Compare commits

...

10 commits

Author SHA1 Message Date
dakkar
e7717d2081 merge: save and restore UI language together with other prefs - fixes #443 (!451)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/451

Closes #443

Approved-by: Marie <marie@kaifa.ch>
2024-03-14 14:47:52 +00:00
dakkar
94aed953b5 merge: make cookie a bit more secure - fixes #445 (!468)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/468

Closes #445

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-14 14:47:38 +00:00
dakkar
aa7035a35a merge: longer statement_timeout for migrations - fixes 450 (!466)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/466

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-14 14:46:42 +00:00
dakkar
45eab01fc4 merge: hide CW-ed featured notes on welcome page - fixes #458 (!467)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/467

Closes #458

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Leah <kevinlukej@gmail.com>
Approved-by: Marie <marie@kaifa.ch>
2024-03-14 14:45:53 +00:00
Marie
71bcd76cc5 merge: Update IMPORTANT_NOTES.md (!470)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/470

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Marie <marie@kaifa.ch>
Approved-by: dakkar <dakkar@thenautilus.net>
2024-03-14 11:53:15 +00:00
Dalek
cdb82c0ade Update IMPORTANT_NOTES.md 2024-03-13 00:17:57 +00:00
dakkar
6826e43ad7 make cookie a bit more secure - fixes #445
We can't make the cookie `HttpOnly` because we're setting it from
Javascript, but I'm not sure it's worth the trouble to redesign that:
`JSON.parse(localStorage.account).token` gives you the token anyway,
hiding the cookie from JS won't offer much protection.

At least we can mark is `Secure` (meaning, only send it over HTTPS)
and _delete it on logout_ (it wasn't!)
2024-03-10 10:26:04 +00:00
dakkar
ff189b1952 hide CW-ed featured notes on welcome page - fixes #458
not the most elegant solution, but simple and robust
2024-03-10 10:13:35 +00:00
dakkar
43544a6479 longer statement_timeout for migrations - fixes 450 2024-03-09 15:38:36 +00:00
dakkar
ebe8179c9e save and restore UI language together with other prefs - fixes #443 2024-03-03 11:23:49 +00:00
5 changed files with 23 additions and 6 deletions

View file

@ -6,8 +6,11 @@ When using a service with Sharkey, there are several important points to keep in
2. Even for posts made in private, there is no guarantee that the recipient's server will treat them as private in the same way. Please exercise caution when posting personal or confidential information. (Again, this applies to the internet in general.)
3. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
3. The "Drive" feature is NOT secure cloud storage. This feature exists for easier managing of your uploaded files.
Any data uploaded, whether shared via post or not, will be publicly accessible. Please use 3rd party cloud storage providers if you need to upload data with sensitive information of any kind.
4. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
4. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
Please understand these points and enjoy using the service.
5. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
Please understand these points and enjoy using the service.

View file

@ -11,7 +11,11 @@ export default new DataSource({
username: config.db.user,
password: config.db.pass,
database: config.db.db,
extra: config.db.extra,
extra: {
...config.db.extra,
// migrations may be very slow, give them longer to run (that 10*1000 comes from postgres.ts)
statement_timeout: (config.db.extra?.statement_timeout ?? 1000 * 10) * 10,
},
entities: entities,
migrations: ['migration/*.js'],
});

View file

@ -43,6 +43,7 @@ export async function signout() {
waiting();
miLocalStorage.removeItem('account');
await removeAccount($i.id);
document.cookie = `token=; path=/; max-age=0${ location.protocol === 'https:' ? '; Secure' : ''}`;
const accounts = await getAccounts();
//#region Remove service worker registration
@ -200,7 +201,7 @@ export async function login(token: Account['token'], redirect?: string) {
throw reason;
});
miLocalStorage.setItem('account', JSON.stringify(me));
document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う
document.cookie = `token=${token}; path=/; max-age=31536000${ location.protocol === 'https:' ? '; Secure' : ''}`; // bull dashboardの認証とかで使う
await addAccount(me.id, token);
if (redirect) {

View file

@ -139,6 +139,7 @@ type Profile = {
hot: Record<keyof typeof defaultStoreSaveKeys, unknown>;
cold: Record<keyof typeof coldDeviceStorageSaveKeys, unknown>;
fontSize: string | null;
lang: string | null;
cornerRadius: string | null;
useSystemFont: 't' | null;
wallpaper: string | null;
@ -197,6 +198,7 @@ function getSettings(): Profile['settings'] {
hot,
cold,
fontSize: miLocalStorage.getItem('fontSize'),
lang: miLocalStorage.getItem('lang'),
cornerRadius: miLocalStorage.getItem('cornerRadius'),
useSystemFont: miLocalStorage.getItem('useSystemFont') as 't' | null,
wallpaper: miLocalStorage.getItem('wallpaper'),
@ -312,6 +314,13 @@ async function applyProfile(id: string): Promise<void> {
miLocalStorage.removeItem('fontSize');
}
// lang
if (settings.lang) {
miLocalStorage.setItem('lang', settings.lang);
} else {
miLocalStorage.removeItem('lang');
}
// cornerRadius
if (settings.cornerRadius) {
miLocalStorage.setItem('cornerRadius', settings.cornerRadius);

View file

@ -40,7 +40,7 @@ const isScrolling = ref(false);
const scrollEl = shallowRef<HTMLElement>();
misskeyApiGet('notes/featured').then(_notes => {
notes.value = _notes;
notes.value = _notes.filter(n => n.cw == null);
});
onUpdated(() => {