diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index a3263bf6aa139f7056d216ad686f5a3996795532..50f323fab057183187a88e7d8fe5aa10d3322e71 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,38 +1,36 @@
# Contribution guide
-We're glad you're interested in contributing Misskey! In this document you will find the information you need to contribute to the project.
-
-> **Note**
-> This project uses Japanese as its major language, **but you do not need to translate and write the Issues/PRs in Japanese.**
-> Also, you might receive comments on your Issue/PR in Japanese, but you do not need to reply to them in Japanese as well.\
-> The accuracy of machine translation into Japanese is not high, so it will be easier for us to understand if you write it in the original language.
-> It will also allow the reader to use the translation tool of their preference if necessary.
+We're glad you're interested in contributing to Sharkey! In this document you will find the information you need to contribute to the project.
## Roadmap
-See [ROADMAP.md](./ROADMAP.md)
+See [ROADMAP.md](./ROADMAP.md) for the upstream Misskey roadmap.
## Issues
Before creating an issue, please check the following:
- To avoid duplication, please search for similar issues before creating a new issue.
- Do not use Issues to ask questions or troubleshooting.
- Issues should only be used to feature requests, suggestions, and bug tracking.
- - Please ask questions or troubleshooting in [GitHub Discussions](https://github.com/misskey-dev/misskey/discussions) or [Discord](https://discord.gg/Wp8gVStHW3).
+ - Please ask questions or troubleshooting in [Discord](https://discord.gg/6VgKmEqHNk).
> **Warning**
> Do not close issues that are about to be resolved. It should remain open until a commit that actually resolves it is merged.
## Before implementation
-When you want to add a feature or fix a bug, **first have the design and policy reviewed in an Issue** (if it is not there, please make one). Without this step, there is a high possibility that the PR will not be merged even if it is implemented.
+When you want to add a feature or fix a bug, *please open an issue*,
+don't just start writing code. We may suggest different approaches, or
+show that the "bug" is actually intended behaviour (and offer
+work-arounds), or maybe we won't be able to merge your new feature
+because it would make it too hard to incorporate future changes from
+Misskey. Each of these examples have actually happened!
-At this point, you also need to clarify the goals of the PR you will create, and make sure that the other members of the team are aware of them.
-PRs that do not have a clear set of do's and don'ts tend to be bloated and difficult to review.
+On the other hand, it's very likely that we'll tell you "go
+ahead!". We try our best to incorporate improvements from our users!
Also, when you start implementation, assign yourself to the Issue (if you cannot do it yourself, ask another member to assign you). By expressing your intention to work the Issue, you can prevent conflicts in the work.
## Well-known branches
-- **`master`** branch is tracking the latest release and used for production purposes.
+- **`stable`** branch is tracking the latest release and used for production purposes.
- **`develop`** branch is where we work for the next release.
- When you create a PR, basically target it to this branch.
-- **`l10n_develop`** branch is reserved for localization management.
## Creating a PR
Thank you for your PR! Before creating a PR, please check the following:
@@ -40,7 +38,7 @@ Thank you for your PR! Before creating a PR, please check the following:
- `fix` / `refactor` / `feat` / `enhance` / `perf` / `chore` etc
- Also, make sure that the granularity of this PR is appropriate. Please do not include more than one type of change or interest in a single PR.
- If there is an Issue which will be resolved by this PR, please include a reference to the Issue in the text.
-- Please add the summary of the changes to [`CHANGELOG.md`](/CHANGELOG.md). However, this is not necessary for changes that do not affect the users, such as refactoring.
+- Please add the summary of the changes to [`CHANGELOG.md`](CHANGELOG.md). However, this is not necessary for changes that do not affect the users, such as refactoring.
- Check if there are any documents that need to be created or updated due to this change.
- If you have added a feature or fixed a bug, please add a test case if possible.
- Please make sure that tests and Lint are passed in advance.
@@ -66,26 +64,19 @@ Be willing to comment on the good points and not just the things you want fixed
- Are there any omissions or gaps?
- Does it check for anomalies?
-## Deploy
-The `/deploy` command by issue comment can be used to deploy the contents of a PR to the preview environment.
-```
-/deploy sha=<commit hash>
-```
-An actual domain will be assigned so you can test the federation.
-
## Merge
## Release
### Release Instructions
-1. Commit version changes in the `develop` branch ([package.json](https://github.com/misskey-dev/misskey/blob/develop/package.json))
+1. Commit version changes in the `develop` branch ([package.json](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/package.json))
2. Create a release PR.
- - Into `master` from `develop` branch.
+ - Into `stable` from `develop` branch.
- The title must be in the format `Release: x.y.z`.
- `x.y.z` is the new version you are trying to release.
3. Deploy and perform a simple QA check. Also verify that the tests passed.
4. Merge it. (Do not squash commit)
-5. Create a [release of GitHub](https://github.com/misskey-dev/misskey/releases)
- - The target branch must be `master`
+5. Create a [release](https://activitypub.software/TransFem-org/Sharkey/-/releases)
+ - The target branch must be `stable`
- The tag name must be the version
> **Note**
@@ -156,7 +147,7 @@ pnpm dev
```
## Testing
-- Test codes are located in [`/packages/backend/test`](/packages/backend/test).
+- Test codes are located in [`/packages/backend/test`](packages/backend/test).
### Run test
Create a config file.
@@ -188,8 +179,8 @@ TODO
- `MISSKEY_WEBFINGER_USE_HTTP`: If it's set true, WebFinger requests will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION.
## Continuous integration
-Misskey uses GitHub Actions for executing automated tests.
-Configuration files are located in [`/.github/workflows`](/.github/workflows).
+Sharkey uses GitLab CI for executing automated tests.
+Configuration files are located in [`/.gitlab-ci.yml`](.gitlab-ci.yml).
## Vue
Misskey uses Vue(v3) as its front-end framework.
@@ -455,3 +446,30 @@ marginã¯ãã®ã‚³ãƒ³ãƒãƒ¼ãƒãƒ³ãƒˆã‚’使ã†å´ãŒè¨å®šã™ã‚‹
### indexã¨ã„ã†ãƒ•ã‚¡ã‚¤ãƒ«åを使ã†ãª
ESMã§ã¯ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚¤ãƒ³ãƒãƒ¼ãƒˆã¯å»ƒæ¢ã•ã‚Œã¦ã„ã‚‹ã®ã¨ã€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚¤ãƒ³ãƒãƒ¼ãƒˆã›ãšã¨ã‚‚ファイルå㌠index ã ã¨ä½•æ•…ã‹ä¸€éƒ¨ã®ãƒ©ã‚¤ãƒ–ラリ?ã§ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚¤ãƒ³ãƒãƒ¼ãƒˆã ã¨è¦‹åšã•ã‚Œã¦ã‚¨ãƒ©ãƒ¼ã«ãªã‚‹
+
+## Merging from Misskey into Sharkey
+
+Make sure you have both remotes in the same clone (`git remote add misskey
+https://github.com/misskey-dev/misskey.git`), then:
+
+ git remote update
+ git checkout develop # this is Sharkey's develop
+ git checkout -m merge/$(date +%Y-%m-%d) # or whatever
+ git merge --no-ff misskey/develop
+
+fix conflicts and *commit*!
+
+*after that commit*, do all the extra work, on the same branch:
+
+* copy all changes:
+ * from `NoteCreateService.create` to `NoteCreateService.import` (and
+ vice versa if `git` got confused!)
+ * from `NoteCreateService` to `NoteEditService`
+ * from `ApNoteService.createNote` to `ApNoteService.updateNote`
+ * from `endoints/notes/create.ts` to `endoints/notes/edit.ts`
+ * from `MkNote*` to `SkNote*` (if sensible)
+* run tests `pnpm test` and fix as much as you can
+* run lint `pnpm --filter=backend lint` + `pnpm --filter=frontend
+ eslint` and fix as much as you can
+
+Then push and open a Merge Request.
diff --git a/Dockerfile b/Dockerfile
index 8ad4bbbfb10b73b7c61ffe873add8765dfb52cb4..7e0a778862ec9fee84677557c002b1fd85ed44a6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,10 +4,6 @@ ARG NODE_VERSION=20.10.0-alpine3.18
FROM node:${NODE_VERSION} as build
-RUN corepack enable
-
-WORKDIR /sharkey
-
RUN apk add git linux-headers build-base
ENV PYTHONUNBUFFERED=1
@@ -15,55 +11,70 @@ RUN apk add --update python3 && ln -sf python3 /usr/bin/python
RUN python3 -m ensurepip
RUN pip3 install --no-cache --upgrade pip setuptools
-COPY . ./
+RUN corepack enable
+
+WORKDIR /sharkey
+
+COPY --link . ./
RUN git submodule update --init --recursive
RUN pnpm config set fetch-retries 5
RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
- pnpm i
+ pnpm i --frozen-lockfile --aggregate-output
RUN pnpm build
RUN node scripts/trim-deps.mjs
RUN mv packages/frontend/assets sharkey-assets
+RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
+ pnpm prune
RUN rm -r node_modules packages/frontend packages/sw
RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
- pnpm i --prod
+ pnpm i --prod --frozen-lockfile --aggregate-output
RUN rm -rf .git
FROM node:${NODE_VERSION}
-WORKDIR /sharkey
+ARG UID="991"
+ARG GID="991"
-RUN apk add ffmpeg tini
+RUN apk add ffmpeg tini jemalloc \
+ && corepack enable \
+ && addgroup -g "${GID}" sharkey \
+ && adduser -D -u "${UID}" -G sharkey -h /sharkey sharkey \
+ && find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; \
+ && find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \;
-COPY --from=build /sharkey/built ./built
-COPY --from=build /sharkey/node_modules ./node_modules
-COPY --from=build /sharkey/packages/backend/built ./packages/backend/built
-COPY --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules
-COPY --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib
-COPY --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules
-COPY --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built
-COPY --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules
-COPY --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built
-COPY --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules
-COPY --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built
-COPY --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules
-COPY --from=build /sharkey/fluent-emojis ./fluent-emojis
-COPY --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist
-COPY --from=build /sharkey/sharkey-assets ./packages/frontend/assets
+USER sharkey
+WORKDIR /sharkey
+
+COPY --chown=sharkey:sharkey --from=build /sharkey/node_modules ./node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/built ./built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/built ./packages/backend/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib
+COPY --chown=sharkey:sharkey --from=build /sharkey/fluent-emojis ./fluent-emojis
+COPY --chown=sharkey:sharkey --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist
+COPY --chown=sharkey:sharkey --from=build /sharkey/sharkey-assets ./packages/frontend/assets
-COPY package.json ./package.json
-COPY pnpm-workspace.yaml ./pnpm-workspace.yaml
-COPY packages/backend/package.json ./packages/backend/package.json
-COPY packages/backend/check_connect.js ./packages/backend/check_connect.js
-COPY packages/backend/ormconfig.js ./packages/backend/ormconfig.js
-COPY packages/backend/migration ./packages/backend/migration
-COPY packages/backend/assets ./packages/backend/assets
-COPY packages/megalodon/package.json ./packages/megalodon/package.json
-COPY packages/misskey-js/package.json ./packages/misskey-js/package.json
-COPY packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json
-COPY packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json
+COPY --chown=sharkey:sharkey package.json ./package.json
+COPY --chown=sharkey:sharkey pnpm-workspace.yaml ./pnpm-workspace.yaml
+COPY --chown=sharkey:sharkey packages/backend/package.json ./packages/backend/package.json
+COPY --chown=sharkey:sharkey packages/backend/check_connect.js ./packages/backend/check_connect.js
+COPY --chown=sharkey:sharkey packages/backend/ormconfig.js ./packages/backend/ormconfig.js
+COPY --chown=sharkey:sharkey packages/backend/migration ./packages/backend/migration
+COPY --chown=sharkey:sharkey packages/backend/assets ./packages/backend/assets
+COPY --chown=sharkey:sharkey packages/megalodon/package.json ./packages/megalodon/package.json
+COPY --chown=sharkey:sharkey packages/misskey-js/package.json ./packages/misskey-js/package.json
+COPY --chown=sharkey:sharkey packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json
+COPY --chown=sharkey:sharkey packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json
+ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2
ENV NODE_ENV=production
-RUN corepack enable
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["pnpm", "run", "migrateandstart"]
diff --git a/IMPORTANT_NOTES.md b/IMPORTANT_NOTES.md
index fba40d21ce1c628951bd1777aad8ccdf48450e38..54d0440bea7a559a5ccb0feb986de3906d5dbdb5 100644
--- a/IMPORTANT_NOTES.md
+++ b/IMPORTANT_NOTES.md
@@ -6,8 +6,11 @@ When using a service with Sharkey, there are several important points to keep in
2. Even for posts made in private, there is no guarantee that the recipient's server will treat them as private in the same way. Please exercise caution when posting personal or confidential information. (Again, this applies to the internet in general.)
-3. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
+3. The "Drive" feature is NOT secure cloud storage. This feature exists for easier managing of your uploaded files.
+Any data uploaded, whether shared via post or not, will be publicly accessible. Please use 3rd party cloud storage providers if you need to upload data with sensitive information of any kind.
-4. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
+4. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
-Please understand these points and enjoy using the service.
\ No newline at end of file
+5. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
+
+Please understand these points and enjoy using the service.
diff --git a/locales/en-US.yml b/locales/en-US.yml
index a1abba47e605ceb28468f0412f373f0700cb408c..80e45c42d80594c4920bfbe13e9a04a7acee846f 100644
--- a/locales/en-US.yml
+++ b/locales/en-US.yml
@@ -134,7 +134,7 @@ overwriteFromPinnedEmojis: "Override from general settings"
reactionSettingDescription2: "Drag to reorder, click to delete, press \"+\" to add."
rememberNoteVisibility: "Remember note visibility settings"
attachCancel: "Remove attachment"
-deleteFile: "File deleted"
+deleteFile: "Delete file"
markAsSensitive: "Mark as sensitive"
unmarkAsSensitive: "Unmark as sensitive"
enterFileName: "Enter filename"
diff --git a/package.json b/package.json
index 5e89cba218a9cc778f55af21b32db079a4699b2c..f3bfd1db1b5b7567631bc5ca9d8112d6c112d4e7 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "sharkey",
- "version": "2024.3.1",
+ "version": "2024.3.2",
"codename": "shonk",
"repository": {
"type": "git",
diff --git a/packages/backend/migration/1709462550083-MoreRepoUrl.js b/packages/backend/migration/1709462550083-MoreRepoUrl.js
new file mode 100644
index 0000000000000000000000000000000000000000..90bab0e67682976c908586fd5555a6385fb3b05a
--- /dev/null
+++ b/packages/backend/migration/1709462550083-MoreRepoUrl.js
@@ -0,0 +1,16 @@
+/*
+ * SPDX-FileCopyrightText: dakkar and other Sharkey contributors
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+export class MoreRepoUrl1709462550083 {
+ name = 'MoreRepoUrl1709462550083'
+
+ async up(queryRunner) {
+ await queryRunner.query(`UPDATE "meta" SET "repositoryUrl"=DEFAULT WHERE "repositoryUrl" IN ('https://git.joinfirefish.org/firefish/firefish','https://codeberg/firefish/firefish','https://codeberg.org/calckey/calckey','https://iceshrimp.dev/iceshrimp/iceshrimp')`);
+ await queryRunner.query(`UPDATE "meta" SET "feedbackUrl"=DEFAULT WHERE "feedbackUrl" IN ('https://git.joinfirefish.org/firefish/firefish/issues','https://codeberg/firefish/firefish/issues','https://codeberg.org/calckey/calckey/firefish/firefish/issues','https://iceshrimp.dev/iceshrimp/iceshrimp/issues/new','https://iceshrimp.dev/iceshrimp/iceshrimp/issues')`);
+ }
+
+ async down(queryRunner) {
+ }
+}
diff --git a/packages/backend/ormconfig.js b/packages/backend/ormconfig.js
index 229e5bf1fe5b83c93b92cf4fbbf90bfae94058df..c88b3b3d65b85cf6a958f4b9a6bbe41936e5b125 100644
--- a/packages/backend/ormconfig.js
+++ b/packages/backend/ormconfig.js
@@ -11,7 +11,11 @@ export default new DataSource({
username: config.db.user,
password: config.db.pass,
database: config.db.db,
- extra: config.db.extra,
+ extra: {
+ ...config.db.extra,
+ // migrations may be very slow, give them longer to run (that 10*1000 comes from postgres.ts)
+ statement_timeout: (config.db.extra?.statement_timeout ?? 1000 * 10) * 10,
+ },
entities: entities,
migrations: ['migration/*.js'],
});
diff --git a/packages/backend/src/core/HttpRequestService.ts b/packages/backend/src/core/HttpRequestService.ts
index 7f3cac7c58078b5a1abd4db0b4066ed16c312032..bea5dee6ab4a611b43bda9a28cce9f242dccf743 100644
--- a/packages/backend/src/core/HttpRequestService.ts
+++ b/packages/backend/src/core/HttpRequestService.ts
@@ -15,6 +15,7 @@ import type { Config } from '@/config.js';
import { StatusError } from '@/misc/status-error.js';
import { bindThis } from '@/decorators.js';
import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
+import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
import type { IObject } from '@/core/activitypub/type.js';
import type { Response } from 'node-fetch';
import type { URL } from 'node:url';
@@ -125,7 +126,12 @@ export class HttpRequestService {
validators: [validateContentTypeSetAsActivityPub],
});
- return await res.json() as IObject;
+ const finalUrl = res.url; // redirects may have been involved
+ const activity = await res.json() as IObject;
+
+ assertActivityMatchesUrls(activity, [url, finalUrl]);
+
+ return activity;
}
@bindThis
diff --git a/packages/backend/src/core/NoteCreateService.ts b/packages/backend/src/core/NoteCreateService.ts
index b985846f1c49e138d9edb2d073e154137e85172f..631d7074bd3b5bb5c664df0969cb0a195d69f047 100644
--- a/packages/backend/src/core/NoteCreateService.ts
+++ b/packages/backend/src/core/NoteCreateService.ts
@@ -266,6 +266,16 @@ export class NoteCreateService implements OnApplicationShutdown {
}
}
+ const hasProhibitedWords = await this.checkProhibitedWordsContain({
+ cw: data.cw,
+ text: data.text,
+ pollChoices: data.poll?.choices,
+ }, meta.prohibitedWords);
+
+ if (hasProhibitedWords) {
+ throw new IdentifiableError('689ee33f-f97c-479a-ac49-1b9f8140af99', 'Note contains prohibited words');
+ }
+
const inSilencedInstance = this.utilityService.isSilencedHost(meta.silencedHosts, user.host);
if (data.visibility === 'public' && inSilencedInstance && user.host !== null) {
@@ -299,7 +309,7 @@ export class NoteCreateService implements OnApplicationShutdown {
}
// Check blocking
- if (data.renote && data.text == null && data.poll == null && (data.files == null || data.files.length === 0)) {
+ if (data.renote && !this.isQuote(data)) {
if (data.renote.userHost === null) {
if (data.renote.userId !== user.id) {
const blocked = await this.userBlockingService.checkBlocked(data.renote.userId, user.id);
@@ -1018,7 +1028,7 @@ export class NoteCreateService implements OnApplicationShutdown {
removeOnComplete: true,
});
}
-
+
// Pack the note
const noteObj = await this.noteEntityService.pack(note, null, { skipHide: true, withReactionAndUserPairCache: true });
diff --git a/packages/backend/src/core/UtilityService.ts b/packages/backend/src/core/UtilityService.ts
index 652e8f74499076bdffdb84f4f05f105007a69936..21c4af3ca55c8fd7acc1090bc7f9508eeed6ccb2 100644
--- a/packages/backend/src/core/UtilityService.ts
+++ b/packages/backend/src/core/UtilityService.ts
@@ -86,7 +86,7 @@ export class UtilityService {
@bindThis
public extractDbHost(uri: string): string {
const url = new URL(uri);
- return this.toPuny(url.hostname);
+ return this.toPuny(url.host);
}
@bindThis
@@ -99,4 +99,11 @@ export class UtilityService {
if (host == null) return null;
return toASCII(host.toLowerCase());
}
+
+ @bindThis
+ public punyHost(url: string): string {
+ const urlObj = new URL(url);
+ const host = `${this.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`;
+ return host;
+ }
}
diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts
index 93ac8ce9a74bdb9b680ea37aeb8db59df7c107b5..fd8d65445a6196cd4727eb94ef88f7590581032e 100644
--- a/packages/backend/src/core/activitypub/ApRequestService.ts
+++ b/packages/backend/src/core/activitypub/ApRequestService.ts
@@ -14,7 +14,9 @@ import { HttpRequestService } from '@/core/HttpRequestService.js';
import { LoggerService } from '@/core/LoggerService.js';
import { bindThis } from '@/decorators.js';
import type Logger from '@/logger.js';
+import type { IObject } from './type.js';
import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
+import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
type Request = {
url: string;
@@ -201,6 +203,11 @@ export class ApRequestService {
validators: [validateContentTypeSetAsActivityPub],
});
- return await res.json();
+ const finalUrl = res.url; // redirects may have been involved
+ const activity = await res.json() as IObject;
+
+ assertActivityMatchesUrls(activity, [url, finalUrl]);
+
+ return activity;
}
}
diff --git a/packages/backend/src/core/activitypub/ApResolverService.ts b/packages/backend/src/core/activitypub/ApResolverService.ts
index bb3c40f0939b6a65a486123d1e0b4bdd218052c4..b047a6c59ba581cc22e528f7ac0f6755de2f1e83 100644
--- a/packages/backend/src/core/activitypub/ApResolverService.ts
+++ b/packages/backend/src/core/activitypub/ApResolverService.ts
@@ -115,6 +115,14 @@ export class Resolver {
throw new Error('invalid response');
}
+ // HttpRequestService / ApRequestService have already checked that
+ // `object.id` or `object.url` matches the URL used to fetch the
+ // object after redirects; here we double-check that no redirects
+ // bounced between hosts
+ if (object.id && (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value))) {
+ throw new Error(`invalid AP object ${value}: id ${object.id} has different host`);
+ }
+
return object;
}
diff --git a/packages/backend/src/core/activitypub/misc/check-against-url.ts b/packages/backend/src/core/activitypub/misc/check-against-url.ts
new file mode 100644
index 0000000000000000000000000000000000000000..78ba891a2e71524c5c629cc051c8b34aed256e32
--- /dev/null
+++ b/packages/backend/src/core/activitypub/misc/check-against-url.ts
@@ -0,0 +1,19 @@
+/*
+ * SPDX-FileCopyrightText: dakkar and sharkey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+import type { IObject } from '../type.js';
+
+export function assertActivityMatchesUrls(activity: IObject, urls: string[]) {
+ const idOk = activity.id !== undefined && urls.includes(activity.id);
+
+ // technically `activity.url` could be an `ApObject = IObject |
+ // string | (IObject | string)[]`, but if it's a complicated thing
+ // and the `activity.id` doesn't match, I think we're fine
+ // rejecting the activity
+ const urlOk = typeof(activity.url) === 'string' && urls.includes(activity.url);
+
+ if (!idOk && !urlOk) {
+ throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${activity?.url}) match location(${urls})`);
+ }
+}
diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts
index c489d38d90587474da633d9c266b0f906638466b..224b8e8c3f64ec8c98c6972225fce5c375330664 100644
--- a/packages/backend/src/core/activitypub/models/ApPersonService.ts
+++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts
@@ -127,12 +127,6 @@ export class ApPersonService implements OnModuleInit {
this.logger = this.apLoggerService.logger;
}
- private punyHost(url: string): string {
- const urlObj = new URL(url);
- const host = `${this.utilityService.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`;
- return host;
- }
-
/**
* Validate and convert to actor object
* @param x Fetched object
@@ -140,7 +134,7 @@ export class ApPersonService implements OnModuleInit {
*/
@bindThis
private validateActor(x: IObject, uri: string): IActor {
- const expectHost = this.punyHost(uri);
+ const expectHost = this.utilityService.punyHost(uri);
if (!isActor(x)) {
throw new Error(`invalid Actor type '${x.type}'`);
@@ -154,6 +148,19 @@ export class ApPersonService implements OnModuleInit {
throw new Error('invalid Actor: wrong inbox');
}
+ if (this.utilityService.punyHost(x.inbox) !== expectHost) {
+ throw new Error('invalid Actor: inbox has different host');
+ }
+
+ for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) {
+ const collectionUri = (x as IActor)[collection];
+ if (typeof collectionUri === 'string' && collectionUri.length > 0) {
+ if (this.utilityService.punyHost(collectionUri) !== expectHost) {
+ throw new Error(`invalid Actor: ${collection} has different host`);
+ }
+ }
+ }
+
if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) {
throw new Error('invalid Actor: wrong username');
}
@@ -177,7 +184,7 @@ export class ApPersonService implements OnModuleInit {
x.summary = truncate(x.summary, summaryLength);
}
- const idHost = this.punyHost(x.id);
+ const idHost = this.utilityService.punyHost(x.id);
if (idHost !== expectHost) {
throw new Error('invalid Actor: id has different host');
}
@@ -187,7 +194,7 @@ export class ApPersonService implements OnModuleInit {
throw new Error('invalid Actor: publicKey.id is not a string');
}
- const publicKeyIdHost = this.punyHost(x.publicKey.id);
+ const publicKeyIdHost = this.utilityService.punyHost(x.publicKey.id);
if (publicKeyIdHost !== expectHost) {
throw new Error('invalid Actor: publicKey.id has different host');
}
@@ -286,7 +293,7 @@ export class ApPersonService implements OnModuleInit {
this.logger.info(`Creating the Person: ${person.id}`);
- const host = this.punyHost(object.id);
+ const host = this.utilityService.punyHost(object.id);
const fields = this.analyzeAttachments(person.attachment ?? []);
diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts
index 364a4826e35efec54c704ab0d68329eb8b0adfa0..ca6789a4642351caf70cd095b18e85152944dda1 100644
--- a/packages/backend/src/server/api/endpoints/ap/show.ts
+++ b/packages/backend/src/server/api/endpoints/ap/show.ts
@@ -113,8 +113,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
@bindThis
private async fetchAny(uri: string, me: MiLocalUser | null | undefined): Promise<SchemaType<typeof meta['res']> | null> {
// ブãƒãƒƒã‚¯ã—ã¦ãŸã‚‰ä¸æ–
+ const host = this.utilityService.extractDbHost(uri);
const fetchedMeta = await this.metaService.fetch();
- if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, this.utilityService.extractDbHost(uri))) return null;
+ if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, host)) return null;
let local = await this.mergePack(me, ...await Promise.all([
this.apDbResolverService.getUserFromApId(uri),
@@ -122,6 +123,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
]));
if (local != null) return local;
+ // local object, not found in db? fail
+ if (this.utilityService.isSelfHost(host)) return null;
+
// リモートã‹ã‚‰ä¸€æ—¦ã‚ªãƒ–ジェクトフェッãƒ
const resolver = this.apResolverService.createResolver();
const object = await resolver.resolve(uri) as any;
diff --git a/packages/frontend/src/account.ts b/packages/frontend/src/account.ts
index 171826c9d8be2766b2ce471e57388a3e81fb1c82..90cc2e51c95982b9c58fc398e0bc39db51779200 100644
--- a/packages/frontend/src/account.ts
+++ b/packages/frontend/src/account.ts
@@ -43,6 +43,7 @@ export async function signout() {
waiting();
miLocalStorage.removeItem('account');
await removeAccount($i.id);
+ document.cookie = `token=; path=/; max-age=0${ location.protocol === 'https:' ? '; Secure' : ''}`;
const accounts = await getAccounts();
//#region Remove service worker registration
@@ -200,7 +201,7 @@ export async function login(token: Account['token'], redirect?: string) {
throw reason;
});
miLocalStorage.setItem('account', JSON.stringify(me));
- document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardã®èªè¨¼ã¨ã‹ã§ä½¿ã†
+ document.cookie = `token=${token}; path=/; max-age=31536000${ location.protocol === 'https:' ? '; Secure' : ''}`; // bull dashboardã®èªè¨¼ã¨ã‹ã§ä½¿ã†
await addAccount(me.id, token);
if (redirect) {
diff --git a/packages/frontend/src/boot/main-boot.ts b/packages/frontend/src/boot/main-boot.ts
index fbb4baebdc728666997c298eec0bdd0f901efc24..34612fee73b217fdc207f32808910dda523362ea 100644
--- a/packages/frontend/src/boot/main-boot.ts
+++ b/packages/frontend/src/boot/main-boot.ts
@@ -73,27 +73,31 @@ export async function mainBoot() {
mainRouter.push('/search');
},
};
-
- if (defaultStore.state.enableSeasonalScreenEffect) {
- const month = new Date().getMonth() + 1;
- if (defaultStore.state.hemisphere === 'S') {
- // â–¼å—åŠçƒ
- if (month === 7 || month === 8) {
- const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
- new SnowfallEffect({}).render();
- }
- } else {
- // ▼北åŠçƒ
- if (month === 12 || month === 1) {
- const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
- new SnowfallEffect({}).render();
- } else if (month === 3 || month === 4) {
- const SakuraEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
- new SakuraEffect({
- sakura: true,
- }).render();
+ try {
+ if (defaultStore.state.enableSeasonalScreenEffect) {
+ const month = new Date().getMonth() + 1;
+ if (defaultStore.state.hemisphere === 'S') {
+ // â–¼å—åŠçƒ
+ if (month === 7 || month === 8) {
+ const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
+ new SnowfallEffect({}).render();
+ }
+ } else {
+ // ▼北åŠçƒ
+ if (month === 12 || month === 1) {
+ const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
+ new SnowfallEffect({}).render();
+ } else if (month === 3 || month === 4) {
+ const SakuraEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
+ new SakuraEffect({
+ sakura: true,
+ }).render();
+ }
}
- }
+ }
+ } catch (error) {
+ // console.error(error);
+ console.error('Failed to initialise the seasonal screen effect canvas context:', error);
}
if ($i) {
diff --git a/packages/frontend/src/components/MkCode.core.vue b/packages/frontend/src/components/MkCode.core.vue
index f9aaf4eff3e8fb90adb3699af98a5ff614e8d860..a23b4dc3b24708cdcccb9990f3f72061fe83f393 100644
--- a/packages/frontend/src/components/MkCode.core.vue
+++ b/packages/frontend/src/components/MkCode.core.vue
@@ -72,12 +72,16 @@ watch(() => props.lang, (to) => {
</script>
<style module lang="scss">
+.codeBlockRoot {
+ text-align: left;
+}
+
.codeBlockRoot :global(.shiki) > code {
counter-reset: step;
counter-increment: step 0;
}
-.codeBlockRoot :global(.shiki) > code > .line::before {
+.codeBlockRoot :global(.shiki) > code > span::before {
content: counter(step);
counter-increment: step;
width: 1rem;
diff --git a/packages/frontend/src/index.html b/packages/frontend/src/index.html
index ecd4f4471355ebec05e6607618944e3b430d0c52..54059bfaf4a05c13d586cc178e99504aa8c52657 100644
--- a/packages/frontend/src/index.html
+++ b/packages/frontend/src/index.html
@@ -20,7 +20,7 @@
worker-src 'self';
script-src 'self' 'unsafe-eval' https://*.hcaptcha.com https://challenges.cloudflare.com;
style-src 'self' 'unsafe-inline';
- img-src 'self' data: blob: www.google.com xn--931a.moe launcher.moe localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000;
+ img-src 'self' data: blob: www.google.com xn--931a.moe launcher.moe localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000 activitypub.software secure.gravatar.com avatars.githubusercontent.com;
media-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000;
connect-src 'self' localhost:3000 localhost:5173 127.0.0.1:5173 127.0.0.1:3000 https://newassets.hcaptcha.com;
frame-src *;"
diff --git a/packages/frontend/src/pages/about-sharkey.vue b/packages/frontend/src/pages/about-sharkey.vue
index 30788e24ceb9516dbc9016263150347343755448..1bfd90c8f74cf2c2a1238295baa0799c03450168 100644
--- a/packages/frontend/src/pages/about-sharkey.vue
+++ b/packages/frontend/src/pages/about-sharkey.vue
@@ -77,14 +77,34 @@ SPDX-License-Identifier: AGPL-3.0-only
<FormSection>
<template #label>{{ i18n.ts._aboutMisskey.projectMembers }}</template>
<div :class="$style.contributors" style="margin-bottom: 8px;">
- <a href="https://activitypub.software/Marie" target="_blank" :class="$style.contributor">
- <img src="https://activitypub.software/uploads/-/system/user/avatar/2/avatar.png?width=128" :class="$style.contributorAvatar">
- <span :class="$style.contributorUsername">@Marie</span>
- </a>
<a href="https://activitypub.software/Amelia" target="_blank" :class="$style.contributor">
<img src="https://activitypub.software/uploads/-/system/user/avatar/1/avatar.png?width=128" :class="$style.contributorAvatar">
<span :class="$style.contributorUsername">@Amelia</span>
</a>
+ <a href="https://activitypub.software/dakkar" target="_blank" :class="$style.contributor">
+ <img src="https://secure.gravatar.com/avatar/c71b315eed7c63ff94c42b1b3e8dbad1?s=192&d=identicon" :class="$style.contributorAvatar">
+ <span :class="$style.contributorUsername">@dakkar</span>
+ </a>
+ <a href="https://activitypub.software/esm" target="_blank" :class="$style.contributor">
+ <img src="https://secure.gravatar.com/avatar/00fd054610e2a9dcf97a2aa661b168d0?s=192&d=identicon" :class="$style.contributorAvatar">
+ <span :class="$style.contributorUsername">@esm</span>
+ </a>
+ <a href="https://activitypub.software/supakaity" target="_blank" :class="$style.contributor">
+ <img src="https://activitypub.software/uploads/-/system/user/avatar/65/avatar.png?width=40" :class="$style.contributorAvatar">
+ <span :class="$style.contributorUsername">@supakaity</span>
+ </a>
+ <a href="https://activitypub.software/julia" target="_blank" :class="$style.contributor">
+ <img src="https://activitypub.software/uploads/-/system/user/avatar/41/avatar.png?width=40" :class="$style.contributorAvatar">
+ <span :class="$style.contributorUsername">@julia</span>
+ </a>
+ <a href="https://activitypub.software/Leah" target="_blank" :class="$style.contributor">
+ <img src="https://secure.gravatar.com/avatar/3b35b921b284ccfd1fe348508f6f705b?s=80&d=identicon" :class="$style.contributorAvatar">
+ <span :class="$style.contributorUsername">@Leah</span>
+ </a>
+ <a href="https://activitypub.software/fEmber" target="_blank" :class="$style.contributor">
+ <img src="https://secure.gravatar.com/avatar/ea0ea6451fdb74311efad369bdce018e?s=80&d=identicon" :class="$style.contributorAvatar">
+ <span :class="$style.contributorUsername">@fEmber</span>
+ </a>
</div>
<template #caption><MkLink url="https://activitypub.software/TransFem-org/Sharkey/-/graphs/develop">{{ i18n.ts._aboutMisskey.allContributors }}</MkLink></template>
</FormSection>
diff --git a/packages/frontend/src/pages/search.note.vue b/packages/frontend/src/pages/search.note.vue
index 33de0d72cf553bd0ce9b9e641fc216fd1ae61c0b..525e71cf00c59ff25309cd3f700c3810f1c1ae4e 100644
--- a/packages/frontend/src/pages/search.note.vue
+++ b/packages/frontend/src/pages/search.note.vue
@@ -85,7 +85,7 @@ async function search() {
if (query == null || query === '') return;
- if (query.startsWith('https://')) {
+ if (query.startsWith('http://') || query.startsWith('https://')) {
const promise = misskeyApi('ap/show', {
uri: query,
});
diff --git a/packages/frontend/src/pages/search.user.vue b/packages/frontend/src/pages/search.user.vue
index dad9cd910ac200715ccd45b9a74142427fec9ffd..8dda3b5b027f448230cab2f9c0f84227db3dbace 100644
--- a/packages/frontend/src/pages/search.user.vue
+++ b/packages/frontend/src/pages/search.user.vue
@@ -48,7 +48,7 @@ async function search() {
if (query == null || query === '') return;
- if (query.startsWith('https://')) {
+ if (query.startsWith('http://') || query.startsWith('https://')) {
const promise = misskeyApi('ap/show', {
uri: query,
});
diff --git a/packages/frontend/src/pages/welcome.timeline.vue b/packages/frontend/src/pages/welcome.timeline.vue
index 59f91e8b4cc3a9ce4b08f39a0d423cebd633e7c1..be4cb2d2de0badf7c395a39e7a954a07b5822176 100644
--- a/packages/frontend/src/pages/welcome.timeline.vue
+++ b/packages/frontend/src/pages/welcome.timeline.vue
@@ -40,7 +40,7 @@ const isScrolling = ref(false);
const scrollEl = shallowRef<HTMLElement>();
misskeyApiGet('notes/featured').then(_notes => {
- notes.value = _notes;
+ notes.value = _notes.filter(n => n.cw == null);
});
onUpdated(() => {
diff --git a/packages/frontend/src/scripts/lookup.ts b/packages/frontend/src/scripts/lookup.ts
index 7f020b15cc2bd7c220b4fe0feb66a7f0f173d502..db3a96b15cffa11c3d770d1d1a407c08ef41d512 100644
--- a/packages/frontend/src/scripts/lookup.ts
+++ b/packages/frontend/src/scripts/lookup.ts
@@ -28,7 +28,7 @@ export async function lookup(router?: Router) {
return;
}
- if (query.startsWith('https://')) {
+ if (query.startsWith('http://') || query.startsWith('https://')) {
const promise = misskeyApi('ap/show', {
uri: query,
});
diff --git a/packages/frontend/src/scripts/snowfall-effect.ts b/packages/frontend/src/scripts/snowfall-effect.ts
index 11fcaa07163d64ac6d7f365489d727802c7a2409..d88bdb666099fc2ef3b123e22a271cc75e2c24ea 100644
--- a/packages/frontend/src/scripts/snowfall-effect.ts
+++ b/packages/frontend/src/scripts/snowfall-effect.ts
@@ -155,7 +155,9 @@ export class SnowfallEffect {
max: 0.125,
easing: 0.0005,
};
-
+ /**
+ * @throws {Error} - Thrown when it fails to get WebGL context for the canvas
+ */
constructor(options: {
sakura?: boolean;
}) {