* add id for activitypub follows
* fix lint
* fix: follower must be local, followee must be remote
Misskey will only use ActivityPub follow requests for users that are local
and are requesting to follow a remote user. This check is to ensure that
this endpoint can not be used by other services or instances.
* fix: missing import
* render block with id
* fix comment
* refactor: parseUri types and checks
The type has been refined to better represent what it actually is. Uses of
parseUri are now also checking the parsed object type before resolving.
* cannot resolve URLs with fragments
* also take remaining part of URL into account
Needed for parsing the follows URIs.
* Resolver uses DbResolver for local
* remove unnecessary use of DbResolver
Using DbResolver would mean that the URL is parsed and handled again.
This duplicated processing can be avoided by querying the database directly.
* fix missing property name
Ensure that the _misskey_content attribute will always exist. Because
the API endpoint does not require the existence of the `text` field,
that field may be `undefined`. By using `?? null` it can be ensured
that the value is at least `null`.
Furthermore, the rendered HTML of a note with empty text will also be
the empty string. From git blame it seems that this behaviour was added
because of a Mastodon bug that might have previously existed. Hoever,
this seems to be no longer the case as I can find mastodon posts that
have empty content.
The code could be made a bit more succinct by using the null coercion
operator.
* add more user details for admins to see
* fix some issues
* small style fix
as suggested by Johann150
Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
* fix
Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
Co-authored-by: Johann150 <johann@qwertqwefsday.eu>
* remove unnecessary if
`Array.prototype.some` already returns a boolean so an if to return
true or false is completely unnecessary in this case.
* perf: use count instead of find
When using `count` instead of `findOneBy`, the data is not
unnecessarily loaded.
* remove duplicate null check
The variable is checked for null in the lines above and the function
returns if so. Therefore, it can not be null at this point.
* simplify `getJsonSchema`
Because the assigned value is `null` and the used keys are only
shallow, use of `nestedProperty.set` seems inappropriate. Because the
value is not read, the initial for loop can be replaced by a `for..in`
loop.
Since all keys will be assigned `null`, the condition of the ternary
expression in the nested function will always be true. Therefore the
recursion case will never happen. With this the nested function can be
eliminated.
* remove duplicate condition
The code above already checks `dragging` and returns if it is truthy.
Checking it again later is therefore unnecessary.
To make this more obvious the `return` is removed in favour of using
an if...else construct.
* remove impossible "unknown" time
The `ago` variable will always be a number and all non-negative numbers
are already covered by other cases, the negative case is handled with
`future` so there is no case when `unkown` could be achieved.
* enhance: rate limit works without signed in user
* fix: make limit key required for limiter
As before the fallback limiter key will be set from the endpoint name.
* enhance: use limiter for signin
* Revert "CAPTCHA求めるのは2fa認証が無効になっているときだけにした"
This reverts commit 02a43a310f.
* Revert "feat: make captcha required when signin to improve security"
This reverts commit b21b058005.
* fix undefined reference
* fix: better error message
* enhance: only handle prefix of IPv6
Misskey does not know if two remote users are following each other.
Because ActivityPub actions would otherwise fail on followers only
notes, we have to assume that two remote users are following each other
when an interaction about a remote note occurs.
* simplify temporary files for thumbnails
Because only a single file will be written to the directory, creating a
separate directory seems unnecessary. If only a temporary file is created,
the code from `createTemp` can be reused here as well.
* refactor: deduplicate code for temporary files/directories
To follow the DRY principle, the same code should not be duplicated
across different files. Instead an already existing function is used.
Because temporary directories are also create in multiple locations,
a function for this is also newly added to reduce duplication.
* fix: clean up identicon temp files
The temporary files for identicons are not reused and can be deleted
after they are fully read. This condition is met when the stream is closed
and so the file can be cleaned up using the events API of the stream.
* fix: ensure cleanup is called when download fails
* fix: ensure cleanup is called in error conditions
This covers import/export queue jobs and is mostly just wrapping all
code in a try...finally statement where the finally runs the cleanup.
* fix: use correct type instead of `any`
* enhance: make theme color format uniform
All newly fetched instance theme colors will be uniformely formatted
as hashtag followed by 6 hexadecimal digits.
Colors are checked for validity and invalid colors are not handled.
* better input validation for own theme color
* migration to unify theme color formats
Fixes theme colors of other instances as well as the local instance.
* add changelog entry
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
The cache implementation did previously not store the results of the
computation and was thus not a cache at all. This can cause a significant
number of database queries each time someone with a large number of
followers does something that causes an activity to be federated.
* chore: remove default null
null is always the default value if a table column is nullable, and typeorm's
@Column only accepts strings for default.
* chore: synchronize code with database schema
* chore: sync generated migrations with code
* fix type definitions for jsrsasign
The @types/jsrsasign is not available in exactly the same version as the jsrsa
package misskey uses, so i used an earlier patch version of the same package.
* update yarn.lock
