Gráfico de commits

29.991 commits

Autor SHA1 Mensagem Data
dakkar
c128db7666 sign the request's query in addition to the path - maybe fix #1036
this feels wrong, though!

first of all, the ticket shows that we refuse requests signed by other
software (akkoma, browser.pub), and that strongly implies that they
are also not signing the query

then,
https://github.com/Chocobozzz/node-http-signature/blob/master/lib/signer.js#L186
only signs the path, but
https://github.com/Chocobozzz/node-http-signature/blob/master/lib/parser.js#L292-L293
puts path+query in the string when verifying

do we instead need to mangle `request.raw` to exclude the query when
verifying?
2025-04-21 14:01:52 +01:00
Marie
57a310a146 merge: Verify links in remote accounts. (!964)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/964

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
2025-04-21 11:22:12 +00:00
piuvas
6df82f4eef
remove redundant sql query. 2025-04-20 23:21:50 -03:00
piuvas
06fb6fbeca
requested changes. 2025-04-20 23:20:59 -03:00
Marie
17e07393a4 merge: fix: Sharkey's logo is missing (!961)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/961

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
2025-04-20 23:10:44 +00:00
piuvas
8609426e71
remove fortnite. 2025-04-20 14:21:44 -03:00
piuvas
46fa99fc28
requested changes to verifyFieldLinks
Co-authored-by: dakkar <dakkar@thenautilus.net>
2025-04-20 12:34:00 -03:00
piuvas
20482888b0
add merge guide for verifyLink. 2025-04-20 10:44:40 -03:00
Zlendy
90f67bf51a
fix: Sharkey's logo is missing 2025-04-20 13:19:28 +02:00
piuvas
1d9876d3fa
make link detection slightly more performant. 2025-04-19 23:20:21 -03:00
piuvas
8a60c7df02
verify links in remote profiles. 2025-04-19 23:10:27 -03:00
piuvas
6a77512737
refactor link verification. 2025-04-19 23:04:48 -03:00
Marie
f24be3674a merge: fix: friendlycaptcha always failing (!963)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/963

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
2025-04-15 20:40:06 +00:00
Marie
28ad2ae534 fix: friendlycaptcha always failing 2025-04-15 20:13:16 +00:00
Marie
4f64803ef2 merge: make MOTD html unescaped. (requires discussion?) (!759)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/759

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
2025-04-15 07:45:51 +00:00
Marie
7faef0d11e merge: feat: Allow injection of raw HTML strings inside <head> (!959)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/959

Closes #1029

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
2025-04-12 00:11:55 +00:00
Zlendy
cf260762f4
docs: Add usage example of "customHtml.head" to ".config/example.yml" 2025-04-11 22:56:33 +02:00
Zlendy
ce26d8d3cb
feat: Allow injection of raw HTML strings inside <head> 2025-04-11 22:56:26 +02:00
Marie
965ba1ef76 merge: Fix SPDX-Header in two files (!958)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/958

Closes #1027

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
2025-04-11 10:45:42 +00:00
Marie
e2507b9e0a Update 2 files
- /packages/frontend/src/scripts/chiptune2.ts
- /packages/frontend/src/components/SkModPlayer.vue
2025-04-11 08:17:49 +00:00
Marie
337b352425 merge: display announcement text as mfm block (!957)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/957

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
2025-04-06 18:17:32 +00:00
dakkar
3f1a2c6cc5 display announcement text as mfm block
the `announcements.vue` page already does that
2025-04-06 16:24:49 +01:00
Marie
3522af186d merge: add deleteThisAccountConfirm locale (!956)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/956

Closes #1025

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
2025-04-06 10:57:56 +00:00
Marie
2b510dc2da
upd: add deleteThisAccountConfirm 2025-04-06 00:16:36 +02:00
Marie
865a9c4906 merge: Prevent streaming API denial-of-service (resolves #1019) (!951)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/951

Closes #1019

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
2025-03-30 10:40:56 +00:00
dakkar
3a6bba3306 merge: Remove visibility of DMs for non-recipient users (!912)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/912

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
2025-03-30 09:20:54 +00:00
922a7ba1d4 track the number of concurrent requests to redis, and bypass if the request is guaranteed to reject 2025-03-29 09:47:05 -04:00
47ea8527fd fix wsmessage rate limit definition 2025-03-29 09:44:38 -04:00
fafb811333 increase limits on WS note subscriptions and cached notes 2025-03-28 11:44:29 -04:00
86e34175d3 SkRateLimiterService revision 3: cache lockouts in memory to avoid redis calls 2025-03-28 11:43:30 -04:00
c41d617e63 limit the number of active connections per client, and limit upgrade requests by user 2025-03-28 11:03:31 -04:00
eff7321860 avoid duplicate channels in WS connection 2025-03-28 11:03:31 -04:00
14a7309cfb avoid leaking cached notes in WS connection 2025-03-28 11:03:31 -04:00
045ff5d2c0 make sure that note subscriptions can't stay above limit 2025-03-28 11:03:31 -04:00
b8fd9d0bc0 clear subscriptions when connection closes 2025-03-28 11:03:31 -04:00
831329499d limit the number of note subscriptions per connection 2025-03-28 11:03:31 -04:00
bf1c9b67d6 close websocket when rate limit exceeded 2025-03-28 11:03:31 -04:00
18655386f3 convert streaming rate limit to bucket 2025-03-28 11:03:31 -04:00
dakkar
920bf71eb5 merge: More Mastodon API fixes (resolves #405, #471, and #984) (!954)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/954

Closes #405, #471, and #984

Approved-by: Marie <github@yuugi.dev>
Approved-by: dakkar <dakkar@thenautilus.net>
2025-03-28 12:45:54 +00:00
dakkar
cc4236e643 merge: Fix actor key rotation (!953)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/953

Approved-by: Marie <github@yuugi.dev>
Approved-by: dakkar <dakkar@thenautilus.net>
2025-03-28 12:45:49 +00:00
6dc3c36ba5 fix megalodon tests 2025-03-27 20:39:23 -04:00
848a07a170 Ignore notifications that reference missing notes 2025-03-27 20:30:04 -04:00
a92416904f use exclusive ranges in api/i/notifications and /api/v1/notifications 2025-03-27 20:20:42 -04:00
876ecb28f0 strip "@." from local reaction names 2025-03-27 19:51:43 -04:00
58cdee77d5 convert notification types in mastodon API 2025-03-27 19:51:43 -04:00
8a9979b3d3 don't render CW as HTML for mastodon 2025-03-27 19:51:43 -04:00
dcdc249e77 fix reaction emoji mapping in mastodon API 2025-03-27 19:51:43 -04:00
ebc3abea54 hide sensitive content from Discord previews 2025-03-27 19:51:43 -04:00
36dee5ff20 render profile bios in masto API 2025-03-27 19:51:43 -04:00
81f7346f80 fixes to CW and quote conversion for mastodon 2025-03-27 19:51:43 -04:00