DatseMultimediaSites
/
Sharkey
mirror of https://activitypub.software/TransFem-org/Sharkey.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
28,672 Commits 55 Branches 923 Tags 253 MiB
Commit Graph

28672 Commits

Author SHA1 Message Date
Hazelnoot 4a43e1a9e9 factor out remote followers warning in SkRemoteFollowersWarning.vue 2024-11-20 22:22:30 -05:00
Hazelnoot 1ca350e45d define defult Following Feed state in following-feed-utils.ts instead of store.ts 2024-11-20 22:22:30 -05:00
Hazelnoot 38e30c0d54 allow following-feed-utils to use alternate state backends 2024-11-20 22:22:30 -05:00
Hazelnoot 38787712d9 add responsive padding to recent-notes.vue 2024-11-20 22:22:29 -05:00
Hazelnoot 0515fed92d remove unused ref from recent-notes.vue 2024-11-20 22:22:29 -05:00
Hazelnoot 1d16656b39 add `<Suspense>` to enable async components and dynamic imports under the deck UI 2024-11-20 22:22:29 -05:00
Hazelnoot ed6c781426 fix responsive breakpoint in SkUserRecentNotes 2024-11-20 22:22:29 -05:00
Hazelnoot 8cbc0761db add functions to access deck column state 2024-11-20 22:22:29 -05:00
Hazelnoot 455ccc660e allow deck column updates to be awaited 2024-11-20 22:22:29 -05:00
Hazelnoot a40b77a66b prevent the following feed from auto-selecting a user under the mobile UI 2024-11-20 22:22:29 -05:00
Hazelnoot 194bc20af1 fix type of deepMerge 2024-11-20 22:22:29 -05:00
Hazelnoot ca94959fff factor out Following Feed list into SkFollowingRecentNotes.vue 2024-11-20 22:22:29 -05:00
Julia 41536480ce merge: Bump develop version (!766) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/766
 2024-11-21 02:58:28 +00:00
Julia Johannesen 59e160147f
Bump develop version 2024-11-20 21:32:12 -05:00
Julia a38d8a91a1 merge: Fix `.punyHost` misuse (!765) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/765
 2024-11-21 02:26:43 +00:00
Julia Johannesen 6027b516e1
Fix `.punyHost` misuse 2024-11-20 21:24:35 -05:00
Julia 757d9aa5ee merge: Fix type error(s) in security fixes (!764) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/764

Approved-by: Hazelnoot <acomputerdog@gmail.com>
 2024-11-21 01:44:15 +00:00
Julia Johannesen 36af07abe2
Fix another style error 2024-11-20 20:31:22 -05:00
Julia Johannesen 23c4aa2571
Fix style error 2024-11-20 20:24:59 -05:00
Julia Johannesen 1758f29364
Fix error in test function calls 2024-11-20 20:16:43 -05:00
Julia Johannesen fa3cf6c299
Fix type error in security fixes 2024-11-20 20:06:46 -05:00
Julia 4b556efdaa merge: (re-merge) Prevent DoS from spammed media proxy requests (!763) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/763
 2024-11-21 00:40:52 +00:00
Hazelnoot b0834ebf55 prevent DoS from spammed media proxy requests 2024-11-20 19:37:38 -05:00
Julia 2234fbcb11 merge: Bump version (!762) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/762
 2024-11-21 00:23:26 +00:00
Julia Johannesen 8e90484b3e
Bump version 2024-11-20 19:21:57 -05:00
Julia 0fcb23c4c1 merge: Coordinated Security Release (!761) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/761
 2024-11-21 00:20:48 +00:00
rectcoordsystem 776f6fd1f5
fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses 2024-11-20 19:17:25 -05:00
rectcoordsystem 7b3e3f8e25
fix(backend): add isLocalAddressAllowed option to getAgentByUrl and send (HttpRequestService) 2024-11-20 19:17:25 -05:00
rectcoordsystem 360d71278a
fix(backend): lint and typecheck 2024-11-20 19:17:25 -05:00
rectcoordsystem 663c06be00
Apply suggestions from code review 
Co-authored-by: anatawa12 <anatawa12@icloud.com>
 2024-11-20 19:17:25 -05:00
rectcoordsystem 7ccccf5545
fix(backend): allow accessing private IP when testing 2024-11-20 19:17:25 -05:00
rectcoordsystem f36f4b5398
fix(backend): check target IP before sending HTTP request 2024-11-20 19:17:25 -05:00
Julia Johannesen cc4e99fdde
fix: Try using `CacheService` to avoid excess db lookups 
This isn't perfect, theoretically if some massive number of users
blocked the user making this request the set lookup could take a long
amount of time, but eh, it works, and that scenario is highly unlikely.
 2024-11-20 19:17:25 -05:00
Julia Johannesen 5764fa55cb
fix: primitives 25-33: proper local instance checks 2024-11-20 19:17:25 -05:00
Julia Johannesen 74565f67f7
fix: primitives 21, 22, and 23: reuse resolver 
This also increases the default `recursionLimit` for `Resolver`, as it
theoretically will go higher that it previously would and could possibly
fail on non-malicious collection activities.
 2024-11-20 19:17:25 -05:00
Julia Johannesen 408e782507
fix: primitive 19 & 20: respect blocks and hide more 
Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.
 2024-11-20 19:17:25 -05:00
Julia Johannesen cbf8cc376e
fix: primitive 18: `ap/get` bypasses access checks 
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
 2024-11-20 19:17:25 -05:00
Julia Johannesen c04f344049
fix: primitive 13: check attribution against actor in notes 2024-11-20 19:17:25 -05:00
Julia Johannesen b9080da75d
fix: code style for primitive 17 2024-11-20 19:17:24 -05:00
Laura Hausmann 4d925fc086
fix: primitive 17: note same-origin identifier validation can be bypassed by wrapping the id in an array 2024-11-20 19:17:24 -05:00
Laura Hausmann b74e2e9167
fix: primitive 16: improper same-origin validation for user uri and url 2024-11-20 19:17:24 -05:00
Laura Hausmann ebea1a2962
fix: primitive 15: improper same-origin validation for note uri and url 2024-11-20 19:17:24 -05:00
Julia Johannesen 4c432c07cb
fix: code style for primitive 14 2024-11-20 19:17:24 -05:00
Laura Hausmann 322b3b677f
fix: primitive 14: improper validation of outbox, followers, following & shared inbox collections 2024-11-20 19:17:24 -05:00
Julia Johannesen 1c7e05ce9e
fix: primitive 7 & 12: prevent poll spoofing 2024-11-20 19:17:24 -05:00
Laura Hausmann 9ab25ede28
fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name 2024-11-20 19:17:24 -05:00
Laura Hausmann 174dfb83d0
fix: primitive 6: reject anonymous objects that were fetched by their id 2024-11-20 19:17:24 -05:00
Laura Hausmann ad8e8793c7
fix: primitives 5 & 8: reject activities with non-string identifiers 2024-11-20 19:17:24 -05:00
Laura Hausmann 1e14612f0e
fix: primitive 4: missing same-origin identifier validation of collection-wrapped activities 2024-11-20 19:17:24 -05:00
Laura Hausmann 9090b745e6
fix: primitive 3: validation of non-final url 2024-11-20 19:17:24 -05:00