tallship/FoundKey
0
0
Fork 0
forked from FoundKeyGang/FoundKey
Code Issues Pull requests Packages Projects Releases Wiki Activity
21670 commits 10 branches 3 tags 104 MiB
Commit graph

1791 commits

Author SHA1 Message Date
Norm 350f21d955
server: fix typing for skippedInstances query 2022-12-07 16:41:34 -05:00
Norm 873e21f090
chore: update eslint 2022-12-07 16:27:53 -05:00
Norm 2afe54c121
eslint: allow backticks to avoid escaping single/double quotes 2022-12-07 16:27:39 -05:00
Johann150 501cf834c8
client: fix issue of search only working once 
closes FoundKeyGang/FoundKey#274

Changelog: Fixed
 2022-12-07 21:56:27 +01:00
Norm b66f7550ab
server: auto-fix lints 2022-12-07 13:39:21 -05:00
Johann150 18664dbca3
server: add missing paren 
How did this not break yet?
 2022-12-07 18:29:04 +01:00
Johann150 0f3f42eb39
remove rndstr dependency 
This dependency was unused in the client.

The use of it in the server can be replaced entirely by the
secureRndstr function, with some slight modifications.

That function could probably be refactored a bit more as well.
 2022-12-07 18:08:09 +01:00
Andy d3f1ad9a88 chore: remove unused packages 2022-12-06 23:18:27 +01:00
Andy 1aa3898db5 server: remove unused import 2022-12-06 23:12:45 +01:00
Andy 96c3744555 client: remove integration settings menu entry 2022-12-06 23:00:32 +01:00
Andy b023741f50 server: remove integrations field from user 2022-12-06 23:00:08 +01:00
Andy 7e8d5c3b79 foundkey-js: remove integration fields from instance type 2022-12-06 21:52:16 +01:00
Andy c785fbab6e client: remove integration signin options 2022-12-06 21:51:01 +01:00
Andy 547a1f81d4 client: remove integration settings 2022-12-06 21:50:34 +01:00
Andy 95384d0bb2 client: remove integration admin settings 2022-12-06 21:50:20 +01:00
Andy 4cc5b734e7 activitypub: remove integration fields from person and nodeinfo 2022-12-06 21:49:19 +01:00
Andy 5d32872999 server: remove integration API routes 2022-12-06 21:48:31 +01:00
Andy b4b1204f77 server: remove integration-related fields from meta 2022-12-06 21:47:59 +01:00
Norm c1a51547a9 BREAKING: server: remove wildcard blocking and instead block subdomains (#269) 
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: FoundKeyGang/FoundKey#269
Changelog: Changed
 2022-12-05 17:55:38 +00:00
Chloe Kudryavtsev 4e74d26e45 backend: fix ratelimit typo 
Changelog: Fixed
 2022-12-05 15:49:33 +01:00
Johann150 a421dd401c
activitypub: refactor to always apply recursion limit 
Refactor to remove as many "new Resolver" as possible.
 2022-12-04 21:11:44 +01:00
Johann150 c4211761e6
server: refactor resolveSelf to just return the webfinger href 
Since the href seems to be the only attribute that is used, and I didn't
want to add a full type definition this was the easier option.
 2022-12-04 21:11:43 +01:00
Johann150 03b673165f
server: refactor "authUser" functions into separate file 
They did not really fit into the DbResolver because they may fetch data
from remote instances even though DbResolver is only supposed to access
the database.
 2022-12-04 21:11:35 +01:00
Johann150 de18c8306d
server: fix token-permissions migration 
The table that is affected here was not properly purged of old entries. It only holds
data that is needed while a 3rd party authorization is in progress but not finished.

The code that typeorm generated for this migration is a bit wonky because it should
probably have dropped one column and created another one. But if we clear out all entries
it should work regardless and I'm feeling lazy right now. :P
 2022-12-04 19:05:02 +01:00
Johann150 38df8dc734
client: set display name limit same as server 
Changelog: Fixed
 2022-12-04 15:35:43 +01:00
Johann150 11e4a8cb9b
remove erroneous space 2022-12-04 15:34:05 +01:00
Johann150 d1e0d79c19
client: unify different error dialogs 
Changelog: Fixed
 2022-12-04 14:27:53 +01:00
Johann150 946e862ecd
server: implement OAuth 2.0 Authorization Code grant 
Changelog: Added
Reviewed-on: FoundKeyGang/FoundKey#205
 2022-12-04 14:06:36 +01:00
Johann150 97052b1f61
server: refactor fromHtml attribute handling 
Also try to recognize owncast hashtag links.
 2022-12-04 03:43:22 +01:00
Johann150 cda9197700
server: increase nodeinfo caching 
Changelog: Changed
 2022-12-04 03:26:50 +01:00
Chloe Kudryavtsev 2dde8273e2 implement separate web workers 
Reviewed-on: FoundKeyGang/FoundKey#252
 2022-12-03 13:33:23 +00:00
Johann150 de927e1f30 server: handle invalid URLs in comparison 2022-12-03 10:38:33 +00:00
Johann150 bdcec2b8a7 server: implement OAuth discovery (RFC 8414) 2022-12-03 10:38:33 +00:00
Johann150 5291f29581 implement OAuth PKCE 
This implements Proof Key for Code Exchange a.k.a. RFC 7636.
 2022-12-03 10:38:33 +00:00
Johann150 15b3ab6d13 check redirect URIs 2022-12-03 10:38:33 +00:00
Johann150 79e3c20189 server: allow to grant tokens with more restricted privileges 
This also simplifies API authentication a bit by not having to fetch
the App that is related to a token.

The restriction of 1 token per app is also lifted. This was not a
constraint in the database but it was enforced by the code and
kinda wrong schema the auth_session table had.
 2022-12-03 10:38:32 +00:00
Johann150 2f2e6a58a4 docs: read scope descriptions from locale strings 2022-12-03 10:38:32 +00:00
Johann150 c5568cfdf3 client: fix auth page layout 
This also includes better rendering when no permissions are requested.

Also removed the app's id from the page as it makes no sense to show
this to a user.

Changelog: Fixed
 2022-12-03 10:38:32 +00:00
Johann150 c65fdebe26 server: add missing auth/deny endpoint 
This endpoint is hinted at in the client, but is not actually defined
in the backend. This commit defines it.
 2022-12-03 10:38:32 +00:00
Johann150 418c88bb8f expire AuthSessions after 15 min 2022-12-03 10:38:32 +00:00
Johann150 2b19b34196 update OpenAPI docs to OAuth 2022-12-03 10:38:32 +00:00
Johann150 7db7fdd9e2 add API route for OAuth access token retrieval 2022-12-03 10:38:32 +00:00
Johann150 a13e956af0 make authorization token granting OAuth 2.0 compatible 
This is basically a shim on top of the existing API.
Instead of the 3rd party, the web UI generates the authorization session.

The data that the API returns is slightly adjusted so that only one
API call is necessary instead of two.
 2022-12-03 10:38:32 +00:00
Norm 18cf228f89
server: readd "fetch meta only once in skippedInstances"" 
This reverts commit e446a11bb7.

Turns out this wasn't really the source of the referenced issue and
someone was able to run with the original commit fine, so adding this
back for now.
 2022-12-03 05:13:30 -05:00
Norm bdf2e14a73
server: fix TypeError in registerOrFetchInstanceDoc 
Changelog: Fixed
 2022-12-03 04:01:51 -05:00
Norm e446a11bb7
Revert "server: fetch meta only once in skippedInstances" 
This reverts commit 81d63720f2 since it
seems to cause a ReferenceError for some reason.

Ref: https://toot.site/@jeder/109447151582516733
 2022-12-03 02:13:18 -05:00
Johann150 194fff3603
activitypub: hashtags no longer displaying as links 
Some hashtags sent from Mastodon were erroneously displayed as links.
This is because Mastodon seems to mangle hashtags containing non-ASCII
codepoints (such as e.g. umlauts). This lead to the previous code which
depended on the list of hashtags to not recognize a hashtag. Instead,
the `rel="tag"` microformat is recognized instead.

This makes the `htmlToMfm` wrapper function unnecessary so it was removed.

Changelog: Fixed
 2022-12-02 19:31:57 +01:00
Johann150 b4080d788d
slight refactoring & translating japanese 2022-12-02 19:00:58 +01:00
Johann150 e49b8d0ef3
server: remove unnecessary apLogger aliases 2022-12-02 18:58:19 +01:00
Johann150 7d3d0f858c
increment versions in package.json 2022-12-02 16:59:47 +01:00
Norm 81d63720f2
server: fetch meta only once in skippedInstances 2022-12-02 09:26:14 -05:00
Norm 5e6b51094e
server: fix instance skipping 
This should actually make instance skipping work properly since
shouldBlockInstance is now properly awaited on now.
 2022-12-02 09:10:56 -05:00
Johann150 9ad37a12f8
server: fix rendering of Follow activity when removing follow 
closes FoundKeyGang/FoundKey#263

Changelog: Fixed
 2022-12-01 21:49:38 +01:00
Norm e10700a2be Merge pull request 'server: add wildcard matching to blocked hosts' (#260) from wildcard-block-v2 into main 
Reviewed-on: FoundKeyGang/FoundKey#260
 2022-12-01 20:12:18 +00:00
Norm dc7533baa4 Merge pull request 'server: Add recursion limit to resolver' (#261) from recursion-limit into main 
Reviewed-on: FoundKeyGang/FoundKey#261
 2022-12-01 20:11:40 +00:00
Johann150 721a327192
fixup: remove unused import 2022-12-01 20:46:46 +01:00
Johann150 936cbf900b
use default argument value 
This unifies the style with the other function in that file and fixes
the lint "no-param-reassign".
 2022-12-01 20:32:57 +01:00
Mia Herkt bc62d0ba9f
client: update emoji list 
This corrects the gender-specific variants in general, adds a few
missing ones, replaces names that are just Unicode codepoints with
actual names, and makes the keywords more consistent.

Some data for this was taken from the annotations in the Unicode
CLDR version 42.

Reviewed-on: FoundKeyGang/FoundKey#262
 2022-12-01 20:10:14 +01:00
Johann150 749015807a
client: also autocomplete flag emoji 
Changelog: Changed
 2022-12-01 20:08:55 +01:00
Norm b3e34795c0
require punycode conversion beforehand for admins 2022-12-01 12:07:43 -05:00
Norm a35c98bbd5
server: encode non-ascii domains in punycode in matchHost 2022-12-01 11:34:11 -05:00
Norm 075e251822
server: add wildcard matching to blocked hosts 
This adds in wildcard matching. For instance:
- `*.bad.tld` will match: `very.bad.tld`
- `bad.*` will match: `bad.something`
- `*.bad.*` will match: `very.bad.evil`

Changelog: Changed
 2022-12-01 11:29:02 -05:00
Derek Schmidt 11a6e706f4
server: Use shared resolver in featured and question accept 2022-12-01 04:40:14 -05:00
Derek Schmidt d3af00a912
server: Add recursion limit to resolver 
Changelog: Security
 2022-12-01 04:40:07 -05:00
Norm 973bd4532b Merge pull request 'server: always enable push notifications' (#235) from enable-push-notifs into main 
Reviewed-on: FoundKeyGang/FoundKey#235
Changelog: Changed
 2022-11-29 21:51:10 +00:00
Johann150 13fda0c9c7
client: refactor emoji autocomplete & make case insensitive 
Changelog: Changed
 2022-11-29 21:13:20 +01:00
Johann150 cdb8922336
client: make all unicode emoji names lowercase 2022-11-29 20:35:23 +01:00
Norm 5b574d40f9
client: use native Notifications API (#234) 
Reviewed-on: FoundKeyGang/FoundKey#234
Changelog: Changed
 2022-11-29 12:35:36 -05:00
Johann150 07370a3b84
client: put back button to remove all following 
Changelog: Added
 2022-11-28 21:47:17 +01:00
Johann150 97233fab69
client: add link to weblate 2022-11-28 18:37:54 +01:00
Norm 5733f127ca
backend: update re2 to 1.17.8 
This should fix Node 19 compatibility.

Fixes: FoundKeyGang/FoundKey#238
 2022-11-28 12:02:24 -05:00
Johann150 8130a2a9b1
server: remove deeplIsPro setting 
This setting is unnecessary because DeepL free keys can be detected
easily according to <https://www.deepl.com/docs-api/api-access/authentication/>:
> DeepL API Free authentication keys can be identified easily by the suffix ":fx"

Changelog: Removed
 2022-11-27 12:12:56 +01:00
Johann150 9fd23b5dae
server: remove quote urls, 3rd try 
First try was 66a7c62342 but classList is
not in parse5 DOM. Second try was 7ee6a09cf2
but forgot the contents of this commit.
 2022-11-27 09:30:51 +01:00
Norm a6e05226ab
client: update vue and eslint-plugin-vue 2022-11-26 19:07:57 -05:00
Johann150 1f037e18d6
client: autofocus on search input field 
This should better replicate the previous behaviour of the text input dialog.
 2022-11-27 00:14:42 +01:00
Johann150 24506ba557
client: remove unused notification-toast component 2022-11-26 16:37:11 +01:00
Johann150 8a807db02e
client: pass along notifications if push notifs disabled 2022-11-26 16:37:11 +01:00
Johann150 1e8e551ee3
service worker: refactor message event handler 
It is now possible for the client to trigger notifications "manually"
if push notifications are not configured on the server.
 2022-11-26 16:37:10 +01:00
Johann150 c34bebdf46
service worker: also show notifications if client is connected 2022-11-26 16:37:08 +01:00
Johann150 a1f3b212fe
client: translate comments 2022-11-26 16:34:45 +01:00
Johann150 f9ba3ab996
client: fix undefined variable when searching for handle 2022-11-26 16:26:38 +01:00
Chloe Kudryavtsev 6600f6e52e fixup: make cluster limit into a per-mode warning rather than error 2022-11-26 13:28:39 +01:00
Johann150 d0c504ec85
server: fix unknown variable in signin endpoint 2022-11-25 19:09:08 +01:00
Johann150 062cba1b3c
server: fix undefined variable for instance actor 2022-11-25 19:05:37 +01:00
Johann150 48a60b03ea
BREAKING: implement separate web workers 
There are now separate web and queue workers.

The configuration entry `clusterLimit` has been replaced by
`clusterLimits` which allows separate configuration of web and
queue workers.

Changelog: Changed
 2022-11-25 12:56:49 +01:00
Norm f817d45210
update eslint and typescript-eslint 2022-11-25 02:07:21 -05:00
Norm b67799ad3f
BREAKING: Remove support for Node 16.x and upgrade to TypeScript 4.9 
Now that Node 18 is the new LTS version of Node, it should be safe to
support ES2022 features. The install docs have already been updated to
recommend Node 18.x in 41a710854e.

This will break support on Node 16.x and earlier.

Also update TypeScript to 4.9 which contains various typechecking
improvements: https://devblogs.microsoft.com/typescript/announcing-typescript-4-9/

Ref: FoundKeyGang/FoundKey#238
Changelog: Changed
 2022-11-25 02:07:21 -05:00
Johann150 01fa4332c2
server: set vapid keys on initial setup 2022-11-21 22:30:34 +01:00
Johann150 563f3672a9
server: always enable push notifications 
The thing that previously presumably hindered this was that the VAPID
keys had to be set up. Previously admins had to do this, but this is a bad
idea for multiple reasons:
1) The meaning of "public key" and "private key" was not well documented
in the settings.
2) Giving out a private key over the API, even just for admins, sounds
like a bad idea.

Co-authored-by: Francis Dinh <normandy@biribiri.dev>
 2022-11-21 22:00:53 +01:00
Johann150 7ee6a09cf2
fix errors from quote string removal 
The parse5 tree does not have the full DOM methods and attributes.
 2022-11-21 19:43:56 +01:00
Johann150 9e2553909e
server: use time constants 2022-11-20 23:15:40 +01:00
Johann150 66a7c62342 activitypub: remove akkoma quote URLs 
Changelog: Fixed
 2022-11-20 20:48:15 +00:00
Norm 512351746f Merge pull request 'Add LibreTranslate support' (#224) from libretranslate into main 
Reviewed-on: FoundKeyGang/FoundKey#224
Changelog: Added
 2022-11-20 16:21:17 +00:00
hayabusa 19ee132930
client: files in some states could not be dropped and uploaded 
* Fixed association between dropEffect and effectAllowed as well as the submission form
* Fixed that strings can be dropped

Reviewed-on: https://github.com/misskey-dev/misskey/pull/9114
Changelog: Fixed
 2022-11-20 16:17:26 +01:00
Johann150 3c4302cf3b
client: close webhook settings page automatically 
Changelog: Fixed
 2022-11-20 12:33:04 +01:00
Johann150 e59706e36f
client: delete webhooks 
Changelog: Added
 2022-11-20 12:29:17 +01:00
Johann150 0e0411f9e0
client: fix editing webhooks 
Co-authored-by: hayabusa <s.hashimoto@hs-sh.net>
Changelog: Fixed
 2022-11-20 11:41:21 +01:00
kabo2468 b7f32be512
server: don't nyaize quoted lines 
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
Changelog: Changed
 2022-11-20 11:15:03 +01:00
Johann150 aefb11959f
fix: translator settings on admin/meta endpoint 2022-11-20 10:37:50 +01:00
Norm cfe0f3ca67
client: Add LibreTranslate support 
This adds a new "Translation Settings" page to the admin interface where
the admin can configure the instance's translation settings. The
existing settigns for DeepL translation settings will now be located in
that page alongside the new LibreTranslate stuff.

Also made the translation service settings localizable, which funnily
enough was not already the case.
 2022-11-19 23:00:33 -05:00