Compare commits

...

34 commits

Author SHA1 Message Date
Amelia Yukii
571272a564 merge: release 2024.3.2 (!485)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/485

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-30 11:19:08 +00:00
dakkar
30bb0f60a2 version bump 2024-03-30 11:09:00 +00:00
dakkar
328546c4cd Merge branch 'develop' into release/2024-03-30 2024-03-30 11:08:26 +00:00
Amelia Yukii
126248e58d merge: some validation fixes (!484)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/484

Closes #469

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-30 11:05:58 +00:00
dakkar
074de82bf7 some validation fixes 2024-03-30 11:05:58 +00:00
dakkar
58bc8f2c10 merge: always align code to the left - fixes #436 (!453)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/453

Closes #436

Approved-by: Essem <smswessem@gmail.com>
Approved-by: Leah <kevinlukej@gmail.com>
2024-03-14 14:48:30 +00:00
dakkar
94aed953b5 merge: make cookie a bit more secure - fixes #445 (!468)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/468

Closes #445

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-14 14:47:38 +00:00
dakkar
aa7035a35a merge: longer statement_timeout for migrations - fixes 450 (!466)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/466

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-14 14:46:42 +00:00
dakkar
45eab01fc4 merge: hide CW-ed featured notes on welcome page - fixes #458 (!467)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/467

Closes #458

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Leah <kevinlukej@gmail.com>
Approved-by: Marie <marie@kaifa.ch>
2024-03-14 14:45:53 +00:00
Marie
71bcd76cc5 merge: Update IMPORTANT_NOTES.md (!470)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/470

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Marie <marie@kaifa.ch>
Approved-by: dakkar <dakkar@thenautilus.net>
2024-03-14 11:53:15 +00:00
Luna
d003c3ec1f merge: Fixed broken line numbers (!471)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/471

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Luna <her@mint.lgbt>
2024-03-14 01:36:46 +00:00
KevinWh0
b918f38ec2 fixed 2024-03-13 23:52:21 +01:00
Dalek
cdb82c0ade Update IMPORTANT_NOTES.md 2024-03-13 00:17:57 +00:00
dakkar
6826e43ad7 make cookie a bit more secure - fixes #445
We can't make the cookie `HttpOnly` because we're setting it from
Javascript, but I'm not sure it's worth the trouble to redesign that:
`JSON.parse(localStorage.account).token` gives you the token anyway,
hiding the cookie from JS won't offer much protection.

At least we can mark is `Secure` (meaning, only send it over HTTPS)
and _delete it on logout_ (it wasn't!)
2024-03-10 10:26:04 +00:00
dakkar
ff189b1952 hide CW-ed featured notes on welcome page - fixes #458
not the most elegant solution, but simple and robust
2024-03-10 10:13:35 +00:00
dakkar
43544a6479 longer statement_timeout for migrations - fixes 450 2024-03-09 15:38:36 +00:00
Amelia Yukii
d1f0fc6d5d merge: Feature/maybe nicer dockerfile (!463)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/463

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-08 16:13:47 +00:00
dakkar
ff7375c331 Feature/maybe nicer dockerfile 2024-03-08 16:13:47 +00:00
dakkar
5ba9a3f200 merge: check prohibited words when creating notes (!461)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/461

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Luna <her@mint.lgbt>
2024-03-07 15:45:28 +00:00
dakkar
29eea64d46 update notes to make sure we remember to check import/create problems 2024-03-05 16:54:31 +00:00
dakkar
ff0117a1a5 check prohibited words when creating notes
some small differences (between Misskey and us) inside the `create`
method made `git` put all the changes inside the `import` method… I
thought I had copied them all, but I had missed one, and it's a pretty
important one: prohibited words were not being checked!
2024-03-05 16:52:05 +00:00
Amelia Yukii
4c69cbcd2b merge: update list of project members (!452)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/452

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Leah <kevinlukej@gmail.com>
2024-03-04 20:35:57 +00:00
dakkar
2a4e26c05f update list of project members 2024-03-04 20:35:57 +00:00
Amelia Yukii
1e658ee04d merge: fix repo + feedback URLs for Firefish / IceShrimp (!450)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/450

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-04 20:22:49 +00:00
Amelia Yukii
5988c5fa70 merge: rough start of a Sharkey contributors' guide - #241 (!394)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/394

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-04 20:21:47 +00:00
dakkar
ad2a97f20f rough start of a Sharkey contributors' guide - #241 2024-03-04 20:21:46 +00:00
Amelia Yukii
061cc40384 merge: allow lookup / search for http URLs (!457)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/457

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-04 20:20:53 +00:00
Amelia Yukii
5733190b37 merge: Fixed english translation for the "Delete File" button (!458)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/458

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-04 18:48:05 +00:00
Leah
e7c41927e2 Fixed english translation for the "Delete File" button 2024-03-04 18:48:04 +00:00
Amelia Yukii
421f1d46a2 merge: Fixed startup crash with seasonal effects (!459)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/459

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-04 18:47:47 +00:00
Leah
eba0c2cc61 Fixed startup crash with seasonal effects 2024-03-04 18:47:47 +00:00
dakkar
96d8432b85 allow lookup / search for http URLs 2024-03-03 14:45:34 +00:00
dakkar
03464cc379 always align code to the left - fixes #436
"featured notes" on the welcome page's right-hand column are shown
with the text right-aligned; code should not be affected by that. This
makes sure it isn't
2024-03-03 12:06:22 +00:00
dakkar
7d00c4529b fix repo + feedback URLs for Firefish / IceShrimp 2024-03-03 11:12:58 +00:00
25 changed files with 270 additions and 119 deletions

View file

@ -1,38 +1,36 @@
# Contribution guide
We're glad you're interested in contributing Misskey! In this document you will find the information you need to contribute to the project.
> **Note**
> This project uses Japanese as its major language, **but you do not need to translate and write the Issues/PRs in Japanese.**
> Also, you might receive comments on your Issue/PR in Japanese, but you do not need to reply to them in Japanese as well.\
> The accuracy of machine translation into Japanese is not high, so it will be easier for us to understand if you write it in the original language.
> It will also allow the reader to use the translation tool of their preference if necessary.
We're glad you're interested in contributing to Sharkey! In this document you will find the information you need to contribute to the project.
## Roadmap
See [ROADMAP.md](./ROADMAP.md)
See [ROADMAP.md](./ROADMAP.md) for the upstream Misskey roadmap.
## Issues
Before creating an issue, please check the following:
- To avoid duplication, please search for similar issues before creating a new issue.
- Do not use Issues to ask questions or troubleshooting.
- Issues should only be used to feature requests, suggestions, and bug tracking.
- Please ask questions or troubleshooting in [GitHub Discussions](https://github.com/misskey-dev/misskey/discussions) or [Discord](https://discord.gg/Wp8gVStHW3).
- Please ask questions or troubleshooting in [Discord](https://discord.gg/6VgKmEqHNk).
> **Warning**
> Do not close issues that are about to be resolved. It should remain open until a commit that actually resolves it is merged.
## Before implementation
When you want to add a feature or fix a bug, **first have the design and policy reviewed in an Issue** (if it is not there, please make one). Without this step, there is a high possibility that the PR will not be merged even if it is implemented.
When you want to add a feature or fix a bug, *please open an issue*,
don't just start writing code. We may suggest different approaches, or
show that the "bug" is actually intended behaviour (and offer
work-arounds), or maybe we won't be able to merge your new feature
because it would make it too hard to incorporate future changes from
Misskey. Each of these examples have actually happened!
At this point, you also need to clarify the goals of the PR you will create, and make sure that the other members of the team are aware of them.
PRs that do not have a clear set of do's and don'ts tend to be bloated and difficult to review.
On the other hand, it's very likely that we'll tell you "go
ahead!". We try our best to incorporate improvements from our users!
Also, when you start implementation, assign yourself to the Issue (if you cannot do it yourself, ask another member to assign you). By expressing your intention to work the Issue, you can prevent conflicts in the work.
## Well-known branches
- **`master`** branch is tracking the latest release and used for production purposes.
- **`stable`** branch is tracking the latest release and used for production purposes.
- **`develop`** branch is where we work for the next release.
- When you create a PR, basically target it to this branch.
- **`l10n_develop`** branch is reserved for localization management.
## Creating a PR
Thank you for your PR! Before creating a PR, please check the following:
@ -40,7 +38,7 @@ Thank you for your PR! Before creating a PR, please check the following:
- `fix` / `refactor` / `feat` / `enhance` / `perf` / `chore` etc
- Also, make sure that the granularity of this PR is appropriate. Please do not include more than one type of change or interest in a single PR.
- If there is an Issue which will be resolved by this PR, please include a reference to the Issue in the text.
- Please add the summary of the changes to [`CHANGELOG.md`](/CHANGELOG.md). However, this is not necessary for changes that do not affect the users, such as refactoring.
- Please add the summary of the changes to [`CHANGELOG.md`](CHANGELOG.md). However, this is not necessary for changes that do not affect the users, such as refactoring.
- Check if there are any documents that need to be created or updated due to this change.
- If you have added a feature or fixed a bug, please add a test case if possible.
- Please make sure that tests and Lint are passed in advance.
@ -66,26 +64,19 @@ Be willing to comment on the good points and not just the things you want fixed
- Are there any omissions or gaps?
- Does it check for anomalies?
## Deploy
The `/deploy` command by issue comment can be used to deploy the contents of a PR to the preview environment.
```
/deploy sha=<commit hash>
```
An actual domain will be assigned so you can test the federation.
## Merge
## Release
### Release Instructions
1. Commit version changes in the `develop` branch ([package.json](https://github.com/misskey-dev/misskey/blob/develop/package.json))
1. Commit version changes in the `develop` branch ([package.json](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/package.json))
2. Create a release PR.
- Into `master` from `develop` branch.
- Into `stable` from `develop` branch.
- The title must be in the format `Release: x.y.z`.
- `x.y.z` is the new version you are trying to release.
3. Deploy and perform a simple QA check. Also verify that the tests passed.
4. Merge it. (Do not squash commit)
5. Create a [release of GitHub](https://github.com/misskey-dev/misskey/releases)
- The target branch must be `master`
5. Create a [release](https://activitypub.software/TransFem-org/Sharkey/-/releases)
- The target branch must be `stable`
- The tag name must be the version
> **Note**
@ -156,7 +147,7 @@ pnpm dev
```
## Testing
- Test codes are located in [`/packages/backend/test`](/packages/backend/test).
- Test codes are located in [`/packages/backend/test`](packages/backend/test).
### Run test
Create a config file.
@ -188,8 +179,8 @@ TODO
- `MISSKEY_WEBFINGER_USE_HTTP`: If it's set true, WebFinger requests will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION.
## Continuous integration
Misskey uses GitHub Actions for executing automated tests.
Configuration files are located in [`/.github/workflows`](/.github/workflows).
Sharkey uses GitLab CI for executing automated tests.
Configuration files are located in [`/.gitlab-ci.yml`](.gitlab-ci.yml).
## Vue
Misskey uses Vue(v3) as its front-end framework.
@ -455,3 +446,30 @@ marginはそのコンポーネントを使う側が設定する
### indexというファイル名を使うな
ESMではディレクトリインポートは廃止されているのと、ディレクトリインポートせずともファイル名が index だと何故か一部のライブラリ?でディレクトリインポートだと見做されてエラーになる
## Merging from Misskey into Sharkey
Make sure you have both remotes in the same clone (`git remote add misskey
https://github.com/misskey-dev/misskey.git`), then:
git remote update
git checkout develop # this is Sharkey's develop
git checkout -m merge/$(date +%Y-%m-%d) # or whatever
git merge --no-ff misskey/develop
fix conflicts and *commit*!
*after that commit*, do all the extra work, on the same branch:
* copy all changes:
* from `NoteCreateService.create` to `NoteCreateService.import` (and
vice versa if `git` got confused!)
* from `NoteCreateService` to `NoteEditService`
* from `ApNoteService.createNote` to `ApNoteService.updateNote`
* from `endoints/notes/create.ts` to `endoints/notes/edit.ts`
* from `MkNote*` to `SkNote*` (if sensible)
* run tests `pnpm test` and fix as much as you can
* run lint `pnpm --filter=backend lint` + `pnpm --filter=frontend
eslint` and fix as much as you can
Then push and open a Merge Request.

View file

@ -4,10 +4,6 @@ ARG NODE_VERSION=20.10.0-alpine3.18
FROM node:${NODE_VERSION} as build
RUN corepack enable
WORKDIR /sharkey
RUN apk add git linux-headers build-base
ENV PYTHONUNBUFFERED=1
@ -15,55 +11,70 @@ RUN apk add --update python3 && ln -sf python3 /usr/bin/python
RUN python3 -m ensurepip
RUN pip3 install --no-cache --upgrade pip setuptools
COPY . ./
RUN corepack enable
WORKDIR /sharkey
COPY --link . ./
RUN git submodule update --init --recursive
RUN pnpm config set fetch-retries 5
RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
pnpm i
pnpm i --frozen-lockfile --aggregate-output
RUN pnpm build
RUN node scripts/trim-deps.mjs
RUN mv packages/frontend/assets sharkey-assets
RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
pnpm prune
RUN rm -r node_modules packages/frontend packages/sw
RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
pnpm i --prod
pnpm i --prod --frozen-lockfile --aggregate-output
RUN rm -rf .git
FROM node:${NODE_VERSION}
ARG UID="991"
ARG GID="991"
RUN apk add ffmpeg tini jemalloc \
&& corepack enable \
&& addgroup -g "${GID}" sharkey \
&& adduser -D -u "${UID}" -G sharkey -h /sharkey sharkey \
&& find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; \
&& find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \;
USER sharkey
WORKDIR /sharkey
RUN apk add ffmpeg tini
COPY --chown=sharkey:sharkey --from=build /sharkey/node_modules ./node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules
COPY --chown=sharkey:sharkey --from=build /sharkey/built ./built
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/built ./packages/backend/built
COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib
COPY --chown=sharkey:sharkey --from=build /sharkey/fluent-emojis ./fluent-emojis
COPY --chown=sharkey:sharkey --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist
COPY --chown=sharkey:sharkey --from=build /sharkey/sharkey-assets ./packages/frontend/assets
COPY --from=build /sharkey/built ./built
COPY --from=build /sharkey/node_modules ./node_modules
COPY --from=build /sharkey/packages/backend/built ./packages/backend/built
COPY --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules
COPY --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib
COPY --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules
COPY --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built
COPY --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules
COPY --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built
COPY --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules
COPY --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built
COPY --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules
COPY --from=build /sharkey/fluent-emojis ./fluent-emojis
COPY --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist
COPY --from=build /sharkey/sharkey-assets ./packages/frontend/assets
COPY package.json ./package.json
COPY pnpm-workspace.yaml ./pnpm-workspace.yaml
COPY packages/backend/package.json ./packages/backend/package.json
COPY packages/backend/check_connect.js ./packages/backend/check_connect.js
COPY packages/backend/ormconfig.js ./packages/backend/ormconfig.js
COPY packages/backend/migration ./packages/backend/migration
COPY packages/backend/assets ./packages/backend/assets
COPY packages/megalodon/package.json ./packages/megalodon/package.json
COPY packages/misskey-js/package.json ./packages/misskey-js/package.json
COPY packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json
COPY packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json
COPY --chown=sharkey:sharkey package.json ./package.json
COPY --chown=sharkey:sharkey pnpm-workspace.yaml ./pnpm-workspace.yaml
COPY --chown=sharkey:sharkey packages/backend/package.json ./packages/backend/package.json
COPY --chown=sharkey:sharkey packages/backend/check_connect.js ./packages/backend/check_connect.js
COPY --chown=sharkey:sharkey packages/backend/ormconfig.js ./packages/backend/ormconfig.js
COPY --chown=sharkey:sharkey packages/backend/migration ./packages/backend/migration
COPY --chown=sharkey:sharkey packages/backend/assets ./packages/backend/assets
COPY --chown=sharkey:sharkey packages/megalodon/package.json ./packages/megalodon/package.json
COPY --chown=sharkey:sharkey packages/misskey-js/package.json ./packages/misskey-js/package.json
COPY --chown=sharkey:sharkey packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json
COPY --chown=sharkey:sharkey packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json
ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2
ENV NODE_ENV=production
RUN corepack enable
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["pnpm", "run", "migrateandstart"]

View file

@ -6,8 +6,11 @@ When using a service with Sharkey, there are several important points to keep in
2. Even for posts made in private, there is no guarantee that the recipient's server will treat them as private in the same way. Please exercise caution when posting personal or confidential information. (Again, this applies to the internet in general.)
3. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
3. The "Drive" feature is NOT secure cloud storage. This feature exists for easier managing of your uploaded files.
Any data uploaded, whether shared via post or not, will be publicly accessible. Please use 3rd party cloud storage providers if you need to upload data with sensitive information of any kind.
4. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
4. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
Please understand these points and enjoy using the service.
5. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
Please understand these points and enjoy using the service.

View file

@ -134,7 +134,7 @@ overwriteFromPinnedEmojis: "Override from general settings"
reactionSettingDescription2: "Drag to reorder, click to delete, press \"+\" to add."
rememberNoteVisibility: "Remember note visibility settings"
attachCancel: "Remove attachment"
deleteFile: "File deleted"
deleteFile: "Delete file"
markAsSensitive: "Mark as sensitive"
unmarkAsSensitive: "Unmark as sensitive"
enterFileName: "Enter filename"

View file

@ -1,6 +1,6 @@
{
"name": "sharkey",
"version": "2024.3.1",
"version": "2024.3.2",
"codename": "shonk",
"repository": {
"type": "git",

View file

@ -0,0 +1,16 @@
/*
* SPDX-FileCopyrightText: dakkar and other Sharkey contributors
* SPDX-License-Identifier: AGPL-3.0-only
*/
export class MoreRepoUrl1709462550083 {
name = 'MoreRepoUrl1709462550083'
async up(queryRunner) {
await queryRunner.query(`UPDATE "meta" SET "repositoryUrl"=DEFAULT WHERE "repositoryUrl" IN ('https://git.joinfirefish.org/firefish/firefish','https://codeberg/firefish/firefish','https://codeberg.org/calckey/calckey','https://iceshrimp.dev/iceshrimp/iceshrimp')`);
await queryRunner.query(`UPDATE "meta" SET "feedbackUrl"=DEFAULT WHERE "feedbackUrl" IN ('https://git.joinfirefish.org/firefish/firefish/issues','https://codeberg/firefish/firefish/issues','https://codeberg.org/calckey/calckey/firefish/firefish/issues','https://iceshrimp.dev/iceshrimp/iceshrimp/issues/new','https://iceshrimp.dev/iceshrimp/iceshrimp/issues')`);
}
async down(queryRunner) {
}
}

View file

@ -11,7 +11,11 @@ export default new DataSource({
username: config.db.user,
password: config.db.pass,
database: config.db.db,
extra: config.db.extra,
extra: {
...config.db.extra,
// migrations may be very slow, give them longer to run (that 10*1000 comes from postgres.ts)
statement_timeout: (config.db.extra?.statement_timeout ?? 1000 * 10) * 10,
},
entities: entities,
migrations: ['migration/*.js'],
});

View file

@ -15,6 +15,7 @@ import type { Config } from '@/config.js';
import { StatusError } from '@/misc/status-error.js';
import { bindThis } from '@/decorators.js';
import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
import type { IObject } from '@/core/activitypub/type.js';
import type { Response } from 'node-fetch';
import type { URL } from 'node:url';
@ -125,7 +126,12 @@ export class HttpRequestService {
validators: [validateContentTypeSetAsActivityPub],
});
return await res.json() as IObject;
const finalUrl = res.url; // redirects may have been involved
const activity = await res.json() as IObject;
assertActivityMatchesUrls(activity, [url, finalUrl]);
return activity;
}
@bindThis

View file

@ -266,6 +266,16 @@ export class NoteCreateService implements OnApplicationShutdown {
}
}
const hasProhibitedWords = await this.checkProhibitedWordsContain({
cw: data.cw,
text: data.text,
pollChoices: data.poll?.choices,
}, meta.prohibitedWords);
if (hasProhibitedWords) {
throw new IdentifiableError('689ee33f-f97c-479a-ac49-1b9f8140af99', 'Note contains prohibited words');
}
const inSilencedInstance = this.utilityService.isSilencedHost(meta.silencedHosts, user.host);
if (data.visibility === 'public' && inSilencedInstance && user.host !== null) {
@ -299,7 +309,7 @@ export class NoteCreateService implements OnApplicationShutdown {
}
// Check blocking
if (data.renote && data.text == null && data.poll == null && (data.files == null || data.files.length === 0)) {
if (data.renote && !this.isQuote(data)) {
if (data.renote.userHost === null) {
if (data.renote.userId !== user.id) {
const blocked = await this.userBlockingService.checkBlocked(data.renote.userId, user.id);
@ -1018,7 +1028,7 @@ export class NoteCreateService implements OnApplicationShutdown {
removeOnComplete: true,
});
}
// Pack the note
const noteObj = await this.noteEntityService.pack(note, null, { skipHide: true, withReactionAndUserPairCache: true });

View file

@ -86,7 +86,7 @@ export class UtilityService {
@bindThis
public extractDbHost(uri: string): string {
const url = new URL(uri);
return this.toPuny(url.hostname);
return this.toPuny(url.host);
}
@bindThis
@ -99,4 +99,11 @@ export class UtilityService {
if (host == null) return null;
return toASCII(host.toLowerCase());
}
@bindThis
public punyHost(url: string): string {
const urlObj = new URL(url);
const host = `${this.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`;
return host;
}
}

View file

@ -14,7 +14,9 @@ import { HttpRequestService } from '@/core/HttpRequestService.js';
import { LoggerService } from '@/core/LoggerService.js';
import { bindThis } from '@/decorators.js';
import type Logger from '@/logger.js';
import type { IObject } from './type.js';
import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
type Request = {
url: string;
@ -201,6 +203,11 @@ export class ApRequestService {
validators: [validateContentTypeSetAsActivityPub],
});
return await res.json();
const finalUrl = res.url; // redirects may have been involved
const activity = await res.json() as IObject;
assertActivityMatchesUrls(activity, [url, finalUrl]);
return activity;
}
}

View file

@ -115,6 +115,14 @@ export class Resolver {
throw new Error('invalid response');
}
// HttpRequestService / ApRequestService have already checked that
// `object.id` or `object.url` matches the URL used to fetch the
// object after redirects; here we double-check that no redirects
// bounced between hosts
if (object.id && (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value))) {
throw new Error(`invalid AP object ${value}: id ${object.id} has different host`);
}
return object;
}

View file

@ -0,0 +1,19 @@
/*
* SPDX-FileCopyrightText: dakkar and sharkey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
import type { IObject } from '../type.js';
export function assertActivityMatchesUrls(activity: IObject, urls: string[]) {
const idOk = activity.id !== undefined && urls.includes(activity.id);
// technically `activity.url` could be an `ApObject = IObject |
// string | (IObject | string)[]`, but if it's a complicated thing
// and the `activity.id` doesn't match, I think we're fine
// rejecting the activity
const urlOk = typeof(activity.url) === 'string' && urls.includes(activity.url);
if (!idOk && !urlOk) {
throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${activity?.url}) match location(${urls})`);
}
}

View file

@ -127,12 +127,6 @@ export class ApPersonService implements OnModuleInit {
this.logger = this.apLoggerService.logger;
}
private punyHost(url: string): string {
const urlObj = new URL(url);
const host = `${this.utilityService.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`;
return host;
}
/**
* Validate and convert to actor object
* @param x Fetched object
@ -140,7 +134,7 @@ export class ApPersonService implements OnModuleInit {
*/
@bindThis
private validateActor(x: IObject, uri: string): IActor {
const expectHost = this.punyHost(uri);
const expectHost = this.utilityService.punyHost(uri);
if (!isActor(x)) {
throw new Error(`invalid Actor type '${x.type}'`);
@ -154,6 +148,19 @@ export class ApPersonService implements OnModuleInit {
throw new Error('invalid Actor: wrong inbox');
}
if (this.utilityService.punyHost(x.inbox) !== expectHost) {
throw new Error('invalid Actor: inbox has different host');
}
for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) {
const collectionUri = (x as IActor)[collection];
if (typeof collectionUri === 'string' && collectionUri.length > 0) {
if (this.utilityService.punyHost(collectionUri) !== expectHost) {
throw new Error(`invalid Actor: ${collection} has different host`);
}
}
}
if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) {
throw new Error('invalid Actor: wrong username');
}
@ -177,7 +184,7 @@ export class ApPersonService implements OnModuleInit {
x.summary = truncate(x.summary, summaryLength);
}
const idHost = this.punyHost(x.id);
const idHost = this.utilityService.punyHost(x.id);
if (idHost !== expectHost) {
throw new Error('invalid Actor: id has different host');
}
@ -187,7 +194,7 @@ export class ApPersonService implements OnModuleInit {
throw new Error('invalid Actor: publicKey.id is not a string');
}
const publicKeyIdHost = this.punyHost(x.publicKey.id);
const publicKeyIdHost = this.utilityService.punyHost(x.publicKey.id);
if (publicKeyIdHost !== expectHost) {
throw new Error('invalid Actor: publicKey.id has different host');
}
@ -286,7 +293,7 @@ export class ApPersonService implements OnModuleInit {
this.logger.info(`Creating the Person: ${person.id}`);
const host = this.punyHost(object.id);
const host = this.utilityService.punyHost(object.id);
const fields = this.analyzeAttachments(person.attachment ?? []);

View file

@ -113,8 +113,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
@bindThis
private async fetchAny(uri: string, me: MiLocalUser | null | undefined): Promise<SchemaType<typeof meta['res']> | null> {
// ブロックしてたら中断
const host = this.utilityService.extractDbHost(uri);
const fetchedMeta = await this.metaService.fetch();
if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, this.utilityService.extractDbHost(uri))) return null;
if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, host)) return null;
let local = await this.mergePack(me, ...await Promise.all([
this.apDbResolverService.getUserFromApId(uri),
@ -122,6 +123,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
]));
if (local != null) return local;
// local object, not found in db? fail
if (this.utilityService.isSelfHost(host)) return null;
// リモートから一旦オブジェクトフェッチ
const resolver = this.apResolverService.createResolver();
const object = await resolver.resolve(uri) as any;

View file

@ -43,6 +43,7 @@ export async function signout() {
waiting();
miLocalStorage.removeItem('account');
await removeAccount($i.id);
document.cookie = `token=; path=/; max-age=0${ location.protocol === 'https:' ? '; Secure' : ''}`;
const accounts = await getAccounts();
//#region Remove service worker registration
@ -200,7 +201,7 @@ export async function login(token: Account['token'], redirect?: string) {
throw reason;
});
miLocalStorage.setItem('account', JSON.stringify(me));
document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う
document.cookie = `token=${token}; path=/; max-age=31536000${ location.protocol === 'https:' ? '; Secure' : ''}`; // bull dashboardの認証とかで使う
await addAccount(me.id, token);
if (redirect) {

View file

@ -73,27 +73,31 @@ export async function mainBoot() {
mainRouter.push('/search');
},
};
if (defaultStore.state.enableSeasonalScreenEffect) {
const month = new Date().getMonth() + 1;
if (defaultStore.state.hemisphere === 'S') {
// ▼南半球
if (month === 7 || month === 8) {
const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
new SnowfallEffect({}).render();
try {
if (defaultStore.state.enableSeasonalScreenEffect) {
const month = new Date().getMonth() + 1;
if (defaultStore.state.hemisphere === 'S') {
// ▼南半球
if (month === 7 || month === 8) {
const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
new SnowfallEffect({}).render();
}
} else {
// ▼北半球
if (month === 12 || month === 1) {
const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
new SnowfallEffect({}).render();
} else if (month === 3 || month === 4) {
const SakuraEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
new SakuraEffect({
sakura: true,
}).render();
}
}
} else {
// ▼北半球
if (month === 12 || month === 1) {
const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
new SnowfallEffect({}).render();
} else if (month === 3 || month === 4) {
const SakuraEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
new SakuraEffect({
sakura: true,
}).render();
}
}
}
} catch (error) {
// console.error(error);
console.error('Failed to initialise the seasonal screen effect canvas context:', error);
}
if ($i) {

View file

@ -72,12 +72,16 @@ watch(() => props.lang, (to) => {
</script>
<style module lang="scss">
.codeBlockRoot {
text-align: left;
}
.codeBlockRoot :global(.shiki) > code {
counter-reset: step;
counter-increment: step 0;
}
.codeBlockRoot :global(.shiki) > code > .line::before {
.codeBlockRoot :global(.shiki) > code > span::before {
content: counter(step);
counter-increment: step;
width: 1rem;

View file

@ -20,7 +20,7 @@
worker-src 'self';
script-src 'self' 'unsafe-eval' https://*.hcaptcha.com https://challenges.cloudflare.com;
style-src 'self' 'unsafe-inline';
img-src 'self' data: blob: www.google.com xn--931a.moe launcher.moe localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000;
img-src 'self' data: blob: www.google.com xn--931a.moe launcher.moe localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000 activitypub.software secure.gravatar.com avatars.githubusercontent.com;
media-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000;
connect-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000 https://newassets.hcaptcha.com;
frame-src *;"

View file

@ -77,14 +77,34 @@ SPDX-License-Identifier: AGPL-3.0-only
<FormSection>
<template #label>{{ i18n.ts._aboutMisskey.projectMembers }}</template>
<div :class="$style.contributors" style="margin-bottom: 8px;">
<a href="https://activitypub.software/Marie" target="_blank" :class="$style.contributor">
<img src="https://activitypub.software/uploads/-/system/user/avatar/2/avatar.png?width=128" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@Marie</span>
</a>
<a href="https://activitypub.software/Amelia" target="_blank" :class="$style.contributor">
<img src="https://activitypub.software/uploads/-/system/user/avatar/1/avatar.png?width=128" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@Amelia</span>
</a>
<a href="https://activitypub.software/dakkar" target="_blank" :class="$style.contributor">
<img src="https://secure.gravatar.com/avatar/c71b315eed7c63ff94c42b1b3e8dbad1?s=192&d=identicon" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@dakkar</span>
</a>
<a href="https://activitypub.software/esm" target="_blank" :class="$style.contributor">
<img src="https://secure.gravatar.com/avatar/00fd054610e2a9dcf97a2aa661b168d0?s=192&d=identicon" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@esm</span>
</a>
<a href="https://activitypub.software/supakaity" target="_blank" :class="$style.contributor">
<img src="https://activitypub.software/uploads/-/system/user/avatar/65/avatar.png?width=40" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@supakaity</span>
</a>
<a href="https://activitypub.software/julia" target="_blank" :class="$style.contributor">
<img src="https://activitypub.software/uploads/-/system/user/avatar/41/avatar.png?width=40" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@julia</span>
</a>
<a href="https://activitypub.software/Leah" target="_blank" :class="$style.contributor">
<img src="https://secure.gravatar.com/avatar/3b35b921b284ccfd1fe348508f6f705b?s=80&d=identicon" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@Leah</span>
</a>
<a href="https://activitypub.software/fEmber" target="_blank" :class="$style.contributor">
<img src="https://secure.gravatar.com/avatar/ea0ea6451fdb74311efad369bdce018e?s=80&d=identicon" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@fEmber</span>
</a>
</div>
<template #caption><MkLink url="https://activitypub.software/TransFem-org/Sharkey/-/graphs/develop">{{ i18n.ts._aboutMisskey.allContributors }}</MkLink></template>
</FormSection>

View file

@ -85,7 +85,7 @@ async function search() {
if (query == null || query === '') return;
if (query.startsWith('https://')) {
if (query.startsWith('http://') || query.startsWith('https://')) {
const promise = misskeyApi('ap/show', {
uri: query,
});

View file

@ -48,7 +48,7 @@ async function search() {
if (query == null || query === '') return;
if (query.startsWith('https://')) {
if (query.startsWith('http://') || query.startsWith('https://')) {
const promise = misskeyApi('ap/show', {
uri: query,
});

View file

@ -40,7 +40,7 @@ const isScrolling = ref(false);
const scrollEl = shallowRef<HTMLElement>();
misskeyApiGet('notes/featured').then(_notes => {
notes.value = _notes;
notes.value = _notes.filter(n => n.cw == null);
});
onUpdated(() => {

View file

@ -28,7 +28,7 @@ export async function lookup(router?: Router) {
return;
}
if (query.startsWith('https://')) {
if (query.startsWith('http://') || query.startsWith('https://')) {
const promise = misskeyApi('ap/show', {
uri: query,
});

View file

@ -155,7 +155,9 @@ export class SnowfallEffect {
max: 0.125,
easing: 0.0005,
};
/**
* @throws {Error} - Thrown when it fails to get WebGL context for the canvas
*/
constructor(options: {
sakura?: boolean;
}) {