summaryrefslogtreecommitdiff
path: root/packages/backend (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fix(backend): ↵かっこかり2024-11-221-5/+9
| | | | | | | | | | | | | | | | | | | Inboxのエラーをthrowせずreturnしている問題を修正 (#15022) * fix exception handling for Like activities (cherry picked from commit 8f42e8434eaebe3aba5d1980c57f49dd8ad0de91) * fix exception handling for Announce activities (cherry picked from commit cfc3ab4b045af0674122fa49176431860176358b) * fix exception handling for Undo activities * Update Changelog --------- Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
* fix(backend): fix apResolver (#15010)かっこかり2024-11-212-3/+5
| | | | | | | | | * fix(backend): fix apResolver * fix * add comments * tweak comment
* fix(backend): fix type error(s) in security fixes (#15009)かっこかり2024-11-215-19/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix type error in security fixes (cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205) * Fix error in test function calls (cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b) * Fix style error (cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a) * Fix another style error (cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a) * Fix `.punyHost` misuse (cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42) * attempt to fix test: make yaml valid --------- Co-authored-by: Julia Johannesen <julia@insertdomain.name>
* fix(backend): fix security patches (#15008)かっこかり2024-11-212-3/+3
|
* fix ap/showsyuilo2024-11-211-1/+1
|
* fix(backend): use atomic command to improve securitysyuilo2024-11-211-3/+1
| | | | Co-Authored-By: Acid Chicken <root@acid-chicken.com>
* Merge commit from forkrectcoordsystem2024-11-214-36/+123
| | | | | | | | | | | | | | | | | | | | * fix(backend): check target IP before sending HTTP request * fix(backend): allow accessing private IP when testing * Apply suggestions from code review Co-authored-by: anatawa12 <anatawa12@icloud.com> * fix(backend): lint and typecheck * fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService) * fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses --------- Co-authored-by: anatawa12 <anatawa12@icloud.com> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* Merge commit from forkJulia2024-11-212-8/+23
| | | | | | | | | * Fix poll update spoofing * fix: Disallow negative poll counts --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* Merge commit from forkJulia2024-11-2115-76/+227
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * enhance: Add a few validation fixes from Sharkey See the original MR on the GitLab instance: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484 Co-Authored-By: Dakkar <dakkar@thenautilus.net> * fix: primitive 2: acceptance of cross-origin alternate Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 3: validation of non-final url * fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities * fix: primitives 5 & 8: reject activities with non string identifiers Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 6: reject anonymous objects that were fetched by their id * fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections * fix: code style for primitive 14 * fix: primitive 15: improper same-origin validation for note uri and url Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 16: improper same-origin validation for user uri and url * fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array * fix: code style for primitive 17 * fix: check attribution against actor in notes While this isn't strictly required to fix the exploits at hand, this mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a preemptive countermeasure. * fix: primitive 18: `ap/get` bypasses access checks One might argue that we could make this one actually preform access checks against the returned activity object, but I feel like that's a lot more work than just restricting it to administrators, since, to me at least, it seems more like a debugging tool than anything else. * fix: primitive 19 & 20: respect blocks and hide more Ideally, the user property should also be hidden (as leaving it in leaks information slightly), but given the schema of the note endpoint, I don't think that would be possible without introducing some kind of "ghost" user, who is attributed for posts by users who have you blocked. * fix: primitives 21, 22, and 23: reuse resolver This also increases the default `recursionLimit` for `Resolver`, as it theoretically will go higher that it previously would and could possibly fail on non-malicious collection activities. * fix: primitives 25-33: proper local instance checks * revert: fix: primitive 19 & 20 This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c. --------- Co-authored-by: Dakkar <dakkar@thenautilus.net> Co-authored-by: Laura Hausmann <laura@hausmann.dev> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* Fix: ↵Sayamame-beans2024-11-211-4/+14
| | | | | | | リノートミュートが新規投稿通知に対して作用していなかった問題を修正 (#15006) * fix(backend): renoteMute doesn't work for note notification * docs(changelog): update changelog
* perf(frontend): reduce api requests for non-logged-in enviroment (#15001)syuilo2024-11-212-1/+16
| | | | | | | * wip * Update CHANGELOG.md * wip
* Fix(backend): ↵zawa-ch.2024-11-192-3/+3
| | | | | | | アカウント削除のモデレーションログが動作していないのを修正 (#14996) (#14997) * アカウント削除のモデレーションログが動作していないのを修正 * update CHANGELOG
* refactor(backend): ↵おさむのひと2024-11-195-29/+63
| | | | SystemWebhookで送信されるペイロードの型を追加 (#14980)
* fix(backend): ↵饺子w (Yumechi)2024-11-192-3/+4
| | | | | | | | | | | | | | | | お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 (#14990) * fix(backend): アナウンスメントを作成ときに画像URLを後悔できないのを修正 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> * Update CHANGELOG.md Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com> --------- Signed-off-by: eternal-flame-AD <yume@yumechi.jp> Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>
* fix(backend): fallback sharedInbox to null in ApPersonService (#14970)CDN2024-11-161-3/+3
|
* use execa 8.0.1syuilo2024-11-151-1/+1
| | | | #14966
* Revert "use nodemon 3.0.2"syuilo2024-11-151-1/+1
| | | | This reverts commit ce1f84e5a3c4c906ca611a4c4aa558f5012394d9.
* use nodemon 3.0.2syuilo2024-11-151-1/+1
| | | | #14966
* feat: 送信したフォローリクエストを確認できるように ↵かっこかり2024-11-153-0/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#14856) * FEAT: Allow users to view pending follow requests they sent This commit implements the `following/requests/sent` interface firstly implemented on Firefish, and provides a UI interface to view the pending follow requests users sent. * ux: should not show follow requests tab when have no pending sent follow req * fix default followreq tab * fix default followreq tab * restore missing hasPendingReceivedFollowRequest in navbar * refactor * use tabler icons * tweak design * Revert "ux: should not show follow requests tab when have no pending sent follow req" This reverts commit e580b92c37f27c2849c6d27e22ca4c47086081bb. * Update Changelog * Update Changelog * change tab titles --------- Co-authored-by: Lhc_fl <lhcfl@outlook.com> Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
* update deps (#14950)syuilo2024-11-151-33/+33
| | | | | | | | | | | | | | | | | * update deps * wip * Revert "wip" This reverts commit 393de249fe248ae181221266e0b7828a3ac53152. * wip * wip * wip * wip
* fix(backend): Webhook Test一致性 (#14863)饺子w (Yumechi)2024-11-124-25/+45
| | | | | | | | | | | | | * fix(backend): Webhook Test一致性 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> * UserWebhookPayload<'followed'> 修正 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> --------- Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* fix(backend): ↵かっこかり2024-11-091-1/+3
| | | | | | | | | | | | | | ローカルユーザーへのメンションを含むノートが連合される際に正しいURLに変換されないことがある問題を修正 (#14879) * fix: make sure mentions of local users get rendered correctly during AP delivery (resolves #645) * Update Changelog * indent --------- Co-authored-by: Laura Hausmann <laura@hausmann.dev> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* enhance(backend) : ↵momoirodouhu2024-11-092-4/+18
| | | | | | | | | | | | | | | | リモートユーザーの照会をオリジナルにリダイレクトするように (#12892) (#14897) * enhance(backend) : リモートユーザーの照会をオリジナルにリダイレクトするように (#12892) * オリジンリダイレクトのテストをtodoとして追加。 e2eテストにリモートユーザー考慮のテストがなさそうなので。 次のコマンドで動くことは確認済みです。 curl "http://localhost:3000/@foo@bar" -H "accept: application/activity+json" -L * Acctのパースを既存のパーサーでするように修正 * lint
* enhance(frontend): ↵かっこかり2024-11-093-2/+59
| | | | | | | 個別お知らせページではmetaタグを出力するように (#14902) * enhance(frontend): 個別お知らせページではmetaタグを出力するように * Update Changelog
* fix(backend): SQLのサニタイズを強化 (#14920)かっこかり2024-11-091-1/+1
| | | | | | | | | | | | * Fix code scanning alert no. 28: Incomplete string escaping or encoding (MisskeyIO#800) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> (cherry picked from commit 443335c662b14f609d6a81a8f3807e95709aebc1) * :v: --------- Co-authored-by: あわわわとーにゅ <17376330+u1-liquid@users.noreply.github.com>
* fix(backend): ↵4ster1sk2024-11-071-1/+1
| | | | followedMessageではなくdescriptionになっていたのを修正 (#14908)
* fix(backend): ↵4ster1sk2024-11-071-0/+6
| | | | フォロワーへのメッセージの絵文字をemojisに含めるように (#14904)
* fix(backend): ↵かっこかり2024-11-061-1/+1
| | | | | | | | | | | | | FTT無効時にユーザーリストタイムラインが使用できない問題を修正 (#14878) * fix: return getfromdb when FanoutTimeline is not enabled * Update Changelog * fix --------- Co-authored-by: Lhc_fl <lhcfl@outlook.com>
* fix(backend): ↵かっこかり2024-11-031-1/+1
| | | | | | | | | | | | | | | ノートを連合する際にリモートユーザーのacctの大小文字を区別して処理している問題を修正 (#14880) * fix: make sure outgoing remote mentions get resolved correctly if referenced with non-canonical casing (resolves #646) * Update Changelog * Update Changelog * indent --------- Co-authored-by: Laura Hausmann <laura@hausmann.dev>
* enhance(backend): check_connect.js ↵かっこかり2024-10-281-5/+46
| | | | | | | | | | | | | | | で全RedisとDBへの接続を確認するように (#14853) * fix race conditions in check_connect.js (cherry picked from commit 524ddb96770690455b82522104a543c5b0b1f3b3) * fix * Update Changelog --------- Co-authored-by: Hazelnoot <acomputerdog@gmail.com>
* fix(backend): Accept arrays in ActivityPub `icon` and `image` properties ↵Tamme Schichler2024-10-281-0/+6
| | | | | | (#14825) This is allowed according to the Activity vocabulary: https://www.w3.org/TR/activitystreams-vocabulary/#dfn-icon The issue is noticeable in combination with Bridgy Fed: https://github.com/snarfed/bridgy-fed/issues/1408
* enhance: アイコンデコレーション管理画面の改善syuilo2024-10-282-4/+56
|
* fix(misskey-js): ↵かっこかり2024-10-281-2/+0
| | | | | | | | | | | | | WebSocketの型定義をReconnectingWebsocketに依存するように (#14850) * fix(misskey-js): WebSocketの型定義をReconnectingWebsocketに依存するように * Update Changelog * run api extractor * fix * fix
* fix(backend): ↵かっこかり2024-10-251-1/+1
| | | | | | | | | | | | | 招待コード発行可能残り数算出に使用すべきロールポリシーの値が違うのを修正 (#14834) * fix: should use invite limit cycle to calculate invite/limit * Update Changelog * Update changelog --------- Co-authored-by: Lhc_fl <lhcfl@outlook.com>
* Merge commit from fork饺子w (Yumechi)2024-10-221-0/+6
| | | | | [ghsa-gq5q-c77c-v236](https://github.com/misskey-dev/misskey/security/advisories/ghsa-gq5q-c77c-v236) Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* feat: ↵syuilo2024-10-2211-36/+117
| | | | | | | | | | | | | | | | | 過去のノートを非公開化/フォロワーのみ表示可能にできる機能 (#14814) * wip * Update CHANGELOG.md * wip * wip * wip * Update privacy.vue * wip
* feat: ノートの閲覧にログイン必須にする設定 (#14799)syuilo2024-10-2115-5/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * wip * wip * wip * Update packages/frontend/src/pages/note.vue Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> * wip * Update WebhookTestService.ts * Update privacy.vue * wip * rename * Update locales/ja-JP.yml Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com> * :art: * wip --------- Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
* enhance(frontend): Bull Dashboard に relationship queue を追加 (#14777)かっこかり2024-10-191-0/+3
| | | | | | | | | | | | | * spec(frontend): Bull Dashboard に relationship queue を追加 (MisskeyIO#751) (cherry picked from commit a8bbccbefa67ca0f2c1ec0880da88dfc7517b6a0) * Update Changelog * Update Changelog --------- Co-authored-by: riku6460 <17585784+riku6460@users.noreply.github.com>
* test(backend): add federation test (#14582)zyoshoka2024-10-1527-3/+3056
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * test(backend): add federation test * fix(ci): install pnpm * fix(ci): cd * fix(ci): build entire project * fix(ci): skip frontend build * fix(ci): pull submodule when checkout * chore: show log for debugging * Revert "chore: show log for debugging" This reverts commit a930964b8d6ba550c23bce1e7fb45d92eab49ef9. * fix(ci): build entire project * chore: omit unused globals * refactor: use strictEqual and simplify some asserts * test: follow requests * refactor: add resolveRemoteNote function * refactor: refine resolveRemoteUser function * refactor: cache admin credentials * refactor: simplify assertion with excluded fields * refactor: use assert * test: note * chore: labeler detect federation * test: blocking * test: move * fix: use appropriate TLD * chore: shorter purge interval * fix(ci): change TLD * refactor: delete trivial comment * test(user): isCat * chore: use jest * chore: omit logs * chore: add memo * fix(ci): omit unnecessary build * test: pinning Note * fix: build daemon in container * style: indent * test(streaming): timeline * chore: rename * fix: delete role after test * refactor: resolve users by uri * fix: delete antenna after test * test: api timeline * test: Note deletion * refactor: sleep function * test: notification * style: indent * refactor: type-safe host * docs: update description * refactor: resolve function params * fix(block): wrong test name * fix: invalid type * fix: longer timeout for fire testing * test(timeline): hashtag * test(note): vote delivery * fix: wrong description * fix: hashtag channel param type * refactor: wrap basic cases * test(timeline): add homeTimeline tests * fix(timeline): correct wrong case and description * test(notification): add tests for Note * refactor(user): wrap profile consistency with describe * chore(note): add issue link * test(timeline): add test * test(user): suspension * test: emoji * refactor: fetch admin first * perf: faster tests * test(drive): sensitive flag * test(emoji): add tests * chore: ignore .config/docker.env * chore: hard-coded tester IP address * test(emoji): custom emoji are surrounded by zero width space * refactor: client and username as property * test(notification): mute * fix(notification): correct description * test(block): mention * refactor(emoji): addCustomEmoji function * fix: typo * test(note): add reaction tests * test(timeline): Note deletion * fix: unnecessary ts-expect-error * refactor: unnecessary fetch mocking * chore: add TODO comments * test(user): deletion * chore: enable --frozen-lockfile * fix(ci): copying configs * docs: update CONTRIBUTING.md * docs: fix typo * chore: set default sleep duration * fix(notification): omit flaky tests * fix(notification): correct type * test(notification): add api endpoint tests * chore: remove redundant mute test * refactor: use param client * fix: start timer after trigger * refactor: remove unnecessary any * chore: shorter timeout for checking if fired * fix(block): remove outdated comment * refactor: shorten remote user variable name * refactor(block): use existing function * refactor: file upload * docs: update description * test(user): ffVisibility * fix: `/api/signin` -> `/api/signin-flow` * test: abuse report * refactor: use existing type * refactor: extract duplicate configs to template file * fix: typo * fix: avoid conflict * refactor: change container dependency * perf: start misskey parallelly * fix: remove dependency * chore(backend): add typecheck * test: add check for #14728 * chore: enable eslint check * perf: don't start linked services when test * test(note): remote note deletion for moderation * chore: define config template * chore: write setup script * refactor: omit unnecessary conditional * refactor: clarify scope * refactor: omit type assertion * refactor: omit logs * style * refactor: redundant promise * refactor: unnecessary imports * refactor: use readable error code * refactor: cache set in signin function * refactor: optimize import
* add notesyuilo2024-10-151-0/+2
|
* add notesyuilo2024-10-141-0/+1
|
* refactor(backend): remove unnecessary anysyuilo2024-10-141-2/+2
|
* Revert "refactor"syuilo2024-10-142-12/+11
| | | | This reverts commit 7fd8ef344b33b0a157bc197cbd64069695806936.
* refactorsyuilo2024-10-142-11/+12
|
* enhance(backend): ↵かっこかり2024-10-141-0/+7
| | | | | | | | | | | | | | | 個人宛のお知らせはわかったを押すとアーカイブするように (#14762) * enhance(backend): 個人宛のお知らせはわかったを押すとアーカイブするように * Update Changelog * enhance(frontend): アーカイブ済みのものを読み込めるように * Update Changelog * fix changelog * :art:
* fix(backend): ↵syuilo2024-10-141-2/+25
| | | | RBT有効時、リノートのリアクションが反映されない問題を修正
* feat: ↵おさむのひと2024-10-134-25/+355
| | | | | | | | | | | | | | | | | | | | | | | | | 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知 (#14757) * feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知 * fix misskey-js.api.md * Revert "feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知" This reverts commit 3ab953bdf87f28411a1a10bce787a23d238cda80. * 通知をやめてユーザ単位でのお知らせ機能に変更 * テスト用実装を戻す * Update packages/backend/src/queue/processors/CheckModeratorsActivityProcessorService.ts Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * fix remove empty then --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* refactor(backend): remove unnecessary .thensyuilo2024-10-134-18/+10
|
* feat: ↵syuilo2024-10-1314-86/+162
| | | | | | | | | | | | | リモートサーバーのサーバー情報を収集しないオプション (#14634) * wip * wip * Update FetchInstanceMetadataService.ts * Update FetchInstanceMetadataService.ts * Update types.ts
* feat: ユーザーの名前に禁止ワードを設定できるように ↵かっこかり2024-10-135-1/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#14756) * wip * :art: * Enhance: モデレーター以上は制限の影響を受けないように * refactor * better error handling * fix * Revert "better error handling" This reverts commit 5670b29cfa18a3894d0c2abfe0e5ef862e3b9ffa. * error handling * エラーが出ないのを修正 * translation * Update Changelog * status code * :v: * モデレーター以上は影響ないことを明記 * :art: * update changelog * spdx * Update update.ts * refactor * eliminate `screen name` * remove untracked file --------- Co-authored-by: KanariKanaru <93921745+kanarikanaru@users.noreply.github.com>
generated by cgit v1.3.1-freya (git 2.54.0) at 2026-05-30 18:16:20 +0000