Laura Hausmann
630d6bdbe5
[backend] Limit node-fetch responses to a reasonable length in all places
2024-07-28 19:15:37 +02:00
Laura Hausmann
5c659b1306
Revert "[backend] Improve JSON-LD context size limiter"
...
This reverts commit 9a8b7efcd6
.
2024-07-28 19:02:13 +02:00
Laura Hausmann
e9f776c7b2
[backend] Bump node-fetch version
2024-07-28 19:02:10 +02:00
Laura Hausmann
9a8b7efcd6
[backend] Improve JSON-LD context size limiter
2024-07-28 17:00:00 +02:00
Laura Hausmann
d9d6dc1b60
[backend] Limit fetched JSON-LD context size to 1MB
2024-07-28 16:17:13 +02:00
Laura Hausmann
96dce1ada0
[backend] Update summaly version
2024-07-28 16:00:22 +02:00
Laura Hausmann
91dddc439f
[sdk] Rename iceshrimp-js package to iceshrimp-sdk
...
This resolves possible confusion between iceshrimp-js (this project) and iceshrimp-sdk (the package)
2024-07-23 23:15:19 +02:00
Laura Hausmann
cc9bc79466
[backend] Set opts.removeOnComplete when discarding corrupt jobs (since the opts object is likely also corrupted)
2024-07-23 21:00:21 +02:00
Laura Hausmann
0d5220e505
[backend] Discard jobs with null/undefined/empty data objects; add no-op handlers for invalid queue jobs
...
This stops corrupted/invalid jobs from clogging up the queue. Ref: https://github.com/OptimalBits/bull/issues/2461
2024-07-23 20:47:23 +02:00
naskya
bb4f4b4b00
fix: upgrade AiScript! There are braking changes in the AiScript syntax, so existing plugins must alse be upgraded Also, I didn't include the function that can call remote servers' API (which is present in the latest Misskey)
...
Co-authored-by: syuilo <syuilotan@yahoo.co.jp>
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
2024-07-13 18:05:12 +03:00
Laura Hausmann
4f21fd9b91
[backend/masto-client] Fall back to full-res url if an attachment's thumbnailUrl is null
...
The API docs say this field is nullable, but the official android app crashes if it is set to null.
2024-07-04 03:24:40 +02:00
Laura Hausmann
e2b7d80871
[backend] Reset home timeline query heuristic after importing follows
2024-07-04 00:08:21 +02:00
Laura Hausmann
09afdeb04c
[backend] Fix build on Node 22
2024-07-03 23:51:17 +02:00
ari melody
2ebd907c47
[backend/masto-client] Add follow_requests_count to verify_credentials response
2024-07-02 22:40:25 +02:00
Laura Hausmann
08d8143386
[backend] Switch to updated summaly version which sends a more descriptive user agent
...
Upstream summaly is sending a user agent that just says SummalyBot, which can be mistaken as a web scraper.
2024-06-27 21:33:40 +02:00
mia
6a678b688e
update sharp to 0.33.4
2024-06-16 02:16:33 -07:00
Laura Hausmann
1c6ec9ad08
[backend] Catch errors in UserRepository.userFromURI
...
This fixes sporadic errors during rendering of follower/following lists.
2024-06-10 18:31:50 +02:00
Laura Hausmann
d8a75cdd08
[backend] Render pinned notes as links instead of objects
2024-05-31 20:56:35 +02:00
Laura Hausmann
dfe01652f0
[backend] Fix build on node v22
2024-05-13 14:00:12 +02:00
Laura Hausmann
df5734523f
[backend] Correctly set CW on note update
...
Resolves : #547
2024-05-01 23:48:07 +02:00
Laura Hausmann
febb499fcb
[backend] Compact LD-signed activities against well-known context to defend against spoofing attacks
2024-04-29 16:36:58 +02:00
Laura Hausmann
dcfa69ff9d
[backend/masto-client] Fix user profile html cache not updating
2024-04-27 18:48:03 +02:00
Laura Hausmann
6f3818a8bb
[backend/masto-client] Correctly set meId in FTS query helper
2024-04-24 03:02:24 +02:00
mei23
301c754e95
[backend] Add Cache-Control to Bull Dashboard
2024-04-19 17:11:14 +02:00
Ezeani Emmanuel
3fa791d71f
[backend] Improve custom TypeORM logger with configurable logging options
...
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
2024-04-11 17:22:45 +02:00
Laura Hausmann
74a3375886
[backend] Add quote_id to mastodon api note responses
2024-04-10 18:21:59 +02:00
Laura Hausmann
5a30581c73
[backend] Fix autofollowedAccount being set to random (possibly non-local) users on update-meta
2024-04-08 20:39:41 +02:00
Laura Hausmann
41cb218aa8
[backend] Set X-Content-Type-Options to nosniff on the drive files endpoint
2024-03-30 13:11:15 +01:00
Laura Hausmann
cf506d3bd9
[backend] Reject anonymous objects in the AP resolver
2024-03-30 13:11:09 +01:00
Laura Hausmann
ac57c58ecf
[backend] Stricter validation of activity identifiers
...
This resolves a security issue that was disclosed on 2024-03-24 & patched in coordination with other affected software on 2024-03-30.
Huge thanks to Oneric for the detailed security disclosure.
2024-03-30 13:11:03 +01:00
Crimekillz
74df0b3602
Fix bug: Pass reference to Note OBJ when creating notifications for Poll Vote and Poll End so muted threads can be resolved correctly
2024-03-26 16:24:19 +01:00
Laura Hausmann
01fbd1a5c7
[backend] Fix video playback for files hosted from different origins
2024-03-18 15:34:14 +01:00
CookiLover311
ccec3e7e63
[mastodon-client] Add default reaction to /v1/instance
2024-03-01 14:25:41 +01:00
老周部落
3824767cc9
[backend] Fix resolver cannot parse some follows and notes request
2024-02-26 08:49:45 +01:00
naskya
e9ef70e272
fix (backend): check url properly
...
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2024-02-26 00:11:21 +01:00
Laura Hausmann
e2cff0340f
[backend] When fetching activities, specify the acceptable JSON-LD profile explicitly
2024-02-17 16:11:23 +01:00
Laura Hausmann
099ba9ce65
[backend] Enforce JSON-LD profile when fetching activities
2024-02-17 15:59:24 +01:00
Laura Hausmann
31122636d3
[backend] Fix federation for incoming note edits with an attachment that has no alt text
2024-02-17 04:04:25 +01:00
Laura Hausmann
5f6096c1b7
[backend] Verify object id host matches final URL when fetching remote activities
2024-02-16 18:42:23 +01:00
Laura Hausmann
9fc45f166c
[backend] Verify response content type when fetching remote activities
2024-02-16 18:42:22 +01:00
Laura Hausmann
129cc4408a
[mastodon-client] Register full OAuth scopes as well
2024-02-14 23:56:11 +01:00
Laura Hausmann
3399187302
[mastodon-client] Fix /v2/suggestions endpoint (undocumented API behavior strikes again)
2024-02-14 23:55:50 +01:00
Laura Hausmann
e49d168ecd
[mastodon-client] Add support for quote_id parameter when creating posts ( #515 )
2024-02-13 16:51:08 +01:00
Laura Hausmann
4b20ab6ad4
[backend] Fix typo in audience.ts isPublic check
2024-02-07 19:56:02 +01:00
Laura Hausmann
1378037384
[backend] Only allow author to see hidden posts
2024-02-04 20:23:42 +01:00
Laura Hausmann
f14c5ed4ef
[backend/frontend] Disable post imports for security reasons
2024-02-04 20:12:51 +01:00
Laura Hausmann
a1460503cf
Make sure unresponsive split domain instances that come back to life don't get stuck isNotResponding
2024-01-30 18:27:06 +01:00
Laura Hausmann
7ed43b76b5
Improve dead instances pruning
...
This fixes a couple edge cases in which inactive but working instances could be caught by the dead instances filter
2024-01-30 18:00:54 +01:00
Laura Hausmann
0d28b07203
Don't send activities to dead instances
...
Co-authored-by: Johann150 <johann.galle@protonmail.com>
2024-01-29 21:50:05 +01:00
Laura Hausmann
197002df8a
[backend] Fix emojis with special characters
...
This is an adaptation of 3968a6ca07
and ada577bde6
Co-authored-by: Johann150 <johann.galle@protonmail.com>
2024-01-04 23:55:00 +01:00