768d9bbdfb
refactor: remove default export for perform
2022-12-11 18:23:19 +01:00
3ef1a4b0f9
refactor: remove default export for Resolver
2022-12-11 18:23:07 +01:00
ae59ce51b0
refactor: remove default export for DbResolver
2022-12-11 18:16:48 +01:00
14a9b9bedd
refactor: remove default export for request
2022-12-11 18:16:45 +01:00
985a13f47f
refactor: remove default export for DeliverManager
2022-12-11 17:56:25 +01:00
507b328fdf
activitypub: also forward resolver to resolveNote
2022-12-10 11:23:10 +01:00
3cf673960b
server: Fix typing for user token
...
Also fix a comment in the User model that wrongly states that the token
is null if the user is local, when it's the opposite.
2022-12-08 23:20:41 -05:00
cbfd866122
server: make fetcher key non-null
2022-12-08 23:19:39 -05:00
b23a8dbaed
server: translate comments
2022-12-08 23:18:45 -05:00
80a73a7510
server: remove unused imports from suspend-user.ts
2022-12-08 23:18:45 -05:00
3dec9a47f0
server: fix various type errors in services
2022-12-08 23:18:45 -05:00
b8fb7a38cc
server: improve Logger typing information and docs
2022-12-08 23:18:45 -05:00
fdc682e810
server: remove sendEmailNotification
...
The functions have their bodies completely comented out,
which means they are doing nothing.
2022-12-08 23:18:45 -05:00
fde751df8f
fix: properly supply resolver (2)
2022-12-08 19:06:55 +01:00
1faf1035f9
server: handle users getting deleted somewhere else
...
I don't know why but several jobs got stuck in my inbox queue because
of errors like 'Could not find any entity of type "User" matching...'.
2022-12-08 18:12:24 +01:00
e2ce599aca
fix: properly supply resolver
2022-12-08 18:12:05 +01:00
350f21d955
server: fix typing for skippedInstances query
2022-12-07 16:41:34 -05:00
873e21f090
chore: update eslint
2022-12-07 16:27:53 -05:00
2afe54c121
eslint: allow backticks to avoid escaping single/double quotes
2022-12-07 16:27:39 -05:00
b66f7550ab
server: auto-fix lints
2022-12-07 13:39:21 -05:00
18664dbca3
server: add missing paren
...
How did this not break yet?
2022-12-07 18:29:04 +01:00
0f3f42eb39
remove rndstr dependency
...
This dependency was unused in the client.
The use of it in the server can be replaced entirely by the
secureRndstr function, with some slight modifications.
That function could probably be refactored a bit more as well.
2022-12-07 18:08:09 +01:00
d3f1ad9a88
chore: remove unused packages
2022-12-06 23:18:27 +01:00
1aa3898db5
server: remove unused import
2022-12-06 23:12:45 +01:00
b023741f50
server: remove integrations field from user
2022-12-06 23:00:08 +01:00
4cc5b734e7
activitypub: remove integration fields from person and nodeinfo
2022-12-06 21:49:19 +01:00
5d32872999
server: remove integration API routes
2022-12-06 21:48:31 +01:00
b4b1204f77
server: remove integration-related fields from meta
2022-12-06 21:47:59 +01:00
c1a51547a9
BREAKING: server: remove wildcard blocking and instead block subdomains ( #269 )
...
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: FoundKeyGang/FoundKey#269
Changelog: Changed
2022-12-05 17:55:38 +00:00
4e74d26e45
backend: fix ratelimit typo
...
Changelog: Fixed
2022-12-05 15:49:33 +01:00
a421dd401c
activitypub: refactor to always apply recursion limit
...
Refactor to remove as many "new Resolver" as possible.
2022-12-04 21:11:44 +01:00
c4211761e6
server: refactor resolveSelf to just return the webfinger href
...
Since the href seems to be the only attribute that is used, and I didn't
want to add a full type definition this was the easier option.
2022-12-04 21:11:43 +01:00
03b673165f
server: refactor "authUser" functions into separate file
...
They did not really fit into the DbResolver because they may fetch data
from remote instances even though DbResolver is only supposed to access
the database.
2022-12-04 21:11:35 +01:00
de18c8306d
server: fix token-permissions migration
...
The table that is affected here was not properly purged of old entries. It only holds
data that is needed while a 3rd party authorization is in progress but not finished.
The code that typeorm generated for this migration is a bit wonky because it should
probably have dropped one column and created another one. But if we clear out all entries
it should work regardless and I'm feeling lazy right now. :P
2022-12-04 19:05:02 +01:00
11e4a8cb9b
remove erroneous space
2022-12-04 15:34:05 +01:00
946e862ecd
server: implement OAuth 2.0 Authorization Code grant
...
Changelog: Added
Reviewed-on: FoundKeyGang/FoundKey#205
2022-12-04 14:06:36 +01:00
97052b1f61
server: refactor fromHtml attribute handling
...
Also try to recognize owncast hashtag links.
2022-12-04 03:43:22 +01:00
cda9197700
server: increase nodeinfo caching
...
Changelog: Changed
2022-12-04 03:26:50 +01:00
2dde8273e2
implement separate web workers
...
Reviewed-on: FoundKeyGang/FoundKey#252
2022-12-03 13:33:23 +00:00
de927e1f30
server: handle invalid URLs in comparison
2022-12-03 10:38:33 +00:00
bdcec2b8a7
server: implement OAuth discovery (RFC 8414)
2022-12-03 10:38:33 +00:00
5291f29581
implement OAuth PKCE
...
This implements Proof Key for Code Exchange a.k.a. RFC 7636.
2022-12-03 10:38:33 +00:00
15b3ab6d13
check redirect URIs
2022-12-03 10:38:33 +00:00
79e3c20189
server: allow to grant tokens with more restricted privileges
...
This also simplifies API authentication a bit by not having to fetch
the App that is related to a token.
The restriction of 1 token per app is also lifted. This was not a
constraint in the database but it was enforced by the code and
kinda wrong schema the auth_session table had.
2022-12-03 10:38:32 +00:00
2f2e6a58a4
docs: read scope descriptions from locale strings
2022-12-03 10:38:32 +00:00
c65fdebe26
server: add missing auth/deny endpoint
...
This endpoint is hinted at in the client, but is not actually defined
in the backend. This commit defines it.
2022-12-03 10:38:32 +00:00
418c88bb8f
expire AuthSessions after 15 min
2022-12-03 10:38:32 +00:00
2b19b34196
update OpenAPI docs to OAuth
2022-12-03 10:38:32 +00:00
7db7fdd9e2
add API route for OAuth access token retrieval
2022-12-03 10:38:32 +00:00
a13e956af0
make authorization token granting OAuth 2.0 compatible
...
This is basically a shim on top of the existing API.
Instead of the 3rd party, the web UI generates the authorization session.
The data that the API returns is slightly adjusted so that only one
API call is necessary instead of two.
2022-12-03 10:38:32 +00:00
18cf228f89
server: readd "fetch meta only once in skippedInstances""
...
This reverts commit e446a11bb7
.
Turns out this wasn't really the source of the referenced issue and
someone was able to run with the original commit fine, so adding this
back for now.
2022-12-03 05:13:30 -05:00
bdf2e14a73
server: fix TypeError in registerOrFetchInstanceDoc
...
Changelog: Fixed
2022-12-03 04:01:51 -05:00
e446a11bb7
Revert "server: fetch meta only once in skippedInstances"
...
This reverts commit 81d63720f2
since it
seems to cause a ReferenceError for some reason.
Ref: https://toot.site/@jeder/109447151582516733
2022-12-03 02:13:18 -05:00
194fff3603
activitypub: hashtags no longer displaying as links
...
Some hashtags sent from Mastodon were erroneously displayed as links.
This is because Mastodon seems to mangle hashtags containing non-ASCII
codepoints (such as e.g. umlauts). This lead to the previous code which
depended on the list of hashtags to not recognize a hashtag. Instead,
the `rel="tag"` microformat is recognized instead.
This makes the `htmlToMfm` wrapper function unnecessary so it was removed.
Changelog: Fixed
2022-12-02 19:31:57 +01:00
b4080d788d
slight refactoring & translating japanese
2022-12-02 19:00:58 +01:00
e49b8d0ef3
server: remove unnecessary apLogger aliases
2022-12-02 18:58:19 +01:00
7d3d0f858c
increment versions in package.json
2022-12-02 16:59:47 +01:00
81d63720f2
server: fetch meta only once in skippedInstances
2022-12-02 09:26:14 -05:00
5e6b51094e
server: fix instance skipping
...
This should actually make instance skipping work properly since
shouldBlockInstance is now properly awaited on now.
2022-12-02 09:10:56 -05:00
9ad37a12f8
server: fix rendering of Follow activity when removing follow
...
closes FoundKeyGang/FoundKey#263
Changelog: Fixed
2022-12-01 21:49:38 +01:00
e10700a2be
Merge pull request 'server: add wildcard matching to blocked hosts' ( #260 ) from wildcard-block-v2 into main
...
Reviewed-on: FoundKeyGang/FoundKey#260
2022-12-01 20:12:18 +00:00
721a327192
fixup: remove unused import
2022-12-01 20:46:46 +01:00
936cbf900b
use default argument value
...
This unifies the style with the other function in that file and fixes
the lint "no-param-reassign".
2022-12-01 20:32:57 +01:00
b3e34795c0
require punycode conversion beforehand for admins
2022-12-01 12:07:43 -05:00
a35c98bbd5
server: encode non-ascii domains in punycode in matchHost
2022-12-01 11:34:11 -05:00
075e251822
server: add wildcard matching to blocked hosts
...
This adds in wildcard matching. For instance:
- `*.bad.tld` will match: `very.bad.tld`
- `bad.*` will match: `bad.something`
- `*.bad.*` will match: `very.bad.evil`
Changelog: Changed
2022-12-01 11:29:02 -05:00
Derek Schmidt
11a6e706f4
server: Use shared resolver in featured and question accept
2022-12-01 04:40:14 -05:00
Derek Schmidt
d3af00a912
server: Add recursion limit to resolver
...
Changelog: Security
2022-12-01 04:40:07 -05:00
973bd4532b
Merge pull request 'server: always enable push notifications' ( #235 ) from enable-push-notifs into main
...
Reviewed-on: FoundKeyGang/FoundKey#235
Changelog: Changed
2022-11-29 21:51:10 +00:00
5733f127ca
backend: update re2 to 1.17.8
...
This should fix Node 19 compatibility.
Fixes: FoundKeyGang/FoundKey#238
2022-11-28 12:02:24 -05:00
8130a2a9b1
server: remove deeplIsPro setting
...
This setting is unnecessary because DeepL free keys can be detected
easily according to <https://www.deepl.com/docs-api/api-access/authentication/ >:
> DeepL API Free authentication keys can be identified easily by the suffix ":fx"
Changelog: Removed
2022-11-27 12:12:56 +01:00
9fd23b5dae
server: remove quote urls, 3rd try
...
First try was 66a7c62342
but classList is
not in parse5 DOM. Second try was 7ee6a09cf2
but forgot the contents of this commit.
2022-11-27 09:30:51 +01:00
6600f6e52e
fixup: make cluster limit into a per-mode warning rather than error
2022-11-26 13:28:39 +01:00
d0c504ec85
server: fix unknown variable in signin endpoint
2022-11-25 19:09:08 +01:00
062cba1b3c
server: fix undefined variable for instance actor
2022-11-25 19:05:37 +01:00
48a60b03ea
BREAKING: implement separate web workers
...
There are now separate web and queue workers.
The configuration entry `clusterLimit` has been replaced by
`clusterLimits` which allows separate configuration of web and
queue workers.
Changelog: Changed
2022-11-25 12:56:49 +01:00
f817d45210
update eslint and typescript-eslint
2022-11-25 02:07:21 -05:00
b67799ad3f
BREAKING: Remove support for Node 16.x and upgrade to TypeScript 4.9
...
Now that Node 18 is the new LTS version of Node, it should be safe to
support ES2022 features. The install docs have already been updated to
recommend Node 18.x in 41a710854e
.
This will break support on Node 16.x and earlier.
Also update TypeScript to 4.9 which contains various typechecking
improvements: https://devblogs.microsoft.com/typescript/announcing-typescript-4-9/
Ref: FoundKeyGang/FoundKey#238
Changelog: Changed
2022-11-25 02:07:21 -05:00
01fa4332c2
server: set vapid keys on initial setup
2022-11-21 22:30:34 +01:00
563f3672a9
server: always enable push notifications
...
The thing that previously presumably hindered this was that the VAPID
keys had to be set up. Previously admins had to do this, but this is a bad
idea for multiple reasons:
1) The meaning of "public key" and "private key" was not well documented
in the settings.
2) Giving out a private key over the API, even just for admins, sounds
like a bad idea.
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
2022-11-21 22:00:53 +01:00
7ee6a09cf2
fix errors from quote string removal
...
The parse5 tree does not have the full DOM methods and attributes.
2022-11-21 19:43:56 +01:00
9e2553909e
server: use time constants
2022-11-20 23:15:40 +01:00
66a7c62342
activitypub: remove akkoma quote URLs
...
Changelog: Fixed
2022-11-20 20:48:15 +00:00
512351746f
Merge pull request 'Add LibreTranslate support' ( #224 ) from libretranslate into main
...
Reviewed-on: FoundKeyGang/FoundKey#224
Changelog: Added
2022-11-20 16:21:17 +00:00
kabo2468
b7f32be512
server: don't nyaize quoted lines
...
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
Changelog: Changed
2022-11-20 11:15:03 +01:00
aefb11959f
fix: translator settings on admin/meta endpoint
2022-11-20 10:37:50 +01:00
8cde66b8ac
backend: Add LibreTranslate support
2022-11-19 23:00:33 -05:00
7ffe2181a9
server: use host parameter in note search without elasticsearch
...
Changelog: Fixed
2022-11-19 17:33:27 +01:00
4183c429e6
server: rewrite skipped instances query in raw SQL
...
This should hopefully improve performance somewhat.
Reviewed-on: FoundKeyGang/FoundKey#230
Changelog: Changed
2022-11-18 22:02:47 +01:00
28aa440bcc
server: correctly await promises when updating server info
...
When not awaiting promises, truncating the table and inserting again
can sometimes not work due to race conditions.
2022-11-18 20:52:19 +01:00
71b3b5a60c
backend: implement not forwarding block activities ( #212 )
...
Fixes FoundKeyGang/FoundKey#211
Commits pulled from https://github.com/misskey-dev/misskey/pull/7799
Changelog: Added
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Co-authored-by: Johann150 <johann.galle@protonmail.com>
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: FoundKeyGang/FoundKey#212
2022-11-17 21:24:38 +00:00
110c645a97
Merge pull request 'backend: fix activitypub.ts lints' ( #236 ) from refactor/activitypub-ts into main
...
Reviewed-on: FoundKeyGang/FoundKey#236
2022-11-17 19:48:08 +00:00
ddeb5b25f1
translate comments in chart core
2022-11-17 20:23:17 +01:00
c0d5678039
backend: fix lints in various misc modules
...
Mostly adding return types and also fixing a type error.
2022-11-16 19:48:16 -05:00
629b865789
backend: add return type to getAntennas
2022-11-16 19:44:20 -05:00
021d523d5f
backend: fix activitypub.ts lints
2022-11-16 19:38:32 -05:00
848b9bcdf1
backend: partially revert repo url change in nodeinfo
2022-11-16 17:58:55 -05:00
b18c9b27a6
backend: minor cleanup of nodeinfo.ts
...
Copy over the MONTH constant from the client code and the time constants
for active{Halfyear,Month}.
Also instead of adding and deleting `respository` from the nodeinfo for
version 2.0, only add in the repository URL in the 2.1 endpoint.
2022-11-16 17:52:13 -05:00
b958be77b6
fixup server: refactor meta caching
...
fix: setting meta does not keep cache synced.
fix: handle initially empty meta table.
2022-11-16 20:36:22 +01:00
9f6be8d557
server: refactor meta caching
...
This removes the "caching" that re-fetches the instance meta information
from the database every 10 seconds.
2022-11-14 22:12:32 +01:00
9d9b2da6cc
fix parameter for cache fetcher
2022-11-13 20:31:24 +01:00
d1ec058d5c
server: refactor Cache to hold fetcher as attribute
...
Instead of having to pass the fetcher every time you want to fetch
something, the fetcher is stored in an attribute of the Cache.
2022-11-13 19:39:30 +01:00
131c12a30b
server: refactor prefetchEmojis
...
Exiting earlier might slightly improve performance.
2022-11-13 18:24:15 +01:00
8d6476af2a
server: remove localUserByIdCache
...
The same data is stored in userByIdCache. Whether a user is local or not
can easily be determined from the cached object.
2022-11-13 18:03:22 +01:00
57299f0df6
server: simplify caching for instance actor
2022-11-13 17:14:33 +01:00
b0489abd7f
translate japanese comments
2022-11-13 13:47:22 +01:00
a3468491a7
fix import
2022-11-12 18:51:57 +01:00
486be564e8
server: improve comments
2022-11-12 17:39:36 +01:00
c49f529ccb
server: use DeliverManager for user deletion
2022-11-12 15:23:49 +01:00
8979e779da
server: optimise follower inboxes query
...
Use the distinct query thingy so we don't have to make the Set work
so hard. This is also uniform code with the "everyone" above so should
hopefully be easier to understand.
2022-11-12 15:09:50 +01:00
f3c38ad5c8
server: only add unique cascade-delete notes
2022-11-11 18:08:57 +01:00
899b01a031
remove unnecessary checks
...
These checks were made obsolete by commit
6df2f7c55c
.
2022-11-11 18:07:49 +01:00
a27a29b371
server: redirect browsers to human readable page
...
Also added/translated more comments.
2022-11-11 17:54:11 +01:00
66a9d27ab1
server: increase user description length to 2048
...
Changelog: Changed
2022-11-11 12:28:57 +01:00
d411ea6281
backend: make removeAds migration plain JS
2022-11-10 12:56:39 -05:00
5d23aa9e69
translate some comments to english
2022-11-10 00:36:39 +01:00
5b61941e4c
server: skip instances that proclaimed themself dead via HTTP 410
...
Changelog: Fixed
2022-11-10 00:23:30 +01:00
ca90cedba0
server: reduce dead instance detection to 7 days
2022-11-09 18:47:28 +01:00
54075789cd
server: remove content type bodge
...
Now that the client should send the proper content type, this should not be
necessary any more.
2022-11-08 20:57:38 +01:00
609312bb82
server: refactor errors in signin endpoint
2022-11-08 20:57:08 +01:00
7939d130aa
backend: update sharp to 0.31.2
...
Changelog: Fixed
Fixes: FoundKeyGang/FoundKey#226
2022-11-08 01:16:55 -05:00
489eea0c67
server: improve API validation for creating apps
...
Resolves a FIXME comment.
2022-11-05 10:43:34 +01:00
6f65326b32
chore: synchronize code and database schema
2022-11-03 21:50:55 +01:00
e8ecd71f8a
backend: refactor server/nodeinfo.ts ( #221 )
...
This fixes a few type errors like removing `software.respository` in
NodeInfo 2.0 and updating `metadata.repositoryUrl` to not use the
now removed meta `repositoryUrl` field.
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: FoundKeyGang/FoundKey#221
2022-11-02 21:42:51 +00:00
0db0db9a87
backend: fix types in getRedisFamily
2022-10-31 18:39:05 -04:00
6df2f7c55c
server: refactor finding delete-cascaded notes
...
Remove the several filter functions in different places by filtering
directly in the database.
Instead of a QueryBuilder, use the plain find function.
Refactor a for loop awaiting several promises individually, use
Array.map and await Promise.all to make better use of promises.
2022-10-31 20:57:45 +01:00
ac240eb58d
server: translate/add comments
2022-10-31 20:57:18 +01:00
d725f93d40
backend: Provide type for signedGet
2022-10-31 10:10:29 +01:00
6db9b76f46
Retouch types in server index
2022-10-31 10:10:29 +01:00
f50b04b015
Fix type errors in withPackedNote
2022-10-31 10:10:28 +01:00
3fe1f7e70e
Deal with withPackedNote(onNote) types in stream channels
2022-10-31 10:10:28 +01:00
eff9dbb5ee
Reassure typechecker about token in authenticate
2022-10-31 10:10:28 +01:00
fb80fd1fbd
Broaden type in authenticate as undefined is also nullable
2022-10-31 10:10:27 +01:00
2a33d0ac83
Fix type import in stream emitter typing
2022-10-31 10:10:27 +01:00
fb5f498641
Upgrade bull-board to unify misaligned types in its packages
2022-10-31 10:10:27 +01:00
23fbdfdf1f
Fix typos in syslog initialization
2022-10-31 10:10:26 +01:00
5b7a7794ab
backend: fix type of IEndpointMeta.errors
...
The errors array is supposed to be readonly.
2022-10-31 03:35:47 -04:00
bd0c06e2d0
server: fix RefereceError (again...)
2022-10-30 17:46:44 +01:00
c282ed7683
Narrow type of isPureRenote
...
As side effect of that, a non-null assertion can be removed.
Co-authored-by: Johann150 <johann.galle@protonmail.com>
2022-10-30 17:38:56 +01:00
240ad1cca6
server: fix ReferenceError
...
The super constructor has to be called before accessing this.
2022-10-30 16:22:12 +01:00
2aafe8fc9f
server: avoid adding suspended instances to deliver queue
...
This should reduce the performance hit when adding large numbers of
instances to the deliver queue by making the check for suspended and
dead instances a bulk operation.
Changelog: Changed
Reviewed-on: FoundKeyGang/FoundKey#215
2022-10-29 22:58:04 +02:00
7a64a3858d
fix erroneous quote
2022-10-28 23:49:30 +02:00
d0564759a5
server: remove unnecessary argument
2022-10-28 23:36:47 +02:00
735b9ab502
fix some lints
2022-10-28 16:57:56 +02:00
fb76843c19
adapt OpenAPI documentation generation to new error definitions
2022-10-27 22:44:06 +02:00
1dd935dc0c
fix endpoint type definition for errors
2022-10-27 22:44:06 +02:00
934ee82b8f
server: refactor ApiError to store error descriptions centrally
...
The UUIDs are no longer used for errors and all errors should now have
a descriptive message attached to them. Also, all errors should now have
the proper HTTP status code for a reply instead of the generic 400 and 500
response codes. Because the errors all have more specific error codes, the
"kind" of client or server is also abolished.
2022-10-27 22:43:58 +02:00
66d7b69377
server: refactor API handler and returning errors
...
This refactors the API handler to not use default exports, be async
instead of constructing a promise and modify how errors are returned.
2022-10-26 23:15:31 +02:00
c3c7164dfb
fix merge of #213
2022-10-26 22:53:06 +02:00
a991740e00
server: improve API definition for messaging/messages/create
2022-10-26 22:21:28 +02:00