Commit graph

3678 commits

Author SHA1 Message Date
Marie
28ad2ae534 fix: friendlycaptcha always failing 2025-04-15 20:13:16 +00:00
Marie
4f64803ef2 merge: make MOTD html unescaped. (requires discussion?) (!759)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/759

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
2025-04-15 07:45:51 +00:00
Zlendy
ce26d8d3cb
feat: Allow injection of raw HTML strings inside <head> 2025-04-11 22:56:26 +02:00
Marie
865a9c4906 merge: Prevent streaming API denial-of-service (resolves #1019) (!951)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/951

Closes #1019

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
2025-03-30 10:40:56 +00:00
dakkar
3a6bba3306 merge: Remove visibility of DMs for non-recipient users (!912)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/912

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
2025-03-30 09:20:54 +00:00
Hazelnoot
922a7ba1d4 track the number of concurrent requests to redis, and bypass if the request is guaranteed to reject 2025-03-29 09:47:05 -04:00
Hazelnoot
47ea8527fd fix wsmessage rate limit definition 2025-03-29 09:44:38 -04:00
Hazelnoot
fafb811333 increase limits on WS note subscriptions and cached notes 2025-03-28 11:44:29 -04:00
Hazelnoot
86e34175d3 SkRateLimiterService revision 3: cache lockouts in memory to avoid redis calls 2025-03-28 11:43:30 -04:00
Hazelnoot
c41d617e63 limit the number of active connections per client, and limit upgrade requests by user 2025-03-28 11:03:31 -04:00
Hazelnoot
eff7321860 avoid duplicate channels in WS connection 2025-03-28 11:03:31 -04:00
Hazelnoot
14a7309cfb avoid leaking cached notes in WS connection 2025-03-28 11:03:31 -04:00
Hazelnoot
045ff5d2c0 make sure that note subscriptions can't stay above limit 2025-03-28 11:03:31 -04:00
Hazelnoot
b8fd9d0bc0 clear subscriptions when connection closes 2025-03-28 11:03:31 -04:00
Hazelnoot
831329499d limit the number of note subscriptions per connection 2025-03-28 11:03:31 -04:00
Hazelnoot
bf1c9b67d6 close websocket when rate limit exceeded 2025-03-28 11:03:31 -04:00
Hazelnoot
18655386f3 convert streaming rate limit to bucket 2025-03-28 11:03:31 -04:00
dakkar
920bf71eb5 merge: More Mastodon API fixes (resolves #405, #471, and #984) (!954)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/954

Closes #405, #471, and #984

Approved-by: Marie <github@yuugi.dev>
Approved-by: dakkar <dakkar@thenautilus.net>
2025-03-28 12:45:54 +00:00
Hazelnoot
848a07a170 Ignore notifications that reference missing notes 2025-03-27 20:30:04 -04:00
Hazelnoot
a92416904f use exclusive ranges in api/i/notifications and /api/v1/notifications 2025-03-27 20:20:42 -04:00
Hazelnoot
58cdee77d5 convert notification types in mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot
8a9979b3d3 don't render CW as HTML for mastodon 2025-03-27 19:51:43 -04:00
Hazelnoot
ebc3abea54 hide sensitive content from Discord previews 2025-03-27 19:51:43 -04:00
Hazelnoot
36dee5ff20 render profile bios in masto API 2025-03-27 19:51:43 -04:00
Hazelnoot
81f7346f80 fixes to CW and quote conversion for mastodon 2025-03-27 19:51:43 -04:00
Hazelnoot
1fa290c3eb handle errors in mastodon search endpoints 2025-03-27 19:51:43 -04:00
Hazelnoot
971bc6fd3e improve mastodon API error handling 2025-03-27 19:51:43 -04:00
Hazelnoot
a81a00e94d rename MastodonConverters.ts to matching naming scheme 2025-03-27 19:51:43 -04:00
Hazelnoot
4754942301 add additional required CORS headers for masto-api requests 2025-03-27 19:51:43 -04:00
Hazelnoot
984be9e7aa enable local timeline in Phanpy clients 2025-03-27 19:51:43 -04:00
Hazelnoot
3c54680860 support reactions in mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot
fbdee815da remove unused async from toMastoApiHtml / fromMastoApiHtml 2025-03-27 19:51:43 -04:00
Hazelnoot
8d67a8c9ae don't log query parameters from mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot
fc1d0c958c support Mastodon v4 "link header" pagination 2025-03-27 19:51:43 -04:00
Hazelnoot
3d8930f070 implement /api/v1/favourites 2025-03-27 19:51:43 -04:00
Hazelnoot
cac8377e4e fix empty response from /api/v1/notifications 2025-03-27 19:51:43 -04:00
Hazelnoot
178fe16f68 fix empty response from /api/v1/blocks 2025-03-27 19:51:43 -04:00
Hazelnoot
c69f7b87f0 fix empty response from /api/v1/mutes 2025-03-27 19:51:43 -04:00
Hazelnoot
2b03f51315 don't return httpStatusCode in mastodon errors 2025-03-27 19:51:43 -04:00
Hazelnoot
f00a0fee45 minor fixes to /v1/accounts/verify_credentials 2025-03-27 19:51:42 -04:00
Hazelnoot
de26ffd60b improve performance of /v1/accounts/relationships 2025-03-27 19:51:42 -04:00
Hazelnoot
f5be341acc normalize mastodon API query parameters to strip [] suffix 2025-03-27 19:51:42 -04:00
Hazelnoot
8b0555cab8 fix /api/v1/instance response 2025-03-27 19:51:42 -04:00
Hazelnoot
4a1dd7165e normalize mastodon BAD_REQUEST errors 2025-03-27 19:51:42 -04:00
Hazelnoot
67e57ab50a fix several mastodon converters 2025-03-27 19:51:42 -04:00
Hazelnoot
75b6c63f44 remove unused megalodon components 2025-03-27 19:51:42 -04:00
Hazelnoot
cb9079208a format mastodon API endpoints 2025-03-27 19:51:42 -04:00
Hazelnoot
da25595ba3 de-duplicate mastodon API logging 2025-03-27 19:51:42 -04:00
Hazelnoot
03edc33424 fix logger Data type 2025-03-27 19:51:42 -04:00
Hazelnoot
f61d71ac8c refactor mastodon API and preserve remote user agent for requests 2025-03-27 19:51:42 -04:00