| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* enhance: Add a few validation fixes from Sharkey
See the original MR on the GitLab instance:
https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484
Co-Authored-By: Dakkar <dakkar@thenautilus.net>
* fix: primitive 2: acceptance of cross-origin alternate
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 3: validation of non-final url
* fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities
* fix: primitives 5 & 8: reject activities with non
string identifiers
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 6: reject anonymous objects that were fetched by their id
* fix: primitives 9, 10 & 11: http signature validation
doesn't enforce required headers or specify auth header name
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections
* fix: code style for primitive 14
* fix: primitive 15: improper same-origin validation for
note uri and url
Co-Authored-By: Laura Hausmann <laura@hausmann.dev>
* fix: primitive 16: improper same-origin validation for user uri and url
* fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array
* fix: code style for primitive 17
* fix: check attribution against actor in notes
While this isn't strictly required to fix the exploits at hand, this
mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a
preemptive countermeasure.
* fix: primitive 18: `ap/get` bypasses access checks
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
* fix: primitive 19 & 20: respect blocks and hide more
Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.
* fix: primitives 21, 22, and 23: reuse resolver
This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.
* fix: primitives 25-33: proper local instance checks
* revert: fix: primitive 19 & 20
This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c.
---------
Co-authored-by: Dakkar <dakkar@thenautilus.net>
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
thanks to @CenTdemeern1 for triggering this bug!
see https://kitsunes.club/notes/a2h1y2rq9n
also compare with https://s.thenautilus.net/notes/a2h1y2rqx9
my instance errored out with:
> WARN 1 [remote ap] Failed to resolve quote
> https://mastodon.social/users/DrALJONES/statuses/110586222749407429
> for note https://kitsunes.club/notes/a2h1y2rq9n: StatusError: 404 Not
> Found
What happened?
* Charlotte scheduled a reply
* the processor called `findOneBy` with an undefined `note.renote`,
which probably caused a `select` without any `where`
* a random note was attached as a quote
* that note has been deleted on the original instance but not on
kitsuclub's database
* the rest of fedi didn't notice the quote
|
| | | |
|
| | |
| |
| |
| |
| | |
every job that ends without an exception will be considered
"completed" and not retried
|
| | | |
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
[Type4ny-Project/Type4ny@271c872c](https://github.com/Type4ny-Project/Type4ny/commit/271c872c97f215ef5d8e0be62251dd422a52e5b1))
|
| |\| | |
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/720
Closes #773
Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
|
| | | | | |
|
| |\| | | |
|
| | |/ / |
|
| |\| | |
|
| | | | |
|
| | | | |
|
| |\| | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ /
|/| /
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知 (#14757)
* feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知
* fix misskey-js.api.md
* Revert "feat: 運営のアクティビティが一定期間ない場合は通知+招待制に移行した際に通知"
This reverts commit 3ab953bdf87f28411a1a10bce787a23d238cda80.
* 通知をやめてユーザ単位でのお知らせ機能に変更
* テスト用実装を戻す
* Update packages/backend/src/queue/processors/CheckModeratorsActivityProcessorService.ts
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
* fix remove empty then
---------
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
リモートサーバーのサーバー情報を収集しないオプション (#14634)
* wip
* wip
* Update FetchInstanceMetadataService.ts
* Update FetchInstanceMetadataService.ts
* Update types.ts
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* reduce federation log spam
* Don't record stack trace for unrecoverable errors.
* Avoid logging duplicate stace traces.
(cherry picked from commit ed0570110bf8cb8e8959591dccfa3c35999106ce)
* improve error summaries
(cherry picked from commit 20dd66f735d9778df0371001e303549dce619260)
* fix lint errors
(cherry picked from commit 83869e1c470b12b3bf4b23d885514d926620662a)
* condense job info
(cherry picked from commit 786702e076ad1af14538849512ad31c0ced7afe6)
* fix maxAttempts calculation
(cherry picked from commit b4d10aa8f821e594ec9c907eb2a5bdb3c73c67d5)
* condense error info
(cherry picked from commit f62cd8941ced74a4865aa5eae4f4a1c7aa1d30f1)
* normalize ID logging
(cherry picked from commit d8e1e4890d28347239162e26235eb68b1ff96654)
* further condense error details
(cherry picked from commit d867c2089b3b24680df0713a2aa0914789e45670)
* collapse AbortErrors
(cherry picked from commit 5171ba7113ebc7242527768afb9ab4cec534e3b3)
* don't log job name unless it has one
(cherry picked from commit a5316c06ed770b60f7b4c7ff5aa8c71cc0558db7)
* Update Changelog
* Record origin
---------
Co-authored-by: Hazel K <acomputerdog@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
7日間運営のアクティビティがないサーバを自動的に招待制にする (#14746)
* feat(backend): 7日間運営のアクティビティがないサーバを自動的に招待制にする
* fix RoleService.
* fix
* fix
* fix
* add test and fix
* fix
* fix CHANGELOG.md
* fix test
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
以降e2eテストがたまに失敗する問題を修正 (#14709)
* fix(backend/test): MisskeyIO#727 以降e2eテストがたまに失敗する問題を修正 (MisskeyIO#735)
* :v:
---------
Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com>
|
| | |
| |
| |
| | |
ActivityPubServerService
|
| | | |
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
* Don't record stack trace for unrecoverable errors.
* Avoid logging duplicate stace traces.
|
| |\ \ \
| |/ /
|/| /
| |/ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* feat: エクスポート完了時に通知を発行するように
* Update Changelog
* entitity -> entity
* fix: ペイロードを含むように
* fix icon
* exportableEntities -> userExportableEntities
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Defer instance metadata update
* Fix last new line
* Fix typo
* Add license notice
* Fix syntax
* Perform deferred jobs on shutdown
* Fix missing async/await
* Fix typo :)
* Update collapsed-queue.ts
---------
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Fix: Continue importing from file if single emoji import fails
* Fix indentation
---------
Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* wip
* Update ReactionService.ts
* Update ApiCallService.ts
* Update timeline.ts
* Update GlobalModule.ts
* Update GlobalModule.ts
* Update NoteEntityService.ts
* wip
* wip
* wip
* Update ApPersonService.ts
* wip
* Update GlobalModule.ts
* Update mock-resolver.ts
* Update RoleService.ts
* Update activitypub.ts
* Update activitypub.ts
* Update activitypub.ts
* Update activitypub.ts
* Update activitypub.ts
* clean up
* Update utils.ts
* Update UtilityService.ts
* Revert "Update utils.ts"
This reverts commit a27d4be764b78c1b5a9eac685e261fee49331d89.
* Revert "Update UtilityService.ts"
This reverts commit e5fd9e004c482cf099252201c0c1aa888e001430.
* vuwa-
* Revert "vuwa-"
This reverts commit 0c3bd12472b4b9938cdff2d6f131e6800bc3724c.
* Update entry.ts
* Update entry.ts
* Update entry.ts
* Update entry.ts
* Update jest.setup.ts
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* wip
* wip
* Update ReactionsBufferingService.ts
* Update ReactionsBufferingService.ts
* wip
* wip
* wip
* Update ReactionsBufferingService.ts
* wip
* wip
* wip
* Update NoteEntityService.ts
* wip
* wip
* wip
* wip
* Update CHANGELOG.md
|
