Commit Graph

5289 Commits

Author SHA1 Message Date
Laura Hausmann
4e61f25d41
[backend] Bump msgpackr version
This fixes compatibility with NodeJS v23+
2024-11-25 22:47:38 +01:00
mia
bd1bb68da3
[backend] Bump re2
Fixes some build issues
2024-11-24 10:07:52 -08:00
Kopper
a5f4279d32
[backend] Check target IP before sending HTTP request
Backported upstream commit "fix(backend): check target IP before sending HTTP request"

Co-authored-by: rectcoordsystem <heohyun73@gmail.com>
Co-authored-by: anatawa12 <anatawa12@icloud.com>
2024-11-20 23:56:37 +01:00
Laura Hausmann
065590279e
[backend] Strengthen checks against local object resolution
This commit addresses disclosed primitives 26-29 & 31-33
2024-11-20 23:56:20 +01:00
Laura Hausmann
ca331d2406
[backend] Create a new resolver in parseAudience if none is passed to the function
This commit addresses disclosed primitive 23
2024-11-20 23:56:16 +01:00
Laura Hausmann
dc3c2d1ad4
[backend] Enforce blocks in NoteRepository.isVisibleForMe
This commit addresses disclosed primitive 20
2024-11-20 23:56:12 +01:00
Laura Hausmann
aa73a8905d
[backend] Require admin scope for AP get endpoint
This commit addresses disclosed primitive 18
2024-11-20 23:56:07 +01:00
Laura Hausmann
7542310e3e
[backend] Improve validation of AP activities & objects
This commit addresses disclosed primitives 4-5, 7-9, 12-17 & 21-22 (CVE-2024-51403, CVE-2024-51404, CVE-2024-51405)
2024-11-20 23:56:02 +01:00
Laura Hausmann
c1e1c391f8
[backend] Apply rate limits to proxyServer and fileServer
This resolves a DoS / DDoS / request amplification attack vector that is being actively exploited.
2024-11-20 04:21:51 +01:00
Laura Hausmann
416dbb5887
[backend] Don't treat HTTP 429 errors as non-retryable 2024-11-17 16:12:47 +01:00
Laura Hausmann
447bd10ec0
[frontend] Fix inline replies on chrome >= 130 only partially being displayed 2024-11-07 23:51:48 +01:00
Laura Hausmann
b5831f5a91
[frontend] Fix inline replies on chrome >= 130 2024-11-07 23:30:45 +01:00
mia
3adb155ed4
[backend] Use authenticated resolver for poll updates 2024-11-04 19:52:25 -08:00
mia
34823aa7b8 [backend] Fetch pinned notes with following user
fixes #567
2024-10-16 21:16:52 +02:00
mia
1e60ed665d [backend] Use configured prefix for redis messaging 2024-10-14 03:02:24 +02:00
Laura Hausmann
cc89de3e5c
[backend] Fix typo 2024-10-11 07:13:02 +02:00
mia
a70db57df9 [backend] Add prometheus metrics endpoint 2024-10-11 07:08:51 +02:00
sugar
fdd97dce7d Allow searching for uppercased letters in emoji picker 2024-10-11 07:07:40 +02:00
mia
23533c1aaa
[backend] Switch job queue to BullMQ
Signed-off-by: mia <mia@mia.jetzt>
2024-10-11 00:17:34 +02:00
Laura Hausmann
7074a2efaf
[backend] Canonicalize URLs before comparing them during object id consistency checks in the AP resolver 2024-09-18 23:37:09 +02:00
Laura Hausmann
e753462c01
[backend] Don't federate edits of local-only notes (resolves #566) 2024-09-10 20:05:54 +02:00
Laura Hausmann
630d6bdbe5
[backend] Limit node-fetch responses to a reasonable length in all places 2024-07-28 19:15:37 +02:00
Laura Hausmann
5c659b1306
Revert "[backend] Improve JSON-LD context size limiter"
This reverts commit 9a8b7efcd6.
2024-07-28 19:02:13 +02:00
Laura Hausmann
e9f776c7b2
[backend] Bump node-fetch version 2024-07-28 19:02:10 +02:00
Laura Hausmann
9a8b7efcd6
[backend] Improve JSON-LD context size limiter 2024-07-28 17:00:00 +02:00
Laura Hausmann
d9d6dc1b60
[backend] Limit fetched JSON-LD context size to 1MB 2024-07-28 16:17:13 +02:00
Laura Hausmann
96dce1ada0
[backend] Update summaly version 2024-07-28 16:00:22 +02:00
Laura Hausmann
91dddc439f
[sdk] Rename iceshrimp-js package to iceshrimp-sdk
This resolves possible confusion between iceshrimp-js (this project) and iceshrimp-sdk (the package)
2024-07-23 23:15:19 +02:00
Laura Hausmann
cc9bc79466
[backend] Set opts.removeOnComplete when discarding corrupt jobs (since the opts object is likely also corrupted) 2024-07-23 21:00:21 +02:00
Laura Hausmann
0d5220e505
[backend] Discard jobs with null/undefined/empty data objects; add no-op handlers for invalid queue jobs
This stops corrupted/invalid jobs from clogging up the queue. Ref: https://github.com/OptimalBits/bull/issues/2461
2024-07-23 20:47:23 +02:00
Kopper
ac535a5f0d Update MFM cheatsheet 2024-07-16 11:41:53 +03:00
limepotato
ae38a65db6 add mfm autocomplete 2024-07-15 19:11:32 +03:00
limepotato
972244f3e1 Follow Mouse MFM 2024-07-15 19:11:18 +03:00
limepotato
57d6421985 Unix Time MFM 2024-07-15 19:10:45 +03:00
limepotato
134167e648 ruby mfm 2024-07-15 19:07:57 +03:00
limepotato
7571de37cf add border mfm 2024-07-15 19:07:43 +03:00
mia
4781e1971e fix (client): don't return undefined from native Mk:dialog implementation
fixes #10839
2024-07-15 18:52:56 +03:00
Kopper
5a158b8de0 Update AiScript to 0.17.0
Doesn't seem to break any worse than the previous update. 0.18.0, which
is the latest one, does break.
2024-07-13 18:06:20 +03:00
naskya
bb4f4b4b00 fix: upgrade AiScript! There are braking changes in the AiScript syntax, so existing plugins must alse be upgraded Also, I didn't include the function that can call remote servers' API (which is present in the latest Misskey)
Co-authored-by: syuilo <syuilotan@yahoo.co.jp>
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
2024-07-13 18:05:12 +03:00
Laura Hausmann
4f21fd9b91
[backend/masto-client] Fall back to full-res url if an attachment's thumbnailUrl is null
The API docs say this field is nullable, but the official android app crashes if it is set to null.
2024-07-04 03:24:40 +02:00
Laura Hausmann
e2b7d80871
[backend] Reset home timeline query heuristic after importing follows 2024-07-04 00:08:21 +02:00
Laura Hausmann
09afdeb04c
[backend] Fix build on Node 22 2024-07-03 23:51:17 +02:00
ari melody
2ebd907c47
[backend/masto-client] Add follow_requests_count to verify_credentials response 2024-07-02 22:40:25 +02:00
Tournesol
a220810f76 Remove Experiments page 2024-06-28 18:41:09 +02:00
Laura Hausmann
08d8143386
[backend] Switch to updated summaly version which sends a more descriptive user agent
Upstream summaly is sending a user agent that just says SummalyBot, which can be mistaken as a web scraper.
2024-06-27 21:33:40 +02:00
Mae Dartmann
50b25c88c7
[client] remove unimplemented timetravel button & handlers
Signed-off-by: Mae Dartmann <hello@maedartmann.name>
2024-06-24 23:06:27 +02:00
mia
6a678b688e update sharp to 0.33.4 2024-06-16 02:16:33 -07:00
Laura Hausmann
1c6ec9ad08
[backend] Catch errors in UserRepository.userFromURI
This fixes sporadic errors during rendering of follower/following lists.
2024-06-10 18:31:50 +02:00
Laura Hausmann
d8a75cdd08
[backend] Render pinned notes as links instead of objects 2024-05-31 20:56:35 +02:00
Laura Hausmann
dfe01652f0
[backend] Fix build on node v22 2024-05-13 14:00:12 +02:00