diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a3263bf6aa..50f323fab0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,38 +1,36 @@ # Contribution guide -We're glad you're interested in contributing Misskey! In this document you will find the information you need to contribute to the project. - -> **Note** -> This project uses Japanese as its major language, **but you do not need to translate and write the Issues/PRs in Japanese.** -> Also, you might receive comments on your Issue/PR in Japanese, but you do not need to reply to them in Japanese as well.\ -> The accuracy of machine translation into Japanese is not high, so it will be easier for us to understand if you write it in the original language. -> It will also allow the reader to use the translation tool of their preference if necessary. +We're glad you're interested in contributing to Sharkey! In this document you will find the information you need to contribute to the project. ## Roadmap -See [ROADMAP.md](./ROADMAP.md) +See [ROADMAP.md](./ROADMAP.md) for the upstream Misskey roadmap. ## Issues Before creating an issue, please check the following: - To avoid duplication, please search for similar issues before creating a new issue. - Do not use Issues to ask questions or troubleshooting. - Issues should only be used to feature requests, suggestions, and bug tracking. - - Please ask questions or troubleshooting in [GitHub Discussions](https://github.com/misskey-dev/misskey/discussions) or [Discord](https://discord.gg/Wp8gVStHW3). + - Please ask questions or troubleshooting in [Discord](https://discord.gg/6VgKmEqHNk). > **Warning** > Do not close issues that are about to be resolved. It should remain open until a commit that actually resolves it is merged. ## Before implementation -When you want to add a feature or fix a bug, **first have the design and policy reviewed in an Issue** (if it is not there, please make one). Without this step, there is a high possibility that the PR will not be merged even if it is implemented. +When you want to add a feature or fix a bug, *please open an issue*, +don't just start writing code. We may suggest different approaches, or +show that the "bug" is actually intended behaviour (and offer +work-arounds), or maybe we won't be able to merge your new feature +because it would make it too hard to incorporate future changes from +Misskey. Each of these examples have actually happened! -At this point, you also need to clarify the goals of the PR you will create, and make sure that the other members of the team are aware of them. -PRs that do not have a clear set of do's and don'ts tend to be bloated and difficult to review. +On the other hand, it's very likely that we'll tell you "go +ahead!". We try our best to incorporate improvements from our users! Also, when you start implementation, assign yourself to the Issue (if you cannot do it yourself, ask another member to assign you). By expressing your intention to work the Issue, you can prevent conflicts in the work. ## Well-known branches -- **`master`** branch is tracking the latest release and used for production purposes. +- **`stable`** branch is tracking the latest release and used for production purposes. - **`develop`** branch is where we work for the next release. - When you create a PR, basically target it to this branch. -- **`l10n_develop`** branch is reserved for localization management. ## Creating a PR Thank you for your PR! Before creating a PR, please check the following: @@ -40,7 +38,7 @@ Thank you for your PR! Before creating a PR, please check the following: - `fix` / `refactor` / `feat` / `enhance` / `perf` / `chore` etc - Also, make sure that the granularity of this PR is appropriate. Please do not include more than one type of change or interest in a single PR. - If there is an Issue which will be resolved by this PR, please include a reference to the Issue in the text. -- Please add the summary of the changes to [`CHANGELOG.md`](/CHANGELOG.md). However, this is not necessary for changes that do not affect the users, such as refactoring. +- Please add the summary of the changes to [`CHANGELOG.md`](CHANGELOG.md). However, this is not necessary for changes that do not affect the users, such as refactoring. - Check if there are any documents that need to be created or updated due to this change. - If you have added a feature or fixed a bug, please add a test case if possible. - Please make sure that tests and Lint are passed in advance. @@ -66,26 +64,19 @@ Be willing to comment on the good points and not just the things you want fixed - Are there any omissions or gaps? - Does it check for anomalies? -## Deploy -The `/deploy` command by issue comment can be used to deploy the contents of a PR to the preview environment. -``` -/deploy sha= -``` -An actual domain will be assigned so you can test the federation. - ## Merge ## Release ### Release Instructions -1. Commit version changes in the `develop` branch ([package.json](https://github.com/misskey-dev/misskey/blob/develop/package.json)) +1. Commit version changes in the `develop` branch ([package.json](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/package.json)) 2. Create a release PR. - - Into `master` from `develop` branch. + - Into `stable` from `develop` branch. - The title must be in the format `Release: x.y.z`. - `x.y.z` is the new version you are trying to release. 3. Deploy and perform a simple QA check. Also verify that the tests passed. 4. Merge it. (Do not squash commit) -5. Create a [release of GitHub](https://github.com/misskey-dev/misskey/releases) - - The target branch must be `master` +5. Create a [release](https://activitypub.software/TransFem-org/Sharkey/-/releases) + - The target branch must be `stable` - The tag name must be the version > **Note** @@ -156,7 +147,7 @@ pnpm dev ``` ## Testing -- Test codes are located in [`/packages/backend/test`](/packages/backend/test). +- Test codes are located in [`/packages/backend/test`](packages/backend/test). ### Run test Create a config file. @@ -188,8 +179,8 @@ TODO - `MISSKEY_WEBFINGER_USE_HTTP`: If it's set true, WebFinger requests will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION. ## Continuous integration -Misskey uses GitHub Actions for executing automated tests. -Configuration files are located in [`/.github/workflows`](/.github/workflows). +Sharkey uses GitLab CI for executing automated tests. +Configuration files are located in [`/.gitlab-ci.yml`](.gitlab-ci.yml). ## Vue Misskey uses Vue(v3) as its front-end framework. @@ -455,3 +446,30 @@ marginはそのコンポーネントを使う側が設定する ### indexというファイル名を使うな ESMではディレクトリインポートは廃止されているのと、ディレクトリインポートせずともファイル名が index だと何故か一部のライブラリ?でディレクトリインポートだと見做されてエラーになる + +## Merging from Misskey into Sharkey + +Make sure you have both remotes in the same clone (`git remote add misskey +https://github.com/misskey-dev/misskey.git`), then: + + git remote update + git checkout develop # this is Sharkey's develop + git checkout -m merge/$(date +%Y-%m-%d) # or whatever + git merge --no-ff misskey/develop + +fix conflicts and *commit*! + +*after that commit*, do all the extra work, on the same branch: + +* copy all changes: + * from `NoteCreateService.create` to `NoteCreateService.import` (and + vice versa if `git` got confused!) + * from `NoteCreateService` to `NoteEditService` + * from `ApNoteService.createNote` to `ApNoteService.updateNote` + * from `endoints/notes/create.ts` to `endoints/notes/edit.ts` + * from `MkNote*` to `SkNote*` (if sensible) +* run tests `pnpm test` and fix as much as you can +* run lint `pnpm --filter=backend lint` + `pnpm --filter=frontend + eslint` and fix as much as you can + +Then push and open a Merge Request. diff --git a/Dockerfile b/Dockerfile index 8ad4bbbfb1..7e0a778862 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,6 @@ ARG NODE_VERSION=20.10.0-alpine3.18 FROM node:${NODE_VERSION} as build -RUN corepack enable - -WORKDIR /sharkey - RUN apk add git linux-headers build-base ENV PYTHONUNBUFFERED=1 @@ -15,55 +11,70 @@ RUN apk add --update python3 && ln -sf python3 /usr/bin/python RUN python3 -m ensurepip RUN pip3 install --no-cache --upgrade pip setuptools -COPY . ./ +RUN corepack enable + +WORKDIR /sharkey + +COPY --link . ./ RUN git submodule update --init --recursive RUN pnpm config set fetch-retries 5 RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ - pnpm i + pnpm i --frozen-lockfile --aggregate-output RUN pnpm build RUN node scripts/trim-deps.mjs RUN mv packages/frontend/assets sharkey-assets +RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ + pnpm prune RUN rm -r node_modules packages/frontend packages/sw RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ - pnpm i --prod + pnpm i --prod --frozen-lockfile --aggregate-output RUN rm -rf .git FROM node:${NODE_VERSION} +ARG UID="991" +ARG GID="991" + +RUN apk add ffmpeg tini jemalloc \ + && corepack enable \ + && addgroup -g "${GID}" sharkey \ + && adduser -D -u "${UID}" -G sharkey -h /sharkey sharkey \ + && find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; \ + && find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; + +USER sharkey WORKDIR /sharkey -RUN apk add ffmpeg tini +COPY --chown=sharkey:sharkey --from=build /sharkey/node_modules ./node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/built ./built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/built ./packages/backend/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib +COPY --chown=sharkey:sharkey --from=build /sharkey/fluent-emojis ./fluent-emojis +COPY --chown=sharkey:sharkey --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist +COPY --chown=sharkey:sharkey --from=build /sharkey/sharkey-assets ./packages/frontend/assets -COPY --from=build /sharkey/built ./built -COPY --from=build /sharkey/node_modules ./node_modules -COPY --from=build /sharkey/packages/backend/built ./packages/backend/built -COPY --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules -COPY --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib -COPY --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules -COPY --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built -COPY --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules -COPY --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built -COPY --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules -COPY --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built -COPY --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules -COPY --from=build /sharkey/fluent-emojis ./fluent-emojis -COPY --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist -COPY --from=build /sharkey/sharkey-assets ./packages/frontend/assets - -COPY package.json ./package.json -COPY pnpm-workspace.yaml ./pnpm-workspace.yaml -COPY packages/backend/package.json ./packages/backend/package.json -COPY packages/backend/check_connect.js ./packages/backend/check_connect.js -COPY packages/backend/ormconfig.js ./packages/backend/ormconfig.js -COPY packages/backend/migration ./packages/backend/migration -COPY packages/backend/assets ./packages/backend/assets -COPY packages/megalodon/package.json ./packages/megalodon/package.json -COPY packages/misskey-js/package.json ./packages/misskey-js/package.json -COPY packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json -COPY packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json +COPY --chown=sharkey:sharkey package.json ./package.json +COPY --chown=sharkey:sharkey pnpm-workspace.yaml ./pnpm-workspace.yaml +COPY --chown=sharkey:sharkey packages/backend/package.json ./packages/backend/package.json +COPY --chown=sharkey:sharkey packages/backend/check_connect.js ./packages/backend/check_connect.js +COPY --chown=sharkey:sharkey packages/backend/ormconfig.js ./packages/backend/ormconfig.js +COPY --chown=sharkey:sharkey packages/backend/migration ./packages/backend/migration +COPY --chown=sharkey:sharkey packages/backend/assets ./packages/backend/assets +COPY --chown=sharkey:sharkey packages/megalodon/package.json ./packages/megalodon/package.json +COPY --chown=sharkey:sharkey packages/misskey-js/package.json ./packages/misskey-js/package.json +COPY --chown=sharkey:sharkey packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json +COPY --chown=sharkey:sharkey packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json +ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2 ENV NODE_ENV=production -RUN corepack enable ENTRYPOINT ["/sbin/tini", "--"] CMD ["pnpm", "run", "migrateandstart"] diff --git a/IMPORTANT_NOTES.md b/IMPORTANT_NOTES.md index fba40d21ce..54d0440bea 100644 --- a/IMPORTANT_NOTES.md +++ b/IMPORTANT_NOTES.md @@ -6,8 +6,11 @@ When using a service with Sharkey, there are several important points to keep in 2. Even for posts made in private, there is no guarantee that the recipient's server will treat them as private in the same way. Please exercise caution when posting personal or confidential information. (Again, this applies to the internet in general.) -3. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account. +3. The "Drive" feature is NOT secure cloud storage. This feature exists for easier managing of your uploaded files. +Any data uploaded, whether shared via post or not, will be publicly accessible. Please use 3rd party cloud storage providers if you need to upload data with sensitive information of any kind. -4. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey. +4. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account. -Please understand these points and enjoy using the service. \ No newline at end of file +5. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey. + +Please understand these points and enjoy using the service. diff --git a/locales/en-US.yml b/locales/en-US.yml index 1583286ada..56a1b18e9b 100644 --- a/locales/en-US.yml +++ b/locales/en-US.yml @@ -135,7 +135,7 @@ overwriteFromPinnedEmojis: "Override from general settings" reactionSettingDescription2: "Drag to reorder, click to delete, press \"+\" to add." rememberNoteVisibility: "Remember note visibility settings" attachCancel: "Remove attachment" -deleteFile: "File deleted" +deleteFile: "Delete file" markAsSensitive: "Mark as sensitive" unmarkAsSensitive: "Unmark as sensitive" enterFileName: "Enter filename" diff --git a/package.json b/package.json index cbd0a6a264..2d6fa7de0c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "sharkey", - "version": "2024.3.1+egirls.2", + "version": "2024.3.2+egirls.0", "codename": "shonk", "repository": { "type": "git", diff --git a/packages/backend/migration/1709462550083-MoreRepoUrl.js b/packages/backend/migration/1709462550083-MoreRepoUrl.js new file mode 100644 index 0000000000..90bab0e676 --- /dev/null +++ b/packages/backend/migration/1709462550083-MoreRepoUrl.js @@ -0,0 +1,16 @@ +/* + * SPDX-FileCopyrightText: dakkar and other Sharkey contributors + * SPDX-License-Identifier: AGPL-3.0-only + */ + +export class MoreRepoUrl1709462550083 { + name = 'MoreRepoUrl1709462550083' + + async up(queryRunner) { + await queryRunner.query(`UPDATE "meta" SET "repositoryUrl"=DEFAULT WHERE "repositoryUrl" IN ('https://git.joinfirefish.org/firefish/firefish','https://codeberg/firefish/firefish','https://codeberg.org/calckey/calckey','https://iceshrimp.dev/iceshrimp/iceshrimp')`); + await queryRunner.query(`UPDATE "meta" SET "feedbackUrl"=DEFAULT WHERE "feedbackUrl" IN ('https://git.joinfirefish.org/firefish/firefish/issues','https://codeberg/firefish/firefish/issues','https://codeberg.org/calckey/calckey/firefish/firefish/issues','https://iceshrimp.dev/iceshrimp/iceshrimp/issues/new','https://iceshrimp.dev/iceshrimp/iceshrimp/issues')`); + } + + async down(queryRunner) { + } +} diff --git a/packages/backend/ormconfig.js b/packages/backend/ormconfig.js index 229e5bf1fe..c88b3b3d65 100644 --- a/packages/backend/ormconfig.js +++ b/packages/backend/ormconfig.js @@ -11,7 +11,11 @@ export default new DataSource({ username: config.db.user, password: config.db.pass, database: config.db.db, - extra: config.db.extra, + extra: { + ...config.db.extra, + // migrations may be very slow, give them longer to run (that 10*1000 comes from postgres.ts) + statement_timeout: (config.db.extra?.statement_timeout ?? 1000 * 10) * 10, + }, entities: entities, migrations: ['migration/*.js'], }); diff --git a/packages/backend/src/core/HttpRequestService.ts b/packages/backend/src/core/HttpRequestService.ts index 7f3cac7c58..bea5dee6ab 100644 --- a/packages/backend/src/core/HttpRequestService.ts +++ b/packages/backend/src/core/HttpRequestService.ts @@ -15,6 +15,7 @@ import type { Config } from '@/config.js'; import { StatusError } from '@/misc/status-error.js'; import { bindThis } from '@/decorators.js'; import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js'; +import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js'; import type { IObject } from '@/core/activitypub/type.js'; import type { Response } from 'node-fetch'; import type { URL } from 'node:url'; @@ -125,7 +126,12 @@ export class HttpRequestService { validators: [validateContentTypeSetAsActivityPub], }); - return await res.json() as IObject; + const finalUrl = res.url; // redirects may have been involved + const activity = await res.json() as IObject; + + assertActivityMatchesUrls(activity, [url, finalUrl]); + + return activity; } @bindThis diff --git a/packages/backend/src/core/NoteCreateService.ts b/packages/backend/src/core/NoteCreateService.ts index ad4e766166..3f935d03db 100644 --- a/packages/backend/src/core/NoteCreateService.ts +++ b/packages/backend/src/core/NoteCreateService.ts @@ -266,6 +266,16 @@ export class NoteCreateService implements OnApplicationShutdown { } } + const hasProhibitedWords = await this.checkProhibitedWordsContain({ + cw: data.cw, + text: data.text, + pollChoices: data.poll?.choices, + }, meta.prohibitedWords); + + if (hasProhibitedWords) { + throw new IdentifiableError('689ee33f-f97c-479a-ac49-1b9f8140af99', 'Note contains prohibited words'); + } + const inSilencedInstance = this.utilityService.isSilencedHost(meta.silencedHosts, user.host); if (data.visibility === 'public' && inSilencedInstance && user.host !== null) { @@ -299,7 +309,7 @@ export class NoteCreateService implements OnApplicationShutdown { } // Check blocking - if (data.renote && data.text == null && data.poll == null && (data.files == null || data.files.length === 0)) { + if (data.renote && !this.isQuote(data)) { if (data.renote.userHost === null) { if (data.renote.userId !== user.id) { const blocked = await this.userBlockingService.checkBlocked(data.renote.userId, user.id); @@ -1028,7 +1038,7 @@ export class NoteCreateService implements OnApplicationShutdown { removeOnComplete: true, }); } - + // Pack the note const noteObj = await this.noteEntityService.pack(note, null, { skipHide: true, withReactionAndUserPairCache: true }); diff --git a/packages/backend/src/core/UtilityService.ts b/packages/backend/src/core/UtilityService.ts index 967aadffc9..346ad9e0b7 100644 --- a/packages/backend/src/core/UtilityService.ts +++ b/packages/backend/src/core/UtilityService.ts @@ -92,7 +92,7 @@ export class UtilityService { @bindThis public extractDbHost(uri: string): string { const url = new URL(uri); - return this.toPuny(url.hostname); + return this.toPuny(url.host); } @bindThis @@ -105,4 +105,11 @@ export class UtilityService { if (host == null) return null; return toASCII(host.toLowerCase()); } + + @bindThis + public punyHost(url: string): string { + const urlObj = new URL(url); + const host = `${this.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`; + return host; + } } diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts index 93ac8ce9a7..fd8d65445a 100644 --- a/packages/backend/src/core/activitypub/ApRequestService.ts +++ b/packages/backend/src/core/activitypub/ApRequestService.ts @@ -14,7 +14,9 @@ import { HttpRequestService } from '@/core/HttpRequestService.js'; import { LoggerService } from '@/core/LoggerService.js'; import { bindThis } from '@/decorators.js'; import type Logger from '@/logger.js'; +import type { IObject } from './type.js'; import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js'; +import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js'; type Request = { url: string; @@ -201,6 +203,11 @@ export class ApRequestService { validators: [validateContentTypeSetAsActivityPub], }); - return await res.json(); + const finalUrl = res.url; // redirects may have been involved + const activity = await res.json() as IObject; + + assertActivityMatchesUrls(activity, [url, finalUrl]); + + return activity; } } diff --git a/packages/backend/src/core/activitypub/ApResolverService.ts b/packages/backend/src/core/activitypub/ApResolverService.ts index 28c886a9f4..40994db925 100644 --- a/packages/backend/src/core/activitypub/ApResolverService.ts +++ b/packages/backend/src/core/activitypub/ApResolverService.ts @@ -119,6 +119,14 @@ export class Resolver { throw new Error('invalid response'); } + // HttpRequestService / ApRequestService have already checked that + // `object.id` or `object.url` matches the URL used to fetch the + // object after redirects; here we double-check that no redirects + // bounced between hosts + if (object.id && (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value))) { + throw new Error(`invalid AP object ${value}: id ${object.id} has different host`); + } + return object; } diff --git a/packages/backend/src/core/activitypub/misc/check-against-url.ts b/packages/backend/src/core/activitypub/misc/check-against-url.ts new file mode 100644 index 0000000000..78ba891a2e --- /dev/null +++ b/packages/backend/src/core/activitypub/misc/check-against-url.ts @@ -0,0 +1,19 @@ +/* + * SPDX-FileCopyrightText: dakkar and sharkey-project + * SPDX-License-Identifier: AGPL-3.0-only + */ +import type { IObject } from '../type.js'; + +export function assertActivityMatchesUrls(activity: IObject, urls: string[]) { + const idOk = activity.id !== undefined && urls.includes(activity.id); + + // technically `activity.url` could be an `ApObject = IObject | + // string | (IObject | string)[]`, but if it's a complicated thing + // and the `activity.id` doesn't match, I think we're fine + // rejecting the activity + const urlOk = typeof(activity.url) === 'string' && urls.includes(activity.url); + + if (!idOk && !urlOk) { + throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${activity?.url}) match location(${urls})`); + } +} diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts index 417351c4ab..16778dd31a 100644 --- a/packages/backend/src/core/activitypub/models/ApPersonService.ts +++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts @@ -127,12 +127,6 @@ export class ApPersonService implements OnModuleInit { this.logger = this.apLoggerService.logger; } - private punyHost(url: string): string { - const urlObj = new URL(url); - const host = `${this.utilityService.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`; - return host; - } - /** * Validate and convert to actor object * @param x Fetched object @@ -140,7 +134,7 @@ export class ApPersonService implements OnModuleInit { */ @bindThis private validateActor(x: IObject, uri: string): IActor { - const expectHost = this.punyHost(uri); + const expectHost = this.utilityService.punyHost(uri); if (!isActor(x)) { throw new Error(`invalid Actor type '${x.type}'`); @@ -154,6 +148,19 @@ export class ApPersonService implements OnModuleInit { throw new Error('invalid Actor: wrong inbox'); } + if (this.utilityService.punyHost(x.inbox) !== expectHost) { + throw new Error('invalid Actor: inbox has different host'); + } + + for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) { + const collectionUri = (x as IActor)[collection]; + if (typeof collectionUri === 'string' && collectionUri.length > 0) { + if (this.utilityService.punyHost(collectionUri) !== expectHost) { + throw new Error(`invalid Actor: ${collection} has different host`); + } + } + } + if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) { throw new Error('invalid Actor: wrong username'); } @@ -177,7 +184,7 @@ export class ApPersonService implements OnModuleInit { x.summary = truncate(x.summary, summaryLength); } - const idHost = this.punyHost(x.id); + const idHost = this.utilityService.punyHost(x.id); if (idHost !== expectHost) { throw new Error('invalid Actor: id has different host'); } @@ -187,7 +194,7 @@ export class ApPersonService implements OnModuleInit { throw new Error('invalid Actor: publicKey.id is not a string'); } - const publicKeyIdHost = this.punyHost(x.publicKey.id); + const publicKeyIdHost = this.utilityService.punyHost(x.publicKey.id); if (publicKeyIdHost !== expectHost) { throw new Error('invalid Actor: publicKey.id has different host'); } @@ -286,7 +293,7 @@ export class ApPersonService implements OnModuleInit { this.logger.info(`Creating the Person: ${person.id}`); - const host = this.punyHost(object.id); + const host = this.utilityService.punyHost(object.id); const fields = this.analyzeAttachments(person.attachment ?? []); diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts index ae6aec3a1c..36f9a69269 100644 --- a/packages/backend/src/server/api/endpoints/ap/show.ts +++ b/packages/backend/src/server/api/endpoints/ap/show.ts @@ -114,10 +114,11 @@ export default class extends Endpoint { // eslint- @bindThis private async fetchAny(uri: string, me: MiLocalUser | null | undefined): Promise | null> { // ブロックしてたら中断 + const host = this.utilityService.extractDbHost(uri); const fetchedMeta = await this.metaService.fetch(); - const dbHost = this.utilityService.extractDbHost(uri); - if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, dbHost)) return null; - if (fetchedMeta.allowlistMode && !this.utilityService.isAllowedHost(fetchedMeta.allowedHosts, dbHost)) return null; + + if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, host)) return null; + if (fetchedMeta.allowlistMode && !this.utilityService.isAllowedHost(fetchedMeta.allowedHosts, host)) return null; let local = await this.mergePack(me, ...await Promise.all([ this.apDbResolverService.getUserFromApId(uri), @@ -125,6 +126,9 @@ export default class extends Endpoint { // eslint- ])); if (local != null) return local; + // local object, not found in db? fail + if (this.utilityService.isSelfHost(host)) return null; + // リモートから一旦オブジェクトフェッチ const resolver = this.apResolverService.createResolver(); const object = await resolver.resolve(uri) as any; diff --git a/packages/frontend/src/account.ts b/packages/frontend/src/account.ts index 171826c9d8..90cc2e51c9 100644 --- a/packages/frontend/src/account.ts +++ b/packages/frontend/src/account.ts @@ -43,6 +43,7 @@ export async function signout() { waiting(); miLocalStorage.removeItem('account'); await removeAccount($i.id); + document.cookie = `token=; path=/; max-age=0${ location.protocol === 'https:' ? '; Secure' : ''}`; const accounts = await getAccounts(); //#region Remove service worker registration @@ -200,7 +201,7 @@ export async function login(token: Account['token'], redirect?: string) { throw reason; }); miLocalStorage.setItem('account', JSON.stringify(me)); - document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う + document.cookie = `token=${token}; path=/; max-age=31536000${ location.protocol === 'https:' ? '; Secure' : ''}`; // bull dashboardの認証とかで使う await addAccount(me.id, token); if (redirect) { diff --git a/packages/frontend/src/boot/main-boot.ts b/packages/frontend/src/boot/main-boot.ts index fbb4baebdc..34612fee73 100644 --- a/packages/frontend/src/boot/main-boot.ts +++ b/packages/frontend/src/boot/main-boot.ts @@ -73,27 +73,31 @@ export async function mainBoot() { mainRouter.push('/search'); }, }; - - if (defaultStore.state.enableSeasonalScreenEffect) { - const month = new Date().getMonth() + 1; - if (defaultStore.state.hemisphere === 'S') { - // ▼南半球 - if (month === 7 || month === 8) { - const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect; - new SnowfallEffect({}).render(); + try { + if (defaultStore.state.enableSeasonalScreenEffect) { + const month = new Date().getMonth() + 1; + if (defaultStore.state.hemisphere === 'S') { + // ▼南半球 + if (month === 7 || month === 8) { + const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect; + new SnowfallEffect({}).render(); + } + } else { + // ▼北半球 + if (month === 12 || month === 1) { + const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect; + new SnowfallEffect({}).render(); + } else if (month === 3 || month === 4) { + const SakuraEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect; + new SakuraEffect({ + sakura: true, + }).render(); + } } - } else { - // ▼北半球 - if (month === 12 || month === 1) { - const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect; - new SnowfallEffect({}).render(); - } else if (month === 3 || month === 4) { - const SakuraEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect; - new SakuraEffect({ - sakura: true, - }).render(); - } - } + } + } catch (error) { + // console.error(error); + console.error('Failed to initialise the seasonal screen effect canvas context:', error); } if ($i) { diff --git a/packages/frontend/src/components/MkCode.core.vue b/packages/frontend/src/components/MkCode.core.vue index f9aaf4eff3..a23b4dc3b2 100644 --- a/packages/frontend/src/components/MkCode.core.vue +++ b/packages/frontend/src/components/MkCode.core.vue @@ -72,12 +72,16 @@ watch(() => props.lang, (to) => {