Commit graph

351 commits

Author SHA1 Message Date
syuilo
abcd5bc951 update summaly 2022-06-04 17:24:41 +09:00
syuilo
11afdf7e24 fix bug 2022-06-04 15:15:44 +09:00
syuilo
702edfd3d3 fix test 2022-06-04 14:25:30 +09:00
Johann150
32dff28460
fix: add id for activitypub follows (#8689)
* add id for activitypub follows

* fix lint

* fix: follower must be local, followee must be remote

Misskey will only use ActivityPub follow requests for users that are local
and are requesting to follow a remote user. This check is to ensure that
this endpoint can not be used by other services or instances.

* fix: missing import

* render block with id

* fix comment
2022-06-04 13:52:42 +09:00
Johann150
9954c054a7
fix: ensure resolver does not fetch local resources via HTTP(S) (#8733)
* refactor: parseUri types and checks

The type has been refined to better represent what it actually is. Uses of
parseUri are now also checking the parsed object type before resolving.

* cannot resolve URLs with fragments

* also take remaining part of URL into account

Needed for parsing the follows URIs.

* Resolver uses DbResolver for local

* remove unnecessary use of DbResolver

Using DbResolver would mean that the URL is parsed and handled again.
This duplicated processing can be avoided by querying the database directly.

* fix missing property name
2022-06-04 11:29:20 +09:00
Johann150
81109b14b5
fix: correctly render empty note text (#8746)
Ensure that the _misskey_content attribute will always exist. Because
the API endpoint does not require the existence of the `text` field,
that field may be `undefined`. By using `?? null` it can be ensured
that the value is at least `null`.

Furthermore, the rendered HTML of a note with empty text will also be
the empty string. From git blame it seems that this behaviour was added
because of a Mastodon bug that might have previously existed. Hoever,
this seems to be no longer the case as I can find mastodon posts that
have empty content.

The code could be made a bit more succinct by using the null coercion
operator.
2022-06-03 23:18:44 +09:00
PikaDude
6061937996
User moderation details (#8762)
* add more user details for admins to see

* fix some issues

* small style fix

as suggested by Johann150

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

* fix

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
2022-06-03 23:14:50 +09:00
syuilo
71c230b7b7 Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop 2022-06-03 23:08:18 +09:00
syuilo
a3fed7d0fb fix(test): reset redis in e2e test
#7986
2022-06-03 23:08:15 +09:00
Johann150
025bf4a5e7
fix(mfm): remove duplicate br tag/newline (#8616) 2022-05-31 18:57:55 +09:00
Johann150
c56e45ecef
fix: always remove completed tasks (#8771) 2022-05-31 17:54:02 +09:00
MeiMei
c05723ca6a
Fix IP address rate limit (#8758)
* Fix IP address rate limit

* CHANGELOG

* Tune getIpHash
2022-05-31 17:44:22 +09:00
Johann150
ebc2566130
fix: add missing import
fix #8756
2022-05-29 14:33:42 +02:00
Johann150
804fa33535
refactor: improve code quality (#8751)
* remove unnecessary if

`Array.prototype.some` already returns a boolean so an if to return
true or false is completely unnecessary in this case.

* perf: use count instead of find

When using `count` instead of `findOneBy`, the data is not
unnecessarily loaded.

* remove duplicate null check

The variable is checked for null in the lines above and the function
returns if so. Therefore, it can not be null at this point.

* simplify `getJsonSchema`

Because the assigned value is `null` and the used keys are only
shallow, use of `nestedProperty.set` seems inappropriate. Because the
value is not read, the initial for loop can be replaced by a `for..in`
loop.

Since all keys will be assigned `null`, the condition of the ternary
expression in the nested function will always be true. Therefore the
recursion case will never happen. With this the nested function can be
eliminated.

* remove duplicate condition

The code above already checks `dragging` and returns if it is truthy.
Checking it again later is therefore unnecessary.

To make this more obvious the `return` is removed in favour of using
an if...else construct.

* remove impossible "unknown" time

The `ago` variable will always be a number and all non-negative numbers
are already covered by other cases, the negative case is handled with
`future` so there is no case when `unkown` could be achieved.
2022-05-29 15:15:52 +09:00
tamaina
f1d2398eac
fix(client): Vite related boot mechanism revision (#8753)
* preload app css

* remove salt

* APP_FETCH_FAILED error

* set max-age to 15s
2022-05-29 10:58:54 +09:00
tamaina
4917961736
preload app css (#8752) 2022-05-29 10:57:06 +09:00
Johann150
e54aa56ee1
chore: remove unused imports 2022-05-28 21:17:23 +02:00
Johann150
21d54f2758
fix: validate text is not empty
fix #8747
2022-05-28 17:26:17 +02:00
Johann150
161659de5c
enhance: replace signin CAPTCHA with rate limit (#8740)
* enhance: rate limit works without signed in user

* fix: make limit key required for limiter

As before the fallback limiter key will be set from the endpoint name.

* enhance: use limiter for signin

* Revert "CAPTCHA求めるのは2fa認証が無効になっているときだけにした"

This reverts commit 02a43a310f.

* Revert "feat: make captcha required when signin to improve security"

This reverts commit b21b058005.

* fix undefined reference

* fix: better error message

* enhance: only handle prefix of IPv6
2022-05-28 12:06:47 +09:00
Johann150
63a814c70e
fix(docs): correct information for drive upload (#8736) 2022-05-27 22:03:25 +09:00
Johann150
9c80403072
use http-signature module that supports hs2019 (#8635) 2022-05-26 09:12:17 +09:00
syuilo
b3ad04fcb0 update deps 2022-05-25 23:28:56 +09:00
syuilo
3c3140a100 refactor: use === 2022-05-25 23:19:39 +09:00
Johann150
8d5c9e96e4
fix: assume remote users are following each other (#8734)
Misskey does not know if two remote users are following each other.
Because ActivityPub actions would otherwise fail on followers only
notes, we have to assume that two remote users are following each other
when an interaction about a remote note occurs.
2022-05-25 23:17:00 +09:00
Johann150
e27c6abaea
refactor: temporary files (#8713)
* simplify temporary files for thumbnails

Because only a single file will be written to the directory, creating a
separate directory seems unnecessary. If only a temporary file is created,
the code from `createTemp` can be reused here as well.

* refactor: deduplicate code for temporary files/directories

To follow the DRY principle, the same code should not be duplicated
across different files. Instead an already existing function is used.

Because temporary directories are also create in multiple locations,
a function for this is also newly added to reduce duplication.

* fix: clean up identicon temp files

The temporary files for identicons are not reused and can be deleted
after they are fully read. This condition is met when the stream is closed
and so the file can be cleaned up using the events API of the stream.

* fix: ensure cleanup is called when download fails

* fix: ensure cleanup is called in error conditions

This covers import/export queue jobs and is mostly just wrapping all
code in a try...finally statement where the finally runs the cleanup.

* fix: use correct type instead of `any`
2022-05-25 16:50:22 +09:00
MeiMei
6b44fe165b
Supports Unicode Emoji 14.0 (#8699)
* Unicode 14.0 Emoji

* mfm-js@0.22.0

* CHANGELOG

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-05-25 16:35:30 +09:00
Johann150
6b109c7b0f
fix: wrong type for isVisibleForMe 2022-05-24 10:12:42 +02:00
syuilo
53fc1235d7 Update .mocharc.json 2022-05-21 22:24:57 +09:00
syuilo
b8544814ec lint 2022-05-21 22:21:41 +09:00
syuilo
05c4d6b11e refactor 2022-05-21 22:07:11 +09:00
syuilo
425084b596 Update utils.ts 2022-05-21 22:07:01 +09:00
syuilo
2205c61edf Update utils.ts 2022-05-21 17:40:43 +09:00
Johann150
68f9341e95
hotfix: uniform color migration fix 2022-05-19 15:42:55 +02:00
Johann150
edfded7fb7
fix(activitypub): add authorization checks (#8534)
* fix spelling

* fix(activitypub): add authorization checks
2022-05-19 20:40:16 +09:00
Johann150
aaf5bb62ab
enhance: uniform theme color (#8702)
* enhance: make theme color format uniform

All newly fetched instance theme colors will be uniformely formatted
as hashtag followed by 6 hexadecimal digits.

Colors are checked for validity and invalid colors are not handled.

* better input validation for own theme color

* migration to unify theme color formats

Fixes theme colors of other instances as well as the local instance.

* add changelog entry

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-05-19 09:54:45 +02:00
MeiMei
55a578a8df
fix: Unable to generate video thumbnails (#8696)
* fix: Unable to generate video thumbnails

* CHANGELOG
2022-05-19 16:19:23 +09:00
syuilo
4fc2058745 chore(client): tweak loading spinner design 2022-05-19 15:24:35 +09:00
dependabot[bot]
13b275773b
chore(deps): bump async from 3.2.0 to 3.2.3 in /packages/backend (#8706)
Bumps [async](https://github.com/caolan/async) from 3.2.0 to 3.2.3.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](https://github.com/caolan/async/compare/v3.2.0...v3.2.3)

---
updated-dependencies:
- dependency-name: async
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 11:49:59 +09:00
MeiMei
b6794b614b
enhance: Perform port diagnosis at startup only when Listen fails (#8698)
* Change port check

* Comment: disableClustering

* CHANGELOG

* Smart message
2022-05-19 11:49:07 +09:00
Johann150
037ca92275
fix: postgres type error
Fix a bug introduced in #8659. Solution was already tested there.
2022-05-15 11:32:00 +02:00
syuilo
02a43a310f CAPTCHA求めるのは2fa認証が無効になっているときだけにした
2faのトークンは期限付きだから、CAPTCHA解いてる間に期限切れになる
2022-05-15 16:47:14 +09:00
syuilo
b21b058005 feat: make captcha required when signin to improve security 2022-05-15 12:18:46 +09:00
syuilo
6de40cf789 fix(server): prevent crash when processing certain PNGs
Fix #8605
2022-05-15 01:16:12 +09:00
iwata
67e1ee41c9
test: Nodeのカスタムローダーを直してテストが動くように (#8625)
* test: Nodeのカスタムローダーを直してテストが動くように

* dev: mochaを呼ぶコマンドにNODE_ENV=testを追加

* Update packages/backend/test/loader.js

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

* chore: change export style in loader.js

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
2022-05-14 16:10:20 +09:00
iwata
ebb4308a5c
test: __dirnameはESModuleでは使えないので置き換えた (#8626) 2022-05-14 16:09:47 +09:00
tamaina
b2a5076d14
fix: ユーザー検索で、クエリがusernameの条件を満たす場合はusernameもLIKE検索するように (#8644)
* Fix #8643

* 部分一致にする
2022-05-14 15:24:44 +09:00
iwata
22bb1a1793
test: e2eテストがCIで失敗していた問題をいくつか修正 (#8642)
* test: indexeddbをテスト毎に初期化するように

* fix: metaが無いときにfetch-metaを同時に呼ぶと死ぬことがある問題を修正

* test: ログイン後のクライアント側処理を待たずにリロードされてログイン出来ないことがあったのを修正
2022-05-14 15:16:45 +09:00
Johann150
4b872856c2
fix: keep file order (#8659) 2022-05-14 15:09:10 +09:00
syuilo
98e42ec6ff enhance: Display TOTP Register URL
Close #7261

Co-Authored-By: tamaina <tamaina@hotmail.co.jp>
2022-05-14 15:00:15 +09:00
syuilo
e161b71651 update deps 2022-05-14 14:57:51 +09:00