UPGRADE_NOTES.md

+# Upgrade Notes
+
+## 2025.X.X
+
+### Authorized Fetch
+
+This version retires the configuration entry `checkActivityPubGetSignature`, which is now replaced with the new "Authorized Fetch" settings under Control Panel/Security.
+The database migrations will automatically import the value of this configuration file, but it will never be read again after upgrading.
+To avoid confusion and possible mis-configuration, please remove the entry **after** completing the upgrade.
+Do not remove it before migration, or else the setting will reset to default (disabled)!
+
+## 2024.10.0
+
+### Hellspawns
+
+Sharkey versions before 2024.10 suffered from a bug in the "Mark instance as NSFW" feature.
+When a user from such an instance boosted a note, the boost would be converted to a hellspawn (pure renote with Content Warning).
+Hellspawns are buggy and do not properly federate, so it may be desirable to correct any that already exist in the database.
+The following script will correct any local or remote hellspawns in the database.
+
+```postgresql
+/* Remove "instance is marked as NSFW" hellspawns */
+UPDATE "note"
+SET "cw" = null
+WHERE
+	"renoteId" IS NOT NULL
+	AND "text" IS NULL
+	AND "cw" = 'Instance is marked as NSFW'
+	AND "replyId" IS NULL
+	AND "hasPoll" = false
+	AND "fileIds" = '{}';
+
+/* Fix legacy / user-created hellspawns */
+UPDATE "note"
+SET "text" = '.'
+WHERE
+	"renoteId" IS NOT NULL
+	AND "text" IS NULL
+	AND "cw" IS NOT NULL
+	AND "replyId" IS NULL
+	AND "hasPoll" = false
+	AND "fileIds" = '{}';
+```
+
+## 2024.9.0
+
+### Following Feed
+
+When upgrading an existing instance to version 2024.9.0, the Following Feed will initially be empty.
+The feed will gradually fill as new posts federate, but it may be desirable to back-fill the feed with existing data.
+This database script will populate the feed with the latest post of each type for all users, ensuring that data is fully populated after the update.
+Run this after migrations but before starting the instance.
+Warning: the script may take a long time to execute!
+
+```postgresql
+INSERT INTO latest_note (user_id, note_id, is_public, is_reply, is_quote)
+SELECT
+	"userId" as user_id,
+	id as note_id,
+	visibility = 'public' AS is_public,
+	"replyId" IS NOT NULL AS is_reply,
+	(
+		"renoteId" IS NOT NULL
+			AND (
+			text IS NOT NULL
+				OR cw IS NOT NULL
+				OR "replyId" IS NOT NULL
+				OR "hasPoll"
+				OR "fileIds" != '{}'
+			)
+		) AS is_quote
+FROM note
+WHERE ( -- Exclude pure renotes (boosts)
+				"renoteId" IS NULL
+					OR text IS NOT NULL
+					OR cw IS NOT NULL
+					OR "replyId" IS NOT NULL
+					OR "hasPoll"
+					OR "fileIds" != '{}'
+				)
+ORDER BY id DESC -- This part is very important: it ensures that we only load the *latest* notes of each type. Do not remove it!
+ON CONFLICT DO NOTHING; -- Any conflicts are guaranteed to be older notes that we can ignore.
+```

chart/files/default.yml

@@ -124,6 +124,14 @@ redis:
 #  #prefix: example-prefix
 #  #db: 1
 
+#redisForReactions:
+#  host: redis
+#  port: 6379
+#  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
+#  #pass: example-pass
+#  #prefix: example-prefix
+#  #db: 1
+
 #   ┌───────────────────────────┐
 #───┘ MeiliSearch configuration └─────────────────────────────
 
@@ -152,6 +160,22 @@ redis:
 # ID SETTINGS AFTER THAT!
 
 id: "aidx"
+
+#   ┌────────────────┐
+#───┘ Error tracking └──────────────────────────────────────────
+
+# Sentry is available for error tracking.
+# See the Sentry documentation for more details on options.
+
+#sentryForBackend:
+#  enableNodeProfiling: true
+#  options:
+#    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
+
+#sentryForFrontend:
+#  options:
+#    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0'
+
 #   ┌─────────────────────┐
 #───┘ Other configuration └─────────────────────────────────────
 
@@ -176,6 +200,19 @@ id: "aidx"
 # IP address family used for outgoing request (ipv4, ipv6 or dual)
 #outgoingAddressFamily: ipv4
 
+# Amount of characters that can be used when writing notes. Longer notes will be rejected. (minimum: 1)
+#maxNoteLength: 3000
+# Amount of characters that will be saved for remote notes. Longer notes will be truncated to this length. (minimum: 1)
+#maxRemoteNoteLength: 100000
+# Amount of characters that can be used when writing content warnings. Longer warnings will be rejected. (minimum: 1)
+#maxCwLength: 500
+# Amount of characters that will be saved for remote content warnings. Longer warnings will be truncated to this length. (minimum: 1)
+#maxRemoteCwLength: 5000
+# Amount of characters that can be used when writing media descriptions (alt text). Longer descriptions will be rejected. (minimum: 1)
+#maxAltTextLength: 20000
+# Amount of characters that will be saved for remote media descriptions (alt text). Longer descriptions will be truncated to this length. (minimum: 1)
+#maxRemoteAltTextLength: 100000
+
 # Proxy for HTTP/HTTPS
 #proxy: http://127.0.0.1:3128
 
@@ -192,12 +229,44 @@ id: "aidx"
 # Media Proxy
 #mediaProxy: https://example.com/proxy
 
-# Sign to ActivityPub GET request (default: true)
+# Sign outgoing ActivityPub GET request (default: true)
 signToActivityPubGet: true
+# Sign outgoing ActivityPub Activities (default: true)
+# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
+# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
+# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
+attachLdSignatureForRelays: true
+# check that inbound ActivityPub GET requests are signed ("authorized fetch")
+checkActivityPubGetSignature: false
 
 #allowedPrivateNetworks: [
 #  '127.0.0.1/32'
 #]
 
+#customMOTD: ['Hello World', 'The sharks rule all', 'Shonks']
+
 # Upload or download file size limits (bytes)
 #maxFileSize: 262144000
+
+# timeout (in milliseconds) and maximum size for imports (e.g. note imports)
+#import:
+#  downloadTimeout: 30000
+#  maxFileSize: 262144000
+
+# PID File of master process
+#pidFile: /tmp/misskey.pid
+
+# CHMod-style permission bits to apply to uploaded files.
+# Permission bits are specified as a base-8 string representing User/Group/Other permissions.
+# This setting is only useful for custom deployments, such as using a reverse proxy to serve media.
+#filePermissionBits: '644'
+
+# Log settings
+# logging:
+#   sql:
+#     # Outputs query parameters during SQL execution to the log.
+#     # default: false
+#     enableQueryParamLogging: false
+#     # Disable query truncation. If set to true, the full text of the query will be output to the log.
+#     # default: false
+#     disableQueryTruncation: false

docker-compose.local-db.yml → compose.local-db.yml

-version: "3"
-
 # このconfigは、 dockerでMisskey本体を起動せず、 redisとpostgresql などだけを起動します
 
 services:

crowdin.yml

 files:
-  - source: /locales/ja-JP.yml
-    translation: /locales/%locale%.yml
+  - source: /sharkey-locales/en-US.yml
+    translation: /sharkey-locales/%locale%.yml
     update_option: update_as_unapproved

cypress/e2e/basic.cy.js → cypress/e2e/basic.cy.ts

+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
 describe('Before setup instance', () => {
 	beforeEach(() => {
 		cy.resetState();
@@ -18,6 +23,7 @@ describe('Before setup instance', () => {
 
 		cy.intercept('POST', '/api/admin/accounts/create').as('signup');
 
+		cy.get('[data-cy-admin-initial-password] input').type('example_password_please_change_this_or_you_will_get_hacked');
 		cy.get('[data-cy-admin-username] input').type('admin');
 		cy.get('[data-cy-admin-password] input').type('admin1234');
 		cy.get('[data-cy-admin-ok]').click();
@@ -114,11 +120,16 @@ describe('After user signup', () => {
 	it('signin', () => {
 		cy.visitHome();
 
-		cy.intercept('POST', '/api/signin').as('signin');
+		cy.intercept('POST', '/api/signin-flow').as('signin');
 
 		cy.get('[data-cy-signin]').click();
-		cy.get('[data-cy-signin-username] input').type('alice');
-		// Enterキーでサインインできるかの確認も兼ねる
+
+		cy.get('[data-cy-signin-page-input]').should('be.visible', { timeout: 1000 });
+		// Enterキーで続行できるかの確認も兼ねる
+		cy.get('[data-cy-signin-username] input').type('alice{enter}');
+
+		cy.get('[data-cy-signin-page-password]').should('be.visible', { timeout: 10000 });
+		// Enterキーで続行できるかの確認も兼ねる
 		cy.get('[data-cy-signin-password] input').type('alice1234{enter}');
 
 		cy.wait('@signin');
@@ -133,8 +144,9 @@ describe('After user signup', () => {
 		cy.visitHome();
 
 		cy.get('[data-cy-signin]').click();
-		cy.get('[data-cy-signin-username] input').type('alice');
-		cy.get('[data-cy-signin-password] input').type('alice1234{enter}');
+
+		cy.get('[data-cy-signin-page-input]').should('be.visible', { timeout: 1000 });
+		cy.get('[data-cy-signin-username] input').type('alice{enter}');
 
 		// TODO: cypressにブラウザの言語指定できる機能が実装され次第英語のみテストするようにする
 		cy.contains(/アカウントが凍結されています|This account has been suspended due to/gi);
@@ -162,12 +174,12 @@ describe('After user signed in', () => {
 
   it('successfully loads', () => {
 		// 表示に時間がかかるのでデフォルト秒数だとタイムアウトする
-		cy.get('[data-cy-user-setup-continue]', { timeout: 12000 }).should('be.visible');
+		cy.get('[data-cy-user-setup-continue]', { timeout: 30000 }).should('be.visible');
   });
 
 	it('account setup wizard', () => {
 		// 表示に時間がかかるのでデフォルト秒数だとタイムアウトする
-		cy.get('[data-cy-user-setup-continue]', { timeout: 12000 }).click();
+		cy.get('[data-cy-user-setup-continue]', { timeout: 30000 }).click();
 
 		cy.get('[data-cy-user-setup-user-name] input').type('ありす');
 		cy.get('[data-cy-user-setup-user-description] textarea').type('ほげ');
@@ -205,7 +217,7 @@ describe('After user setup', () => {
 
 		// アカウント初期設定ウィザード
 		// 表示に時間がかかるのでデフォルト秒数だとタイムアウトする
-		cy.get('[data-cy-user-setup] [data-cy-modal-window-close]', { timeout: 12000 }).click();
+		cy.get('[data-cy-user-setup] [data-cy-modal-window-close]', { timeout: 30000 }).click();
 		cy.get('[data-cy-modal-dialog-ok]').click();
 	});
 

idea/README.md

+使われなくなったけど消すのは勿体ない(将来使えるかもしれない)コードを入れておくとこ