ltlapy/iceshrimp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
26735 commits 1 branch 0 tags 1.2 GiB
Commit graph

2163 commits

Author SHA1 Message Date
ltlapy
708a8d28a6 feat: Requiring credential to view local timeline
Some checks failed
/ test-build (push) Has been cancelled
Details
2024-12-27 13:09:57 +09:00
Laura Hausmann
4e61f25d41
[backend] Bump msgpackr version 
This fixes compatibility with NodeJS v23+
 2024-11-25 22:47:38 +01:00
mia
bd1bb68da3
[backend] Bump re2 
Fixes some build issues
 2024-11-24 10:07:52 -08:00
Kopper
a5f4279d32
[backend] Check target IP before sending HTTP request 
Backported upstream commit "fix(backend): check target IP before sending HTTP request"

Co-authored-by: rectcoordsystem <heohyun73@gmail.com>
Co-authored-by: anatawa12 <anatawa12@icloud.com>
 2024-11-20 23:56:37 +01:00
Laura Hausmann
065590279e
[backend] Strengthen checks against local object resolution 
This commit addresses disclosed primitives 26-29 & 31-33
 2024-11-20 23:56:20 +01:00
Laura Hausmann
ca331d2406
[backend] Create a new resolver in parseAudience if none is passed to the function 
This commit addresses disclosed primitive 23
 2024-11-20 23:56:16 +01:00
Laura Hausmann
dc3c2d1ad4
[backend] Enforce blocks in NoteRepository.isVisibleForMe 
This commit addresses disclosed primitive 20
 2024-11-20 23:56:12 +01:00
Laura Hausmann
aa73a8905d
[backend] Require admin scope for AP get endpoint 
This commit addresses disclosed primitive 18
 2024-11-20 23:56:07 +01:00
Laura Hausmann
7542310e3e
[backend] Improve validation of AP activities & objects 
This commit addresses disclosed primitives 4-5, 7-9, 12-17 & 21-22 (CVE-2024-51403, CVE-2024-51404, CVE-2024-51405)
 2024-11-20 23:56:02 +01:00
Laura Hausmann
c1e1c391f8
[backend] Apply rate limits to proxyServer and fileServer 
This resolves a DoS / DDoS / request amplification attack vector that is being actively exploited.
 2024-11-20 04:21:51 +01:00
Laura Hausmann
416dbb5887
[backend] Don't treat HTTP 429 errors as non-retryable 2024-11-17 16:12:47 +01:00
mia
3adb155ed4
[backend] Use authenticated resolver for poll updates 2024-11-04 19:52:25 -08:00
mia
34823aa7b8 [backend] Fetch pinned notes with following user 
fixes #567
 2024-10-16 21:16:52 +02:00
mia
1e60ed665d [backend] Use configured prefix for redis messaging 2024-10-14 03:02:24 +02:00
Laura Hausmann
cc89de3e5c
[backend] Fix typo 2024-10-11 07:13:02 +02:00
mia
a70db57df9 [backend] Add prometheus metrics endpoint 2024-10-11 07:08:51 +02:00
mia
23533c1aaa
[backend] Switch job queue to BullMQ 
Signed-off-by: mia <mia@mia.jetzt>
 2024-10-11 00:17:34 +02:00
Laura Hausmann
7074a2efaf
[backend] Canonicalize URLs before comparing them during object id consistency checks in the AP resolver 2024-09-18 23:37:09 +02:00
Laura Hausmann
e753462c01
[backend] Don't federate edits of local-only notes (resolves #566) 2024-09-10 20:05:54 +02:00
Laura Hausmann
630d6bdbe5
[backend] Limit node-fetch responses to a reasonable length in all places 2024-07-28 19:15:37 +02:00
Laura Hausmann
5c659b1306
Revert "[backend] Improve JSON-LD context size limiter" 
This reverts commit 9a8b7efcd6.
 2024-07-28 19:02:13 +02:00
Laura Hausmann
e9f776c7b2
[backend] Bump node-fetch version 2024-07-28 19:02:10 +02:00
Laura Hausmann
9a8b7efcd6
[backend] Improve JSON-LD context size limiter 2024-07-28 17:00:00 +02:00
Laura Hausmann
d9d6dc1b60
[backend] Limit fetched JSON-LD context size to 1MB 2024-07-28 16:17:13 +02:00
Laura Hausmann
96dce1ada0
[backend] Update summaly version 2024-07-28 16:00:22 +02:00
Laura Hausmann
91dddc439f
[sdk] Rename iceshrimp-js package to iceshrimp-sdk 
This resolves possible confusion between iceshrimp-js (this project) and iceshrimp-sdk (the package)
 2024-07-23 23:15:19 +02:00
Laura Hausmann
cc9bc79466
[backend] Set opts.removeOnComplete when discarding corrupt jobs (since the opts object is likely also corrupted) 2024-07-23 21:00:21 +02:00
Laura Hausmann
0d5220e505
[backend] Discard jobs with null/undefined/empty data objects; add no-op handlers for invalid queue jobs 
This stops corrupted/invalid jobs from clogging up the queue. Ref: https://github.com/OptimalBits/bull/issues/2461
 2024-07-23 20:47:23 +02:00
naskya
bb4f4b4b00 fix: upgrade AiScript! There are braking changes in the AiScript syntax, so existing plugins must alse be upgraded Also, I didn't include the function that can call remote servers' API (which is present in the latest Misskey) 
Co-authored-by: syuilo <syuilotan@yahoo.co.jp>
Co-authored-by: Sayamame-beans <61457993+Sayamame-beans@users.noreply.github.com>
 2024-07-13 18:05:12 +03:00
Laura Hausmann
4f21fd9b91
[backend/masto-client] Fall back to full-res url if an attachment's thumbnailUrl is null 
The API docs say this field is nullable, but the official android app crashes if it is set to null.
 2024-07-04 03:24:40 +02:00
Laura Hausmann
e2b7d80871
[backend] Reset home timeline query heuristic after importing follows 2024-07-04 00:08:21 +02:00
Laura Hausmann
09afdeb04c
[backend] Fix build on Node 22 2024-07-03 23:51:17 +02:00
ari melody
2ebd907c47
[backend/masto-client] Add follow_requests_count to verify_credentials response 2024-07-02 22:40:25 +02:00
Laura Hausmann
08d8143386
[backend] Switch to updated summaly version which sends a more descriptive user agent 
Upstream summaly is sending a user agent that just says SummalyBot, which can be mistaken as a web scraper.
 2024-06-27 21:33:40 +02:00
mia
6a678b688e update sharp to 0.33.4 2024-06-16 02:16:33 -07:00
Laura Hausmann
1c6ec9ad08
[backend] Catch errors in UserRepository.userFromURI 
This fixes sporadic errors during rendering of follower/following lists.
 2024-06-10 18:31:50 +02:00
Laura Hausmann
d8a75cdd08
[backend] Render pinned notes as links instead of objects 2024-05-31 20:56:35 +02:00
Laura Hausmann
dfe01652f0
[backend] Fix build on node v22 2024-05-13 14:00:12 +02:00
Laura Hausmann
df5734523f
[backend] Correctly set CW on note update 
Resolves: #547
 2024-05-01 23:48:07 +02:00
Laura Hausmann
febb499fcb
[backend] Compact LD-signed activities against well-known context to defend against spoofing attacks 2024-04-29 16:36:58 +02:00
Laura Hausmann
dcfa69ff9d
[backend/masto-client] Fix user profile html cache not updating 2024-04-27 18:48:03 +02:00
Laura Hausmann
6f3818a8bb
[backend/masto-client] Correctly set meId in FTS query helper 2024-04-24 03:02:24 +02:00
mei23
301c754e95
[backend] Add Cache-Control to Bull Dashboard 2024-04-19 17:11:14 +02:00
Ezeani Emmanuel
3fa791d71f
[backend] Improve custom TypeORM logger with configurable logging options 
Co-authored-by: Laura Hausmann <laura@hausmann.dev>
 2024-04-11 17:22:45 +02:00
Laura Hausmann
74a3375886
[backend] Add quote_id to mastodon api note responses 2024-04-10 18:21:59 +02:00
Laura Hausmann
5a30581c73
[backend] Fix autofollowedAccount being set to random (possibly non-local) users on update-meta 2024-04-08 20:39:41 +02:00
Laura Hausmann
41cb218aa8
[backend] Set X-Content-Type-Options to nosniff on the drive files endpoint 2024-03-30 13:11:15 +01:00
Laura Hausmann
cf506d3bd9
[backend] Reject anonymous objects in the AP resolver 2024-03-30 13:11:09 +01:00
Laura Hausmann
ac57c58ecf
[backend] Stricter validation of activity identifiers 
This resolves a security issue that was disclosed on 2024-03-24 & patched in coordination with other affected software on 2024-03-30.
Huge thanks to Oneric for the detailed security disclosure.
 2024-03-30 13:11:03 +01:00
Crimekillz
74df0b3602 Fix bug: Pass reference to Note OBJ when creating notifications for Poll Vote and Poll End so muted threads can be resolved correctly 2024-03-26 16:24:19 +01:00