From 380d14f4061425fe68b4f7fbdc57cdb37f2d7924 Mon Sep 17 00:00:00 2001 From: shibao Date: Fri, 28 Jan 2022 12:23:18 -0500 Subject: [PATCH 001/217] Add `img-src` and `media-src` to `Content-Security-Policy` header for files and media proxy (#8188) * add img-src and media-src to csp in file and media proxy * add csp changes to changelog * sort and remove trailing semicolon --- CHANGELOG.md | 2 ++ packages/backend/src/server/file/index.ts | 2 +- packages/backend/src/server/proxy/index.ts | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09b5a2ac87..6e1e87d80b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -47,6 +47,8 @@ ### Bugfixes - アップロードエラー時の処理を修正 +- Add `img-src` and `media-src` directives to `Content-Security-Policy` for + files and media proxy ## 12.101.1 (2021/12/29) diff --git a/packages/backend/src/server/file/index.ts b/packages/backend/src/server/file/index.ts index a455acd1cf..6fe6110dc9 100644 --- a/packages/backend/src/server/file/index.ts +++ b/packages/backend/src/server/file/index.ts @@ -18,7 +18,7 @@ const _dirname = dirname(_filename); const app = new Koa(); app.use(cors()); app.use(async (ctx, next) => { - ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`); + ctx.set('Content-Security-Policy', `default-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'`); await next(); }); diff --git a/packages/backend/src/server/proxy/index.ts b/packages/backend/src/server/proxy/index.ts index b8993f19f8..7a3094311c 100644 --- a/packages/backend/src/server/proxy/index.ts +++ b/packages/backend/src/server/proxy/index.ts @@ -11,7 +11,7 @@ import { proxyMedia } from './proxy-media'; const app = new Koa(); app.use(cors()); app.use(async (ctx, next) => { - ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`); + ctx.set('Content-Security-Policy', `default-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'`); await next(); }); From a222e3d054ec1acc6726d16dfad6ec0f71b3695f Mon Sep 17 00:00:00 2001 From: syuilo Date: Sat, 29 Jan 2022 02:24:16 +0900 Subject: [PATCH 002/217] Update CHANGELOG.md --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e1e87d80b..656c33b205 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ - トレンドウィジェットが動作しないのを修正 - リアクション設定で絵文字ピッカーが開かないのを修正 - DMページでメンションが含まれる問題を修正 +- Add `img-src` and `media-src` directives to `Content-Security-Policy` for + files and media proxy ## 12.102.1 (2022/01/27) ### Bugfixes @@ -47,8 +49,6 @@ ### Bugfixes - アップロードエラー時の処理を修正 -- Add `img-src` and `media-src` directives to `Content-Security-Policy` for - files and media proxy ## 12.101.1 (2021/12/29) From f0e720931baba395e089da7a640d901a2024835b Mon Sep 17 00:00:00 2001 From: syuilo Date: Sat, 29 Jan 2022 02:54:56 +0900 Subject: [PATCH 003/217] =?UTF-8?q?fix(client):=20=E6=8A=95=E7=A8=BF?= =?UTF-8?q?=E3=83=95=E3=82=A9=E3=83=BC=E3=83=A0=E3=81=AE=E3=83=8F=E3=83=83?= =?UTF-8?q?=E3=82=B7=E3=83=A5=E3=82=BF=E3=82=B0=E4=BF=9D=E6=8C=81=E3=83=95?= =?UTF-8?q?=E3=82=A3=E3=83=BC=E3=83=AB=E3=83=89=E3=81=8C=E5=8B=95=E4=BD=9C?= =?UTF-8?q?=E3=81=97=E3=81=AA=E3=81=84=E5=95=8F=E9=A1=8C=E3=82=92=E4=BF=AE?= =?UTF-8?q?=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix #8212 --- CHANGELOG.md | 1 + packages/client/src/components/post-form.vue | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 656c33b205..5bb56be2c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ - トレンドウィジェットが動作しないのを修正 - リアクション設定で絵文字ピッカーが開かないのを修正 - DMページでメンションが含まれる問題を修正 +- 投稿フォームのハッシュタグ保持フィールドが動作しない問題を修正 - Add `img-src` and `media-src` directives to `Content-Security-Policy` for files and media proxy diff --git a/packages/client/src/components/post-form.vue b/packages/client/src/components/post-form.vue index 8c5027f8e7..6db4d926da 100644 --- a/packages/client/src/components/post-form.vue +++ b/packages/client/src/components/post-form.vue @@ -540,8 +540,8 @@ async function post() { }; if (withHashtags && hashtags && hashtags.trim() !== '') { - const hashtags = hashtags.trim().split(' ').map(x => x.startsWith('#') ? x : '#' + x).join(' '); - data.text = data.text ? `${data.text} ${hashtags}` : hashtags; + const hashtags_ = hashtags.trim().split(' ').map(x => x.startsWith('#') ? x : '#' + x).join(' '); + data.text = data.text ? `${data.text} ${hashtags_}` : hashtags_; } // plugin @@ -565,9 +565,9 @@ async function post() { deleteDraft(); emit('posted'); if (data.text && data.text != '') { - const hashtags = mfm.parse(data.text).filter(x => x.type === 'hashtag').map(x => x.props.hashtag); + const hashtags_ = mfm.parse(data.text).filter(x => x.type === 'hashtag').map(x => x.props.hashtag); const history = JSON.parse(localStorage.getItem('hashtags') || '[]') as string[]; - localStorage.setItem('hashtags', JSON.stringify(unique(hashtags.concat(history)))); + localStorage.setItem('hashtags', JSON.stringify(unique(hashtags_.concat(history)))); } posting = false; postAccount = null; From 6eeb7a92b8167a26eb6948c9ce11deee9b03590f Mon Sep 17 00:00:00 2001 From: syuilo Date: Sat, 29 Jan 2022 02:57:10 +0900 Subject: [PATCH 004/217] add todo --- cypress/integration/basic.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cypress/integration/basic.js b/cypress/integration/basic.js index aca44ef15d..7d27b649f4 100644 --- a/cypress/integration/basic.js +++ b/cypress/integration/basic.js @@ -176,3 +176,7 @@ describe('After user singed in', () => { cy.contains('Hello, Misskey!'); }); }); + +// TODO: 投稿フォームの公開範囲指定のテスト +// TODO: 投稿フォームのファイル添付のテスト +// TODO: 投稿フォームのハッシュタグ保持フィールドのテスト From 149edaecab3d160a1f480160caee055e2aff28bf Mon Sep 17 00:00:00 2001 From: syuilo Date: Sat, 29 Jan 2022 03:03:23 +0900 Subject: [PATCH 005/217] refactor(client): use setup sugar --- packages/client/src/components/ui/tooltip.vue | 125 ++++++++---------- 1 file changed, 54 insertions(+), 71 deletions(-) diff --git a/packages/client/src/components/ui/tooltip.vue b/packages/client/src/components/ui/tooltip.vue index 394b068352..e2721ed69a 100644 --- a/packages/client/src/components/ui/tooltip.vue +++ b/packages/client/src/components/ui/tooltip.vue @@ -1,99 +1,82 @@ - diff --git a/packages/client/src/components/chart.vue b/packages/client/src/components/chart.vue index d17c0c9f3e..3e46c51b47 100644 --- a/packages/client/src/components/chart.vue +++ b/packages/client/src/components/chart.vue @@ -8,7 +8,7 @@ diff --git a/packages/client/src/components/reactions-viewer.details.vue b/packages/client/src/components/reactions-viewer.details.vue index 8cec8dfa2f..eb889c4888 100644 --- a/packages/client/src/components/reactions-viewer.details.vue +++ b/packages/client/src/components/reactions-viewer.details.vue @@ -1,5 +1,5 @@ - From 5d37b7a2ba0b4f969dce155269f460bd2b5d6216 Mon Sep 17 00:00:00 2001 From: Kainoa Kanter <44733677+ThatOneCalculator@users.noreply.github.com> Date: Wed, 2 Mar 2022 08:19:17 -0800 Subject: [PATCH 215/217] Add me as patron (#8369) --- packages/client/src/pages/about-misskey.vue | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/client/src/pages/about-misskey.vue b/packages/client/src/pages/about-misskey.vue index 0ffb6b9e1d..ff04ed84f2 100644 --- a/packages/client/src/pages/about-misskey.vue +++ b/packages/client/src/pages/about-misskey.vue @@ -149,6 +149,7 @@ const patrons = [ 'oss', 'Weeble', '蝉暮せせせ', + 'ThatOneCalculator', ]; let easterEggReady = false; From 5c5be7f15e9411750f02393bbba37dde1c7c8d99 Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 4 Mar 2022 00:06:17 +0900 Subject: [PATCH 216/217] fix esm --- packages/backend/src/server/web/manifest.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/backend/src/server/web/manifest.ts b/packages/backend/src/server/web/manifest.ts index c2f29d5238..bcbf9b76a7 100644 --- a/packages/backend/src/server/web/manifest.ts +++ b/packages/backend/src/server/web/manifest.ts @@ -1,5 +1,5 @@ import Koa from 'koa'; -import * as manifest from './manifest.json' assert { type: 'json' }; +import manifest from './manifest.json' assert { type: 'json' }; import { fetchMeta } from '@/misc/fetch-meta.js'; export const manifestHandler = async (ctx: Koa.Context) => { From b67f1287c6d96757161dece7a4045ad3070f9d98 Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 4 Mar 2022 15:32:50 +0900 Subject: [PATCH 217/217] fix federation chart pubsub --- packages/backend/src/services/chart/charts/federation.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/backend/src/services/chart/charts/federation.ts b/packages/backend/src/services/chart/charts/federation.ts index 13aa6c584e..4fbd297dbf 100644 --- a/packages/backend/src/services/chart/charts/federation.ts +++ b/packages/backend/src/services/chart/charts/federation.ts @@ -35,7 +35,7 @@ export default class FederationChart extends Chart { Followings.createQueryBuilder('following') .select('COUNT(DISTINCT following.followeeHost)') .where('following.followeeHost IS NOT NULL') - .andWhere(`following.followerHost IN (${ pubsubSubQuery.getQuery() })`) + .andWhere(`following.followeeHost IN (${ pubsubSubQuery.getQuery() })`) .setParameters(pubsubSubQuery.getParameters()) .getRawOne() .then(x => parseInt(x.count, 10)),