Merge branch 'develop' into future-2024-03-23

6 files changed, 66 insertions, 43 deletions

diff --git a/Dockerfile b/Dockerfile
index 8ad4bbbfb1..7e0a778862 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,10 +4,6 @@ ARG NODE_VERSION=20.10.0-alpine3.18
 
 FROM node:${NODE_VERSION} as build
 
-RUN corepack enable
-
-WORKDIR /sharkey
-
 RUN apk add git linux-headers build-base
 
 ENV PYTHONUNBUFFERED=1
@@ -15,55 +11,70 @@ RUN apk add --update python3 && ln -sf python3 /usr/bin/python
 RUN python3 -m ensurepip
 RUN pip3 install --no-cache --upgrade pip setuptools
 
-COPY . ./
+RUN corepack enable
+
+WORKDIR /sharkey
+
+COPY --link . ./
 
 RUN git submodule update --init --recursive
 RUN pnpm config set fetch-retries 5
 RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
-	pnpm i
+	pnpm i --frozen-lockfile --aggregate-output
 RUN pnpm build
 RUN node scripts/trim-deps.mjs
 RUN mv packages/frontend/assets sharkey-assets
+RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
+	pnpm prune
 RUN rm -r node_modules packages/frontend packages/sw
 RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
-	pnpm i --prod
+	pnpm i --prod --frozen-lockfile --aggregate-output
 RUN rm -rf .git
 
 FROM node:${NODE_VERSION}
 
-WORKDIR /sharkey
+ARG UID="991"
+ARG GID="991"
 
-RUN apk add ffmpeg tini
+RUN apk add ffmpeg tini jemalloc \
+	&& corepack enable \
+	&& addgroup -g "${GID}" sharkey \
+	&& adduser -D -u "${UID}" -G sharkey -h /sharkey sharkey \
+	&& find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; \
+	&& find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \;
 
-COPY --from=build /sharkey/built ./built
-COPY --from=build /sharkey/node_modules ./node_modules
-COPY --from=build /sharkey/packages/backend/built ./packages/backend/built
-COPY --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules
-COPY --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib
-COPY --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules
-COPY --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built
-COPY --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules
-COPY --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built
-COPY --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules
-COPY --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built
-COPY --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules
-COPY --from=build /sharkey/fluent-emojis ./fluent-emojis
-COPY --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist
-COPY --from=build /sharkey/sharkey-assets ./packages/frontend/assets
+USER sharkey
+WORKDIR /sharkey
+
+COPY --chown=sharkey:sharkey --from=build /sharkey/node_modules ./node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/built ./built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/built ./packages/backend/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib
+COPY --chown=sharkey:sharkey --from=build /sharkey/fluent-emojis ./fluent-emojis
+COPY --chown=sharkey:sharkey --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist
+COPY --chown=sharkey:sharkey --from=build /sharkey/sharkey-assets ./packages/frontend/assets
 
-COPY package.json ./package.json
-COPY pnpm-workspace.yaml ./pnpm-workspace.yaml
-COPY packages/backend/package.json ./packages/backend/package.json
-COPY packages/backend/check_connect.js ./packages/backend/check_connect.js
-COPY packages/backend/ormconfig.js ./packages/backend/ormconfig.js
-COPY packages/backend/migration ./packages/backend/migration
-COPY packages/backend/assets ./packages/backend/assets
-COPY packages/megalodon/package.json ./packages/megalodon/package.json
-COPY packages/misskey-js/package.json ./packages/misskey-js/package.json
-COPY packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json
-COPY packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json
+COPY --chown=sharkey:sharkey package.json ./package.json
+COPY --chown=sharkey:sharkey pnpm-workspace.yaml ./pnpm-workspace.yaml
+COPY --chown=sharkey:sharkey packages/backend/package.json ./packages/backend/package.json
+COPY --chown=sharkey:sharkey packages/backend/check_connect.js ./packages/backend/check_connect.js
+COPY --chown=sharkey:sharkey packages/backend/ormconfig.js ./packages/backend/ormconfig.js
+COPY --chown=sharkey:sharkey packages/backend/migration ./packages/backend/migration
+COPY --chown=sharkey:sharkey packages/backend/assets ./packages/backend/assets
+COPY --chown=sharkey:sharkey packages/megalodon/package.json ./packages/megalodon/package.json
+COPY --chown=sharkey:sharkey packages/misskey-js/package.json ./packages/misskey-js/package.json
+COPY --chown=sharkey:sharkey packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json
+COPY --chown=sharkey:sharkey packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json
 
+ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2
 ENV NODE_ENV=production
-RUN corepack enable
 ENTRYPOINT ["/sbin/tini", "--"]
 CMD ["pnpm", "run", "migrateandstart"]
diff --git a/IMPORTANT_NOTES.md b/IMPORTANT_NOTES.md
index fba40d21ce..54d0440bea 100644
--- a/IMPORTANT_NOTES.md
+++ b/IMPORTANT_NOTES.md
@@ -6,8 +6,11 @@ When using a service with Sharkey, there are several important points to keep in
 
 2. Even for posts made in private, there is no guarantee that the recipient's server will treat them as private in the same way. Please exercise caution when posting personal or confidential information. (Again, this applies to the internet in general.)
 
-3. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
+3. The "Drive" feature is NOT secure cloud storage. This feature exists for easier managing of your uploaded files.
+Any data uploaded, whether shared via post or not, will be publicly accessible. Please use 3rd party cloud storage providers if you need to upload data with sensitive information of any kind. 
 
-4. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
+4. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
 
-Please understand these points and enjoy using the service.
\ No newline at end of file
+5. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
+
+Please understand these points and enjoy using the service.
diff --git a/packages/backend/ormconfig.js b/packages/backend/ormconfig.js
index 229e5bf1fe..c88b3b3d65 100644
--- a/packages/backend/ormconfig.js
+++ b/packages/backend/ormconfig.js
@@ -11,7 +11,11 @@ export default new DataSource({
 	username: config.db.user,
 	password: config.db.pass,
 	database: config.db.db,
-	extra: config.db.extra,
+	extra: {
+		...config.db.extra,
+		// migrations may be very slow, give them longer to run (that 10*1000 comes from postgres.ts)
+		statement_timeout: (config.db.extra?.statement_timeout ?? 1000 * 10) * 10,
+	},
 	entities: entities,
 	migrations: ['migration/*.js'],
 });
diff --git a/packages/frontend/src/account.ts b/packages/frontend/src/account.ts
index 171826c9d8..90cc2e51c9 100644
--- a/packages/frontend/src/account.ts
+++ b/packages/frontend/src/account.ts
@@ -43,6 +43,7 @@ export async function signout() {
 	waiting();
 	miLocalStorage.removeItem('account');
 	await removeAccount($i.id);
+	document.cookie = `token=; path=/; max-age=0${ location.protocol === 'https:' ? '; Secure' : ''}`;
 	const accounts = await getAccounts();
 
 	//#region Remove service worker registration
@@ -200,7 +201,7 @@ export async function login(token: Account['token'], redirect?: string) {
 			throw reason;
 		});
 	miLocalStorage.setItem('account', JSON.stringify(me));
-	document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う
+	document.cookie = `token=${token}; path=/; max-age=31536000${ location.protocol === 'https:' ? '; Secure' : ''}`; // bull dashboardの認証とかで使う
 	await addAccount(me.id, token);
 
 	if (redirect) {
diff --git a/packages/frontend/src/components/MkCode.core.vue b/packages/frontend/src/components/MkCode.core.vue
index f9aaf4eff3..a23b4dc3b2 100644
--- a/packages/frontend/src/components/MkCode.core.vue
+++ b/packages/frontend/src/components/MkCode.core.vue
@@ -72,12 +72,16 @@ watch(() => props.lang, (to) => {
 </script>
 
 <style module lang="scss">
+.codeBlockRoot {
+  text-align: left;
+}
+
 .codeBlockRoot :global(.shiki) > code {
   counter-reset: step;
   counter-increment: step 0;
 }
 
-.codeBlockRoot :global(.shiki) > code > .line::before {
+.codeBlockRoot :global(.shiki) > code > span::before {
   content: counter(step);
   counter-increment: step;
   width: 1rem;
diff --git a/packages/frontend/src/pages/welcome.timeline.vue b/packages/frontend/src/pages/welcome.timeline.vue
index 59f91e8b4c..be4cb2d2de 100644
--- a/packages/frontend/src/pages/welcome.timeline.vue
+++ b/packages/frontend/src/pages/welcome.timeline.vue
@@ -40,7 +40,7 @@ const isScrolling = ref(false);
 const scrollEl = shallowRef<HTMLElement>();
 
 misskeyApiGet('notes/featured').then(_notes => {
-	notes.value = _notes;
+	notes.value = _notes.filter(n => n.cw == null);
 });
 
 onUpdated(() => {