Chocolate Pie
c96bc36fed
Merge pull request from GHSA-7pxq-6xx9-xpgm
...
* fix: fix improper authorization when accessing with third-party application
* refactor: refactor type definitions
* fix: get rid of unnecessary access limitation
* enhance: サードパーティアプリケーションがWebsocket APIを使えるように
* fix: add missing parentheses
* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"
This reverts commit 5150053275
.
* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする
* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加
* enhance(test): Websocket APIに対するテストも追加
* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合
* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正
* enhance(backend): Websocketの接続に最低限必要な権限を変更
* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように
* fix(backend): エンドポイントにアクセスするために必要な権限を変更
* fix(frontend/locale): Add missing type declaration
* chore: update `misskey-js/src/autogen`
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
2023-12-27 15:08:59 +09:00
Kagami Sascha Rosylight
eb7b5f905a
feat(backend): support OAuth 2.0 authorization ( #11053 )
...
* feat(backend): support OAuth 2.0 authorization
* secureRndstr fix
* nanndekowareta
* nanndekowareta2
* nanndekowareta3
* unref?
* refactor to not close fastify
* use microformats-parser
* Update OAuth2ProviderService.ts
* clarify the reason behind dns lookup
* refactor(backend): use @types/oauth2orize-pkce (#11350 )
* refactor(backend): use @types/oauth2orize-pkce
* Update package.json
* Update pnpm-lock.yaml
---------
Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
---------
Co-authored-by: mtgto <hogerappa@gmail.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2023-07-27 18:51:58 +09:00
Shun Sakai
c2370a1be6
chore: 著作権とライセンスについての情報を各ファイルに追加する ( #11348 )
...
* chore: Add the SPDX information to each file
Add copyright and licensing information as defined in version 3.0 of
the REUSE Specification.
* tweak format
---------
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2023-07-27 14:31:52 +09:00
Kagami Sascha Rosylight
1b1f82a2e2
feat(backend): accept OAuth bearer token ( #11052 )
...
* feat(backend): accept OAuth bearer token
* refactor
* Update packages/backend/src/server/api/ApiCallService.ts
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
* Update packages/backend/src/server/api/ApiCallService.ts
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
* fix
* kind: permission for account moved error
* also for suspended error
* Update packages/backend/src/server/api/StreamingApiServerService.ts
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
---------
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2023-06-28 13:37:13 +09:00
Kagami Sascha Rosylight
d23ad8b511
fix(backend): APIエラーのHTTP status code変更 ( #11047 )
2023-06-26 10:09:12 +09:00
Kagami Sascha Rosylight
7bb8c71543
chore(backend, misskey-js): add type for signup ( #11043 )
...
* chore(backend, misskey-js): add type for signup
* rerun
2023-06-25 08:34:18 +09:00
syuilo
a43398ce1d
refactor(test): rename variable for INestApplicationContext
2023-03-12 20:57:01 +09:00
Kagami Sascha Rosylight
61215e50ff
test(backend): APIテストの復活 ( #10163 )
...
* Revert 1c5291f818
* APIテストの復活
* apiテストの移行
* moduleNameMapper修正
* simpleGetでthrowしないように
status確認しているので要らない
* longer timeout
* ローカルでは問題ないのになんで
* case sensitive
* Run Nest instance within the current process
* Skip some setIntervals
* wait for 5 seconds
* kill them all!!
* logHeapUsage: true
* detectOpenHandlesがじゃましているらしい
* maxWorkers=1?
* restore drive api tests
* workerIdleMemoryLimit: 500MB
* 1024MiB
* Wait what
2023-03-03 11:13:12 +09:00