vib/FoundKey
1
0
Fork 0
forked from FoundKeyGang/FoundKey
Code Issues Pull requests Projects Releases Packages Wiki Activity
22111 commits 12 branches 4 tags 107 MiB
Commit graph

1054 commits

Author SHA1 Message Date
Johann150
eecff514c2
tests: use bearer authentication 2023-05-07 23:33:21 +02:00
Johann150
605a55e1d4
tests: fix Resolver import 2023-05-07 23:32:23 +02:00
Johann150
683584fe8f
update mocha 2023-05-07 23:29:55 +02:00
Johann150
34d55e2dda
server: better matching for MFM mentions 
When rendering the HTML for outgoing activities, the mentions are now
matched case insensitive and should also work properly for IDNs. The
username is also compared case insensitive. Mentions of local users
are also handled properly independed of whether the hostname was given
or omitted.

The query to get mentions is now also only executed once instead of
for each mention individually.

Changelog: Fixed
 2023-04-28 23:47:48 +02:00
Johann150
9b8438cdfc
server: system accounts cannot be registered 
While refactoring the previous commit, it seemed like the previous
authors expected that a system account could be registered somehow
and that this would be an error condition. However, as now made
explicit with this, it is not possible to register a system account.

This means that any account by that name could only ever have been
created by the system itself so fetching them should be fine and not
an error condition.
 2023-04-20 22:10:31 +02:00
Johann150
688deda218
server: dont fail if system user exists 
closes FoundKeyGang/FoundKey#378

Changelog: Fixed
 2023-04-20 22:05:26 +02:00
Johann150
4fbbfff145
activitypub: also check incoming activity host for block 2023-04-16 19:34:15 +02:00
Johann150
5f4aab6d46
translate yet another japanese comment 2023-04-16 19:33:50 +02:00
Johann150
75fd42b070
server: check for valid keyId URL before parse 2023-04-16 19:33:28 +02:00
Johann150
f7bd210316
server: replace Array.find with Array.some 2023-04-16 13:32:36 +02:00
Johann150
ba2b7ef43c
fix including suspended users in getter 2023-04-15 21:10:57 +02:00
Johann150
9a085e9d42
fixup: add missing curly braces 
This is a fixup for commit b14f3e8cdc.
 2023-04-15 20:27:42 +02:00
Johann150
b14f3e8cdc
server: properly handle logical deletion 
closes FoundKeyGang/FoundKey#329
 2023-04-15 19:04:07 +02:00
Johann150
71dfd229b0
remove unnecessary code 2023-04-15 18:56:46 +02:00
Johann150
7b8333a21f
server: refactor user getter to throw API error 
Instead of throwing an IdentifiableError which then just always gets
converted into an ApiError, the getter can just throw the same ApiError
directly. This makes it more convenient to use and thus more endpoints
have been refactored to use it to reduce code repetition.
 2023-04-15 18:56:42 +02:00
Johann150
ae703cfe4b
server: check that channel id is specified 2023-04-15 18:14:57 +02:00
Johann150
8c47f376dc
server: fix undefined variable in streaming API 2023-04-15 17:52:48 +02:00
Johann150
808ad2a505
server: HTTP signature requires date header 
The default of the library used is to require either of the "date" or
"x-date" headers. It does not seem sensible to pass on this default.
It may be to fix federation with another software but that software
should be considered broken, and it does not seem reasonable to
potentially get an outdated signature just to fix federation with some
buggy software.
 2023-04-13 11:04:35 +02:00
Johann150
340874c252
BREAKING server: remove mediaIds parameter 
This parameter is a duplicate of fileIds and was marked as deprecated
before. This removes that parameter and therefore simplifies the API
endpoint's schema.

Changelog: Removed
 2023-04-10 15:07:44 +02:00
Johann150
079a9e29ce
server: replace IRC with issue tracker as preferred feedback 
The IRC channel is not a reliable means of communication for feedback
because I don't use it (regularly).
 2023-04-01 15:10:12 +02:00
Johann150
1472c21cb6
activitypub: properly handle all scopes for renotes 
This was not implemented because of concerns raised in
https://github.com/misskey-dev/misskey/issues/8261
about Mastodon incorrectly interpreting the scope on renotes.
However this bug seems to be fixed so it can now be implemented.

See also https://github.com/misskey-dev/misskey/pull/10291

Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
 2023-03-31 07:59:20 +02:00
Johann150
e9f68e65b7
server: fix rate limit for adding reactions 
Adding a reaction may delete a previous reaction to the same note,
thus consequently this needs to be in the rate limiting group if this
happens. Otherwise the rate limit can be circumvented.

Changelog: Fixed
 2023-03-28 22:50:04 +02:00
Johann150
48405fba3b
server: fix rate limit error propagation 
Changelog: Fixed
 2023-03-28 22:49:58 +02:00
Johann150
1171567db2
server: remove unused API parameters 
Changelog: Removed
 2023-03-28 19:36:10 +02:00
Johann150
6179b2e5f0
server: add pagination to file attachment timeline 
As a side effect this also makes the notes appear in chronological order.

Changelog: Changed
 2023-03-27 20:46:26 +02:00
Johann150
134c3b43e6
implement filtering and sorting in drive 
The `sort` parameter for /api/drive/show is now more unified with
other endpoints which use +createdAt for sort instead of +created.

closes FoundKeyGang/FoundKey#109

Changelog: Added
 2023-03-26 12:03:43 +02:00
Johann150
68f9e3e0dd
server: change pagination of drive/show endpoint 
This changes the pagination of the drive/show API endpoint to use the
offset variant of pagination and allows to specify a sorting.

closes FoundKeyGang/FoundKey#362
 2023-03-26 11:05:55 +02:00
Johann150
94d1cf75aa
server: unify drive object types in database 
Minor adjustment: The 'name' columns have the same max length.

Major adjustment: Rename both columns to be "parentId" and update
all references of this name in the backend. API parameters are not
changed, since that would be an unnecessary breaking change.
 2023-03-26 11:05:55 +02:00
Johann150
701054b86e
replace NBSP with SP 
How did this get here in the first place?
 2023-03-26 10:57:12 +02:00
Johann150
c1f7ad0c14
server: add movedTo to packed user 2023-03-23 21:45:59 +01:00
Johann150
e78069d904
server: implement moveTo property on actors 
Co-authored-by: Mary Strodl <ipadlover8322@gmail.com>
Co-authored-by: amybones <amy@spookygirl.boo >
 2023-03-23 21:43:50 +01:00
Johann150
72b8489ae7
client: display move notification 2023-03-23 21:10:17 +01:00
Johann150
5ad18c8626
server: add migration for movedTo user/notif 2023-03-23 21:10:16 +01:00
Johann150
910976a55b
server: implement receiving Move activities 
For now only creates notifications.
 2023-03-23 21:10:15 +01:00
Johann150
3c2092935c
server: add object hint to resolvePerson 2023-03-23 21:10:14 +01:00
Johann150
3311bd866b
add move notification type 2023-03-23 21:10:08 +01:00
Johann150
c8a07e58f8
server: update summaly 
- updates got (CVE-2022-33987)
- now properly preview XHTML pages

Changelog: Security
 2023-03-23 20:32:31 +01:00
Johann150
f1d7357e75
server: fix undefined variable in getOneApId 
This is a fixup for commit 48fd543d0f.

closes FoundKeyGang/FoundKey#365
 2023-03-22 18:30:56 +01:00
Johann150
d3fbe5e382
BREAKING server: refactor streaming API data structures 
Since looking up a channel by ID should be the most often needed use
case, the data structure is now more optimized towards this. The code
is also simplified by using optional chaining where possible.

In this vein, the server will now enforce that channel IDs are unique
and not reused.

Changelog: Changed
 2023-03-19 12:39:57 +01:00
Johann150
7e4148880b
server: improve comments in streaming API 2023-03-19 11:09:56 +01:00
Johann150
ed9b9210a9
server: remove some casting to any 2023-03-19 10:45:57 +01:00
Johann150
742fa37e2b
server: show worker mode in process name 
Changelog: Added
 2023-03-19 09:39:33 +01:00
Richard "EpicKitty" Bowey
79a9b04d25
put the migration in its place 2023-03-17 16:16:41 +01:00
Johann150
32beda4344
server: improve error message for invalidating follows 
This error was broken out to be a separate error code and message.

Changelog: Changed
 2023-03-16 20:42:02 +01:00
Johann150
d6837814d9
Merge branch 'drive-api-combined' 
Reviewed-on: FoundKeyGang/FoundKey#297
 2023-03-13 19:30:24 +01:00
syuilo
1274af05a4
remove unused instance settings 2023-03-12 16:28:07 +01:00
Johann150
6a17dcf4de
server: refactor to group deletion deliveries 
The `quiet` argument has been removed from `deleteNote` (or `deleteNotes`
respectively) since it was not used anywhere and it does not seem a good
idea to not update statistics in some cases.

This should also fix an issue where cascade deletions mean that statistics
are not properly updated or streaming clients not properly informed of
deletions. This case was seemingly not considered before, even though
there was some handling for cascade deleted notes.

This is going to improve how cascade deletion impacts the delivery queue,
because cascade-deleted notes will now be grouped for delivery.

Changelog: Fixed
 2023-03-12 12:37:20 +01:00
Johann150
383ea40704
server: add function to deliver multiple activities to a relay 2023-03-11 22:23:42 +01:00
Johann150
e52cf25489
server: use named export for deleteNote 2023-03-11 09:54:46 +01:00
Johann150
1bce487965
activitypub: allow to group elements for delivery 2023-03-11 09:42:14 +01:00
Johann150
78c93c5539
server: clean up activitypub deliver code 2023-03-11 09:42:14 +01:00
Johann150
2164fda2fb
server: do AP sent statistics in request function 2023-03-11 09:42:05 +01:00
Johann150
ee2860e894
improve docs 2023-03-03 23:36:15 +01:00
Johann150
a750c7ad57
server: remove unused avgColor attribute from types 2023-03-03 21:36:21 +01:00
Johann150
5aa5344f2e
docs: fix schema definitions 2023-03-03 21:12:44 +01:00
Johann150
e2063f4ff9
fix: correctly parse quotes 2023-02-24 23:47:50 +01:00
Johann150
57e4971214
Revert "server: fix return of visibilityQuery function" 
This reverts commit 32f4bee5e8.

It is the right thing to do in theory, but it doesn't work.
I hate typeorm.
 2023-02-21 21:16:28 +01:00
Johann150
32f4bee5e8
server: fix return of visibilityQuery function 2023-02-21 21:04:38 +01:00
Johann150
c8731333ba
server: add new deepl languages 
DeepL now also supports Norwegian (Bokmål) and Korean.

Ref: https://www.deepl.com/en/blog/welcome-korean-and-norwegian
Changelog: Added
 2023-02-21 18:24:29 +01:00
Johann150
0a7352eda9
server: add diagnostics for failing visibility 2023-02-20 21:08:58 +01:00
Johann150
c777c2ed04
fix: perform visibility query in second stage 2023-02-20 21:08:58 +01:00
Johann150
8f5952bb7d
server: handle note visibility in SQL 
This allows to check visibility recursively, which should hopefully
solve problems with timelines not showing up properly.

Changelog: Changed
 2023-02-20 21:08:47 +01:00
Johann150
73d546372e
refactor: replace import paths containing ../ in API server 
This is a big one...
 2023-02-19 23:36:15 +01:00
Johann150
bfd1adf761
BREAKING server: restructure endpoints related to user administration 
- `admin/abuse-user-reports` -> `admin/reports/list`
- `admin/delete-all-files-of-a-user` -> `admin/users/delete-all-files`
- `admin/resolve-abuse-user-report` -> `admin/reports/resolve`
- `admin/accounts/create` -> `admin/users/create`
- `admin/accounts/delete` -> `admin/users/delete`
- `admin/show-user` -> `admin/users/show`
- `admin/show-users` -> `admin/users`
- `admin/silence-user` -> `admin/users/silence`
- `admin/suspend-user` -> `admin/users/suspend`
- `admin/unsilence-user` -> `admin/users/unsilence`
- `admin/unsuspend-user` -> `admin/users/unsuspend`
- `admin/reset-password` -> `admin/users/reset-password`

Changelog: Changed
 2023-02-19 23:36:13 +01:00
Johann150
41aa5cd18f
fix typo 2023-02-19 23:32:36 +01:00
Johann150
17c9a9374d
fixup: server: parse quote tag syntax 
This is a fixup for commit 5893a44ff5.
 2023-02-19 19:41:11 +01:00
Johann150
3e9dd7957d
server: dont error on generating empty RSS feed 
Changelog: Fixed
 2023-02-18 17:43:27 +01:00
Johann150
bf445964b5
improve documentation for fetch-rss endpoint 
Changelog: Fixed
 2023-02-15 20:42:24 +01:00
Johann150
c9d395961e
server: refactor packing User 2023-02-11 19:17:11 +01:00
Johann150
3a7e8cfe50
server: check instance description length limit 
Changelog: Fixed
 2023-02-11 19:16:28 +01:00
Johann150
b8796cb1fa
activitypub: remove _misskey_votes property 
This is a duplication of `replies.totalItems` and seems unnecessary,
it is even only parsed by Misskey if the afforementioned property is
not available.

Changelog: Removed
 2023-02-11 17:49:12 +01:00
Johann150
68bc2e314b
activitypub: remove _misskey_reaction property 
This property is duplicated by the `content` property so seems unnecessary.

Changelog: Removed
 2023-02-11 17:43:44 +01:00
Johann150
fff93c6965
activitypub: remove _misskey_content attribute 
As already noted back in https://github.com/misskey-dev/misskey/pull/8787
the intention was to replace the `_misskey_content` attribute with the
ActivityPub-defined `source` property. Misskey and by extension Foundkey
have shipped with the `source` property and the respective parsing for
quite a while so it seems reasonable to remove it now.

Changelog: Removed
 2023-02-11 17:25:24 +01:00
Johann150
7c89e99243
fix registry migration 
It can happen that registry items were created at exactly the same time for some reason.
 2023-02-11 12:52:28 +01:00
Johann150
27b912b9b0
security: check schema for URL previews 
Changelog: Fixed
 2023-02-10 20:06:18 +01:00
Johann150
48fd543d0f
security: check URL schema of AP URIs 
Changelog: Fixed
 2023-02-10 20:06:12 +01:00
syuilo
af272ce358
fix(server): validate filename and emoji name to improve security 
0d7256678e

Co-authored-by: Johann150 <johann.galle@protonmail.com>
Changelog: Fixed
 2023-02-10 20:05:53 +01:00
Johann150
c1ae134c0a
security: make sure there is no SQL insertion 2023-02-10 18:31:23 +01:00
Johann150
3ad6323c23
fix registry migration 
closes FoundKeyGang/FoundKey#337
 2023-02-05 20:37:06 +01:00
Johann150
3489c8ac3a
fix: loading config 2023-02-04 23:24:05 +01:00
Johann150
44f02fa3ec
update documents for new release 2023-02-04 22:22:00 +01:00
Johann150
d655bda30c
add foundkey floofer 2023-02-04 22:15:28 +01:00
Johann150
839daea887
remove mi-white.png asset 2023-02-04 18:08:19 +01:00
Johann150
41c42f96f0
BREAKING server: disable deliver rate limit by default 
The deliver rate limit seems to cause a lot of performance problems,
presumably because of the overhead the rate limit has. It also does
not really make sense to rate limit outgoing because we are requesting
from different servers anyway.

fixes FoundKeyGang/FoundKey#190

Changelog: Changed
 2023-02-04 17:57:52 +01:00
Johann150
9a6bb8be7d
server: default config items on load 2023-02-04 17:56:15 +01:00
Johann150
1adf88b090
fixup: OpenGraph data generation 
This is a fixup for commits 39fb7e5946 and be30e70344.
 2023-02-04 16:44:30 +01:00
Johann150
28c11ca7af
refactor isPureRenote to foundkey-js 2023-02-04 16:42:36 +01:00
Johann150
9458045c8f
server: refactor note/renote rendering to separate file 2023-02-04 15:32:25 +01:00
Mia Herkt
a8c0e1f827
fix migration for note.url unique index 
fixes FoundKeyGang/FoundKey#331

Co-authored-by: Johann150 <johann.galle@protonmail.com>
 2023-02-04 11:03:29 +01:00
Johann150
85a68a5eee
activitypub: properly render CW only quotes 
Changelog: Fixed
 2023-02-04 00:27:43 +01:00
Johann150
ca257d7d0c
server: remove application level websocket ping 
Changelog: Removed
 2023-02-03 11:48:46 +01:00
Johann150
30c26abde7
server: add websocket ping mechanism 
fixes FoundKeyGang/FoundKey#336

Changelog: Fixed
 2023-02-03 11:47:54 +01:00
Johann150
17324e1e94
server: add unique constraint for registry items 
fixes FoundKeyGang/FoundKey#335
 2023-02-03 00:27:33 +01:00
Johann150
8b98c9f2f4
server: remove unused 'domain' column 2023-02-02 23:29:24 +01:00
Johann150
be30e70344
server: add more OpenGraph data, remove custom misskey meta tags 
Changelog: Changed
 2023-02-01 23:18:10 +01:00
Johann150
39fb7e5946
server: improve OpenGraph data for note attachments 
With this change, not all files will be proclaimed to be image files. Only
images, videos and audio files will be represented with OpenGraph data.

More properties for these files will also be represented, e.g. image alt text.

However, if the note has a CW or any of the files are marked sensitive, none
of the files will be used.

The users profile picture will not be used any more.

Changelog: Changed
 2023-02-01 22:53:32 +01:00
Johann150
75b14124f2
server: improve variable naming 2023-02-01 11:30:53 +01:00
Johann150
7480e27c0c
server: remove twitter links from HTML templates 
Since the twitter integration has been removed, this will never be true
and can therefore be removed.
 2023-02-01 11:27:27 +01:00
Johann150
2d32bc33d7
server: fix error for invalid URLs in profile fields 
Co-authored-by: Chloe Kudryavtsev <code@code.bunkerlabs.net>
 2023-01-30 19:24:15 +01:00
Chloe Kudryavtsev
bb3ec8bafe Revert "server: fix user deletion race condition" 
This reverts commit cc83cbe523, reversing
changes made to 8abd3ebec7.

This changeset contains:
* multiple type errors
* a foreign key incompatibility
* breaks outgoing note federation (in at least two ways)
 2023-01-30 14:59:24 +01:00