From cd1f2adca7a65b74eb85a3f1c73471d608f996a4 Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 13:21:11 +0900 Subject: [PATCH 01/16] :art: --- packages/frontend/src/style.scss | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packages/frontend/src/style.scss b/packages/frontend/src/style.scss index 7e8996f5df..5a465d7873 100644 --- a/packages/frontend/src/style.scss +++ b/packages/frontend/src/style.scss @@ -127,12 +127,11 @@ hr { } .ti { - vertical-align: -14%; + vertical-align: -12%; line-height: 1em; &:before { - display: inline-block; - font-size: 130%; + font-size: 128%; } } From 2361e11e98d23fa82f718b67e520767a9322aab4 Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 16:42:22 +0900 Subject: [PATCH 02/16] Update about-misskey.vue --- packages/frontend/src/pages/about-misskey.vue | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/frontend/src/pages/about-misskey.vue b/packages/frontend/src/pages/about-misskey.vue index 6d88feceaf..0a62768d22 100644 --- a/packages/frontend/src/pages/about-misskey.vue +++ b/packages/frontend/src/pages/about-misskey.vue @@ -178,6 +178,7 @@ const patrons = [ '蝉暮せせせ', 'ThatOneCalculator', 'pixeldesu', + 'だれかさん', ]; let thereIsTreasure = $ref($i && !claimedAchievements.includes('foundTreasure')); From a4867165205f6be7d6939d7ce60aa355c4c28ab8 Mon Sep 17 00:00:00 2001 From: tamaina Date: Thu, 9 Feb 2023 07:49:39 +0000 Subject: [PATCH 03/16] =?UTF-8?q?perf:=20renderBase=E3=81=A7Cache-Control?= =?UTF-8?q?=E3=82=9215=E7=A7=92=E3=81=8B=E3=82=89300=E7=A7=92=E3=81=AB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 7 +++++++ packages/backend/src/server/web/ClientServerService.ts | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 77df0d292e..a02788b7ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,13 @@ You should also include the user name that made the change. --> +## 13.x.x (unreleased) + +### Improvements +- Server: UIのHTML(ノートなどの特別なページを除く)のキャッシュ時間を15秒から300秒に + +### Bugfixes +- ## 13.5.3 (2023/02/09) diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts index 1fa8950d75..46470246ef 100644 --- a/packages/backend/src/server/web/ClientServerService.ts +++ b/packages/backend/src/server/web/ClientServerService.ts @@ -337,7 +337,7 @@ export class ClientServerService { const renderBase = async (reply: FastifyReply) => { const meta = await this.metaService.fetch(); - reply.header('Cache-Control', 'public, max-age=15'); + reply.header('Cache-Control', 'public, max-age=300'); return await reply.view('base', { img: meta.bannerUrl, title: meta.name ?? 'Misskey', From deed25a2ffdcb33d9a43bb1a3677ceca0603b23c Mon Sep 17 00:00:00 2001 From: tamaina Date: Thu, 9 Feb 2023 08:00:45 +0000 Subject: [PATCH 04/16] Fix #9842 --- packages/backend/src/server/web/views/base.pug | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/backend/src/server/web/views/base.pug b/packages/backend/src/server/web/views/base.pug index d05901baec..8d6897c46d 100644 --- a/packages/backend/src/server/web/views/base.pug +++ b/packages/backend/src/server/web/views/base.pug @@ -35,7 +35,8 @@ html link(rel='prefetch' href='https://xn--931a.moe/assets/info.jpg') link(rel='prefetch' href='https://xn--931a.moe/assets/not-found.jpg') link(rel='prefetch' href='https://xn--931a.moe/assets/error.jpg') - link(rel='stylesheet' href='/assets/tabler-icons/tabler-icons.min.css') + //- https://github.com/misskey-dev/misskey/issues/9842 + link(rel='stylesheet' href='/assets/tabler-icons/tabler-icons.min.css?v2.2.0') link(rel='modulepreload' href=`/vite/${clientEntry.file}`) if !config.clientManifestExists From f80bf1fb1c4b58dae105889dae6cbdb6d1ef09b9 Mon Sep 17 00:00:00 2001 From: tamaina Date: Thu, 9 Feb 2023 08:19:12 +0000 Subject: [PATCH 05/16] =?UTF-8?q?perf:=20renderBase=E3=81=A7Cache-Control?= =?UTF-8?q?=E3=82=92300=E7=A7=92=E3=81=8B=E3=82=8930=E7=A7=92=E3=81=AB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 2 +- packages/backend/src/server/web/ClientServerService.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a02788b7ac..07aa761853 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ You should also include the user name that made the change. ## 13.x.x (unreleased) ### Improvements -- Server: UIのHTML(ノートなどの特別なページを除く)のキャッシュ時間を15秒から300秒に +- Server: UIのHTML(ノートなどの特別なページを除く)のキャッシュ時間を15秒から30秒に ### Bugfixes - diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts index 46470246ef..c69ee33ea3 100644 --- a/packages/backend/src/server/web/ClientServerService.ts +++ b/packages/backend/src/server/web/ClientServerService.ts @@ -337,7 +337,7 @@ export class ClientServerService { const renderBase = async (reply: FastifyReply) => { const meta = await this.metaService.fetch(); - reply.header('Cache-Control', 'public, max-age=300'); + reply.header('Cache-Control', 'public, max-age=30'); return await reply.view('base', { img: meta.bannerUrl, title: meta.name ?? 'Misskey', From 6e61a36d05e886393a1ee204544420ad66fc6227 Mon Sep 17 00:00:00 2001 From: tamaina Date: Thu, 9 Feb 2023 08:32:42 +0000 Subject: [PATCH 06/16] =?UTF-8?q?i/notifications=E3=81=AE=E3=83=AC?= =?UTF-8?q?=E3=83=BC=E3=83=88=E3=83=AA=E3=83=9F=E3=83=83=E3=83=88=E3=82=92?= =?UTF-8?q?=E7=B7=A9=E5=92=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SubwayTooterのバグ対策でレートリミットを設定していたが、通常の使い方でも引っかかることもあるため緩和 --- CHANGELOG.md | 1 + packages/backend/src/server/api/endpoints/i/notifications.ts | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 07aa761853..7840e3cc5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ You should also include the user name that made the change. ### Improvements - Server: UIのHTML(ノートなどの特別なページを除く)のキャッシュ時間を15秒から30秒に +- i/notificationsのレートリミットを緩和 ### Bugfixes - diff --git a/packages/backend/src/server/api/endpoints/i/notifications.ts b/packages/backend/src/server/api/endpoints/i/notifications.ts index 13de3382dd..09bd4cfc17 100644 --- a/packages/backend/src/server/api/endpoints/i/notifications.ts +++ b/packages/backend/src/server/api/endpoints/i/notifications.ts @@ -15,7 +15,7 @@ export const meta = { requireCredential: true, limit: { - duration: 60000, + duration: 30000, max: 15, }, From 2aa800cd556cd3213f50cb8147db9a4ad5249c7e Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 17:34:45 +0900 Subject: [PATCH 07/16] Update about-misskey.vue --- packages/frontend/src/pages/about-misskey.vue | 36 ++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/packages/frontend/src/pages/about-misskey.vue b/packages/frontend/src/pages/about-misskey.vue index 0a62768d22..efd4bfec8e 100644 --- a/packages/frontend/src/pages/about-misskey.vue +++ b/packages/frontend/src/pages/about-misskey.vue @@ -73,7 +73,13 @@ -
+
+
+ + {{ patron.name }} +
+
+
{{ patron }}

{{ i18n.ts._aboutMisskey.morePatrons }}

@@ -99,6 +105,11 @@ import { definePageMetadata } from '@/scripts/page-metadata'; import { claimAchievement, claimedAchievements } from '@/scripts/achievements'; import { $i } from '@/account'; +const patronsWithIcon = [{ + name: 'カイヤン', + icon: 'https://misskey-hub.net/patrons/a2820716883e408cb87773e377ce7c8d.jpg', +}]; + const patrons = [ 'まっちゃとーにゅ', 'mametsuko', @@ -353,4 +364,27 @@ definePageMetadata({ .contributorUsername { margin-left: 12px; } + +.patronsWithIcon { + display: grid; + grid-template-columns: repeat(auto-fill, minmax(200px, 1fr)); + grid-gap: 12px; +} + +.patronWithIcon { + display: flex; + align-items: center; + padding: 12px; + background: var(--buttonBg); + border-radius: 6px; +} + +.patronIcon { + width: 24px; + border-radius: 100%; +} + +.patronName { + margin-left: 12px; +} From b69a079514d02808f8345f3b0ec8ed1715950356 Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 17:36:16 +0900 Subject: [PATCH 08/16] lint --- packages/frontend/src/ui/universal.vue | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/frontend/src/ui/universal.vue b/packages/frontend/src/ui/universal.vue index eac7e7e856..65a1ce0fce 100644 --- a/packages/frontend/src/ui/universal.vue +++ b/packages/frontend/src/ui/universal.vue @@ -142,10 +142,10 @@ mainRouter.on('change', () => { document.documentElement.style.overflowY = 'scroll'; if (window.innerWidth > 1024) { - const tempUI = miLocalStorage.getItem('ui_temp') + const tempUI = miLocalStorage.getItem('ui_temp'); if (tempUI) { - miLocalStorage.setItem('ui', tempUI) - miLocalStorage.removeItem('ui_temp') + miLocalStorage.setItem('ui', tempUI); + miLocalStorage.removeItem('ui_temp'); location.reload(); } } From 803c2144f4889a7fbd1b2f7bf2b886f4a4cec940 Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 17:44:18 +0900 Subject: [PATCH 09/16] Update about-misskey.vue --- packages/frontend/src/pages/about-misskey.vue | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/frontend/src/pages/about-misskey.vue b/packages/frontend/src/pages/about-misskey.vue index efd4bfec8e..f8e9780714 100644 --- a/packages/frontend/src/pages/about-misskey.vue +++ b/packages/frontend/src/pages/about-misskey.vue @@ -108,6 +108,9 @@ import { $i } from '@/account'; const patronsWithIcon = [{ name: 'カイヤン', icon: 'https://misskey-hub.net/patrons/a2820716883e408cb87773e377ce7c8d.jpg', +}, { + name: 'だれかさん', + icon: 'https://misskey-hub.net/patrons/f7409b5e5a88477a9b9d740c408de125.jpg', }]; const patrons = [ @@ -189,7 +192,6 @@ const patrons = [ '蝉暮せせせ', 'ThatOneCalculator', 'pixeldesu', - 'だれかさん', ]; let thereIsTreasure = $ref($i && !claimedAchievements.includes('foundTreasure')); From 5136b05c9b14bd9f46c28276a0a602d7cc04f798 Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 17:53:21 +0900 Subject: [PATCH 10/16] New translations ja-JP.yml (Spanish) (#9839) --- locales/es-ES.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/locales/es-ES.yml b/locales/es-ES.yml index 2464fb1240..f3cd85e6a0 100644 --- a/locales/es-ES.yml +++ b/locales/es-ES.yml @@ -129,6 +129,7 @@ unblockConfirm: "¿Quiere dejar de bloquear esta cuenta?" suspendConfirm: "¿Quiere suspender esta cuenta?" unsuspendConfirm: "¿Quiere dejar de suspender esta cuenta?" selectList: "Seleccione una lista" +selectChannel: "Seleccionar canal" selectAntenna: "Seleccionar antena" selectWidget: "Seleccionar widget" editWidgets: "Editar widgets" From a6a8a7fb8505004bf77b36b521e8897443e5a9c0 Mon Sep 17 00:00:00 2001 From: KOKO Date: Thu, 9 Feb 2023 17:54:30 +0900 Subject: [PATCH 11/16] =?UTF-8?q?fix:=20date=E3=81=AE=E5=88=9D=E6=9C=9F?= =?UTF-8?q?=E5=80=A4=E3=81=8C=E6=AD=A3=E5=B8=B8=E3=81=AB=E5=85=A5=E3=82=89?= =?UTF-8?q?=E3=81=AA=E3=81=84=E6=99=82=E3=81=8C=E3=81=82=E3=82=8B=20(#9827?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: dateの初期値が正常に入らない時がある * feat: datettime-localをとれるように * chore: いらない差分を戻す --- packages/frontend/src/components/MkInput.vue | 2 +- packages/frontend/src/pages/admin/ads.vue | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/packages/frontend/src/components/MkInput.vue b/packages/frontend/src/components/MkInput.vue index 5c5151fce6..e3f68caa9b 100644 --- a/packages/frontend/src/components/MkInput.vue +++ b/packages/frontend/src/components/MkInput.vue @@ -42,7 +42,7 @@ import { i18n } from '@/i18n'; const props = defineProps<{ modelValue: string | number; - type?: 'text' | 'number' | 'password' | 'email' | 'url' | 'date' | 'time' | 'search'; + type?: 'text' | 'number' | 'password' | 'email' | 'url' | 'date' | 'time' | 'search' | 'datetime-local'; required?: boolean; readonly?: boolean; disabled?: boolean; diff --git a/packages/frontend/src/pages/admin/ads.vue b/packages/frontend/src/pages/admin/ads.vue index 5f711e3e4f..4d6f32f9a9 100644 --- a/packages/frontend/src/pages/admin/ads.vue +++ b/packages/frontend/src/pages/admin/ads.vue @@ -29,7 +29,7 @@ - + @@ -61,7 +61,12 @@ import { definePageMetadata } from '@/scripts/page-metadata'; let ads: any[] = $ref([]); os.api('admin/ad/list').then(adsResponse => { - ads = adsResponse; + ads = adsResponse.map(r => { + return { + ...r, + expiresAt: new Date(r.expiresAt).toISOString().slice(0, 16), + }; + }); }); function add() { From 70fe23a3ce8a37b9a848c2da80c0a84cf8f559bf Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 18:01:12 +0900 Subject: [PATCH 12/16] fix(client): validate url to improve security --- packages/frontend/src/pages/auth.vue | 2 ++ packages/frontend/src/pages/miauth.vue | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/frontend/src/pages/auth.vue b/packages/frontend/src/pages/auth.vue index bb55881a22..b7727ca30d 100644 --- a/packages/frontend/src/pages/auth.vue +++ b/packages/frontend/src/pages/auth.vue @@ -77,6 +77,8 @@ export default defineComponent({ accepted() { this.state = 'accepted'; if (this.session.app.callbackUrl) { + const url = new URL(this.session.app.callbackUrl); + if (['javascript:', 'file:', 'data:', 'mailto:', 'tel:'].includes(url.protocol)) throw new Error('invalid url'); location.href = `${this.session.app.callbackUrl}?token=${this.session.token}`; } }, onLogin(res) { diff --git a/packages/frontend/src/pages/miauth.vue b/packages/frontend/src/pages/miauth.vue index 3debaeeb61..9a4019e5b1 100644 --- a/packages/frontend/src/pages/miauth.vue +++ b/packages/frontend/src/pages/miauth.vue @@ -70,7 +70,7 @@ async function accept(): Promise { state = 'accepted'; if (props.callback) { const cbUrl = new URL(props.callback); - if (!['http:', 'https:'].includes(cbUrl.protocol)) throw new Error('invalid url'); + if (['javascript:', 'file:', 'data:', 'mailto:', 'tel:'].includes(cbUrl.protocol)) throw new Error('invalid url'); cbUrl.searchParams.set('session', props.session); location.href = cbUrl.href; } From 6a5bbd335b5c9c7a08c50afcc00a029ee58b5eeb Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 18:03:04 +0900 Subject: [PATCH 13/16] Update CHANGELOG.md --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7840e3cc5c..31d6c80fd8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,8 @@ You should also include the user name that made the change. - i/notificationsのレートリミットを緩和 ### Bugfixes -- +- fix(client): validate url to improve security +- fix(client): dateの初期値が正常に入らない時がある ## 13.5.3 (2023/02/09) From 6159cfd138471198206a64657dbe6a004ac822e3 Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 18:07:51 +0900 Subject: [PATCH 14/16] enhance(client): improve api error handling --- locales/ja-JP.yml | 2 ++ packages/frontend/src/os.ts | 3 +++ 2 files changed, 5 insertions(+) diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml index 8e8fddfb89..09069e7801 100644 --- a/locales/ja-JP.yml +++ b/locales/ja-JP.yml @@ -940,6 +940,8 @@ cannotPerformTemporaryDescription: "操作回数が制限を超過するため preset: "プリセット" selectFromPresets: "プリセットから選択" achievements: "実績" +gotInvalidResponseError: "サーバーの応答が無効です" +gotInvalidResponseErrorDescription: "サーバーがダウンまたはメンテナンスしている可能性があります。しばらくしてから再度お試しください。" _achievements: earnedAt: "獲得日時" diff --git a/packages/frontend/src/os.ts b/packages/frontend/src/os.ts index 01f8244060..52469b6d04 100644 --- a/packages/frontend/src/os.ts +++ b/packages/frontend/src/os.ts @@ -35,6 +35,9 @@ export const apiWithDialog = (( } else if (err.code.startsWith('TOO_MANY')) { title = i18n.ts.youCannotCreateAnymore; text = `${i18n.ts.error}: ${err.id}`; + } else if (err.message.startsWith('Unexpected token')) { + title = i18n.ts.gotInvalidResponseError; + text = i18n.ts.gotInvalidResponseErrorDescription; } alert({ type: 'error', From 0b269e79fd896dd9a9becbc370954eadc0b0f256 Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 18:11:11 +0900 Subject: [PATCH 15/16] =?UTF-8?q?i/notifications=E3=81=AE=E3=83=AC?= =?UTF-8?q?=E3=83=BC=E3=83=88=E3=83=AA=E3=83=9F=E3=83=83=E3=83=88=E3=82=92?= =?UTF-8?q?=E7=B7=A9=E5=92=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- packages/backend/src/server/api/endpoints/i/notifications.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/backend/src/server/api/endpoints/i/notifications.ts b/packages/backend/src/server/api/endpoints/i/notifications.ts index 09bd4cfc17..706e0d2089 100644 --- a/packages/backend/src/server/api/endpoints/i/notifications.ts +++ b/packages/backend/src/server/api/endpoints/i/notifications.ts @@ -16,7 +16,7 @@ export const meta = { limit: { duration: 30000, - max: 15, + max: 30, }, kind: 'read:notifications', From f9d1bc340ef3fecc79a091ef3249c61fe312147f Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 9 Feb 2023 18:11:48 +0900 Subject: [PATCH 16/16] 13.5.4 --- CHANGELOG.md | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 31d6c80fd8..c9bda35348 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ You should also include the user name that made the change. --> -## 13.x.x (unreleased) +## 13.5.4 (2023/02/09) ### Improvements - Server: UIのHTML(ノートなどの特別なページを除く)のキャッシュ時間を15秒から30秒に diff --git a/package.json b/package.json index cbf67dc0da..da23fab135 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "misskey", - "version": "13.5.3", + "version": "13.5.4", "codename": "nasubi", "repository": { "type": "git",