etc/Sharkey
0
0
Fork 0
mirror of https://activitypub.software/TransFem-org/Sharkey synced 2024-11-27 16:33:02 +00:00
Code Issues Projects Releases Packages Wiki Activity
28716 commits 60 branches 923 tags 170 MiB
Commit graph

7080 commits

Author SHA1 Message Date
Julia Johannesen
36af07abe2
Fix another style error 2024-11-20 20:31:22 -05:00
Julia Johannesen
23c4aa2571
Fix style error 2024-11-20 20:24:59 -05:00
Julia Johannesen
1758f29364
Fix error in test function calls 2024-11-20 20:16:43 -05:00
Julia Johannesen
fa3cf6c299
Fix type error in security fixes 2024-11-20 20:06:46 -05:00
Hazelnoot
b0834ebf55 prevent DoS from spammed media proxy requests 2024-11-20 19:37:38 -05:00
Julia Johannesen
8e90484b3e
Bump version 2024-11-20 19:21:57 -05:00
rectcoordsystem
776f6fd1f5
fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses 2024-11-20 19:17:25 -05:00
rectcoordsystem
7b3e3f8e25
fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService) 2024-11-20 19:17:25 -05:00
rectcoordsystem
360d71278a
fix(backend): lint and typecheck 2024-11-20 19:17:25 -05:00
rectcoordsystem
663c06be00
Apply suggestions from code review 
Co-authored-by: anatawa12 <anatawa12@icloud.com>
 2024-11-20 19:17:25 -05:00
rectcoordsystem
7ccccf5545
fix(backend): allow accessing private IP when testing 2024-11-20 19:17:25 -05:00
rectcoordsystem
f36f4b5398
fix(backend): check target IP before sending HTTP request 2024-11-20 19:17:25 -05:00
Julia Johannesen
cc4e99fdde
fix: Try using CacheService to avoid excess db lookups 
This isn't perfect, theoretically if some massive number of users
blocked the user making this request the set lookup could take a long
amount of time, but eh, it works, and that scenario is highly unlikely.
 2024-11-20 19:17:25 -05:00
Julia Johannesen
5764fa55cb
fix: primitives 25-33: proper local instance checks 2024-11-20 19:17:25 -05:00
Julia Johannesen
74565f67f7
fix: primitives 21, 22, and 23: reuse resolver 
This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.
 2024-11-20 19:17:25 -05:00
Julia Johannesen
408e782507
fix: primitive 19 & 20: respect blocks and hide more 
Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.
 2024-11-20 19:17:25 -05:00
Julia Johannesen
cbf8cc376e
fix: primitive 18: ap/get bypasses access checks 
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
 2024-11-20 19:17:25 -05:00
Julia Johannesen
c04f344049
fix: primitive 13: check attribution against actor in notes 2024-11-20 19:17:25 -05:00
Julia Johannesen
b9080da75d
fix: code style for primitive 17 2024-11-20 19:17:24 -05:00
Laura Hausmann
4d925fc086
fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array 2024-11-20 19:17:24 -05:00
Laura Hausmann
b74e2e9167
fix: primitive 16: improper same-origin validation for user uri and url 2024-11-20 19:17:24 -05:00
Laura Hausmann
ebea1a2962
fix: primitive 15: improper same-origin validation for note uri and url 2024-11-20 19:17:24 -05:00
Julia Johannesen
4c432c07cb
fix: code style for primitive 14 2024-11-20 19:17:24 -05:00
Laura Hausmann
322b3b677f
fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections 2024-11-20 19:17:24 -05:00
Julia Johannesen
1c7e05ce9e
fix: primitive 7 & 12: prevent poll spoofing 2024-11-20 19:17:24 -05:00
Laura Hausmann
9ab25ede28
fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name 2024-11-20 19:17:24 -05:00
Laura Hausmann
174dfb83d0
fix: primitive 6: reject anonymous objects that were fetched by their id 2024-11-20 19:17:24 -05:00
Laura Hausmann
ad8e8793c7
fix: primitives 5 & 8: reject activities with non-string identifiers 2024-11-20 19:17:24 -05:00
Laura Hausmann
1e14612f0e
fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities 2024-11-20 19:17:24 -05:00
Laura Hausmann
9090b745e6
fix: primitive 3: validation of non-final url 2024-11-20 19:17:24 -05:00
Laura Hausmann
d883934826
fix: primitive 2: acceptance of cross-origin alternate links 2024-11-20 19:17:23 -05:00
Julia Johannesen
fb54546573
Fix linter error in emojis endpoint 2024-11-20 01:17:24 -05:00
Julia
9e0b759197 merge: Bump develop version (!757) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/757
 2024-11-20 05:56:55 +00:00
Hazelnoot
d150e92f41 prevent DoS from spammed media proxy requests 2024-11-19 23:31:59 -05:00
dakkar
482538c7f8 merge: make emoji categories and names case insensitive. (!746) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/746

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-11-17 13:22:39 +00:00
Hazelnoot
1bfb0dc395 merge: check harder for connectibility (!737) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/737

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
 2024-11-17 00:40:52 +00:00
Hazelnoot
da2dfee0a8 merge: Remove check to prevent admin reporting (Fixes #757) (!727) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/727

Closes #757

Approved-by: Julia <julia@insertdomain.name>
Approved-by: Marie <github@yuugi.dev>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
 2024-11-17 00:39:08 +00:00
piuvas
eaad96aae3
edit query 2024-11-15 13:40:53 -03:00
dakkar
0a05841f33 merge: Add "pinned" section to notes tab on user profiles (!689) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/689

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
 2024-11-13 11:14:59 +00:00
tess
68e5b5a84a Set horizontal margin for even better consistency 2024-11-12 22:09:37 +01:00
tess
6d6b03dfe2 tweak popup left margin for consistency 2024-11-12 21:39:38 +01:00
tess
19be113cb4 Keep MkUserPopup from extending past left side of screen 2024-11-12 21:39:38 +01:00
tess
101ca9e0f7 make sure popup position is never off screen to the left 2024-11-12 21:39:38 +01:00
dakkar
917e67d356 merge: Styling of following feed. (!738) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/738

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2024-11-11 11:14:52 +00:00
Caramel
03559156b9 Improve performance of notes/following API 2024-11-09 00:32:03 +01:00
piuvas
7f9a151055
give ff entries clickable pointer 2024-11-05 20:27:24 -03:00
piuvas
e0a2e7aedc
animations following feed 2024-11-05 20:22:56 -03:00
dakkar
9fe5dc679a check harder for connectibility 
`allSettled` does not throw if a promise is rejected, so
`check_connect` never actually failed
 2024-11-05 14:21:58 +00:00
CenTdemeern1
c2c2120b76 Center SkModPlayer on big displays 
Authored-by: Freeplay <freeplay@duck.com>
Co-authored-by: Freeplay <freeplay@duck.com>
 2024-11-04 22:50:56 +01:00
dakkar
002d0def42 comment out sharkey-specific crowdin link 
we don't have it set up yet ☹
 2024-11-04 20:54:48 +00:00
dakkar
a769423c15 bump version number for release 2024-11-04 18:50:26 +00:00
Kio!
8477909af2 Update report-abuse.ts 2024-11-03 19:50:25 +00:00
Julia
e783359aca merge: Revert "Experimental: dont mark backfetched notes as silent" (!703) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/703

Approved-by: Julia <julia@insertdomain.name>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
 2024-11-03 19:39:00 +00:00
Hazelnoot
ddf572c22f fix lint errors in FollowingEntityService.ts 2024-11-02 17:43:11 -04:00
Hazelnoot
872f987845 hide instance following / followers tabs from logged-out users 2024-11-02 17:39:16 -04:00
Hazel K
37fd454f70 factor out shared code 2024-11-02 17:39:16 -04:00
Hazel K
2e6726c81f update autogen types 2024-11-02 17:39:16 -04:00
Hazel K
3a72bf453a respect following privacy settings 2024-11-02 17:39:16 -04:00
Hazel K
65d81a4ae2 Revert "fix incorrect populated object in followers endpoint" 
This reverts commit 7b9473bf4c0b55facede0e1d1e33297d14184110.
 2024-11-02 17:39:16 -04:00
Hazel K
8f0df1f01c check for blocks in following / followers endpoints 2024-11-02 17:39:16 -04:00
Hazel K
c566fa1f36 require auth for followers & following endpoints 2024-11-02 17:39:16 -04:00
Hazelnoot
1c181df086 restore ordering of MkNotes attributes in index.timeline.vue 2024-11-02 17:38:20 -04:00
Hazelnoot
f5652605ec remove notes-container.vue and revert refactor 2024-11-02 17:38:20 -04:00
Hazelnoot
9d3aa6bb41 add pinned section to "notes" tab on user profiles 2024-11-02 17:38:19 -04:00
Hazelnoot
5b64b9001d fix weird spacing on notes/home.vue 2024-11-02 17:38:19 -04:00
dakkar
1906dbe1dc merge: Fix frontend TS configs (!725) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/725

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2024-11-02 18:00:57 +00:00
Hazelnoot
b97db55a94 fix eslint in frontend / frontend-embed 2024-11-02 13:00:49 -04:00
Hazelnoot
4ad816e0df fix frontend-embed tsconfig includes 2024-11-02 11:43:24 -04:00
Hazelnoot
5e054d0218 fix frontend tsconfig includes 2024-11-02 11:40:40 -04:00
Marie
b8b077cbad chore: replace recaptcha with frc 2024-11-02 11:02:13 +00:00
Marie
d786e96c2b
upd: add FriendlyCaptcha as a captcha solution 
FriendlyCaptcha is a german captcha solution which is GDPR compliant and has a non-commerical free license
 2024-11-02 02:20:35 +01:00
Hazelnoot
8824422cb5 merge: Add a clear filter option to the search widget if set (!722) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/722

Closes #786

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
 2024-11-01 18:01:19 +00:00
Hazelnoot
bcc845cdb1 merge: Allow admins to create users (resolves #764) (!719) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/719

Closes #764

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2024-11-01 18:00:33 +00:00
Marie
c8357a410b upd: append ✔ on set filter 2024-11-01 17:45:04 +00:00
dakkar
8b16b0fce9 merge: Hide Following Feed from guest users/logged out users and also don't show the button for migrated accounts (!721) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/721

Closes #787

Approved-by: Amber Null <puppygirlhornyposting@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-11-01 17:33:39 +00:00
Hazelnoot
ade801ec58 check token permissions in admin/accounts/create.ts 2024-11-01 10:12:28 -04:00
Hazelnoot
37ff2bb0ca always approve the first / root user 2024-11-01 09:29:40 -04:00
Hazelnoot
f36a1a5701 allow admins to create approved users 2024-11-01 09:29:40 -04:00
Hazelnoot
173623a24b add missing copyright header to following-feed-utils.ts 2024-11-01 09:28:20 -04:00
Hazelnoot
64e4cf8277 fix inconsistent following feed filters on mobile 2024-11-01 09:27:34 -04:00
Marie
131fab1032 upd: add clear filter option if filter is set 2024-11-01 13:08:28 +00:00
Marie
9daecc27a5 upd: lock following-feed behind loginRequired and check if user has moved instances 2024-11-01 12:50:54 +00:00
Julia
1520bc1715 merge: Split character limits between local and remote notes (resolves #723) (!669) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/669

Closes #723

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Julia <julia@insertdomain.name>
 2024-10-29 03:04:25 +00:00
dakkar
276b30bdc0 merge: Collapse user activity, files, and listenbrainz on mobile (resolves #747) (!718) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/718

Closes #747

Approved-by: Marie <github@yuugi.dev>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-10-27 12:12:30 +00:00
dakkar
473f100b67 merge: fix inconsistent relation badges between user profile and user info block (resolves #778) (!716) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/716

Closes #778

Approved-by: Marie <github@yuugi.dev>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-10-27 12:07:38 +00:00
dakkar
d72c40d157 merge: fix race conditions in check_connect.js (!715) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/715

Approved-by: Marie <github@yuugi.dev>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-10-27 12:05:48 +00:00
Hazelnoot
6e5cbedc75 merge: Fix activity verification after key rotation (!691) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/691

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2024-10-27 02:51:07 +00:00
Hazelnoot
e87dddcca2 merge: remove stripes from posting preview (!714) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/714

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
 2024-10-27 02:47:59 +00:00
Hazelnoot
a541eaba5e fix test errors 2024-10-26 17:34:42 -04:00
Hazelnoot
d2a4d6d9e0 fix lint errors in home.vue / index.listenbrainz.vue 2024-10-26 12:58:07 -04:00
Hazelnoot
75fc3de405 collapse user activity/files/listenbrainz by default on mobile 2024-10-26 12:51:52 -04:00
Hazelnoot
b034e1db67 fix inconsistent relation badges between user profile and user info block 2024-10-26 11:31:11 -04:00
Hazelnoot
27b502fab5 normalize re-fetch logic between InboxProcessorService and ActivityPubServerService 2024-10-26 10:40:15 -04:00
Hazelnoot
c0a5955e0a log key rotation 2024-10-26 10:40:15 -04:00
Hazelnoot
5eb9a263e2 fix public key re-fetch logic 2024-10-26 10:40:15 -04:00
Hazelnoot
78a75171c2 remove cached public keys after deletion 2024-10-26 10:40:15 -04:00
Hazelnoot
ca1cdc4ea3 fix poll option limit in masto API 2024-10-26 10:38:29 -04:00
Hazelnoot
726013057d show separate counters for text limit and CW limit 2024-10-26 10:38:16 -04:00
Hazelnoot
c5d9bde43f expose CW limit to frontend 2024-10-26 10:37:43 -04:00
Hazelnoot
01e98c75ab add separate limits for CW length 2024-10-26 10:04:23 -04:00