etc/Sharkey
0
0
Fork 0
mirror of https://activitypub.software/TransFem-org/Sharkey synced 2024-12-20 23:40:10 +00:00
Code Issues Projects Releases Packages Wiki Activity
28812 commits 53 branches 924 tags 177 MiB
Commit graph

3134 commits

Author SHA1 Message Date
Hazelnoot
ab97b91606 improve AP job clearing and failure logging 2024-11-26 08:59:06 -05:00
Hazelnoot
a47590e64c add shared (cross-resource) rate limit for proxy 2024-11-25 13:03:51 -05:00
Hazelnoot
1fb1875ac3 normalize AP IDs during verification 2024-11-23 20:23:05 -05:00
dakkar
b4a278ae54 merge: Comply with type for Packed<'Note'> (fixes aria client compatibility) (!771) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/771

Approved-by: dakkar <dakkar@thenautilus.net>
 2024-11-22 23:57:22 +00:00
dakkar
a51fef29c0 remove minInterval from FileServerService 
when showing a reply, browser will request the replied-to avatar twice
at the same time, and get confused if one of the requests is refused

something similar seems to happen with videos and their previews
 2024-11-22 23:25:07 +00:00
dakkar
8e07eb7f44 remove duplicate limit 
the `users/lists/push` endpoint already has a limit, of 30/hour
 2024-11-22 23:14:37 +00:00
dakkar
caaa78d98d merge: Add default rate limit (!768) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/768

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
Approved-by: Marie <github@yuugi.dev>
 2024-11-22 23:03:34 +00:00
dakkar
0ea0466313 merge: Filter Add / Remove activities with non-Note payloads (resolves #750) (!693) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/693

Closes #750

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2024-11-22 23:03:12 +00:00
dakkar
3ae9f4e8e6 merge: Accept Like(Note) and Update(Note) activities where the Note isn't already cached (resolves #795 and #748) (!729) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/729

Closes #795 and #748

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2024-11-22 23:02:39 +00:00
Hazelnoot
3faad0a5e5 merge: Fix typo "to many requests" (!769) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/769

Approved-by: Tess K <me@thvxl.se>
Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2024-11-22 21:33:03 +00:00
tess
ebdfb2feb7 Comply with type for Packed<'Note'> 2024-11-22 21:57:04 +01:00
Hazelnoot
dbab122a99 fix typo "to many requests" 2024-11-22 15:26:55 -05:00
Hazelnoot
e3b826db5a add rate limits to all public endpoints 2024-11-22 15:19:24 -05:00
Hazelnoot
7e3f519a5b merge: Fix note hiding when renote and target have different visibility settings (resolves #803) (!741) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/741

Closes #803

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2024-11-22 19:35:19 +00:00
Hazelnoot
6b54405003 add default / fallback rate limit 2024-11-22 13:53:41 -05:00
Hazelnoot
e32fb4e86d remove unused import from ApInboxService.ts (introduced by merge error) 2024-11-22 09:22:26 -05:00
Hazelnoot
2b9c3f0d5c log type of unsupported featured object 2024-11-22 09:20:49 -05:00
Hazelnoot
ae7b90de6c allow any valid post to be featured, not just Note 2024-11-22 09:20:46 -05:00
Hazelnoot
d74cf9e4ff filter Add / Remove activities with non-Note payloads 2024-11-22 09:20:11 -05:00
Hazelnoot
9d5bc6cb28 pass resolver when creating notes via side-effect 2024-11-22 09:16:52 -05:00
Hazelnoot
9d3321fca4 allow Update(Note) and Update(Poll) to implicitly create missing notes 2024-11-22 09:16:48 -05:00
Hazelnoot
2bbccde2ce reduce inbox log spam when fetching blocked / unavailable notes 2024-11-22 09:16:03 -05:00
Hazelnoot
47eb0daebb fetch target note of Like(Note) activities 2024-11-22 09:16:03 -05:00
Hazelnoot
fadcabeaa6 merge: Don't preview URLs to blocked hosts (!751) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/751

Approved-by: Tess K <me@thvxl.se>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-11-22 10:37:29 +00:00
Hazelnoot
2ac36e4a5c merge: Fix federation error "The note creation failed with duplication error even when there is no duplication" (resolves #749) (!745) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/745

Closes #749

Approved-by: Tess K <me@thvxl.se>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-11-22 10:37:11 +00:00
Hazelnoot
4b5a400264 merge: Allow Update activities for non-note posts (resolves #794) (!728) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/728

Closes #794

Approved-by: Tess K <me@thvxl.se>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-11-22 10:35:21 +00:00
Hazelnoot
5b72c08a68 merge: Fix type confusion with exceptions in AP handling (resolves #796) (!730) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/730

Closes #796

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
 2024-11-21 16:44:54 +00:00
Hazelnoot
9f3b97effb merge: Reduce log spam from ApPersonService.updateFeatured (!747) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/747

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
 2024-11-21 16:35:18 +00:00
Hazelnoot
34a5dbe21b merge: Reduce log spam from charts (!748) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/748

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
 2024-11-21 16:32:32 +00:00
Hazelnoot
241b186a8a merge: Prevent "mark instance as NSFW" from producing hellspawns (!749) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/749

Approved-by: Tess K <me@thvxl.se>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-11-21 05:26:41 +00:00
Hazelnoot
4b503f88e1 normalize naming of isPackedPureRenote and PackedPureRenote 2024-11-20 22:27:52 -05:00
Hazelnoot
faf1b3559a fix note hiding when renote and target have different visibility settings 2024-11-20 22:27:50 -05:00
Hazelnoot
2fb2e52312 add isPureRenotePacked 2024-11-20 22:27:43 -05:00
Hazelnoot
2a4c432f41 don't generate URL previews for blocked domains 2024-11-20 22:25:49 -05:00
Hazelnoot
4c6cec552e verify that preview URL is valid 2024-11-20 22:25:49 -05:00
Hazelnoot
c48faca707 fix lint errors in UrlPreviewService 2024-11-20 22:25:49 -05:00
Hazelnoot
bcc20d6dc4 allow Update activities for non-note posts 2024-11-20 22:08:20 -05:00
Hazelnoot
0de7a084a9 fix exception handling for Undo activities 2024-11-20 22:05:10 -05:00
Hazelnoot
cfc3ab4b04 fix exception handling for Announce activities 2024-11-20 22:05:10 -05:00
Hazelnoot
8f42e8434e fix exception handling for Like activities 2024-11-20 22:05:10 -05:00
Hazelnoot
dff465000c fix import-order in ApInboxService 2024-11-20 22:05:10 -05:00
Hazelnoot
0f6d26e065 reduce log spam from charts 2024-11-20 22:03:32 -05:00
Hazelnoot
c9934c379f remove duplicate isPureRenote method 2024-11-20 22:03:17 -05:00
Hazelnoot
a62e4f1cf2 ignore isNSFW for pure renotes 2024-11-20 22:03:17 -05:00
Hazelnoot
dcd5b6d972 replace console.error with this.logger.error (merge error) 2024-11-20 22:02:59 -05:00
Hazelnoot
fedf0d7e20 further reduce log spam from updateFeatured errors 2024-11-20 22:02:59 -05:00
Hazelnoot
984cfe358d reduce log spam from updateFeatured 2024-11-20 22:02:59 -05:00
Hazelnoot
aabb1945e8 respect pinned note limit for remote users 2024-11-20 22:02:47 -05:00
Hazelnoot
4e0f7ced84 preserve the raw URI in parseUri 2024-11-20 22:02:31 -05:00
Julia
41536480ce merge: Bump develop version (!766) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/766
 2024-11-21 02:58:28 +00:00
Julia Johannesen
6027b516e1
Fix .punyHost misuse 2024-11-20 21:24:35 -05:00
Julia Johannesen
36af07abe2
Fix another style error 2024-11-20 20:31:22 -05:00
Julia Johannesen
23c4aa2571
Fix style error 2024-11-20 20:24:59 -05:00
Julia Johannesen
1758f29364
Fix error in test function calls 2024-11-20 20:16:43 -05:00
Julia Johannesen
fa3cf6c299
Fix type error in security fixes 2024-11-20 20:06:46 -05:00
Hazelnoot
b0834ebf55 prevent DoS from spammed media proxy requests 2024-11-20 19:37:38 -05:00
Julia Johannesen
8e90484b3e
Bump version 2024-11-20 19:21:57 -05:00
rectcoordsystem
776f6fd1f5
fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses 2024-11-20 19:17:25 -05:00
rectcoordsystem
7b3e3f8e25
fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService) 2024-11-20 19:17:25 -05:00
rectcoordsystem
360d71278a
fix(backend): lint and typecheck 2024-11-20 19:17:25 -05:00
rectcoordsystem
663c06be00
Apply suggestions from code review 
Co-authored-by: anatawa12 <anatawa12@icloud.com>
 2024-11-20 19:17:25 -05:00
rectcoordsystem
7ccccf5545
fix(backend): allow accessing private IP when testing 2024-11-20 19:17:25 -05:00
rectcoordsystem
f36f4b5398
fix(backend): check target IP before sending HTTP request 2024-11-20 19:17:25 -05:00
Julia Johannesen
cc4e99fdde
fix: Try using CacheService to avoid excess db lookups 
This isn't perfect, theoretically if some massive number of users
blocked the user making this request the set lookup could take a long
amount of time, but eh, it works, and that scenario is highly unlikely.
 2024-11-20 19:17:25 -05:00
Julia Johannesen
5764fa55cb
fix: primitives 25-33: proper local instance checks 2024-11-20 19:17:25 -05:00
Julia Johannesen
74565f67f7
fix: primitives 21, 22, and 23: reuse resolver 
This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.
 2024-11-20 19:17:25 -05:00
Julia Johannesen
408e782507
fix: primitive 19 & 20: respect blocks and hide more 
Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.
 2024-11-20 19:17:25 -05:00
Julia Johannesen
cbf8cc376e
fix: primitive 18: ap/get bypasses access checks 
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
 2024-11-20 19:17:25 -05:00
Julia Johannesen
c04f344049
fix: primitive 13: check attribution against actor in notes 2024-11-20 19:17:25 -05:00
Julia Johannesen
b9080da75d
fix: code style for primitive 17 2024-11-20 19:17:24 -05:00
Laura Hausmann
4d925fc086
fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array 2024-11-20 19:17:24 -05:00
Laura Hausmann
b74e2e9167
fix: primitive 16: improper same-origin validation for user uri and url 2024-11-20 19:17:24 -05:00
Laura Hausmann
ebea1a2962
fix: primitive 15: improper same-origin validation for note uri and url 2024-11-20 19:17:24 -05:00
Julia Johannesen
4c432c07cb
fix: code style for primitive 14 2024-11-20 19:17:24 -05:00
Laura Hausmann
322b3b677f
fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections 2024-11-20 19:17:24 -05:00
Julia Johannesen
1c7e05ce9e
fix: primitive 7 & 12: prevent poll spoofing 2024-11-20 19:17:24 -05:00
Laura Hausmann
9ab25ede28
fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name 2024-11-20 19:17:24 -05:00
Laura Hausmann
174dfb83d0
fix: primitive 6: reject anonymous objects that were fetched by their id 2024-11-20 19:17:24 -05:00
Laura Hausmann
ad8e8793c7
fix: primitives 5 & 8: reject activities with non-string identifiers 2024-11-20 19:17:24 -05:00
Laura Hausmann
1e14612f0e
fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities 2024-11-20 19:17:24 -05:00
Laura Hausmann
9090b745e6
fix: primitive 3: validation of non-final url 2024-11-20 19:17:24 -05:00
Laura Hausmann
d883934826
fix: primitive 2: acceptance of cross-origin alternate links 2024-11-20 19:17:23 -05:00
Julia Johannesen
fb54546573
Fix linter error in emojis endpoint 2024-11-20 01:17:24 -05:00
Julia
9e0b759197 merge: Bump develop version (!757) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/757
 2024-11-20 05:56:55 +00:00
Hazelnoot
d150e92f41 prevent DoS from spammed media proxy requests 2024-11-19 23:31:59 -05:00
dakkar
482538c7f8 merge: make emoji categories and names case insensitive. (!746) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/746

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-11-17 13:22:39 +00:00
Hazelnoot
1bfb0dc395 merge: check harder for connectibility (!737) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/737

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
 2024-11-17 00:40:52 +00:00
Hazelnoot
da2dfee0a8 merge: Remove check to prevent admin reporting (Fixes #757) (!727) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/727

Closes #757

Approved-by: Julia <julia@insertdomain.name>
Approved-by: Marie <github@yuugi.dev>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
 2024-11-17 00:39:08 +00:00
piuvas
eaad96aae3
edit query 2024-11-15 13:40:53 -03:00
Caramel
03559156b9 Improve performance of notes/following API 2024-11-09 00:32:03 +01:00
dakkar
9fe5dc679a check harder for connectibility 
`allSettled` does not throw if a promise is rejected, so
`check_connect` never actually failed
 2024-11-05 14:21:58 +00:00
Kio!
8477909af2 Update report-abuse.ts 2024-11-03 19:50:25 +00:00
Julia
e783359aca merge: Revert "Experimental: dont mark backfetched notes as silent" (!703) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/703

Approved-by: Julia <julia@insertdomain.name>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
 2024-11-03 19:39:00 +00:00
Hazelnoot
ddf572c22f fix lint errors in FollowingEntityService.ts 2024-11-02 17:43:11 -04:00
Hazel K
37fd454f70 factor out shared code 2024-11-02 17:39:16 -04:00
Hazel K
3a72bf453a respect following privacy settings 2024-11-02 17:39:16 -04:00
Hazel K
65d81a4ae2 Revert "fix incorrect populated object in followers endpoint" 
This reverts commit 7b9473bf4c0b55facede0e1d1e33297d14184110.
 2024-11-02 17:39:16 -04:00
Hazel K
8f0df1f01c check for blocks in following / followers endpoints 2024-11-02 17:39:16 -04:00
Hazel K
c566fa1f36 require auth for followers & following endpoints 2024-11-02 17:39:16 -04:00
Marie
b8b077cbad chore: replace recaptcha with frc 2024-11-02 11:02:13 +00:00