amechama/sharkey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
28,640 Commits 3 Branches 0 Tags 162 MiB
a47590e64c
Commit Graph

1551 Commits

Author SHA1 Message Date
Hazelnoot
a47590e64c add shared (cross-resource) rate limit for proxy 2024-11-25 13:03:51 -05:00
dakkar
a51fef29c0 remove minInterval from FileServerService 
when showing a reply, browser will request the replied-to avatar twice
at the same time, and get confused if one of the requests is refused

something similar seems to happen with videos and their previews
 2024-11-22 23:25:07 +00:00
dakkar
8e07eb7f44 remove duplicate limit 
the `users/lists/push` endpoint already has a limit, of 30/hour
 2024-11-22 23:14:37 +00:00
dakkar
caaa78d98d merge: Add default rate limit (!768) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/768

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
Approved-by: Marie <github@yuugi.dev>
 2024-11-22 23:03:34 +00:00
Hazelnoot
e3b826db5a add rate limits to all public endpoints 2024-11-22 15:19:24 -05:00
Hazelnoot
6b54405003 add default / fallback rate limit 2024-11-22 13:53:41 -05:00
Hazelnoot
b0834ebf55 prevent DoS from spammed media proxy requests 2024-11-20 19:37:38 -05:00
Julia Johannesen
8e90484b3e
Bump version 2024-11-20 19:21:57 -05:00
rectcoordsystem
776f6fd1f5
fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses 2024-11-20 19:17:25 -05:00
Julia Johannesen
cbf8cc376e
fix: primitive 18: ap/get bypasses access checks 
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
 2024-11-20 19:17:25 -05:00
Julia Johannesen
c04f344049
fix: primitive 13: check attribution against actor in notes 2024-11-20 19:17:25 -05:00
Laura Hausmann
9ab25ede28
fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name 2024-11-20 19:17:24 -05:00
Hazelnoot
d150e92f41 prevent DoS from spammed media proxy requests 2024-11-19 23:31:59 -05:00
Hazel K
37fd454f70 factor out shared code 2024-11-02 17:39:16 -04:00
Hazel K
3a72bf453a respect following privacy settings 2024-11-02 17:39:16 -04:00
Hazel K
65d81a4ae2 Revert "fix incorrect populated object in followers endpoint" 
This reverts commit 7b9473bf4c0b55facede0e1d1e33297d14184110.
 2024-11-02 17:39:16 -04:00
Hazel K
8f0df1f01c check for blocks in following / followers endpoints 2024-11-02 17:39:16 -04:00
Hazel K
c566fa1f36 require auth for followers & following endpoints 2024-11-02 17:39:16 -04:00
Marie
d786e96c2b
upd: add FriendlyCaptcha as a captcha solution 
FriendlyCaptcha is a german captcha solution which is GDPR compliant and has a non-commerical free license
 2024-11-02 02:20:35 +01:00
Hazelnoot
ade801ec58 check token permissions in admin/accounts/create.ts 2024-11-01 10:12:28 -04:00
Hazelnoot
f36a1a5701 allow admins to create approved users 2024-11-01 09:29:40 -04:00
Julia
1520bc1715 merge: Split character limits between local and remote notes (resolves #723) (!669) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/669

Closes #723

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Julia <julia@insertdomain.name>
 2024-10-29 03:04:25 +00:00
Hazelnoot
27b502fab5 normalize re-fetch logic between InboxProcessorService and ActivityPubServerService 2024-10-26 10:40:15 -04:00
Hazelnoot
ca1cdc4ea3 fix poll option limit in masto API 2024-10-26 10:38:29 -04:00
Hazelnoot
c5d9bde43f expose CW limit to frontend 2024-10-26 10:37:43 -04:00
Hazelnoot
01e98c75ab add separate limits for CW length 2024-10-26 10:04:23 -04:00
Hazelnoot
10d3d9f382 fix unit tests 2024-10-26 09:49:28 -04:00
Hazel K
67185a5d5d fix UUID format 2024-10-26 09:49:28 -04:00
Hazel K
560ee43dcf separate character limits for local and remote notes 2024-10-26 09:49:28 -04:00
Hazelnoot
9562a830ed merge: Merge upstream security advisary (!707) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/707

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
 2024-10-25 15:22:21 +00:00
Lhc_fl
67f977f4ff
fix: return getfromdb when FanoutTimeline is not enabled 2024-10-23 23:14:46 +08:00
饺子w (Yumechi)
e05420a92d
Merge commit from fork 
[ghsa-gq5q-c77c-v236](https://github.com/misskey-dev/misskey/security/advisories/ghsa-gq5q-c77c-v236)

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
 2024-10-22 22:30:17 +02:00
dakkar
60be692a0a merge: fix: should use invite limit cycle to calculate invite/limit (!706) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/706

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-10-22 14:07:17 +00:00
Lhc_fl
6aaeda13b9
fix: should use invite limit cycle to calculate invite/limit 2024-10-22 18:48:24 +08:00
Hazelnoot
04654b2f84 add "followers" tab to following feed 2024-10-21 17:55:06 -04:00
Hazelnoot
053b47d78a return error when calling following feed with both includeReplies and filesOnly 2024-10-21 17:55:06 -04:00
Hazelnoot
6430a191f7 fix duplicate users in the following feed 2024-10-21 17:55:06 -04:00
Marie
65ac5fef46
fix: default sensitive not letting users unmark files 2024-10-20 11:04:48 +02:00
dakkar
2a4c91efcc Merge branch 'develop' into feature/2024.9.0 2024-10-18 22:09:11 +01:00
Marie
290bfd2075 merge: Allow logged in users to refresh polls (!686) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/686

Closes #743

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-10-18 21:03:07 +00:00
dakkar
52e291af67 Merge branch 'develop' into feature/2024.9.0 2024-10-18 22:00:07 +01:00
Marie
fea7889e0c
upd: add recommended checks 2024-10-17 21:56:43 +02:00
Marie
42530b5a39
upd: add additional check from delete endpoint 2024-10-17 20:15:20 +02:00
Marie
360a127ad7
chore: indent 2024-10-17 20:14:25 +02:00
Marie
1d9cb4fad9
upd: add decline endpoint and free up username on decline 2024-10-17 20:11:10 +02:00
Hazelnoot
2c8af72168 fix formatting in boot.js 2024-10-16 09:15:03 -04:00
Hazelnoot
7431866d86 fix locales versioning in backend client 2024-10-15 21:40:20 -04:00
Marie
dedb24fe74 chore: change permission kind 2024-10-15 18:21:09 -04:00
Marie
61cb46b171 upd: hide refresh if logged out and if local, change blocked error message 2024-10-15 18:21:08 -04:00
Marie
dd58a4aa92 upd: add ability to refresh poll 2024-10-15 18:21:08 -04:00