summaryrefslogtreecommitdiff
path: root/packages/backend/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fix(backend): ↵かっこかり2024-11-221-5/+9
| | | | | | | | | | | | | | | | | | | Inboxのエラーをthrowせずreturnしている問題を修正 (#15022) * fix exception handling for Like activities (cherry picked from commit 8f42e8434eaebe3aba5d1980c57f49dd8ad0de91) * fix exception handling for Announce activities (cherry picked from commit cfc3ab4b045af0674122fa49176431860176358b) * fix exception handling for Undo activities * Update Changelog --------- Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
* fix(backend): fix apResolver (#15010)かっこかり2024-11-212-3/+5
| | | | | | | | | * fix(backend): fix apResolver * fix * add comments * tweak comment
* fix(backend): fix type error(s) in security fixes (#15009)かっこかり2024-11-213-13/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix type error in security fixes (cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205) * Fix error in test function calls (cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b) * Fix style error (cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a) * Fix another style error (cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a) * Fix `.punyHost` misuse (cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42) * attempt to fix test: make yaml valid --------- Co-authored-by: Julia Johannesen <julia@insertdomain.name>
* fix(backend): fix security patches (#15008)かっこかり2024-11-212-3/+3
|
* fix ap/showsyuilo2024-11-211-1/+1
|
* fix(backend): use atomic command to improve securitysyuilo2024-11-211-3/+1
| | | | Co-Authored-By: Acid Chicken <root@acid-chicken.com>
* Merge commit from forkrectcoordsystem2024-11-214-36/+123
| | | | | | | | | | | | | | | | | | | | * fix(backend): check target IP before sending HTTP request * fix(backend): allow accessing private IP when testing * Apply suggestions from code review Co-authored-by: anatawa12 <anatawa12@icloud.com> * fix(backend): lint and typecheck * fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService) * fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses --------- Co-authored-by: anatawa12 <anatawa12@icloud.com> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* Merge commit from forkJulia2024-11-212-8/+23
| | | | | | | | | * Fix poll update spoofing * fix: Disallow negative poll counts --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* Merge commit from forkJulia2024-11-2115-76/+227
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * enhance: Add a few validation fixes from Sharkey See the original MR on the GitLab instance: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484 Co-Authored-By: Dakkar <dakkar@thenautilus.net> * fix: primitive 2: acceptance of cross-origin alternate Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 3: validation of non-final url * fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities * fix: primitives 5 & 8: reject activities with non string identifiers Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 6: reject anonymous objects that were fetched by their id * fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections * fix: code style for primitive 14 * fix: primitive 15: improper same-origin validation for note uri and url Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 16: improper same-origin validation for user uri and url * fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array * fix: code style for primitive 17 * fix: check attribution against actor in notes While this isn't strictly required to fix the exploits at hand, this mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a preemptive countermeasure. * fix: primitive 18: `ap/get` bypasses access checks One might argue that we could make this one actually preform access checks against the returned activity object, but I feel like that's a lot more work than just restricting it to administrators, since, to me at least, it seems more like a debugging tool than anything else. * fix: primitive 19 & 20: respect blocks and hide more Ideally, the user property should also be hidden (as leaving it in leaks information slightly), but given the schema of the note endpoint, I don't think that would be possible without introducing some kind of "ghost" user, who is attributed for posts by users who have you blocked. * fix: primitives 21, 22, and 23: reuse resolver This also increases the default `recursionLimit` for `Resolver`, as it theoretically will go higher that it previously would and could possibly fail on non-malicious collection activities. * fix: primitives 25-33: proper local instance checks * revert: fix: primitive 19 & 20 This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c. --------- Co-authored-by: Dakkar <dakkar@thenautilus.net> Co-authored-by: Laura Hausmann <laura@hausmann.dev> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* Fix: ↵Sayamame-beans2024-11-211-4/+14
| | | | | | | リノートミュートが新規投稿通知に対して作用していなかった問題を修正 (#15006) * fix(backend): renoteMute doesn't work for note notification * docs(changelog): update changelog
* perf(frontend): reduce api requests for non-logged-in enviroment (#15001)syuilo2024-11-212-1/+16
| | | | | | | * wip * Update CHANGELOG.md * wip
* Fix(backend): ↵zawa-ch.2024-11-192-3/+3
| | | | | | | アカウント削除のモデレーションログが動作していないのを修正 (#14996) (#14997) * アカウント削除のモデレーションログが動作していないのを修正 * update CHANGELOG
* refactor(backend): ↵おさむのひと2024-11-195-29/+63
| | | | SystemWebhookで送信されるペイロードの型を追加 (#14980)
* fix(backend): ↵饺子w (Yumechi)2024-11-192-3/+4
| | | | | | | | | | | | | | | | お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 (#14990) * fix(backend): アナウンスメントを作成ときに画像URLを後悔できないのを修正 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> * Update CHANGELOG.md Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com> --------- Signed-off-by: eternal-flame-AD <yume@yumechi.jp> Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>
* fix(backend): fallback sharedInbox to null in ApPersonService (#14970)CDN2024-11-161-3/+3
|
* feat: 送信したフォローリクエストを確認できるように ↵かっこかり2024-11-153-0/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#14856) * FEAT: Allow users to view pending follow requests they sent This commit implements the `following/requests/sent` interface firstly implemented on Firefish, and provides a UI interface to view the pending follow requests users sent. * ux: should not show follow requests tab when have no pending sent follow req * fix default followreq tab * fix default followreq tab * restore missing hasPendingReceivedFollowRequest in navbar * refactor * use tabler icons * tweak design * Revert "ux: should not show follow requests tab when have no pending sent follow req" This reverts commit e580b92c37f27c2849c6d27e22ca4c47086081bb. * Update Changelog * Update Changelog * change tab titles --------- Co-authored-by: Lhc_fl <lhcfl@outlook.com> Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
* fix(backend): Webhook Test一致性 (#14863)饺子w (Yumechi)2024-11-123-17/+37
| | | | | | | | | | | | | * fix(backend): Webhook Test一致性 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> * UserWebhookPayload<'followed'> 修正 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> --------- Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* fix(backend): ↵かっこかり2024-11-091-1/+3
| | | | | | | | | | | | | | ローカルユーザーへのメンションを含むノートが連合される際に正しいURLに変換されないことがある問題を修正 (#14879) * fix: make sure mentions of local users get rendered correctly during AP delivery (resolves #645) * Update Changelog * indent --------- Co-authored-by: Laura Hausmann <laura@hausmann.dev> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* enhance(backend) : ↵momoirodouhu2024-11-091-4/+16
| | | | | | | | | | | | | | | | リモートユーザーの照会をオリジナルにリダイレクトするように (#12892) (#14897) * enhance(backend) : リモートユーザーの照会をオリジナルにリダイレクトするように (#12892) * オリジンリダイレクトのテストをtodoとして追加。 e2eテストにリモートユーザー考慮のテストがなさそうなので。 次のコマンドで動くことは確認済みです。 curl "http://localhost:3000/@foo@bar" -H "accept: application/activity+json" -L * Acctのパースを既存のパーサーでするように修正 * lint
* enhance(frontend): ↵かっこかり2024-11-093-2/+59
| | | | | | | 個別お知らせページではmetaタグを出力するように (#14902) * enhance(frontend): 個別お知らせページではmetaタグを出力するように * Update Changelog
* fix(backend): SQLのサニタイズを強化 (#14920)かっこかり2024-11-091-1/+1
| | | | | | | | | | | | * Fix code scanning alert no. 28: Incomplete string escaping or encoding (MisskeyIO#800) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> (cherry picked from commit 443335c662b14f609d6a81a8f3807e95709aebc1) * :v: --------- Co-authored-by: あわわわとーにゅ <17376330+u1-liquid@users.noreply.github.com>
* fix(backend): ↵4ster1sk2024-11-071-1/+1
| | | | followedMessageではなくdescriptionになっていたのを修正 (#14908)
* fix(backend): ↵4ster1sk2024-11-071-0/+6
| | | | フォロワーへのメッセージの絵文字をemojisに含めるように (#14904)
* fix(backend): ↵かっこかり2024-11-061-1/+1
| | | | | | | | | | | | | FTT無効時にユーザーリストタイムラインが使用できない問題を修正 (#14878) * fix: return getfromdb when FanoutTimeline is not enabled * Update Changelog * fix --------- Co-authored-by: Lhc_fl <lhcfl@outlook.com>
* fix(backend): ↵かっこかり2024-11-031-1/+1
| | | | | | | | | | | | | | | ノートを連合する際にリモートユーザーのacctの大小文字を区別して処理している問題を修正 (#14880) * fix: make sure outgoing remote mentions get resolved correctly if referenced with non-canonical casing (resolves #646) * Update Changelog * Update Changelog * indent --------- Co-authored-by: Laura Hausmann <laura@hausmann.dev>
* fix(backend): Accept arrays in ActivityPub `icon` and `image` properties ↵Tamme Schichler2024-10-281-0/+6
| | | | | | (#14825) This is allowed according to the Activity vocabulary: https://www.w3.org/TR/activitystreams-vocabulary/#dfn-icon The issue is noticeable in combination with Bridgy Fed: https://github.com/snarfed/bridgy-fed/issues/1408
* enhance: アイコンデコレーション管理画面の改善syuilo2024-10-282-4/+56
|
* fix(backend): ↵かっこかり2024-10-251-1/+1
| | | | | | | | | | | | | 招待コード発行可能残り数算出に使用すべきロールポリシーの値が違うのを修正 (#14834) * fix: should use invite limit cycle to calculate invite/limit * Update Changelog * Update changelog --------- Co-authored-by: Lhc_fl <lhcfl@outlook.com>
* Merge commit from fork饺子w (Yumechi)2024-10-221-0/+6
| | | | | [ghsa-gq5q-c77c-v236](https://github.com/misskey-dev/misskey/security/advisories/ghsa-gq5q-c77c-v236) Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* feat: ↵syuilo2024-10-2210-36/+99
| | | | | | | | | | | | | | | | | 過去のノートを非公開化/フォロワーのみ表示可能にできる機能 (#14814) * wip * Update CHANGELOG.md * wip * wip * wip * Update privacy.vue * wip
* feat: ノートの閲覧にログイン必須にする設定 (#14799)syuilo2024-10-2114-5/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * wip * wip * wip * Update packages/frontend/src/pages/note.vue Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> * wip * Update WebhookTestService.ts * Update privacy.vue * wip * rename * Update locales/ja-JP.yml Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com> * :art: * wip --------- Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
* enhance(frontend): Bull Dashboard に relationship queue を追加 (#14777)かっこかり2024-10-191-0/+3
| | | | | | | | | | | | | * spec(frontend): Bull Dashboard に relationship queue を追加 (MisskeyIO#751) (cherry picked from commit a8bbccbefa67ca0f2c1ec0880da88dfc7517b6a0) * Update Changelog * Update Changelog --------- Co-authored-by: riku6460 <17585784+riku6460@users.noreply.github.com>
* add notesyuilo2024-10-151-0/+2
|
* add notesyuilo2024-10-141-0/+1
|
* refactor(backend): remove unnecessary anysyuilo2024-10-141-2/+2
|
* Revert "refactor"syuilo2024-10-142-12/+11
| | | | This reverts commit 7fd8ef344b33b0a157bc197cbd64069695806936.
* refactorsyuilo2024-10-142-11/+12
|
* enhance(backend): ↵かっこかり2024-10-141-0/+7
| | | | | | | | | | | | | | | 個人宛のお知らせはわかったを押すとアーカイブするように (#14762) * enhance(backend): 個人宛のお知らせはわかったを押すとアーカイブするように * Update Changelog * enhance(frontend): アーカイブ済みのものを読み込めるように * Update Changelog * fix changelog * :art:
* fix(backend): ↵syuilo2024-10-141-2/+25
| | | | RBT有効時、リノートのリアクションが反映されない問題を修正
* feat: ↵おさむのひと2024-10-133-13/+199
| | | | | | | | | | | | | | | | | | | | | | | | | 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知 (#14757) * feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知 * fix misskey-js.api.md * Revert "feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知" This reverts commit 3ab953bdf87f28411a1a10bce787a23d238cda80. * 通知をやめてユーザ単位でのお知らせ機能に変更 * テスト用実装を戻す * Update packages/backend/src/queue/processors/CheckModeratorsActivityProcessorService.ts Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * fix remove empty then --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* refactor(backend): remove unnecessary .thensyuilo2024-10-134-18/+10
|
* feat: ↵syuilo2024-10-1312-76/+136
| | | | | | | | | | | | | リモートサーバーのサーバー情報を収集しないオプション (#14634) * wip * wip * Update FetchInstanceMetadataService.ts * Update FetchInstanceMetadataService.ts * Update types.ts
* feat: ユーザーの名前に禁止ワードを設定できるように ↵かっこかり2024-10-134-1/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#14756) * wip * :art: * Enhance: モデレーター以上は制限の影響を受けないように * refactor * better error handling * fix * Revert "better error handling" This reverts commit 5670b29cfa18a3894d0c2abfe0e5ef862e3b9ffa. * error handling * エラーが出ないのを修正 * translation * Update Changelog * status code * :v: * モデレーター以上は影響ないことを明記 * :art: * update changelog * spdx * Update update.ts * refactor * eliminate `screen name` * remove untracked file --------- Co-authored-by: KanariKanaru <93921745+kanarikanaru@users.noreply.github.com>
* fix(backend): キューのエラーログを簡略化するように (#14748)かっこかり2024-10-111-38/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * reduce federation log spam * Don't record stack trace for unrecoverable errors. * Avoid logging duplicate stace traces. (cherry picked from commit ed0570110bf8cb8e8959591dccfa3c35999106ce) * improve error summaries (cherry picked from commit 20dd66f735d9778df0371001e303549dce619260) * fix lint errors (cherry picked from commit 83869e1c470b12b3bf4b23d885514d926620662a) * condense job info (cherry picked from commit 786702e076ad1af14538849512ad31c0ced7afe6) * fix maxAttempts calculation (cherry picked from commit b4d10aa8f821e594ec9c907eb2a5bdb3c73c67d5) * condense error info (cherry picked from commit f62cd8941ced74a4865aa5eae4f4a1c7aa1d30f1) * normalize ID logging (cherry picked from commit d8e1e4890d28347239162e26235eb68b1ff96654) * further condense error details (cherry picked from commit d867c2089b3b24680df0713a2aa0914789e45670) * collapse AbortErrors (cherry picked from commit 5171ba7113ebc7242527768afb9ab4cec534e3b3) * don't log job name unless it has one (cherry picked from commit a5316c06ed770b60f7b4c7ff5aa8c71cc0558db7) * Update Changelog * Record origin --------- Co-authored-by: Hazel K <acomputerdog@gmail.com>
* wip (#14745)syuilo2024-10-119-0/+49
|
* feat(backend): ↵おさむのひと2024-10-117-26/+203
| | | | | | | | | | | | | | | | | | | | | 7日間運営のアクティビティがないサーバを自動的に招待制にする (#14746) * feat(backend): 7日間運営のアクティビティがないサーバを自動的に招待制にする * fix RoleService. * fix * fix * fix * add test and fix * fix * fix CHANGELOG.md * fix test
* fix: admin/emoji/update で不正なエラーが発生する (#14750)FineArchs2024-10-112-25/+37
| | | | | | | | | | | | | | | * fix emoji updating bug * update changelog * type fix * " -> ' * conprehensiveness check * lint * undefined -> null
* refactor(frontend): prefix css variables (#14725)syuilo2024-10-093-10/+10
| | | | | | | * wip * Update index.d.ts * remove unnecessary codes
* Update packages/backend/src/core/entities/FlashEntityService.tssyuilo2024-10-081-1/+1
| | | Co-authored-by: zyoshoka <107108195+zyoshoka@users.noreply.github.com>
* fix(backend): correct `admin/abuse-user-reports` schema (#14711)zyoshoka2024-10-051-2/+14
| | | | | * fix(backend): correct `abuse-user-reports` schema * Update CHANGELOG.md
generated by cgit v1.3.1-freya (git 2.54.0) at 2026-05-30 09:48:15 +0000