Commit graph

636 commits

Author SHA1 Message Date
0965d3cbd9
merge: simplify pages
FoundKeyGang/FoundKey#49
2022-08-19 09:16:49 +02:00
27c56a4dcc Merge pull request 'security: update multer to 1.4.5-lts.1' (#69) from fix/multer-security into main
Reviewed-on: FoundKeyGang/FoundKey#69
2022-08-18 17:39:33 +00:00
5d41384708
fix: await promises in migration 2022-08-18 18:26:17 +02:00
7ae5d6b1b8
backend: fix packing pages 2022-08-18 17:34:20 +02:00
c0b0720ede
add best effort migration for pages 2022-08-18 17:34:20 +02:00
90d35b951f
adjust types & api for pages 2022-08-18 17:32:01 +02:00
b137a39160
merge: remove promo notes
FoundKeyGang/FoundKey#62
2022-08-18 14:26:48 +02:00
f30e02dc73 security: update multer to 1.4.5-lts.1
This version of multer contains a fix for
CVE-2022-24434 which affects a transitive dependency.

> This affects all versions of package dicer. A malicious attacker can
> send a modified form to server, and crash the nodejs service. An
> attacker could sent the payload again and again so that the service
> continuously crashes.

Ref: https://nvd.nist.gov/vuln/detail/CVE-2022-24434
2022-08-18 01:37:39 -04:00
f0bdd9666f
remove empty import statements 2022-08-14 12:26:18 +02:00
c8afce6b2c
fix blocking of remote accounts
The property name was misspelled.
2022-08-14 11:33:08 +02:00
e028a852f6
remove more code referencing promo notes 2022-08-12 19:39:48 +02:00
c7bf29fd49 Remove promo entities and endpoints 2022-08-11 23:13:09 +02:00
6ce4b3fe2f
fix some lints
Many of these were fixed automatically with eslint --fix.

Some of them (e.g. adding return types to functions) were done manually.
2022-08-11 00:09:29 +02:00
961fb0d2df
fix: use correct variable
Fixes an error introduced in commit 7a80015225.
2022-08-10 23:59:35 +02:00
7a80015225
fix lint "no-param-reassign" 2022-08-10 16:36:54 +02:00
09a7eabda1
backend: fix lint "no-throw-literal" 2022-08-04 11:00:02 +02:00
e2bf2715a6
fix spelling error 2022-08-04 10:20:48 +02:00
a3a3cb7258
remove --quiet flag from eslint
This flag means to hide warnings which is not generally desirable.
Even if warnings do not affect the end result of running CI it would
still be nice to be able to see the warnings when running the lints
normally or in CI.
2022-08-04 00:20:59 +02:00
c8f49bae76
fix lint "object-shorthand" 2022-08-03 14:58:24 +02:00
37e47a257e
fix lints "import/order" and "import/no-duplicate"
Also simplified some import paths by replacing relative with absolute paths.
2022-08-03 14:05:50 +02:00
bc1c66e16e
remove admin/drive/cleanup API
This API endpoint is not working correctly and can cause unintended data loss:
It may remove emojis that have been imported from other instances.

See also https://github.com/misskey-dev/misskey/issues/8222
2022-08-03 11:00:48 +02:00
2fa90e7f43
fix lints in backend boot 2022-08-03 00:18:31 +02:00
a6df127d3b
fix lint "quotes" 2022-08-02 23:25:36 +02:00
fbcea23ef6
fix ReferenceError in renote.ts 2022-08-02 21:23:16 +02:00
ec4fe55acf
refactor: reusable function for pure renote detection
There was some code to detect if a note is a quote renote. However this
code was unused and it seems the kind of reversed detection of checking
if something is a pure renote is more useful.
2022-08-01 00:05:10 +02:00
b7c0e26da9
fix: lint error in create.ts 2022-07-28 13:19:47 -04:00
40d9aa6219
API: visiblity cannot be less restrictive
Removed a now unnecessary provision from services/note/create as well.
2022-07-28 15:23:08 +02:00
bf16b3699e
fix: packing app includes description 2022-07-28 11:59:10 +02:00
233c39dbad
fix lints 2022-07-27 08:16:52 +02:00
Chloe Kudryavtsev
0f6d94f1e7 backend: improve mutes and blocks
Mutes and blocks now also apply recursively to replies and renotes.
Furthermore, any mentioned user being muted or blocked will also apply.
2022-07-26 08:12:49 -04:00
63c8992cb8
Add semicolon to children.ts 2022-07-25 22:07:23 -04:00
4bc9610d8b
remove unnecessary joins
These joins are no longer necessary as of commit
c35372a20d. It seems they are bad enough
for performance to break installs.
2022-07-25 21:46:45 +02:00
9ee609d700
Merge: enhance privacy of notes
FoundKeyGang/FoundKey#14
2022-07-25 18:15:21 +02:00
c35372a20d
pack children without detail 2022-07-25 16:41:47 +02:00
aca724e0bf
enable to fetch replies recursively 2022-07-25 16:41:46 +02:00
aba5b27159
remove legacy permission parsing 2022-07-24 11:45:37 +02:00
3fe351df6d
fix: catch errors from packing with detail
Packing with detail can cause an error if the reply or renote
are not visible to the user, even though the original note is
visible to the user.
2022-07-23 22:28:41 +02:00
b630cd7eac
refactor: add NoteReactions.packMany 2022-07-23 22:28:40 +02:00
6775028b1e
adjust tests 2022-07-23 22:28:40 +02:00
128d0f0d4e
remove isHidden and its uses
The `isHidden` attribute is not being set any more and is thus removed.
Handling in the client is no longer necessary.
2022-07-23 22:28:39 +02:00
cfa371b52b
refactor: remove note re-packing in streaming API
Instead of packing the note for public user before passing it to
streams, the note is now either packed for the user the respective
stream belongs to (`mainStream`) or not packed at all and then packed
later (`notesStream`).

Because this is a new common task between different channels, a shared
implementation of packing a note from notesStream is created. This
implementation will simply skip a note if it is not visible to the user
that the channel belongs to.
2022-07-23 22:27:29 +02:00
c6192ac95a
fix: handle exception in note favorites 2022-07-23 22:27:29 +02:00
2486eff747
packing notes not visible to user raises an error
Instead of just hiding specific fields, the entire note is hidden. This means
that metadata of the note such as who is the author, when was it sent are
completely hidden.
2022-07-23 22:27:29 +02:00
3c6d9cc8ab
use getNote instead of Notes.find
If a note is not visible to the requesting user, an error will be raised.
2022-07-23 22:27:28 +02:00
97edaca351
getNote checks visibility
Raise an error When a note is not visible to the requesting user.
2022-07-23 22:27:14 +02:00
f3e196528f
Merge bearer-authentication
foundKeyGang/foundKey#15
2022-07-20 15:10:47 +02:00
6060e7d220
enhance: better rendering of reports
Passing the report object reduces the number of parameters to be passed.
2022-07-19 17:18:19 +02:00
fc51ac17b1
fix: remove unnecessary null check
Because `findOneByOrFail` is used above, the null check is unnecessary.
2022-07-19 17:18:19 +02:00
d92d389cda
extract note URLs from Activity 2022-07-19 17:18:18 +02:00
9ca504784a
keep URL of reported object separate
Instead of putting the URL in the report text, it is stored separately
so that users do not accidentally change or remove it.

This way it can easily be used when forwarding reports to different
instances to tell them what exactly was reported.
2022-07-19 17:18:18 +02:00
1ec756519e
fix: move forwarded attribute to output 2022-07-19 17:18:15 +02:00
ff75382af3
handle authentication errors in stream API 2022-07-18 23:32:03 +02:00
660f6dba30
update openapi spec generator 2022-07-18 23:11:48 +02:00
edac21e8f7
improve authentication errors 2022-07-18 23:11:48 +02:00
91bdab1a9d
add OAuth 2.0 Bearer Token authentication 2022-07-18 23:11:39 +02:00
a0940c49a2
refactor: remove repositoryUrl & feedbackUrl from meta
These two URLs are static so there is no reason to keep them in the
database. They are also not even used anywhere by the API, so they can
also be removed from there.

Where they are used is in the nodeinfo, where they are now hardcoded.

While editing the nodeinfo, also uncommented nodeinfo version 2.1.
2022-07-18 14:39:27 +02:00
Chloe Kudryavtsev
390a5efb59 update package name, packages
We are FoundKey now.
Use semver pinning for "serious" packages.
Update eslint, typescript, vite and surroundings.
Bump yarn.lock.
2022-07-18 06:41:58 -04:00
Chloe Kudryavtsev
db2bf0ac16 chore(lint): fix lint commands
setups like src/**/*.{ext1,ext2}
are not guaranteed to affect top level files
such as src/a.ext1

this should also be slightly more performant
2022-07-18 06:17:51 -04:00
98198dd5fe
fix: use correct variable names 2022-07-17 23:44:13 +02:00
0fec6e1047 remove ms dependency 2022-07-16 16:54:11 +00:00
syuilo
ddab9eafee perf: allow get for notes/reactions 2022-07-16 12:02:10 -04:00
syuilo
ac9ef2beba rename: BIOS -> Repair Tool 2022-07-16 12:01:34 -04:00
Kainoa Kanter
e3d4d6d5b2 feat: styled error screen (#8930)
* Styled error screen

* Make details margin auto

* Update boot.css

* Replace fontawesome with tabler svg

* Remove hr

* Add new style to flush screen

* Rename to `error.css`
2022-07-16 12:01:22 -04:00
MeiMei
68a9415766 fix: streamingテストおそい (#8912) 2022-07-16 11:49:45 -04:00
syuilo
573dd770bf feat(server): add fetch-rss api to reduce dependency of external apis 2022-07-16 11:22:47 -04:00
syuilo
791063078d enhance(server): アンケートを新しい順にソート 2022-07-16 11:14:24 -04:00
MeiMei
6c330a1343
migrate parse5 to 7.0.0 (#8916)
* migrate parse5 to 7.0.0

* fix
2022-07-15 10:14:36 +02:00
syuilo
b6a31bdfcb
use parse5 6.0.1
Fix #8914
2022-07-15 10:14:36 +02:00
fcefeebca8
fix typo
Co-authored-by: mei23 <m@m544.net>
2022-07-15 10:13:53 +02:00
syuilo
ffa86c1d76
update deps 2022-07-15 10:09:44 +02:00
ff1c5167b6
update backend lockfile 2022-07-14 23:32:34 +02:00
tamaina
95ea2485c1
fix(sw, notification): Don't issue an event if there is no affect (#8979)
* test

* ]v]
2022-07-14 10:32:04 +02:00
mei23
0c5f8579d5
Fix massive update notification parameters 2022-07-14 10:31:26 +02:00
5ca93223c6
fix: remove even more ad stuff 2022-07-14 08:29:30 +02:00
e9b11231ff detect outdated ID generation configuration 2022-07-13 21:30:21 +00:00
f476d149a6 remove alternative ID generation
Although these are configurable, there seems to be no benefit of being
able to configure these. The expected use of configuration methods other
than "aid" is expected to be low.
2022-07-13 21:30:21 +00:00
29284eca75
remove more ads stuff from client 2022-07-13 23:20:18 +02:00
a717fcc70c
remove ads from database 2022-07-13 23:20:18 +02:00
402d4e866e
remove ads from API endpoints 2022-07-13 23:20:17 +02:00
0e3a9d1e0d
refactor: use nullish coalescing / optional chaining
This seems to be more readable than ternary expressions.
2022-07-13 19:08:22 +02:00
syuilo
b003e24af4
chore(client): tweak ui
cherry-picked from ed41d542bb
2022-07-13 17:35:25 +02:00
syuilo
6a7e016a8e
fix(server): cannot show users 2022-07-13 17:16:51 +02:00
syuilo
f95f74f96e
allow non-mods to show instance-info page 2022-07-13 16:16:35 +02:00
syuilo
a7cc45fa98
fix(api): fix instance schema 2022-07-13 12:55:43 +02:00
syuilo
3579ebf03d
feat(api): add federation/stats endpoint 2022-07-13 12:55:09 +02:00
syuilo
591a0bf1b3
fix(api): add missing themeColor property of instance 2022-07-13 12:54:56 +02:00
syuilo
fbe210a39d
feat: make possible to delete an account by admin
Resolve #8830
2022-07-13 12:52:45 +02:00
9b008b9684
refactor: remove duplicate code (#8895) 2022-07-13 12:52:45 +02:00
MeiMei
5ac94cc268
fix broken mocha tests v2
see also https://github.com/misskey-dev/misskey/pull/8892
2022-07-13 12:49:58 +02:00
syuilo
45b36e8059
fix #8894 2022-07-13 12:45:24 +02:00
tamaina
f109de9ebb
enhance(client): Enhance boot error display (#8879)
* Change boot error message

* fix

* ✌️

* fix
2022-07-13 12:37:34 +02:00
dependabot[bot]
b269ab709b
chore(deps): bump jsrsasign from 10.5.24 to 10.5.25 in /packages/backend (#8889)
Bumps [jsrsasign](https://github.com/kjur/jsrsasign) from 10.5.24 to 10.5.25.
- [Release notes](https://github.com/kjur/jsrsasign/releases)
- [Changelog](https://github.com/kjur/jsrsasign/blob/master/ChangeLog.txt)
- [Commits](https://github.com/kjur/jsrsasign/compare/10.5.24...10.5.25)

---
updated-dependencies:
- dependency-name: jsrsasign
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-13 11:23:15 +02:00
syuilo
4d8d9936f1
feat: allow GET for some endpoints
Resolve #8263
2022-07-13 11:23:15 +02:00
e45624855f
fix: always respect instance mutes (#8854)
* fix: muted user query also checks instances

This way it can be ensured that the instance mute is used everywhere it
is required without checking the whole codebase again. Muted users and
muted instances should be used together anyways.

* fix lint
2022-07-13 11:23:14 +02:00
dependabot[bot]
30aa91bb94
chore(deps): bump jpeg-js from 0.4.1 to 0.4.4 in /packages/backend (#8843)
Bumps [jpeg-js](https://github.com/eugeneware/jpeg-js) from 0.4.1 to 0.4.4.
- [Release notes](https://github.com/eugeneware/jpeg-js/releases)
- [Commits](https://github.com/eugeneware/jpeg-js/compare/v0.4.1...v0.4.4)

---
updated-dependencies:
- dependency-name: jpeg-js
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-13 11:23:14 +02:00
dependabot[bot]
893ed309bf
chore(deps): bump undici from 5.4.0 to 5.5.1 in /packages/backend (#8842)
Bumps [undici](https://github.com/nodejs/undici) from 5.4.0 to 5.5.1.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.4.0...v5.5.1)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-13 11:23:14 +02:00
syuilo
f30214b006
feat(admin): show list of files of a user 2022-07-13 10:44:48 +02:00
912c19222e
fix lints 2022-07-13 10:42:16 +02:00
MeiMei
d4ac71593b
enhance: use ioredis everywhere, fix IPv6 support for redis
fixes https://github.com/misskey-dev/misskey/pull/8869
see also https://github.com/misskey-dev/misskey/pull/8869

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-07-13 10:40:39 +02:00
0cd330afe4
refactor: simplify ap/show with DbResolver (#8838)
Using the existing code in DbResolver we can avoid separate code for
parsing the URIs in this endpoint.

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-07-13 10:16:38 +02:00
00fe1d341b
enhance: word mute checks CW (#8873) 2022-07-13 10:16:38 +02:00
syuilo
1f1cbc3fa6
tweak client: modify instance information panel 2022-07-13 09:59:08 +02:00
yzhe819
9111d238c1
chore: fix lint errors (#8981) 2022-07-13 00:45:57 +02:00
749477c199
use predefined noteVisibilities constant 2022-07-12 14:45:36 +02:00
568f14070d
remove unused logger 2022-07-12 14:44:19 +02:00
ba0236700d
chore: remove unused imports 2022-07-12 14:41:10 +02:00
3317e21b39
chore: remove unused imports 2022-07-11 15:45:12 +02:00
dc6884898d
chore: remove unused imports 2022-07-11 15:31:09 +02:00
03aa41664f
chore: remove unused columns
The columns "mascotImageUrl" and "errorImageUrl" are unused in the
web client. It is unlikely that they are being used elsewhere.
2022-07-11 12:49:39 +02:00
10970f2d52
read theme color from nodeinfo
Prefer to read the theme color from the nodeinfo since it is more
performant than performing selector search on a DOM.
2022-07-09 22:52:42 +02:00
f873f4f0b9
provide theme color in nodeinfo metadata 2022-07-09 22:52:37 +02:00
syuilo
a1e3eada2e fix(server): faviconUrl of federated instance is missing 2022-07-09 06:01:35 -04:00
tamaina
37581ea831 feat: Add Badge Image to Push Notification (#8012)
* fix

* nanka iroiro

* wip

* wip

* fix lint

* fix loginId

* fix

* refactor

* refactor

* remove follow action

* clean up

* Revert "remove follow action"

This reverts commit defbb416480905af2150d1c92f10d8e1d1288c0a.

* Revert "clean up"

This reverts commit f94919cb9cff41e274044fc69c56ad36a33974f2.

* remove fetch specification

* renoteの条件追加

* apiFetch => cli

* bypass fetch?

* fix

* refactor: use path alias

* temp: add submodule

* remove submodule

* enhane: unison-reloadに指定したパスに移動できるように

* null

* null

* feat: ログインするアカウントのIDをクエリ文字列で指定する機能

* null

* await?

* rename

* rename

* Update read.ts

* merge

* get-note-summary

* fix

* swパッケージに

* add missing packages

* fix getNoteSummary

* add webpack-cli

* ✌️

* remove plugins

* sw-inject分離したがテストしてない

* fix notification.vue

* remove a blank line

* disconnect intersection observer

* disconnect2

* fix notification.vue

* remove a blank line

* disconnect intersection observer

* disconnect2

* fix

* ✌️

* clean up config

* typesを戻した

* backend/src/web/index.ts

* notification-badges

* add scripts

* change create-notification.ts

* Update packages/client/src/components/notification.vue

Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>

* disconnect

* oops

* Failed to load the script unexpectedly回避
sw.jsとlib.tsを分離してみた

* truncate notification

* Update packages/client/src/ui/_common_/common.vue

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>

* clean up

* clean up

* refactor

* キャッシュ対策

* Truncate push notification message

* fix

* クライアントがあったらストリームに接続しているということなので通知しない判定の位置を修正

* components/drive-file-thumbnail.vue

* components/drive-select-dialog.vue

* components/drive-window.vue

* merge

* fix

* Service Workerのビルドにesbuildを使うようにする

* return createEmptyNotification()

* fix

* fix

* i18n.ts

* update

* ✌️

* remove ts-loader

* fix

* fix

* enhance: Service Workerを常に登録するように

* pollEnded

* pollEnded

* URLをsw.jsに戻す

* clean up

* fix lint

* changelog

* alpha-test

* also with twemoji

* add isMimeImage function

* catch

* Colour => Color

* char2file => char2filePath

* Update autocomplete.vue

* remove clone?

Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-07-09 05:52:01 -04:00
futchitwo
42e3ddae91 Improve: unclip (#8823)
* Refactor clip page to use Composition API

* Refactor clip page

* Refactor clip page

* Refactor clip page

* Improve: unclip

* Fix unclip

* Fix unclip

* chore: better type and name

* Fix

* Fix clipPage vue provider

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-07-09 05:43:48 -04:00
MeiMei
a8f7514d0d enhance: Improve player detection in URL preview (#8849)
* enhance: Improve player detection in URL preview

* CHANGELOG
2022-07-09 05:42:36 -04:00
9a1e6bf10f fix: render empty note content correctly
Instead of coercing to `null`, coercing to an empty string should simplify handling.
2022-07-09 05:38:38 -04:00
bc9c79b9ef fix: correctly render note text
Fix a regression from #8787 that was previously fixed in #8440.
2022-07-09 05:35:27 -04:00
MeiMei
8f2aaba944 fix: GenerateVideoThumbnail (#8825)
* fix: GenerateVideoThumbnail

* CHANGELOG

* fix cleanup

* Revert "fix cleanup"

This reverts commit d54cf8262ac01a3deb6b8dd7689ec144d4d09ea8.
2022-07-09 05:32:02 -04:00
95d59b3947 fix: tmpdir cleanup removes contained files (#8826) 2022-07-09 05:30:04 -04:00
tamaina
4edb67667a fix: add limit to i/notifications (#8836)
* fix: add limit to i/notifications

* ms

* remove ms
2022-07-09 05:29:13 -04:00
22420245a5 fix(docs): use correct description property 2022-07-09 05:27:31 -04:00
052b45d2b4 fix: remove unused parameter 2022-07-09 05:24:50 -04:00
syuilo
9fcc0e460c lint fixes 2022-07-09 05:23:42 -04:00
963758d8ec
fix: missing file name parameter (#8820) 2022-06-13 00:25:06 +09:00
tamaina
11a6bd890c
fix: some fixes of multiple notification read (#8819)
* fix: limit multiple notification read

* fix

* fix
2022-06-12 19:28:13 +09:00
7db09103e7
chore: synchronize visibility checks (#8687)
* reuse single meId parameter

* unify code style

Use template string to avoid having to use escaped quote marks.

* fix: follower only notes are visible to mentioned users

This synchronizes the visibility rules with the Notes.isVisibleForMe
method from packages/backend/src/models/repositories/note.ts

* add comment
2022-06-11 16:14:44 +09:00
syuilo
ec6b418a23 update deps 2022-06-10 15:06:42 +09:00
syuilo
b9c64053e8 Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop 2022-06-10 14:56:07 +09:00
syuilo
f5ba73e7c8 chore: tweak logo 2022-06-10 14:56:05 +09:00
a683a7092d
enhance(federation): use ActivityPub defined property in favour of proprietary property. (#8787)
* add activitypub `source` property

* parse MFM from new `source` attribute
2022-06-10 14:31:58 +09:00
78df3dc484
enhance: improve documentation for /users/ endpoints (#8790)
* docs: category & description for reset password

* docs: category & description for testing

* docs: descriptions for groups endpoints

* docs: descriptions for drive file endpoints

* docs: descriptions for sw endpoints

* docs: descriptions for user list endpoints

* docs: descriptions & result type for gallery posts

* docs: descriptions & result type for user endpoints

* docs: add return type for stats
2022-06-10 14:25:20 +09:00
0fa2a52fac
refactor: use awaitAll to reduce duplication (#8791)
* refactor: use awaitAll to reduce duplication

* fix lint

* fix typo
2022-06-08 17:59:48 +09:00
syuilo
d17298d3b5 fix(test): make chart tests working 2022-06-05 20:37:24 +09:00
syuilo
09b749eb97 Update .mocharc.json 2022-06-05 19:46:52 +09:00
syuilo
89419c05b2 use node 16 2022-06-04 17:26:56 +09:00
syuilo
abcd5bc951 update summaly 2022-06-04 17:24:41 +09:00
syuilo
11afdf7e24 fix bug 2022-06-04 15:15:44 +09:00
syuilo
702edfd3d3 fix test 2022-06-04 14:25:30 +09:00
32dff28460
fix: add id for activitypub follows (#8689)
* add id for activitypub follows

* fix lint

* fix: follower must be local, followee must be remote

Misskey will only use ActivityPub follow requests for users that are local
and are requesting to follow a remote user. This check is to ensure that
this endpoint can not be used by other services or instances.

* fix: missing import

* render block with id

* fix comment
2022-06-04 13:52:42 +09:00
9954c054a7
fix: ensure resolver does not fetch local resources via HTTP(S) (#8733)
* refactor: parseUri types and checks

The type has been refined to better represent what it actually is. Uses of
parseUri are now also checking the parsed object type before resolving.

* cannot resolve URLs with fragments

* also take remaining part of URL into account

Needed for parsing the follows URIs.

* Resolver uses DbResolver for local

* remove unnecessary use of DbResolver

Using DbResolver would mean that the URL is parsed and handled again.
This duplicated processing can be avoided by querying the database directly.

* fix missing property name
2022-06-04 11:29:20 +09:00
81109b14b5
fix: correctly render empty note text (#8746)
Ensure that the _misskey_content attribute will always exist. Because
the API endpoint does not require the existence of the `text` field,
that field may be `undefined`. By using `?? null` it can be ensured
that the value is at least `null`.

Furthermore, the rendered HTML of a note with empty text will also be
the empty string. From git blame it seems that this behaviour was added
because of a Mastodon bug that might have previously existed. Hoever,
this seems to be no longer the case as I can find mastodon posts that
have empty content.

The code could be made a bit more succinct by using the null coercion
operator.
2022-06-03 23:18:44 +09:00
PikaDude
6061937996
User moderation details (#8762)
* add more user details for admins to see

* fix some issues

* small style fix

as suggested by Johann150

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

* fix

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
2022-06-03 23:14:50 +09:00
syuilo
71c230b7b7 Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop 2022-06-03 23:08:18 +09:00
syuilo
a3fed7d0fb fix(test): reset redis in e2e test
#7986
2022-06-03 23:08:15 +09:00
025bf4a5e7
fix(mfm): remove duplicate br tag/newline (#8616) 2022-05-31 18:57:55 +09:00
c56e45ecef
fix: always remove completed tasks (#8771) 2022-05-31 17:54:02 +09:00
MeiMei
c05723ca6a
Fix IP address rate limit (#8758)
* Fix IP address rate limit

* CHANGELOG

* Tune getIpHash
2022-05-31 17:44:22 +09:00
ebc2566130
fix: add missing import
fix #8756
2022-05-29 14:33:42 +02:00
804fa33535
refactor: improve code quality (#8751)
* remove unnecessary if

`Array.prototype.some` already returns a boolean so an if to return
true or false is completely unnecessary in this case.

* perf: use count instead of find

When using `count` instead of `findOneBy`, the data is not
unnecessarily loaded.

* remove duplicate null check

The variable is checked for null in the lines above and the function
returns if so. Therefore, it can not be null at this point.

* simplify `getJsonSchema`

Because the assigned value is `null` and the used keys are only
shallow, use of `nestedProperty.set` seems inappropriate. Because the
value is not read, the initial for loop can be replaced by a `for..in`
loop.

Since all keys will be assigned `null`, the condition of the ternary
expression in the nested function will always be true. Therefore the
recursion case will never happen. With this the nested function can be
eliminated.

* remove duplicate condition

The code above already checks `dragging` and returns if it is truthy.
Checking it again later is therefore unnecessary.

To make this more obvious the `return` is removed in favour of using
an if...else construct.

* remove impossible "unknown" time

The `ago` variable will always be a number and all non-negative numbers
are already covered by other cases, the negative case is handled with
`future` so there is no case when `unkown` could be achieved.
2022-05-29 15:15:52 +09:00
tamaina
f1d2398eac
fix(client): Vite related boot mechanism revision (#8753)
* preload app css

* remove salt

* APP_FETCH_FAILED error

* set max-age to 15s
2022-05-29 10:58:54 +09:00
tamaina
4917961736
preload app css (#8752) 2022-05-29 10:57:06 +09:00
e54aa56ee1
chore: remove unused imports 2022-05-28 21:17:23 +02:00
21d54f2758
fix: validate text is not empty
fix #8747
2022-05-28 17:26:17 +02:00
161659de5c
enhance: replace signin CAPTCHA with rate limit (#8740)
* enhance: rate limit works without signed in user

* fix: make limit key required for limiter

As before the fallback limiter key will be set from the endpoint name.

* enhance: use limiter for signin

* Revert "CAPTCHA求めるのは2fa認証が無効になっているときだけにした"

This reverts commit 02a43a310f.

* Revert "feat: make captcha required when signin to improve security"

This reverts commit b21b058005.

* fix undefined reference

* fix: better error message

* enhance: only handle prefix of IPv6
2022-05-28 12:06:47 +09:00
63a814c70e
fix(docs): correct information for drive upload (#8736) 2022-05-27 22:03:25 +09:00
9c80403072
use http-signature module that supports hs2019 (#8635) 2022-05-26 09:12:17 +09:00
syuilo
b3ad04fcb0 update deps 2022-05-25 23:28:56 +09:00
syuilo
3c3140a100 refactor: use === 2022-05-25 23:19:39 +09:00
8d5c9e96e4
fix: assume remote users are following each other (#8734)
Misskey does not know if two remote users are following each other.
Because ActivityPub actions would otherwise fail on followers only
notes, we have to assume that two remote users are following each other
when an interaction about a remote note occurs.
2022-05-25 23:17:00 +09:00
e27c6abaea
refactor: temporary files (#8713)
* simplify temporary files for thumbnails

Because only a single file will be written to the directory, creating a
separate directory seems unnecessary. If only a temporary file is created,
the code from `createTemp` can be reused here as well.

* refactor: deduplicate code for temporary files/directories

To follow the DRY principle, the same code should not be duplicated
across different files. Instead an already existing function is used.

Because temporary directories are also create in multiple locations,
a function for this is also newly added to reduce duplication.

* fix: clean up identicon temp files

The temporary files for identicons are not reused and can be deleted
after they are fully read. This condition is met when the stream is closed
and so the file can be cleaned up using the events API of the stream.

* fix: ensure cleanup is called when download fails

* fix: ensure cleanup is called in error conditions

This covers import/export queue jobs and is mostly just wrapping all
code in a try...finally statement where the finally runs the cleanup.

* fix: use correct type instead of `any`
2022-05-25 16:50:22 +09:00
MeiMei
6b44fe165b
Supports Unicode Emoji 14.0 (#8699)
* Unicode 14.0 Emoji

* mfm-js@0.22.0

* CHANGELOG

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-05-25 16:35:30 +09:00
6b109c7b0f
fix: wrong type for isVisibleForMe 2022-05-24 10:12:42 +02:00
syuilo
53fc1235d7 Update .mocharc.json 2022-05-21 22:24:57 +09:00
syuilo
b8544814ec lint 2022-05-21 22:21:41 +09:00
syuilo
05c4d6b11e refactor 2022-05-21 22:07:11 +09:00
syuilo
425084b596 Update utils.ts 2022-05-21 22:07:01 +09:00
syuilo
2205c61edf Update utils.ts 2022-05-21 17:40:43 +09:00
68f9341e95
hotfix: uniform color migration fix 2022-05-19 15:42:55 +02:00
edfded7fb7
fix(activitypub): add authorization checks (#8534)
* fix spelling

* fix(activitypub): add authorization checks
2022-05-19 20:40:16 +09:00
aaf5bb62ab
enhance: uniform theme color (#8702)
* enhance: make theme color format uniform

All newly fetched instance theme colors will be uniformely formatted
as hashtag followed by 6 hexadecimal digits.

Colors are checked for validity and invalid colors are not handled.

* better input validation for own theme color

* migration to unify theme color formats

Fixes theme colors of other instances as well as the local instance.

* add changelog entry

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-05-19 09:54:45 +02:00
MeiMei
55a578a8df
fix: Unable to generate video thumbnails (#8696)
* fix: Unable to generate video thumbnails

* CHANGELOG
2022-05-19 16:19:23 +09:00
syuilo
4fc2058745 chore(client): tweak loading spinner design 2022-05-19 15:24:35 +09:00
dependabot[bot]
13b275773b
chore(deps): bump async from 3.2.0 to 3.2.3 in /packages/backend (#8706)
Bumps [async](https://github.com/caolan/async) from 3.2.0 to 3.2.3.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](https://github.com/caolan/async/compare/v3.2.0...v3.2.3)

---
updated-dependencies:
- dependency-name: async
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 11:49:59 +09:00
MeiMei
b6794b614b
enhance: Perform port diagnosis at startup only when Listen fails (#8698)
* Change port check

* Comment: disableClustering

* CHANGELOG

* Smart message
2022-05-19 11:49:07 +09:00
037ca92275
fix: postgres type error
Fix a bug introduced in #8659. Solution was already tested there.
2022-05-15 11:32:00 +02:00
syuilo
02a43a310f CAPTCHA求めるのは2fa認証が無効になっているときだけにした
2faのトークンは期限付きだから、CAPTCHA解いてる間に期限切れになる
2022-05-15 16:47:14 +09:00
syuilo
b21b058005 feat: make captcha required when signin to improve security 2022-05-15 12:18:46 +09:00
syuilo
6de40cf789 fix(server): prevent crash when processing certain PNGs
Fix #8605
2022-05-15 01:16:12 +09:00
iwata
67e1ee41c9
test: Nodeのカスタムローダーを直してテストが動くように (#8625)
* test: Nodeのカスタムローダーを直してテストが動くように

* dev: mochaを呼ぶコマンドにNODE_ENV=testを追加

* Update packages/backend/test/loader.js

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

* chore: change export style in loader.js

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
2022-05-14 16:10:20 +09:00
iwata
ebb4308a5c
test: __dirnameはESModuleでは使えないので置き換えた (#8626) 2022-05-14 16:09:47 +09:00
tamaina
b2a5076d14
fix: ユーザー検索で、クエリがusernameの条件を満たす場合はusernameもLIKE検索するように (#8644)
* Fix #8643

* 部分一致にする
2022-05-14 15:24:44 +09:00
iwata
22bb1a1793
test: e2eテストがCIで失敗していた問題をいくつか修正 (#8642)
* test: indexeddbをテスト毎に初期化するように

* fix: metaが無いときにfetch-metaを同時に呼ぶと死ぬことがある問題を修正

* test: ログイン後のクライアント側処理を待たずにリロードされてログイン出来ないことがあったのを修正
2022-05-14 15:16:45 +09:00
4b872856c2
fix: keep file order (#8659) 2022-05-14 15:09:10 +09:00
syuilo
98e42ec6ff enhance: Display TOTP Register URL
Close #7261

Co-Authored-By: tamaina <tamaina@hotmail.co.jp>
2022-05-14 15:00:15 +09:00
syuilo
e161b71651 update deps 2022-05-14 14:57:51 +09:00
89c5fd0931
perf: fix caching (#8660)
The cache implementation did previously not store the results of the
computation and was thus not a cache at all. This can cause a significant
number of database queries each time someone with a large number of
followers does something that causes an activity to be federated.
2022-05-14 13:28:27 +09:00
31c73fdfa2
chore: synchronize code and database schema (#8577)
* chore: remove default null

null is always the default value if a table column is nullable, and typeorm's
@Column only accepts strings for default.

* chore: synchronize code with database schema

* chore: sync generated migrations with code
2022-05-05 22:45:22 +09:00
tamaina
a89003b57a
refactor: use Vite to build instead of webpack (#8575)
* update stream.ts

* https://github.com/misskey-dev/misskey/pull/7769#issuecomment-917542339

* fix lint

* clean up?

* add app

* fix

* nanka iroiro

* wip

* wip

* fix lint

* fix loginId

* fix

* refactor

* refactor

* remove follow action

* clean up

* Revert "remove follow action"

This reverts commit defbb416480905af2150d1c92f10d8e1d1288c0a.

* Revert "clean up"

This reverts commit f94919cb9cff41e274044fc69c56ad36a33974f2.

* remove fetch specification

* renoteの条件追加

* apiFetch => cli

* bypass fetch?

* fix

* refactor: use path alias

* temp: add submodule

* remove submodule

* enhane: unison-reloadに指定したパスに移動できるように

* null

* null

* feat: ログインするアカウントのIDをクエリ文字列で指定する機能

* null

* await?

* rename

* rename

* Update read.ts

* merge

* get-note-summary

* fix

* swパッケージに

* add missing packages

* fix getNoteSummary

* add webpack-cli

* ✌️

* remove plugins

* sw-inject分離したがテストしてない

* fix notification.vue

* remove a blank line

* disconnect intersection observer

* disconnect2

* fix notification.vue

* remove a blank line

* disconnect intersection observer

* disconnect2

* fix

* ✌️

* clean up config

* typesを戻した

* Update packages/client/src/components/notification.vue

Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>

* disconnect

* oops

* Failed to load the script unexpectedly回避
sw.jsとlib.tsを分離してみた

* truncate notification

* Update packages/client/src/ui/_common_/common.vue

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>

* clean up

* clean up

* キャッシュ対策

* Truncate push notification message

* クライアントがあったらストリームに接続しているということなので通知しない判定の位置を修正

* components/drive-file-thumbnail.vue

* components/drive-select-dialog.vue

* components/drive-window.vue

* merge

* fix

* Service Workerのビルドにesbuildを使うようにする

* return createEmptyNotification()

* fix

* i18n.ts

* update

* ✌️

* remove ts-loader

* fix

* fix

* enhance: Service Workerを常に登録するように

* pollEnded

* URLをsw.jsに戻す

* clean up

* wip

* wip

* wip

* wip

* wip

* wip

* ✌️

* use import

* fix

* install rollup

* use defineAsyncComponent.

* fix emojilist

* wip use defineAsyncComponent

* popup(import -> popup(defineAsyncComponent(() => import

* draggable?

* fix init import

* clean up

* fix router

* add comment

* ✌️

* ✌️

* ✌️

* remove webpack

* update vite

* fix boot sequence

* Revert "fix boot sequence"

This reverts commit e893dbf37aed83bf9f12e427d98c78a7065b4a39.

* revert boot import

* never make two app div

* ;

* remove console.log

* change clientEntry sequence

* fix

* Revert "fix"

This reverts commit 12741b3d89950a31dbb1bb81477ddb27b0e9951a.

* fix

* add comment https://github.com/misskey-dev/misskey/pull/8575#issuecomment-1114239210

* add log

* add comment

Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-05-01 22:51:07 +09:00
6ed010b192
fix _misskey_content of quote renotes (#8533) 2022-05-01 19:23:34 +09:00
MeiMei
60391ff37e
fix: Add rel attribute to host-meta (#8583)
* Add rel attribute to host-meta

* CHANGELOG
2022-05-01 19:14:14 +09:00
tamaina
766559c6e9
feat: Improve Push Notification (#7667)
* clean up

* ev => data

* refactor

* clean up

* add type

* antenna

* channel

* fix

* add Packed type

* add PackedRef

* fix lint

* add emoji schema

* add reversiGame

* add reversiMatching

* remove signin schema (use Signin entity)

* add schemas refs, fix Packed type

* wip PackedHoge => Packed<'Hoge'>

* add Packed type

* note-reaction

* user

* user-group

* user-list

* note

* app, messaging-message

* notification

* drive-file

* drive-folder

* following

* muting

* blocking

* hashtag

* page

* app (with modifying schema)

* import user?

* channel

* antenna

* clip

* gallery-post

* emoji

* Packed

* reversi-matching

* update stream.ts

* https://github.com/misskey-dev/misskey/pull/7769#issuecomment-917542339

* fix lint

* clean up?

* add app

* fix

* nanka iroiro

* wip

* wip

* fix lint

* fix loginId

* fix

* refactor

* refactor

* remove follow action

* clean up

* Revert "remove follow action"

This reverts commit defbb416480905af2150d1c92f10d8e1d1288c0a.

* Revert "clean up"

This reverts commit f94919cb9cff41e274044fc69c56ad36a33974f2.

* remove fetch specification

* renoteの条件追加

* apiFetch => cli

* bypass fetch?

* fix

* refactor: use path alias

* temp: add submodule

* remove submodule

* enhane: unison-reloadに指定したパスに移動できるように

* null

* null

* feat: ログインするアカウントのIDをクエリ文字列で指定する機能

* null

* await?

* rename

* rename

* Update read.ts

* merge

* get-note-summary

* fix

* swパッケージに

* add missing packages

* fix getNoteSummary

* add webpack-cli

* ✌️

* remove plugins

* sw-inject分離したがテストしてない

* fix notification.vue

* remove a blank line

* disconnect intersection observer

* disconnect2

* fix notification.vue

* remove a blank line

* disconnect intersection observer

* disconnect2

* fix

* ✌️

* clean up config

* typesを戻した

* Update packages/client/src/components/notification.vue

Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>

* disconnect

* oops

* Failed to load the script unexpectedly回避
sw.jsとlib.tsを分離してみた

* truncate notification

* Update packages/client/src/ui/_common_/common.vue

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>

* clean up

* clean up

* キャッシュ対策

* Truncate push notification message

* クライアントがあったらストリームに接続しているということなので通知しない判定の位置を修正

* components/drive-file-thumbnail.vue

* components/drive-select-dialog.vue

* components/drive-window.vue

* merge

* fix

* Service Workerのビルドにesbuildを使うようにする

* return createEmptyNotification()

* fix

* i18n.ts

* update

* ✌️

* remove ts-loader

* fix

* fix

* enhance: Service Workerを常に登録するように

* pollEnded

* URLをsw.jsに戻す

* clean up

Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-04-30 21:52:07 +09:00
dependabot[bot]
1c6d5ddf81
chore(deps): bump ejs from 3.1.6 to 3.1.7 in /packages/backend (#8560)
Bumps [ejs](https://github.com/mde/ejs) from 3.1.6 to 3.1.7.
- [Release notes](https://github.com/mde/ejs/releases)
- [Changelog](https://github.com/mde/ejs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mde/ejs/compare/v3.1.6...v3.1.7)

---
updated-dependencies:
- dependency-name: ejs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-30 00:16:40 +09:00
tamaina
12a3c6872f
enhance: ドライブに画像ファイルをアップロードするときオリジナル画像を破棄してwebpublicのみ保持するオプション (#8216)
* wip

* Update packages/client/src/os.ts

Co-authored-by: tamaina <tamaina@hotmail.co.jp>

* メニューをComposition API化、switchアイテム追加
クライアントサイド画像圧縮の準備

* メニュー型定義を分離 (TypeScriptの型支援が効かないので)

* disabled

* make keepOriginal to follow setting value

* ✌️

* fix

* fix

* ✌️

* WEBP

* aaa

* ✌️

* webp

* lazy load browser-image-resizer

* rename

* rename 2

* Fix

* clean up

* add comment

* clean up

* jpeg, pngにもどす

* fix

* fix name

* webpでなくする ただしサムネやプレビューはwebpのまま (テスト)

* 動画サムネイルはjpegに

* エラーハンドリング

* ✌️

* v2.2.1-misskey-beta.2

* browser-image-resizer#v2.2.1-misskey.1

* ✌️

* fix alert

* update browser-image-resizer to v2.2.1-misskey.2

* lockfile

Co-authored-by: mei23 <m@m544.net>
Co-authored-by: MeiMei <30769358+mei23@users.noreply.github.com>
2022-04-28 11:14:03 +09:00
tamaina
065324d30b
Fix #8535 Excessive stack ... 'SchemaTypeDef<?>' (#8547)
* Fix #8535 Excessive stack ... 'SchemaTypeDef<?>'

Co-authored-by: acid-chicken <root@acid-chicken.com>

* add comment

* clean up

Co-authored-by: acid-chicken <root@acid-chicken.com>
2022-04-27 10:49:00 +09:00
b9e3267198
fix: Promises -> Promise (#8545) 2022-04-25 15:14:13 +09:00
7e28c396b9
enhance: only render public notes in HTML template (#8527)
* only render public notes in HTML template

* fix missing import
2022-04-24 14:17:09 +09:00
tamaina
1b2ba09be0
fix: Fix schema key type error #8517 (#8538) 2022-04-24 11:43:15 +09:00
syuilo
fd13173eaf bump jsrsasign 2022-04-23 12:48:26 +09:00
92d249210d
chore(lint): fix type definitions for jsrsasign (#8528)
* fix type definitions for jsrsasign

The @types/jsrsasign is not available in exactly the same version as the jsrsa
package misskey uses, so i used an earlier patch version of the same package.

* update yarn.lock
2022-04-23 12:45:36 +09:00
dependabot[bot]
29b9d8998a
chore(deps): bump moment from 2.24.0 to 2.29.3 in /packages/backend (#8531)
Bumps [moment](https://github.com/moment/moment) from 2.24.0 to 2.29.3.
- [Release notes](https://github.com/moment/moment/releases)
- [Changelog](https://github.com/moment/moment/blob/2.29.3/CHANGELOG.md)
- [Commits](https://github.com/moment/moment/compare/2.24.0...2.29.3)

---
updated-dependencies:
- dependency-name: moment
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-23 12:39:44 +09:00