Commit Graph

2144 Commits

Author SHA1 Message Date
Laura Hausmann
630d6bdbe5
[backend] Limit node-fetch responses to a reasonable length in all places 2024-07-28 19:15:37 +02:00
Laura Hausmann
5c659b1306
Revert "[backend] Improve JSON-LD context size limiter"
This reverts commit 9a8b7efcd6.
2024-07-28 19:02:13 +02:00
Laura Hausmann
e9f776c7b2
[backend] Bump node-fetch version 2024-07-28 19:02:10 +02:00
Laura Hausmann
9a8b7efcd6
[backend] Improve JSON-LD context size limiter 2024-07-28 17:00:00 +02:00
Laura Hausmann
d9d6dc1b60
[backend] Limit fetched JSON-LD context size to 1MB 2024-07-28 16:17:13 +02:00
Laura Hausmann
96dce1ada0
[backend] Update summaly version 2024-07-28 16:00:22 +02:00
Laura Hausmann
91dddc439f
[sdk] Rename iceshrimp-js package to iceshrimp-sdk
This resolves possible confusion between iceshrimp-js (this project) and iceshrimp-sdk (the package)
2024-07-23 23:15:19 +02:00
Laura Hausmann
cc9bc79466
[backend] Set opts.removeOnComplete when discarding corrupt jobs (since the opts object is likely also corrupted) 2024-07-23 21:00:21 +02:00
Laura Hausmann
0d5220e505
[backend] Discard jobs with null/undefined/empty data objects; add no-op handlers for invalid queue jobs
This stops corrupted/invalid jobs from clogging up the queue. Ref: https://github.com/OptimalBits/bull/issues/2461
2024-07-23 20:47:23 +02:00
naskya
bb4f4b4b00 fix: upgrade AiScript! There are braking changes in the AiScript syntax, so existing plugins must alse be upgraded Also, I didn't include the function that can call remote servers' API (which is present in the latest Misskey)
Co-authored-by: syuilo <syuilotan@yahoo.co.jp>
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
2024-07-13 18:05:12 +03:00
Laura Hausmann
4f21fd9b91
[backend/masto-client] Fall back to full-res url if an attachment's thumbnailUrl is null
The API docs say this field is nullable, but the official android app crashes if it is set to null.
2024-07-04 03:24:40 +02:00
Laura Hausmann
e2b7d80871
[backend] Reset home timeline query heuristic after importing follows 2024-07-04 00:08:21 +02:00
Laura Hausmann
09afdeb04c
[backend] Fix build on Node 22 2024-07-03 23:51:17 +02:00
ari melody
2ebd907c47
[backend/masto-client] Add follow_requests_count to verify_credentials response 2024-07-02 22:40:25 +02:00
Laura Hausmann
08d8143386
[backend] Switch to updated summaly version which sends a more descriptive user agent
Upstream summaly is sending a user agent that just says SummalyBot, which can be mistaken as a web scraper.
2024-06-27 21:33:40 +02:00
mia
6a678b688e update sharp to 0.33.4 2024-06-16 02:16:33 -07:00
Laura Hausmann
1c6ec9ad08
[backend] Catch errors in UserRepository.userFromURI
This fixes sporadic errors during rendering of follower/following lists.
2024-06-10 18:31:50 +02:00
Laura Hausmann
d8a75cdd08
[backend] Render pinned notes as links instead of objects 2024-05-31 20:56:35 +02:00
Laura Hausmann
dfe01652f0
[backend] Fix build on node v22 2024-05-13 14:00:12 +02:00
Laura Hausmann
df5734523f
[backend] Correctly set CW on note update
Resolves: #547
2024-05-01 23:48:07 +02:00
Laura Hausmann
febb499fcb
[backend] Compact LD-signed activities against well-known context to defend against spoofing attacks 2024-04-29 16:36:58 +02:00
Laura Hausmann
dcfa69ff9d
[backend/masto-client] Fix user profile html cache not updating 2024-04-27 18:48:03 +02:00
Laura Hausmann
6f3818a8bb
[backend/masto-client] Correctly set meId in FTS query helper 2024-04-24 03:02:24 +02:00
mei23
301c754e95
[backend] Add Cache-Control to Bull Dashboard 2024-04-19 17:11:14 +02:00
Ezeani Emmanuel
3fa791d71f
[backend] Improve custom TypeORM logger with configurable logging options
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
2024-04-11 17:22:45 +02:00
Laura Hausmann
74a3375886
[backend] Add quote_id to mastodon api note responses 2024-04-10 18:21:59 +02:00
Laura Hausmann
5a30581c73
[backend] Fix autofollowedAccount being set to random (possibly non-local) users on update-meta 2024-04-08 20:39:41 +02:00
Laura Hausmann
41cb218aa8
[backend] Set X-Content-Type-Options to nosniff on the drive files endpoint 2024-03-30 13:11:15 +01:00
Laura Hausmann
cf506d3bd9
[backend] Reject anonymous objects in the AP resolver 2024-03-30 13:11:09 +01:00
Laura Hausmann
ac57c58ecf
[backend] Stricter validation of activity identifiers
This resolves a security issue that was disclosed on 2024-03-24 & patched in coordination with other affected software on 2024-03-30.
Huge thanks to Oneric for the detailed security disclosure.
2024-03-30 13:11:03 +01:00
Crimekillz
74df0b3602 Fix bug: Pass reference to Note OBJ when creating notifications for Poll Vote and Poll End so muted threads can be resolved correctly 2024-03-26 16:24:19 +01:00
Laura Hausmann
01fbd1a5c7
[backend] Fix video playback for files hosted from different origins 2024-03-18 15:34:14 +01:00
CookiLover311
ccec3e7e63 [mastodon-client] Add default reaction to /v1/instance 2024-03-01 14:25:41 +01:00
老周部落
3824767cc9 [backend] Fix resolver cannot parse some follows and notes request 2024-02-26 08:49:45 +01:00
naskya
e9ef70e272
fix (backend): check url properly
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2024-02-26 00:11:21 +01:00
Laura Hausmann
e2cff0340f
[backend] When fetching activities, specify the acceptable JSON-LD profile explicitly 2024-02-17 16:11:23 +01:00
Laura Hausmann
099ba9ce65
[backend] Enforce JSON-LD profile when fetching activities 2024-02-17 15:59:24 +01:00
Laura Hausmann
31122636d3
[backend] Fix federation for incoming note edits with an attachment that has no alt text 2024-02-17 04:04:25 +01:00
Laura Hausmann
5f6096c1b7
[backend] Verify object id host matches final URL when fetching remote activities 2024-02-16 18:42:23 +01:00
Laura Hausmann
9fc45f166c
[backend] Verify response content type when fetching remote activities 2024-02-16 18:42:22 +01:00
Laura Hausmann
129cc4408a
[mastodon-client] Register full OAuth scopes as well 2024-02-14 23:56:11 +01:00
Laura Hausmann
3399187302
[mastodon-client] Fix /v2/suggestions endpoint (undocumented API behavior strikes again) 2024-02-14 23:55:50 +01:00
Laura Hausmann
e49d168ecd
[mastodon-client] Add support for quote_id parameter when creating posts (#515) 2024-02-13 16:51:08 +01:00
Laura Hausmann
4b20ab6ad4
[backend] Fix typo in audience.ts isPublic check 2024-02-07 19:56:02 +01:00
Laura Hausmann
1378037384
[backend] Only allow author to see hidden posts 2024-02-04 20:23:42 +01:00
Laura Hausmann
f14c5ed4ef
[backend/frontend] Disable post imports for security reasons 2024-02-04 20:12:51 +01:00
Laura Hausmann
a1460503cf
Make sure unresponsive split domain instances that come back to life don't get stuck isNotResponding 2024-01-30 18:27:06 +01:00
Laura Hausmann
7ed43b76b5
Improve dead instances pruning
This fixes a couple edge cases in which inactive but working instances could be caught by the dead instances filter
2024-01-30 18:00:54 +01:00
Laura Hausmann
0d28b07203
Don't send activities to dead instances
Co-authored-by: Johann150 <johann.galle@protonmail.com>
2024-01-29 21:50:05 +01:00
Laura Hausmann
197002df8a
[backend] Fix emojis with special characters
This is an adaptation of 3968a6ca07 and ada577bde6

Co-authored-by: Johann150 <johann.galle@protonmail.com>
2024-01-04 23:55:00 +01:00