Commit graph

194 commits

Author SHA1 Message Date
dakkar
082e1d1afb allow setting separate timeout / max size for imports - fixes #479 2024-06-03 16:29:19 +00:00
dakkar
01256af028 merge: Rework cache clearing to be fault tolerant (!497)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/497

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-05-09 08:01:18 +00:00
Tess K
5e20de45d7 merge: Compact LD-signed activities against well-known context (!503)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/503

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Tess K <me@thvxl.se>
2024-05-04 17:19:42 +00:00
dakkar
d0a2708f91 merge: handle non-ASCII emoji names (!464)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/464

Approved-by: Leah <kevinlukej@gmail.com>
Approved-by: Ember <acomputerdog@gmail.com>
Approved-by: Marie <marie@kaifa.ch>
2024-05-02 21:06:10 +00:00
dakkar
6ae01e28aa Compact LD-signed activities against well-known context
This should defend against some spoofing attacks, see also
https://nvd.nist.gov/vuln/detail/CVE-2022-24307 for Mastodon,
febb499fcb
from Iceshrimp and
e790d6be90
for Firefish

Thanks to @tesaguri@fedibird.com for reporting and providing the patch.
2024-04-30 10:16:57 +01:00
PrivateGER
493775ad7b
reformat expression 2024-04-24 16:05:30 +02:00
Latte macchiato
dd3d562a1e Rework cache clearing to be fault tolerant 2024-04-19 21:58:37 +00:00
dakkar
354cb2a675 handle non-ASCII emoji names
* use the more inclusive regexp for validating emoji names
* always normalize emoji names, aliases, categories

the latter point is necessary to allow matching, for example, `ä`
against `a`+combining diaeresis

this will also need to bump the version of `sfm-js` once we merge
https://activitypub.software/TransFem-org/sfm-js/-/merge_requests/2
2024-03-09 12:51:51 +00:00
dakkar
6ecfe7c7c3 remove duplicate method 2024-03-02 17:34:31 +00:00
dakkar
23f476dbf3 Merge branch 'develop' into release/2024.3.1 2024-03-02 17:28:34 +00:00
dakkar
af548d05ca merge upstream for 2024.2.1 2024-03-02 16:36:49 +00:00
Marie
15d2319011
merge: upstream 2024-02-23 13:42:52 +01:00
tamaina
600d91beda
enhance: リモートのフォロワーから再度Followが来た場合、acceptを返してあげる (#13388)
* enhance: リモートのフォロワーから再度Followが来た場合、acceptを返してあげる

* nanka meccha kaeta

* ブロックチェックの後にフォロー関係の存在チェックをする
2024-02-23 18:04:30 +09:00
anatawa12
b36e6b1a77
fix: 禁止キーワードを含むノートがDelayed Queueに追加されて再処理される問題 (#13428)
* refactor: use IdentifiableError instead of NoteCreateService.ContainsProhibitedWordsError

* fix: notes with prohibited words are reprocessed with delay

* docs(changelog): 禁止キーワードを含むノートがDelayed Queueに追加されて再処理される問題

* lint: fix lint errors

* fix: rethrowするべきなのにrethrowし忘れていたのを修正
2024-02-22 00:59:59 +09:00
Marie
10bfc61670
merge: upstream 2024-02-19 10:47:42 +01:00
Marie
8f6dfa611e fix: keep alt text of file if present 2024-02-13 22:01:53 +00:00
tamaina
c1514ce91d (re) update SPDX-FileCopyrightText
Fix  #13290
2024-02-13 15:59:27 +00:00
tamaina
311c2172d7 Revert "update SPDX-FileCopyrightText"
This reverts commit 9b5aeb76d8.
2024-02-13 15:50:11 +00:00
syuilo
9b5aeb76d8 update SPDX-FileCopyrightText 2024-02-12 11:37:45 +09:00
dakkar
4bc517ca89 import fs/promises the right way
thanks Marie
2024-02-03 12:55:56 +00:00
dakkar
bb3694bfed lint 2024-02-03 12:55:46 +00:00
dakkar
1bb5021c54 decode entity references from tweets
apparently *some* tweets have those ☹
2024-02-03 12:05:08 +00:00
dakkar
a981bca7a3 simpler logic
thanks Alina
2024-02-03 11:37:20 +00:00
dakkar
3a3a051bb5 make almost all fs ops async
there's no `fs.promises.exists`
2024-02-03 11:33:42 +00:00
dakkar
7684f45a5e simpler mapping
thanks Alina
2024-02-03 11:30:39 +00:00
dakkar
25948c9232 simpler json-isation
thanks Alina for the suggestion
2024-02-03 11:29:46 +00:00
Amelia Yukii
a6e257f502 Merge branch 'feture/code-injection-fix' into 'develop'
CVE: Fixed code injection from twitter import

See merge request TransFem-org/Sharkey!390

(cherry picked from commit 127f8556d4)

2a8e93e4 Fixed code injection from twitter import
2024-02-01 15:07:35 +00:00
KevinWh0
2a8e93e4be Fixed code injection from twitter import 2024-02-01 15:58:50 +01:00
dakkar
b77c025245 link twitter names to twitter, not nitter #382
nitter seems very dead
2024-01-28 16:06:16 +00:00
Marie
913dd581ef
merge: upstream 2024-01-25 14:21:42 +01:00
syuilo
65557d5f27 enhance(reversi): more robust matching process 2024-01-24 10:16:05 +09:00
Marie
7552cea69a
merge: upstream 2024-01-09 02:57:57 +01:00
Kagami Sascha Rosylight
2a9db983fc
feat: export clips (#12931)
* feat: export clips

* Update CHANGELOG.md
2024-01-07 10:35:58 +09:00
riku6460
24645e3d3d
enhance(backend): ActivityPub 周りで連合先から HTTP 429 Too Many Requests を受け取った際にジョブをリトライするように (#12917)
* enhance(backend): ActivityPub 周りで HTTP 429 Too Many Requests を受け取った際にリトライするように

* add to changelog

---------

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2024-01-06 09:40:08 +09:00
MeiMei
d415fd29a3
enhance(backend): ActivityPub Deliver queueでBodyを事前処理するように (#12916)
* Pre-processing deliver body

* CHANGELOG

* ループ内で計算されると意味がないので

* 同じ処理を同じ形に

---------

Co-authored-by: まっちゃとーにゅ <17376330+u1-liquid@users.noreply.github.com>
2024-01-06 09:07:48 +09:00
Marie
1805150533 fix: visibility check on masto import
Originally from PR #288
2023-12-31 22:41:35 +01:00
Marie
233eff48f3 merge: pleroma note import - Use hashed filename for exists check (#283)
Reviewed-on: https://git.joinsharkey.org/Sharkey/Sharkey/pulls/283
2023-12-31 18:43:38 +01:00
smitten
8d6d5923da
Simplify hash steps 2023-12-31 11:14:41 -05:00
smitten
327694d4cf
Use base64url digest 2023-12-31 09:13:51 -05:00
smitten
e9428a5a05
Use hex digest 2023-12-31 09:03:46 -05:00
Marie
b700fadbe3 upd: add home as a visibility for mastodon imports 2023-12-31 06:32:39 +01:00
Marie
07f06d7ed6 fix: if condition 2023-12-31 04:09:44 +01:00
Marie
fc6581b948 fix: correct followers visibility on import 2023-12-31 03:50:05 +01:00
Marie
667daebb79 upd: prevent vanilla mastodon imports from importing DMs
Also adds the visibility function to mastodon imports
2023-12-31 03:48:51 +01:00
smitten
0bb0d69543
Use hashed filename for exists check 2023-12-30 20:44:31 -05:00
dakkar
c958d935e4 thread Pleroma imports as well
I have _not_ tested this, but it should work fine, those exports are
the same shape as Mastodon's
2023-11-30 13:26:55 +00:00
dakkar
c59e74dfd5 fix chaining for Mastodon notes
the id / replyId are not at the top level, so now `recreateChain`
takes a list of keys to walk, not just a single key
2023-11-30 13:26:55 +00:00
dakkar
15503b96a0 properly thread Mastodon imports 2023-11-30 13:26:55 +00:00
Gianni Ceccarelli
e392d523a7 prepare to import more notes
`recreateChain` converts a list of notes into a forest of notes, using
notes that are not replies as roots, and replies as child nodes,
recursively.

Previously, notes that are replies to notes not included in the
export, and their children, were never put in the forest, and
therefore wheren't imported.

This can be fine when importing from Twitter, since we can't really
link a note to a tweet.

And, for the moment, it's acceptable when importing from *key, because
the export doesn't contain the instance URL, so we can't resolve ids
to remote notes.

It's less fine when importing from Mastodon / Pleroma / Akkoma,
because in those cases we _can_ link to the remote note that the user
was replying to.

This commit makes `recreateChain` optionally return "orphaned" note
trees, so in the (near) future we can use it to properly thread
imported notes from those services.
2023-11-30 13:26:55 +00:00
Mar0xy
62bcd42891
upd: create Folders for imported media 2023-11-28 22:46:10 +01:00