| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| | |
matching multiple final URLs in URL authority checking (#15655)
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
カスタム絵文字の一括インポートをした時にHTTPプロキシの除外設定が効かないのを修正 (#15431)
* pxory
* fix
* fix CHANGELOG.md
* allow localAddress
---------
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fix(backend): Fix an issue where the origin of ActivityPub lookup response was not validated correctly.
[GHSA-6w2c-vf6f-xf26](https://github.com/misskey-dev/misskey/security/advisories/GHSA-6w2c-vf6f-xf26)
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* Enhance: Add configuration option to disable all external redirects when responding to an ActivityPub lookup (config.disallowExternalApRedirect)
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* fixup! fix(backend): Fix an issue where the origin of ActivityPub lookup response was not validated correctly.
* docs & one edge case
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* apply suggestions
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* remove stale frontend reference to _responseInvalidIdHostNotMatch
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
* apply suggestions
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---------
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Fix type error in security fixes
(cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205)
* Fix error in test function calls
(cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b)
* Fix style error
(cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a)
* Fix another style error
(cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a)
* Fix `.punyHost` misuse
(cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42)
* attempt to fix test: make yaml valid
---------
Co-authored-by: Julia Johannesen <julia@insertdomain.name>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fix(backend): check target IP before sending HTTP request
* fix(backend): allow accessing private IP when testing
* Apply suggestions from code review
Co-authored-by: anatawa12 <anatawa12@icloud.com>
* fix(backend): lint and typecheck
* fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService)
* fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses
---------
Co-authored-by: anatawa12 <anatawa12@icloud.com>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* enhance: Add a few validation fixes from Sharkey
See the original MR on the GitLab instance:
https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484
Co-Authored-By: Dakkar <dakkar@thenautilus.net>
* fix: primitive 2: acceptance of cross-origin alternate
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 3: validation of non-final url
* fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities
* fix: primitives 5 & 8: reject activities with non
string identifiers
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 6: reject anonymous objects that were fetched by their id
* fix: primitives 9, 10 & 11: http signature validation
doesn't enforce required headers or specify auth header name
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections
* fix: code style for primitive 14
* fix: primitive 15: improper same-origin validation for
note uri and url
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 16: improper same-origin validation for user uri and url
* fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array
* fix: code style for primitive 17
* fix: check attribution against actor in notes
While this isn't strictly required to fix the exploits at hand, this
mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a
preemptive countermeasure.
* fix: primitive 18: `ap/get` bypasses access checks
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
* fix: primitive 19 & 20: respect blocks and hide more
Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.
* fix: primitives 21, 22, and 23: reuse resolver
This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.
* fix: primitives 25-33: proper local instance checks
* revert: fix: primitive 19 & 20
This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c.
---------
Co-authored-by: Dakkar <dakkar@thenautilus.net>
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| | |
| |
| |
| | |
バグがある(かつすぐに修正できそうにない) & まだレビュー途中で意図せずマージされたため
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 1. ed25519キーペアを発行・Personとして公開鍵を送受信
* validate additionalPublicKeys
* getAuthUserFromApIdはmainを選ぶ
* :v:
* fix
* signatureAlgorithm
* set publicKeyCache lifetime
* refresh
* httpMessageSignatureAcceptable
* ED25519_SIGNED_ALGORITHM
* ED25519_PUBLIC_KEY_SIGNATURE_ALGORITHM
* remove sign additionalPublicKeys signature requirements
* httpMessageSignaturesSupported
* httpMessageSignaturesImplementationLevel
* httpMessageSignaturesImplementationLevel: '01'
* perf(federation): Use hint for getAuthUserFromApId (#13470)
* Hint for getAuthUserFromApId
* とどのつまりこれでいいのか?
* use @misskey-dev/node-http-message-signatures
* fix
* signedPost, signedGet
* ap-request.tsを復活させる
* remove digest prerender
* fix test?
* fix test
* add httpMessageSignaturesImplementationLevel to FederationInstance
* ManyToOne
* fetchPersonWithRenewal
* exactKey
* :v:
* use const
* use gen-key-pair fn. from '@misskey-dev/node-http-message-signatures'
* update node-http-message-signatures
* fix
* @misskey-dev/node-http-message-signatures@0.0.0-alpha.11
* getAuthUserFromApIdでupdatePersonの頻度を増やす
* cacheRaw.date
* use requiredInputs
https://github.com/misskey-dev/misskey/pull/13464#discussion_r1509964359
* update @misskey-dev/node-http-message-signatures
* clean up
* err msg
* fix(backend): fetchInstanceMetadataのLockが永遠に解除されない問題を修正
Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com>
* fix httpMessageSignaturesImplementationLevel validation
* fix test
* fix
* comment
* comment
* improve test
* fix
* use Promise.all in genRSAAndEd25519KeyPair
* refreshAndprepareEd25519KeyPair
* refreshAndfindKey
* commetn
* refactor public keys add
* digestプリレンダを復活させる
RFC実装時にどうするか考える
* fix, async
* fix
* !== true
* use save
* Deliver update person when new key generated (not tested)
https://github.com/misskey-dev/misskey/pull/13464#issuecomment-1977049061
* 循環参照で落ちるのを解消?
* fix?
* Revert "fix?"
This reverts commit 0082f6f8e8c5d5febd14933ba9a1ac643f70ca92.
* a
* logger
* log
* change logger
* 秘密鍵の変更は、フラグではなく鍵を引き回すようにする
* addAllKnowingSharedInboxRecipe
* nanka meccha kaeta
* delivre
* キャッシュ有効チェックはロック取得前に行う
* @misskey-dev/node-http-message-signatures@0.0.3
* PrivateKeyPem
* getLocalUserPrivateKey
* fix test
* if
* fix ap-request
* update node-http-message-signatures
* fix type error
* update package
* fix type
* update package
* retry no key
* @misskey-dev/node-http-message-signatures@0.0.8
* fix type error
* log keyid
* logger
* db-resolver
* JSON.stringify
* HTTP Signatureがなかったり使えなかったりしそうな場合にLD Signatureを活用するように
* inbox-delayed use actor if no signature
* ユーザーとキーの同一性チェックはhostの一致にする
* log signature parse err
* save array
* とりあえずtryで囲っておく
* fetchPersonWithRenewalでエラーが起きたら古いデータを返す
* use transactionalEntityManager
* fix spdx
* @misskey-dev/node-http-message-signatures@0.0.10
* add comment
* fix
* publicKeyに配列が入ってもいいようにする
https://github.com/misskey-dev/misskey/pull/13950
* define additionalPublicKeys
* fix
* merge fix
* refreshAndprepareEd25519KeyPair → refreshAndPrepareEd25519KeyPair
* remove gen-key-pair.ts
* defaultMaxListeners = 512
* Revert "defaultMaxListeners = 512"
This reverts commit f2c412c18057a9300540794ccbe4dfbf6d259ed6.
* genRSAAndEd25519KeyPairではキーを直列に生成する?
* maxConcurrency: 8
* maxConcurrency: 16
* maxConcurrency: 8
* Revert "genRSAAndEd25519KeyPairではキーを直列に生成する?"
This reverts commit d0aada55c1ed5aa98f18731ec82f3ac5eb5a6c16.
* maxWorkers: '90%'
* Revert "maxWorkers: '90%'"
This reverts commit 9e0a93f110456320d6485a871f014f7cdab29b33.
* e2e/timelines.tsで個々のテストに対するtimeoutを削除, maxConcurrency: 32
* better error handling of this.userPublickeysRepository.delete
* better comment
* set result to keypairEntityCache
* deliverJobConcurrency: 16, deliverJobPerSec: 1024, inboxJobConcurrency: 4
* inboxJobPerSec: 64
* delete request.headers['host'];
* fix
* // node-fetch will generate this for us. if we keep 'Host', it won't change with redirects!
* move delete host
* modify comment
* modify comment
* fix correct → collect
* refreshAndfindKey → refreshAndFindKey
* modify comment
* modify attachLdSignature
* getApId, InboxProcessorService
* TODO
* [skip ci] add CHANGELOG
---------
Co-authored-by: MeiMei <30769358+mei23@users.noreply.github.com>
Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com>
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
(HttpRequestService)
|
| | | |
|
| | |
| |
| |
| | |
Co-authored-by: anatawa12 <anatawa12@icloud.com>
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* maybe ok
* fix
* test wip
* :v:
* fix
* if (res.ok)
* validateContentTypeSetAsJsonLD
* 条件を考慮し直す
* その他の+json接尾辞が付いているメディアタイプも受け容れる
* https://github.com/misskey-dev/misskey-ghsa-qqrm-9grj-6v32/pull/1#discussion_r1490999009
* add `; profile="https://www.w3.org/ns/activitystreams"`
* application/ld+json;
|
| |
|
|
| |
Fix #13290
|
| |
|
|
| |
This reverts commit 9b5aeb76d8c9372d67058c512597152b6bf222f2.
|
| | |
|
| |
|
|
|
|
|
| |
* Add address bind config option
* Edit changelog
* forgot to add to types
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update deps
* Update .eslintrc.js
* Update .eslintrc.js
* lint
* lint
* Update update.ts
* update deps
* Update .eslintrc.js
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
著作権とライセンスについての情報を各ファイルに追加する (#11348)
* chore: Add the SPDX information to each file
Add copyright and licensing information as defined in version 3.0 of
the REUSE Specification.
* tweak format
---------
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* cleanup: trim trailing whitespace
* update(`.editorconfig`)
---------
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
|
| |
|
|
| |
Fix #9817 (maybe)
|
| | |
|
| |
|
|
| |
see #9710
|
| |
|
|
|
|
|
|
|
|
|
| |
* wip
* update pnpm-lock
* use our own DevNull
* fix
* deliverJobConcurrencyをmacSocketsで割ってソケット数にする
|
| |
|
|
| |
httpRequestServiceのUndiciFetcher依存をなるべくカプセル化
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Implement? HttpFetchService
* :v:
* remove node-fetch
* fix
* refactor
* fix
* gateway timeout
* UndiciFetcherクラスを追加 (仮コミット, ビルドもstartもさせていない)
* fix
* add logger and fix url preview
* fix ip check
* enhance logger and error handling
* fix
* fix
* clean up
* Use custom fetcher for ApRequest / ApResolver
* bypassProxyはproxyBypassHostsに判断を委譲するように
* set maxRedirections (default 3, ApRequest/ApResolver: 0)
* fix comment
* handle error s3 upload
* add debug message
* no return await
* Revert "no return await"
This reverts commit b5b0dc58a342393d260492e3a6f58304372f53b2.
* reduce maxSockets
* apResolverのUndiciFetcherを廃止しapRequestのものを使う、 add ap logger
* Revert "apResolverのUndiciFetcherを廃止しapRequestのものを使う、 add ap logger"
This reverts commit 997243915c8e1f8472da64f607f88c36cb1d5cb4.
* add logger
* fix
* change logger name
* safe
* デフォルトでUser-Agentを設定
|
| | |
|
| | |
|
| | |
|
| | |
|
