Commit graph

316 commits

Author SHA1 Message Date
dakkar
387dc4bb4b UNTESTED maybe laxer match on authority - fixes #815 2024-11-29 11:39:17 +00:00
Hazelnoot
0c2e113e8e update fast-xml-parser to patch security issue (DoS) 2024-10-15 22:03:42 -04:00
Hazelnoot
1a9f2f84b3 fix linting and type checks in all packages 2024-10-15 21:41:36 -04:00
dakkar
f00576bce6 Merge remote-tracking branch 'misskey/master' into feature/2024.9.0 2024-10-09 15:17:22 +01:00
zyoshoka
1184436461
fix(backend): update and re-enable Bull Dashboard (#14648) 2024-09-29 18:44:55 +09:00
syuilo
76408667f3
update deps (#14594)
* wip

* Update ClientServerService.ts

* eslint

* Update fetch-resource.ts

* wip
2024-09-22 12:32:01 +09:00
Esurio/1673beta
d4d15f338e
fix: EmailServiceでインラインスタイルを適用するように (#14600)
Co-authored-by: Esurio <esurio@esurio1673.net>
2024-09-21 18:18:52 +09:00
dakkar
7439230401 bump happy-dom
just because MisskeyIO uses this version
2024-09-20 08:30:24 +01:00
dakkar
e9e51fdc01 bump glob
latest version no longer uses `inflight`; other dependencies still use
an older `glob`, though…
2024-09-20 08:29:36 +01:00
dependabot[bot]
887c709647
chore(deps): bump body-parser from 1.20.2 to 1.20.3 in /packages/backend (#14550)
Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.2 to 1.20.3.
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-15 20:54:26 +09:00
かっこかり
be0906a6c7
fix(backend): happy-domで外部HTMLをパースする際に関連リソースが読み込まれる問題を修正 (#14521)
* bump happy-dom, disable all JS&c when parsing

version 10 didn't quite support disabling all of that

I have tested that `MfmService` (the other code that uses `happy-dom`)
still works fine: the RSS feed for a user is generated correctly, with
HTML rendered from MFM

(cherry picked from commit 26e0412fbb)

* Update Changelog

* lint

* fix possible memory leak

---------

Co-authored-by: dakkar <dakkar@thenautilus.net>
2024-09-15 12:30:27 +09:00
4censord
0a8cb21e9b
Run eslint with caching
This reduces the time for subsequent lints significantly.
e.g. for `package/frontend`, the first run takes ~10min.
With the cache, every subsequent run takes only a few seconds.
2024-09-14 00:58:02 +02:00
dakkar
26e0412fbb bump happy-dom, disable all JS&c when parsing
version 10 didn't quite support disabling all of that

I have tested that `MfmService` (the other code that uses `happy-dom`)
still works fine: the RSS feed for a user is generated correctly, with
HTML rendered from MFM
2024-08-30 15:35:19 +01:00
dakkar
a58df8ac7c Merge branch 'develop' into feature/misskey-2024.07 2024-08-18 13:13:23 +01:00
Julia Johannesen
aff57333d5
Add @types/proxy-addr 2024-08-17 13:12:16 -04:00
dakkar
4cd44130e0 use the correct remote address
we're doing the same thing that Fastify does in the non-streaming
ServerService
2024-08-16 18:00:50 +01:00
dakkar
ef99b1ca07 put back dependency I had deleted by accident 2024-08-02 13:47:40 +01:00
dakkar
cfa9b852df Merge remote-tracking branch 'misskey/master' into feature/misskey-2024.07 2024-08-02 12:25:58 +01:00
syuilo
085b3abf26
update deps (#14312) 2024-07-28 11:14:31 +09:00
かっこかり
46d96c7412
fix(build): autogen生成時にbackendを2度buildしているのを修正 (#14309)
* fix(build): autogen生成時にbackendを2度buildしているのを修正

* fix

* fix
2024-07-27 18:09:15 +09:00
syuilo
337b42bcb1 revert 5f88d56d96
バグがある(かつすぐに修正できそうにない) & まだレビュー途中で意図せずマージされたため
2024-07-20 21:33:20 +09:00
tamaina
5f88d56d96
perf(federation): Ed25519署名に対応する (#13464)
* 1. ed25519キーペアを発行・Personとして公開鍵を送受信

* validate additionalPublicKeys

* getAuthUserFromApIdはmainを選ぶ

* ✌️

* fix

* signatureAlgorithm

* set publicKeyCache lifetime

* refresh

* httpMessageSignatureAcceptable

* ED25519_SIGNED_ALGORITHM

* ED25519_PUBLIC_KEY_SIGNATURE_ALGORITHM

* remove sign additionalPublicKeys signature requirements

* httpMessageSignaturesSupported

* httpMessageSignaturesImplementationLevel

* httpMessageSignaturesImplementationLevel: '01'

* perf(federation): Use hint for getAuthUserFromApId (#13470)

* Hint for getAuthUserFromApId

* とどのつまりこれでいいのか?

* use @misskey-dev/node-http-message-signatures

* fix

* signedPost, signedGet

* ap-request.tsを復活させる

* remove digest prerender

* fix test?

* fix test

* add httpMessageSignaturesImplementationLevel to FederationInstance

* ManyToOne

* fetchPersonWithRenewal

* exactKey

* ✌️

* use const

* use gen-key-pair fn. from  '@misskey-dev/node-http-message-signatures'

* update node-http-message-signatures

* fix

* @misskey-dev/node-http-message-signatures@0.0.0-alpha.11

* getAuthUserFromApIdでupdatePersonの頻度を増やす

* cacheRaw.date

* use requiredInputs
https://github.com/misskey-dev/misskey/pull/13464#discussion_r1509964359

* update @misskey-dev/node-http-message-signatures

* clean up

* err msg

* fix(backend): fetchInstanceMetadataのLockが永遠に解除されない問題を修正

Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com>

* fix httpMessageSignaturesImplementationLevel validation

* fix test

* fix

* comment

* comment

* improve test

* fix

* use Promise.all in genRSAAndEd25519KeyPair

* refreshAndprepareEd25519KeyPair

* refreshAndfindKey

* commetn

* refactor public keys add

* digestプリレンダを復活させる

RFC実装時にどうするか考える

* fix, async

* fix

* !== true

* use save

* Deliver update person when new key generated (not tested)
https://github.com/misskey-dev/misskey/pull/13464#issuecomment-1977049061

* 循環参照で落ちるのを解消?

* fix?

* Revert "fix?"

This reverts commit 0082f6f8e8c5d5febd14933ba9a1ac643f70ca92.

* a

* logger

* log

* change logger

* 秘密鍵の変更は、フラグではなく鍵を引き回すようにする

* addAllKnowingSharedInboxRecipe

* nanka meccha kaeta

* delivre

* キャッシュ有効チェックはロック取得前に行う

* @misskey-dev/node-http-message-signatures@0.0.3

* PrivateKeyPem

* getLocalUserPrivateKey

* fix test

* if

* fix ap-request

* update node-http-message-signatures

* fix type error

* update package

* fix type

* update package

* retry no key

* @misskey-dev/node-http-message-signatures@0.0.8

* fix type error

* log keyid

* logger

* db-resolver

* JSON.stringify

* HTTP Signatureがなかったり使えなかったりしそうな場合にLD Signatureを活用するように

* inbox-delayed use actor if no signature

* ユーザーとキーの同一性チェックはhostの一致にする

* log signature parse err

* save array

* とりあえずtryで囲っておく

* fetchPersonWithRenewalでエラーが起きたら古いデータを返す

* use transactionalEntityManager

* fix spdx

* @misskey-dev/node-http-message-signatures@0.0.10

* add comment

* fix

* publicKeyに配列が入ってもいいようにする
https://github.com/misskey-dev/misskey/pull/13950

* define additionalPublicKeys

* fix

* merge fix

* refreshAndprepareEd25519KeyPair → refreshAndPrepareEd25519KeyPair

* remove gen-key-pair.ts

* defaultMaxListeners = 512

* Revert "defaultMaxListeners = 512"

This reverts commit f2c412c18057a9300540794ccbe4dfbf6d259ed6.

* genRSAAndEd25519KeyPairではキーを直列に生成する?

* maxConcurrency: 8

* maxConcurrency: 16

* maxConcurrency: 8

* Revert "genRSAAndEd25519KeyPairではキーを直列に生成する?"

This reverts commit d0aada55c1ed5aa98f18731ec82f3ac5eb5a6c16.

* maxWorkers: '90%'

* Revert "maxWorkers: '90%'"

This reverts commit 9e0a93f110456320d6485a871f014f7cdab29b33.

* e2e/timelines.tsで個々のテストに対するtimeoutを削除, maxConcurrency: 32

* better error handling of this.userPublickeysRepository.delete

* better comment

* set result to keypairEntityCache

* deliverJobConcurrency: 16, deliverJobPerSec: 1024, inboxJobConcurrency: 4

* inboxJobPerSec: 64

* delete request.headers['host'];

* fix

* // node-fetch will generate this for us. if we keep 'Host', it won't change with redirects!

* move delete host

* modify comment

* modify comment

* fix correct → collect

* refreshAndfindKey → refreshAndFindKey

* modify comment

* modify attachLdSignature

* getApId, InboxProcessorService

* TODO

* [skip ci] add CHANGELOG

---------

Co-authored-by: MeiMei <30769358+mei23@users.noreply.github.com>
Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com>
2024-07-18 01:28:17 +09:00
slonkazoid
7a62e1be31
implement fetching host-meta before the webfinger endpoint
code ported from iceshrimp: c3e685a925/packages/backend/src/remote/webfinger.ts
2024-07-09 05:45:41 +03:00
syuilo
427648c4b8
update deps (#14057)
* wip

* locales/index.jsのymlファイル取得ロジックを調節

* regenerate pnpm-lock.yaml

* fix(backend): typecheck fails

* chore(deps): bump ip-cidr from 4.0.0 to 4.0.1 in /packages/backend

* chore: migrate ESLint configs to flat config (#14094)

* chore: migrate ESLint configs to flat config

* fix: update paths

* fix: frontend lint fails

* refactor(misskey-js): lint build.js

* update deps

---------

Co-authored-by: samunohito <46447427+samunohito@users.noreply.github.com>
Co-authored-by: zyoshoka <root@zyoshoka.com>
Co-authored-by: zyoshoka <107108195+zyoshoka@users.noreply.github.com>
2024-07-02 11:38:34 +09:00
woxtu
00b213373b
Remove @types/node-fetch (#13948) 2024-06-22 19:46:29 +09:00
syuilo
1df90cef4c update typescript 2024-06-21 13:03:00 +09:00
syuilo
c73d739bd6 node 22 support 2024-06-13 10:40:20 +09:00
dakkar
3372e0ffe1 Merge remote-tracking branch 'misskey/release/2024.5.0' into future 2024-05-31 12:26:07 +01:00
syuilo
80f3cb96b0
feat: sentry integration (#13897)
* wip

* wip

* wip

* wip

* Update CHANGELOG.md

* Update ApiCallService.ts

* Update config.ts
2024-05-28 17:06:33 +09:00
syuilo
20c0bd9ddb happy-domにメモリリークがありそう 2024-05-21 17:29:02 +09:00
dakkar
451b0ecc9b Merge remote-tracking branch 'misskey/release/2024.5.0' into future-2024-04-25-post 2024-05-11 14:13:07 +01:00
dakkar
30bd7768d6 Merge branch 'develop' into future-2024-04-25-post 2024-05-11 13:11:07 +01:00
syuilo
2b21c19362
update deps (#13624)
* update deps

* Update package.json

* update deps

* build: pass --strip-leading-paths to restore 0.2.x behavior (#13684)

* ✌️

* ✌️

* pureimageの代わりに@napi-rs/canvasを使う (#13748)

* pureimageの代わりに@napi-rs/canvasを使う

* remove writestream

* remove createtemp

* wip

* Update ClientServerService.ts

* update pnpm to 9.x

* update deps

* re: update pnpm to 9.x

* update node

* ✌️

---------

Co-authored-by: anatawa12 <anatawa12@icloud.com>
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
2024-05-04 20:56:14 +09:00
dakkar
d0a2708f91 merge: handle non-ASCII emoji names (!464)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/464

Approved-by: Leah <kevinlukej@gmail.com>
Approved-by: Ember <acomputerdog@gmail.com>
Approved-by: Marie <marie@kaifa.ch>
2024-05-02 21:06:10 +00:00
dakkar
ea6629cebf Merge branch 'develop' into future-2024-04-10-post 2024-04-25 11:18:30 +01:00
dakkar
a3b4ca782a Merge remote-tracking branch 'misskey/develop' into future-2024-04-10 2024-04-11 13:39:55 +01:00
dakkar
b6f41a28ed pull in sfm-js that supports non-ascii in emoji names 2024-04-07 16:37:31 +01:00
おさむのひと
efa42a1624
fix(backend): バックエンドのpnpm devによるビルド後にbuild-assetsを行うようにする (#13659)
* moveto scripts

* add scripts/dev.mjs
2024-04-04 22:25:28 +09:00
dakkar
bc531ac414 Merge remote-tracking branch 'misskey/develop' into future-2024-03-23 2024-03-24 11:53:52 +00:00
おさむのひと
831c74a25b
fix: URLプレビューの動作改善+動作設定を可能にする (#13579)
* wip

* support new version

* URLプレビュー無効化時、フロント側も非表示にしてリクエストをしないようにする

* fix lint

* fix lint

* tweak preview request error handles

* fix: CHANGELOG.md

* fix

* fix

---------

Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
2024-03-21 18:46:42 +09:00
dakkar
f4e89f2e6b bump tmp@0.2.3 - fixes #464
see also https://github.com/raszi/node-tmp/issues/295
2024-03-19 17:13:43 +00:00
zyoshoka
412e9f284d
test(backend): enable typecheck by workflow (#13526) 2024-03-07 09:51:57 +09:00
dakkar
af548d05ca merge upstream for 2024.2.1 2024-03-02 16:36:49 +00:00
syuilo
2f31606eff update deps 2024-03-01 14:16:44 +09:00
syuilo
033d71ee28 update deps 2024-03-01 13:52:39 +09:00
syuilo
920c3be750 update deps 2024-02-29 11:10:03 +09:00
Marie
15d2319011
merge: upstream 2024-02-23 13:42:52 +01:00
かっこかり
080a3c20bd
fix: SSR時のmetaをエスケープするように (#13440)
* fix: SSR時のmetaをエスケープするように

* エスケープ方法を変更
2024-02-23 14:10:13 +09:00
tamaina
ae27085f69
fix: Bump sharp to 0.33.2 (#13391) 2024-02-21 14:42:37 +09:00
Marie
10bfc61670
merge: upstream 2024-02-19 10:47:42 +01:00