Commit graph

3518 commits

Author SHA1 Message Date
syuilo
d6ae4c980b feat(frontend): タイトルバーを表示できるように 2025-04-29 09:43:15 +09:00
Julia
d10fdfe973
Merge commit from fork
* SP-2025-03.1 always wrap icon&thumbnail URLs

if they're not HTTP URLs, the frontend won't be able to display them
anyway (`<img src="mailto:…">` or '<div stile="background-image:
url(nntp:…)">` aren't going to work!), so let's always run them through the
media proxy, which will fail harder (fetching a `javascript:` URL
won't do anything in the backend, might do something in the frontend)
and will always protect the client's address in cases like `gemini:`
where the browser could try to fetch

* SP-2025-03.2 use object binding for more styles

interpolating a random (remote-controlled!) string into a `style`
attribute is a bad idea; using VueJS object binding, we should get
proper quoting and therefore safe parse failures instead of CSS
injections / XSS

* SP-2025-03.3 slightly more robust "self" URL handling

parse URLs instead of treating them as strings; this is still not
perfect, but the `URL` class only handles full URLs, not relative
ones, so there's so way to ask it "give me a URL object that
represents this resource relative to this base URL"

notice that passing very weird URLs to `MkUrl` and `MkUrlPreview` will
break the frontend (in dev mode) because there's an untrapped `new
URL(…)` that may explode; production builds seem to safely ignore the
error, though

---------

Co-authored-by: dakkar <dakkar@thenautilus.net>
2025-04-29 08:15:54 +09:00
おさむのひと
7e8cc4d7c0
fix: 添付ファイルのあるリクエストを受けたときの初動を改善 (#15896)
* wip

* ロールポリシーの値も参照するように

* エンドポイントのテストを追加

* fix review

* add spdx

* fix CHANGELOG.md

* fix test

* regenerate

* add log

* Revert "add log"

This reverts commit 4b2bf59a609b85ca0bfcc9b71438db782f11983d.

* add log

* fix

* Revert "add log"

This reverts commit c5a73d57da0f30ec5215e08a8b4d78785cce48d1.
2025-04-29 08:15:09 +09:00
dakkar
4981e5ba36 Merge branch 'develop' into merge/2025-03-24 2025-04-28 15:31:28 +01:00
zyoshoka
aaa31c9d64
fix(backend): correct response schema of chat endpoints (#15904) 2025-04-28 18:58:08 +09:00
anatawa12
ec92bf47f1
Exclude blocked instance note from most timelines (#15792)
* Exclude blocked instance note from most timelines

* Exclude blocked instance note from FTT timelines

* Exclude blocked instance note from featured

* fix type
2025-04-28 07:21:00 +09:00
Julia Johannesen
ac905118cc
Merge branch 'stable' into merge-stable-into-develop 2025-04-27 16:19:44 -04:00
Julia Johannesen
35df3944c1
Update summaly 2025-04-27 13:31:27 -04:00
Julia Johannesen
0bb4e57b0c
Security fixes
Co-Authored-By: dakkar <dakkar@thenautilus.net>
2025-04-27 13:05:09 -04:00
syuilo
9481b5a6e8 feat: アップロード可能な最大ファイルサイズをロールごとに設定可能に 2025-04-27 09:35:44 +09:00
なっかあ
de073d6d69
Fix #15876 絵文字がアニメーションしない問題を修正 (#15881) 2025-04-27 09:16:41 +09:00
Hazelnoot
335603f073 fix null checks for background in UserEntityService.ts 2025-04-24 15:07:26 -04:00
Marie
e6888131b7 baseQueueOptions > baseWorkerOptions 2025-04-24 18:57:32 +00:00
Hazelnoot
cdf9921f2c fix build errors in ApRendererService.ts 2025-04-24 14:55:18 -04:00
Hazelnoot
a4dd19fdd4 merge upstream again 2025-04-24 14:23:45 -04:00
Hazelnoot
ac894986f9 Merge branch 'develop' into merge/2025-03-24
# Conflicts:
#	CONTRIBUTING.md
#	packages/backend/src/core/activitypub/models/ApPersonService.ts
2025-04-24 13:07:41 -04:00
饺子w (Yumechi)
7a41cfe28b
enhance(backend): DB note (userId) インデクス -> (userId, id) 複合インデクスにする (#15879)
* enhance(backend): use composite index for ordering notes by user

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

* fixup! enhance(backend): use composite index for ordering notes by user

---------

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
2025-04-23 14:29:42 +09:00
dakkar
fda71c4147 make toPuny work better in testing 2025-04-21 16:44:13 +01:00
dakkar
58c0ac6c89 check signatures with and without query - fix #1036
@Oneric explained:

> Spec says query params must be included in the signature; Mastodon
> being Mastodon used to always exclude it though and for
> compatibility everyone followed this. At some point GtS decided to
> follow spec instead which caused interop issues, but succeeded in
> getting Mastodon (and others like *oma) to accept incoming requests
> with (and also still without) query params though outgoing requests
> remaing query-param-free. Some still only accept query-param-less
> requests though and GtS uses a retry mechanism to resend any request
> failing with 401 with an query-parama-less signature once. (Also
> see:
> https://docs.gotosocial.org/en/latest/federation/http_signatures/ )
>
> So for incoming requests both versions need to be checked. For
> outgoing requests, unless you want to jump through retry hoops like
> GtS, omitting query-params is the safer bet for now (presumably this
> will only change if Mastodon ever decides to send out requests
> signed with query params)
2025-04-21 16:44:13 +01:00
piuvas
6df82f4eef
remove redundant sql query. 2025-04-20 23:21:50 -03:00
piuvas
06fb6fbeca
requested changes. 2025-04-20 23:20:59 -03:00
piuvas
8609426e71
remove fortnite. 2025-04-20 14:21:44 -03:00
piuvas
46fa99fc28
requested changes to verifyFieldLinks
Co-authored-by: dakkar <dakkar@thenautilus.net>
2025-04-20 12:34:00 -03:00
piuvas
1d9876d3fa
make link detection slightly more performant. 2025-04-19 23:20:21 -03:00
piuvas
8a60c7df02
verify links in remote profiles. 2025-04-19 23:10:27 -03:00
piuvas
6a77512737
refactor link verification. 2025-04-19 23:04:48 -03:00
syuilo
7b38806413
feat: Job queue inspector (#15856)
* wip

* wip

* Update job-queue.vue

* wip

* wip

* Update job-queue.vue

* wip

* Update job-queue.vue

* wip

* Update QueueService.ts

* Update QueueService.ts

* Update QueueService.ts

* Update job-queue.vue

* wip

* wip

* wip

* Update job-queue.vue

* wip

* Update MkTl.vue

* wip

* Update index.vue

* wip

* wip

* Update MkTl.vue

* 🎨

* jobs search

* wip

* Update job-queue.vue

* wip

* wip

* Update job-queue.vue

* Update job-queue.vue

* Update job-queue.vue

* Update job-queue.vue

* wip

* Update job-queue.job.vue

* wip

* wip

* wip

* Update MkCode.vue

* wip

* Update job-queue.job.vue

* wip

* Update job-queue.job.vue

* Update misskey-js.api.md

* Update CHANGELOG.md

* Update job-queue.job.vue
2025-04-19 14:00:38 +09:00
syuilo
eda2f587a3 enhance: コントロールパネルでジョブキューをクリアできるように 2025-04-16 16:47:03 +09:00
anatawa12
4bd23c4c8c
feat: migrate antenna on account move (#15843)
* feat: migrate antenna on account move

* docs(changelog): アカウントの移行時にアンテナのフィルターのユーザが更新されない問題を修正

* refactor: move to AntennaService
2025-04-16 09:49:27 +09:00
Marie
28ad2ae534 fix: friendlycaptcha always failing 2025-04-15 20:13:16 +00:00
syuilo
fc6037af46 enhance(backend): push notification for chat message
Resolve #15831
2025-04-15 18:27:45 +09:00
Marie
4f64803ef2 merge: make MOTD html unescaped. (requires discussion?) (!759)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/759

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
2025-04-15 07:45:51 +00:00
anatawa12
b2e3e65896
fix: use ftt for outbox (#15819)
* fix: use ftt for outbox

* chore: check for enableFanoutTimeline

* lint: fix lint
2025-04-15 16:15:27 +09:00
anatawa12
f454e820bd
feat: render quote note with quote-inline class for ap compatibility (#15818) 2025-04-15 16:14:52 +09:00
anatawa12
d5fe6e36ae
fix: avatarId が null のときにも avatarUrl が non null 担ってることがある問題 (#15833) 2025-04-15 16:10:17 +09:00
dakkar
d3baf735e6 allow / in objectStoragePrefix 2025-04-14 14:56:02 +01:00
Hazelnoot
d1682ee7cc relax rate limit on /users endpoint 2025-04-13 19:56:43 -04:00
Hazelnoot
8957cd9f3e Make NoteEdit entity match the database schema 2025-04-13 19:19:49 -04:00
Hazelnoot
353728929e restore poll and myReaction for packed notes 2025-04-13 19:05:16 -04:00
Hazelnoot
bfcb877bc4 map sentryForFrontend config from env variables 2025-04-13 19:04:57 -04:00
Hazelnoot
4ae96e48db remove unnecessary comment 2025-04-13 18:51:00 -04:00
Hazelnoot
91fb75dece Merge branch 'develop' into merge/2025-03-24 2025-04-13 13:07:24 -04:00
Hazelnoot
7132696285 Merge tag '2025.4.0' into merge/2025-03-24
# Conflicts:
#	.github/workflows/storybook.yml
#	locales/index.d.ts
#	package.json
#	packages/backend/src/models/json-schema/role.ts
#	packages/frontend/src/components/MkPageWindow.vue
#	packages/frontend/src/pages/admin/roles.editor.vue
#	packages/frontend/src/pages/admin/roles.vue
#	packages/frontend/src/pages/settings/preferences.vue
#	packages/frontend/src/pages/settings/privacy.vue
#	packages/frontend/src/pages/timeline.vue
#	packages/frontend/src/pref-migrate.ts
#	packages/frontend/src/ui/_common_/common.vue
#	packages/frontend/src/ui/deck.vue
#	packages/frontend/src/ui/universal.vue
#	packages/misskey-js/src/autogen/types.ts
2025-04-13 13:07:09 -04:00
おさむのひと
0d4feed6d3
enhance(backend): フォローしているユーザーならフォロワー限定投稿のノートでもアンテナで検知できるように (#15264)
* フォローしているユーザーなら鍵ノートでもアンテナにひっかかるように

Co-authored-by: kozakura913 <98575220+kozakura913@users.noreply.github.com>
Co-authored-by: mai <74494945+chan-mai@users.noreply.github.com>

* Eliminate build errors by resolving conflicts

* 低コストな判定文を前にもってきて重い判定文に入る可能性を少しでも下げる

* fix CHANGELOG.md

* fix CHANGELOG.md

* fix diff

* removed comment

* fix CHANGELOG.md

---------

Co-authored-by: kozakura913 <98575220+kozakura913@users.noreply.github.com>
Co-authored-by: mai <74494945+chan-mai@users.noreply.github.com>
Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>
2025-04-13 20:48:18 +09:00
おさむのひと
1f0621b085
レプリケーション設定時におけるinsertOne()の挙動を調整 (#15109)
* returningを含むクエリをmasterで動かす

* wip

* wip

* fix CHANGELOG.md

* 調整

* fix

* fix import
2025-04-13 20:44:44 +09:00
anatawa12
4c473eb76d
fix: resolve with non-lowercased acct is broken (#15813)
* fix: resolve with non-lowercased acct is broken

* docs(changelog): Fix: 大文字を含むユーザの URL で紹介された場合に 404 エラーを返す問題
2025-04-13 18:34:33 +09:00
かっこかり
8edf1bc208
fix(backend): サーバー名の変更をシステムアカウントの名前に反映するように (#15806)
* fix(backend): サーバー名の変更をシステムアカウントの名前に反映するように

* Update Changelog
2025-04-13 16:21:18 +09:00
Zlendy
ce26d8d3cb
feat: Allow injection of raw HTML strings inside <head> 2025-04-11 22:56:26 +02:00
syuilo
c500e4392a hideNotesInSensitiveChannel -> excludeNotesInSensitiveChannel 2025-04-08 20:50:38 +09:00
かっこかり
9d3f3264fd
enhance: チャットの閲覧を無効化できるように (#15765)
* enhance: チャットの閲覧を無効化できるように

* fix

* fix

* fix

* readonlyの説明を追加

* enhance: チャットが無効な場合はチャット関連の設定も隠すように

* fix

* refactor: ChatServiceからApiに関するドメイン知識を排除
2025-04-07 19:09:11 +09:00