FoundKey

Author	SHA1	Message	Date
Johann150	fdf30f60e6	server: remove SQL boolean comparisons	2023-01-09 20:43:12 +01:00
Johann150	c7ab8839dc	BREAKING: remove admin/delete-account, change admin/accounts/delete You should use the API endpoint admin/accounts/delete. It has the same parameter and the same behaviour. The admin/accounts/delete endpoint now requries administrator privileges instead of just moderator privileges. Changelog: Removed	2023-01-07 23:53:48 +01:00
Johann150	1eda1760d1	server: refactor to always use deleteAccount service This should reduce code duplication around how deletion of an actor is handled.	2023-01-07 19:46:05 +01:00
Puniko	cdba5447e6	server: remove joins to avatar and banners in children endpoint Reviewed-on: FoundKeyGang/FoundKey#303	2023-01-05 21:05:22 +01:00
Johann150	0c8a3cfeec	server: fix lints	2023-01-03 03:51:38 +01:00
Johann150	8bc366fde0	server: fix comma-dangle lint	2023-01-03 02:47:58 +01:00
Johann150	417d252e9d	server: fix custom lint typeorm-prefer-count	2023-01-03 02:42:42 +01:00
Johann150	6010884e62	cleanup: translate japanese, use SECOND constant	2023-01-02 21:07:56 +01:00
Johann150	b423d23cf6	server: fix custom lint typeorm-prefer-count	2023-01-02 21:07:02 +01:00
Johann150	7bf4d4426a	use count instead of find to check existence	2023-01-02 14:43:27 +01:00
Johann150	7f564431be	server: fixup sql Fixup to `0b7c9095bf`.	2023-01-02 00:11:35 +01:00
Johann150	8b0b7ff525	server: change default value for api/admin/show-users origin param Changed from "local" to "combined" to fix a bug when the hostname is set but origin is not. Changelog: Changed	2023-01-01 22:11:19 +01:00
Johann150	0b7c9095bf	server: don't return users twice in search	2023-01-01 21:22:53 +01:00
Johann150	eea2eb4919	use Promise.all instead of separate promises	2022-12-25 19:04:00 +01:00
Johann150	114d416de0	server: refactor password hashing & comparison to module For easier replacement should the hash algorithm ever be changed.	2022-12-25 19:03:51 +01:00
Johann150	c2372315f7	server: improve error messages Refactor Error's to ApiError's. Changelog: Changed	2022-12-25 16:07:48 +01:00
Johann150	61a2db49df	server: always use user id for calcDriveUsageOf	2022-12-23 13:38:29 +01:00
Francis Dinh	28f65bebfc	server: use named export for cancelFollowRequest	2022-12-22 16:52:52 -05:00
Francis Dinh	2204adc657	server: use named export for acceptAllFollowRequests	2022-12-22 16:52:52 -05:00
Francis Dinh	b11e4053db	server: use named export for acceptFollowRequest	2022-12-22 16:52:52 -05:00
Johann150	e2ef800708	server: dont use replace for file types No point in using replace if we already know which character we want to replace.	2022-12-22 14:46:21 +01:00
Johann150	33f0b24c56	server: add v2 routes to notes endpoints	2022-12-22 11:02:04 +01:00
Andreas Nedbal	aed2752470	server: make v2 meta endpoint support GET	2022-12-22 11:01:56 +01:00
Johann150	275136cf8b	allow redirects in API ap/* endpoints	2022-12-21 20:45:55 +01:00
Johann150	8c759dde6c	server: fix error about duplicate resolve	2022-12-15 19:44:55 +01:00
Johann150	ffff2ae5ef	server: fix missing import closes FoundKeyGang/FoundKey#286	2022-12-14 18:08:44 +01:00
Johann150	ccc8bf0289	chore: fix more miscellaneous lints	2022-12-13 23:09:32 +01:00
Johann150	8e9c65fab0	chore: fix some import related lints	2022-12-13 23:09:31 +01:00
Johann150	5ea744b1b2	server: use configurable images	2022-12-13 20:54:49 +01:00
Johann150	d4d1e03479	server: fix errors for replies and state when note doesnt exist	2022-12-13 20:35:46 +01:00
Johann150	3ef1a4b0f9	refactor: remove default export for Resolver	2022-12-11 18:23:07 +01:00
Johann150	ae59ce51b0	refactor: remove default export for DbResolver	2022-12-11 18:16:48 +01:00
Francis Dinh	b66f7550ab	server: auto-fix lints	2022-12-07 13:39:21 -05:00
Johann150	0f3f42eb39	remove rndstr dependency This dependency was unused in the client. The use of it in the server can be replaced entirely by the secureRndstr function, with some slight modifications. That function could probably be refactored a bit more as well.	2022-12-07 18:08:09 +01:00
Andreas Nedbal	b023741f50	server: remove integrations field from user	2022-12-06 23:00:08 +01:00
Andreas Nedbal	b4b1204f77	server: remove integration-related fields from meta	2022-12-06 21:47:59 +01:00
Norm	c1a51547a9	BREAKING: server: remove wildcard blocking and instead block subdomains (#269 ) Co-authored-by: Francis Dinh <normandy@biribiri.dev> Reviewed-on: FoundKeyGang/FoundKey#269 Changelog: Changed	2022-12-05 17:55:38 +00:00
Chloe Kudryavtsev	4e74d26e45	backend: fix ratelimit typo Changelog: Fixed	2022-12-05 15:49:33 +01:00
Johann150	a421dd401c	activitypub: refactor to always apply recursion limit Refactor to remove as many "new Resolver" as possible.	2022-12-04 21:11:44 +01:00
Johann150	5291f29581	implement OAuth PKCE This implements Proof Key for Code Exchange a.k.a. RFC 7636.	2022-12-03 10:38:33 +00:00
Johann150	15b3ab6d13	check redirect URIs	2022-12-03 10:38:33 +00:00
Johann150	79e3c20189	server: allow to grant tokens with more restricted privileges This also simplifies API authentication a bit by not having to fetch the App that is related to a token. The restriction of 1 token per app is also lifted. This was not a constraint in the database but it was enforced by the code and kinda wrong schema the auth_session table had.	2022-12-03 10:38:32 +00:00
Johann150	c65fdebe26	server: add missing auth/deny endpoint This endpoint is hinted at in the client, but is not actually defined in the backend. This commit defines it.	2022-12-03 10:38:32 +00:00
Johann150	7db7fdd9e2	add API route for OAuth access token retrieval	2022-12-03 10:38:32 +00:00
Johann150	a13e956af0	make authorization token granting OAuth 2.0 compatible This is basically a shim on top of the existing API. Instead of the 3rd party, the web UI generates the authorization session. The data that the API returns is slightly adjusted so that only one API call is necessary instead of two.	2022-12-03 10:38:32 +00:00
Francis Dinh	075e251822	server: add wildcard matching to blocked hosts This adds in wildcard matching. For instance: - `.bad.tld` will match: `very.bad.tld` - `bad.` will match: `bad.something` - `.bad.` will match: `very.bad.evil` Changelog: Changed	2022-12-01 11:29:02 -05:00
Norm	973bd4532b	Merge pull request 'server: always enable push notifications' (#235 ) from enable-push-notifs into main Reviewed-on: FoundKeyGang/FoundKey#235 Changelog: Changed	2022-11-29 21:51:10 +00:00
Johann150	8130a2a9b1	server: remove deeplIsPro setting This setting is unnecessary because DeepL free keys can be detected easily according to <https://www.deepl.com/docs-api/api-access/authentication/>: > DeepL API Free authentication keys can be identified easily by the suffix ":fx" Changelog: Removed	2022-11-27 12:12:56 +01:00
Johann150	563f3672a9	server: always enable push notifications The thing that previously presumably hindered this was that the VAPID keys had to be set up. Previously admins had to do this, but this is a bad idea for multiple reasons: 1) The meaning of "public key" and "private key" was not well documented in the settings. 2) Giving out a private key over the API, even just for admins, sounds like a bad idea. Co-authored-by: Francis Dinh <normandy@biribiri.dev>	2022-11-21 22:00:53 +01:00
Johann150	9e2553909e	server: use time constants	2022-11-20 23:15:40 +01:00

1 2 3 4 5

233 commits