Commit graph

1259 commits

Author SHA1 Message Date
Hazelnoot
407b2423af fix redis transaction implementation 2024-12-10 19:01:35 -05:00
Hazelnoot
ead781900d enable rate limits for dev environment 2024-12-09 19:04:59 -05:00
Hazelnoot
9daafca155 fix rate limits under multi-node environments 2024-12-09 19:04:06 -05:00
Hazelnoot
2946f85592 fix type errors from new rate limit definitions 2024-12-08 13:22:07 -05:00
Hazelnoot
fc4599ec07 fix rate limit scaling (it's no longer inverted) 2024-12-08 12:02:58 -05:00
Hazelnoot
91c9b67cb0 bypass rate limits when factor is 0 2024-12-08 11:58:57 -05:00
Hazelnoot
6fa0f2230e increase rate limit for /api/endpoint based on real-world testing 2024-12-08 11:56:48 -05:00
Hazelnoot
7c002ce56e move all Rate Limit type defs to rate-limit-utils.ts 2024-12-08 11:33:57 -05:00
Hazelnoot
8b091f77ca check for invalid rate limit inputs 2024-12-08 09:46:49 -05:00
Hazelnoot
a7a1edc92e fix NaN from extremely high rate limits 2024-12-08 09:22:38 -05:00
Hazelnoot
2781f53d6b support fractional rate limit scaling 2024-12-08 08:32:05 -05:00
Hazelnoot
afb026ebea fix import order in SigninWithPasskeyApiService 2024-12-08 07:49:06 -05:00
Hazelnoot
fc5399a67d revert un-needed changes to RateLimiterService 2024-12-08 07:47:52 -05:00
Hazelnoot
f6b256620b separate SkRateLimiterService from RateLimiterService and update all usages 2024-12-07 13:13:19 -05:00
Hazelnoot
32635ecc25 fix rate limit storage in redis 2024-12-07 12:15:38 -05:00
Hazelnoot
8239ce4282 fix incorrect X-RateLimit-Remaining header 2024-12-07 12:14:42 -05:00
Hazelnoot
7698db88e5 fix DI in SkRateLimiterService 2024-12-07 12:14:25 -05:00
Hazelnoot
ffc2737478 implement SkRateLimiterService with Leaky Bucket rate limiting 2024-12-07 10:22:49 -05:00
Julia
52976588a7 merge: Bump develop version (!789)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/789
2024-11-28 06:15:32 +00:00
dakkar
9309872cff simpler check for "property present" 2024-11-27 21:25:54 +00:00
dakkar
3ea85b14a3 silence linter
those objects always have the normal prototype, and can't have
`hasOwnProperty` redefined, let me call it normally

(otherwise I'd have to write
`Object.prototype.hasOwnProperty.call(newUser, field)` and that's
ugly)
2024-11-27 21:01:12 +00:00
dakkar
fc277839b6 only "publish to followers" when things really change - fixes #733 2024-11-27 10:36:19 +00:00
dakkar
8e07eb7f44 remove duplicate limit
the `users/lists/push` endpoint already has a limit, of 30/hour
2024-11-22 23:14:37 +00:00
dakkar
caaa78d98d merge: Add default rate limit (!768)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/768

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
Approved-by: Marie <github@yuugi.dev>
2024-11-22 23:03:34 +00:00
Hazelnoot
dbab122a99 fix typo "to many requests" 2024-11-22 15:26:55 -05:00
Hazelnoot
e3b826db5a add rate limits to all public endpoints 2024-11-22 15:19:24 -05:00
Hazelnoot
6b54405003 add default / fallback rate limit 2024-11-22 13:53:41 -05:00
Julia
41536480ce merge: Bump develop version (!766)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/766
2024-11-21 02:58:28 +00:00
Julia Johannesen
cbf8cc376e
fix: primitive 18: ap/get bypasses access checks
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
2024-11-20 19:17:25 -05:00
Julia Johannesen
c04f344049
fix: primitive 13: check attribution against actor in notes 2024-11-20 19:17:25 -05:00
Julia Johannesen
fb54546573
Fix linter error in emojis endpoint 2024-11-20 01:17:24 -05:00
dakkar
482538c7f8 merge: make emoji categories and names case insensitive. (!746)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/746

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
2024-11-17 13:22:39 +00:00
Hazelnoot
da2dfee0a8 merge: Remove check to prevent admin reporting (Fixes #757) (!727)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/727

Closes #757

Approved-by: Julia <julia@insertdomain.name>
Approved-by: Marie <github@yuugi.dev>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
2024-11-17 00:39:08 +00:00
piuvas
eaad96aae3
edit query 2024-11-15 13:40:53 -03:00
Caramel
03559156b9 Improve performance of notes/following API 2024-11-09 00:32:03 +01:00
Kio!
8477909af2 Update report-abuse.ts 2024-11-03 19:50:25 +00:00
Hazel K
37fd454f70 factor out shared code 2024-11-02 17:39:16 -04:00
Hazel K
3a72bf453a respect following privacy settings 2024-11-02 17:39:16 -04:00
Hazel K
65d81a4ae2 Revert "fix incorrect populated object in followers endpoint"
This reverts commit 7b9473bf4c0b55facede0e1d1e33297d14184110.
2024-11-02 17:39:16 -04:00
Hazel K
8f0df1f01c check for blocks in following / followers endpoints 2024-11-02 17:39:16 -04:00
Hazel K
c566fa1f36 require auth for followers & following endpoints 2024-11-02 17:39:16 -04:00
Marie
d786e96c2b
upd: add FriendlyCaptcha as a captcha solution
FriendlyCaptcha is a german captcha solution which is GDPR compliant and has a non-commerical free license
2024-11-02 02:20:35 +01:00
Hazelnoot
ade801ec58 check token permissions in admin/accounts/create.ts 2024-11-01 10:12:28 -04:00
Hazelnoot
f36a1a5701 allow admins to create approved users 2024-11-01 09:29:40 -04:00
Hazelnoot
ca1cdc4ea3 fix poll option limit in masto API 2024-10-26 10:38:29 -04:00
Hazelnoot
01e98c75ab add separate limits for CW length 2024-10-26 10:04:23 -04:00
Hazelnoot
10d3d9f382 fix unit tests 2024-10-26 09:49:28 -04:00
Hazel K
67185a5d5d fix UUID format 2024-10-26 09:49:28 -04:00
Hazel K
560ee43dcf separate character limits for local and remote notes 2024-10-26 09:49:28 -04:00
Lhc_fl
67f977f4ff
fix: return getfromdb when FanoutTimeline is not enabled 2024-10-23 23:14:46 +08:00