Commit graph

28793 commits

Author SHA1 Message Date
Julia Johannesen
cbf8cc376e
fix: primitive 18: ap/get bypasses access checks
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
2024-11-20 19:17:25 -05:00
Julia Johannesen
c04f344049
fix: primitive 13: check attribution against actor in notes 2024-11-20 19:17:25 -05:00
Julia Johannesen
b9080da75d
fix: code style for primitive 17 2024-11-20 19:17:24 -05:00
Laura Hausmann
4d925fc086
fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array 2024-11-20 19:17:24 -05:00
Laura Hausmann
b74e2e9167
fix: primitive 16: improper same-origin validation for user uri and url 2024-11-20 19:17:24 -05:00
Laura Hausmann
ebea1a2962
fix: primitive 15: improper same-origin validation for note uri and url 2024-11-20 19:17:24 -05:00
Julia Johannesen
4c432c07cb
fix: code style for primitive 14 2024-11-20 19:17:24 -05:00
Laura Hausmann
322b3b677f
fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections 2024-11-20 19:17:24 -05:00
Julia Johannesen
1c7e05ce9e
fix: primitive 7 & 12: prevent poll spoofing 2024-11-20 19:17:24 -05:00
Laura Hausmann
9ab25ede28
fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name 2024-11-20 19:17:24 -05:00
Laura Hausmann
174dfb83d0
fix: primitive 6: reject anonymous objects that were fetched by their id 2024-11-20 19:17:24 -05:00
Laura Hausmann
ad8e8793c7
fix: primitives 5 & 8: reject activities with non-string identifiers 2024-11-20 19:17:24 -05:00
Laura Hausmann
1e14612f0e
fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities 2024-11-20 19:17:24 -05:00
Laura Hausmann
9090b745e6
fix: primitive 3: validation of non-final url 2024-11-20 19:17:24 -05:00
Laura Hausmann
d883934826
fix: primitive 2: acceptance of cross-origin alternate links 2024-11-20 19:17:23 -05:00
Julia
e0bb796aff merge: Fix linter error in emojis endpoint (!758)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/758
2024-11-20 06:29:48 +00:00
Julia Johannesen
fb54546573
Fix linter error in emojis endpoint 2024-11-20 01:17:24 -05:00
Julia
9e0b759197 merge: Bump develop version (!757)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/757
2024-11-20 05:56:55 +00:00
Julia Johannesen
41c500851b
Bump develop version 2024-11-20 00:54:30 -05:00
Julia
27339e03c2 merge: Bump version (!756)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/756
2024-11-20 05:22:39 +00:00
Julia Johannesen
680c2a0718
Bump version 2024-11-20 00:09:56 -05:00
Julia
f258888408 merge: Prevent DoS from spammed media proxy requests (!754)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/754

Approved-by: Julia <julia@insertdomain.name>
2024-11-20 04:59:00 +00:00
Hazelnoot
d150e92f41 prevent DoS from spammed media proxy requests 2024-11-19 23:31:59 -05:00
dakkar
482538c7f8 merge: make emoji categories and names case insensitive. (!746)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/746

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
2024-11-17 13:22:39 +00:00
Hazelnoot
d579687156 merge: Dockerfile mkdir files (!740)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/740

Approved-by: Tess K <me@thvxl.se>
Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
2024-11-17 00:48:37 +00:00
Hazelnoot
de970ff54e merge: Change example config - db name and user consistent with docs (!739)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/739

Approved-by: Tess K <me@thvxl.se>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
2024-11-17 00:41:14 +00:00
Hazelnoot
1bfb0dc395 merge: check harder for connectibility (!737)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/737

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
2024-11-17 00:40:52 +00:00
Hazelnoot
da2dfee0a8 merge: Remove check to prevent admin reporting (Fixes #757) (!727)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/727

Closes #757

Approved-by: Julia <julia@insertdomain.name>
Approved-by: Marie <github@yuugi.dev>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
2024-11-17 00:39:08 +00:00
piuvas
eaad96aae3
edit query 2024-11-15 13:40:53 -03:00
dakkar
0a05841f33 merge: Add "pinned" section to notes tab on user profiles (!689)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/689

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
2024-11-13 11:14:59 +00:00
tess
68e5b5a84a Set horizontal margin for even better consistency 2024-11-12 22:09:37 +01:00
tess
6d6b03dfe2 tweak popup left margin for consistency 2024-11-12 21:39:38 +01:00
tess
19be113cb4 Keep MkUserPopup from extending past left side of screen 2024-11-12 21:39:38 +01:00
tess
101ca9e0f7 make sure popup position is never off screen to the left 2024-11-12 21:39:38 +01:00
Luna Nova
906c2863db
fix: move cypress to optionalDependencies in packages/frontent/package.json 2024-11-12 14:33:05 -05:00
dakkar
917e67d356 merge: Styling of following feed. (!738)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/738

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
2024-11-11 11:14:52 +00:00
Hazelnoot
cd2e597223 merge: Improve performance of notes/following API (!743)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/743

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
2024-11-09 10:54:18 +00:00
Caramel
03559156b9 Improve performance of notes/following API 2024-11-09 00:32:03 +01:00
Rachel Y
aebdbf07b4 creat and chown /sharkey/files in dockerfile 2024-11-07 20:09:52 +00:00
Rachel Y
00ab7f5bd1 Update file Dockerfile 2024-11-07 20:09:01 +00:00
Maciej
83f780978c Change example config - db name and user consistent with docs 2024-11-07 07:57:35 +00:00
piuvas
7f9a151055
give ff entries clickable pointer 2024-11-05 20:27:24 -03:00
piuvas
e0a2e7aedc
animations following feed 2024-11-05 20:22:56 -03:00
dakkar
9fe5dc679a check harder for connectibility
`allSettled` does not throw if a promise is rejected, so
`check_connect` never actually failed
2024-11-05 14:21:58 +00:00
Julia
6ed38f53f5 merge: Bump version number (!735)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/735
2024-11-05 06:14:24 +00:00
Julia Johannesen
0f07f27642
chore: Bump version number 2024-11-05 01:10:49 -05:00
Julia
680e3ac7a3 merge: release 2024.9.1 (!733)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/733

Approved-by: Marie <github@yuugi.dev>
Approved-by: Julia <julia@insertdomain.name>
2024-11-05 03:59:23 +00:00
CenTdemeern1
c2c2120b76 Center SkModPlayer on big displays
Authored-by: Freeplay <freeplay@duck.com>
Co-authored-by: Freeplay <freeplay@duck.com>
2024-11-04 22:50:56 +01:00
dakkar
002d0def42 comment out sharkey-specific crowdin link
we don't have it set up yet ☹
2024-11-04 20:54:48 +00:00
dakkar
a769423c15 bump version number for release 2024-11-04 18:50:26 +00:00