From dad6a7764542d125c8e3ee41c195fd732c3973f5 Mon Sep 17 00:00:00 2001 From: syuilo Date: Sun, 22 Aug 2021 22:22:53 +0900 Subject: refactoring --- src/server/web/boot.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'src/server') diff --git a/src/server/web/boot.js b/src/server/web/boot.js index e2fd137f95..7a41ae2555 100644 --- a/src/server/web/boot.js +++ b/src/server/web/boot.js @@ -60,8 +60,6 @@ ? `?salt=${localStorage.getItem('salt')}` : ''; - const head = document.getElementsByTagName('head')[0]; - const script = document.createElement('script'); script.setAttribute('src', `/assets/app.${v}.js${salt}`); script.setAttribute('async', 'true'); @@ -70,7 +68,7 @@ renderError('APP_FETCH_FAILED'); checkUpdate(); }); - head.appendChild(script); + document.head.appendChild(script); //#endregion //#region Theme -- cgit v1.2.3-freya From 9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a Mon Sep 17 00:00:00 2001 From: syuilo Date: Tue, 24 Aug 2021 13:08:20 +0900 Subject: fix(server): use csp to imporve security --- CHANGELOG.md | 1 + src/server/file/index.ts | 4 ++++ src/server/proxy/index.ts | 4 ++++ 3 files changed, 9 insertions(+) (limited to 'src/server') diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a3988d02c..5e4fbbf36f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ - クライアントのデザインの調整 ### Bugfixes +- セキュリティの向上 ## 12.89.0 (2021/08/21) diff --git a/src/server/file/index.ts b/src/server/file/index.ts index 9b5d8f7267..a455acd1cf 100644 --- a/src/server/file/index.ts +++ b/src/server/file/index.ts @@ -17,6 +17,10 @@ const _dirname = dirname(_filename); // Init app const app = new Koa(); app.use(cors()); +app.use(async (ctx, next) => { + ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`); + await next(); +}); // Init router const router = new Router(); diff --git a/src/server/proxy/index.ts b/src/server/proxy/index.ts index 9ef198d31b..b8993f19f8 100644 --- a/src/server/proxy/index.ts +++ b/src/server/proxy/index.ts @@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media'; // Init app const app = new Koa(); app.use(cors()); +app.use(async (ctx, next) => { + ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`); + await next(); +}); // Init router const router = new Router(); -- cgit v1.2.3-freya From d64e25e4490da7fc508230d92d277b1c5284b381 Mon Sep 17 00:00:00 2001 From: syuilo Date: Tue, 24 Aug 2021 13:19:21 +0900 Subject: fix: support DeepL pro account Fix #7648 --- CHANGELOG.md | 2 ++ migration/1629778475000-deepl-integration2.ts | 14 ++++++++++++++ src/client/pages/instance/other-settings.vue | 6 ++++++ src/models/entities/meta.ts | 5 +++++ src/server/api/endpoints/admin/update-meta.ts | 8 ++++++++ src/server/api/endpoints/meta.ts | 2 ++ src/server/api/endpoints/notes/translate.ts | 4 +++- 7 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 migration/1629778475000-deepl-integration2.ts (limited to 'src/server') diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e4fbbf36f..1cf0d5fa74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,8 @@ - クライアントのデザインの調整 ### Bugfixes +- 翻訳でDeepLのProアカウントに対応していない問題を修正 +- インスタンス設定でDeepLのAuth Keyが空で表示される問題を修正 - セキュリティの向上 ## 12.89.0 (2021/08/21) diff --git a/migration/1629778475000-deepl-integration2.ts b/migration/1629778475000-deepl-integration2.ts new file mode 100644 index 0000000000..67e5ea02ae --- /dev/null +++ b/migration/1629778475000-deepl-integration2.ts @@ -0,0 +1,14 @@ +import {MigrationInterface, QueryRunner} from "typeorm"; + +export class deeplIntegration21629778475000 implements MigrationInterface { + name = 'deeplIntegration21629778475000' + + public async up(queryRunner: QueryRunner): Promise { + await queryRunner.query(`ALTER TABLE "meta" ADD "deeplIsPro" boolean NOT NULL DEFAULT false`); + } + + public async down(queryRunner: QueryRunner): Promise { + await queryRunner.query(`ALTER TABLE "meta" DROP COLUMN "deeplIsPro"`); + } + +} diff --git a/src/client/pages/instance/other-settings.vue b/src/client/pages/instance/other-settings.vue index 8002528931..4fa80b2b2c 100644 --- a/src/client/pages/instance/other-settings.vue +++ b/src/client/pages/instance/other-settings.vue @@ -12,6 +12,9 @@ DeepL Auth Key + + Pro account + {{ $ts.save }} @@ -50,6 +53,7 @@ export default defineComponent({ }, summalyProxy: '', deeplAuthKey: '', + deeplIsPro: false, } }, @@ -62,11 +66,13 @@ export default defineComponent({ const meta = await os.api('meta', { detail: true }); this.summalyProxy = meta.summalyProxy; this.deeplAuthKey = meta.deeplAuthKey; + this.deeplIsPro = meta.deeplIsPro; }, save() { os.apiWithDialog('admin/update-meta', { summalyProxy: this.summalyProxy, deeplAuthKey: this.deeplAuthKey, + deeplIsPro: this.deeplIsPro, }).then(() => { fetchInstance(); }); diff --git a/src/models/entities/meta.ts b/src/models/entities/meta.ts index 2a0632c87c..6428aacdf1 100644 --- a/src/models/entities/meta.ts +++ b/src/models/entities/meta.ts @@ -319,6 +319,11 @@ export class Meta { }) public deeplAuthKey: string | null; + @Column('boolean', { + default: false, + }) + public deeplIsPro: boolean; + @Column('varchar', { length: 512, nullable: true diff --git a/src/server/api/endpoints/admin/update-meta.ts b/src/server/api/endpoints/admin/update-meta.ts index 5962dba98a..46f30fef7d 100644 --- a/src/server/api/endpoints/admin/update-meta.ts +++ b/src/server/api/endpoints/admin/update-meta.ts @@ -149,6 +149,10 @@ export const meta = { validator: $.optional.nullable.str, }, + deeplIsPro: { + validator: $.optional.bool, + }, + enableTwitterIntegration: { validator: $.optional.bool, }, @@ -574,6 +578,10 @@ export default define(meta, async (ps, me) => { } } + if (ps.deeplIsPro !== undefined) { + set.deeplIsPro = ps.deeplIsPro; + } + await getConnection().transaction(async transactionalEntityManager => { const meta = await transactionalEntityManager.findOne(Meta, { order: { diff --git a/src/server/api/endpoints/meta.ts b/src/server/api/endpoints/meta.ts index 1c87952f6a..3f422dff07 100644 --- a/src/server/api/endpoints/meta.ts +++ b/src/server/api/endpoints/meta.ts @@ -583,6 +583,8 @@ export default define(meta, async (ps, me) => { response.objectStorageUseProxy = instance.objectStorageUseProxy; response.objectStorageSetPublicRead = instance.objectStorageSetPublicRead; response.objectStorageS3ForcePathStyle = instance.objectStorageS3ForcePathStyle; + response.deeplAuthKey = instance.deeplAuthKey; + response.deeplIsPro = instance.deeplIsPro; } } diff --git a/src/server/api/endpoints/notes/translate.ts b/src/server/api/endpoints/notes/translate.ts index a5fdf70ce6..e4bc6bb060 100644 --- a/src/server/api/endpoints/notes/translate.ts +++ b/src/server/api/endpoints/notes/translate.ts @@ -61,7 +61,9 @@ export default define(meta, async (ps, user) => { params.append('text', note.text); params.append('target_lang', targetLang); - const res = await fetch('https://api-free.deepl.com/v2/translate', { + const endpoint = instance.deeplIsPro ? 'https://api.deepl.com/v2/translate' : 'https://api-free.deepl.com/v2/translate'; + + const res = await fetch(endpoint, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', -- cgit v1.2.3-freya