Commit graph

356 commits

Author SHA1 Message Date
Johann150 78df3dc484
enhance: improve documentation for /users/ endpoints (#8790)
* docs: category & description for reset password

* docs: category & description for testing

* docs: descriptions for groups endpoints

* docs: descriptions for drive file endpoints

* docs: descriptions for sw endpoints

* docs: descriptions for user list endpoints

* docs: descriptions & result type for gallery posts

* docs: descriptions & result type for user endpoints

* docs: add return type for stats
2022-06-10 14:25:20 +09:00
Johann150 0fa2a52fac
refactor: use awaitAll to reduce duplication (#8791)
* refactor: use awaitAll to reduce duplication

* fix lint

* fix typo
2022-06-08 17:59:48 +09:00
syuilo d17298d3b5 fix(test): make chart tests working 2022-06-05 20:37:24 +09:00
syuilo 09b749eb97 Update .mocharc.json 2022-06-05 19:46:52 +09:00
syuilo 89419c05b2 use node 16 2022-06-04 17:26:56 +09:00
syuilo abcd5bc951 update summaly 2022-06-04 17:24:41 +09:00
syuilo 11afdf7e24 fix bug 2022-06-04 15:15:44 +09:00
syuilo 702edfd3d3 fix test 2022-06-04 14:25:30 +09:00
Johann150 32dff28460
fix: add id for activitypub follows (#8689)
* add id for activitypub follows

* fix lint

* fix: follower must be local, followee must be remote

Misskey will only use ActivityPub follow requests for users that are local
and are requesting to follow a remote user. This check is to ensure that
this endpoint can not be used by other services or instances.

* fix: missing import

* render block with id

* fix comment
2022-06-04 13:52:42 +09:00
Johann150 9954c054a7
fix: ensure resolver does not fetch local resources via HTTP(S) (#8733)
* refactor: parseUri types and checks

The type has been refined to better represent what it actually is. Uses of
parseUri are now also checking the parsed object type before resolving.

* cannot resolve URLs with fragments

* also take remaining part of URL into account

Needed for parsing the follows URIs.

* Resolver uses DbResolver for local

* remove unnecessary use of DbResolver

Using DbResolver would mean that the URL is parsed and handled again.
This duplicated processing can be avoided by querying the database directly.

* fix missing property name
2022-06-04 11:29:20 +09:00
Johann150 81109b14b5
fix: correctly render empty note text (#8746)
Ensure that the _misskey_content attribute will always exist. Because
the API endpoint does not require the existence of the `text` field,
that field may be `undefined`. By using `?? null` it can be ensured
that the value is at least `null`.

Furthermore, the rendered HTML of a note with empty text will also be
the empty string. From git blame it seems that this behaviour was added
because of a Mastodon bug that might have previously existed. Hoever,
this seems to be no longer the case as I can find mastodon posts that
have empty content.

The code could be made a bit more succinct by using the null coercion
operator.
2022-06-03 23:18:44 +09:00
PikaDude 6061937996
User moderation details (#8762)
* add more user details for admins to see

* fix some issues

* small style fix

as suggested by Johann150

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

* fix

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
2022-06-03 23:14:50 +09:00
syuilo 71c230b7b7 Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop 2022-06-03 23:08:18 +09:00
syuilo a3fed7d0fb fix(test): reset redis in e2e test
#7986
2022-06-03 23:08:15 +09:00
Johann150 025bf4a5e7
fix(mfm): remove duplicate br tag/newline (#8616) 2022-05-31 18:57:55 +09:00
Johann150 c56e45ecef
fix: always remove completed tasks (#8771) 2022-05-31 17:54:02 +09:00
MeiMei c05723ca6a
Fix IP address rate limit (#8758)
* Fix IP address rate limit

* CHANGELOG

* Tune getIpHash
2022-05-31 17:44:22 +09:00
Johann150 ebc2566130
fix: add missing import
fix #8756
2022-05-29 14:33:42 +02:00
Johann150 804fa33535
refactor: improve code quality (#8751)
* remove unnecessary if

`Array.prototype.some` already returns a boolean so an if to return
true or false is completely unnecessary in this case.

* perf: use count instead of find

When using `count` instead of `findOneBy`, the data is not
unnecessarily loaded.

* remove duplicate null check

The variable is checked for null in the lines above and the function
returns if so. Therefore, it can not be null at this point.

* simplify `getJsonSchema`

Because the assigned value is `null` and the used keys are only
shallow, use of `nestedProperty.set` seems inappropriate. Because the
value is not read, the initial for loop can be replaced by a `for..in`
loop.

Since all keys will be assigned `null`, the condition of the ternary
expression in the nested function will always be true. Therefore the
recursion case will never happen. With this the nested function can be
eliminated.

* remove duplicate condition

The code above already checks `dragging` and returns if it is truthy.
Checking it again later is therefore unnecessary.

To make this more obvious the `return` is removed in favour of using
an if...else construct.

* remove impossible "unknown" time

The `ago` variable will always be a number and all non-negative numbers
are already covered by other cases, the negative case is handled with
`future` so there is no case when `unkown` could be achieved.
2022-05-29 15:15:52 +09:00
tamaina f1d2398eac
fix(client): Vite related boot mechanism revision (#8753)
* preload app css

* remove salt

* APP_FETCH_FAILED error

* set max-age to 15s
2022-05-29 10:58:54 +09:00
tamaina 4917961736
preload app css (#8752) 2022-05-29 10:57:06 +09:00
Johann150 e54aa56ee1
chore: remove unused imports 2022-05-28 21:17:23 +02:00
Johann150 21d54f2758
fix: validate text is not empty
fix #8747
2022-05-28 17:26:17 +02:00
Johann150 161659de5c
enhance: replace signin CAPTCHA with rate limit (#8740)
* enhance: rate limit works without signed in user

* fix: make limit key required for limiter

As before the fallback limiter key will be set from the endpoint name.

* enhance: use limiter for signin

* Revert "CAPTCHA求めるのは2fa認証が無効になっているときだけにした"

This reverts commit 02a43a310f.

* Revert "feat: make captcha required when signin to improve security"

This reverts commit b21b058005.

* fix undefined reference

* fix: better error message

* enhance: only handle prefix of IPv6
2022-05-28 12:06:47 +09:00
Johann150 63a814c70e
fix(docs): correct information for drive upload (#8736) 2022-05-27 22:03:25 +09:00
Johann150 9c80403072
use http-signature module that supports hs2019 (#8635) 2022-05-26 09:12:17 +09:00
syuilo b3ad04fcb0 update deps 2022-05-25 23:28:56 +09:00
syuilo 3c3140a100 refactor: use === 2022-05-25 23:19:39 +09:00
Johann150 8d5c9e96e4
fix: assume remote users are following each other (#8734)
Misskey does not know if two remote users are following each other.
Because ActivityPub actions would otherwise fail on followers only
notes, we have to assume that two remote users are following each other
when an interaction about a remote note occurs.
2022-05-25 23:17:00 +09:00
Johann150 e27c6abaea
refactor: temporary files (#8713)
* simplify temporary files for thumbnails

Because only a single file will be written to the directory, creating a
separate directory seems unnecessary. If only a temporary file is created,
the code from `createTemp` can be reused here as well.

* refactor: deduplicate code for temporary files/directories

To follow the DRY principle, the same code should not be duplicated
across different files. Instead an already existing function is used.

Because temporary directories are also create in multiple locations,
a function for this is also newly added to reduce duplication.

* fix: clean up identicon temp files

The temporary files for identicons are not reused and can be deleted
after they are fully read. This condition is met when the stream is closed
and so the file can be cleaned up using the events API of the stream.

* fix: ensure cleanup is called when download fails

* fix: ensure cleanup is called in error conditions

This covers import/export queue jobs and is mostly just wrapping all
code in a try...finally statement where the finally runs the cleanup.

* fix: use correct type instead of `any`
2022-05-25 16:50:22 +09:00
MeiMei 6b44fe165b
Supports Unicode Emoji 14.0 (#8699)
* Unicode 14.0 Emoji

* mfm-js@0.22.0

* CHANGELOG

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-05-25 16:35:30 +09:00
Johann150 6b109c7b0f
fix: wrong type for isVisibleForMe 2022-05-24 10:12:42 +02:00
syuilo 53fc1235d7 Update .mocharc.json 2022-05-21 22:24:57 +09:00
syuilo b8544814ec lint 2022-05-21 22:21:41 +09:00
syuilo 05c4d6b11e refactor 2022-05-21 22:07:11 +09:00
syuilo 425084b596 Update utils.ts 2022-05-21 22:07:01 +09:00
syuilo 2205c61edf Update utils.ts 2022-05-21 17:40:43 +09:00
Johann150 68f9341e95
hotfix: uniform color migration fix 2022-05-19 15:42:55 +02:00
Johann150 edfded7fb7
fix(activitypub): add authorization checks (#8534)
* fix spelling

* fix(activitypub): add authorization checks
2022-05-19 20:40:16 +09:00
Johann150 aaf5bb62ab
enhance: uniform theme color (#8702)
* enhance: make theme color format uniform

All newly fetched instance theme colors will be uniformely formatted
as hashtag followed by 6 hexadecimal digits.

Colors are checked for validity and invalid colors are not handled.

* better input validation for own theme color

* migration to unify theme color formats

Fixes theme colors of other instances as well as the local instance.

* add changelog entry

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2022-05-19 09:54:45 +02:00
MeiMei 55a578a8df
fix: Unable to generate video thumbnails (#8696)
* fix: Unable to generate video thumbnails

* CHANGELOG
2022-05-19 16:19:23 +09:00
syuilo 4fc2058745 chore(client): tweak loading spinner design 2022-05-19 15:24:35 +09:00
dependabot[bot] 13b275773b
chore(deps): bump async from 3.2.0 to 3.2.3 in /packages/backend (#8706)
Bumps [async](https://github.com/caolan/async) from 3.2.0 to 3.2.3.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](https://github.com/caolan/async/compare/v3.2.0...v3.2.3)

---
updated-dependencies:
- dependency-name: async
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 11:49:59 +09:00
MeiMei b6794b614b
enhance: Perform port diagnosis at startup only when Listen fails (#8698)
* Change port check

* Comment: disableClustering

* CHANGELOG

* Smart message
2022-05-19 11:49:07 +09:00
Johann150 037ca92275
fix: postgres type error
Fix a bug introduced in #8659. Solution was already tested there.
2022-05-15 11:32:00 +02:00
syuilo 02a43a310f CAPTCHA求めるのは2fa認証が無効になっているときだけにした
2faのトークンは期限付きだから、CAPTCHA解いてる間に期限切れになる
2022-05-15 16:47:14 +09:00
syuilo b21b058005 feat: make captcha required when signin to improve security 2022-05-15 12:18:46 +09:00
syuilo 6de40cf789 fix(server): prevent crash when processing certain PNGs
Fix #8605
2022-05-15 01:16:12 +09:00
iwata 67e1ee41c9
test: Nodeのカスタムローダーを直してテストが動くように (#8625)
* test: Nodeのカスタムローダーを直してテストが動くように

* dev: mochaを呼ぶコマンドにNODE_ENV=testを追加

* Update packages/backend/test/loader.js

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>

* chore: change export style in loader.js

Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
2022-05-14 16:10:20 +09:00
iwata ebb4308a5c
test: __dirnameはESModuleでは使えないので置き換えた (#8626) 2022-05-14 16:09:47 +09:00