kio/Sharkey
kio/Sharkey
0
0
Fork 0
Código Issues Pull requests Projetos Versões Pacotes Wiki Atividade Ações
29.991 commits 64 ramos 930 etiquetas 181 MiB
Gráfico de commits

29.991 commits

Este ramo
Este ramo
Todos os ramos
Autor SHA1 Mensagem Data
dakkar
c128db7666 sign the request's query in addition to the path - maybe fix #1036 
this feels wrong, though!

first of all, the ticket shows that we refuse requests signed by other
software (akkoma, browser.pub), and that strongly implies that they
are also not signing the query

then,
https://github.com/Chocobozzz/node-http-signature/blob/master/lib/signer.js#L186
only signs the path, but
https://github.com/Chocobozzz/node-http-signature/blob/master/lib/parser.js#L292-L293
puts path+query in the string when verifying

do we instead need to mangle `request.raw` to exclude the query when
verifying?
 2025-04-21 14:01:52 +01:00
Marie
57a310a146 merge: Verify links in remote accounts. (!964) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/964

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2025-04-21 11:22:12 +00:00
piuvas
6df82f4eef
 		remove redundant sql query. 2025-04-20 23:21:50 -03:00
piuvas
06fb6fbeca
 		requested changes. 2025-04-20 23:20:59 -03:00
Marie
17e07393a4 merge: fix: Sharkey's logo is missing (!961) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/961

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2025-04-20 23:10:44 +00:00
piuvas
8609426e71
 		remove fortnite. 2025-04-20 14:21:44 -03:00
piuvas
46fa99fc28
 		requested changes to verifyFieldLinks 
Co-authored-by: dakkar <dakkar@thenautilus.net>
 2025-04-20 12:34:00 -03:00
piuvas
20482888b0
 		add merge guide for verifyLink. 2025-04-20 10:44:40 -03:00
Zlendy
90f67bf51a
 		fix: Sharkey's logo is missing 2025-04-20 13:19:28 +02:00
piuvas
1d9876d3fa
 		make link detection slightly more performant. 2025-04-19 23:20:21 -03:00
piuvas
8a60c7df02
 		verify links in remote profiles. 2025-04-19 23:10:27 -03:00
piuvas
6a77512737
 		refactor link verification. 2025-04-19 23:04:48 -03:00
Marie
f24be3674a merge: fix: friendlycaptcha always failing (!963) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/963

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
 2025-04-15 20:40:06 +00:00
Marie
28ad2ae534 fix: friendlycaptcha always failing 2025-04-15 20:13:16 +00:00
Marie
4f64803ef2 merge: make MOTD html unescaped. (requires discussion?) (!759) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/759

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
 2025-04-15 07:45:51 +00:00
Marie
7faef0d11e merge: feat: Allow injection of raw HTML strings inside <head> (!959) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/959

Closes #1029

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2025-04-12 00:11:55 +00:00
Zlendy
cf260762f4
 		docs: Add usage example of "customHtml.head" to ".config/example.yml" 2025-04-11 22:56:33 +02:00
Zlendy
ce26d8d3cb
 		feat: Allow injection of raw HTML strings inside <head> 2025-04-11 22:56:26 +02:00
Marie
965ba1ef76 merge: Fix SPDX-Header in two files (!958) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/958

Closes #1027

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
 2025-04-11 10:45:42 +00:00
Marie
e2507b9e0a Update 2 files 
- /packages/frontend/src/scripts/chiptune2.ts
- /packages/frontend/src/components/SkModPlayer.vue
 2025-04-11 08:17:49 +00:00
Marie
337b352425 merge: display announcement text as mfm block (!957) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/957

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
 2025-04-06 18:17:32 +00:00
dakkar
3f1a2c6cc5 display announcement text as mfm block 
the `announcements.vue` page already does that
 2025-04-06 16:24:49 +01:00
Marie
3522af186d merge: add deleteThisAccountConfirm locale (!956) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/956

Closes #1025

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
 2025-04-06 10:57:56 +00:00
Marie
2b510dc2da
 		upd: add deleteThisAccountConfirm 2025-04-06 00:16:36 +02:00
Marie
865a9c4906 merge: Prevent streaming API denial-of-service (resolves #1019) (!951) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/951

Closes #1019

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2025-03-30 10:40:56 +00:00
dakkar
3a6bba3306 merge: Remove visibility of DMs for non-recipient users (!912) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/912

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
 2025-03-30 09:20:54 +00:00
Hazelnoot
922a7ba1d4 track the number of concurrent requests to redis, and bypass if the request is guaranteed to reject 2025-03-29 09:47:05 -04:00
Hazelnoot
47ea8527fd fix wsmessage rate limit definition 2025-03-29 09:44:38 -04:00
Hazelnoot
fafb811333 increase limits on WS note subscriptions and cached notes 2025-03-28 11:44:29 -04:00
Hazelnoot
86e34175d3 SkRateLimiterService revision 3: cache lockouts in memory to avoid redis calls 2025-03-28 11:43:30 -04:00
Hazelnoot
c41d617e63 limit the number of active connections per client, and limit upgrade requests by user 2025-03-28 11:03:31 -04:00
Hazelnoot
eff7321860 avoid duplicate channels in WS connection 2025-03-28 11:03:31 -04:00
Hazelnoot
14a7309cfb avoid leaking cached notes in WS connection 2025-03-28 11:03:31 -04:00
Hazelnoot
045ff5d2c0 make sure that note subscriptions can't stay above limit 2025-03-28 11:03:31 -04:00
Hazelnoot
b8fd9d0bc0 clear subscriptions when connection closes 2025-03-28 11:03:31 -04:00
Hazelnoot
831329499d limit the number of note subscriptions per connection 2025-03-28 11:03:31 -04:00
Hazelnoot
bf1c9b67d6 close websocket when rate limit exceeded 2025-03-28 11:03:31 -04:00
Hazelnoot
18655386f3 convert streaming rate limit to bucket 2025-03-28 11:03:31 -04:00
dakkar
920bf71eb5 merge: More Mastodon API fixes (resolves #405, #471, and #984) (!954) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/954

Closes #405, #471, and #984

Approved-by: Marie <github@yuugi.dev>
Approved-by: dakkar <dakkar@thenautilus.net>
 2025-03-28 12:45:54 +00:00
dakkar
cc4236e643 merge: Fix actor key rotation (!953) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/953

Approved-by: Marie <github@yuugi.dev>
Approved-by: dakkar <dakkar@thenautilus.net>
 2025-03-28 12:45:49 +00:00
Hazelnoot
6dc3c36ba5 fix megalodon tests 2025-03-27 20:39:23 -04:00
Hazelnoot
848a07a170 Ignore notifications that reference missing notes 2025-03-27 20:30:04 -04:00
Hazelnoot
a92416904f use exclusive ranges in api/i/notifications and /api/v1/notifications 2025-03-27 20:20:42 -04:00
Hazelnoot
876ecb28f0 strip "@." from local reaction names 2025-03-27 19:51:43 -04:00
Hazelnoot
58cdee77d5 convert notification types in mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot
8a9979b3d3 don't render CW as HTML for mastodon 2025-03-27 19:51:43 -04:00
Hazelnoot
dcdc249e77 fix reaction emoji mapping in mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot
ebc3abea54 hide sensitive content from Discord previews 2025-03-27 19:51:43 -04:00
Hazelnoot
36dee5ff20 render profile bios in masto API 2025-03-27 19:51:43 -04:00
Hazelnoot
81f7346f80 fixes to CW and quote conversion for mastodon 2025-03-27 19:51:43 -04:00