Commit Graph

8 Commits

Author SHA1 Message Date
Chocolate Pie 82822e29d9
Merge pull request from GHSA-7pxq-6xx9-xpgm
* fix: fix improper authorization when accessing with third-party application

* refactor: refactor type definitions

* fix: get rid of unnecessary access limitation

* enhance: サードパーティアプリケーションがWebsocket APIを使えるように

* fix: add missing parentheses

* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"

This reverts commit 5150053275.

* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする

* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加

* enhance(test): Websocket APIに対するテストも追加

* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合

* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正

* enhance(backend): Websocketの接続に最低限必要な権限を変更

* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように

* fix(backend): エンドポイントにアクセスするために必要な権限を変更

* fix(frontend/locale): Add missing type declaration

* chore: update `misskey-js/src/autogen`

---------

Co-authored-by: tamaina <tamaina@hotmail.co.jp>
2023-12-28 09:45:54 +01:00
Kagami Sascha Rosylight eb7b5f905a
feat(backend): support OAuth 2.0 authorization (#11053)
* feat(backend): support OAuth 2.0 authorization

* secureRndstr fix

* nanndekowareta

* nanndekowareta2

* nanndekowareta3

* unref?

* refactor to not close fastify

* use microformats-parser

* Update OAuth2ProviderService.ts

* clarify the reason behind dns lookup

* refactor(backend): use @types/oauth2orize-pkce (#11350)

* refactor(backend): use @types/oauth2orize-pkce

* Update package.json

* Update pnpm-lock.yaml

---------

Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>

---------

Co-authored-by: mtgto <hogerappa@gmail.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2023-07-27 18:51:58 +09:00
Shun Sakai c2370a1be6
chore: 著作権とライセンスについての情報を各ファイルに追加する (#11348)
* chore: Add the SPDX information to each file

Add copyright and licensing information as defined in version 3.0 of
the REUSE Specification.

* tweak format

---------

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2023-07-27 14:31:52 +09:00
Kagami Sascha Rosylight 1b1f82a2e2
feat(backend): accept OAuth bearer token (#11052)
* feat(backend): accept OAuth bearer token

* refactor

* Update packages/backend/src/server/api/ApiCallService.ts

Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>

* Update packages/backend/src/server/api/ApiCallService.ts

Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>

* fix

* kind: permission for account moved error

* also for suspended error

* Update packages/backend/src/server/api/StreamingApiServerService.ts

Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>

---------

Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2023-06-28 13:37:13 +09:00
Kagami Sascha Rosylight d23ad8b511
fix(backend): APIエラーのHTTP status code変更 (#11047) 2023-06-26 10:09:12 +09:00
Kagami Sascha Rosylight 7bb8c71543
chore(backend, misskey-js): add type for signup (#11043)
* chore(backend, misskey-js): add type for signup

* rerun
2023-06-25 08:34:18 +09:00
syuilo a43398ce1d refactor(test): rename variable for INestApplicationContext 2023-03-12 20:57:01 +09:00
Kagami Sascha Rosylight 61215e50ff
test(backend): APIテストの復活 (#10163)
* Revert 1c5291f818

* APIテストの復活

* apiテストの移行

* moduleNameMapper修正

* simpleGetでthrowしないように

status確認しているので要らない

* longer timeout

* ローカルでは問題ないのになんで

* case sensitive

* Run Nest instance within the current process

* Skip some setIntervals

* wait for 5 seconds

* kill them all!!

* logHeapUsage: true

* detectOpenHandlesがじゃましているらしい

* maxWorkers=1?

* restore drive api tests

* workerIdleMemoryLimit: 500MB

* 1024MiB

* Wait what
2023-03-03 11:13:12 +09:00
Renamed from packages/backend/test/_e2e/api.ts (Browse further)