Commit Graph

2326 Commits

Author SHA1 Message Date
dakkar
c05cc63e24 look inside url when checking activity origin - #512
The previous assertion that:

> if it's a complicated thing and the `activity.id` doesn't match, I
> think we're fine rejecting the activity

was wrong: at least peertube sends activities that have `url` as an
array of objects.

Notice that this does *not*, in fact, fix #512: the peertube activity
does not contain its short URL (`https://example.com/w/someid`), so
there's no way to confirm that it is the activity we requested.
2024-05-18 16:48:10 +01:00
dakkar
95ec40d3c8 merge: allow overriding all string config values via env - fixes #465 (!476)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/476

Closes #465

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Luna <her@mint.lgbt>
2024-05-17 16:46:02 +00:00
dakkar
f1d96b8ae8 merge: fix: incorrect type for quote property (!480)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/480

Closes #401

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
2024-05-09 09:05:16 +00:00
dakkar
01256af028 merge: Rework cache clearing to be fault tolerant (!497)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/497

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-05-09 08:01:18 +00:00
dakkar
89f412c696 merge: Send default reactions as Like activities to Iceshrimp.NET instances (!505)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/505

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-05-09 07:59:46 +00:00
Ember
ed91663672 merge: don't count "system" local accounts in user chart - fixes #451 (!500)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/500

Closes #451

Approved-by: Ember <acomputerdog@gmail.com>
Approved-by: Marie <marie@kaifa.ch>
2024-05-07 20:17:54 +00:00
dakkar
89f4f0e5f4 don't count "system" local accounts in user chart - fixes #451 2024-05-07 20:17:53 +00:00
Ember
58ff225c4e merge: really edit notes in more cases - fixes #424 (!504)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/504

Closes #424

Approved-by: Leah <kevinlukej@gmail.com>
Approved-by: Ember <acomputerdog@gmail.com>
2024-05-07 20:16:39 +00:00
dakkar
eab690a5e3 really edit notes in more cases - fixes #424 2024-05-07 20:16:38 +00:00
Tess K
5e20de45d7 merge: Compact LD-signed activities against well-known context (!503)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/503

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Tess K <me@thvxl.se>
2024-05-04 17:19:42 +00:00
Essem
f843bf6c17
fix: Add unicode flag to custom emoji regexes 2024-05-03 11:48:00 -05:00
dakkar
d0a2708f91 merge: handle non-ASCII emoji names (!464)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/464

Approved-by: Leah <kevinlukej@gmail.com>
Approved-by: Ember <acomputerdog@gmail.com>
Approved-by: Marie <marie@kaifa.ch>
2024-05-02 21:06:10 +00:00
ShittyKopper
e333283905 Send default reactions as Like activities to Iceshrimp.NET instances 2024-05-02 02:37:59 +03:00
dakkar
45182c17e2 fix imports 2024-05-01 17:41:33 +01:00
dakkar
6ae01e28aa Compact LD-signed activities against well-known context
This should defend against some spoofing attacks, see also
https://nvd.nist.gov/vuln/detail/CVE-2022-24307 for Mastodon,
febb499fcb
from Iceshrimp and
e790d6be90
for Firefish

Thanks to @tesaguri@fedibird.com for reporting and providing the patch.
2024-04-30 10:16:57 +01:00
PrivateGER
493775ad7b
reformat expression 2024-04-24 16:05:30 +02:00
dakkar
0f3764ff71 teach ReactionService about non-ASCII emoji names 2024-04-23 14:42:02 +01:00
Latte macchiato
dd3d562a1e Rework cache clearing to be fault tolerant 2024-04-19 21:58:37 +00:00
dakkar
e0afeff248 merge: hide images/videos in og cards, when under a CW - fixes #487 (!488)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/488

Closes #487

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-04-11 20:40:38 +00:00
Marie
cfc8081cec merge: bump tmp@0.2.3 - fixes #464 (!475)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/475

Closes #464

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-04-11 18:00:40 +00:00
Marie
011ccd3a9a merge: bump devel version (!486)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/486

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-04-11 17:21:32 +00:00
dakkar
960f4fcff7 detect size of remote files - fixes #494
without this, remote files are assumed to have size 0 (even if we just
downloaded them!) and the range-related code won't run
2024-04-09 16:21:30 +01:00
dakkar
92eec2178f return 206 for every ranged response - fixes #494 2024-04-09 15:42:29 +01:00
dakkar
56dca6dbf5 hide images/videos in og cards, when under a CW - fixes #487 2024-04-07 16:58:13 +01:00
Marie
d6c736f1a5 fix conflicts 2024-04-07 15:42:28 +00:00
dakkar
b6f41a28ed pull in sfm-js that supports non-ascii in emoji names 2024-04-07 16:37:31 +01:00
Marie
bb7b4a8ea4 merge: fix: send null for empty edited_at in mastodon api (!487)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/487

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-04-07 15:36:59 +00:00
dakkar
0690b9a429 merge: fix: load libopenmpt on demand (!469)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/469

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-04-07 14:56:16 +00:00
Sugar🍬🍭🏳️‍⚧
e779c1e667 fix: send null for empty edited_at in mastodon api 2024-04-04 10:43:28 +02:00
dakkar
328546c4cd Merge branch 'develop' into release/2024-03-30 2024-03-30 11:08:26 +00:00
dakkar
074de82bf7 some validation fixes 2024-03-30 11:05:58 +00:00
Marie
56b19ab6bb fix: incorrect type for quote property 2024-03-24 23:41:23 +00:00
dakkar
4271402e0d recognise numbers and boolean values 2024-03-24 11:17:55 +00:00
dakkar
0e8cdb30b7 allow setting values not present in the config file
replicas and arrays in general, are more complicated :/
2024-03-24 11:12:17 +00:00
dakkar
435cab01c8 deal with (possible, future) non-alnum config keys 2024-03-21 10:00:16 +00:00
dakkar
25e6409cc9 allow overriding all string config values via env - fixes #465
will need end-user documentation!
2024-03-20 15:38:20 +00:00
dakkar
f4e89f2e6b bump tmp@0.2.3 - fixes #464
see also https://github.com/raszi/node-tmp/issues/295
2024-03-19 17:13:43 +00:00
Alina Sireneva
0085305579 fix: load libopenmpt on demand 2024-03-11 15:32:59 +03:00
dakkar
43544a6479 longer statement_timeout for migrations - fixes 450 2024-03-09 15:38:36 +00:00
dakkar
354cb2a675 handle non-ASCII emoji names
* use the more inclusive regexp for validating emoji names
* always normalize emoji names, aliases, categories

the latter point is necessary to allow matching, for example, `ä`
against `a`+combining diaeresis

this will also need to bump the version of `sfm-js` once we merge
https://activitypub.software/TransFem-org/sfm-js/-/merge_requests/2
2024-03-09 12:51:51 +00:00
dakkar
ff0117a1a5 check prohibited words when creating notes
some small differences (between Misskey and us) inside the `create`
method made `git` put all the changes inside the `import` method… I
thought I had copied them all, but I had missed one, and it's a pretty
important one: prohibited words were not being checked!
2024-03-05 16:52:05 +00:00
dakkar
7d00c4529b fix repo + feedback URLs for Firefish / IceShrimp 2024-03-03 11:12:58 +00:00
dakkar
6ecfe7c7c3 remove duplicate method 2024-03-02 17:34:31 +00:00
dakkar
23f476dbf3 Merge branch 'develop' into release/2024.3.1 2024-03-02 17:28:34 +00:00
dakkar
af548d05ca merge upstream for 2024.2.1 2024-03-02 16:36:49 +00:00
Marie
1b65c06d60 merge: fix: delete old follow request (if exists) before creating new (!440)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/440

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-02-24 18:16:16 +00:00
Kaity A
def2e8dff0
Merge remote-tracking branch 'origin/develop' into fix/failed-follow 2024-02-24 05:05:25 +00:00
Kaity A
ea948ccadc
fix: delete old follow request (if exists) before creating new 2024-02-24 04:38:01 +00:00
Marie
d1b787192a
fix: align note edit errors with note create errors 2024-02-23 17:01:35 +01:00
Marie
15d2319011
merge: upstream 2024-02-23 13:42:52 +01:00