1259 commits

Author	SHA1	Message	Date
Hazelnoot	407b2423af	fix redis transaction implementation	2024-12-10 19:01:35 -05:00
Hazelnoot	ead781900d	enable rate limits for dev environment	2024-12-09 19:04:59 -05:00
Hazelnoot	9daafca155	fix rate limits under multi-node environments	2024-12-09 19:04:06 -05:00
Hazelnoot	2946f85592	fix type errors from new rate limit definitions	2024-12-08 13:22:07 -05:00
Hazelnoot	fc4599ec07	fix rate limit scaling (it's no longer inverted)	2024-12-08 12:02:58 -05:00
Hazelnoot	91c9b67cb0	bypass rate limits when factor is 0	2024-12-08 11:58:57 -05:00
Hazelnoot	6fa0f2230e	increase rate limit for /api/endpoint based on real-world testing	2024-12-08 11:56:48 -05:00
Hazelnoot	7c002ce56e	move all Rate Limit type defs to rate-limit-utils.ts	2024-12-08 11:33:57 -05:00
Hazelnoot	8b091f77ca	check for invalid rate limit inputs	2024-12-08 09:46:49 -05:00
Hazelnoot	a7a1edc92e	fix NaN from extremely high rate limits	2024-12-08 09:22:38 -05:00
Hazelnoot	2781f53d6b	support fractional rate limit scaling	2024-12-08 08:32:05 -05:00
Hazelnoot	afb026ebea	fix import order in SigninWithPasskeyApiService	2024-12-08 07:49:06 -05:00
Hazelnoot	fc5399a67d	revert un-needed changes to RateLimiterService	2024-12-08 07:47:52 -05:00
Hazelnoot	f6b256620b	separate SkRateLimiterService from RateLimiterService and update all usages	2024-12-07 13:13:19 -05:00
Hazelnoot	32635ecc25	fix rate limit storage in redis	2024-12-07 12:15:38 -05:00
Hazelnoot	8239ce4282	fix incorrect X-RateLimit-Remaining header	2024-12-07 12:14:42 -05:00
Hazelnoot	7698db88e5	fix DI in SkRateLimiterService	2024-12-07 12:14:25 -05:00
Hazelnoot	ffc2737478	implement SkRateLimiterService with Leaky Bucket rate limiting	2024-12-07 10:22:49 -05:00
Julia	52976588a7	merge: Bump develop version (!789) ... View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/789	2024-11-28 06:15:32 +00:00
dakkar	9309872cff	simpler check for "property present"	2024-11-27 21:25:54 +00:00
dakkar	3ea85b14a3	silence linter ... those objects always have the normal prototype, and can't have `hasOwnProperty` redefined, let me call it normally (otherwise I'd have to write `Object.prototype.hasOwnProperty.call(newUser, field)` and that's ugly)	2024-11-27 21:01:12 +00:00
dakkar	fc277839b6	only "publish to followers" when things really change - fixes #733	2024-11-27 10:36:19 +00:00
dakkar	8e07eb7f44	remove duplicate limit ... the `users/lists/push` endpoint already has a limit, of 30/hour	2024-11-22 23:14:37 +00:00
dakkar	caaa78d98d	merge: Add default rate limit (!768) ... View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/768 Approved-by: dakkar <dakkar@thenautilus.net> Approved-by: Tess K <me@thvxl.se> Approved-by: Marie <github@yuugi.dev>	2024-11-22 23:03:34 +00:00
Hazelnoot	dbab122a99	fix typo "to many requests"	2024-11-22 15:26:55 -05:00
Hazelnoot	e3b826db5a	add rate limits to all public endpoints	2024-11-22 15:19:24 -05:00
Hazelnoot	6b54405003	add default / fallback rate limit	2024-11-22 13:53:41 -05:00
Julia	41536480ce	merge: Bump develop version (!766) ... View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/766	2024-11-21 02:58:28 +00:00
Julia Johannesen	cbf8cc376e	fix: primitive 18: ap/get bypasses access checks ... One might argue that we could make this one actually preform access checks against the returned activity object, but I feel like that's a lot more work than just restricting it to administrators, since, to me at least, it seems more like a debugging tool than anything else.	2024-11-20 19:17:25 -05:00
Julia Johannesen	c04f344049	fix: primitive 13: check attribution against actor in notes	2024-11-20 19:17:25 -05:00
Julia Johannesen	fb54546573	Fix linter error in emojis endpoint	2024-11-20 01:17:24 -05:00
dakkar	482538c7f8	merge: make emoji categories and names case insensitive. (!746) ... View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/746 Approved-by: Hazelnoot <acomputerdog@gmail.com> Approved-by: dakkar <dakkar@thenautilus.net>	2024-11-17 13:22:39 +00:00
Hazelnoot	da2dfee0a8	merge: Remove check to prevent admin reporting (Fixes #757) (!727) ... View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/727 Closes #757 Approved-by: Julia <julia@insertdomain.name> Approved-by: Marie <github@yuugi.dev> Approved-by: Hazelnoot <acomputerdog@gmail.com>	2024-11-17 00:39:08 +00:00
piuvas	eaad96aae3	edit query	2024-11-15 13:40:53 -03:00
Caramel	03559156b9	Improve performance of notes/following API	2024-11-09 00:32:03 +01:00
Kio!	8477909af2	Update report-abuse.ts	2024-11-03 19:50:25 +00:00
Hazel K	37fd454f70	factor out shared code	2024-11-02 17:39:16 -04:00
Hazel K	3a72bf453a	respect following privacy settings	2024-11-02 17:39:16 -04:00
Hazel K	65d81a4ae2	Revert "fix incorrect populated object in followers endpoint" ... This reverts commit 7b9473bf4c0b55facede0e1d1e33297d14184110.	2024-11-02 17:39:16 -04:00
Hazel K	8f0df1f01c	check for blocks in following / followers endpoints	2024-11-02 17:39:16 -04:00
Hazel K	c566fa1f36	require auth for followers & following endpoints	2024-11-02 17:39:16 -04:00
Marie	d786e96c2b	upd: add FriendlyCaptcha as a captcha solution ... FriendlyCaptcha is a german captcha solution which is GDPR compliant and has a non-commerical free license	2024-11-02 02:20:35 +01:00
Hazelnoot	ade801ec58	check token permissions in admin/accounts/create.ts	2024-11-01 10:12:28 -04:00
Hazelnoot	f36a1a5701	allow admins to create approved users	2024-11-01 09:29:40 -04:00
Hazelnoot	ca1cdc4ea3	fix poll option limit in masto API	2024-10-26 10:38:29 -04:00
Hazelnoot	01e98c75ab	add separate limits for CW length	2024-10-26 10:04:23 -04:00
Hazelnoot	10d3d9f382	fix unit tests	2024-10-26 09:49:28 -04:00
Hazel K	67185a5d5d	fix UUID format	2024-10-26 09:49:28 -04:00
Hazel K	560ee43dcf	separate character limits for local and remote notes	2024-10-26 09:49:28 -04:00
Lhc_fl	67f977f4ff	fix: return getfromdb when FanoutTimeline is not enabled	2024-10-23 23:14:46 +08:00