| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
連合モードにあわせてフロントエンドを変化させるように (#15112)
* enhance(backend): metaにfederation modeに関する情報を公開
* enhance(frontend): 登録画面の注意書きを追加
* enhance(frontend): aboutページ・サーバー情報
* enhance(frontend): サーバー統計
* enhance(frontend): みつけるページ
* enhance(frontend): 検索
* enhance(frontend): ユーザー選択
* enhance(frontend): 設定画面
* enhance(frontend): ウィジェット
* enhance(frontend): リモートで開くオプション
* Update Changelog
* enhance(frontend): ステータスバー
* i18n
---------
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Botプロテクションの設定変更時は実際に検証を通過しないと保存できないようにする (#15151)
* feat(frontend): CAPTCHAの設定変更時は実際に検証を通過しないと保存できないようにする
* なしでも保存できるようにした
* fix CHANGELOG.md
* フォームが増殖するのを修正
* add comment
* add server-side verify
* fix ci
* fix
* fix
* fix i18n
* add current.ts
* fix text
* fix
* regenerate locales
* fix MkFormFooter.vue
---------
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* wip
* https://github.com/misskey-dev/misskey/issues/15039#issuecomment-2576411861 の反映
Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
* fix CHANGELOG.md
* remove inspection
---------
Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
|
| |
|
|
|
|
|
|
|
| |
config(default.yml)からSQLログ全文を出力するか否かを設定可能に (#15268)
* feature(backend): config(default.yml)からSQLログ全文を出力するか否かを設定可能に
* disableHighlightやめる
* refactor
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
チャートの処理を一つずつ行うことでDBの同時接続とタイムアウトを削減 (#15239)
* sync charts one-at-a-time to reduce database contention and timeouts
* fix merge resolve failure
* Update Changelog
* update changelog
* add comments
---------
Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Constraintが正しく評価されない問題を修正 (#15213)
* fix(backend/ActivityPubServerService): apOrHtml Constraintが正しく評価されない問題を修正 (MisskeyIO#869)
* Update Changelog
* indent
---------
Co-authored-by: あわわわとーにゅ <17376330+u1-liquid@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ロックダウンされた期間指定のノートがStreaming経由でLTLに出現するのを修正 (#15200)
* fix(backend): skipHideなときにもロックダウンされたノートのprivate化をするように
* fix linting
* Update packages/backend/src/core/entities/NoteEntityService.ts
* Fix: type error
* Remove unneeded await
* Fix: typo
* Remove skipTreatVisibillity
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(#15224)
* fix(backend): disableClustering設定時の初期化ロジックを調整
* onlyServer かつ enableCluster な場合、メインプロセスでlistenするとワーカープロセス側のlistenと衝突するため、メインプロセスはforkのみに制限する(listenしない)
* ログの追加
* fix CHANGELOG.md
* fix comment
|
| |
|
|
| |
アプリ作成方式で作成したトークンの権限を表示するように (#15177)
|
| |
|
|
|
|
|
| |
LIKE演算子でLOWER()をかけたテキストに対して行うように (#15205)
* Use LIKE-LOWER instead of ILIKE, which pg_bigm doesn't support.
* changelog: Enhance: pg_bigmが利用できるよう、ノートの検索をILIKE演算子でなくLIKE演算子でLOWER()をかけたテキストに対して行うように
|
| |
|
|
|
|
|
|
|
|
|
| |
* enhance: 照会の失敗理由を表示するように
* Update Changelog
* fix
* fix test
* lookupErrors-> remoteLookupErrors
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
公開範囲がホームのノートの埋め込みウィジェットが読み込まれない問題を修正 (#15102)
* Resolve frontend/backend contradiction for home visibility embeds
This now uses the same check from `packages/frontend/src/scripts/get-note-menu.ts`
* Update Changelog
---------
Co-authored-by: CenTdemeern1 <timo.herngreen@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
アドレス入力で直接ユーザのプロフィールページを表示した際、前提データが足りず描画に失敗する (#15033)
* fix(backend): アドレス入力で直接ユーザのプロフィールページを表示した際、前提データが足りず描画に失敗する
* fix CHANGELOG.md
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inboxのエラーをthrowせずreturnしている問題を修正 (#15022)
* fix exception handling for Like activities
(cherry picked from commit 8f42e8434eaebe3aba5d1980c57f49dd8ad0de91)
* fix exception handling for Announce activities
(cherry picked from commit cfc3ab4b045af0674122fa49176431860176358b)
* fix exception handling for Undo activities
* Update Changelog
---------
Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* fix(backend): fix apResolver
* fix
* add comments
* tweak comment
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix type error in security fixes
(cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205)
* Fix error in test function calls
(cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b)
* Fix style error
(cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a)
* Fix another style error
(cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a)
* Fix `.punyHost` misuse
(cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42)
* attempt to fix test: make yaml valid
---------
Co-authored-by: Julia Johannesen <julia@insertdomain.name>
|
| | |
|
| | |
|
| |
|
|
| |
Co-Authored-By: Acid Chicken <root@acid-chicken.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix(backend): check target IP before sending HTTP request
* fix(backend): allow accessing private IP when testing
* Apply suggestions from code review
Co-authored-by: anatawa12 <anatawa12@icloud.com>
* fix(backend): lint and typecheck
* fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService)
* fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses
---------
Co-authored-by: anatawa12 <anatawa12@icloud.com>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
| |
* Fix poll update spoofing
* fix: Disallow negative poll counts
---------
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* enhance: Add a few validation fixes from Sharkey
See the original MR on the GitLab instance:
https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484
Co-Authored-By: Dakkar <dakkar@thenautilus.net>
* fix: primitive 2: acceptance of cross-origin alternate
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 3: validation of non-final url
* fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities
* fix: primitives 5 & 8: reject activities with non
string identifiers
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 6: reject anonymous objects that were fetched by their id
* fix: primitives 9, 10 & 11: http signature validation
doesn't enforce required headers or specify auth header name
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections
* fix: code style for primitive 14
* fix: primitive 15: improper same-origin validation for
note uri and url
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 16: improper same-origin validation for user uri and url
* fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array
* fix: code style for primitive 17
* fix: check attribution against actor in notes
While this isn't strictly required to fix the exploits at hand, this
mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a
preemptive countermeasure.
* fix: primitive 18: `ap/get` bypasses access checks
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
* fix: primitive 19 & 20: respect blocks and hide more
Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.
* fix: primitives 21, 22, and 23: reuse resolver
This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.
* fix: primitives 25-33: proper local instance checks
* revert: fix: primitive 19 & 20
This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c.
---------
Co-authored-by: Dakkar <dakkar@thenautilus.net>
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
リノートミュートが新規投稿通知に対して作用していなかった問題を修正 (#15006)
* fix(backend): renoteMute doesn't work for note notification
* docs(changelog): update changelog
|
| |
|
|
|
|
|
| |
* wip
* Update CHANGELOG.md
* wip
|
| |
|
|
|
|
|
| |
アカウント削除のモデレーションログが動作していないのを修正 (#14996) (#14997)
* アカウント削除のモデレーションログが動作していないのを修正
* update CHANGELOG
|
| |
|
|
| |
SystemWebhookで送信されるペイロードの型を追加 (#14980)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 (#14990)
* fix(backend): アナウンスメントを作成ときに画像URLを後悔できないのを修正
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* Update CHANGELOG.md
Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>
---------
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#14856)
* FEAT: Allow users to view pending follow requests they sent
This commit implements the `following/requests/sent` interface firstly
implemented on Firefish, and provides a UI interface to view the pending
follow requests users sent.
* ux: should not show follow requests tab when have no pending sent follow req
* fix default followreq tab
* fix default followreq tab
* restore missing hasPendingReceivedFollowRequest in navbar
* refactor
* use tabler icons
* tweak design
* Revert "ux: should not show follow requests tab when have no pending sent follow req"
This reverts commit e580b92c37f27c2849c6d27e22ca4c47086081bb.
* Update Changelog
* Update Changelog
* change tab titles
---------
Co-authored-by: Lhc_fl <lhcfl@outlook.com>
Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* fix(backend): Webhook Test一致性
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* UserWebhookPayload<'followed'> 修正
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---------
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ローカルユーザーへのメンションを含むノートが連合される際に正しいURLに変換されないことがある問題を修正 (#14879)
* fix: make sure mentions of local users get rendered correctly during AP delivery (resolves #645)
* Update Changelog
* indent
---------
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
リモートユーザーの照会をオリジナルにリダイレクトするように (#12892) (#14897)
* enhance(backend) : リモートユーザーの照会をオリジナルにリダイレクトするように (#12892)
* オリジンリダイレクトのテストをtodoとして追加。
e2eテストにリモートユーザー考慮のテストがなさそうなので。
次のコマンドで動くことは確認済みです。
curl "http://localhost:3000/@foo@bar" -H "accept: application/activity+json" -L
* Acctのパースを既存のパーサーでするように修正
* lint
|
| |
|
|
|
|
|
| |
個別お知らせページではmetaタグを出力するように (#14902)
* enhance(frontend): 個別お知らせページではmetaタグを出力するように
* Update Changelog
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fix code scanning alert no. 28: Incomplete string escaping or encoding (MisskeyIO#800)
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
(cherry picked from commit 443335c662b14f609d6a81a8f3807e95709aebc1)
* :v:
---------
Co-authored-by: あわわわとーにゅ <17376330+u1-liquid@users.noreply.github.com>
|
| |
|
|
| |
followedMessageではなくdescriptionになっていたのを修正 (#14908)
|
| |
|
|
| |
フォロワーへのメッセージの絵文字をemojisに含めるように (#14904)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
FTT無効時にユーザーリストタイムラインが使用できない問題を修正 (#14878)
* fix: return getfromdb when FanoutTimeline is not enabled
* Update Changelog
* fix
---------
Co-authored-by: Lhc_fl <lhcfl@outlook.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ノートを連合する際にリモートユーザーのacctの大小文字を区別して処理している問題を修正 (#14880)
* fix: make sure outgoing remote mentions get resolved correctly if referenced with non-canonical casing (resolves #646)
* Update Changelog
* Update Changelog
* indent
---------
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
|
| |
|
|
|
|
| |
(#14825)
This is allowed according to the Activity vocabulary: https://www.w3.org/TR/activitystreams-vocabulary/#dfn-icon
The issue is noticeable in combination with Bridgy Fed: https://github.com/snarfed/bridgy-fed/issues/1408
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
招待コード発行可能残り数算出に使用すべきロールポリシーの値が違うのを修正 (#14834)
* fix: should use invite limit cycle to calculate invite/limit
* Update Changelog
* Update changelog
---------
Co-authored-by: Lhc_fl <lhcfl@outlook.com>
|
| |
|
|
|
| |
[ghsa-gq5q-c77c-v236](https://github.com/misskey-dev/misskey/security/advisories/ghsa-gq5q-c77c-v236)
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
過去のノートを非公開化/フォロワーのみ表示可能にできる機能 (#14814)
* wip
* Update CHANGELOG.md
* wip
* wip
* wip
* Update privacy.vue
* wip
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* wip
* wip
* wip
* Update packages/frontend/src/pages/note.vue
Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>
* wip
* Update WebhookTestService.ts
* Update privacy.vue
* wip
* rename
* Update locales/ja-JP.yml
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
* :art:
* wip
---------
Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* spec(frontend): Bull Dashboard に relationship queue を追加 (MisskeyIO#751)
(cherry picked from commit a8bbccbefa67ca0f2c1ec0880da88dfc7517b6a0)
* Update Changelog
* Update Changelog
---------
Co-authored-by: riku6460 <17585784+riku6460@users.noreply.github.com>
|
| | |
|
