Commit graph

24 commits

Author SHA1 Message Date
Trojaner
4f738246fd Make security key independent of 2FA
Co-authored-by: TrojanerHD <github@trojaner.dev>
2024-02-29 12:19:26 +00:00
naskya
c79248d07c
refactor (backend): make error logs more verbose 2024-02-22 03:18:05 +09:00
ThatOneCalculator
623cadf981
Revert "chore: lint import order"
This reverts commit 8d3c35c0c6.
2023-12-04 23:12:10 -08:00
ThatOneCalculator
8d3c35c0c6
chore: lint import order 2023-11-26 12:33:46 -08:00
naskya
adee17b85a
chore: organize backend imports
* remove unused/duplicate imports
* replace paths like "../../../define.js" to be more readable
* add missing @types packages
2023-10-30 18:06:08 +09:00
ThatOneCalculator
46af585cf7
feat: 🔒 Improve 2FA/keypass experience
Co-authored-by: Tamania <tamaina@hotmail.co.jp>
Co-authored-by: Syuilo <syuilotan@yahoo.co.jp>
2023-06-15 16:12:32 -07:00
s1idewhist1e
8d1251b977
fix email validation 2023-04-30 22:57:10 -07:00
ThatOneCalculator
a44fee3aae
fix? 2023-04-26 19:58:26 -07:00
ThatOneCalculator
0a2335ff75
feat: frontend interface for post-account creation email verification 2023-04-26 19:44:38 -07:00
Namekuji
eebfdf8559 feat: reserved usernames (#9917)
This PR adds a feature to prevent users from creating a new account with a reserved username such as root, admin, system, proxy, info, etc...

Reserved usernames can be configured via the config file.

The administrator can create an account with a reserved username via the first setup screen or the control panel.

The existing account of reserved usernames will not be affected.

Co-authored-by: Namekuji <nmkj@mx.kazuno.co>
Reviewed-on: https://codeberg.org/calckey/calckey/pulls/9917
Co-authored-by: Namekuji <nmkj@noreply.codeberg.org>
Co-committed-by: Namekuji <nmkj@noreply.codeberg.org>
2023-04-26 20:06:18 +00:00
amy bones
b28ba9f82f
fix: changing passwords, 2fa, and password resets.
The argon2 usage was only implemented for sign-ins which broke a bunch of other
endpoints and features.
2023-04-03 05:14:50 -07:00
ThatOneCalculator
acfc88389a
formatting 2023-03-30 19:10:03 -07:00
ThatOneCalculator
12769bd1ab
feat: 🔒 add argon2 support
Passwords will be automatically re-hashed on sign-in. All new password hashes will be argon2 by default.  This uses argon2id and is not configurable. In the very unlikely case someone has more specific needs, a fork is recommended.  ChangeLog: Added  Co-authored-by: Chloe Kudryavtsev <code@toast.bunkerlabs.net>

Breaks Calckey -> Misskey migration, but fixes Foundkey -> Calckey migration
2023-03-30 19:09:44 -07:00
ThatOneCalculator
6b00abf05c
refactor: 🎨 rome 2023-01-12 20:40:33 -08:00
MeiMei
c05723ca6a
Fix IP address rate limit (#8758)
* Fix IP address rate limit

* CHANGELOG

* Tune getIpHash
2022-05-31 17:44:22 +09:00
Johann150
161659de5c
enhance: replace signin CAPTCHA with rate limit (#8740)
* enhance: rate limit works without signed in user

* fix: make limit key required for limiter

As before the fallback limiter key will be set from the endpoint name.

* enhance: use limiter for signin

* Revert "CAPTCHA求めるのは2fa認証が無効になっているときだけにした"

This reverts commit 02a43a310f.

* Revert "feat: make captcha required when signin to improve security"

This reverts commit b21b058005.

* fix undefined reference

* fix: better error message

* enhance: only handle prefix of IPv6
2022-05-28 12:06:47 +09:00
syuilo
02a43a310f CAPTCHA求めるのは2fa認証が無効になっているときだけにした
2faのトークンは期限付きだから、CAPTCHA解いてる間に期限切れになる
2022-05-15 16:47:14 +09:00
syuilo
b21b058005 feat: make captcha required when signin to improve security 2022-05-15 12:18:46 +09:00
syuilo
41c2aed7dc chore: fix lint 2022-04-03 15:33:22 +09:00
syuilo
1c67c26bd8
refactor: migrate to typeorm 3.0 (#8443)
* wip

* wip

* wip

* Update following.ts

* wip

* wip

* wip

* Update resolve-user.ts

* maxQueryExecutionTime

* wip

* wip
2022-03-26 15:34:00 +09:00
syuilo
d071d18dd7
refactor: Use ESM (#8358)
* wip

* wip

* fix

* clean up

* Update tsconfig.json

* Update activitypub.ts

* wip
2022-02-27 11:07:39 +09:00
syuilo
510de87607
refactor: use ajv instead of cafy (#8324)
* wip

* wip

* Update abuse-user-reports.ts

* Update files.ts

* Update list-remote.ts

* Update list.ts

* Update show-users.ts

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* Update update.ts

* Update search.ts

* Update reactions.ts

* Update search.ts

* wip

* wip

* wip

* wip

* Update update.ts

* Update relation.ts

* Update available.ts

* wip

* wip

* wip

* Update packages/backend/src/server/api/define.ts

Co-authored-by: Johann150 <johann.galle@protonmail.com>

* Update define.ts

* Update define.ts

* typo

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* Update update.ts

* wip

* Update signup.ts

* Update call.ts

* minimum for limit

* type

* remove needless annotation

* wip

* Update signup.ts

* wip

* wip

* fix

* Update create.ts

Co-authored-by: Johann150 <johann.galle@protonmail.com>
2022-02-19 14:05:32 +09:00
syuilo
c69b72e199 fix lint 2021-12-09 23:58:30 +09:00
syuilo
0e4a111f81 refactoring
Resolve #7779
2021-11-12 02:02:25 +09:00