Commit graph

1606 commits

Author SHA1 Message Date
029870ef01
check redirect URIs 2022-11-10 23:07:01 +01:00
cc4e9f9071
server: allow to grant tokens with more restricted privileges
This also simplifies API authentication a bit by not having to fetch
the App that is related to a token.

The restriction of 1 token per app is also lifted. This was not a
constraint in the database but it was enforced by the code and
kinda wrong schema the auth_session table had.
2022-11-10 23:06:57 +01:00
181a2c4217
docs: read scope descriptions from locale strings 2022-11-10 21:31:47 +01:00
c6ac67a3f7
client: fix auth page layout
This also includes better rendering when no permissions are requested.

Also removed the app's id from the page as it makes no sense to show
this to a user.

Changelog: Fixed
2022-11-10 21:31:47 +01:00
741ceb82df
server: add missing auth/deny endpoint
This endpoint is hinted at in the client, but is not actually defined
in the backend. This commit defines it.
2022-11-10 21:31:47 +01:00
3939f0f37b
expire AuthSessions after 15 min 2022-11-10 21:31:47 +01:00
6ec3d61753
update OpenAPI docs to OAuth 2022-11-10 21:31:46 +01:00
3b295f8ce1
add API route for OAuth access token retrieval 2022-11-10 21:31:46 +01:00
8ccc4f51d9
make authorization token granting OAuth 2.0 compatible
This is basically a shim on top of the existing API.
Instead of the 3rd party, the web UI generates the authorization session.

The data that the API returns is slightly adjusted so that only one
API call is necessary instead of two.
2022-11-10 21:31:41 +01:00
5d23aa9e69
translate some comments to english 2022-11-10 00:36:39 +01:00
5b61941e4c
server: skip instances that proclaimed themself dead via HTTP 410
Changelog: Fixed
2022-11-10 00:23:30 +01:00
ca90cedba0
server: reduce dead instance detection to 7 days 2022-11-09 18:47:28 +01:00
2496b385ce
fix login
This is a fixup commit to b2c800e654.
2022-11-08 21:59:13 +01:00
54075789cd
server: remove content type bodge
Now that the client should send the proper content type, this should not be
necessary any more.
2022-11-08 20:57:38 +01:00
b2c800e654
client: properly set content-type header 2022-11-08 20:57:09 +01:00
5713f329ca
client: remove unnecessary ref 2022-11-08 20:57:08 +01:00
609312bb82
server: refactor errors in signin endpoint 2022-11-08 20:57:08 +01:00
7939d130aa backend: update sharp to 0.31.2
Changelog: Fixed
Fixes: FoundKeyGang/FoundKey#226
2022-11-08 01:16:55 -05:00
489eea0c67
server: improve API validation for creating apps
Resolves a FIXME comment.
2022-11-05 10:43:34 +01:00
6f65326b32
chore: synchronize code and database schema 2022-11-03 21:50:55 +01:00
e8ecd71f8a backend: refactor server/nodeinfo.ts (#221)
This fixes a few type errors like removing `software.respository` in
NodeInfo 2.0 and updating `metadata.repositoryUrl` to not use the
now removed meta `repositoryUrl` field.

Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: FoundKeyGang/FoundKey#221
2022-11-02 21:42:51 +00:00
0db0db9a87
backend: fix types in getRedisFamily 2022-10-31 18:39:05 -04:00
6df2f7c55c
server: refactor finding delete-cascaded notes
Remove the several filter functions in different places by filtering
directly in the database.

Instead of a QueryBuilder, use the plain find function.

Refactor a for loop awaiting several promises individually, use
Array.map and await Promise.all to make better use of promises.
2022-10-31 20:57:45 +01:00
ac240eb58d
server: translate/add comments 2022-10-31 20:57:18 +01:00
e27494cf3e
chore: Provide type for toggleReaction 2022-10-31 10:10:29 +01:00
d725f93d40
backend: Provide type for signedGet 2022-10-31 10:10:29 +01:00
6db9b76f46
Retouch types in server index 2022-10-31 10:10:29 +01:00
f50b04b015
Fix type errors in withPackedNote 2022-10-31 10:10:28 +01:00
3fe1f7e70e
Deal with withPackedNote(onNote) types in stream channels 2022-10-31 10:10:28 +01:00
eff9dbb5ee
Reassure typechecker about token in authenticate 2022-10-31 10:10:28 +01:00
fb80fd1fbd
Broaden type in authenticate as undefined is also nullable 2022-10-31 10:10:27 +01:00
2a33d0ac83
Fix type import in stream emitter typing 2022-10-31 10:10:27 +01:00
fb5f498641
Upgrade bull-board to unify misaligned types in its packages 2022-10-31 10:10:27 +01:00
23fbdfdf1f
Fix typos in syslog initialization 2022-10-31 10:10:26 +01:00
5b7a7794ab
backend: fix type of IEndpointMeta.errors
The errors array is supposed to be readonly.
2022-10-31 03:35:47 -04:00
bd0c06e2d0
server: fix RefereceError (again...) 2022-10-30 17:46:44 +01:00
c282ed7683
Narrow type of isPureRenote
As side effect of that, a non-null assertion can be removed.

Co-authored-by: Johann150 <johann.galle@protonmail.com>
2022-10-30 17:38:56 +01:00
47b2f619a6
client: fix follow button getting stuck processing
If a user on a remote instances changes their profile to manually accept
follow requests, this change may not immediately be federated. Because of
this, a user may get stuck seeing "processing".
2022-10-30 17:27:05 +01:00
240ad1cca6
server: fix ReferenceError
The super constructor has to be called before accessing this.
2022-10-30 16:22:12 +01:00
eb1ecd90e6
client: Add "follows you" pill to user profile popup
Changelog: Added
Reviewed-on: FoundKeyGang/FoundKey#217
2022-10-30 14:41:11 +01:00
14c7d2bf53
client: fix ternary statement
fixup for 4bfbe0dd96
2022-10-30 11:00:40 +01:00
4bfbe0dd96
client: refactor pagination.vue
This mostly involves deduplicating code and removing redudndant
statements.

Also translated all but one comment to English.
2022-10-29 23:09:35 +02:00
2aafe8fc9f
server: avoid adding suspended instances to deliver queue
This should reduce the performance hit when adding large numbers of
instances to the deliver queue by making the check for suspended and
dead instances a bulk operation.

Changelog: Changed
Reviewed-on: FoundKeyGang/FoundKey#215
2022-10-29 22:58:04 +02:00
7a64a3858d
fix erroneous quote 2022-10-28 23:49:30 +02:00
d0564759a5
server: remove unnecessary argument 2022-10-28 23:36:47 +02:00
735b9ab502
fix some lints 2022-10-28 16:57:56 +02:00
fb76843c19
adapt OpenAPI documentation generation to new error definitions 2022-10-27 22:44:06 +02:00
1dd935dc0c
fix endpoint type definition for errors 2022-10-27 22:44:06 +02:00
934ee82b8f
server: refactor ApiError to store error descriptions centrally
The UUIDs are no longer used for errors and all errors should now have
a descriptive message attached to them. Also, all errors should now have
the proper HTTP status code for a reply instead of the generic 400 and 500
response codes. Because the errors all have more specific error codes, the
"kind" of client or server is also abolished.
2022-10-27 22:43:58 +02:00
66d7b69377
server: refactor API handler and returning errors
This refactors the API handler to not use default exports, be async
instead of constructing a promise and modify how errors are returned.
2022-10-26 23:15:31 +02:00