barkey

mirror of https://codeberg.org/yeentown/barkey.git synced 2025-12-12 09:58:25 +00:00

Author	SHA1	Message	Date
Hazelnoot	36b85d62c2	check that detected AP object is actually a note before recording it in UrlPreviewService	2025-06-07 18:50:28 -04:00
Hazelnoot	a91c0de9b5	cache alternate URLs in UrlPreviewService	2025-06-04 10:47:19 -04:00
Hazelnoot	865b198ab3	redirect to exclude hash from preview URL	2025-06-04 10:47:19 -04:00
Hazelnoot	f601cff5c5	check input URL scheme before continuing	2025-06-04 10:47:19 -04:00
Hazelnoot	f4107b1c2b	check if previews are disabled before anything else	2025-06-04 10:47:19 -04:00
piuvas	56db26f236	some requested changes to linkAttribution.	2025-05-27 17:12:02 -03:00
piuvas	5545ddf9dd	requested changes.	2025-05-27 13:25:06 -03:00
piuvas	604c6dbc66	add missing semicolons.	2025-05-27 00:14:41 -03:00
piuvas	6874a318ea	small fixes.	2025-05-26 23:34:31 -03:00
piuvas	ca32c231d0	initial link attributions work.	2025-05-26 22:44:29 -03:00
Hazelnoot	28551c8103	use config.url instead of "https://${config.host}"	2025-05-21 08:27:23 -04:00
Hazelnoot	3a3f8770d9	factor our cache logic into a separate method	2025-05-19 18:18:55 -04:00
Hazelnoot	3936807184	remove preview ActivityPub flag if we encounter a permanent (non-retryable) error while fetching the note	2025-05-19 18:11:25 -04:00
Hazelnoot	bede498798	add rate limit for URL preview	2025-05-19 17:58:35 -04:00
Hazelnoot	f8c53466ef	make sure that the "fetch linked note" button actually remembers that the note is fetched	2025-05-19 10:57:42 -04:00
Hazelnoot	207915856a	fix return type of fetchSummary and fetchSummaryFromProxy	2025-05-08 11:06:25 -04:00
Hazelnoot	1ac9625eea	add same-authority check between fetched note and summary url	2025-05-08 11:05:15 -04:00
Hazelnoot	633718ffe9	avoid fetching notes twice in UrlPreviewService	2025-05-08 11:05:15 -04:00
Hazelnoot	70d75f1d57	check summary.haveNoteLocally after setting summary.activityPub to improve support for Akkoma	2025-05-08 11:05:15 -04:00
Hazelnoot	c05aa7a281	softer URL preview validation: remove unsupported URLs instead of rejecting the whole preview	2025-05-08 11:05:15 -04:00
Hazelnoot	d6c2140821	validate more URLs in UrlPreviewService.ts	2025-05-08 11:05:14 -04:00
Hazelnoot	23267a3a96	await cache update to avoid hammering redis in UrlPreviewService.ts	2025-05-08 11:05:14 -04:00
Hazelnoot	a1fcf554fa	reduce caching for failed previews	2025-05-08 11:05:14 -04:00
Hazelnoot	c23b1c3be7	reduce log spam from UrlPreviewService.ts	2025-05-08 11:05:14 -04:00
Hazelnoot	163be8d4a4	match preview cache duration for HTTP and Redis	2025-05-08 11:05:14 -04:00
Hazelnoot	387efac23f	add version specifier to URL preview cache	2025-05-08 11:05:14 -04:00
Hazelnoot	80819f03e7	don't proxy local URLs	2025-05-08 11:05:14 -04:00
Hazelnoot	05201f71cc	allow summaly previews to redirect	2025-05-08 11:05:14 -04:00
Hazelnoot	1d2a4c6f56	infer ActivityPub links from signed GET	2025-05-08 11:05:14 -04:00
Hazelnoot	ab65f4b8b2	infer ActivityPub links from local DB	2025-05-08 11:05:14 -04:00
Hazelnoot	2fb56bc4ea	fix eslint warning in UrlPreviewService.ts	2025-05-08 11:05:14 -04:00
Hazelnoot	129dfa9649	extract LocalSummalyResult type	2025-05-08 11:05:14 -04:00
Hazelnoot	938e094a1a	set summary.haveNoteLocally before caching summary	2025-05-08 11:05:14 -04:00
Hazelnoot	9c301fa5aa	Merge branch 'misskey-develop' into merge/2025-03-24 # Conflicts: # .github/workflows/api-misskey-js.yml # .github/workflows/changelog-check.yml # .github/workflows/check-misskey-js-autogen.yml # .github/workflows/get-api-diff.yml # .github/workflows/lint.yml # .github/workflows/locale.yml # .github/workflows/on-release-created.yml # .github/workflows/storybook.yml # .github/workflows/test-backend.yml # .github/workflows/test-federation.yml # .github/workflows/test-frontend.yml # .github/workflows/test-misskey-js.yml # .github/workflows/test-production.yml # .github/workflows/validate-api-json.yml # package.json # packages/backend/package.json # packages/backend/src/server/api/ApiCallService.ts # packages/backend/src/server/api/endpoints/drive/files/create.ts # packages/frontend-shared/js/url.ts # packages/frontend/package.json # packages/frontend/src/components/MkFileCaptionEditWindow.vue # packages/frontend/src/components/MkInfo.vue # packages/frontend/src/components/MkLink.vue # packages/frontend/src/components/MkNote.vue # packages/frontend/src/components/MkNotes.vue # packages/frontend/src/components/MkPageWindow.vue # packages/frontend/src/components/MkReactionsViewer.vue # packages/frontend/src/components/MkTimeline.vue # packages/frontend/src/components/MkUrlPreview.vue # packages/frontend/src/components/MkUserPopup.vue # packages/frontend/src/components/global/MkPageHeader.vue # packages/frontend/src/components/global/MkUrl.vue # packages/frontend/src/components/global/PageWithHeader.vue # packages/frontend/src/pages/about-misskey.vue # packages/frontend/src/pages/announcements.vue # packages/frontend/src/pages/antenna-timeline.vue # packages/frontend/src/pages/channel.vue # packages/frontend/src/pages/instance-info.vue # packages/frontend/src/pages/note.vue # packages/frontend/src/pages/page.vue # packages/frontend/src/pages/role.vue # packages/frontend/src/pages/tag.vue # packages/frontend/src/pages/timeline.vue # packages/frontend/src/pages/user-list-timeline.vue # packages/frontend/src/pages/user/followers.vue # packages/frontend/src/pages/user/following.vue # packages/frontend/src/pages/user/home.vue # packages/frontend/src/pages/user/index.vue # packages/frontend/src/ui/deck.vue # packages/misskey-js/generator/package.json # pnpm-lock.yaml # scripts/changelog-checker/package-lock.json # scripts/changelog-checker/package.json	2025-04-29 15:54:11 -04:00
syuilo	d6ae4c980b	feat(frontend): タイトルバーを表示できるように	2025-04-29 09:43:15 +09:00
Julia	d10fdfe973	Merge commit from fork * SP-2025-03.1 always wrap icon&thumbnail URLs if they're not HTTP URLs, the frontend won't be able to display them anyway (`<img src="mailto:…">` or '<div stile="background-image: url(nntp:…)">` aren't going to work!), so let's always run them through the media proxy, which will fail harder (fetching a `javascript:` URL won't do anything in the backend, might do something in the frontend) and will always protect the client's address in cases like `gemini:` where the browser could try to fetch * SP-2025-03.2 use object binding for more styles interpolating a random (remote-controlled!) string into a `style` attribute is a bad idea; using VueJS object binding, we should get proper quoting and therefore safe parse failures instead of CSS injections / XSS * SP-2025-03.3 slightly more robust "self" URL handling parse URLs instead of treating them as strings; this is still not perfect, but the `URL` class only handles full URLs, not relative ones, so there's so way to ask it "give me a URL object that represents this resource relative to this base URL" notice that passing very weird URLs to `MkUrl` and `MkUrlPreview` will break the frontend (in dev mode) because there's an untrapped `new URL(…)` that may explode; production builds seem to safely ignore the error, though --------- Co-authored-by: dakkar <dakkar@thenautilus.net>	2025-04-29 08:15:54 +09:00
dakkar	4981e5ba36	Merge branch 'develop' into merge/2025-03-24	2025-04-28 15:31:28 +01:00
Julia Johannesen	ac905118cc	Merge branch 'stable' into merge-stable-into-develop	2025-04-27 16:19:44 -04:00
Julia Johannesen	35df3944c1	Update summaly	2025-04-27 13:31:27 -04:00
Julia Johannesen	0bb4e57b0c	Security fixes Co-Authored-By: dakkar <dakkar@thenautilus.net>	2025-04-27 13:05:09 -04:00
Hazelnoot	a4dd19fdd4	merge upstream again	2025-04-24 14:23:45 -04:00
Hazelnoot	ac894986f9	Merge branch 'develop' into merge/2025-03-24 # Conflicts: # CONTRIBUTING.md # packages/backend/src/core/activitypub/models/ApPersonService.ts	2025-04-24 13:07:41 -04:00
Marie	4f64803ef2	merge: make MOTD html unescaped. (requires discussion?) (!759 ) View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/759 Approved-by: Hazelnoot <acomputerdog@gmail.com> Approved-by: Marie <github@yuugi.dev>	2025-04-15 07:45:51 +00:00
anatawa12	d5fe6e36ae	fix: avatarId が null のときにも avatarUrl が non null 担ってることがある問題 (#15833 )	2025-04-15 16:10:17 +09:00
Hazelnoot	91fb75dece	Merge branch 'develop' into merge/2025-03-24	2025-04-13 13:07:24 -04:00
Zlendy	ce26d8d3cb	feat: Allow injection of raw HTML strings inside <head>	2025-04-11 22:56:26 +02:00
Hazelnoot	6ac37b4d6c	lint and type fixes	2025-04-01 20:47:04 -04:00
Hazelnoot	d272d6f224	fix software name in boot.embed.js, boot.js, and error.js	2025-04-01 12:30:35 -04:00
Hazelnoot	d39e4babd1	fix development link in error.pug	2025-04-01 12:29:08 -04:00
Hazelnoot	7ff15816d1	Merge branch 'misskey-develop' into merge/2025-03-24 # Conflicts: # .github/workflows/api-misskey-js.yml # .github/workflows/changelog-check.yml # .github/workflows/check-misskey-js-autogen.yml # .github/workflows/get-api-diff.yml # .github/workflows/lint.yml # .github/workflows/locale.yml # .github/workflows/on-release-created.yml # .github/workflows/storybook.yml # .github/workflows/test-backend.yml # .github/workflows/test-federation.yml # .github/workflows/test-frontend.yml # .github/workflows/test-misskey-js.yml # .github/workflows/test-production.yml # .github/workflows/validate-api-json.yml # locales/index.d.ts # package.json # packages/misskey-js/generator/package.json # packages/misskey-js/package.json # pnpm-lock.yaml # scripts/changelog-checker/package-lock.json # scripts/changelog-checker/package.json	2025-04-01 09:59:46 -04:00

1 2 3 4 5 ...

355 commits