Compare revisions

865a9c49 · 865a9c49 · 865a9c49 · 865a9c49 · 865a9c49 · 865a9c49
--- a/UPGRADE_NOTES.md
+++ b/UPGRADE_NOTES.md
+# Upgrade Notes
+
+## 2025.X.X
+
+### Authorized Fetch
+
+This version retires the configuration entry `checkActivityPubGetSignature`, which is now replaced with the new "Authorized Fetch" settings under Control Panel/Security.
+The database migrations will automatically import the value of this configuration file, but it will never be read again after upgrading.
+To avoid confusion and possible mis-configuration, please remove the entry **after** completing the upgrade.
+Do not remove it before migration, or else the setting will reset to default (disabled)!
+
+## 2024.10.0
+
+### Hellspawns
+
+Sharkey versions before 2024.10 suffered from a bug in the "Mark instance as NSFW" feature.
+When a user from such an instance boosted a note, the boost would be converted to a hellspawn (pure renote with Content Warning).
+Hellspawns are buggy and do not properly federate, so it may be desirable to correct any that already exist in the database.
+The following script will correct any local or remote hellspawns in the database.
+
+```postgresql
+/* Remove "instance is marked as NSFW" hellspawns */
+UPDATE "note"
+SET "cw" = null
+WHERE
+	"renoteId" IS NOT NULL
+	AND "text" IS NULL
+	AND "cw" = 'Instance is marked as NSFW'
+	AND "replyId" IS NULL
+	AND "hasPoll" = false
+	AND "fileIds" = '{}';
+
+/* Fix legacy / user-created hellspawns */
+UPDATE "note"
+SET "text" = '.'
+WHERE
+	"renoteId" IS NOT NULL
+	AND "text" IS NULL
+	AND "cw" IS NOT NULL
+	AND "replyId" IS NULL
+	AND "hasPoll" = false
+	AND "fileIds" = '{}';
+```
+
+## 2024.9.0
+
+### Following Feed
+
+When upgrading an existing instance to version 2024.9.0, the Following Feed will initially be empty.
+The feed will gradually fill as new posts federate, but it may be desirable to back-fill the feed with existing data.
+This database script will populate the feed with the latest post of each type for all users, ensuring that data is fully populated after the update.
+Run this after migrations but before starting the instance.
+Warning: the script may take a long time to execute!
+
+```postgresql
+INSERT INTO latest_note (user_id, note_id, is_public, is_reply, is_quote)
+SELECT
+	"userId" as user_id,
+	id as note_id,
+	visibility = 'public' AS is_public,
+	"replyId" IS NOT NULL AS is_reply,
+	(
+		"renoteId" IS NOT NULL
+			AND (
+			text IS NOT NULL
+				OR cw IS NOT NULL
+				OR "replyId" IS NOT NULL
+				OR "hasPoll"
+				OR "fileIds" != '{}'
+			)
+		) AS is_quote
+FROM note
+WHERE ( -- Exclude pure renotes (boosts)
+				"renoteId" IS NULL
+					OR text IS NOT NULL
+					OR cw IS NOT NULL
+					OR "replyId" IS NOT NULL
+					OR "hasPoll"
+					OR "fileIds" != '{}'
+				)
+ORDER BY id DESC -- This part is very important: it ensures that we only load the *latest* notes of each type. Do not remove it!
+ON CONFLICT DO NOTHING; -- Any conflicts are guaranteed to be older notes that we can ignore.
+```
--- a/chart/files/default.yml
+++ b/chart/files/default.yml
@@ -124,6 +124,14 @@ redis:
 #  #prefix: example-prefix
 #  #db: 1

+#redisForReactions:
+#  host: redis
+#  port: 6379
+#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
+#  #pass: example-pass
+#  #prefix: example-prefix
+#  #db: 1
+
 #   ┌───────────────────────────┐
 #───┘ MeiliSearch configuration └─────────────────────────────

@@ -152,6 +160,22 @@ redis:
 # ID SETTINGS AFTER THAT!

 id: "aidx"
+
+#   ┌────────────────┐
+#───┘ Error tracking └──────────────────────────────────────────
+
+# Sentry is available for error tracking.
+# See the Sentry documentation for more details on options.
+
+#sentryForBackend:
+#  enableNodeProfiling: true
+#  options:
+#    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
+
+#sentryForFrontend:
+#  options:
+#    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
+
 #   ┌─────────────────────┐
 #───┘ Other configuration └─────────────────────────────────────

@@ -176,6 +200,19 @@ id: "aidx"
 # IP address family used for outgoing request (ipv4, ipv6 or dual)
 #outgoingAddressFamily: ipv4

+# Amount of characters that can be used when writing notes. Longer notes will be rejected. (minimum: 1)
+#maxNoteLength: 3000
+# Amount of characters that will be saved for remote notes. Longer notes will be truncated to this length. (minimum: 1)
+#maxRemoteNoteLength: 100000
+# Amount of characters that can be used when writing content warnings. Longer warnings will be rejected. (minimum: 1)
+#maxCwLength: 500
+# Amount of characters that will be saved for remote content warnings. Longer warnings will be truncated to this length. (minimum: 1)
+#maxRemoteCwLength: 5000
+# Amount of characters that can be used when writing media descriptions (alt text). Longer descriptions will be rejected. (minimum: 1)
+#maxAltTextLength: 20000
+# Amount of characters that will be saved for remote media descriptions (alt text). Longer descriptions will be truncated to this length. (minimum: 1)
+#maxRemoteAltTextLength: 100000
+
 # Proxy for HTTP/HTTPS
 #proxy: http://127.0.0.1:3128

@@ -192,12 +229,44 @@ id: "aidx"
 # Media Proxy
 #mediaProxy: https://example.com/proxy

-# Sign to ActivityPub GET request (default: true)
+# Sign outgoing ActivityPub GET request (default: true)
 signToActivityPubGet: true
+# Sign outgoing ActivityPub Activities (default: true)
+# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
+# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
+# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
+attachLdSignatureForRelays: true
+# check that inbound ActivityPub GET requests are signed ("authorized fetch")
+checkActivityPubGetSignature: false

 #allowedPrivateNetworks: [
 #  '127.0.0.1/32'
 #]

+#customMOTD: ['Hello World', 'The sharks rule all', 'Shonks']
+
 # Upload or download file size limits (bytes)
 #maxFileSize: 262144000
+
+# timeout (in milliseconds) and maximum size for imports (e.g. note imports)
+#import:
+#  downloadTimeout: 30000
+#  maxFileSize: 262144000
+
+# PID File of master process
+#pidFile: /tmp/misskey.pid
+
+# CHMod-style permission bits to apply to uploaded files.
+# Permission bits are specified as a base-8 string representing User/Group/Other permissions.
+# This setting is only useful for custom deployments, such as using a reverse proxy to serve media.
+#filePermissionBits: '644'
+
+# Log settings
+# logging:
+#   sql:
+#     # Outputs query parameters during SQL execution to the log.
+#     # default: false
+#     enableQueryParamLogging: false
+#     # Disable query truncation. If set to true, the full text of the query will be output to the log.
+#     # default: false
+#     disableQueryTruncation: false
--- a/docker-compose.local-db.yml
+++ b/docker-compose.local-db.yml
-version: "3"
-
 # このconfigは、 dockerでMisskey本体を起動せず、 redisとpostgresql などだけを起動します

 services:

--- a/docker-compose_example.yml
+++ b/docker-compose_example.yml
-version: "3"
-
 services:
  web:
+#   image: registry.activitypub.software/transfem-org/sharkey:latest
    build: .
    restart: always
    links:
@@ -17,17 +16,20 @@ services:
    ports:
      - "3000:3000"
    networks:
-      - internal_network
-      - external_network
+      - shonk
+    # env_file:
+    #   - .config/docker.env
+    environment:
+      - NODE_OPTIONS="--max-old-space-size=8192"
    volumes:
-      - ./files:/misskey/files
-      - ./.config:/misskey/.config:ro
+      - ./files:/sharkey/files
+      - ./.config:/sharkey/.config:ro

  redis:
    restart: always
    image: redis:7-alpine
    networks:
-      - internal_network
+      - shonk
    volumes:
      - ./redis:/data
    healthcheck:
@@ -37,9 +39,9 @@ services:

  db:
    restart: always
-    image: postgres:15-alpine
+    image: groonga/pgroonga:4.0.1-alpine-17
    networks:
-      - internal_network
+      - shonk
    env_file:
      - .config/docker.env
    volumes:
@@ -53,8 +55,7 @@ services:
 #    restart: always
 #    image: mcaptcha/mcaptcha:latest
 #    networks:
-#      internal_network:
-#      external_network:
+#      shonk:
 #        aliases:
 #          - localhost
 #    ports:
@@ -64,6 +65,8 @@ services:
 #    environment:
 #      PORT: 7493
 #      MCAPTCHA_redis_URL: "redis://mcaptcha_redis/"
+#      MCAPTCHA_allow_registration: true
+#      MCAPTCHA_server_DOMAIN: "example.tld"
 #    depends_on:
 #      db:
 #        condition: service_healthy
@@ -73,7 +76,7 @@ services:
 #  mcaptcha_redis:
 #    image: mcaptcha/cache:latest
 #    networks:
-#      - internal_network
+#      - shonk
 #    healthcheck:
 #      test: "redis-cli ping"
 #      interval: 5s
@@ -81,18 +84,16 @@ services:

 #  meilisearch:
 #    restart: always
-#    image: getmeili/meilisearch:v1.3.4
+#    image: getmeili/meilisearch:v1.13.0
 #    environment:
 #      - MEILI_NO_ANALYTICS=true
 #      - MEILI_ENV=production
-#    env_file:
-#      - .config/meilisearch.env
+#      - MEILI_MASTER_KEY=ChangeThis
 #    networks:
-#      - internal_network
+#      - shonk
 #    volumes:
 #      - ./meili_data:/meili_data

+
 networks:
-  internal_network:
-    internal: true
-  external_network:
+  shonk:
--- a/crowdin.yml
+++ b/crowdin.yml
 files:
-  - source: /locales/ja-JP.yml
-    translation: /locales/%locale%.yml
+  - source: /sharkey-locales/en-US.yml
+    translation: /sharkey-locales/%locale%.yml
    update_option: update_as_unapproved
--- a/cypress/e2e/basic.cy.js
+++ b/cypress/e2e/basic.cy.js
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
 describe('Before setup instance', () => {
 	beforeEach(() => {
 		cy.resetState();
@@ -18,6 +23,7 @@ describe('Before setup instance', () => {

 		cy.intercept('POST', '/api/admin/accounts/create').as('signup');

+		cy.get('[data-cy-admin-initial-password] input').type('example_password_please_change_this_or_you_will_get_hacked');
 		cy.get('[data-cy-admin-username] input').type('admin');
 		cy.get('[data-cy-admin-password] input').type('admin1234');
 		cy.get('[data-cy-admin-ok]').click();
@@ -114,11 +120,16 @@ describe('After user signup', () => {
 	it('signin', () => {
 		cy.visitHome();

-		cy.intercept('POST', '/api/signin').as('signin');
+		cy.intercept('POST', '/api/signin-flow').as('signin');

 		cy.get('[data-cy-signin]').click();
-		cy.get('[data-cy-signin-username] input').type('alice');
-		// Enterキーでサインインできるかの確認も兼ねる
+
+		cy.get('[data-cy-signin-page-input]').should('be.visible', { timeout: 1000 });
+		// Enterキーで続行できるかの確認も兼ねる
+		cy.get('[data-cy-signin-username] input').type('alice{enter}');
+
+		cy.get('[data-cy-signin-page-password]').should('be.visible', { timeout: 10000 });
+		// Enterキーで続行できるかの確認も兼ねる
 		cy.get('[data-cy-signin-password] input').type('alice1234{enter}');

 		cy.wait('@signin');
@@ -133,8 +144,9 @@ describe('After user signup', () => {
 		cy.visitHome();

 		cy.get('[data-cy-signin]').click();
-		cy.get('[data-cy-signin-username] input').type('alice');
-		cy.get('[data-cy-signin-password] input').type('alice1234{enter}');
+
+		cy.get('[data-cy-signin-page-input]').should('be.visible', { timeout: 1000 });
+		cy.get('[data-cy-signin-username] input').type('alice{enter}');

 		// TODO: cypressにブラウザの言語指定できる機能が実装され次第英語のみテストするようにする
 		cy.contains(/アカウントが凍結されています|This account has been suspended due to/gi);
@@ -162,12 +174,12 @@ describe('After user signed in', () => {

  it('successfully loads', () => {
 		// 表示に時間がかかるのでデフォルト秒数だとタイムアウトする
-		cy.get('[data-cy-user-setup-continue]', { timeout: 12000 }).should('be.visible');
+		cy.get('[data-cy-user-setup-continue]', { timeout: 30000 }).should('be.visible');
  });

 	it('account setup wizard', () => {
 		// 表示に時間がかかるのでデフォルト秒数だとタイムアウトする
-		cy.get('[data-cy-user-setup-continue]', { timeout: 12000 }).click();
+		cy.get('[data-cy-user-setup-continue]', { timeout: 30000 }).click();

 		cy.get('[data-cy-user-setup-user-name] input').type('ありす');
 		cy.get('[data-cy-user-setup-user-description] textarea').type('ほげ');
@@ -205,7 +217,7 @@ describe('After user setup', () => {

 		// アカウント初期設定ウィザード
 		// 表示に時間がかかるのでデフォルト秒数だとタイムアウトする
-		cy.get('[data-cy-user-setup] [data-cy-modal-window-close]', { timeout: 12000 }).click();
+		cy.get('[data-cy-user-setup] [data-cy-modal-window-close]', { timeout: 30000 }).click();
 		cy.get('[data-cy-modal-dialog-ok]').click();
 	});


--- a/cypress/e2e/router.cy.js
+++ b/cypress/e2e/router.cy.js
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
 describe('Router transition', () => {
 	describe('Redirect', () => {
 		// サーバの初期化。ルートのテストに関しては各describeごとに1度だけ実行で十分だと思う（使いまわした方が早い）
@@ -14,7 +19,7 @@ describe('Router transition', () => {

 			// アカウント初期設定ウィザード
 			// 表示に時間がかかるのでデフォルト秒数だとタイムアウトする
-			cy.get('[data-cy-user-setup] [data-cy-modal-window-close]', { timeout: 12000 }).click();
+			cy.get('[data-cy-user-setup] [data-cy-modal-window-close]', { timeout: 30000 }).click();
 			cy.wait(500);
 			cy.get('[data-cy-modal-dialog-ok]').click();
 		});

--- a/cypress/e2e/widgets.cy.js
+++ b/cypress/e2e/widgets.cy.js
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
 /* flaky
 describe('After user signed in', () => {
 	beforeEach(() => {

--- a/cypress/support/commands.js
+++ b/cypress/support/commands.js
@@ -30,9 +30,13 @@ Cypress.Commands.add('visitHome', () => {
 })

 Cypress.Commands.add('resetState', () => {
-	cy.window(win => {
+	// iframe.contentWindow.indexedDB.deleteDatabase() がchromeのバグで使用できないため、indexedDBを無効化している。
+	// see https://github.com/misskey-dev/misskey/issues/13605#issuecomment-2053652123
+	/*
+	cy.window().then(win => {
 		win.indexedDB.deleteDatabase('keyval-store');
 	});
+	 */
 	cy.request('POST', '/api/reset-db', {}).as('reset');
 	cy.get('@reset').its('status').should('equal', 204);
 	cy.reload(true);
@@ -44,16 +48,19 @@ Cypress.Commands.add('registerUser', (username, password, isAdmin = false) => {
 	cy.request('POST', route, {
 		username: username,
 		password: password,
+		...(isAdmin ? { setupPassword: 'example_password_please_change_this_or_you_will_get_hacked' } : {}),
 	}).its('body').as(username);
 });

 Cypress.Commands.add('login', (username, password) => {
 	cy.visitHome();

-	cy.intercept('POST', '/api/signin').as('signin');
+	cy.intercept('POST', '/api/signin-flow').as('signin');

 	cy.get('[data-cy-signin]').click();
-	cy.get('[data-cy-signin-username] input').type(username);
+	cy.get('[data-cy-signin-page-input]').should('be.visible', { timeout: 1000 });
+	cy.get('[data-cy-signin-username] input').type(`${username}{enter}`);
+	cy.get('[data-cy-signin-page-password]').should('be.visible', { timeout: 10000 });
 	cy.get('[data-cy-signin-password] input').type(`${password}{enter}`);

 	cy.wait('@signin').as('signedIn');

--- a/cypress/support/e2e.js
+++ b/cypress/support/e2e.js
--- a/cypress/support/index.ts
+++ b/cypress/support/index.ts
+declare global {
+	namespace Cypress {
+		interface Chainable {
+			login(username: string, password: string): Chainable<void>;
+
+			registerUser(
+				username: string,
+				password: string,
+				isAdmin?: boolean
+			): Chainable<void>;
+
+			resetState(): Chainable<void>;
+
+			visitHome(): Chainable<void>;
+		}
+	}
+}
+
+export {}
--- a/cypress/tsconfig.json
+++ b/cypress/tsconfig.json
+{
+	"compilerOptions": {
+		"lib": ["dom", "es5"],
+		"target": "es5",
+		"types": ["cypress", "node"]
+	},
+	"include": ["./**/*.ts"]
+}
--- a/eslint/locale.js
+++ b/eslint/locale.js
+/*
+ * SPDX-FileCopyrightText: dakkar and other Sharkey contributors
+ * SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+/* This is a ESLint rule to report use of the `i18n.ts` and `i18n.tsx`
+ * objects that reference translation items that don't actually exist
+ * in the lexicon (the `locale/` files)
+ */
+
+/* given a MemberExpression node, collects all the member names
+ *
+ * e.g. for a bit of code like `foo=one.two.three`, `collectMembers`
+ * called on the node for `three` would return `['one', 'two',
+ * 'three']`
+ */
+function collectMembers(node) {
+	if (!node) return [];
+	if (node.type !== 'MemberExpression') return [];
+	// this is something like `foo[bar]`
+	if (node.computed) return [];
+	return [ node.property.name, ...collectMembers(node.parent) ];
+}
+
+/* given an object and an array of names, recursively descends the
+ * object via those names
+ *
+ * e.g. `walkDown({one:{two:{three:15}}},['one','two','three'])` would
+ * return 15
+ */
+function walkDown(locale, path) {
+	if (!locale) return null;
+	if (!path || path.length === 0 || !path[0]) return locale;
+	return walkDown(locale[path[0]], path.slice(1));
+}
+
+/* given a MemberExpression node, returns its attached CallExpression
+ * node if present
+ *
+ * e.g. for a bit of code like `foo=one.two.three()`,
+ * `findCallExpression` called on the node for `three` would return
+ * the node for function call (which is the parent of the `one` and
+ * `two` nodes, and holds the nodes for the argument list)
+ *
+ * if the code had been `foo=one.two.three`, `findCallExpression`
+ * would have returned null, because there's no function call attached
+ * to the MemberExpressions
+ */
+function findCallExpression(node) {
+	if (!node.parent) return null;
+
+	// the second half of this guard protects from cases like
+	// `foo(one.two.three)` where the CallExpression is parent of the
+	// MemberExpressions, but via `arguments`, not `callee`
+	if (node.parent.type === 'CallExpression' && node.parent.callee === node) return node.parent;
+	if (node.parent.type === 'MemberExpression') return findCallExpression(node.parent);
+	return null;
+}
+
+// same, but for Vue expressions (`<I18n :src="i18n.ts.foo">`)
+function findVueExpression(node) {
+	if (!node.parent) return null;
+
+	if (node.parent.type.match(/^VExpr/) && node.parent.expression === node) return node.parent;
+	if (node.parent.type === 'MemberExpression') return findVueExpression(node.parent);
+	return null;
+}
+
+function areArgumentsOneObject(node) {
+	return node.arguments.length === 1 &&
+		node.arguments[0].type === 'ObjectExpression';
+}
+
+// only call if `areArgumentsOneObject(node)` is true
+function getArgumentObjectProperties(node) {
+	return new Set(node.arguments[0].properties.map(
+		p => {
+			if (p.key && p.key.type === 'Identifier') return p.key.name;
+			return null;
+		},
+	));
+}
+
+function getTranslationParameters(translation) {
+	return new Set(Array.from(translation.matchAll(/\{(\w+)\}/g)).map( m => m[1] ));
+}
+
+function setDifference(a,b) {
+	const result = [];
+	for (const element of a.values()) {
+		if (!b.has(element)) {
+			result.push(element);
+		}
+	}
+
+	return result;
+}
+
+/* the actual rule body
+ */
+function theRuleBody(context,node) {
+	// we get the locale/translations via the options; it's the data
+	// that goes into a specific language's JSON file, see
+	// `scripts/build-assets.mjs`
+	const locale = context.options[0];
+
+	// sometimes we get MemberExpression nodes that have a
+	// *descendent* with the right identifier: skip them, we'll get
+	// the right ones as well
+	if (node.object?.name !== 'i18n') {
+		return;
+	}
+
+	// `method` is going to be `'ts'` or `'tsx'`, `path` is going to
+	// be the various translation steps/names
+	const [ method, ...path ] = collectMembers(node);
+	const pathStr = `i18n.${method}.${path.join('.')}`;
+
+	// does that path point to a real translation?
+	const translation = walkDown(locale, path);
+	if (!translation) {
+		context.report({
+			node,
+			message: `translation missing for ${pathStr}`,
+		});
+		return;
+	}
+
+	// we hit something weird, assume the programmers know what
+	// they're doing (this is usually some complicated slicing of
+	// the translation structure)
+	if (typeof(translation) !== 'string') return;
+
+	const callExpression = findCallExpression(node);
+	const vueExpression = findVueExpression(node);
+
+	// some more checks on how the translation is called
+	if (method === 'ts') {
+		// the `<I18n> component gets parametric translations via
+		// `i18n.ts.*`, but we error out elsewhere
+		if (translation.match(/\{/) && !vueExpression) {
+			context.report({
+				node,
+				message: `translation for ${pathStr} is parametric, but called via 'ts'`,
+			});
+			return;
+		}
+
+		if (callExpression) {
+			context.report({
+				node,
+				message: `translation for ${pathStr} is not parametric, but is called as a function`,
+			});
+		}
+	}
+
+	if (method === 'tsx') {
+		if (!translation.match(/\{/)) {
+			context.report({
+				node,
+				message: `translation for ${pathStr} is not parametric, but called via 'tsx'`,
+			});
+			return;
+		}
+
+		if (!callExpression && !vueExpression) {
+			context.report({
+				node,
+				message: `translation for ${pathStr} is parametric, but not called as a function`,
+			});
+			return;
+		}
+
+		// we're not currently checking arguments when used via the
+		// `<I18n>` component, because it's too complicated (also, it
+		// would have to be done inside the `if (method === 'ts')`)
+		if (!callExpression) return;
+
+		if (!areArgumentsOneObject(callExpression)) {
+			context.report({
+				node,
+				message: `translation for ${pathStr} should be called with a single object as argument`,
+			});
+			return;
+		}
+
+		const translationParameters = getTranslationParameters(translation);
+		const parameterCount = translationParameters.size;
+		const callArguments = getArgumentObjectProperties(callExpression);
+		const argumentCount = callArguments.size;
+
+		if (parameterCount !== argumentCount) {
+			context.report({
+				node,
+				message: `translation for ${pathStr} has ${parameterCount} parameters, but is called with ${argumentCount} arguments`,
+			});
+		}
+
+		// node 20 doesn't have `Set.difference`...
+		const extraArguments = setDifference(callArguments, translationParameters);
+		const missingArguments = setDifference(translationParameters, callArguments);
+
+		if (extraArguments.length > 0) {
+			context.report({
+				node,
+				message: `translation for ${pathStr} passes unused arguments ${extraArguments.join(' ')}`,
+			});
+		}
+
+		if (missingArguments.length > 0) {
+			context.report({
+				node,
+				message: `translation for ${pathStr} does not pass arguments ${missingArguments.join(' ')}`,
+			});
+		}
+	}
+}
+
+function theRule(context) {
+	// we get the locale/translations via the options; it's the data
+	// that goes into a specific language's JSON file, see
+	// `scripts/build-assets.mjs`
+	const locale = context.options[0];
+
+	// for all object member access that have an identifier 'i18n'...
+	return context.getSourceCode().parserServices.defineTemplateBodyVisitor(
+		{
+			// this is for <template> bits, needs work
+			'MemberExpression:has(Identifier[name=i18n])': (node) => theRuleBody(context, node),
+		},
+		{
+			// this is for normal code
+			'MemberExpression:has(Identifier[name=i18n])': (node) => theRuleBody(context, node),
+		},
+	);
+}
+
+module.exports = {
+	meta: {
+		type: 'problem',
+		docs: {
+			description: 'assert that all translations used are present in the locale files',
+		},
+		schema: [
+			// here we declare that we need the locale/translation as a
+			// generic object
+			{ type: 'object', additionalProperties: true },
+		],
+	},
+	create: theRule,
+};
--- a/eslint/locale.test.js
+++ b/eslint/locale.test.js
+/*
+ * SPDX-FileCopyrightText: dakkar and other Sharkey contributors
+ * SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+const {RuleTester} = require("eslint");
+const localeRule = require("./locale");
+
+const locale = { foo: { bar: 'ok', baz: 'good {x}' }, top: '123' };
+
+const ruleTester = new RuleTester({
+  languageOptions: {
+    parser: require('vue-eslint-parser'),
+    ecmaVersion: 2015,
+  },
+});
+
+function testCase(code,errors) {
+  return { code, errors, options: [ locale ], filename: 'test.ts' };
+}
+function testCaseVue(code,errors) {
+  return { code, errors, options: [ locale ], filename: 'test.vue' };
+}
+
+ruleTester.run(
+  'sharkey-locale',
+  localeRule,
+  {
+    valid: [
+      testCase('i18n.ts.foo.bar'),
+      testCase('i18n.ts.top'),
+      testCase('i18n.tsx.foo.baz({x:1})'),
+      testCase('whatever.i18n.ts.blah.blah'),
+      testCase('whatever.i18n.tsx.does.not.matter'),
+      testCase('whatever(i18n.ts.foo.bar)'),
+      testCaseVue('<template><p>{{ i18n.ts.foo.bar }}</p></template>'),
+      testCaseVue('<template><I18n :src="i18n.ts.foo.baz"/></template>'),
+      // we don't detect the problem here, but should still accept it
+      testCase('i18n.ts.foo["something"]'),
+      testCase('i18n.ts.foo[something]'),
+    ],
+    invalid: [
+      testCase('i18n.ts.not', 1),
+      testCase('i18n.tsx.deep.not', 1),
+      testCase('i18n.tsx.deep.not({x:12})', 1),
+      testCase('i18n.tsx.top({x:1})', 1),
+      testCase('i18n.ts.foo.baz', 1),
+      testCase('i18n.tsx.foo.baz', 1),
+      testCase('i18n.tsx.foo.baz({y:2})', 2),
+      testCaseVue('<template><p>{{ i18n.ts.not }}</p></template>', 1),
+      testCaseVue('<template><I18n :src="i18n.ts.not"/></template>', 1),
+    ],
+  },
+);
--- a/healthcheck.sh
+++ b/healthcheck.sh
@@ -3,5 +3,5 @@
 # SPDX-FileCopyrightText: syuilo and misskey-project
 # SPDX-License-Identifier: AGPL-3.0-only

-PORT=$(grep '^port:' /misskey/.config/default.yml | awk 'NR==1{print $2; exit}')
-curl -s -S -o /dev/null "http://localhost:${PORT}"
+PORT=$(grep '^port:' /sharkey/.config/default.yml | awk 'NR==1{print $2; exit}')
+curl -Sfso/dev/null "http://localhost:${PORT}/healthz"
--- a/packages/frontend/src/components/MkAbuseReport.stories.impl.ts
+++ b/packages/frontend/src/components/MkAbuseReport.stories.impl.ts
@@ -7,8 +7,8 @@
 import { action } from '@storybook/addon-actions';
 import { StoryObj } from '@storybook/vue3';
 import { HttpResponse, http } from 'msw';
-import { abuseUserReport } from '../../.storybook/fakes.js';
-import { commonHandlers } from '../../.storybook/mocks.js';
+import { abuseUserReport } from '../packages/frontend/.storybook/fakes.js';
+import { commonHandlers } from '../packages/frontend/.storybook/mocks.js';
 import MkAbuseReport from './MkAbuseReport.vue';
 export const Default = {
 	render(args) {

--- a/idea/MkDisableSection.vue
+++ b/idea/MkDisableSection.vue
+<!--
+SPDX-FileCopyrightText: syuilo and misskey-project
+SPDX-License-Identifier: AGPL-3.0-only
+-->
+
+<template>
+<div :class="[$style.root]">
+	<div :inert="disabled" :class="[{ [$style.disabled]: disabled }]">
+		<slot></slot>
+	</div>
+	<div v-if="disabled" :class="[$style.cover]"></div>
+</div>
+</template>
+
+<script lang="ts" setup>
+defineProps<{
+	disabled?: boolean;
+}>();
+</script>
+
+<style lang="scss" module>
+.root {
+	position: relative;
+}
+
+.disabled {
+	opacity: 0.7;
+}
+
+.cover {
+	position: absolute;
+	top: 0;
+	left: 0;
+	width: 100%;
+	height: 100%;
+	cursor: not-allowed;
+	--color: color(from var(--MI_THEME-error) srgb r g b / 0.25);
+	background-size: auto auto;
+	background-image: repeating-linear-gradient(135deg, transparent, transparent 10px, var(--color) 4px, var(--color) 14px);
+}
+</style>
--- a/idea/README.md
+++ b/idea/README.md
+使われなくなったけど消すのは勿体ない(将来使えるかもしれない)コードを入れておくとこ
--- a/locales/ar-SA.yml
+++ b/locales/ar-SA.yml
@@ -123,6 +123,7 @@ reactions: "التفاعلات"
 reactionSettingDescription2: "اسحب لترتيب ، انقر للحذف ، استخدم \"+\" للإضافة."
 rememberNoteVisibility: "تذكر إعدادت مدى رؤية الملاحظات"
 attachCancel: "أزل المرفق"
+deleteFile: "حُذف الملف"
 markAsSensitive: "علّمه كمحتوى حساس"
 unmarkAsSensitive: "ألغ تعيينه كمحتوى حساس"
 enterFileName: "ادخل اسم الملف"
@@ -342,7 +343,6 @@ enableLocalTimeline: "تفعيل الخيط المحلي"
 enableGlobalTimeline: "تفعيل الخيط الزمني الشامل"
 disablingTimelinesInfo: "سيتمكن المديرون والمشرفون من الوصول إلى كل الخيوط الزمنية حتى وإن لم تفعّل."
 registration: "إنشاء حساب"
-enableRegistration: "تفعيل إنشاء الحسابات الجديدة"
 invite: "دعوة"
 driveCapacityPerLocalAccount: "حصة التخزين لكل مستخدم محلي"
 driveCapacityPerRemoteAccount: "حصة التخزين لكل مستخدم بعيد"
@@ -625,10 +625,7 @@ abuseReported: "أُرسل البلاغ، شكرًا لك"
 reporter: "المُبلّغ"
 reporteeOrigin: "أصل البلاغ"
 reporterOrigin: "أصل المُبلّغ"
-forwardReport: "وجّه البلاغ إلى المثيل البعيد"
-forwardReportIsAnonymous: "في المثيل البعيد سيظهر المبلّغ كحساب مجهول."
 send: "أرسل"
-abuseMarkAsResolved: "علّم البلاغ كمحلول"
 openInNewTab: "افتح في لسان جديد"
 defaultNavigationBehaviour: "سلوك الملاحة الافتراضي"
 editTheseSettingsMayBreakAccount: "تعديل هذه الإعدادات قد يسبب عطبًا لحسابك"
@@ -1011,8 +1008,12 @@ expired: "منتهية صلاحيته"
 icon: "الصورة الرمزية"
 replies: "رد"
 renotes: "أعد النشر"
+sourceCode: "الشفرة المصدرية"
 flip: "اقلب"
 lastNDays: "آخر {n} أيام"
+surrender: "ألغِ"
+_delivery:
+  stop: "مُعلّق"
 _initialAccountSetting:
  accountCreated: "نجح إنشاء حسابك!"
  letsStartAccountSetup: "إذا كنت جديدًا لنعدّ حسابك الشخصي."
@@ -1250,15 +1251,12 @@ _theme:
    buttonBg: "خلفية الأزرار"
    buttonHoverBg: "خلفية الأزرار (عند التمرير فوقها)"
    inputBorder: "حواف حقل الإدخال"
-    listItemHoverBg: "خلفية عناصر القائمة (عند التمرير فوقها)"
    driveFolderBg: "خلفية مجلد قرص التخزين"
    messageBg: "خلفية المحادثة"
 _sfx:
  note: "الملاحظات"
  noteMy: "ملاحظتي"
  notification: "الإشعارات"
-  antenna: "الهوائيات"
-  channel: "إشعارات القنات"
 _ago:
  future: "المستقبَل"
  justNow: "اللحظة"
@@ -1462,9 +1460,6 @@ _pages:
  newPage: "أنشئ صفحة جديدة"
  editPage: "عدّل الصفحة"
  readPage: "نُشّط عرض المصدر"
-  created: "نجح إنشاء الصفحة"
-  updated: "نجح تعديل الصفحة"
-  deleted: "نجح حذف الصفحة"
  pageSetting: "إعدادات الصفحة"
  nameAlreadyExists: "رابط الصفحة موجود مسبقًا"
  invalidNameTitle: "رابط الصفحة ليس صالحًا"
@@ -1530,6 +1525,7 @@ _notification:
    reaction: "التفاعل"
    receiveFollowRequest: "طلبات المتابعة"
    followRequestAccepted: "طلبات المتابعة المقبولة"
+    login: "لِج"
    app: "إشعارات التطبيقات المرتبطة"
  _actions:
    followBack: "تابعك بالمثل"
@@ -1561,10 +1557,30 @@ _webhookSettings:
  active: "مُفعّل"
  _events:
    reaction: "عند التفاعل"
+_abuseReport:
+  _notificationRecipient:
+    _recipientType:
+      mail: "البريد الإلكتروني "
 _moderationLogTypes:
  suspend: "علِق"
+  deleteDriveFile: "حُذف الملف"
+  deleteNote: "حُذفت الملاحظة"
+  createGlobalAnnouncement: "أُنشئ إعلان عام"
+  createUserAnnouncement: "أُنشئ إعلان مستخدم"
+  updateGlobalAnnouncement: "حُدث إعلان عام"
+  updateUserAnnouncement: "حُدث إعلان مستخدم"
  resetPassword: "أعد تعيين كلمتك السرية"
  createInvitation: "ولِّد دعوة"
 _reversi:
  total: "المجموع"
-
+  lookingForPlayer: "يبحث عن خصم..."
+  gameCanceled: "أُلغيت اللعبة."
+  opponentHasSettingsChanged: "غيَر الخصم إعدادته."
+  showBoardLabels: "اعرض ترقيم الصفوف والأعمدة على اللوح"
+  useAvatarAsStone: "حوَل الحجارة إلى صور مستخدمين"
+_offlineScreen:
+  title: "غير متصل - يتعذر الاتصال بالخادم"
+  header: "يتعذر الاتصال بالخادم"
+_remoteLookupErrors:
+  _noSuchObject:
+    title: "غير موجود"
--- a/locales/bn-BD.yml
+++ b/locales/bn-BD.yml
@@ -339,7 +339,6 @@ enableLocalTimeline: "স্থানীয় টাইমলাইন চাল
 enableGlobalTimeline: "গ্লোবাল টাইমলাইন চালু করুন"
 disablingTimelinesInfo: "আপনি এই টাইমলাইনগুলি বন্ধ করলেও প্রশাসক এবং মডারেটররা এই টাইমলাইনগুলি ব্যাবহার করতে পারবে"
 registration: "নিবন্ধন"
-enableRegistration: "নতুন ব্যাবহারকারী নিবন্ধন চালু করুন"
 invite: "আমন্ত্রণ"
 driveCapacityPerLocalAccount: "প্রত্যেক স্থানীয় ব্যাবহারকারীর জন্য ড্রাইভের জায়গা"
 driveCapacityPerRemoteAccount: "প্রত্যেক রিমোট ব্যাবহারকারীর জন্য ড্রাইভের জায়গা"
@@ -451,7 +450,6 @@ or: "অথবা"
 language: "ভাষা"
 uiLanguage: "UI এর ভাষা"
 aboutX: "{x} সম্পর্কে"
-disableDrawer: "ড্রয়ার মেনু প্রদর্শন করবেন না"
 noHistory: "কোনো ইতিহাস নেই"
 signinHistory: "প্রবেশ করার ইতিহাস"
 doing: "প্রক্রিয়া করছে..."
@@ -625,10 +623,7 @@ abuseReported: "আপনার অভিযোগটি দাখিল কর
 reporter: "অভিযোগকারী"
 reporteeOrigin: "অভিযোগটির উৎস"
 reporterOrigin: "অভিযোগকারীর উৎস"
-forwardReport: "রিমোট ইন্সত্যান্সে অভিযোগটি পাঠান"
-forwardReportIsAnonymous: "আপনার তথ্য রিমোট ইন্সত্যান্সে পাঠানো হবে না এবং একটি বেনামী সিস্টেম অ্যাকাউন্ট হিসাবে প্রদর্শিত হবে।"
 send: "পাঠান"
-abuseMarkAsResolved: "অভিযোগটিকে সমাধাকৃত হিসাবে চিহ্নিত করুন"
 openInNewTab: "নতুন ট্যাবে খুলুন"
 openInSideView: "সাইড ভিউতে খুলুন"
 defaultNavigationBehaviour: "ডিফল্ট নেভিগেশন"
@@ -855,7 +850,12 @@ youFollowing: "অনুসরণ করা হচ্ছে"
 icon: "প্রোফাইল ছবি"
 replies: "জবাব"
 renotes: "রিনোট"
+sourceCode: "সোর্স কোড"
 flip: "উল্টান"
+_delivery:
+  stop: "স্থগিত করা হয়েছে"
+  _type:
+    none: "প্রকাশ করা হচ্ছে"
 _role:
  priority: "অগ্রাধিকার"
  _priority:
@@ -1016,7 +1016,6 @@ _theme:
    buttonBg: "বাটনের পটভূমি"
    buttonHoverBg: "বাটনের পটভূমি (হভার)"
    inputBorder: "ইনপুট ফিল্ডের বর্ডার"
-    listItemHoverBg: "লিস্ট আইটেমের পটভূমি (হোভার)"
    driveFolderBg: "ড্রাইভ ফোল্ডারের পটভূমি"
    wallpaperOverlay: "ওয়ালপেপার ওভারলে"
    badge: "ব্যাজ"
@@ -1028,8 +1027,6 @@ _sfx:
  note: "নোটগুলি"
  noteMy: "নোট (আপনার)"
  notification: "বিজ্ঞপ্তি"
-  antenna: "অ্যান্টেনাগুলি"
-  channel: "চ্যানেলের বিজ্ঞপ্তি"
 _ago:
  future: "ভবিষ্যৎ"
  justNow: "এইমাত্র"
@@ -1240,9 +1237,6 @@ _pages:
  newPage: "নতুন পৃষ্ঠা বানান"
  editPage: "পৃষ্ঠাটি সম্পাদনা করুন"
  readPage: "উৎস দেখছেন"
-  created: "পৃষ্ঠা তৈরি করা হয়েছে"
-  updated: "পৃষ্ঠা সম্পাদনা করা হয়েছে"
-  deleted: "পৃষ্ঠা মুছে ফেলা হয়েছে"
  pageSetting: "পৃষ্ঠার সেটিংস"
  nameAlreadyExists: "পৃষ্ঠার URLটি ইতিমধ্যেই ব্যাবহার করা হয়েছে"
  invalidNameTitle: "পৃষ্ঠার URL অবৈধ"
@@ -1311,6 +1305,7 @@ _notification:
    pollEnded: "পোল শেষ"
    receiveFollowRequest: "প্রাপ্ত অনুসরণের অনুরোধসমূহ"
    followRequestAccepted: "গৃহীত অনুসরণের অনুরোধসমূহ"
+    login: "প্রবেশ করুন"
    app: "লিঙ্ক করা অ্যাপ থেকে বিজ্ঞপ্তি"
  _actions:
    followBack: "ফলো ব্যাক করেছে"
@@ -1341,9 +1336,15 @@ _deck:
 _webhookSettings:
  name: "নাম"
  active: "চালু"
+_abuseReport:
+  _notificationRecipient:
+    _recipientType:
+      mail: "ইমেইল"
 _moderationLogTypes:
  suspend: "স্থগিত করা"
  resetPassword: "পাসওয়ার্ড রিসেট করুন"
 _reversi:
  total: "মোট"
-
+_remoteLookupErrors:
+  _noSuchObject:
+    title: "পাওয়া যায়নি"
No results found