: add return type to extractApMentions 2022-12-13 16:31:15 -05:00
bd27b7ca3a
server: add typing for renderFollowRelay 2022-12-13 16:06:18 -05:00
e28a9eb8e8
use tsc --noEmit for backend and client
See https://github.com/misskey-dev/misskey/pull/9316
2022-12-13 16:02:06 -05:00
e5a4c5d2d0
chore: update @typescript-eslint packages 2022-12-13 15:57:26 -05:00
6bba55c196
sw: add TypeScript type checking
This implements the upstream changes from
https://github.com/misskey-dev/misskey/pull/9314 but updated to our
version of ESLint.

Also updates TypeScript to 4.9.4 for all packages.
2022-12-13 15:42:08 -05:00
1d469f3c34
fix import typo 2022-12-13 15:12:29 -05:00
3f0228e14c
server: use color-convert KEYWORD instead of extracting parameter type 2022-12-13 15:11:29 -05:00
5ea744b1b2
server: use configurable images 2022-12-13 20:54:49 +01:00
ae6ba05306
add config for error images
Changelog: Added
2022-12-13 20:54:49 +01:00
d4d1e03479
server: fix errors for replies and state when note doesnt exist 2022-12-13 20:35:46 +01:00
030394b30d
refactor: remove default export for boot 2022-12-11 14:42:55 -05:00
768d9bbdfb
refactor: remove default export for perform 2022-12-11 18:23:19 +01:00
3ef1a4b0f9
refactor: remove default export for Resolver 2022-12-11 18:23:07 +01:00
ae59ce51b0
refactor: remove default export for DbResolver 2022-12-11 18:16:48 +01:00
14a9b9bedd
refactor: remove default export for request 2022-12-11 18:16:45 +01:00
985a13f47f
refactor: remove default export for DeliverManager 2022-12-11 17:56:25 +01:00
507b328fdf
activitypub: also forward resolver to resolveNote 2022-12-10 11:23:10 +01:00
3cf673960b server: Fix typing for user token
Also fix a comment in the User model that wrongly states that the token
is null if the user is local, when it's the opposite.
2022-12-08 23:20:41 -05:00
cbfd866122 server: make fetcher key non-null 2022-12-08 23:19:39 -05:00
b23a8dbaed server: translate comments 2022-12-08 23:18:45 -05:00
80a73a7510 server: remove unused imports from suspend-user.ts 2022-12-08 23:18:45 -05:00
3dec9a47f0 server: fix various type errors in services 2022-12-08 23:18:45 -05:00
b8fb7a38cc server: improve Logger typing information and docs 2022-12-08 23:18:45 -05:00
fdc682e810 server: remove sendEmailNotification
The functions have their bodies completely comented out,
which means they are doing nothing.
2022-12-08 23:18:45 -05:00
fde751df8f
fix: properly supply resolver (2) 2022-12-08 19:06:55 +01:00
1faf1035f9
server: handle users getting deleted somewhere else
I don't know why but several jobs got stuck in my inbox queue because
of errors like 'Could not find any entity of type "User" matching...'.
2022-12-08 18:12:24 +01:00
e2ce599aca
fix: properly supply resolver 2022-12-08 18:12:05 +01:00
350f21d955
server: fix typing for skippedInstances query 2022-12-07 16:41:34 -05:00
873e21f090
chore: update eslint 2022-12-07 16:27:53 -05:00
2afe54c121
eslint: allow backticks to avoid escaping single/double quotes 2022-12-07 16:27:39 -05:00
b66f7550ab
server: auto-fix lints 2022-12-07 13:39:21 -05:00
18664dbca3
server: add missing paren
How did this not break yet?
2022-12-07 18:29:04 +01:00
0f3f42eb39
remove rndstr dependency
This dependency was unused in the client.

The use of it in the server can be replaced entirely by the
secureRndstr function, with some slight modifications.

That function could probably be refactored a bit more as well.
2022-12-07 18:08:09 +01:00
d3f1ad9a88 chore: remove unused packages 2022-12-06 23:18:27 +01:00
1aa3898db5 server: remove unused import 2022-12-06 23:12:45 +01:00
b023741f50 server: remove integrations field from user 2022-12-06 23:00:08 +01:00
4cc5b734e7 activitypub: remove integration fields from person and nodeinfo 2022-12-06 21:49:19 +01:00
5d32872999 server: remove integration API routes 2022-12-06 21:48:31 +01:00
b4b1204f77 server: remove integration-related fields from meta 2022-12-06 21:47:59 +01:00
c1a51547a9 BREAKING: server: remove wildcard blocking and instead block subdomains (#269)
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: FoundKeyGang/FoundKey#269
Changelog: Changed
2022-12-05 17:55:38 +00:00
4e74d26e45 backend: fix ratelimit typo
Changelog: Fixed
2022-12-05 15:49:33 +01:00
a421dd401c
activitypub: refactor to always apply recursion limit
Refactor to remove as many "new Resolver" as possible.
2022-12-04 21:11:44 +01:00
c4211761e6
server: refactor resolveSelf to just return the webfinger href
Since the href seems to be the only attribute that is used, and I didn't
want to add a full type definition this was the easier option.
2022-12-04 21:11:43 +01:00
03b673165f
server: refactor "authUser" functions into separate file
They did not really fit into the DbResolver because they may fetch data
from remote instances even though DbResolver is only supposed to access
the database.
2022-12-04 21:11:35 +01:00
de18c8306d
server: fix token-permissions migration
The table that is affected here was not properly purged of old entries. It only holds
data that is needed while a 3rd party authorization is in progress but not finished.

The code that typeorm generated for this migration is a bit wonky because it should
probably have dropped one column and created another one. But if we clear out all entries
it should work regardless and I'm feeling lazy right now. :P
2022-12-04 19:05:02 +01:00
11e4a8cb9b
remove erroneous space 2022-12-04 15:34:05 +01:00
946e862ecd
server: implement OAuth 2.0 Authorization Code grant
Changelog: Added
Reviewed-on: FoundKeyGang/FoundKey#205
2022-12-04 14:06:36 +01:00
97052b1f61
server: refactor fromHtml attribute handling
Also try to recognize owncast hashtag links.
2022-12-04 03:43:22 +01:00
cda9197700
server: increase nodeinfo caching
Changelog: Changed
2022-12-04 03:26:50 +01:00
2dde8273e2 implement separate web workers
Reviewed-on: FoundKeyGang/FoundKey#252
2022-12-03 13:33:23 +00:00
de927e1f30 server: handle invalid URLs in comparison 2022-12-03 10:38:33 +00:00
bdcec2b8a7 server: implement OAuth discovery (RFC 8414) 2022-12-03 10:38:33 +00:00
5291f29581 implement OAuth PKCE
This implements Proof Key for Code Exchange a.k.a. RFC 7636.
2022-12-03 10:38:33 +00:00
15b3ab6d13 check redirect URIs 2022-12-03 10:38:33 +00:00
79e3c20189 server: allow to grant tokens with more restricted privileges
This also simplifies API authentication a bit by not having to fetch
the App that is related to a token.

The restriction of 1 token per app is also lifted. This was not a
constraint in the database but it was enforced by the code and
kinda wrong schema the auth_session table had.
2022-12-03 10:38:32 +00:00
2f2e6a58a4 docs: read scope descriptions from locale strings 2022-12-03 10:38:32 +00:00
c65fdebe26 server: add missing auth/deny endpoint
This endpoint is hinted at in the client, but is not actually defined
in the backend. This commit defines it.
2022-12-03 10:38:32 +00:00
418c88bb8f expire AuthSessions after 15 min 2022-12-03 10:38:32 +00:00
2b19b34196 update OpenAPI docs to OAuth 2022-12-03 10:38:32 +00:00
7db7fdd9e2 add API route for OAuth access token retrieval 2022-12-03 10:38:32 +00:00
a13e956af0 make authorization token granting OAuth 2.0 compatible
This is basically a shim on top of the existing API.
Instead of the 3rd party, the web UI generates the authorization session.

The data that the API returns is slightly adjusted so that only one
API call is necessary instead of two.
2022-12-03 10:38:32 +00:00
18cf228f89
server: readd "fetch meta only once in skippedInstances""
This reverts commit e446a11bb7.

Turns out this wasn't really the source of the referenced issue and
someone was able to run with the original commit fine, so adding this
back for now.
2022-12-03 05:13:30 -05:00
bdf2e14a73
server: fix TypeError in registerOrFetchInstanceDoc
Changelog: Fixed
2022-12-03 04:01:51 -05:00
e446a11bb7
Revert "server: fetch meta only once in skippedInstances"
This reverts commit 81d63720f2 since it
seems to cause a ReferenceError for some reason.

Ref: https://toot.site/@jeder/109447151582516733
2022-12-03 02:13:18 -05:00
194fff3603
activitypub: hashtags no longer displaying as links
Some hashtags sent from Mastodon were erroneously displayed as links.
This is because Mastodon seems to mangle hashtags containing non-ASCII
codepoints (such as e.g. umlauts). This lead to the previous code which
depended on the list of hashtags to not recognize a hashtag. Instead,
the `rel="tag"` microformat is recognized instead.

This makes the `htmlToMfm` wrapper function unnecessary so it was removed.

Changelog: Fixed
2022-12-02 19:31:57 +01:00
b4080d788d
slight refactoring & translating japanese 2022-12-02 19:00:58 +01:00
e49b8d0ef3
server: remove unnecessary apLogger aliases 2022-12-02 18:58:19 +01:00
7d3d0f858c
increment versions in package.json 2022-12-02 16:59:47 +01:00
81d63720f2
server: fetch meta only once in skippedInstances 2022-12-02 09:26:14 -05:00
5e6b51094e
server: fix instance skipping
This should actually make instance skipping work properly since
shouldBlockInstance is now properly awaited on now.
2022-12-02 09:10:56 -05:00
9ad37a12f8
server: fix rendering of Follow activity when removing follow
closes FoundKeyGang/FoundKey#263

Changelog: Fixed
2022-12-01 21:49:38 +01:00
e10700a2be Merge pull request 'server: add wildcard matching to blocked hosts' (#260) from wildcard-block-v2 into main
Reviewed-on: FoundKeyGang/FoundKey#260
2022-12-01 20:12:18 +00:00
721a327192
fixup: remove unused import 2022-12-01 20:46:46 +01:00
936cbf900b
use default argument value
This unifies the style with the other function in that file and fixes
the lint "no-param-reassign".
2022-12-01 20:32:57 +01:00
b3e34795c0
require punycode conversion beforehand for admins 2022-12-01 12:07:43 -05:00
a35c98bbd5
server: encode non-ascii domains in punycode in matchHost 2022-12-01 11:34:11 -05:00
075e251822
server: add wildcard matching to blocked hosts
This adds in wildcard matching. For instance:
- `*.bad.tld` will match: `very.bad.tld`
- `bad.*` will match: `bad.something`
- `*.bad.*` will match: `very.bad.evil`

Changelog: Changed
2022-12-01 11:29:02 -05:00