Commit graph

218 commits

Author SHA1 Message Date
dakkar
01256af028 merge: Rework cache clearing to be fault tolerant (!497)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/497

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-05-09 08:01:18 +00:00
Tess K
5e20de45d7 merge: Compact LD-signed activities against well-known context (!503)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/503

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Tess K <me@thvxl.se>
2024-05-04 17:19:42 +00:00
dakkar
d0a2708f91 merge: handle non-ASCII emoji names (!464)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/464

Approved-by: Leah <kevinlukej@gmail.com>
Approved-by: Ember <acomputerdog@gmail.com>
Approved-by: Marie <marie@kaifa.ch>
2024-05-02 21:06:10 +00:00
dakkar
6ae01e28aa Compact LD-signed activities against well-known context
This should defend against some spoofing attacks, see also
https://nvd.nist.gov/vuln/detail/CVE-2022-24307 for Mastodon,
febb499fcb
from Iceshrimp and
e790d6be90
for Firefish

Thanks to @tesaguri@fedibird.com for reporting and providing the patch.
2024-04-30 10:16:57 +01:00
PrivateGER
493775ad7b
reformat expression 2024-04-24 16:05:30 +02:00
Latte macchiato
dd3d562a1e Rework cache clearing to be fault tolerant 2024-04-19 21:58:37 +00:00
dakkar
354cb2a675 handle non-ASCII emoji names
* use the more inclusive regexp for validating emoji names
* always normalize emoji names, aliases, categories

the latter point is necessary to allow matching, for example, `ä`
against `a`+combining diaeresis

this will also need to bump the version of `sfm-js` once we merge
https://activitypub.software/TransFem-org/sfm-js/-/merge_requests/2
2024-03-09 12:51:51 +00:00
dakkar
6ecfe7c7c3 remove duplicate method 2024-03-02 17:34:31 +00:00
dakkar
23f476dbf3 Merge branch 'develop' into release/2024.3.1 2024-03-02 17:28:34 +00:00
dakkar
af548d05ca merge upstream for 2024.2.1 2024-03-02 16:36:49 +00:00
Marie
15d2319011
merge: upstream 2024-02-23 13:42:52 +01:00
tamaina
600d91beda
enhance: リモートのフォロワーから再度Followが来た場合、acceptを返してあげる (#13388)
* enhance: リモートのフォロワーから再度Followが来た場合、acceptを返してあげる

* nanka meccha kaeta

* ブロックチェックの後にフォロー関係の存在チェックをする
2024-02-23 18:04:30 +09:00
anatawa12
b36e6b1a77
fix: 禁止キーワードを含むノートがDelayed Queueに追加されて再処理される問題 (#13428)
* refactor: use IdentifiableError instead of NoteCreateService.ContainsProhibitedWordsError

* fix: notes with prohibited words are reprocessed with delay

* docs(changelog): 禁止キーワードを含むノートがDelayed Queueに追加されて再処理される問題

* lint: fix lint errors

* fix: rethrowするべきなのにrethrowし忘れていたのを修正
2024-02-22 00:59:59 +09:00
Marie
10bfc61670
merge: upstream 2024-02-19 10:47:42 +01:00
Marie
8f6dfa611e fix: keep alt text of file if present 2024-02-13 22:01:53 +00:00
tamaina
c1514ce91d (re) update SPDX-FileCopyrightText
Fix  #13290
2024-02-13 15:59:27 +00:00
tamaina
311c2172d7 Revert "update SPDX-FileCopyrightText"
This reverts commit 9b5aeb76d8.
2024-02-13 15:50:11 +00:00
syuilo
9b5aeb76d8 update SPDX-FileCopyrightText 2024-02-12 11:37:45 +09:00
Marie
11628e4b6a
merge: upstream 2024-02-03 20:19:44 +01:00
dakkar
4bc517ca89 import fs/promises the right way
thanks Marie
2024-02-03 12:55:56 +00:00
dakkar
bb3694bfed lint 2024-02-03 12:55:46 +00:00
dakkar
1bb5021c54 decode entity references from tweets
apparently *some* tweets have those ☹
2024-02-03 12:05:08 +00:00
dakkar
a981bca7a3 simpler logic
thanks Alina
2024-02-03 11:37:20 +00:00
dakkar
3a3a051bb5 make almost all fs ops async
there's no `fs.promises.exists`
2024-02-03 11:33:42 +00:00
dakkar
7684f45a5e simpler mapping
thanks Alina
2024-02-03 11:30:39 +00:00
dakkar
25948c9232 simpler json-isation
thanks Alina for the suggestion
2024-02-03 11:29:46 +00:00
Amelia Yukii
a6e257f502 Merge branch 'feture/code-injection-fix' into 'develop'
CVE: Fixed code injection from twitter import

See merge request TransFem-org/Sharkey!390

(cherry picked from commit 127f8556d4)

2a8e93e4 Fixed code injection from twitter import
2024-02-01 15:07:35 +00:00
KevinWh0
2a8e93e4be Fixed code injection from twitter import 2024-02-01 15:58:50 +01:00
dakkar
b77c025245 link twitter names to twitter, not nitter #382
nitter seems very dead
2024-01-28 16:06:16 +00:00
woxtu
cdac3988b5
fix(backend): Fix typos in job configurations (#13086)
* Fix typos

* Update CHANGELOG
2024-01-28 15:08:45 +09:00
Marie
913dd581ef
merge: upstream 2024-01-25 14:21:42 +01:00
syuilo
65557d5f27 enhance(reversi): more robust matching process 2024-01-24 10:16:05 +09:00
Marie
7552cea69a
merge: upstream 2024-01-09 02:57:57 +01:00
Kagami Sascha Rosylight
2a9db983fc
feat: export clips (#12931)
* feat: export clips

* Update CHANGELOG.md
2024-01-07 10:35:58 +09:00
riku6460
24645e3d3d
enhance(backend): ActivityPub 周りで連合先から HTTP 429 Too Many Requests を受け取った際にジョブをリトライするように (#12917)
* enhance(backend): ActivityPub 周りで HTTP 429 Too Many Requests を受け取った際にリトライするように

* add to changelog

---------

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2024-01-06 09:40:08 +09:00
MeiMei
d415fd29a3
enhance(backend): ActivityPub Deliver queueでBodyを事前処理するように (#12916)
* Pre-processing deliver body

* CHANGELOG

* ループ内で計算されると意味がないので

* 同じ処理を同じ形に

---------

Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com>
2024-01-06 09:07:48 +09:00
Marie
1805150533 fix: visibility check on masto import
Originally from PR #288
2023-12-31 22:41:35 +01:00
Marie
233eff48f3 merge: pleroma note import - Use hashed filename for exists check (#283)
Reviewed-on: https://git.joinsharkey.org/Sharkey/Sharkey/pulls/283
2023-12-31 18:43:38 +01:00
smitten
8d6d5923da
Simplify hash steps 2023-12-31 11:14:41 -05:00
smitten
327694d4cf
Use base64url digest 2023-12-31 09:13:51 -05:00
smitten
e9428a5a05
Use hex digest 2023-12-31 09:03:46 -05:00
Marie
b700fadbe3 upd: add home as a visibility for mastodon imports 2023-12-31 06:32:39 +01:00
Marie
07f06d7ed6 fix: if condition 2023-12-31 04:09:44 +01:00
Marie
fc6581b948 fix: correct followers visibility on import 2023-12-31 03:50:05 +01:00
Marie
667daebb79 upd: prevent vanilla mastodon imports from importing DMs
Also adds the visibility function to mastodon imports
2023-12-31 03:48:51 +01:00
smitten
0bb0d69543
Use hashed filename for exists check 2023-12-30 20:44:31 -05:00
Marie
5db583a3eb merge: upstream 2023-12-23 02:09:23 +01:00
Kagami Sascha Rosylight
4175b7809b
chore(QueueProcessorService): show error stack for failures (#12727) 2023-12-21 10:29:30 +09:00
Camilla Ett
06ca63f9c2
Fix(backend): inboxJobPerSecのデフォルト値を16から32に (#12631) 2023-12-13 08:14:34 +09:00
dakkar
c958d935e4 thread Pleroma imports as well
I have _not_ tested this, but it should work fine, those exports are
the same shape as Mastodon's
2023-11-30 13:26:55 +00:00