Hazelnoot
407b2423af
fix redis transaction implementation
2024-12-10 19:01:35 -05:00
Hazelnoot
ead781900d
enable rate limits for dev environment
2024-12-09 19:04:59 -05:00
Hazelnoot
9daafca155
fix rate limits under multi-node environments
2024-12-09 19:04:06 -05:00
Hazelnoot
2946f85592
fix type errors from new rate limit definitions
2024-12-08 13:22:07 -05:00
Hazelnoot
fc4599ec07
fix rate limit scaling (it's no longer inverted)
2024-12-08 12:02:58 -05:00
Hazelnoot
91c9b67cb0
bypass rate limits when factor is 0
2024-12-08 11:58:57 -05:00
Hazelnoot
6fa0f2230e
increase rate limit for /api/endpoint
based on real-world testing
2024-12-08 11:56:48 -05:00
Hazelnoot
7c002ce56e
move all Rate Limit type defs to rate-limit-utils.ts
2024-12-08 11:33:57 -05:00
Hazelnoot
8b091f77ca
check for invalid rate limit inputs
2024-12-08 09:46:49 -05:00
Hazelnoot
a7a1edc92e
fix NaN from extremely high rate limits
2024-12-08 09:22:38 -05:00
Hazelnoot
2781f53d6b
support fractional rate limit scaling
2024-12-08 08:32:05 -05:00
Hazelnoot
afb026ebea
fix import order in SigninWithPasskeyApiService
2024-12-08 07:49:06 -05:00
Hazelnoot
fc5399a67d
revert un-needed changes to RateLimiterService
2024-12-08 07:47:52 -05:00
Hazelnoot
f6b256620b
separate SkRateLimiterService from RateLimiterService and update all usages
2024-12-07 13:13:19 -05:00
Hazelnoot
32635ecc25
fix rate limit storage in redis
2024-12-07 12:15:38 -05:00
Hazelnoot
8239ce4282
fix incorrect X-RateLimit-Remaining header
2024-12-07 12:14:42 -05:00
Hazelnoot
7698db88e5
fix DI in SkRateLimiterService
2024-12-07 12:14:25 -05:00
Hazelnoot
ffc2737478
implement SkRateLimiterService with Leaky Bucket rate limiting
2024-12-07 10:22:49 -05:00
Julia
52976588a7
merge: Bump develop version ( !789 )
...
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/789
2024-11-28 06:15:32 +00:00
dakkar
9309872cff
simpler check for "property present"
2024-11-27 21:25:54 +00:00
dakkar
3ea85b14a3
silence linter
...
those objects always have the normal prototype, and can't have
`hasOwnProperty` redefined, let me call it normally
(otherwise I'd have to write
`Object.prototype.hasOwnProperty.call(newUser, field)` and that's
ugly)
2024-11-27 21:01:12 +00:00
dakkar
fc277839b6
only "publish to followers" when things really change - fixes #733
2024-11-27 10:36:19 +00:00
dakkar
8e07eb7f44
remove duplicate limit
...
the `users/lists/push` endpoint already has a limit, of 30/hour
2024-11-22 23:14:37 +00:00
dakkar
caaa78d98d
merge: Add default rate limit ( !768 )
...
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/768
Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
Approved-by: Marie <github@yuugi.dev>
2024-11-22 23:03:34 +00:00
Hazelnoot
dbab122a99
fix typo "to many requests"
2024-11-22 15:26:55 -05:00
Hazelnoot
e3b826db5a
add rate limits to all public endpoints
2024-11-22 15:19:24 -05:00
Hazelnoot
6b54405003
add default / fallback rate limit
2024-11-22 13:53:41 -05:00
Julia
41536480ce
merge: Bump develop version ( !766 )
...
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/766
2024-11-21 02:58:28 +00:00
Julia Johannesen
cbf8cc376e
fix: primitive 18: ap/get
bypasses access checks
...
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
2024-11-20 19:17:25 -05:00
Julia Johannesen
c04f344049
fix: primitive 13: check attribution against actor in notes
2024-11-20 19:17:25 -05:00
Julia Johannesen
fb54546573
Fix linter error in emojis endpoint
2024-11-20 01:17:24 -05:00
dakkar
482538c7f8
merge: make emoji categories and names case insensitive. ( !746 )
...
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/746
Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
2024-11-17 13:22:39 +00:00
Hazelnoot
da2dfee0a8
merge: Remove check to prevent admin reporting ( Fixes #757 ) ( !727 )
...
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/727
Closes #757
Approved-by: Julia <julia@insertdomain.name>
Approved-by: Marie <github@yuugi.dev>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
2024-11-17 00:39:08 +00:00
piuvas
eaad96aae3
edit query
2024-11-15 13:40:53 -03:00
Caramel
03559156b9
Improve performance of notes/following API
2024-11-09 00:32:03 +01:00
Kio!
8477909af2
Update report-abuse.ts
2024-11-03 19:50:25 +00:00
Hazel K
37fd454f70
factor out shared code
2024-11-02 17:39:16 -04:00
Hazel K
3a72bf453a
respect following privacy settings
2024-11-02 17:39:16 -04:00
Hazel K
65d81a4ae2
Revert "fix incorrect populated object in followers endpoint"
...
This reverts commit 7b9473bf4c0b55facede0e1d1e33297d14184110.
2024-11-02 17:39:16 -04:00
Hazel K
8f0df1f01c
check for blocks in following / followers endpoints
2024-11-02 17:39:16 -04:00
Hazel K
c566fa1f36
require auth for followers & following endpoints
2024-11-02 17:39:16 -04:00
Marie
d786e96c2b
upd: add FriendlyCaptcha as a captcha solution
...
FriendlyCaptcha is a german captcha solution which is GDPR compliant and has a non-commerical free license
2024-11-02 02:20:35 +01:00
Hazelnoot
ade801ec58
check token permissions in admin/accounts/create.ts
2024-11-01 10:12:28 -04:00
Hazelnoot
f36a1a5701
allow admins to create approved users
2024-11-01 09:29:40 -04:00
Hazelnoot
ca1cdc4ea3
fix poll option limit in masto API
2024-10-26 10:38:29 -04:00
Hazelnoot
01e98c75ab
add separate limits for CW length
2024-10-26 10:04:23 -04:00
Hazelnoot
10d3d9f382
fix unit tests
2024-10-26 09:49:28 -04:00
Hazel K
67185a5d5d
fix UUID format
2024-10-26 09:49:28 -04:00
Hazel K
560ee43dcf
separate character limits for local and remote notes
2024-10-26 09:49:28 -04:00
Lhc_fl
67f977f4ff
fix: return getfromdb when FanoutTimeline is not enabled
2024-10-23 23:14:46 +08:00