Merge branch 'develop' into merge/2025-03-24

# Conflicts:
#	CONTRIBUTING.md
#	packages/backend/src/core/activitypub/models/ApPersonService.ts

CONTRIBUTING.md

@@ -683,6 +683,7 @@ seems to do a decent job)
     * from `packages/backend/src/queue/processors/InboxProcessorService.ts` to `packages/backend/src/core/UpdateInstanceQueue.ts`, where `updateInstanceQueue` is impacted
     * from `.config/example.yml` to `.config/ci.yml` and `chart/files/default.yml`
     * in `packages/backend/src/core/MfmService.ts`, from `toHtml` to `toMastoApiHtml`
+    * from `verifyLink` in `packages/backend/src/core/activitypub/models/ApPersonService.ts` to `verifyFieldLinks` in `packages/backend/src/misc/verify-field-link.ts` (if sensible)
 * if there have been any changes to the federated user data (the `renderPerson` function in `packages/backend/src/core/activitypub/ApRendererService.ts`), make sure that the set of fields in `userNeedsPublishing` and `profileNeedsPublishing` in `packages/backend/src/server/api/endpoints/i/update.ts` are still correct.
 * check the changes against our `develop` (`git diff develop`) and against Misskey (`git diff misskey/develop`)
 * re-generate `misskey-js` (`pnpm build-misskey-js-with-types`) and commit

README.md

@@ -25,7 +25,7 @@
 
 <div>
 
-<a href="https://joinsharkey.org/"><img src="https://cdn.shonk.social/files/b671c81c-58cf-4f13-bc96-af0b0c96c667.webp" align="right" height="520px"/></a>
+<a href="https://joinsharkey.org/"><img src="assets/sharkey.webp" align="right" height="520px"/></a>
 
 ## ✨ Features
 - **ActivityPub support**\

packages/backend/src/core/CaptchaService.ts

@@ -375,7 +375,7 @@ export class CaptchaService {
 					throw new CaptchaError(captchaErrorCodes.invalidParameters, 'frc-failed: secret and captureResult are required');
 				}
 
-				await this.verifyFriendlyCaptcha(params.captchaResult, params.captchaResult);
+				await this.verifyFriendlyCaptcha(params.secret, params.captchaResult);
 				await this.updateMeta(provider, params);
 			},
 		}[provider];

packages/backend/src/core/activitypub/models/ApPersonService.ts

@@ -42,6 +42,8 @@ import type { AccountMoveService } from '@/core/AccountMoveService.js';
 import { ApUtilityService } from '@/core/activitypub/ApUtilityService.js';
 import { AppLockService } from '@/core/AppLockService.js';
 import { MemoryKVCache } from '@/misc/cache.js';
+import { HttpRequestService } from '@/core/HttpRequestService.js';
+import { verifyFieldLinks } from '@/misc/verify-field-link.js';
 import { getApId, getApType, isActor, isCollection, isCollectionOrOrderedCollection, isPropertyValue } from '../type.js';
 import { extractApHashtags } from './tag.js';
 import type { OnModuleInit } from '@nestjs/common';
@@ -113,6 +115,7 @@ export class ApPersonService implements OnModuleInit, OnApplicationShutdown {
 
 		private roleService: RoleService,
 		private readonly apUtilityService: ApUtilityService,
+		private readonly httpRequestService: HttpRequestService,
 		private readonly appLockService: AppLockService,
 	) {
 	}
@@ -370,6 +373,8 @@ export class ApPersonService implements OnModuleInit, OnApplicationShutdown {
 
 		const url = this.apUtilityService.findBestObjectUrl(person);
 
+		const verifiedLinks = url ? await verifyFieldLinks(fields, url, this.httpRequestService) : [];
+
 		// Create user
 		let user: MiRemoteUser | null = null;
 		let publicKey: MiUserPublickey | null = null;
@@ -444,6 +449,7 @@ export class ApPersonService implements OnModuleInit, OnApplicationShutdown {
 					followedMessage: person._misskey_followedMessage != null ? truncate(person._misskey_followedMessage, 256) : null,
 					url,
 					fields,
+					verifiedLinks,
 					followingVisibility,
 					followersVisibility,
 					birthday: bday?.[0] ?? null,
@@ -587,6 +593,8 @@ export class ApPersonService implements OnModuleInit, OnApplicationShutdown {
 
 		const url = this.apUtilityService.findBestObjectUrl(person);
 
+		const verifiedLinks = url ? await verifyFieldLinks(fields, url, this.httpRequestService) : [];
+
 		const updates = {
 			lastFetchedAt: new Date(),
 			inbox: person.inbox,
@@ -671,6 +679,7 @@ export class ApPersonService implements OnModuleInit, OnApplicationShutdown {
 		await this.userProfilesRepository.update({ userId: exist.id }, {
 			url,
 			fields,
+			verifiedLinks,
 			description: _description,
 			followedMessage: person._misskey_followedMessage != null ? truncate(person._misskey_followedMessage, 256) : null,
 			followingVisibility,

packages/backend/src/misc/verify-field-link.ts

@@ -0,0 +1,34 @@
+/*
+* SPDX-FileCopyrightText: piuvas and other Sharkey contributors
+* SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+import { JSDOM } from 'jsdom';
+import type { HttpRequestService } from '@/core/HttpRequestService.js';
+
+type Field = { name: string, value: string };
+
+export async function verifyFieldLinks(fields: Field[], profile_url: string, httpRequestService: HttpRequestService): Promise<string[]> {
+	const verified_links = [];
+	for (const field_url of fields
+		.filter(x => URL.canParse(x.value) && ['http:', 'https:'].includes((new URL(x.value).protocol)))) {
+		try {
+			const html = await httpRequestService.getHtml(field_url.value);
+
+			const { window } = new JSDOM(html);
+			const doc: Document = window.document;
+
+			const aEls = Array.from(doc.getElementsByTagName('a'));
+			const linkEls = Array.from(doc.getElementsByTagName('link'));
+
+			const includesProfileLinks = [...aEls, ...linkEls].some(link => link.rel === 'me' && link.href === profile_url);
+			if (includesProfileLinks) { verified_links.push(field_url.value); }
+
+			window.close();
+		} catch (err) {
+			// don't do anything.
+			continue;
+		}
+	}
+	return verified_links;
+}

packages/backend/src/server/api/endpoints/i/update.ts

@@ -31,6 +31,7 @@ import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.j
 import { HttpRequestService } from '@/core/HttpRequestService.js';
 import type { Config } from '@/config.js';
 import { safeForSql } from '@/misc/safe-for-sql.js';
+import { verifyFieldLinks } from '@/misc/verify-field-link.js';
 import { AvatarDecorationService } from '@/core/AvatarDecorationService.js';
 import { notificationRecieveConfig } from '@/models/json-schema/user.js';
 import { userUnsignedFetchOptions } from '@/const.js';
@@ -587,9 +588,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				this.globalEventService.publishInternalEvent('localUserUpdated', { id: user.id });
 			}
 
+			const verified_links = await verifyFieldLinks(newFields, `${this.config.url}/@${user.username}`, this.httpRequestService);
+
 			await this.userProfilesRepository.update(user.id, {
 				...profileUpdates,
-				verifiedLinks: [],
+				verifiedLinks: verified_links,
 			});
 
 			const iObj = await this.userEntityService.pack(user.id, user, {
@@ -614,15 +617,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				this.accountUpdateService.publishToFollowers(user.id);
 			}
 
-			const urls = updatedProfile.fields.filter(x => x.value.startsWith('https://'));
-			for (const url of urls) {
-				this.verifyLink(url.value, user);
-			}
-
 			return iObj;
 		});
 	}
 
+	// this function is superseded by '@/misc/verify-field-link.ts'
 	private async verifyLink(url: string, user: MiLocalUser) {
 		if (!safeForSql(url)) return;
 

packages/backend/src/server/web/views/base.pug

@@ -97,7 +97,7 @@ html
 			img#splashIcon(src= icon || '/static-assets/splash.png')
 			span#splashText
 				block randomMOTD
-					= randomMOTD
+					!= randomMOTD
 			div#splashSpinner
 				<svg class="spinner bg" viewBox="0 0 152 152" xmlns="http://www.w3.org/2000/svg">
 					<g transform="matrix(1,0,0,1,12,12)">