From 788dc69d11fac8dd9e8912c4c0a2ad33581e606b Mon Sep 17 00:00:00 2001
From: Hazelnoot <acomputerdog@gmail.com>
Date: Wed, 29 Jan 2025 22:53:53 -0500
Subject: use leaky bucket rate limit for ap/show

---
 packages/backend/src/server/api/endpoints/ap/show.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'packages/backend/src/server/api/endpoints')

diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts
index 616a77e337..474ff81822 100644
--- a/packages/backend/src/server/api/endpoints/ap/show.ts
+++ b/packages/backend/src/server/api/endpoints/ap/show.ts
@@ -4,7 +4,6 @@
  */
 
 import { Inject, Injectable } from '@nestjs/common';
-import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { MiNote } from '@/models/Note.js';
 import type { MiLocalUser, MiUser } from '@/models/User.js';
@@ -26,9 +25,10 @@ export const meta = {
 	requireCredential: true,
 	kind: 'read:account',
 
+	// Up to 30 calls, then 1 per 1/2 second
 	limit: {
-		duration: ms('1minute'),
 		max: 30,
+		dripRate: 500,
 	},
 
 	errors: {
-- 
cgit v1.2.3-freya


From b92591e2eddb7a1ebda75195a65ff61f655b876a Mon Sep 17 00:00:00 2001
From: Hazelnoot <acomputerdog@gmail.com>
Date: Wed, 29 Jan 2025 23:46:43 -0500
Subject: allow ap/show to follow cross-domain redirects

---
 .../backend/src/server/api/endpoints/ap/show.ts     | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'packages/backend/src/server/api/endpoints')

diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts
index 474ff81822..4904e3cb87 100644
--- a/packages/backend/src/server/api/endpoints/ap/show.ts
+++ b/packages/backend/src/server/api/endpoints/ap/show.ts
@@ -7,7 +7,7 @@ import { Inject, Injectable } from '@nestjs/common';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { MiNote } from '@/models/Note.js';
 import type { MiLocalUser, MiUser } from '@/models/User.js';
-import { isActor, isPost, getApId } from '@/core/activitypub/type.js';
+import { isActor, isPost, getApId, getNullableApId, ObjectWithId } from '@/core/activitypub/type.js';
 import type { SchemaType } from '@/misc/json-schema.js';
 import { ApResolverService } from '@/core/activitypub/ApResolverService.js';
 import { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js';
@@ -17,6 +17,8 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
 import { UtilityService } from '@/core/UtilityService.js';
 import { bindThis } from '@/decorators.js';
+import { ApRequestService } from '@/core/activitypub/ApRequestService.js';
+import { InstanceActorService } from '@/core/InstanceActorService.js';
 import { ApiError } from '../../error.js';
 
 export const meta = {
@@ -94,6 +96,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private apDbResolverService: ApDbResolverService,
 		private apPersonService: ApPersonService,
 		private apNoteService: ApNoteService,
+		private readonly apRequestService: ApRequestService,
+		private readonly instanceActorService: InstanceActorService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
 			const object = await this.fetchAny(ps.uri, me);
@@ -118,6 +122,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		]));
 		if (local != null) return local;
 
+		// No local object found with that uri.
+		// Before we fetch, resolve the URI in case it has a cross-origin redirect or anything like that.
+		// Resolver.resolve() uses strict verification, which is overly paranoid for a user-provided lookup.
+		uri = await this.resolveCanonicalUri(uri); // eslint-disable-line no-param-reassign
+		if (!this.utilityService.isFederationAllowedUri(uri)) return null;
+
 		const host = this.utilityService.extractDbHost(uri);
 
 		// local object, not found in db? fail
@@ -167,4 +177,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 		return null;
 	}
+
+	/**
+	 * Resolves an arbitrary URI to its canonical, post-redirect form.
+	 */
+	private async resolveCanonicalUri(uri: string): Promise<string> {
+		const user = await this.instanceActorService.getInstanceActor();
+		const res = await this.apRequestService.signedGet(uri, user, true) as ObjectWithId;
+		return getNullableApId(res) ?? uri;
+	}
 }
-- 
cgit v1.2.3-freya


From 5a1d1394d42d116ae5bcdbda3670a9047158d42b Mon Sep 17 00:00:00 2001
From: Hazelnoot <acomputerdog@gmail.com>
Date: Fri, 31 Jan 2025 11:12:00 -0500
Subject: add `memo` and `isInstanceMuted` to UserRelation API entity

---
 .../backend/src/core/entities/UserEntityService.ts | 50 ++++++++++++++++++++++
 .../src/server/api/endpoints/users/relation.ts     | 16 +++++++
 2 files changed, 66 insertions(+)

(limited to 'packages/backend/src/server/api/endpoints')

diff --git a/packages/backend/src/core/entities/UserEntityService.ts b/packages/backend/src/core/entities/UserEntityService.ts
index 6ea2d6629a..ef0b5213c8 100644
--- a/packages/backend/src/core/entities/UserEntityService.ts
+++ b/packages/backend/src/core/entities/UserEntityService.ts
@@ -83,6 +83,8 @@ export type UserRelation = {
 	isBlocked: boolean
 	isMuted: boolean
 	isRenoteMuted: boolean
+	isInstanceMuted?: boolean
+	memo?: string | null
 }
 
 @Injectable()
@@ -182,6 +184,9 @@ export class UserEntityService implements OnModuleInit {
 			isBlocked,
 			isMuted,
 			isRenoteMuted,
+			host,
+			memo,
+			mutedInstances,
 		] = await Promise.all([
 			this.followingsRepository.findOneBy({
 				followerId: me,
@@ -229,8 +234,25 @@ export class UserEntityService implements OnModuleInit {
 					muteeId: target,
 				},
 			}),
+			this.usersRepository.createQueryBuilder('u')
+				.select('u.host')
+				.where({ id: target })
+				.getRawOne<{ u_host: string }>()
+				.then(it => it?.u_host ?? null),
+			this.userMemosRepository.createQueryBuilder('m')
+				.select('m.memo')
+				.where({ userId: me, targetUserId: target })
+				.getRawOne<{ m_memo: string | null }>()
+				.then(it => it?.m_memo ?? null),
+			this.userProfilesRepository.createQueryBuilder('p')
+				.select('p.mutedInstances')
+				.where({ userId: me })
+				.getRawOne<{ p_mutedInstances: string[] }>()
+				.then(it => it?.p_mutedInstances ?? []),
 		]);
 
+		const isInstanceMuted = !!host && mutedInstances.includes(host);
+
 		return {
 			id: target,
 			following,
@@ -242,6 +264,8 @@ export class UserEntityService implements OnModuleInit {
 			isBlocked,
 			isMuted,
 			isRenoteMuted,
+			isInstanceMuted,
+			memo,
 		};
 	}
 
@@ -256,6 +280,9 @@ export class UserEntityService implements OnModuleInit {
 			blockees,
 			muters,
 			renoteMuters,
+			hosts,
+			memos,
+			mutedInstances,
 		] = await Promise.all([
 			this.followingsRepository.findBy({ followerId: me })
 				.then(f => new Map(f.map(it => [it.followeeId, it]))),
@@ -294,6 +321,27 @@ export class UserEntityService implements OnModuleInit {
 				.where('m.muterId = :me', { me })
 				.getRawMany<{ m_muteeId: string }>()
 				.then(it => it.map(it => it.m_muteeId)),
+			this.usersRepository.createQueryBuilder('u')
+				.select(['u.id', 'u.host'])
+				.where({ id: In(targets) } )
+				.getRawMany<{ m_id: string, m_host: string }>()
+				.then(it => it.reduce((map, it) => {
+					map[it.m_id] = it.m_host;
+					return map;
+				}, {} as Record<string, string>)),
+			this.userMemosRepository.createQueryBuilder('m')
+				.select(['m.targetUserId', 'm.memo'])
+				.where({ userId: me, targetUserId: In(targets) })
+				.getRawMany<{ m_targetUserId: string, m_memo: string | null }>()
+				.then(it => it.reduce((map, it) => {
+					map[it.m_targetUserId] = it.m_memo;
+					return map;
+				}, {} as Record<string, string | null>)),
+			this.userProfilesRepository.createQueryBuilder('p')
+				.select('p.mutedInstances')
+				.where({ userId: me })
+				.getRawOne<{ p_mutedInstances: string[] }>()
+				.then(it => it?.p_mutedInstances ?? []),
 		]);
 
 		return new Map(
@@ -313,6 +361,8 @@ export class UserEntityService implements OnModuleInit {
 						isBlocked: blockees.includes(target),
 						isMuted: muters.includes(target),
 						isRenoteMuted: renoteMuters.includes(target),
+						isInstanceMuted: mutedInstances.includes(hosts[target]),
+						memo: memos[target] ?? null,
 					},
 				];
 			}),
diff --git a/packages/backend/src/server/api/endpoints/users/relation.ts b/packages/backend/src/server/api/endpoints/users/relation.ts
index e659c46713..c7016d8d32 100644
--- a/packages/backend/src/server/api/endpoints/users/relation.ts
+++ b/packages/backend/src/server/api/endpoints/users/relation.ts
@@ -58,6 +58,14 @@ export const meta = {
 						type: 'boolean',
 						optional: false, nullable: false,
 					},
+					isInstanceMuted: {
+						type: 'boolean',
+						optional: true, nullable: false,
+					},
+					memo: {
+						type: 'string',
+						optional: true, nullable: true,
+					},
 				},
 			},
 			{
@@ -103,6 +111,14 @@ export const meta = {
 							type: 'boolean',
 							optional: false, nullable: false,
 						},
+						isInstanceMuted: {
+							type: 'boolean',
+							optional: true, nullable: false,
+						},
+						memo: {
+							type: 'string',
+							optional: true, nullable: true,
+						},
 					},
 				},
 			},
-- 
cgit v1.2.3-freya


From 7b507485b54eaae283ca388dd9948c35592a4ced Mon Sep 17 00:00:00 2001
From: dakkar <dakkar@thenautilus.net>
Date: Mon, 10 Feb 2025 10:16:27 +0000
Subject: search-by-tags returns "home" notes - fixes #933

featured / trending tags count both "home" and "public" notes, so this
should do the same
---
 packages/backend/src/server/api/endpoints/notes/search-by-tag.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'packages/backend/src/server/api/endpoints')

diff --git a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
index 227ac0ebbf..6bba7bf37e 100644
--- a/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
+++ b/packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
@@ -87,7 +87,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 	) {
 		super(meta, paramDef, async (ps, me) => {
 			const query = this.queryService.makePaginationQuery(this.notesRepository.createQueryBuilder('note'), ps.sinceId, ps.untilId)
-				.andWhere('note.visibility = \'public\'')
+				.andWhere("note.visibility IN	('public', 'home')") // keep in sync with NoteCreateService call to `hashtagService.updateHashtags()`
 				.innerJoinAndSelect('note.user', 'user')
 				.leftJoinAndSelect('note.reply', 'reply')
 				.leftJoinAndSelect('note.renote', 'renote')
-- 
cgit v1.2.3-freya