Commit graph

5453 commits

Author SHA1 Message Date
dakkar
45182c17e2 fix imports 2024-05-01 17:41:33 +01:00
dakkar
6ae01e28aa Compact LD-signed activities against well-known context
This should defend against some spoofing attacks, see also
https://nvd.nist.gov/vuln/detail/CVE-2022-24307 for Mastodon,
febb499fcb
from Iceshrimp and
e790d6be90
for Firefish

Thanks to @tesaguri@fedibird.com for reporting and providing the patch.
2024-04-30 10:16:57 +01:00
dakkar
e0afeff248 merge: hide images/videos in og cards, when under a CW - fixes #487 (!488)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/488

Closes #487

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-04-11 20:40:38 +00:00
Marie
cfc8081cec merge: bump tmp@0.2.3 - fixes #464 (!475)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/475

Closes #464

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-04-11 18:00:40 +00:00
Marie
011ccd3a9a merge: bump devel version (!486)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/486

Approved-by: Marie <marie@kaifa.ch>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-04-11 17:21:32 +00:00
dakkar
960f4fcff7 detect size of remote files - fixes #494
without this, remote files are assumed to have size 0 (even if we just
downloaded them!) and the range-related code won't run
2024-04-09 16:21:30 +01:00
dakkar
92eec2178f return 206 for every ranged response - fixes #494 2024-04-09 15:42:29 +01:00
dakkar
56dca6dbf5 hide images/videos in og cards, when under a CW - fixes #487 2024-04-07 16:58:13 +01:00
Marie
bb7b4a8ea4 merge: fix: send null for empty edited_at in mastodon api (!487)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/487

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-04-07 15:36:59 +00:00
dakkar
0690b9a429 merge: fix: load libopenmpt on demand (!469)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/469

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-04-07 14:56:16 +00:00
Sugar🍬🍭🏳️‍⚧
e779c1e667 fix: send null for empty edited_at in mastodon api 2024-04-04 10:43:28 +02:00
Marie
8c955fcce5 merge: use correct note design in favorites page - fixes #483 (!481)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/481

Closes #483

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Marie <marie@kaifa.ch>
2024-04-03 09:28:01 +00:00
dakkar
328546c4cd Merge branch 'develop' into release/2024-03-30 2024-03-30 11:08:26 +00:00
dakkar
074de82bf7 some validation fixes 2024-03-30 11:05:58 +00:00
dakkar
bd7c4f66f3 use correct note design in favorites page - fixes #483 2024-03-27 16:03:35 +00:00
dakkar
f4e89f2e6b bump tmp@0.2.3 - fixes #464
see also https://github.com/raszi/node-tmp/issues/295
2024-03-19 17:13:43 +00:00
Alina Sireneva
ecfaf7ff7a chore: added license and patch info 2024-03-14 21:39:34 +03:00
dakkar
58bc8f2c10 merge: always align code to the left - fixes #436 (!453)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/453

Closes #436

Approved-by: Essem <smswessem@gmail.com>
Approved-by: Leah <kevinlukej@gmail.com>
2024-03-14 14:48:30 +00:00
dakkar
94aed953b5 merge: make cookie a bit more secure - fixes #445 (!468)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/468

Closes #445

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-14 14:47:38 +00:00
dakkar
aa7035a35a merge: longer statement_timeout for migrations - fixes 450 (!466)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/466

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-14 14:46:42 +00:00
dakkar
45eab01fc4 merge: hide CW-ed featured notes on welcome page - fixes #458 (!467)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/467

Closes #458

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Leah <kevinlukej@gmail.com>
Approved-by: Marie <marie@kaifa.ch>
2024-03-14 14:45:53 +00:00
Alina Sireneva
a69315a24b fix: added wasm in vite config 2024-03-14 14:41:24 +03:00
Luna
d003c3ec1f merge: Fixed broken line numbers (!471)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/471

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Luna <her@mint.lgbt>
2024-03-14 01:36:46 +00:00
KevinWh0
b918f38ec2 fixed 2024-03-13 23:52:21 +01:00
Alina Sireneva
d991eccd3f fix: Promise.resolve 2024-03-11 16:42:10 +03:00
Alina Sireneva
0085305579 fix: load libopenmpt on demand 2024-03-11 15:32:59 +03:00
dakkar
6826e43ad7 make cookie a bit more secure - fixes #445
We can't make the cookie `HttpOnly` because we're setting it from
Javascript, but I'm not sure it's worth the trouble to redesign that:
`JSON.parse(localStorage.account).token` gives you the token anyway,
hiding the cookie from JS won't offer much protection.

At least we can mark is `Secure` (meaning, only send it over HTTPS)
and _delete it on logout_ (it wasn't!)
2024-03-10 10:26:04 +00:00
dakkar
ff189b1952 hide CW-ed featured notes on welcome page - fixes #458
not the most elegant solution, but simple and robust
2024-03-10 10:13:35 +00:00
dakkar
43544a6479 longer statement_timeout for migrations - fixes 450 2024-03-09 15:38:36 +00:00
dakkar
ff0117a1a5 check prohibited words when creating notes
some small differences (between Misskey and us) inside the `create`
method made `git` put all the changes inside the `import` method… I
thought I had copied them all, but I had missed one, and it's a pretty
important one: prohibited words were not being checked!
2024-03-05 16:52:05 +00:00
Amelia Yukii
4c69cbcd2b merge: update list of project members (!452)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/452

Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
Approved-by: Leah <kevinlukej@gmail.com>
2024-03-04 20:35:57 +00:00
dakkar
2a4e26c05f update list of project members 2024-03-04 20:35:57 +00:00
Amelia Yukii
1e658ee04d merge: fix repo + feedback URLs for Firefish / IceShrimp (!450)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/450

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-04 20:22:49 +00:00
Amelia Yukii
061cc40384 merge: allow lookup / search for http URLs (!457)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/457

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
2024-03-04 20:20:53 +00:00
Leah
eba0c2cc61 Fixed startup crash with seasonal effects 2024-03-04 18:47:47 +00:00
dakkar
96d8432b85 allow lookup / search for http URLs 2024-03-03 14:45:34 +00:00
dakkar
03464cc379 always align code to the left - fixes #436
"featured notes" on the welcome page's right-hand column are shown
with the text right-aligned; code should not be affected by that. This
makes sure it isn't
2024-03-03 12:06:22 +00:00
dakkar
7d00c4529b fix repo + feedback URLs for Firefish / IceShrimp 2024-03-03 11:12:58 +00:00
dakkar
6ecfe7c7c3 remove duplicate method 2024-03-02 17:34:31 +00:00
dakkar
23f476dbf3 Merge branch 'develop' into release/2024.3.1 2024-03-02 17:28:34 +00:00
dakkar
af548d05ca merge upstream for 2024.2.1 2024-03-02 16:36:49 +00:00
Marie
2fa0e238b7 merge: Update index.vue - Also check enableMcaptcha for noBotProtection (!442)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/442

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-02-24 18:16:43 +00:00
Marie
1b65c06d60 merge: fix: delete old follow request (if exists) before creating new (!440)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/440

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
2024-02-24 18:16:16 +00:00
Ashley Graves
17df852c33 Update index.vue - I'm dumb sorry 2024-02-24 17:15:24 +00:00
Ashley Graves
f3ca342318 Update index.vue - Also check enableMcaptcha for noBotProtection 2024-02-24 17:12:53 +00:00
Kaity A
def2e8dff0
Merge remote-tracking branch 'origin/develop' into fix/failed-follow 2024-02-24 05:05:25 +00:00
Kaity A
ea948ccadc
fix: delete old follow request (if exists) before creating new 2024-02-24 04:38:01 +00:00
Marie
d1b787192a
fix: align note edit errors with note create errors 2024-02-23 17:01:35 +01:00
Marie
15d2319011
merge: upstream 2024-02-23 13:42:52 +01:00
tamaina
c0156b740b
enhance?: DeleteAccountServiceでユーザーを削除する際にuserChangeDeletedStateを発行する (#13382) 2024-02-23 18:15:39 +09:00