merge: release 2024.3.2 (!485)

View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/485

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
This commit is contained in:
Amelia Yukii 2024-03-30 11:19:08 +00:00
commit 571272a564
25 changed files with 270 additions and 119 deletions

View File

@ -1,38 +1,36 @@
# Contribution guide # Contribution guide
We're glad you're interested in contributing Misskey! In this document you will find the information you need to contribute to the project. We're glad you're interested in contributing to Sharkey! In this document you will find the information you need to contribute to the project.
> **Note**
> This project uses Japanese as its major language, **but you do not need to translate and write the Issues/PRs in Japanese.**
> Also, you might receive comments on your Issue/PR in Japanese, but you do not need to reply to them in Japanese as well.\
> The accuracy of machine translation into Japanese is not high, so it will be easier for us to understand if you write it in the original language.
> It will also allow the reader to use the translation tool of their preference if necessary.
## Roadmap ## Roadmap
See [ROADMAP.md](./ROADMAP.md) See [ROADMAP.md](./ROADMAP.md) for the upstream Misskey roadmap.
## Issues ## Issues
Before creating an issue, please check the following: Before creating an issue, please check the following:
- To avoid duplication, please search for similar issues before creating a new issue. - To avoid duplication, please search for similar issues before creating a new issue.
- Do not use Issues to ask questions or troubleshooting. - Do not use Issues to ask questions or troubleshooting.
- Issues should only be used to feature requests, suggestions, and bug tracking. - Issues should only be used to feature requests, suggestions, and bug tracking.
- Please ask questions or troubleshooting in [GitHub Discussions](https://github.com/misskey-dev/misskey/discussions) or [Discord](https://discord.gg/Wp8gVStHW3). - Please ask questions or troubleshooting in [Discord](https://discord.gg/6VgKmEqHNk).
> **Warning** > **Warning**
> Do not close issues that are about to be resolved. It should remain open until a commit that actually resolves it is merged. > Do not close issues that are about to be resolved. It should remain open until a commit that actually resolves it is merged.
## Before implementation ## Before implementation
When you want to add a feature or fix a bug, **first have the design and policy reviewed in an Issue** (if it is not there, please make one). Without this step, there is a high possibility that the PR will not be merged even if it is implemented. When you want to add a feature or fix a bug, *please open an issue*,
don't just start writing code. We may suggest different approaches, or
show that the "bug" is actually intended behaviour (and offer
work-arounds), or maybe we won't be able to merge your new feature
because it would make it too hard to incorporate future changes from
Misskey. Each of these examples have actually happened!
At this point, you also need to clarify the goals of the PR you will create, and make sure that the other members of the team are aware of them. On the other hand, it's very likely that we'll tell you "go
PRs that do not have a clear set of do's and don'ts tend to be bloated and difficult to review. ahead!". We try our best to incorporate improvements from our users!
Also, when you start implementation, assign yourself to the Issue (if you cannot do it yourself, ask another member to assign you). By expressing your intention to work the Issue, you can prevent conflicts in the work. Also, when you start implementation, assign yourself to the Issue (if you cannot do it yourself, ask another member to assign you). By expressing your intention to work the Issue, you can prevent conflicts in the work.
## Well-known branches ## Well-known branches
- **`master`** branch is tracking the latest release and used for production purposes. - **`stable`** branch is tracking the latest release and used for production purposes.
- **`develop`** branch is where we work for the next release. - **`develop`** branch is where we work for the next release.
- When you create a PR, basically target it to this branch. - When you create a PR, basically target it to this branch.
- **`l10n_develop`** branch is reserved for localization management.
## Creating a PR ## Creating a PR
Thank you for your PR! Before creating a PR, please check the following: Thank you for your PR! Before creating a PR, please check the following:
@ -40,7 +38,7 @@ Thank you for your PR! Before creating a PR, please check the following:
- `fix` / `refactor` / `feat` / `enhance` / `perf` / `chore` etc - `fix` / `refactor` / `feat` / `enhance` / `perf` / `chore` etc
- Also, make sure that the granularity of this PR is appropriate. Please do not include more than one type of change or interest in a single PR. - Also, make sure that the granularity of this PR is appropriate. Please do not include more than one type of change or interest in a single PR.
- If there is an Issue which will be resolved by this PR, please include a reference to the Issue in the text. - If there is an Issue which will be resolved by this PR, please include a reference to the Issue in the text.
- Please add the summary of the changes to [`CHANGELOG.md`](/CHANGELOG.md). However, this is not necessary for changes that do not affect the users, such as refactoring. - Please add the summary of the changes to [`CHANGELOG.md`](CHANGELOG.md). However, this is not necessary for changes that do not affect the users, such as refactoring.
- Check if there are any documents that need to be created or updated due to this change. - Check if there are any documents that need to be created or updated due to this change.
- If you have added a feature or fixed a bug, please add a test case if possible. - If you have added a feature or fixed a bug, please add a test case if possible.
- Please make sure that tests and Lint are passed in advance. - Please make sure that tests and Lint are passed in advance.
@ -66,26 +64,19 @@ Be willing to comment on the good points and not just the things you want fixed
- Are there any omissions or gaps? - Are there any omissions or gaps?
- Does it check for anomalies? - Does it check for anomalies?
## Deploy
The `/deploy` command by issue comment can be used to deploy the contents of a PR to the preview environment.
```
/deploy sha=<commit hash>
```
An actual domain will be assigned so you can test the federation.
## Merge ## Merge
## Release ## Release
### Release Instructions ### Release Instructions
1. Commit version changes in the `develop` branch ([package.json](https://github.com/misskey-dev/misskey/blob/develop/package.json)) 1. Commit version changes in the `develop` branch ([package.json](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/package.json))
2. Create a release PR. 2. Create a release PR.
- Into `master` from `develop` branch. - Into `stable` from `develop` branch.
- The title must be in the format `Release: x.y.z`. - The title must be in the format `Release: x.y.z`.
- `x.y.z` is the new version you are trying to release. - `x.y.z` is the new version you are trying to release.
3. Deploy and perform a simple QA check. Also verify that the tests passed. 3. Deploy and perform a simple QA check. Also verify that the tests passed.
4. Merge it. (Do not squash commit) 4. Merge it. (Do not squash commit)
5. Create a [release of GitHub](https://github.com/misskey-dev/misskey/releases) 5. Create a [release](https://activitypub.software/TransFem-org/Sharkey/-/releases)
- The target branch must be `master` - The target branch must be `stable`
- The tag name must be the version - The tag name must be the version
> **Note** > **Note**
@ -156,7 +147,7 @@ pnpm dev
``` ```
## Testing ## Testing
- Test codes are located in [`/packages/backend/test`](/packages/backend/test). - Test codes are located in [`/packages/backend/test`](packages/backend/test).
### Run test ### Run test
Create a config file. Create a config file.
@ -188,8 +179,8 @@ TODO
- `MISSKEY_WEBFINGER_USE_HTTP`: If it's set true, WebFinger requests will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION. - `MISSKEY_WEBFINGER_USE_HTTP`: If it's set true, WebFinger requests will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION.
## Continuous integration ## Continuous integration
Misskey uses GitHub Actions for executing automated tests. Sharkey uses GitLab CI for executing automated tests.
Configuration files are located in [`/.github/workflows`](/.github/workflows). Configuration files are located in [`/.gitlab-ci.yml`](.gitlab-ci.yml).
## Vue ## Vue
Misskey uses Vue(v3) as its front-end framework. Misskey uses Vue(v3) as its front-end framework.
@ -455,3 +446,30 @@ marginはそのコンポーネントを使う側が設定する
### indexというファイル名を使うな ### indexというファイル名を使うな
ESMではディレクトリインポートは廃止されているのと、ディレクトリインポートせずともファイル名が index だと何故か一部のライブラリ?でディレクトリインポートだと見做されてエラーになる ESMではディレクトリインポートは廃止されているのと、ディレクトリインポートせずともファイル名が index だと何故か一部のライブラリ?でディレクトリインポートだと見做されてエラーになる
## Merging from Misskey into Sharkey
Make sure you have both remotes in the same clone (`git remote add misskey
https://github.com/misskey-dev/misskey.git`), then:
git remote update
git checkout develop # this is Sharkey's develop
git checkout -m merge/$(date +%Y-%m-%d) # or whatever
git merge --no-ff misskey/develop
fix conflicts and *commit*!
*after that commit*, do all the extra work, on the same branch:
* copy all changes:
* from `NoteCreateService.create` to `NoteCreateService.import` (and
vice versa if `git` got confused!)
* from `NoteCreateService` to `NoteEditService`
* from `ApNoteService.createNote` to `ApNoteService.updateNote`
* from `endoints/notes/create.ts` to `endoints/notes/edit.ts`
* from `MkNote*` to `SkNote*` (if sensible)
* run tests `pnpm test` and fix as much as you can
* run lint `pnpm --filter=backend lint` + `pnpm --filter=frontend
eslint` and fix as much as you can
Then push and open a Merge Request.

View File

@ -4,10 +4,6 @@ ARG NODE_VERSION=20.10.0-alpine3.18
FROM node:${NODE_VERSION} as build FROM node:${NODE_VERSION} as build
RUN corepack enable
WORKDIR /sharkey
RUN apk add git linux-headers build-base RUN apk add git linux-headers build-base
ENV PYTHONUNBUFFERED=1 ENV PYTHONUNBUFFERED=1
@ -15,55 +11,70 @@ RUN apk add --update python3 && ln -sf python3 /usr/bin/python
RUN python3 -m ensurepip RUN python3 -m ensurepip
RUN pip3 install --no-cache --upgrade pip setuptools RUN pip3 install --no-cache --upgrade pip setuptools
COPY . ./ RUN corepack enable
WORKDIR /sharkey
COPY --link . ./
RUN git submodule update --init --recursive RUN git submodule update --init --recursive
RUN pnpm config set fetch-retries 5 RUN pnpm config set fetch-retries 5
RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
pnpm i pnpm i --frozen-lockfile --aggregate-output
RUN pnpm build RUN pnpm build
RUN node scripts/trim-deps.mjs RUN node scripts/trim-deps.mjs
RUN mv packages/frontend/assets sharkey-assets RUN mv packages/frontend/assets sharkey-assets
RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
pnpm prune
RUN rm -r node_modules packages/frontend packages/sw RUN rm -r node_modules packages/frontend packages/sw
RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
pnpm i --prod pnpm i --prod --frozen-lockfile --aggregate-output
RUN rm -rf .git RUN rm -rf .git
FROM node:${NODE_VERSION} FROM node:${NODE_VERSION}
ARG UID="991"
ARG GID="991"
RUN apk add ffmpeg tini jemalloc \
&& corepack enable \
&& addgroup -g "${GID}" sharkey \
&& adduser -D -u "${UID}" -G sharkey -h /sharkey sharkey \
&& find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; \
&& find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \;
USER sharkey
WORKDIR /sharkey WORKDIR /sharkey
RUN apk add ffmpeg tini COPY --chown=sharkey:sharkey --from=build /sharkey/node_modules ./node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/built ./built
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/built ./packages/backend/built
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib
COPY --chown=sharkey:sharkey --from=build /sharkey/fluent-emojis ./fluent-emojis
COPY --chown=sharkey:sharkey --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist
COPY --chown=sharkey:sharkey --from=build /sharkey/sharkey-assets ./packages/frontend/assets
COPY --from=build /sharkey/built ./built COPY --chown=sharkey:sharkey package.json ./package.json
COPY --from=build /sharkey/node_modules ./node_modules COPY --chown=sharkey:sharkey pnpm-workspace.yaml ./pnpm-workspace.yaml
COPY --from=build /sharkey/packages/backend/built ./packages/backend/built COPY --chown=sharkey:sharkey packages/backend/package.json ./packages/backend/package.json
COPY --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules COPY --chown=sharkey:sharkey packages/backend/check_connect.js ./packages/backend/check_connect.js
COPY --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib COPY --chown=sharkey:sharkey packages/backend/ormconfig.js ./packages/backend/ormconfig.js
COPY --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules COPY --chown=sharkey:sharkey packages/backend/migration ./packages/backend/migration
COPY --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built COPY --chown=sharkey:sharkey packages/backend/assets ./packages/backend/assets
COPY --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules COPY --chown=sharkey:sharkey packages/megalodon/package.json ./packages/megalodon/package.json
COPY --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built COPY --chown=sharkey:sharkey packages/misskey-js/package.json ./packages/misskey-js/package.json
COPY --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules COPY --chown=sharkey:sharkey packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json
COPY --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built COPY --chown=sharkey:sharkey packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json
COPY --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules
COPY --from=build /sharkey/fluent-emojis ./fluent-emojis
COPY --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist
COPY --from=build /sharkey/sharkey-assets ./packages/frontend/assets
COPY package.json ./package.json
COPY pnpm-workspace.yaml ./pnpm-workspace.yaml
COPY packages/backend/package.json ./packages/backend/package.json
COPY packages/backend/check_connect.js ./packages/backend/check_connect.js
COPY packages/backend/ormconfig.js ./packages/backend/ormconfig.js
COPY packages/backend/migration ./packages/backend/migration
COPY packages/backend/assets ./packages/backend/assets
COPY packages/megalodon/package.json ./packages/megalodon/package.json
COPY packages/misskey-js/package.json ./packages/misskey-js/package.json
COPY packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json
COPY packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json
ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2
ENV NODE_ENV=production ENV NODE_ENV=production
RUN corepack enable
ENTRYPOINT ["/sbin/tini", "--"] ENTRYPOINT ["/sbin/tini", "--"]
CMD ["pnpm", "run", "migrateandstart"] CMD ["pnpm", "run", "migrateandstart"]

View File

@ -6,8 +6,11 @@ When using a service with Sharkey, there are several important points to keep in
2. Even for posts made in private, there is no guarantee that the recipient's server will treat them as private in the same way. Please exercise caution when posting personal or confidential information. (Again, this applies to the internet in general.) 2. Even for posts made in private, there is no guarantee that the recipient's server will treat them as private in the same way. Please exercise caution when posting personal or confidential information. (Again, this applies to the internet in general.)
3. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account. 3. The "Drive" feature is NOT secure cloud storage. This feature exists for easier managing of your uploaded files.
Any data uploaded, whether shared via post or not, will be publicly accessible. Please use 3rd party cloud storage providers if you need to upload data with sensitive information of any kind.
4. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey. 4. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
5. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
Please understand these points and enjoy using the service. Please understand these points and enjoy using the service.

View File

@ -134,7 +134,7 @@ overwriteFromPinnedEmojis: "Override from general settings"
reactionSettingDescription2: "Drag to reorder, click to delete, press \"+\" to add." reactionSettingDescription2: "Drag to reorder, click to delete, press \"+\" to add."
rememberNoteVisibility: "Remember note visibility settings" rememberNoteVisibility: "Remember note visibility settings"
attachCancel: "Remove attachment" attachCancel: "Remove attachment"
deleteFile: "File deleted" deleteFile: "Delete file"
markAsSensitive: "Mark as sensitive" markAsSensitive: "Mark as sensitive"
unmarkAsSensitive: "Unmark as sensitive" unmarkAsSensitive: "Unmark as sensitive"
enterFileName: "Enter filename" enterFileName: "Enter filename"

View File

@ -1,6 +1,6 @@
{ {
"name": "sharkey", "name": "sharkey",
"version": "2024.3.1", "version": "2024.3.2",
"codename": "shonk", "codename": "shonk",
"repository": { "repository": {
"type": "git", "type": "git",

View File

@ -0,0 +1,16 @@
/*
* SPDX-FileCopyrightText: dakkar and other Sharkey contributors
* SPDX-License-Identifier: AGPL-3.0-only
*/
export class MoreRepoUrl1709462550083 {
name = 'MoreRepoUrl1709462550083'
async up(queryRunner) {
await queryRunner.query(`UPDATE "meta" SET "repositoryUrl"=DEFAULT WHERE "repositoryUrl" IN ('https://git.joinfirefish.org/firefish/firefish','https://codeberg/firefish/firefish','https://codeberg.org/calckey/calckey','https://iceshrimp.dev/iceshrimp/iceshrimp')`);
await queryRunner.query(`UPDATE "meta" SET "feedbackUrl"=DEFAULT WHERE "feedbackUrl" IN ('https://git.joinfirefish.org/firefish/firefish/issues','https://codeberg/firefish/firefish/issues','https://codeberg.org/calckey/calckey/firefish/firefish/issues','https://iceshrimp.dev/iceshrimp/iceshrimp/issues/new','https://iceshrimp.dev/iceshrimp/iceshrimp/issues')`);
}
async down(queryRunner) {
}
}

View File

@ -11,7 +11,11 @@ export default new DataSource({
username: config.db.user, username: config.db.user,
password: config.db.pass, password: config.db.pass,
database: config.db.db, database: config.db.db,
extra: config.db.extra, extra: {
...config.db.extra,
// migrations may be very slow, give them longer to run (that 10*1000 comes from postgres.ts)
statement_timeout: (config.db.extra?.statement_timeout ?? 1000 * 10) * 10,
},
entities: entities, entities: entities,
migrations: ['migration/*.js'], migrations: ['migration/*.js'],
}); });

View File

@ -15,6 +15,7 @@ import type { Config } from '@/config.js';
import { StatusError } from '@/misc/status-error.js'; import { StatusError } from '@/misc/status-error.js';
import { bindThis } from '@/decorators.js'; import { bindThis } from '@/decorators.js';
import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js'; import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
import type { IObject } from '@/core/activitypub/type.js'; import type { IObject } from '@/core/activitypub/type.js';
import type { Response } from 'node-fetch'; import type { Response } from 'node-fetch';
import type { URL } from 'node:url'; import type { URL } from 'node:url';
@ -125,7 +126,12 @@ export class HttpRequestService {
validators: [validateContentTypeSetAsActivityPub], validators: [validateContentTypeSetAsActivityPub],
}); });
return await res.json() as IObject; const finalUrl = res.url; // redirects may have been involved
const activity = await res.json() as IObject;
assertActivityMatchesUrls(activity, [url, finalUrl]);
return activity;
} }
@bindThis @bindThis

View File

@ -266,6 +266,16 @@ export class NoteCreateService implements OnApplicationShutdown {
} }
} }
const hasProhibitedWords = await this.checkProhibitedWordsContain({
cw: data.cw,
text: data.text,
pollChoices: data.poll?.choices,
}, meta.prohibitedWords);
if (hasProhibitedWords) {
throw new IdentifiableError('689ee33f-f97c-479a-ac49-1b9f8140af99', 'Note contains prohibited words');
}
const inSilencedInstance = this.utilityService.isSilencedHost(meta.silencedHosts, user.host); const inSilencedInstance = this.utilityService.isSilencedHost(meta.silencedHosts, user.host);
if (data.visibility === 'public' && inSilencedInstance && user.host !== null) { if (data.visibility === 'public' && inSilencedInstance && user.host !== null) {
@ -299,7 +309,7 @@ export class NoteCreateService implements OnApplicationShutdown {
} }
// Check blocking // Check blocking
if (data.renote && data.text == null && data.poll == null && (data.files == null || data.files.length === 0)) { if (data.renote && !this.isQuote(data)) {
if (data.renote.userHost === null) { if (data.renote.userHost === null) {
if (data.renote.userId !== user.id) { if (data.renote.userId !== user.id) {
const blocked = await this.userBlockingService.checkBlocked(data.renote.userId, user.id); const blocked = await this.userBlockingService.checkBlocked(data.renote.userId, user.id);

View File

@ -86,7 +86,7 @@ export class UtilityService {
@bindThis @bindThis
public extractDbHost(uri: string): string { public extractDbHost(uri: string): string {
const url = new URL(uri); const url = new URL(uri);
return this.toPuny(url.hostname); return this.toPuny(url.host);
} }
@bindThis @bindThis
@ -99,4 +99,11 @@ export class UtilityService {
if (host == null) return null; if (host == null) return null;
return toASCII(host.toLowerCase()); return toASCII(host.toLowerCase());
} }
@bindThis
public punyHost(url: string): string {
const urlObj = new URL(url);
const host = `${this.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`;
return host;
}
} }

View File

@ -14,7 +14,9 @@ import { HttpRequestService } from '@/core/HttpRequestService.js';
import { LoggerService } from '@/core/LoggerService.js'; import { LoggerService } from '@/core/LoggerService.js';
import { bindThis } from '@/decorators.js'; import { bindThis } from '@/decorators.js';
import type Logger from '@/logger.js'; import type Logger from '@/logger.js';
import type { IObject } from './type.js';
import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js'; import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
type Request = { type Request = {
url: string; url: string;
@ -201,6 +203,11 @@ export class ApRequestService {
validators: [validateContentTypeSetAsActivityPub], validators: [validateContentTypeSetAsActivityPub],
}); });
return await res.json(); const finalUrl = res.url; // redirects may have been involved
const activity = await res.json() as IObject;
assertActivityMatchesUrls(activity, [url, finalUrl]);
return activity;
} }
} }

View File

@ -115,6 +115,14 @@ export class Resolver {
throw new Error('invalid response'); throw new Error('invalid response');
} }
// HttpRequestService / ApRequestService have already checked that
// `object.id` or `object.url` matches the URL used to fetch the
// object after redirects; here we double-check that no redirects
// bounced between hosts
if (object.id && (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value))) {
throw new Error(`invalid AP object ${value}: id ${object.id} has different host`);
}
return object; return object;
} }

View File

@ -0,0 +1,19 @@
/*
* SPDX-FileCopyrightText: dakkar and sharkey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import type { IObject } from '../type.js';
export function assertActivityMatchesUrls(activity: IObject, urls: string[]) {
const idOk = activity.id !== undefined && urls.includes(activity.id);
// technically `activity.url` could be an `ApObject = IObject |
// string | (IObject | string)[]`, but if it's a complicated thing
// and the `activity.id` doesn't match, I think we're fine
// rejecting the activity
const urlOk = typeof(activity.url) === 'string' && urls.includes(activity.url);
if (!idOk && !urlOk) {
throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${activity?.url}) match location(${urls})`);
}
}

View File

@ -127,12 +127,6 @@ export class ApPersonService implements OnModuleInit {
this.logger = this.apLoggerService.logger; this.logger = this.apLoggerService.logger;
} }
private punyHost(url: string): string {
const urlObj = new URL(url);
const host = `${this.utilityService.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`;
return host;
}
/** /**
* Validate and convert to actor object * Validate and convert to actor object
* @param x Fetched object * @param x Fetched object
@ -140,7 +134,7 @@ export class ApPersonService implements OnModuleInit {
*/ */
@bindThis @bindThis
private validateActor(x: IObject, uri: string): IActor { private validateActor(x: IObject, uri: string): IActor {
const expectHost = this.punyHost(uri); const expectHost = this.utilityService.punyHost(uri);
if (!isActor(x)) { if (!isActor(x)) {
throw new Error(`invalid Actor type '${x.type}'`); throw new Error(`invalid Actor type '${x.type}'`);
@ -154,6 +148,19 @@ export class ApPersonService implements OnModuleInit {
throw new Error('invalid Actor: wrong inbox'); throw new Error('invalid Actor: wrong inbox');
} }
if (this.utilityService.punyHost(x.inbox) !== expectHost) {
throw new Error('invalid Actor: inbox has different host');
}
for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) {
const collectionUri = (x as IActor)[collection];
if (typeof collectionUri === 'string' && collectionUri.length > 0) {
if (this.utilityService.punyHost(collectionUri) !== expectHost) {
throw new Error(`invalid Actor: ${collection} has different host`);
}
}
}
if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) { if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) {
throw new Error('invalid Actor: wrong username'); throw new Error('invalid Actor: wrong username');
} }
@ -177,7 +184,7 @@ export class ApPersonService implements OnModuleInit {
x.summary = truncate(x.summary, summaryLength); x.summary = truncate(x.summary, summaryLength);
} }
const idHost = this.punyHost(x.id); const idHost = this.utilityService.punyHost(x.id);
if (idHost !== expectHost) { if (idHost !== expectHost) {
throw new Error('invalid Actor: id has different host'); throw new Error('invalid Actor: id has different host');
} }
@ -187,7 +194,7 @@ export class ApPersonService implements OnModuleInit {
throw new Error('invalid Actor: publicKey.id is not a string'); throw new Error('invalid Actor: publicKey.id is not a string');
} }
const publicKeyIdHost = this.punyHost(x.publicKey.id); const publicKeyIdHost = this.utilityService.punyHost(x.publicKey.id);
if (publicKeyIdHost !== expectHost) { if (publicKeyIdHost !== expectHost) {
throw new Error('invalid Actor: publicKey.id has different host'); throw new Error('invalid Actor: publicKey.id has different host');
} }
@ -286,7 +293,7 @@ export class ApPersonService implements OnModuleInit {
this.logger.info(`Creating the Person: ${person.id}`); this.logger.info(`Creating the Person: ${person.id}`);
const host = this.punyHost(object.id); const host = this.utilityService.punyHost(object.id);
const fields = this.analyzeAttachments(person.attachment ?? []); const fields = this.analyzeAttachments(person.attachment ?? []);

View File

@ -113,8 +113,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
@bindThis @bindThis
private async fetchAny(uri: string, me: MiLocalUser | null | undefined): Promise<SchemaType<typeof meta['res']> | null> { private async fetchAny(uri: string, me: MiLocalUser | null | undefined): Promise<SchemaType<typeof meta['res']> | null> {
// ブロックしてたら中断 // ブロックしてたら中断
const host = this.utilityService.extractDbHost(uri);
const fetchedMeta = await this.metaService.fetch(); const fetchedMeta = await this.metaService.fetch();
if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, this.utilityService.extractDbHost(uri))) return null; if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, host)) return null;
let local = await this.mergePack(me, ...await Promise.all([ let local = await this.mergePack(me, ...await Promise.all([
this.apDbResolverService.getUserFromApId(uri), this.apDbResolverService.getUserFromApId(uri),
@ -122,6 +123,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
])); ]));
if (local != null) return local; if (local != null) return local;
// local object, not found in db? fail
if (this.utilityService.isSelfHost(host)) return null;
// リモートから一旦オブジェクトフェッチ // リモートから一旦オブジェクトフェッチ
const resolver = this.apResolverService.createResolver(); const resolver = this.apResolverService.createResolver();
const object = await resolver.resolve(uri) as any; const object = await resolver.resolve(uri) as any;

View File

@ -43,6 +43,7 @@ export async function signout() {
waiting(); waiting();
miLocalStorage.removeItem('account'); miLocalStorage.removeItem('account');
await removeAccount($i.id); await removeAccount($i.id);
document.cookie = `token=; path=/; max-age=0${ location.protocol === 'https:' ? '; Secure' : ''}`;
const accounts = await getAccounts(); const accounts = await getAccounts();
//#region Remove service worker registration //#region Remove service worker registration
@ -200,7 +201,7 @@ export async function login(token: Account['token'], redirect?: string) {
throw reason; throw reason;
}); });
miLocalStorage.setItem('account', JSON.stringify(me)); miLocalStorage.setItem('account', JSON.stringify(me));
document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う document.cookie = `token=${token}; path=/; max-age=31536000${ location.protocol === 'https:' ? '; Secure' : ''}`; // bull dashboardの認証とかで使う
await addAccount(me.id, token); await addAccount(me.id, token);
if (redirect) { if (redirect) {

View File

@ -73,7 +73,7 @@ export async function mainBoot() {
mainRouter.push('/search'); mainRouter.push('/search');
}, },
}; };
try {
if (defaultStore.state.enableSeasonalScreenEffect) { if (defaultStore.state.enableSeasonalScreenEffect) {
const month = new Date().getMonth() + 1; const month = new Date().getMonth() + 1;
if (defaultStore.state.hemisphere === 'S') { if (defaultStore.state.hemisphere === 'S') {
@ -95,6 +95,10 @@ export async function mainBoot() {
} }
} }
} }
} catch (error) {
// console.error(error);
console.error('Failed to initialise the seasonal screen effect canvas context:', error);
}
if ($i) { if ($i) {
// only add post shortcuts if logged in // only add post shortcuts if logged in

View File

@ -72,12 +72,16 @@ watch(() => props.lang, (to) => {
</script> </script>
<style module lang="scss"> <style module lang="scss">
.codeBlockRoot {
text-align: left;
}
.codeBlockRoot :global(.shiki) > code { .codeBlockRoot :global(.shiki) > code {
counter-reset: step; counter-reset: step;
counter-increment: step 0; counter-increment: step 0;
} }
.codeBlockRoot :global(.shiki) > code > .line::before { .codeBlockRoot :global(.shiki) > code > span::before {
content: counter(step); content: counter(step);
counter-increment: step; counter-increment: step;
width: 1rem; width: 1rem;

View File

@ -20,7 +20,7 @@
worker-src 'self'; worker-src 'self';
script-src 'self' 'unsafe-eval' https://*.hcaptcha.com https://challenges.cloudflare.com; script-src 'self' 'unsafe-eval' https://*.hcaptcha.com https://challenges.cloudflare.com;
style-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';
img-src 'self' data: blob: www.google.com xn--931a.moe launcher.moe localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000; img-src 'self' data: blob: www.google.com xn--931a.moe launcher.moe localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000 activitypub.software secure.gravatar.com avatars.githubusercontent.com;
media-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000; media-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000;
connect-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000 https://newassets.hcaptcha.com; connect-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000 https://newassets.hcaptcha.com;
frame-src *;" frame-src *;"

View File

@ -77,14 +77,34 @@ SPDX-License-Identifier: AGPL-3.0-only
<FormSection> <FormSection>
<template #label>{{ i18n.ts._aboutMisskey.projectMembers }}</template> <template #label>{{ i18n.ts._aboutMisskey.projectMembers }}</template>
<div :class="$style.contributors" style="margin-bottom: 8px;"> <div :class="$style.contributors" style="margin-bottom: 8px;">
<a href="https://activitypub.software/Marie" target="_blank" :class="$style.contributor">
<img src="https://activitypub.software/uploads/-/system/user/avatar/2/avatar.png?width=128" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@Marie</span>
</a>
<a href="https://activitypub.software/Amelia" target="_blank" :class="$style.contributor"> <a href="https://activitypub.software/Amelia" target="_blank" :class="$style.contributor">
<img src="https://activitypub.software/uploads/-/system/user/avatar/1/avatar.png?width=128" :class="$style.contributorAvatar"> <img src="https://activitypub.software/uploads/-/system/user/avatar/1/avatar.png?width=128" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@Amelia</span> <span :class="$style.contributorUsername">@Amelia</span>
</a> </a>
<a href="https://activitypub.software/dakkar" target="_blank" :class="$style.contributor">
<img src="https://secure.gravatar.com/avatar/c71b315eed7c63ff94c42b1b3e8dbad1?s=192&d=identicon" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@dakkar</span>
</a>
<a href="https://activitypub.software/esm" target="_blank" :class="$style.contributor">
<img src="https://secure.gravatar.com/avatar/00fd054610e2a9dcf97a2aa661b168d0?s=192&d=identicon" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@esm</span>
</a>
<a href="https://activitypub.software/supakaity" target="_blank" :class="$style.contributor">
<img src="https://activitypub.software/uploads/-/system/user/avatar/65/avatar.png?width=40" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@supakaity</span>
</a>
<a href="https://activitypub.software/julia" target="_blank" :class="$style.contributor">
<img src="https://activitypub.software/uploads/-/system/user/avatar/41/avatar.png?width=40" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@julia</span>
</a>
<a href="https://activitypub.software/Leah" target="_blank" :class="$style.contributor">
<img src="https://secure.gravatar.com/avatar/3b35b921b284ccfd1fe348508f6f705b?s=80&d=identicon" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@Leah</span>
</a>
<a href="https://activitypub.software/fEmber" target="_blank" :class="$style.contributor">
<img src="https://secure.gravatar.com/avatar/ea0ea6451fdb74311efad369bdce018e?s=80&d=identicon" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@fEmber</span>
</a>
</div> </div>
<template #caption><MkLink url="https://activitypub.software/TransFem-org/Sharkey/-/graphs/develop">{{ i18n.ts._aboutMisskey.allContributors }}</MkLink></template> <template #caption><MkLink url="https://activitypub.software/TransFem-org/Sharkey/-/graphs/develop">{{ i18n.ts._aboutMisskey.allContributors }}</MkLink></template>
</FormSection> </FormSection>

View File

@ -85,7 +85,7 @@ async function search() {
if (query == null || query === '') return; if (query == null || query === '') return;
if (query.startsWith('https://')) { if (query.startsWith('http://') || query.startsWith('https://')) {
const promise = misskeyApi('ap/show', { const promise = misskeyApi('ap/show', {
uri: query, uri: query,
}); });

View File

@ -48,7 +48,7 @@ async function search() {
if (query == null || query === '') return; if (query == null || query === '') return;
if (query.startsWith('https://')) { if (query.startsWith('http://') || query.startsWith('https://')) {
const promise = misskeyApi('ap/show', { const promise = misskeyApi('ap/show', {
uri: query, uri: query,
}); });

View File

@ -40,7 +40,7 @@ const isScrolling = ref(false);
const scrollEl = shallowRef<HTMLElement>(); const scrollEl = shallowRef<HTMLElement>();
misskeyApiGet('notes/featured').then(_notes => { misskeyApiGet('notes/featured').then(_notes => {
notes.value = _notes; notes.value = _notes.filter(n => n.cw == null);
}); });
onUpdated(() => { onUpdated(() => {

View File

@ -28,7 +28,7 @@ export async function lookup(router?: Router) {
return; return;
} }
if (query.startsWith('https://')) { if (query.startsWith('http://') || query.startsWith('https://')) {
const promise = misskeyApi('ap/show', { const promise = misskeyApi('ap/show', {
uri: query, uri: query,
}); });

View File

@ -155,7 +155,9 @@ export class SnowfallEffect {
max: 0.125, max: 0.125,
easing: 0.0005, easing: 0.0005,
}; };
/**
* @throws {Error} - Thrown when it fails to get WebGL context for the canvas
*/
constructor(options: { constructor(options: {
sakura?: boolean; sakura?: boolean;
}) { }) {