769 Commits

Author	SHA1	Message	Date
鴇峰 朔華	3076af8bfd	Merge be219d27bc into 3c81926f71	2024-12-22 13:58:42 +09:00
かっこかり	f123be38b9	enhance(frontend): 照会の際にエラーを表示するように (#15147) ... * enhance: 照会の失敗理由を表示するように * Update Changelog * fix * fix test * lookupErrors-> remoteLookupErrors	2024-12-19 16:05:33 +09:00
anatawa12	dd56623cde	fix: unable to upload to local object storage (#15040)	2024-11-24 20:44:59 +09:00
syuilo	04b221409c	fix(backend): use atomic command to improve security	2024-11-23 04:44:33 +09:00
鴇峰 朔華	be219d27bc	fix	2024-11-22 19:06:14 +09:00
鴇峰 朔華	7d9e3c173f	Merge branch 'develop' into misskey-dev/feature/#14857	2024-11-22 13:42:03 +09:00
かっこかり	f25fc5215b	fix(backend): Inboxのエラーをthrowせずreturnしている問題を修正 (#15022) ... * fix exception handling for Like activities (cherry picked from commit 8f42e8434eaebe3aba5d1980c57f49dd8ad0de91) * fix exception handling for Announce activities (cherry picked from commit cfc3ab4b045af0674122fa49176431860176358b) * fix exception handling for Undo activities * Update Changelog --------- Co-authored-by: Hazelnoot <acomputerdog@gmail.com>	2024-11-22 12:14:41 +09:00
鴇峰 朔華	a80d1aca6b	Merge branch 'develop' into misskey-dev/feature/#14857	2024-11-22 11:51:26 +09:00
鴇峰 朔華	10b3458cda	Mod: とりあえずproxyAccountをシステムアカウントな感じにしてみた	2024-11-22 11:46:42 +09:00
かっこかり	c1f19fad1e	fix(backend): fix apResolver (#15010) ... * fix(backend): fix apResolver * fix * add comments * tweak comment	2024-11-21 14:36:24 +09:00
かっこかり	3a6c2aa835	fix(backend): fix type error(s) in security fixes (#15009) ... * Fix type error in security fixes (cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205) * Fix error in test function calls (cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b) * Fix style error (cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a) * Fix another style error (cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a) * Fix `.punyHost` misuse (cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42) * attempt to fix test: make yaml valid --------- Co-authored-by: Julia Johannesen <julia@insertdomain.name>	2024-11-21 12:10:02 +09:00
かっこかり	53e827b18c	fix(backend): fix security patches (#15008)	2024-11-21 10:30:30 +09:00
syuilo	9fdabe3666	fix(backend): use atomic command to improve security ... Co-Authored-By: Acid Chicken <root@acid-chicken.com>	2024-11-21 09:22:15 +09:00
rectcoordsystem	090e9392cd	Merge commit from fork ... * fix(backend): check target IP before sending HTTP request * fix(backend): allow accessing private IP when testing * Apply suggestions from code review Co-authored-by: anatawa12 <anatawa12@icloud.com> * fix(backend): lint and typecheck * fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService) * fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses --------- Co-authored-by: anatawa12 <anatawa12@icloud.com> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>	2024-11-21 08:27:09 +09:00
Julia	b9cb949eb1	Merge commit from fork ... * Fix poll update spoofing * fix: Disallow negative poll counts --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>	2024-11-21 08:24:50 +09:00
Julia	5f675201f2	Merge commit from fork ... * enhance: Add a few validation fixes from Sharkey See the original MR on the GitLab instance: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484 Co-Authored-By: Dakkar <dakkar@thenautilus.net> * fix: primitive 2: acceptance of cross-origin alternate Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 3: validation of non-final url * fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities * fix: primitives 5 & 8: reject activities with non string identifiers Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 6: reject anonymous objects that were fetched by their id * fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections * fix: code style for primitive 14 * fix: primitive 15: improper same-origin validation for note uri and url Co-Authored-By: Laura Hausmann <laura@hausmann.dev> * fix: primitive 16: improper same-origin validation for user uri and url * fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array * fix: code style for primitive 17 * fix: check attribution against actor in notes While this isn't strictly required to fix the exploits at hand, this mirrors the fix in `ApQuestionService` for GHSA-5h8r-gq97-xv69, as a preemptive countermeasure. * fix: primitive 18: `ap/get` bypasses access checks One might argue that we could make this one actually preform access checks against the returned activity object, but I feel like that's a lot more work than just restricting it to administrators, since, to me at least, it seems more like a debugging tool than anything else. * fix: primitive 19 & 20: respect blocks and hide more Ideally, the user property should also be hidden (as leaving it in leaks information slightly), but given the schema of the note endpoint, I don't think that would be possible without introducing some kind of "ghost" user, who is attributed for posts by users who have you blocked. * fix: primitives 21, 22, and 23: reuse resolver This also increases the default `recursionLimit` for `Resolver`, as it theoretically will go higher that it previously would and could possibly fail on non-malicious collection activities. * fix: primitives 25-33: proper local instance checks * revert: fix: primitive 19 & 20 This reverts commit 465a9fe6591de90f78bd3d084e3c01e65dc3cf3c. --------- Co-authored-by: Dakkar <dakkar@thenautilus.net> Co-authored-by: Laura Hausmann <laura@hausmann.dev> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>	2024-11-21 08:20:09 +09:00
Sayamame-beans	aa48a0e207	Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正 (#15006) ... * fix(backend): renoteMute doesn't work for note notification * docs(changelog): update changelog	2024-11-21 08:00:50 +09:00
おさむのひと	7b9c884a5d	refactor(backend): SystemWebhookで送信されるペイロードの型を追加 (#14980)	2024-11-19 10:41:39 +09:00
饺子w (Yumechi)	e800c0f85a	fix(backend): お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 (#14990) ... * fix(backend): アナウンスメントを作成ときに画像URLを後悔できないのを修正 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> * Update CHANGELOG.md Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com> --------- Signed-off-by: eternal-flame-AD <yume@yumechi.jp> Co-authored-by: おさむのひと <46447427+samunohito@users.noreply.github.com>	2024-11-19 10:29:42 +09:00
CDN	b3c2de2b26	fix(backend): fallback sharedInbox to null in ApPersonService (#14970)	2024-11-16 18:53:28 +09:00
饺子w (Yumechi)	a11b77a415	fix(backend): Webhook Test一致性 (#14863) ... * fix(backend): Webhook Test一致性 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> * UserWebhookPayload<'followed'> 修正 Signed-off-by: eternal-flame-AD <yume@yumechi.jp> --------- Signed-off-by: eternal-flame-AD <yume@yumechi.jp>	2024-11-12 09:51:18 +09:00
かっこかり	4a62051ce7	fix(backend): ローカルユーザーへのメンションを含むノートが連合される際に正しいURLに変換されないことがある問題を修正 (#14879) ... * fix: make sure mentions of local users get rendered correctly during AP delivery (resolves #645) * Update Changelog * indent --------- Co-authored-by: Laura Hausmann <laura@hausmann.dev> Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>	2024-11-09 10:58:09 +09:00
かっこかり	6718a54f6f	fix(backend): ノートを連合する際にリモートユーザーのacctの大小文字を区別して処理している問題を修正 (#14880) ... * fix: make sure outgoing remote mentions get resolved correctly if referenced with non-canonical casing (resolves #646) * Update Changelog * Update Changelog * indent --------- Co-authored-by: Laura Hausmann <laura@hausmann.dev>	2024-11-03 08:26:51 +09:00
Tamme Schichler	8eb7749e44	fix(backend): Accept arrays in ActivityPub icon and image properties (#14825) ... This is allowed according to the Activity vocabulary: https://www.w3.org/TR/activitystreams-vocabulary/#dfn-icon The issue is noticeable in combination with Bridgy Fed: https://github.com/snarfed/bridgy-fed/issues/1408	2024-10-28 21:06:16 +09:00
syuilo	952fec5665	feat: 過去のノートを非公開化/フォロワーのみ表示可能にできる機能 (#14814) ... * wip * Update CHANGELOG.md * wip * wip * wip * Update privacy.vue * wip	2024-10-22 17:08:53 +09:00
syuilo	5c79d8db20	feat: ノートの閲覧にログイン必須にする設定 (#14799) ... * wip * wip * wip * Update packages/frontend/src/pages/note.vue Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> * wip * Update WebhookTestService.ts * Update privacy.vue * wip * rename * Update locales/ja-JP.yml Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com> * 🎨 * wip --------- Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>	2024-10-21 12:49:29 +09:00
syuilo	5005cc8ae3	add note	2024-10-14 21:00:20 +09:00
syuilo	f13c3909a0	refactor(backend): remove unnecessary any	2024-10-14 17:54:27 +09:00
syuilo	77ebabb3dc	Revert "refactor" ... This reverts commit 7fd8ef344b.	2024-10-14 17:51:47 +09:00
syuilo	7fd8ef344b	refactor	2024-10-14 17:43:44 +09:00
かっこかり	8b7290d6b0	enhance(backend): 個人宛のお知らせはわかったを押すとアーカイブするように (#14762) ... * enhance(backend): 個人宛のお知らせはわかったを押すとアーカイブするように * Update Changelog * enhance(frontend): アーカイブ済みのものを読み込めるように * Update Changelog * fix changelog * 🎨	2024-10-14 11:23:26 +09:00
syuilo	064d6ca56f	fix(backend): RBT有効時、リノートのリアクションが反映されない問題を修正	2024-10-14 09:11:03 +09:00
おさむのひと	33b34ad7b8	feat: 運営のアクティビティが一定期間ない場合は通知＋招待制に移行した際に通知 (#14757) ... * feat: 運営のアクティビティが一定期間ない場合は通知＋招待制に移行した際に通知 * fix misskey-js.api.md * Revert "feat: 運営のアクティビティが一定期間ない場合は通知＋招待制に移行した際に通知" This reverts commit 3ab953bdf8. * 通知をやめてユーザ単位でのお知らせ機能に変更 * テスト用実装を戻す * Update packages/backend/src/queue/processors/CheckModeratorsActivityProcessorService.ts Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com> * fix remove empty then --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>	2024-10-13 20:32:12 +09:00
syuilo	5229f5de4d	refactor(backend): remove unnecessary .then	2024-10-13 20:32:02 +09:00
syuilo	ff47fef572	feat: リモートサーバーのサーバー情報を収集しないオプション (#14634) ... * wip * wip * Update FetchInstanceMetadataService.ts * Update FetchInstanceMetadataService.ts * Update types.ts	2024-10-13 20:22:16 +09:00
syuilo	af1cbc131f	wip (#14745)	2024-10-11 21:05:53 +09:00
おさむのひと	a2cd6a7709	feat(backend): 7日間運営のアクティビティがないサーバを自動的に招待制にする (#14746) ... * feat(backend): 7日間運営のアクティビティがないサーバを自動的に招待制にする * fix RoleService. * fix * fix * fix * add test and fix * fix * fix CHANGELOG.md * fix test	2024-10-11 20:59:36 +09:00
FineArchs	12bc671511	fix: admin/emoji/update で不正なエラーが発生する (#14750) ... * fix emoji updating bug * update changelog * type fix * " -> ' * conprehensiveness check * lint * undefined -> null	2024-10-11 17:17:45 +09:00
syuilo	d0213962bf	Update packages/backend/src/core/entities/FlashEntityService.ts ... Co-authored-by: zyoshoka <107108195+zyoshoka@users.noreply.github.com>	2024-10-08 18:59:10 +09:00
syuilo	ddc799fe3d	fix of d8cb7305ef	2024-10-05 18:29:02 +09:00
かっこかり	9d026975bc	fix(backend/test): #14558 以降e2eテストがたまに失敗する問題を修正 (#14709) ... * fix(backend/test): MisskeyIO#727 以降e2eテストがたまに失敗する問題を修正 (MisskeyIO#735) * ✌️ --------- Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com>	2024-10-05 16:20:44 +09:00
syuilo	d8cb7305ef	feat: 通報の強化 (#14704) ... * wip * Update CHANGELOG.md * lint * Update types.ts * wip * ✌️ * Update MkAbuseReport.vue * tweak	2024-10-05 16:20:15 +09:00
おさむのひと	0d7d1091c8	enhance: 人気のPlayを10件以上表示できるように (#14443) ... Co-authored-by: osamu <46447427+sam-osamu@users.noreply.github.com>	2024-10-05 14:37:52 +09:00
おさむのひと	88698462a9	feat(backend): 通報および通報解決時に送出されるSystemWebhookにユーザ情報を含めるようにする (#14698) ... * feat(backend): 通報および通報解決時に送出されるSystemWebhookにユーザ情報を含めるようにする * テスト送信もペイロード形式を合わせる * add spaces * fix test	2024-10-05 12:51:46 +09:00
かっこかり	975c2e7bc5	enhance(frontend): サインイン画面の改善 (#14658) ... * wip * Update MkSignin.vue * Update MkSignin.vue * wip * Update CHANGELOG.md * enhance(frontend): サインイン画面の改善 * Update Changelog * 14655の変更取り込み * spdx * fix * fix * fix * 🎨 * 🎨 * 🎨 * 🎨 * Captchaがリセットされない問題を修正 * 次の処理をsignin apiから読み取るように * Add Comments * fix * fix test * attempt to fix test * fix test * fix test * fix test * fix * fix test * fix: 一部のエラーがちゃんと出るように * Update Changelog * 🎨 * 🎨 * remove border --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>	2024-10-04 15:23:33 +09:00
syuilo	f0d0cd2e50	wip (#14643)	2024-09-28 18:15:32 +09:00
syuilo	afbba1ff1c	Update WebhookTestService.ts	2024-09-28 16:45:57 +09:00
syuilo	28e9d4e483	feat: フォローされた際のメッセージを設定できるようにする (#14430) ... * feat: フォローされた際のメッセージを設定できるようにする Resolve #14425 * Update CHANGELOG.md * 既にフォローしているユーザーのメッセージも見れるように * Update packages/frontend/src/components/MkNotification.vue Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com> * fix indent * Update users.ts * wip * Update users.ts --------- Co-authored-by: かっこかり <67428053+kakkokari-gtyih@users.noreply.github.com>	2024-09-28 09:55:21 +09:00
かっこかり	d8a2eeb7ed	feat: エクスポート完了時に通知を発行するように (#14484) ... * feat: エクスポート完了時に通知を発行するように * Update Changelog * entitity -> entity * fix: ペイロードを含むように * fix icon * exportableEntities -> userExportableEntities	2024-09-26 14:15:03 +09:00
KOBA789	7134d24c1f	perf(backend): Defer instance metadata update (#14558) ... * Defer instance metadata update * Fix last new line * Fix typo * Add license notice * Fix syntax * Perform deferred jobs on shutdown * Fix missing async/await * Fix typo :) * Update collapsed-queue.ts --------- Co-authored-by: syuilo <4439005+syuilo@users.noreply.github.com>	2024-09-26 10:25:20 +09:00