summaryrefslogtreecommitdiff
path: root/packages/backend/src/core/RemoteUserResolveService.ts (follow)
Commit message (Collapse)AuthorAgeFilesLines
* split url into webUrl and localUrl (like mastodon)stableFreya Murphy16 hours1-1/+1
|
* more use of identifiable errors, improvements to inner error rendering, and ↵Hazelnoot2025-06-061-2/+3
| | | | more heuristics for is-retryable-error
* normalize use of .info (INFO) instead of .succ (DONE) loggingHazelnoot2025-06-061-1/+1
|
* clarify logs and reduce spam from RemoteUserResolveService.tsHazelnoot2025-06-061-38/+12
|
* fix(backend): ↵鴇峰 朔華2025-02-261-1/+1
| | | | | | | ローカル判定でisUriLocalを使用していない箇所を修正 (#15069) * fix(backend): ローカル判定でisUriLocalを使用していない箇所を修正 * fix(test backend): RelayServiceでUtilityServiceを使う
* fix(backend): fix type error(s) in security fixes (#15009)かっこかり2024-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix type error in security fixes (cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205) * Fix error in test function calls (cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b) * Fix style error (cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a) * Fix another style error (cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a) * Fix `.punyHost` misuse (cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42) * attempt to fix test: make yaml valid --------- Co-authored-by: Julia Johannesen <julia@insertdomain.name>
* Merge commit from forkJulia2024-11-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * enhance: Add a few validation fixes from Sharkey See the original MR on the GitLab instance: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484 Co-Authored-By: Dakkar <dakkar@thenautilus.net> * fix: primitive 2: acceptance of cross-origin alternate Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 3: validation of non-final url * fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities * fix: primitives 5 & 8: reject activities with non string identifiers Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 6: reject anonymous objects that were fetched by their id * fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections * fix: code style for primitive 14 * fix: primitive 15: improper same-origin validation for note uri and url Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 16: improper same-origin validation for user uri and url * fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array * fix: code style for primitive 17 * fix: check attribution against actor in notes While this isn't strictly required to fix the exploits at hand, this mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a preemptive countermeasure. * fix: primitive 18: `ap/get` bypasses access checks One might argue that we could make this one actually preform access checks against the returned activity object, but I feel like that's a lot more work than just restricting it to administrators, since, to me at least, it seems more like a debugging tool than anything else. * fix: primitive 19 & 20: respect blocks and hide more Ideally, the user property should also be hidden (as leaving it in leaks information slightly), but given the schema of the note endpoint, I don't think that would be possible without introducing some kind of "ghost" user, who is attributed for posts by users who have you blocked. * fix: primitives 21, 22, and 23: reuse resolver This also increases the default `recursionLimit` for `Resolver`, as it theoretically will go higher that it previously would and could possibly fail on non-malicious collection activities. * fix: primitives 25-33: proper local instance checks * revert: fix: primitive 19 & 20 This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c. --------- Co-authored-by: Dakkar <dakkar@thenautilus.net> Co-authored-by: Laura Hausmann <laura@hausmann.dev> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* (re) update SPDX-FileCopyrightTexttamaina2024-02-131-1/+1
| | | | Fix #13290
* Revert "update SPDX-FileCopyrightText"tamaina2024-02-131-1/+1
| | | | This reverts commit 9b5aeb76d8c9372d67058c512597152b6bf222f2.
* update SPDX-FileCopyrightTextsyuilo2024-02-121-1/+1
|
* refactor(backend): update directory structure for modelssyuilo2023-09-201-1/+1
|
* update deps (#11820)syuilo2023-09-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * update deps * fix * wip * wip * wip * Update docker-compose.yml.example * Delete reviewer-lottery.yml * Update RepositoryModule.ts * wip * wip * clean up * update deps * wip * wip
* refactor: prefix Mi for all entities (#11719)syuilo2023-08-161-7/+7
| | | | | | | | | | | | | | | | | | | | | * wip * wip * wip * wip * Update RepositoryModule.ts * wip * wip * wip * Revert "wip" This reverts commit c1c13b37d2aaf3c65bc148212da302b0eb7868bf.
* chore: ↵Shun Sakai2023-07-271-0/+5
| | | | | | | | | | | | | | 著作権とライセンスについての情報を各ファイルに追加する (#11348) * chore: Add the SPDX information to each file Add copyright and licensing information as defined in version 3.0 of the REUSE Specification. * tweak format --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
* fix: failed to resolve acct URI which points to local Person (#11024)xtex2023-07-191-2/+20
| | | | | | | | | | | | | | | | | | | | | | * fix: resolving alias for local users (#9199) Signed-off-by: xtex <xtexchooser@duck.com> * style: return type for RemoteUserResolveService#resolveSelf Signed-off-by: xtex <xtexchooser@duck.com> * docs: update CHANGELOG Signed-off-by: xtex <xtexchooser@duck.com> * style: fix typecheck Signed-off-by: xtex <xtexchooser@duck.com> --------- Signed-off-by: xtex <xtexchooser@duck.com> Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
* fix: typo in comment (#11283)ZerglingGo2023-07-151-1/+1
|
* cleanup: trim trailing whitespace (#11136)okayurisotto2023-07-081-15/+15
| | | | | | | | | * cleanup: trim trailing whitespace * update(`.editorconfig`) --------- Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
* enhance: account migration (#10592)Namekuji2023-04-301-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * copy block and mute then create follow and unfollow jobs * copy block and mute and update lists when detecting an account has moved * no need to care promise orders * refactor updating actor and target * automatically accept if a locked account had accepted an old account * fix exception format * prevent the old account from calling some endpoints * do not unfollow when moving * adjust following and follower counts * check movedToUri when receiving a follow request * skip if no need to adjust * Revert "disable account migration" This reverts commit 2321214c98591bcfe1385c1ab5bf0ff7b471ae1d. * fix translation specifier * fix checking alsoKnownAs and uri * fix updating account * fix refollowing locked account * decrease followersCount if followed by the old account * adjust following and followers counts when unfollowing * fix copying mutings * prohibit moved account from moving again * fix move service * allow app creation after moving * fix lint * remove unnecessary field * fix cache update * add e2e test * add e2e test of accepting the new account automatically * force follow if any error happens * remove unnecessary joins * use Array.map instead of for const of * ユーザーリストの移行は追加のみを行う * nanka iroiro * fix misskey-js? * :v: * 移行を行ったアカウントからのフォローリクエストの自動許可を調整 * newUriを外に出す * newUriを外に出す2 * clean up * fix newUri * prevent moving if the destination account has already moved * set alsoKnownAs via /i/update * fix database initialization * add return type * prohibit updating alsoKnownAs after moving * skip to add to alsoKnownAs if toUrl is known * skip adding to the list if it already has * use Acct.parse instead * rename error code * :art: * 制限を5から10に緩和 * movedTo(Uri), alsoKnownAsはユーザーidを返すように * test api res * fix * 元アカウントはミュートし続ける * :art: * unfollow * fix * getUserUriをUserEntityServiceに * ? * job! * :art: * instance => server * accountMovedShort, forbiddenBecauseYouAreMigrated * accountMovedShort * fix test * import, pin禁止 * 実績を凍結する * clean up * :v: * change message * ブロック, フォロー, ミュート, リストのインポートファイルの制限を32MiBに * Revert "ブロック, フォロー, ミュート, リストのインポートファイルの制限を32MiBに" This reverts commit 3bd7be35d8aa455cb01ae58f8172a71a50485db1. * validateAlsoKnownAs * 移行後2時間以内はインポート可能なファイルサイズを拡大 * clean up * どうせactorをupdatePersonで更新するならupdatePersonしか移行処理を発行しないことにする * handle error? * リモートからの移行処理の条件を是正 * log, port * fix * fix * enhance(dev): non-production環境でhttpサーバー間でもユーザー、ノートの連合が可能なように * refactor (use checkHttps) * MISSKEY_WEBFINGER_USE_HTTP * Environment Variable readme * NEVER USE IN PRODUCTION * fix punyHost * fix indent * fix * experimental --------- Co-authored-by: tamaina <tamaina@hotmail.co.jp> Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
* refactorsyuilo2023-02-131-3/+3
|
* refactor: introduce bindThis decorator to bind this automaticalysyuilo2022-12-041-0/+3
|
* refactorsyuilo2022-12-041-0/+132
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 15:26:57 +0000