Commit graph

350 commits

Author SHA1 Message Date
syuilo
3661d1bc33 fix bug 2022-06-04 15:15:44 +09:00
syuilo
4bf3ed6c1e fix test 2022-06-04 14:25:30 +09:00
Johann150
102012aa9d fix: add id for activitypub follows (#8689)
* add id for activitypub follows

* fix lint

* fix: follower must be local, followee must be remote

Misskey will only use ActivityPub follow requests for users that are local
and are requesting to follow a remote user. This check is to ensure that
this endpoint can not be used by other services or instances.

* fix: missing import

* render block with id

* fix comment
2022-06-04 13:52:42 +09:00
Johann150
86c04c4489 fix: ensure resolver does not fetch local resources via HTTP(S) (#8733)
* refactor: parseUri types and checks

The type has been refined to better represent what it actually is. Uses of
parseUri are now also checking the parsed object type before resolving.

* cannot resolve URLs with fragments

* also take remaining part of URL into account

Needed for parsing the follows URIs.

* Resolver uses DbResolver for local

* remove unnecessary use of DbResolver

Using DbResolver would mean that the URL is parsed and handled again.
This duplicated processing can be avoided by querying the database directly.

* fix missing property name
2022-06-04 11:29:20 +09:00
Johann150
336eea9d93 fix: correctly render empty note text (#8746)
Ensure that the _misskey_content attribute will always exist. Because
the API endpoint does not require the existence of the `text` field,
that field may be `undefined`. By using `?? null` it can be ensured
that the value is at least `null`.

Furthermore, the rendered HTML of a note with empty text will also be
the empty string. From git blame it seems that this behaviour was added
because of a Mastodon bug that might have previously existed. Hoever,
this seems to be no longer the case as I can find mastodon posts that
have empty content.

The code could be made a bit more succinct by using the null coercion
operator.
2022-06-03 23:18:44 +09:00
PikaDude
186cac05a2 User moderation details (#8762)
* add more user details for admins to see

* fix some issues

* small style fix

as suggested by Johann150

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

* fix

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
2022-06-03 23:14:50 +09:00
syuilo
e0fb88f9fe Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop 2022-06-03 23:08:18 +09:00
syuilo
dbab6abde4 fix(test): reset redis in e2e test
#7986
2022-06-03 23:08:15 +09:00
Johann150
7c9d07cd53 fix(mfm): remove duplicate br tag/newline (#8616) 2022-05-31 18:57:55 +09:00
Johann150
8e296b2398 fix: always remove completed tasks (#8771) 2022-05-31 17:54:02 +09:00
MeiMei
f59e364a85 Fix IP address rate limit (#8758)
* Fix IP address rate limit

* CHANGELOG

* Tune getIpHash
2022-05-31 17:44:22 +09:00
Johann150
3b970aae8a fix: add missing import
fix #8756
2022-05-29 14:33:42 +02:00
Johann150
ec47b46423 refactor: improve code quality (#8751)
* remove unnecessary if

`Array.prototype.some` already returns a boolean so an if to return
true or false is completely unnecessary in this case.

* perf: use count instead of find

When using `count` instead of `findOneBy`, the data is not
unnecessarily loaded.

* remove duplicate null check

The variable is checked for null in the lines above and the function
returns if so. Therefore, it can not be null at this point.

* simplify `getJsonSchema`

Because the assigned value is `null` and the used keys are only
shallow, use of `nestedProperty.set` seems inappropriate. Because the
value is not read, the initial for loop can be replaced by a `for..in`
loop.

Since all keys will be assigned `null`, the condition of the ternary
expression in the nested function will always be true. Therefore the
recursion case will never happen. With this the nested function can be
eliminated.

* remove duplicate condition

The code above already checks `dragging` and returns if it is truthy.
Checking it again later is therefore unnecessary.

To make this more obvious the `return` is removed in favour of using
an if...else construct.

* remove impossible "unknown" time

The `ago` variable will always be a number and all non-negative numbers
are already covered by other cases, the negative case is handled with
`future` so there is no case when `unkown` could be achieved.
2022-05-29 15:15:52 +09:00
tamaina
1fe73d31ad fix(client): Vite related boot mechanism revision (#8753)
* preload app css

* remove salt

* APP_FETCH_FAILED error

* set max-age to 15s
2022-05-29 10:58:54 +09:00
tamaina
86e6126dd7 preload app css (#8752) 2022-05-29 10:57:06 +09:00
Johann150
fef27a1e92 chore: remove unused imports 2022-05-28 21:17:23 +02:00
Johann150
4a8ea6f2d1 fix: validate text is not empty
fix #8747
2022-05-28 17:26:17 +02:00
Johann150
0738a65a78 enhance: replace signin CAPTCHA with rate limit (#8740)
* enhance: rate limit works without signed in user

* fix: make limit key required for limiter

As before the fallback limiter key will be set from the endpoint name.

* enhance: use limiter for signin

* Revert "CAPTCHA求めるのは2fa認証が無効になっているときだけにした"

This reverts commit 02a43a310f6ad0cc9e9beccc26e51ab5b339e15f.

* Revert "feat: make captcha required when signin to improve security"

This reverts commit b21b0580058c14532ff3f4033e2a9147643bfca6.

* fix undefined reference

* fix: better error message

* enhance: only handle prefix of IPv6
2022-05-28 12:06:47 +09:00
Johann150
7a65931b28 fix(docs): correct information for drive upload (#8736) 2022-05-27 22:03:25 +09:00
Johann150
8d49573447 use http-signature module that supports hs2019 (#8635) 2022-05-26 09:12:17 +09:00
syuilo
cb330fef64 update deps 2022-05-25 23:28:56 +09:00
syuilo
74d968585a refactor: use === 2022-05-25 23:19:39 +09:00
Johann150
62ab5b4015 fix: assume remote users are following each other (#8734)
Misskey does not know if two remote users are following each other.
Because ActivityPub actions would otherwise fail on followers only
notes, we have to assume that two remote users are following each other
when an interaction about a remote note occurs.
2022-05-25 23:17:00 +09:00
Johann150
c2ddc5286c refactor: temporary files (#8713)
* simplify temporary files for thumbnails

Because only a single file will be written to the directory, creating a
separate directory seems unnecessary. If only a temporary file is created,
the code from `createTemp` can be reused here as well.

* refactor: deduplicate code for temporary files/directories

To follow the DRY principle, the same code should not be duplicated
across different files. Instead an already existing function is used.

Because temporary directories are also create in multiple locations,
a function for this is also newly added to reduce duplication.

* fix: clean up identicon temp files

The temporary files for identicons are not reused and can be deleted
after they are fully read. This condition is met when the stream is closed
and so the file can be cleaned up using the events API of the stream.

* fix: ensure cleanup is called when download fails

* fix: ensure cleanup is called in error conditions

This covers import/export queue jobs and is mostly just wrapping all
code in a try...finally statement where the finally runs the cleanup.

* fix: use correct type instead of `any`
2022-05-25 16:50:22 +09:00
MeiMei
ca95e15345 Supports Unicode Emoji 14.0 (#8699)
* Unicode 14.0 Emoji

* mfm-js@0.22.0

* CHANGELOG

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-05-25 16:35:30 +09:00
Johann150
d6046c75aa fix: wrong type for isVisibleForMe 2022-05-24 10:12:42 +02:00
syuilo
d253ee6f78 Update .mocharc.json 2022-05-21 22:24:57 +09:00
syuilo
5ad66d3ddd lint 2022-05-21 22:21:41 +09:00
syuilo
6adc5a33fe refactor 2022-05-21 22:07:11 +09:00
syuilo
56e3ad8b5b Update utils.ts 2022-05-21 22:07:01 +09:00
syuilo
17e07de117 Update utils.ts 2022-05-21 17:40:43 +09:00
Johann150
08c119e088 hotfix: uniform color migration fix 2022-05-19 15:42:55 +02:00
Johann150
848ac5a75d fix(activitypub): add authorization checks (#8534)
* fix spelling

* fix(activitypub): add authorization checks
2022-05-19 20:40:16 +09:00
Johann150
306b825ae2 enhance: uniform theme color (#8702)
* enhance: make theme color format uniform

All newly fetched instance theme colors will be uniformely formatted
as hashtag followed by 6 hexadecimal digits.

Colors are checked for validity and invalid colors are not handled.

* better input validation for own theme color

* migration to unify theme color formats

Fixes theme colors of other instances as well as the local instance.

* add changelog entry

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-05-19 09:54:45 +02:00
MeiMei
f0cdc636c4 fix: Unable to generate video thumbnails (#8696)
* fix: Unable to generate video thumbnails

* CHANGELOG
2022-05-19 16:19:23 +09:00
syuilo
ea5dd3b1e7 chore(client): tweak loading spinner design 2022-05-19 15:24:35 +09:00
dependabot[bot]
fed2dd5e90 chore(deps): bump async from 3.2.0 to 3.2.3 in /packages/backend (#8706)
Bumps [async](https://github.com/caolan/async) from 3.2.0 to 3.2.3.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](https://github.com/caolan/async/compare/v3.2.0...v3.2.3)

---
updated-dependencies:
- dependency-name: async
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 11:49:59 +09:00
MeiMei
3616557dd5 enhance: Perform port diagnosis at startup only when Listen fails (#8698)
* Change port check

* Comment: disableClustering

* CHANGELOG

* Smart message
2022-05-19 11:49:07 +09:00
Johann150
2556d9209f fix: postgres type error
Fix a bug introduced in #8659. Solution was already tested there.
2022-05-15 11:32:00 +02:00
syuilo
7bd873cc56 CAPTCHA求めるのは2fa認証が無効になっているときだけにした
2faのトークンは期限付きだから、CAPTCHA解いてる間に期限切れになる
2022-05-15 16:47:14 +09:00
syuilo
b688744128 feat: make captcha required when signin to improve security 2022-05-15 12:18:46 +09:00
syuilo
d6e2fb6d15 fix(server): prevent crash when processing certain PNGs
Fix #8605
2022-05-15 01:16:12 +09:00
iwata
fc5c715166 test: Nodeのカスタムローダーを直してテストが動くように (#8625)
* test: Nodeのカスタムローダーを直してテストが動くように

* dev: mochaを呼ぶコマンドにNODE_ENV=testを追加

* Update packages/backend/test/loader.js

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

* chore: change export style in loader.js

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
2022-05-14 16:10:20 +09:00
iwata
49a6b68b95 test: __dirnameはESModuleでは使えないので置き換えた (#8626) 2022-05-14 16:09:47 +09:00
tamaina
c166655f1f fix: ユーザー検索で、クエリがusernameの条件を満たす場合はusernameもLIKE検索するように (#8644)
* Fix #8643

* 部分一致にする
2022-05-14 15:24:44 +09:00
iwata
ac23bd4667 test: e2eテストがCIで失敗していた問題をいくつか修正 (#8642)
* test: indexeddbをテスト毎に初期化するように

* fix: metaが無いときにfetch-metaを同時に呼ぶと死ぬことがある問題を修正

* test: ログイン後のクライアント側処理を待たずにリロードされてログイン出来ないことがあったのを修正
2022-05-14 15:16:45 +09:00
Johann150
b3ca8d5329 fix: keep file order (#8659) 2022-05-14 15:09:10 +09:00
syuilo
36db202263 enhance: Display TOTP Register URL
Close #7261

Co-Authored-By: tamaina <tamaina@hotmail.co.jp>
2022-05-14 15:00:15 +09:00
syuilo
493dc6836a update deps 2022-05-14 14:57:51 +09:00
Johann150
91100f94b5 perf: fix caching (#8660)
The cache implementation did previously not store the results of the
computation and was thus not a cache at all. This can cause a significant
number of database queries each time someone with a large number of
followers does something that causes an activity to be federated.
2022-05-14 13:28:27 +09:00