Merge 40756dcb40 into 763c708253

* アカウント削除のモデレーションログが動作していないのを修正

* update CHANGELOG

.config/docker_example.yml

@@ -172,12 +172,12 @@ id: 'aidx'
 #clusterLimit: 1
 
 # Job concurrency per worker
-# deliverJobConcurrency: 128
-# inboxJobConcurrency: 16
+# deliverJobConcurrency: 16
+# inboxJobConcurrency: 4
 
 # Job rate limiter
 # deliverJobPerSec: 128
-# inboxJobPerSec: 32
+# inboxJobPerSec: 64
 
 # Job attempts
 # deliverJobMaxAttempts: 12

.config/example.yml

@@ -254,15 +254,15 @@ id: 'aidx'
 #clusterLimit: 1
 
 # Job concurrency per worker
-#deliverJobConcurrency: 128
-#inboxJobConcurrency: 16
+#deliverJobConcurrency: 16
+#inboxJobConcurrency: 4
 #relationshipJobConcurrency: 16
 # What's relationshipJob?:
 #  Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations.
 
 # Job rate limiter
-#deliverJobPerSec: 128
-#inboxJobPerSec: 32
+#deliverJobPerSec: 1024
+#inboxJobPerSec: 64
 #relationshipJobPerSec: 64
 
 # Job attempts

.devcontainer/devcontainer.yml

@@ -165,12 +165,12 @@ id: 'aidx'
 #clusterLimit: 1
 
 # Job concurrency per worker
-# deliverJobConcurrency: 128
-# inboxJobConcurrency: 16
+# deliverJobConcurrency: 16
+# inboxJobConcurrency: 4
 
 # Job rate limiter
-# deliverJobPerSec: 128
-# inboxJobPerSec: 32
+# deliverJobPerSec: 1024
+# inboxJobPerSec: 64
 
 # Job attempts
 # deliverJobMaxAttempts: 12

.github/workflows/test-backend.yml

@@ -61,7 +61,7 @@ jobs:
     - name: Test
       run: pnpm --filter backend test-and-coverage
     - name: Upload to Codecov
-      uses: codecov/codecov-action@v4
+      uses: codecov/codecov-action@v5
       with:
         token: ${{ secrets.CODECOV_TOKEN }}
         files: ./packages/backend/coverage/coverage-final.json
@@ -108,7 +108,7 @@ jobs:
       - name: Test
         run: pnpm --filter backend test-and-coverage:e2e
       - name: Upload to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: ./packages/backend/coverage/coverage-final.json

.github/workflows/test-frontend.yml

@@ -50,7 +50,7 @@ jobs:
     - name: Test
       run: pnpm --filter frontend test-and-coverage
     - name: Upload Coverage
-      uses: codecov/codecov-action@v4
+      uses: codecov/codecov-action@v5
       with:
         token: ${{ secrets.CODECOV_TOKEN }}
         files: ./packages/frontend/coverage/coverage-final.json

.github/workflows/test-misskey-js.yml

@@ -51,7 +51,7 @@ jobs:
           CI: true
 
       - name: Upload Coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: ./packages/misskey-js/coverage/coverage-final.json

.gitignore

@@ -68,6 +68,8 @@ misskey-assets
 # Vite temporary files
 vite.config.js.timestamp-*
 vite.config.ts.timestamp-*
+vite.config.local-dev.js.timestamp-*
+vite.config.local-dev.ts.timestamp-*
 
 # blender backups
 *.blend1

CHANGELOG.md

@@ -1,11 +1,14 @@
 ## 2024.11.0
 
 ### Note
+- Node.js 20.xは非推奨になりました。Node.js 22.x (LTS)の利用を推奨します。
+  - なお、Node.js 23.xは対応していません。
 - DockerのNode.jsが22.11.0に更新されました
 
 ### General
 - Feat: コンテンツの表示にログインを必須にできるように
 - Feat: 過去のノートを非公開化/フォロワーのみ表示可能にできるように
+- Fix: お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 ( #14976 )
 - Enhance: 依存関係の更新
 - Enhance: l10nの更新
 
@@ -23,6 +26,10 @@
 - Enhance: カタルーニャ語 (ca-ES) に対応
 - Enhance: 個別お知らせページではMetaタグを出力するように
 - Enhance: ノート詳細画面にロールのバッジを表示
+- Enhance: 過去に送信したフォローリクエストを確認できるように  
+  (Based on https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/663)
+- Enhance: サイドバーを簡単に展開・折りたたみできるように ( #14981 )
+- Enhance: リノートメニューに「リノートの詳細」を追加
 - Fix: 通知の範囲指定の設定項目が必要ない通知設定でも範囲指定の設定がでている問題を修正
 - Fix: Turnstileが失敗・期限切れした際にも成功扱いとなってしまう問題を修正  
   (Cherry-picked from https://github.com/MisskeyIO/misskey/pull/768)
@@ -32,6 +39,10 @@
 = Fix: ノート投稿ボタンにホバー時のスタイルが適用されていないのを修正  
   (Cherry-picked from https://github.com/taiyme/misskey/pull/305)
 - Fix: メールアドレス登録有効化時の「完了」ダイアログボックスの表示条件を修正
+- Fix: 画面幅が狭い環境でデザインが崩れる問題を修正  
+	(Cherry-picked from https://github.com/MisskeyIO/misskey/pull/815)
+- Fix: TypeScriptの型チェック対象ファイルを限定してビルドを高速化するように  
+	(Cherry-picked from https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/725)
 
 ### Server
 - Enhance: DockerのNode.jsを22.11.0に更新
@@ -39,6 +50,8 @@
   (Based on https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/588)  
   (Cherry-picked from https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/715)
 - Enhance: リモートユーザーの照会をオリジナルにリダイレクトするように
+- Fix: sharedInboxが無いActorに紐づくリモートユーザーを照会できない
+- Fix: Aproving request from GtS appears with some delay
 - Fix: フォロワーへのメッセージの絵文字をemojisに含めるように
 - Fix: Nested proxy requestsを検出した際にブロックするように
   [ghsa-gq5q-c77c-v236](https://github.com/misskey-dev/misskey/security/advisories/ghsa-gq5q-c77c-v236)
@@ -51,6 +64,7 @@
 - Fix: FTT無効時にユーザーリストタイムラインが使用できない問題を修正  
   (Cherry-picked from https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/709)
 - Fix: User Webhookテスト機能のMock Payloadを修正  
+- Fix: アカウント削除のモデレーションログが動作していないのを修正 (#14996)  
 
 ### Misskey.js
 - Fix: Stream初期化時、別途WebSocketを指定する場合の型定義を修正

CONTRIBUTING.md

@@ -101,6 +101,22 @@ Be willing to comment on the good points and not just the things you want fixed
 	- Are there any omissions or gaps?
 	- Does it check for anomalies?
 
+## Security Advisory
+### For reporter
+Thank you for your reporting!
+
+If you can also create a patch to fix the vulnerability, please create a PR on the private fork.
+
+> [!note]
+> There is a GitHub bug that prevents merging if a PR not following the develop branch of upstream, so please keep follow the develop branch.
+
+### For misskey-dev member
+修正PRがdevelopに追従されていないとマージできないので、マージできなかったら
+
+> Could you merge or rebase onto upstream develop branch?
+
+などと伝える。
+
 ## Deploy
 The `/deploy` command by issue comment can be used to deploy the contents of a PR to the preview environment.
 ```
@@ -245,7 +261,7 @@ See [`/packages/backend/test-federation/README.md`](/packages/backend/test-feder
 ## Environment Variable
 
 - `MISSKEY_CONFIG_YML`: Specify the file path of config.yml instead of default.yml (e.g. `2nd.yml`).
-- `MISSKEY_WEBFINGER_USE_HTTP`: If it's set true, WebFinger requests will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION.
+- `MISSKEY_USE_HTTP`: If it's set true, federation requests (like nodeinfo and webfinger) will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION. (was `MISSKEY_WEBFINGER_USE_HTTP`)
 
 ## Continuous integration
 Misskey uses GitHub Actions for executing automated tests.

SECURITY.md

@@ -6,3 +6,10 @@ This will allow us to assess the risk, and make a fix available before we add a
 bug report to the GitHub repository.
 
 Thanks for helping make Misskey safe for everyone.
+
+## When create a patch
+
+If you can also create a patch to fix the vulnerability, please create a PR on the private fork.
+
+> [!note]
+> There is a GitHub bug that prevents merging if a PR not following the develop branch of upstream, so please keep follow the develop branch.

chart/files/default.yml

@@ -186,12 +186,12 @@ id: "aidx"
 #clusterLimit: 1
 
 # Job concurrency per worker
-# deliverJobConcurrency: 128
-# inboxJobConcurrency: 16
+# deliverJobConcurrency: 16
+# inboxJobConcurrency: 4
 
 # Job rate limiter
-# deliverJobPerSec: 128
-# inboxJobPerSec: 32
+# deliverJobPerSec: 1024
+# inboxJobPerSec: 64
 
 # Job attempts
 # deliverJobMaxAttempts: 12

locales/ar-SA.yml

@@ -343,7 +343,6 @@ enableLocalTimeline: "تفعيل الخيط المحلي"
 enableGlobalTimeline: "تفعيل الخيط الزمني الشامل"
 disablingTimelinesInfo: "سيتمكن المديرون والمشرفون من الوصول إلى كل الخيوط الزمنية حتى وإن لم تفعّل."
 registration: "إنشاء حساب"
-enableRegistration: "تفعيل إنشاء الحسابات الجديدة"
 invite: "دعوة"
 driveCapacityPerLocalAccount: "حصة التخزين لكل مستخدم محلي"
 driveCapacityPerRemoteAccount: "حصة التخزين لكل مستخدم بعيد"

locales/bn-BD.yml

@@ -339,7 +339,6 @@ enableLocalTimeline: "স্থানীয় টাইমলাইন চাল
 enableGlobalTimeline: "গ্লোবাল টাইমলাইন চালু করুন"
 disablingTimelinesInfo: "আপনি এই টাইমলাইনগুলি বন্ধ করলেও প্রশাসক এবং মডারেটররা এই টাইমলাইনগুলি ব্যাবহার করতে পারবে"
 registration: "নিবন্ধন"
-enableRegistration: "নতুন ব্যাবহারকারী নিবন্ধন চালু করুন"
 invite: "আমন্ত্রণ"
 driveCapacityPerLocalAccount: "প্রত্যেক স্থানীয় ব্যাবহারকারীর জন্য ড্রাইভের জায়গা"
 driveCapacityPerRemoteAccount: "প্রত্যেক রিমোট ব্যাবহারকারীর জন্য ড্রাইভের জায়গা"

locales/ca-ES.yml

@@ -8,37 +8,37 @@ search: "Cercar"
 notifications: "Notificacions"
 username: "Nom d'usuari"
 password: "Contrasenya"
-initialPasswordForSetup: "Contrasenya inicial per la configuració inicial"
+initialPasswordForSetup: "Contrasenya inicial per fer la primera configuració "
 initialPasswordIsIncorrect: "La contrasenya no és correcta."
 initialPasswordForSetupDescription: "Fes servir la contrasenya que has fet servir al fitxer de configuració, si tu mateix has instal·lat Misskey.\nSi fas servir una empresa d'allotjament de Misskey, fes servir la contrasenya que t'han donat.\nSi no has posat cap contrasenya deixar l'espai en blanc."
-forgotPassword: "Contrasenya oblidada"
-fetchingAsApObject: "Cercant en el Fediverse..."
+forgotPassword: "Restableix la contrasenya "
+fetchingAsApObject: "Cercant al Fediverse..."
 ok: "OK"
-gotIt: "Ho he entès!"
+gotIt: "D'acord "
 cancel: "Cancel·lar"
 noThankYou: "No, gràcies"
 enterUsername: "Introdueix el teu nom d'usuari"
 renotedBy: "Impulsat per {user}"
 noNotes: "Cap nota"
 noNotifications: "Cap notificació"
-instance: "Servidor"
+instance: "Instància "
 settings: "Preferències"
-notificationSettings: "Paràmetres de notificacions"
+notificationSettings: "Configurar les notificacions"
 basicSettings: "Configuració bàsica"
-otherSettings: "Configuració avançada"
-openInWindow: "Obrir en una nova finestra"
+otherSettings: "Altres configuracions"
+openInWindow: "Obrir en una finestra nova"
 profile: "Perfil"
 timeline: "Línia de temps"
 noAccountDescription: "Aquest usuari encara no ha escrit la seva biografia."
 login: "Iniciar sessió"
-loggingIn: "Identificant-se"
+loggingIn: "Iniciar la sessió "
 logout: "Tancar la sessió"
 signup: "Registrar-se"
 uploading: "Pujant..."
 save: "Desa"
 users: "Usuaris"
 addUser: "Afegir un usuari"
-favorite: "Afegir a preferits"
+favorite: "Afegeix als preferits"
 favorites: "Favorits"
 unfavorite: "Eliminar dels preferits"
 favorited: "Afegit als preferits."
@@ -50,26 +50,26 @@ copyContent: "Copiar el contingut"
 copyLink: "Copiar l'enllaç"
 copyLinkRenote: "Copiar l'enllaç de la renota"
 delete: "Elimina"
-deleteAndEdit: "Elimina i edita"
+deleteAndEdit: "Eliminar i editar"
 deleteAndEditConfirm: "Segur que vols eliminar aquesta publicació i editar-la? Perdràs totes les reaccions, impulsos i respostes."
 addToList: "Afegir a una llista"
-addToAntenna: "Afegir a l'antena"
+addToAntenna: "Afegir a una antena"
 sendMessage: "Enviar un missatge"
 copyRSS: "Copiar RSS"
 copyUsername: "Copiar nom d'usuari"
 copyUserId: "Copiar ID d'usuari"
-copyNoteId: "Copiar ID de nota"
-copyFileId: "Copiar ID d'arxiu"
-copyFolderId: "Copiar ID de carpeta"
-copyProfileUrl: "Copiar URL del perfil"
+copyNoteId: "Copiar ID de la nota"
+copyFileId: "Copiar ID de l'arxiu"
+copyFolderId: "Copiar ID de la carpeta"
+copyProfileUrl: "Copiar adreça URL del perfil"
 searchUser: "Cercar un usuari"
-searchThisUsersNotes: "Cerca les publicacions de l'usuari"
-reply: "Respondre"
+searchThisUsersNotes: "Cercar les publicacions de l'usuari"
+reply: "Respon"
 loadMore: "Carregar més"
 showMore: "Veure més"
-showLess: "Mostra menys"
+showLess: "Mostrar menys"
 youGotNewFollower: "t'ha seguit"
-receiveFollowRequest: "Sol·licitud de seguiment rebuda"
+receiveFollowRequest: "Has rebut una sol·licitud de seguiment"
 followRequestAccepted: "Sol·licitud de seguiment acceptada"
 mention: "Menció"
 mentions: "Mencions"
@@ -78,25 +78,25 @@ importAndExport: "Importar / Exportar"
 import: "Importar"
 export: "Exporta"
 files: "Fitxers"
-download: "Baixar"
-driveFileDeleteConfirm: "Estàs segur que vols suprimir el fitxer \"{name}\"? Les notes associades a aquest fitxer adjunt també se suprimiran."
-unfollowConfirm: "Estàs segur que vols deixar de seguir {name}?"
-exportRequested: "Has sol·licitat una exportació. Això pot trigar una estona. S'afegirà a la teva unitat un cop completat."
-importRequested: "Has sol·licitat una importació. Això pot trigar una estona."
+download: "Descarregar"
+driveFileDeleteConfirm: "Estàs segur que vols suprimir el fitxer \"{name}\"? Les notes associades a aquest fitxer també seran esborrades."
+unfollowConfirm: "Segur que vols deixar de seguir a {name}?"
+exportRequested: "Has sol·licitat una exportació de dades. Això pot trigar una estona. S'afegirà a la teva unitat de disc un cop estigui completada."
+importRequested: "Has sol·licitat una importació de dades. Això pot trigar una estona."
 lists: "Llistes"
 noLists: "No tens cap llista"
 note: "Nota"
 notes: "Notes"
-following: "Seguint"
+following: "Segueixes "
 followers: "Seguidors"
 followsYou: "Et segueix"
 createList: "Crear llista"
 manageLists: "Gestionar les llistes"
 error: "Error"
 somethingHappened: "S'ha produït un error"
-retry: "Torna-ho a intentar"
+retry: "Torna-ho a provar"
 pageLoadError: "S'ha produït un error en carregar la pàgina"
-pageLoadErrorDescription: "Això normalment es deu a errors de xarxa o a la memòria cau del navegador. Prova d'esborrar la memòria cau i torna-ho a provar després d'esperar una estona."
+pageLoadErrorDescription: "Això normalment és a causa d'errors a la xarxa o a la memòria cau del navegador. Prova d'esborrar la memòria cau i torna-ho a provar després d'esperar un temps."
 serverIsDead: "Aquest servidor no respon. Espera una estona i torna-ho a provar."
 youShouldUpgradeClient: "Per veure aquesta pàgina, actualitzeu-la per actualitzar el vostre client."
 enterListName: "Introdueix un nom per a la llista"
@@ -104,52 +104,52 @@ privacy: "Privadesa"
 makeFollowManuallyApprove: "Les sol·licituds de seguiment requereixen aprovació"
 defaultNoteVisibility: "Visibilitat per defecte"
 follow: "Seguint"
-followRequest: "Enviar la sol·licitud de seguiment"
+followRequest: "Enviar sol·licitud de seguiment"
 followRequests: "Sol·licituds de seguiment"
 unfollow: "Deixar de seguir"
 followRequestPending: "Sol·licituds de seguiment pendents"
 enterEmoji: "Introduir un emoji"
-renote: "Impulsa"
+renote: "Impulsar "
 unrenote: "Anul·la l'impuls"
 renoted: "S'ha impulsat"
 renotedToX: "Impulsat per {name}."
 cantRenote: "No es pot impulsar aquesta publicació"
-cantReRenote: "No es pot impulsar l'impuls."
+cantReRenote: "No es pot impulsar un impuls."
 quote: "Cita"
-inChannelRenote: "Renotar només al Canal"
-inChannelQuote: "Citar només al Canal"
-renoteToChannel: "Impulsa a un canal"
-renoteToOtherChannel: "Impulsa a un altre canal"
+inChannelRenote: "Impulsar només a un canal"
+inChannelQuote: "Citar només a un canal"
+renoteToChannel: "Impulsar a un canal"
+renoteToOtherChannel: "Impulsar a un altre canal"
 pinnedNote: "Nota fixada"
 pinned: "Fixar al perfil"
 you: "Tu"
 clickToShow: "Fes clic per mostrar"
-sensitive: "NSFW"
+sensitive: "Sensible"
 add: "Afegir"
-reaction: "Reaccions"
+reaction: "Reacció "
 reactions: "Reaccions"
-emojiPicker: "Selecció d'emojis"
-pinnedEmojisForReactionSettingDescription: "Selecciona l'emoji amb el qual reaccionar"
-pinnedEmojisSettingDescription: "Selecciona l'emoji amb el qual reaccionar"
-emojiPickerDisplay: "Visualitza el selector d'emojis"
+emojiPicker: "Selector d'emojis"
+pinnedEmojisForReactionSettingDescription: "Selecciona l'emoji amb qui vols reaccionar"
+pinnedEmojisSettingDescription: "Selecciona quins emojis vols deixar fixats i es mostrin en obrir el selector d'emojis"
+emojiPickerDisplay: "Mostrar el selector d'emojis"
 overwriteFromPinnedEmojisForReaction: "Reemplaça els emojis de la reacció"
-overwriteFromPinnedEmojis: "Sobreescriu des dels emojis fixats"
+overwriteFromPinnedEmojis: "Sobreescriu els emojis fixats al panel de reaccions"
 reactionSettingDescription2: "Arrossega per reordenar, fes clic per suprimir, prem \"+\" per afegir."
 rememberNoteVisibility: "Recorda la configuració de visibilitat de les notes"
 attachCancel: "Eliminar el fitxer adjunt"
 deleteFile: "Esborrar l'arxiu "
-markAsSensitive: "Marcar com a NSFW"
+markAsSensitive: "Marcar com a sensible"
 unmarkAsSensitive: "Deixar de marcar com a sensible"
 enterFileName: "Defineix nom del fitxer"
 mute: "Silencia"
 unmute: "Deixa de silenciar"
-renoteMute: "Silenciar Renotes"
-renoteUnmute: "Treure el silenci de les renotes"
+renoteMute: "Silenciar impulsos"
+renoteUnmute: "Treure el silenci dels impulsos"
 block: "Bloqueja"
 unblock: "Desbloqueja"
 suspend: "Suspèn"
 unsuspend: "Deixa de suspendre"
-blockConfirm: "Vols bloquejar?"
+blockConfirm: "Vols bloquejar-lo?"
 unblockConfirm: "Vols desbloquejar-lo?"
 suspendConfirm: "Estàs segur que vols suspendre aquest compte?"
 unsuspendConfirm: "Estàs segur que vols treure la suspensió d'aquest compte?"
@@ -175,11 +175,11 @@ youCanCleanRemoteFilesCache: "Pots netejar la memòria cau fent clic al botó de
 cacheRemoteSensitiveFiles: "Posar a la memòria cau arxius remots sensibles"
 cacheRemoteSensitiveFilesDescription: "Quan aquesta opció és desactiva, els arxius remots sensibles es carregant directament del servidor d'origen sense que es guardin a la memòria cau."
 flagAsBot: "Marca aquest compte com a bot"
-flagAsBotDescription: "Marca aquest compte com a bot"
+flagAsBotDescription: "Activa aquesta opció si el compte el controla un programa. Si s'activa, actuarà com un senyal per altres desenvolupadors per prevenir cadenes d'interacció sense fi i ajustar els paràmetres interns de Misskey pe tractar el compte com un bot."
 flagAsCat: "Marca aquest compte com a gat"
 flagAsCatDescription: "Activeu aquesta opció per marcar aquest compte com a gat."
 flagShowTimelineReplies: "Mostra les respostes a la línia de temps"
-flagShowTimelineRepliesDescription: "Mostra les respostes a la línia de temps"
+flagShowTimelineRepliesDescription: "Mostra les respostes dels usuaris a les notes d'altres usuaris a la línia de temps."
 autoAcceptFollowed: "Aprova automàticament les sol·licituds de seguiment dels usuaris que segueixes"
 addAccount: "Afegeix un compte"
 reloadAccountsList: "Recarregar la llista de contactes"
@@ -204,7 +204,7 @@ selectUser: "Selecciona usuari/a"
 recipient: "Destinatari"
 annotation: "Comentaris"
 federation: "Federació"
-instances: "Servidors"
+instances: "Instàncies "
 registeredAt: "Registrat a"
 latestRequestReceivedAt: "Última petició rebuda"
 latestStatus: "Últim estat"
@@ -213,7 +213,7 @@ charts: "Gràfics"
 perHour: "Per hora"
 perDay: "Per dia"
 stopActivityDelivery: "Deixa d'enviar activitats"
-blockThisInstance: "Deixa d'enviar activitats"
+blockThisInstance: "Bloca aquesta instància "
 silenceThisInstance: "Silencia aquesta instància "
 mediaSilenceThisInstance: "Silenciar els arxius d'aquesta instància "
 operations: "Accions"
@@ -228,7 +228,7 @@ network: "Xarxa"
 disk: "Disc"
 instanceInfo: "Informació del fitxer d'instal·lació"
 statistics: "Estadístiques"
-clearQueue: "Esborrar la cua"
+clearQueue: "Esborra la cua de feina"
 clearQueueConfirmTitle: "Esteu segur que voleu esborrar la cua?"
 clearQueueConfirmText: "Les notes no lliurades que quedin a la cua no es federaran. Normalment aquesta operació no és necessària."
 clearCachedFiles: "Esborra la memòria cau"
@@ -254,7 +254,7 @@ processing: "S'està processant..."
 preview: "Vista prèvia"
 default: "Per defecte"
 defaultValueIs: "Per defecte: {value}"
-noCustomEmojis: "Cap emoji personalitzat"
+noCustomEmojis: "No hi ha emojis personalitzats"
 noJobs: "No hi ha feines"
 federating: "Federant"
 blocked: "Bloquejat"
@@ -268,11 +268,11 @@ instanceFollowers: "Seguidors del servidor"
 instanceUsers: "Usuaris del servidor"
 changePassword: "Canvia la contrasenya"
 security: "Seguretat"
-retypedNotMatch: "L'entrada no coincideix"
+retypedNotMatch: "Les entrades no coincideix"
 currentPassword: "Contrasenya actual"
 newPassword: "Contrasenya nova"
-newPasswordRetype: "Contrasenya nou (repeteix-la)"
-attachFile: "Adjunta fitxers"
+newPasswordRetype: "Contrasenya nova (repeteix-la)"
+attachFile: "Afegeix un arxiu"
 more: "Més"
 featured: "Destacat"
 usernameOrUserId: "Nom o ID d'usuari"
@@ -282,25 +282,25 @@ announcements: "Anuncis"
 imageUrl: "URL de la imatge"
 remove: "Eliminar"
 removed: "Eliminat"
-removeAreYouSure: "Segur que voleu retirar «{x}»?"
-deleteAreYouSure: "Segur que voleu retirar «{x}»?"
-resetAreYouSure: "Segur que voleu restablir-ho?"
-areYouSure: "Està segur?"
+removeAreYouSure: "Segur que vols esborrar «{x}»?"
+deleteAreYouSure: "Segur que vols esborrar «{x}»?"
+resetAreYouSure: "Segur que vols restablir-ho?"
+areYouSure: "Estàs segur?"
 saved: "S'ha desat"
 messaging: "Xat"
 upload: "Puja"
 keepOriginalUploading: "Guarda la imatge original"
-keepOriginalUploadingDescription: "Guarda la imatge pujada com hi és. Si està apagat, una versió per a la visualització a la xarxa serà generada quan sigui pujada."
-fromDrive: "Des de la unitat"
+keepOriginalUploadingDescription: "Guarda la imatge pujada sense modificar. Si està desactivat, es generarà una versió per visualitzar a la web en pujar la imatge."
+fromDrive: "Des del Disc"
 fromUrl: "Des d'un enllaç"
 uploadFromUrl: "Carrega des d'un enllaç"
 uploadFromUrlDescription: "Enllaç del fitxer que vols carregar"
 uploadFromUrlRequested: "Càrrega sol·licitada"
-uploadFromUrlMayTakeTime: "La càrrega des de l'enllaç pot prendre un temps"
+uploadFromUrlMayTakeTime: "La càrrega des de l'enllaç pot trigar un temps"
 explore: "Explora"
 messageRead: "Vist"
-noMoreHistory: "No hi resta més per veure"
-startMessaging: "Començar a xatejar"
+noMoreHistory: "No hi ha res més per veure"
+startMessaging: "Comença a xatejar"
 nUsersRead: "Vist per {n}"
 agreeTo: "Accepto que {0}"
 agree: "Hi estic d'acord"
@@ -312,7 +312,7 @@ home: "Inici"
 remoteUserCaution: "Ja que aquest usuari resideix a una instància remota, la informació mostrada es podria trobar incompleta."
 activity: "Activitat"
 images: "Imatges"
-image: "Imatges"
+image: "Imatge"
 birthday: "Aniversari"
 yearsOld: "{age} anys"
 registeredDate: "Data de registre"
@@ -327,10 +327,10 @@ darkThemes: "Temes foscos"
 syncDeviceDarkMode: "Sincronitza el mode fosc amb la configuració del dispositiu"
 drive: "Unitat"
 fileName: "Nom del Fitxer"
-selectFile: "Selecciona fitxers"
+selectFile: "Selecciona un fitxer"
 selectFiles: "Selecciona fitxers"
 selectFolder: "Selecció de carpeta"
-selectFolders: "Selecció de carpeta"
+selectFolders: "Selecció de carpetes"
 fileNotSelected: "Cap fitxer seleccionat"
 renameFile: "Canvia el nom del fitxer"
 folderName: "Nom de la carpeta"
@@ -359,9 +359,9 @@ reload: "Actualitza"
 doNothing: "Ignora"
 reloadConfirm: "Vols recarregar?"
 watch: "Veure"
-unwatch: "Deixar de veure"
+unwatch: "Deixa de veure"
 accept: "Acceptar"
-reject: "Denegar"
+reject: "Denega"
 normal: "Normal"
 instanceName: "Nom del servidor"
 instanceDescription: "Descripció del servidor"
@@ -382,7 +382,6 @@ enableLocalTimeline: "Activa la línia de temps local"
 enableGlobalTimeline: "Activa la línia de temps global"
 disablingTimelinesInfo: "Fins i tot si aquestes línies de temps són desactivades, els administradors i els moderadors poden continuar visualitzant per conveniència."
 registration: "Registre"
-enableRegistration: "Permet els registres d'usuaris"
 invite: "Convida"
 driveCapacityPerLocalAccount: "Capacitat del disc per usuaris locals"
 driveCapacityPerRemoteAccount: "Capacitat del disc per usuaris remots"
@@ -393,20 +392,20 @@ basicInfo: "Informació bàsica"
 pinnedUsers: "Usuaris fixats"
 pinnedUsersDescription: "Llista d'usuaris, separats per salts de línia, que seran fixats a la pestanya \"Explorar\"."
 pinnedPages: "Pàgines fixades"
-pinnedPagesDescription: "Escriu els camins de les pàgines que vols fixar a la pàgina d'inici d'aquesta instància. Separades per salts de línia."
+pinnedPagesDescription: "Escriu les adreces de les pàgines que vols fixar a la pàgina d'inici d'aquesta instància. Separades per salts de línia."
 pinnedClipId: "ID del retall fixat"
 pinnedNotes: "Nota fixada"
 hcaptcha: "hCaptcha"
-enableHcaptcha: "Activar hCaptcha"
+enableHcaptcha: "Activa hCaptcha"
 hcaptchaSiteKey: "Clau del lloc"
 hcaptchaSecretKey: "Clau secreta"
 mcaptcha: "mCaptcha"
-enableMcaptcha: "Activar mCaptcha"
+enableMcaptcha: "Activa mCaptcha"
 mcaptchaSiteKey: "Clau del lloc"
 mcaptchaSecretKey: "Clau secreta"
 mcaptchaInstanceUrl: "Adreça URL del servidor mCaptcha"
 recaptcha: "reCAPTCHA"
-enableRecaptcha: "Activar reCAPTCHA"
+enableRecaptcha: "Activa reCAPTCHA"
 recaptchaSiteKey: "Clau del lloc"
 recaptchaSecretKey: "Clau secreta"
 turnstile: "Turnstile"
@@ -448,14 +447,14 @@ aboutMisskey: "Quant a Misskey"
 administrator: "Administrador/a"
 token: "Codi de verificació"
 2fa: "Autenticació de doble factor"
-setupOf2fa: "Configurar l'autenticació de doble factor"
+setupOf2fa: "Configura l'autenticació de doble factor"
 totp: "Aplicació d'autenticació"
 totpDescription: "Escriu una contrasenya d'un sol us fent servir l'aplicació d'autenticació"
 moderator: "Moderador/a"
 moderation: "Moderació"
 moderationNote: "Nota de moderació "
 moderationNoteDescription: "Pots escriure notes que es compartiran entre els moderadors."
-addModerationNote: "Afegir una nota de moderació "
+addModerationNote: "Afegeix una nota de moderació "
 moderationLogs: "Registre de moderació "
 nUsersMentioned: "{n} usuaris mencionats"
 securityKeyAndPasskey: "Clau de seguretat / Clau de pas"
@@ -471,13 +470,13 @@ reduceUiAnimation: "Redueix les animacions de la interfície"
 share: "Comparteix"
 notFound: "No s'ha trobat"
 notFoundDescription: "No es troba cap pàgina que correspongui a aquesta adreça"
-uploadFolder: "Carpeta per defecte per pujades"
+uploadFolder: "Carpeta per defecte on desar els arxius pujats"
 markAsReadAllNotifications: "Marca totes les notificacions com a llegides"
 markAsReadAllUnreadNotes: "Marca-ho tot com a llegit"
 markAsReadAllTalkMessages: "Marcar tots els missatges com llegits"
 help: "Ajuda"
 inputMessageHere: "Escriu aquí el teu missatge "
-close: "Tancar"
+close: "Tanca"
 invites: "Convida"
 members: "Membres"
 transfer: "Transferir"
@@ -508,7 +507,7 @@ normalPassword: "Bona contrasenya"
 strongPassword: "Contrasenya segura"
 passwordMatched: "Correcte!"
 passwordNotMatched: "No coincideix"
-signinWith: "Inicia sessió amb amb {x}"
+signinWith: "Inicia sessió amb {x}"
 signinFailed: "Autenticació sense èxit. Intenta-ho un altre cop utilitzant la contrasenya i el nom correctes."
 or: "O"
 language: "Idioma"
@@ -591,7 +590,7 @@ chooseEmoji: "Tria un emoji"
 unableToProcess: "L'operació no pot ser completada "
 recentUsed: "Utilitzat recentment"
 install: "Instal·lació "
-uninstall: "Desinstal·lar "
+uninstall: "Desinstal·la"
 installedApps: "Aplicacions autoritzades "
 nothing: "No hi ha res per veure aquí "
 installedDate: "Data d'instal·lació"
@@ -608,13 +607,13 @@ output: "Sortida"
 script: "Script"
 disablePagesScript: "Desactivar AiScript a les pàgines "
 updateRemoteUser: "Actualitzar la informació de l'usuari remot"
-unsetUserAvatar: "Desactivar l'avatar "
+unsetUserAvatar: "Desactiva l'avatar "
 unsetUserAvatarConfirm: "Segur que vols desactivar l'avatar?"
-unsetUserBanner: "Desactivar el bàner "
+unsetUserBanner: "Desactiva el bàner "
 unsetUserBannerConfirm: "Segur que vols desactivar el bàner?"
-deleteAllFiles: "Esborrar tots els arxius"
+deleteAllFiles: "Esborra tots els arxius"
 deleteAllFilesConfirm: "Segur que vols esborrar tots els arxius?"
-removeAllFollowing: "Deixar de seguir tots els usuaris seguits"
+removeAllFollowing: "Deixa de seguir tots els usuaris seguits"
 removeAllFollowingDescription: "El fet d'executar això, et farà deixar de seguir a tots els usuaris de {host}. Si us plau, executa això si l'amfitrió, per exemple, ja no existeix."
 userSuspended: "Aquest usuari ha sigut suspès"
 userSilenced: "Aquest usuari està sent silenciat"
@@ -1183,8 +1182,8 @@ currentAnnouncements: "Informes actuals"
 pastAnnouncements: "Informes passats"
 youHaveUnreadAnnouncements: "Tens informes per llegir."
 useSecurityKey: "Segueix les instruccions del teu navegador O dispositiu per fer servir el teu passkey."
-replies: "Respondre"
-renotes: "Impulsa"
+replies: "Respon"
+renotes: "Impulsar "
 loadReplies: "Mostrar les respostes"
 loadConversation: "Mostrar la conversació "
 pinnedList: "Llista fixada"
@@ -1299,6 +1298,8 @@ yourNameContainsProhibitedWordsDescription: "Si de veritat vols fer servir aques
 thisContentsAreMarkedAsSigninRequiredByAuthor: "L'autor requereix l'inici de sessió per poder veure"
 lockdown: "Bloquejat"
 pleaseSelectAccount: "Seleccionar un compte"
+availableRoles: "Roles disponibles "
+acknowledgeNotesAndEnable: "Activa'l després de comprendre els possibles perills."
 _accountSettings:
   requireSigninToViewContents: "És obligatori l'inici de sessió per poder veure el contingut"
   requireSigninToViewContentsDescription1: "Es requereix l'inici de sessió per poder veure totes les notes i el contingut que has creat. Amb això esperem evitar que els rastrejadors recopilin informació."
@@ -1455,6 +1456,8 @@ _serverSettings:
   reactionsBufferingDescription: "Quan s'activa aquesta opció millora bastant el rendiment en recuperar les línies de temps reduint la càrrega de la base. Com a contrapunt, augmentarà  l'ús de memòria de Redís. Desactiva aquesta opció en cas de tenir un servidor amb poca memòria o si tens problemes d'inestabilitat."
   inquiryUrl: "URL de consulta "
   inquiryUrlDescription: "Escriu adreça URL per al formulari de consulta per al mantenidor del servidor o una pàgina web amb el contacte d'informació."
+  openRegistration: "Registres oberts"
+  openRegistrationWarning: "Obrir els registres és arriscat. Es recomana obrir-los només si el servidor és monitorat constantment i per respondre immediatament davant qualsevol problema."
   thisSettingWillAutomaticallyOffWhenModeratorsInactive: "Si no es detecta activitat per part del moderador durant un període de temps, aquesta opció es desactiva automàticament per evitar el correu brossa."
 _accountMigration:
   moveFrom: "Migrar un altre compte a aquest"
@@ -2737,3 +2740,6 @@ _selfXssPrevention:
   description1: "Si posa alguna cosa al seu compte, un usuari malintencionat podria segrestar-la o robar-li les dades."
   description2: "Si no entens que estàs fent %cpara ara mateix i tanca la finestra."
   description3: "Per obtenir més informació. {link}"
+_followRequest:
+  recieved: "Sol·licituds rebudes"
+  sent: "Sol·licituds enviades"

locales/cs-CZ.yml

@@ -348,7 +348,6 @@ enableLocalTimeline: "Povolit lokální čas"
 enableGlobalTimeline: "Povolit globální čas"
 disablingTimelinesInfo: "Administrátoři a Moderátoři budou mít stálý přístup ke všem časovým osám i přes to že nejsou zapnuté."
 registration: "Registrace"
-enableRegistration: "Povolit registraci novým uživatelům"
 invite: "Pozvat"
 driveCapacityPerLocalAccount: "Kapacita disku na lokálního uživatele"
 driveCapacityPerRemoteAccount: "Kapacita disku na vzdáleného uživatele"

locales/de-DE.yml

@@ -8,6 +8,9 @@ search: "Suchen"
 notifications: "Benachrichtigungen"
 username: "Benutzername"
 password: "Passwort"
+initialPasswordForSetup: "Initiales Passwort für die Einrichtung"
+initialPasswordIsIncorrect: "Das initiale Passwort für die Einrichtung ist falsch"
+initialPasswordForSetupDescription: "Verwende das in der Konfigurationsdatei angegebene Passwort, wenn du Misskey selbst installiert hast.\nWenn du einen Misskey-Hostingdienst o.ä. nutzt, verwende das dort angegebene Kennwort.\nWenn du kein Passwort festgelegt hast, lasse es leer, um fortzufahren."
 forgotPassword: "Passwort vergessen"
 fetchingAsApObject: "Wird aus dem Fediverse angefragt …"
 ok: "OK"
@@ -60,6 +63,7 @@ copyFileId: "Datei-ID kopieren"
 copyFolderId: "Ordner-ID kopieren"
 copyProfileUrl: "Profil-URL kopieren"
 searchUser: "Nach einem Benutzer suchen"
+searchThisUsersNotes: "Notizen dieses Benutzers suchen"
 reply: "Antworten"
 loadMore: "Mehr laden"
 showMore: "Mehr anzeigen"
@@ -108,11 +112,14 @@ enterEmoji: "Gib ein Emoji ein"
 renote: "Renote"
 unrenote: "Renote zurücknehmen"
 renoted: "Renote getätigt."
+renotedToX: "Renoted zu {name}."
 cantRenote: "Renote dieses Beitrags nicht möglich."
 cantReRenote: "Renote einer Renote nicht möglich."
 quote: "Zitieren"
 inChannelRenote: "Kanal-interner Renote"
 inChannelQuote: "Kanal-internes Zitat"
+renoteToChannel: "Renote zu Kanal"
+renoteToOtherChannel: "Renote zu anderem Kanal"
 pinnedNote: "Angeheftete Notiz"
 pinned: "Angeheftet"
 you: "Du"
@@ -124,12 +131,13 @@ reactions: "Reaktionen"
 emojiPicker: "Emoji auswählen"
 pinnedEmojisForReactionSettingDescription: "Lege Emojis fest, die angepinnt werden sollen, um sie beim Reagieren als Erstes anzuzeigen."
 pinnedEmojisSettingDescription: "Lege Emojis fest, die angepinnt werden sollen, um sie in der Emoji-Auswahl als Erstes anzuzeigen"
+emojiPickerDisplay: "Anzeige der Emoji-Auswahl"
 overwriteFromPinnedEmojisForReaction: "Überschreiben mit den Reaktions-Einstellungen"
 overwriteFromPinnedEmojis: "Überschreiben mit den allgemeinen Einstellungen"
 reactionSettingDescription2: "Ziehe um Anzuordnen, klicke um zu löschen, drücke „+“ um hinzuzufügen"
 rememberNoteVisibility: "Notizsichtbarkeit merken"
 attachCancel: "Anhang entfernen"
-deleteFile: "Datei gelöscht"
+deleteFile: "Datei löschen"
 markAsSensitive: "Als sensibel markieren"
 unmarkAsSensitive: "Als nicht sensibel markieren"
 enterFileName: "Dateinamen eingeben"
@@ -150,6 +158,7 @@ editList: "Liste bearbeiten"
 selectChannel: "Kanal auswählen"
 selectAntenna: "Antenne auswählen"
 editAntenna: "Antenne bearbeiten"
+createAntenna: "Erstelle eine Antenne"
 selectWidget: "Widget auswählen"
 editWidgets: "Widgets bearbeiten"
 editWidgetsExit: "Fertig"
@@ -176,6 +185,8 @@ addAccount: "Benutzerkonto hinzufügen"
 reloadAccountsList: "Benutzerkontoliste aktualisieren"
 loginFailed: "Anmeldung fehlgeschlagen"
 showOnRemote: "Auf Ursprungsinstanz ansehen"
+chooseServerOnMisskeyHub: "Wähle einen Server aus dem Misskey Hub"
+inputHostName: "Gib die Domain an"
 general: "Allgemein"
 wallpaper: "Hintergrund"
 setWallpaper: "Hintergrund festlegen"
@@ -186,6 +197,7 @@ followConfirm: "Möchtest du {name} wirklich folgen?"
 proxyAccount: "Proxy-Benutzerkonto"
 proxyAccountDescription: "Ein Proxy-Konto ist ein Benutzerkonto, das unter bestimmten Bedingungen als Follower für Benutzer fremder Instanzen fungiert. Wenn zum Beispiel ein Benutzer einen Benutzer einer fremden Instanz zu einer Liste hinzufügt, werden die Aktivitäten des entfernten Benutzers nicht an die Instanz übermittelt, wenn kein lokaler Benutzer diesem Benutzer folgt; stattdessen folgt das Proxy-Konto."
 host: "Hostname"
+selectSelf: "Mich auswählen"
 selectUser: "Benutzer auswählen"
 recipient: "Empfänger"
 annotation: "Anmerkung"
@@ -201,6 +213,7 @@ perDay: "Pro Tag"
 stopActivityDelivery: "Senden von Aktivitäten einstellen"
 blockThisInstance: "Diese Instanz blockieren"
 silenceThisInstance: "Instanz stummschalten"
+mediaSilenceThisInstance: "Medien dieses Servers stummschalten"
 operations: "Aktionen"
 software: "Software"
 version: "Version"
@@ -222,6 +235,8 @@ blockedInstances: "Blockierte Instanzen"
 blockedInstancesDescription: "Gib die Hostnamen der Instanzen, welche blockiert werden sollen, durch Zeilenumbrüche getrennt an. Blockierte Instanzen können mit dieser instanz nicht mehr kommunizieren."
 silencedInstances: "Stummgeschaltete Instanzen"
 silencedInstancesDescription: "Gib die Hostnamen der Instanzen, welche stummgeschaltet werden sollen, durch Zeilenumbrüche getrennt an. Alle Konten dieser Instanzen werden als stummgeschaltet behandelt, können nur noch Follow-Anfragen stellen und wenn nicht gefolgt keine lokalen Konten erwähnen. Blockierte Instanzen sind davon nicht betroffen."
+mediaSilencedInstances: "Medien-stummgeschaltete Server"
+mediaSilencedInstancesDescription: "Gib pro Zeile die Hostnamen der Server ein, dessen Medien du stummschalten möchtest. Alle Benutzerkonten der aufgeführten Server werden als sensibel behandelt und können keine benutzerdefinierten Emojis verwenden. Gesperrte Server sind davon nicht betroffen."
 muteAndBlock: "Stummschaltungen und Blockierungen"
 mutedUsers: "Stummgeschaltete Benutzer"
 blockedUsers: "Blockierte Benutzer"
@@ -312,6 +327,7 @@ selectFile: "Datei auswählen"
 selectFiles: "Dateien auswählen"
 selectFolder: "Ordner auswählen"
 selectFolders: "Ordner auswählen"
+fileNotSelected: "Keine Datei ausgewählt"
 renameFile: "Datei umbenennen"
 folderName: "Ordnername"
 createFolder: "Ordner erstellen"
@@ -319,6 +335,7 @@ renameFolder: "Ordner umbenennen"
 deleteFolder: "Ordner löschen"
 folder: "Ordner"
 addFile: "Datei hinzufügen"
+showFile: "Datei anzeigen"
 emptyDrive: "Deine Drive ist leer"
 emptyFolder: "Dieser Ordner ist leer"
 unableToDelete: "Nicht löschbar"
@@ -361,7 +378,6 @@ enableLocalTimeline: "Lokale Chronik aktivieren"
 enableGlobalTimeline: "Globale Chronik aktivieren"
 disablingTimelinesInfo: "Administratoren und Moderatoren haben immer Zugriff auf alle Chroniken, auch wenn diese deaktiviert sind."
 registration: "Registrieren"
-enableRegistration: "Registrierung neuer Benutzer erlauben"
 invite: "Einladen"
 driveCapacityPerLocalAccount: "Drive-Kapazität pro lokalem Benutzerkonto"
 driveCapacityPerRemoteAccount: "Drive-Kapazität pro Benutzer fremder Instanzen"
@@ -399,6 +415,7 @@ name: "Name"
 antennaSource: "Antennenquelle"
 antennaKeywords: "Zu beobachtende Schlüsselwörter"
 antennaExcludeKeywords: "Zu ignorierende Schlüsselwörter"
+antennaExcludeBots: "Bot-Accounts ausschließen"
 antennaKeywordsDescription: "Zum Nutzen einer \"UND\"-Verknüpfung Einträge mit Leerzeichen trennen, zum Nutzen einer \"ODER\"-Verknüpfung Einträge mit einem Zeilenumbruch trennen"
 notifyAntenna: "Über neue Notizen benachrichtigen"
 withFileAntenna: "Nur Notizen mit Dateien"
@@ -466,6 +483,7 @@ retype: "Erneut eingeben"
 noteOf: "Notiz von {user}"
 quoteAttached: "Zitat"
 quoteQuestion: "Als Zitat anhängen?"
+attachAsFileQuestion: "Der Text in der Zwischenablage ist lang. Möchtest du ihn als Textdatei anhängen?"
 noMessagesYet: "Noch keine Nachrichten vorhanden"
 newMessageExists: "Du hast eine neue Nachricht"
 onlyOneFileCanBeAttached: "Es kann pro Nachricht nur eine Datei angehängt werden"
@@ -491,7 +509,11 @@ uiLanguage: "Sprache der Benutzeroberfläche"
 aboutX: "Über {x}"
 emojiStyle: "Emoji-Stil"
 native: "Nativ"
+menuStyle: "Menü Stil"
+style: "Stil"
+popup: "Pop-up"
 showNoteActionsOnlyHover: "Notizmenü nur bei Mouseover anzeigen"
+showReactionsCount: "Zeige die Anzahl der Reaktionen auf Notizen an"
 noHistory: "Kein Verlauf gefunden"
 signinHistory: "Anmeldungsverlauf"
 enableAdvancedMfm: "Erweitertes MFM aktivieren"
@@ -572,6 +594,7 @@ ascendingOrder: "Aufsteigende Reihenfolge"
 descendingOrder: "Absteigende Reihenfolge"
 scratchpad: "Testumgebung"
 scratchpadDescription: "Die Testumgebung bietet einen Bereich für AiScript-Experimente. Dort kannst du AiScript schreiben, ausführen sowie dessen Auswirkungen auf Misskey überprüfen."
+uiInspector: "UI-Inspektor"
 output: "Ausgabe"
 script: "Skript"
 disablePagesScript: "AiScript auf Seiten deaktivieren"
@@ -652,6 +675,7 @@ smtpSecure: "Für SMTP-Verbindungen implizit SSL/TLS verwenden"
 smtpSecureInfo: "Schalte dies aus, falls du STARTTLS verwendest."
 testEmail: "Emailversand testen"
 wordMute: "Wortstummschaltung"
+hardWordMute: "Harte Wort-Stummschaltung"
 regexpError: "Fehler in einem regulären Ausdruck"
 regexpErrorDescription: "Im regulären Ausdruck deiner in Zeile {line} von {tab}en Wortstummschaltungen ist ein Fehler aufgetreten:"
 instanceMute: "Instanzstummschaltungen"
@@ -673,6 +697,7 @@ useGlobalSettingDesc: "Ist diese Option aktiviert, werden die Benachrichtigungse
 other: "Anderes"
 regenerateLoginToken: "Anmeldetoken regenerieren"
 regenerateLoginTokenDescription: "Den zur Anmeldung intern verwendeten Token regenerieren. Normalerweise wird dies nicht benötigt. Bei Regeneration werden alle Geräte ausgeloggt."
+theKeywordWhenSearchingForCustomEmoji: "Das ist das Schlagwort beim Suchen von benutzerdefinierten Emojis."
 setMultipleBySeparatingWithSpace: "Trenne Elemente durch ein Leerzeichen um mehrere Einstellungen zu kofigurieren."
 fileIdOrUrl: "Datei-ID oder URL"
 behavior: "Verhalten"
@@ -882,9 +907,12 @@ makeReactionsPublicDescription: "Jeder wird die Liste deiner gesendeten Reaktion
 classic: "Classic"
 muteThread: "Thread stummschalten"
 unmuteThread: "Threadstummschaltung aufheben"
+followingVisibility: "Sichtbarkeit der Gefolgten"
+followersVisibility: "Sichtbarkeit der Folgenden"
 continueThread: "Weiteren Threadverlauf anzeigen"
 deleteAccountConfirm: "Dein Benutzerkonto wird unwiderruflich gelöscht. Trotzdem fortfahren?"
 incorrectPassword: "Falsches Passwort."
+incorrectTotp: "Das Einmalpasswort ist falsch oder abgelaufen."
 voteConfirm: "Wirklich für „{choice}“ abstimmen?"
 hide: "Inhalt verbergen"
 useDrawerReactionPickerForMobile: "Auf mobilen Geräten ausfahrbare Reaktionsauswahl anzeigen"
@@ -909,6 +937,9 @@ oneHour: "Eine Stunde"
 oneDay: "Einen Tag"
 oneWeek: "Eine Woche"
 oneMonth: "1 Monat"
+threeMonths: "3 Monate"
+oneYear: "1 Jahr"
+threeDays: "3 Tage"
 reflectMayTakeTime: "Es kann etwas dauern, bis sich dies widerspiegelt."
 failedToFetchAccountInformation: "Benutzerkontoinformationen konnten nicht abgefragt werden"
 rateLimitExceeded: "Versuchsanzahl überschritten"
@@ -982,6 +1013,7 @@ neverShow: "Nicht wieder anzeigen"
 remindMeLater: "Vielleicht später"
 didYouLikeMisskey: "Gefällt dir Misskey?"
 pleaseDonate: "Misskey ist die kostenlose Software, die von {host} verwendet wird. Wir würden uns über Spenden freuen, damit dessen Entwicklung weitergeführt werden kann!"
+correspondingSourceIsAvailable: "Der entsprechende Quellcode ist verfügbar unter {anchor}"
 roles: "Rollen"
 role: "Rolle"
 noRole: "Rolle nicht gefunden"
@@ -1009,6 +1041,7 @@ thisPostMayBeAnnoyingHome: "Zur Startseite schicken"
 thisPostMayBeAnnoyingCancel: "Abbrechen"
 thisPostMayBeAnnoyingIgnore: "Trotzdem schicken"
 collapseRenotes: "Bereits gesehene Renotes verkürzt anzeigen"
+collapseRenotesDescription: "Klappe Notizen ein, auf die du bereits reagiert oder die du renoted hast."
 internalServerError: "Serverinterner Fehler"
 internalServerErrorDescription: "Im Server ist ein unerwarteter Fehler aufgetreten."
 copyErrorInfo: "Fehlerdetails kopieren"
@@ -1032,6 +1065,8 @@ resetPasswordConfirm: "Wirklich Passwort zurücksetzen?"
 sensitiveWords: "Sensible Wörter"
 sensitiveWordsDescription: "Die Notizsichtbarkeit aller Notizen, die diese Wörter enthalten, wird automatisch auf \"Startseite\" gesetzt. Durch Zeilenumbrüche können mehrere konfiguriert werden."
 sensitiveWordsDescription2: "Durch die Verwendung von Leerzeichen können AND-Verknüpfungen angegeben werden und durch das Umgeben von Schrägstrichen können reguläre Ausdrücke verwendet werden."
+prohibitedWords: "Verbotene Wörter"
+prohibitedWordsDescription: "Aktiviert eine Fehlermeldung, wenn versucht wird, eine Notiz zu veröffentlichen, die das/die eingestellte(n) Wort(e) enthält. Mehrere Begriffe können durch Zeilenumbrüche getrennt festgelegt werden."
 prohibitedWordsDescription2: "Durch die Verwendung von Leerzeichen können AND-Verknüpfungen angegeben werden und durch das Umgeben von Schrägstrichen können reguläre Ausdrücke verwendet werden."
 hiddenTags: "Ausgeblendete Hashtags"
 hiddenTagsDescription: "Die hier eingestellten Tags werden nicht mehr in den Trends angezeigt. Mit der Umschalttaste können mehrere ausgewählt werden."
@@ -1078,6 +1113,8 @@ preservedUsernames: "Reservierte Benutzernamen"
 preservedUsernamesDescription: "Gib zu reservierende Benutzernamen durch Zeilenumbrüche getrennt an. Diese werden für die Registrierung gesperrt, können aber von Administratoren zur manuellen Erstellung von Konten verwendet werden. Existierende Konten, die diese Namen bereits verwenden, werden nicht beeinträchtigt."
 createNoteFromTheFile: "Notiz für diese Datei schreiben"
 archive: "Archivieren"
+archived: "Archiviert"
+unarchive: "Dearchivieren"
 channelArchiveConfirmTitle: "{name} wirklich archivieren?"
 channelArchiveConfirmDescription: "Ein archivierter Kanal taucht nicht mehr in der Kanalliste oder in Suchergebnissen auf. Zudem können ihm keine Beiträge mehr hinzugefügt werden."
 thisChannelArchived: "Dieser Kanal wurde archiviert."
@@ -1155,6 +1192,9 @@ confirmShowRepliesAll: "Dies ist eine unwiderrufliche Aktion. Wirklich Antworten
 confirmHideRepliesAll: "Dies ist eine unwiderrufliche Aktion. Wirklich Antworten von allen momentan gefolgten Benutzern nicht in der Chronik anzeigen?"
 externalServices: "Externe Dienste"
 sourceCode: "Quellcode"
+sourceCodeIsNotYetProvided: "Der Quellcode ist noch nicht verfügbar. Kontaktiere den Administrator, um das Problem zu lösen."
+repositoryUrl: "Repository URL"
+repositoryUrlOrTarballRequired: "Wenn du kein Repository veröffentlicht hast, musst du stattdessen einen Tarball bereitstellen. Siehe .config/example.yml für weitere Informationen."
 impressum: "Impressum"
 impressumUrl: "Impressums-URL"
 impressumDescription: "In manchen Ländern, wie Deutschland und dessen Umgebung, ist die Angabe von Betreiberinformationen (ein Impressum) bei kommerziellem Betrieb zwingend."
@@ -1176,15 +1216,77 @@ signupPendingError: "Beim Überprüfen der Mailadresse ist etwas schiefgelaufen.
 cwNotationRequired: "Ist \"Inhaltswarnung verwenden\" aktiviert, muss eine Beschreibung gegeben werden."
 doReaction: "Reagieren"
 code: "Code"
+remainingN: "Verbleibend: {n}"
+overwriteContentConfirm: "Bist du sicher, dass du den aktuellen Inhalt überschreiben willst?"
+seasonalScreenEffect: "Saisonaler Bildschirmeffekt"
 decorate: "Dekorieren"
 addMfmFunction: "MFM hinzufügen"
+enableQuickAddMfmFunction: "Erweiterte MFM-Auswahl anzeigen"
 sfx: "Soundeffekte"
+soundWillBePlayed: "Es wird Ton wiedergegeben"
+showReplay: "Wiederholung anzeigen"
+ranking: "Rangliste"
 lastNDays: "Letzten {n} Tage"
+backToTitle: "Zurück zum Startbildschirm"
+enableHorizontalSwipe: "Wischen, um zwischen Tabs zu wechseln"
+loading: "Laden"
 surrender: "Abbrechen"
+gameRetry: "Erneut versuchen"
+notUsePleaseLeaveBlank: "Leer lassen, wenn nicht verwendet"
+useTotp: "Gib das Einmalpasswort ein"
+useBackupCode: "Verwende die Backup-Codes"
+launchApp: "Starte die App"
+useNativeUIForVideoAudioPlayer: "Browser-Benutzeroberfläche für die Video- und Audiowiedergabe verwenden"
+keepOriginalFilename: "Ursprünglichen Dateinamen beibehalten"
+keepOriginalFilenameDescription: "Wenn diese Einstellung deaktiviert ist, wird der Dateiname beim Hochladen automatisch durch eine zufällige Zeichenfolge ersetzt."
+noDescription: "Keine Beschreibung vorhanden"
+tryAgain: "Bitte später erneut versuchen"
+confirmWhenRevealingSensitiveMedia: "Das Anzeigen von sensiblen Medien bestätigen"
+createdLists: "Erstellte Listen"
+createdAntennas: "Erstellte Antennen"
+fromX: "Von {x}"
+genEmbedCode: "Einbettungscode generieren"
+noteOfThisUser: "Notizen dieses Benutzers"
+clipNoteLimitExceeded: "Zu diesem Clip können keine weiteren Notizen hinzugefügt werden."
+discard: "Verwerfen"
+thereAreNChanges: "Es gibt {n} Änderung(en)"
+signinWithPasskey: "Mit Passkey anmelden"
+passkeyVerificationFailed: "Die Passkey-Verifizierung ist fehlgeschlagen."
+passkeyVerificationSucceededButPasswordlessLoginDisabled: "Die Verifizierung des Passkeys war erfolgreich, aber die passwortlose Anmeldung ist deaktiviert."
+prohibitedWordsForNameOfUser: "Verbotene Begriffe für Benutzernamen"
+prohibitedWordsForNameOfUserDescription: "Wenn eine Zeichenfolge aus dieser Liste im Namen eines Benutzers enthalten ist, wird der Benutzername abgelehnt. Benutzer mit Moderatorenrechten sind von dieser Einschränkung nicht betroffen."
+yourNameContainsProhibitedWords: "Dein Name enthält einen verbotenen Begriff"
+yourNameContainsProhibitedWordsDescription: "Der Name enthält eine verbotene Zeichenfolge. Wende dich an deinen Serveradministrator, wenn du diesen Namen verwenden möchtest."
+pleaseSelectAccount: "Bitte Konto auswählen"
+availableRoles: "Verfügbare Rollen"
+_accountSettings:
+  requireSigninToViewContents: "Anmeldung erfordern, um Inhalte anzuzeigen"
+  requireSigninToViewContentsDescription1: "Erfordere eine Anmeldung, um alle Notizen und andere Inhalte anzuzeigen, die du erstellt hast. Dadurch wird verhindert, dass Crawler deine Informationen sammeln."
+  requireSigninToViewContentsDescription3: "Diese Einschränkungen gelten möglicherweise nicht für föderierte Inhalte von anderen Servern."
+  makeNotesFollowersOnlyBefore: "Macht frühere Notizen nur für Follower sichtbar"
+  mayNotEffectForFederatedNotes: "Dies hat möglicherweise keine Auswirkungen auf Notizen, die an andere Server föderiert werden."
+_abuseUserReport:
+  forward: "Weiterleiten"
+  forwardDescription: "Leite die Meldung an einen entfernten Server als anonymes Systemkonto weiter."
+  accept: "Akzeptieren"
+  reject: "Ablehnen"
 _delivery:
   stop: "Gesperrt"
   _type:
     none: "Wird veröffentlicht"
+_bubbleGame:
+  howToPlay: "Wie man spielt"
+  hold: "Halten"
+  _score:
+    score: "Spielstand"
+    scoreYen: "Verdienter Geldbetrag"
+    highScore: "Höchstpunktzahl"
+    maxChain: "Maximale Anzahl an Verkettungen"
+    yen: "{yen} Yen"
+  _howToPlay:
+    section1: "Passe die Position an und lasse das Objekt in das Spielfeld fallen."
+    section2: "Wenn sich zwei Objekte der gleichen Art berühren, verwandeln sie sich in ein anderes Objekt und du bekommst Punkte."
+    section3: "Das Spiel ist vorbei, wenn die Objekte aus dem Spielfeld herausragen. Versuche eine hohe Punktzahl zu erreichen, indem du die Objekte miteinander verschmelzt, ohne dass das Spielfeld überläuft!"
 _announcement:
   forExistingUsers: "Nur für existierende Nutzer"
   forExistingUsersDescription: "Ist diese Option aktiviert, wird diese Ankündigung nur Nutzern angezeigt, die zum Zeitpunkt der Ankündigung bereits registriert sind. Ist sie deaktiviert, wird sie auch Nutzern, die sich nach dessen Veröffentlichung registrieren, angezeigt."
@@ -1228,8 +1330,18 @@ _initialTutorial:
     reply: "Klicke auf diesen Button, um auf eine Nachricht zu antworten. Es ist auch möglich, auf Antworten zu antworten und die Unterhaltung wie einen Thread fortzusetzen."
   _reaction:
     title: "Was sind Reaktionen?"
+    description: "Auf Notizen kann mit verschiedenen Emojis reagiert werden. Reaktionen ermöglichen es dir, Nuancen auszudrücken, die mit einem einfachen „Gefällt mir“ vielleicht nicht ausgedrückt werden können."
+    letsTryReacting: "Reaktionen können durch Klicken auf die Schaltfläche „+“ in der Notiz hinzugefügt werden. Versuche, auf diese Beispielnotiz zu reagieren!"
     reactToContinue: "Füge eine Reaktion hinzu, um fortzufahren."
     reactNotification: "Du erhältst Echtzeit-Benachrichtigungen, wenn jemand auf deine Notiz reagiert."
+    reactDone: "Du kannst eine Reaktion zurücknehmen, indem du auf den '-' Button drückst."
+  _timeline:
+    title: "So funktionieren die Chroniken"
+    home: "Du kannst Beiträge von den Konten sehen, denen du folgst."
+    local: "Du kannst Beiträge aller Benutzer auf diesem Server sehen."
+    social: "Notizen von der Startseite und der lokalen Chronik werden angezeigt."
+    global: "Du kannst Notizen von allen föderierten Servern sehen."
+    description2: "Du kannst jederzeit am oberen Rand des Bildschirms zwischen den jeweiligen Chroniken wechseln."
   _postNote:
     _visibility:
       description: "Du kannst einschränken, wer deine Notiz sehen kann."
@@ -1237,8 +1349,16 @@ _initialTutorial:
       doNotSendConfidencialOnDirect1: "Sei vorsichtig, wenn du sensible Informationen verschickst!"
     _cw:
       title: "Inhaltswarnung"
+      _exampleNote:
+        note: "Ich hatte gerade einen Donut mit Schokoladenüberzug 🍩😋"
+  _howToMakeAttachmentsSensitive:
+    tryThisFile: "Versuche, das angehängte Bild als sensibel zu markieren!"
+    method: "Um einen Anhang als sensibel zu kennzeichnen, klicke auf das Vorschaubild der Datei, um das Menü zu öffnen, und klicke auf „Als sensibel markieren“."
+    sensitiveSucceeded: "Wenn du Dateien anhängst, stelle bitte die Sensibilität entsprechend der Serverrichtlinien ein."
+    doItToContinue: "Markiere die angehängte Datei als sensibel, um fortzufahren."
   _done:
     title: "Du hast das Tutorial abgeschlossen! 🎉"
+    description: "Die hier beschriebenen Funktionen sind nur ein kleiner Teil dessen, was Misskey zu bieten hat; um mehr darüber zu erfahren, wie du Misskey benutzen kannst, besuche bitte {link}."
 _timelineDescription:
   local: "In der lokalen Chronik siehst du Notizen von allen Benutzern auf diesem Server."
   global: "In der globalen Chronik siehst du Notizen von allen föderierten Servern."
@@ -1256,6 +1376,7 @@ _serverSettings:
   fanoutTimelineDescription: "Ist diese Option aktiviert, kann eine erhebliche Verbesserung im Abrufen von Chroniken und eine Reduzierung der Datenbankbelastung erzielt werden, im Gegenzug zu einer Steigerung in der Speichernutzung von Redis. Bei geringem Serverspeicher oder Serverinstabilität kann diese Option deaktiviert werden."
   fanoutTimelineDbFallback: "Auf die Datenbank zurückfallen"
   fanoutTimelineDbFallbackDescription: "Ist diese Option aktiviert, wird die Chronik auf zusätzliche Abfragen in der Datenbank zurückgreifen, wenn sich die Chronik nicht im Cache befindet. Eine Deaktivierung führt zu geringerer Serverlast, aber schränkt den Zeitraum der abrufbaren Chronik ein. "
+  thisSettingWillAutomaticallyOffWhenModeratorsInactive: "Wenn über einen bestimmten Zeitraum keine Moderatorenaktivität festgestellt wird, wird diese Einstellung automatisch deaktiviert, um Spam zu verhindern."
 _accountMigration:
   moveFrom: "Von einem anderen Konto zu diesem migrieren"
   moveFromSub: "Alias für ein anderes Konto erstellen"
@@ -1514,7 +1635,12 @@ _achievements:
       title: "Testüberfluss"
       description: "Betätige den Benachrichtigungstest mehrfach innerhalb einer extrem kurzen Zeitspanne"
     _tutorialCompleted:
+      title: "Misskey Grundkurs-Diplom"
       description: "Tutorial abgeschlossen"
+    _bubbleGameExplodingHead:
+      title: "🤯"
+    _bubbleGameDoubleExplodingHead:
+      title: "Doppel🤯"
 _role:
   new: "Rolle erstellen"
   edit: "Rolle bearbeiten"
@@ -1555,6 +1681,7 @@ _role:
     gtlAvailable: "Kann auf die globale Chronik zugreifen"
     ltlAvailable: "Kann auf die lokale Chronik zugreifen"
     canPublicNote: "Kann öffentliche Notizen erstellen"
+    mentionMax: "Maximale Anzahl von Erwähnungen in einer Notiz"
     canInvite: "Erstellung von Einladungscodes für diese Instanz"
     inviteLimit: "Maximalanzahl an Einladungen"
     inviteLimitCycle: "Zyklus des Einladungslimits"
@@ -1577,9 +1704,12 @@ _role:
     canSearchNotes: "Nutzung der Notizsuchfunktion"
     canUseTranslator: "Verwendung des Übersetzers"
     avatarDecorationLimit: "Maximale Anzahl an Profilbilddekorationen, die angebracht werden können"
+    canImportAntennas: "Importieren von Antennen erlauben"
   _condition:
     isLocal: "Lokaler Benutzer"
     isRemote: "Benutzer fremder Instanz"
+    isCat: "Katzen-Benutzer"
+    isBot: "Bot-Benutzer"
     createdLessThan: "Kontoerstellung liegt weniger als X zurück"
     createdMoreThan: "Kontoerstellung liegt mehr als X zurück"
     followersLessThanOrEq: "Hat X oder weniger Follower"
@@ -1795,6 +1925,12 @@ _sfx:
   note: "Notizen"
   noteMy: "Meine Notizen"
   notification: "Benachrichtigungen"
+_soundSettings:
+  driveFile: "Audiodatei aus dem Drive verwenden"
+  driveFileWarn: "Wähle eine Audiodatei aus dem Drive"
+  driveFileTypeWarn: "Diese Datei wird nicht unterstützt"
+  driveFileTypeWarnDescription: "Bitte wähle eine Audiodatei"
+  driveFileDurationWarn: "Audio zu lang."
 _ago:
   future: "Zukunft"
   justNow: "Gerade eben"
@@ -1876,6 +2012,23 @@ _permissions:
   "write:flash": "Deine Plays bearbeiten oder löschen"
   "read:flash-likes": "Liste der Plays, die mir gefallen, lesen"
   "write:flash-likes": "Liste der Plays, die mir gefallen, bearbeiten"
+  "write:admin:delete-account": "Benutzerkonto löschen"
+  "write:admin:delete-all-files-of-a-user": "Alle Dateien eines Benutzers löschen"
+  "read:admin:index-stats": "Statistiken zu Datenbankindizes einsehen"
+  "read:admin:table-stats": "Statistiken zu Datenbanktabellen einsehen"
+  "read:admin:user-ips": "IP-Adressen von Benutzern anzeigen"
+  "read:admin:meta": "Metadaten der Instanz einsehen"
+  "write:admin:reset-password": "Benutzerpasswort zurücksetzen"
+  "write:admin:send-email": "E-Mail versenden"
+  "read:admin:server-info": "Serverinformationen anzeigen"
+  "read:admin:show-moderation-log": "Moderationsprotokoll einsehen"
+  "read:admin:show-user": "Private Benutzerinformationen einsehen"
+  "write:admin:invite-codes": "Einladungscodes verwalten"
+  "read:admin:invite-codes": "Einladungscodes anzeigen"
+  "write:admin:announcements": "Ankündigungen verwalten"
+  "read:admin:announcements": "Ankündigungen einsehen"
+  "write:admin:avatar-decorations": "Kann Avatar-Dekorationen verwalten"
+  "read:admin:avatar-decorations": "Avatar-Dekorationen ansehen"
 _auth:
   shareAccessTitle: "Verteilung von App-Berechtigungen"
   shareAccess: "Möchtest du „{name}“ authorisieren, auf dieses Benutzerkonto zugreifen zu können?"
@@ -2115,6 +2268,7 @@ _notification:
   pollEnded: "Umfrageergebnisse sind verfügbar"
   newNote: "Neue Notiz"
   unreadAntennaNote: "Antenne {name}"
+  roleAssigned: "Rolle zugewiesen"
   emptyPushNotificationMessage: "Push-Benachrichtigungen wurden aktualisiert"
   achievementEarned: "Errungenschaft freigeschaltet"
   testNotification: "Testbenachrichtigung"
@@ -2289,3 +2443,31 @@ _reversi:
   black: "Schwarz"
   white: "Weiß"
   total: "Gesamt"
+_offlineScreen:
+  header: "Verbindung zum Server nicht möglich"
+_urlPreviewSetting:
+  title: "Einstellungen der URL-Vorschau"
+  enable: "URL-Vorschau aktivieren"
+  timeout: "Zeitüberschreitung beim Abrufen der Vorschau (ms)"
+  maximumContentLength: "Maximale Content-Length (Bytes)"
+_mediaControls:
+  playbackRate: "Wiedergabegeschwindigkeit"
+_contextMenu:
+  title: "Kontextmenü"
+  app: "Anwendung"
+_embedCodeGen:
+  title: "Einbettungscode anpassen"
+  header: "Kopfzeile anzeigen"
+  autoload: "Automatisch mehr laden (veraltet)"
+  maxHeight: "Maximale Höhe"
+  maxHeightDescription: "Der Wert 0 deaktiviert die Einstellung der maximalen Höhe. Gib einen Wert an, um zu verhindern, dass das Widget weiterhin vertikal vergrößert wird."
+  maxHeightWarn: "Die Begrenzung der maximalen Höhe ist deaktiviert (0). Wenn dies nicht beabsichtigt war, setze die maximale Höhe auf einen Wert fest."
+  applyToPreview: "Auf die Vorschau anwenden"
+  generateCode: "Einbettungscode generieren"
+  codeGenerated: "Der Code wurde generiert"
+  codeGeneratedDescription: "Füge den generierten Code in deine Website ein, um den Inhalt einzubetten."
+_selfXssPrevention:
+  warning: "WARNUNG"
+  title: "„Füge in diesen Bereich etwas ein“ ist eine Betrugsmasche."
+  description1: "Wenn du hier etwas einfügst, könnte ein böswilliger Benutzer dein Konto übernehmen oder deine persönlichen Daten stehlen."
+  description3: "Weitere Informationen findest du hier. {link}"

locales/en-US.yml

@@ -331,6 +331,7 @@ selectFile: "Select a file"
 selectFiles: "Select files"
 selectFolder: "Select a folder"
 selectFolders: "Select folders"
+fileNotSelected: "No file selected"
 renameFile: "Rename file"
 folderName: "Folder name"
 createFolder: "Create a folder"
@@ -381,7 +382,6 @@ enableLocalTimeline: "Enable local timeline"
 enableGlobalTimeline: "Enable global timeline"
 disablingTimelinesInfo: "Adminstrators and Moderators will always have access to all timelines, even if they are not enabled."
 registration: "Register"
-enableRegistration: "Enable new user registration"
 invite: "Invite"
 driveCapacityPerLocalAccount: "Drive capacity per local user"
 driveCapacityPerRemoteAccount: "Drive capacity per remote user"
@@ -1298,6 +1298,7 @@ yourNameContainsProhibitedWordsDescription: "If you wish to use this name, pleas
 thisContentsAreMarkedAsSigninRequiredByAuthor: "Set by the author to require login to view"
 lockdown: "Lockdown"
 pleaseSelectAccount: "Select an account"
+availableRoles: "Available roles"
 _accountSettings:
   requireSigninToViewContents: "Require sign-in to view contents"
   requireSigninToViewContentsDescription1: "Require login to view all notes and other content you have created. This will have the effect of preventing crawlers from collecting your information."
@@ -1307,7 +1308,7 @@ _accountSettings:
   makeNotesFollowersOnlyBeforeDescription: "While this feature is enabled, only followers can see notes past the set date and time or have been visible for a set time. When it is deactivated, the note publication status will also be restored."
   makeNotesHiddenBefore: "Make past notes private"
   makeNotesHiddenBeforeDescription: "While this feature is enabled, notes that are past the set date and time or have been visible only to you. When it is deactivated, the note publication status will also be restored."
-  mayNotEffectForFederatedNotes: "Notes federated to a remote server may not be effective."
+  mayNotEffectForFederatedNotes: "Notes federated to a remote server may not be affected."
   notesHavePassedSpecifiedPeriod: "Note that the specified time has passed"
   notesOlderThanSpecifiedDateAndTime: "Notes before the specified date and time"
 _abuseUserReport:
@@ -2223,7 +2224,7 @@ _widgets:
   _userList:
     chooseList: "Select a list"
   clicker: "Clicker"
-  birthdayFollowings: "Users who celebrate their birthday today"
+  birthdayFollowings: "Today's Birthdays"
 _cw:
   hide: "Hide"
   show: "Show content"
@@ -2730,3 +2731,9 @@ _embedCodeGen:
   generateCode: "Generate embed code"
   codeGenerated: "The code has been generated"
   codeGeneratedDescription: "Paste the generated code into your website to embed the content."
+_selfXssPrevention:
+  warning: "WARNING"
+  title: "\"Paste something on this screen\" is all a scam."
+  description1: "If you paste something here, a malicious user could hijack your account or steal your personal information."
+  description2: "If you do not understand exactly what you are trying to paste, %cstop working right now and close this window."
+  description3: "For more information, please refer to this. {link}"

locales/es-ES.yml

@@ -373,7 +373,6 @@ enableLocalTimeline: "Habilitar linea de tiempo local"
 enableGlobalTimeline: "Habilitar linea de tiempo global"
 disablingTimelinesInfo: "Aunque se desactiven estas lineas de tiempo, por conveniencia el administrador y los moderadores pueden seguir usándolos"
 registration: "Registro"
-enableRegistration: "Permitir nuevos registros"
 invite: "Invitar"
 driveCapacityPerLocalAccount: "Capacidad del drive por usuario local"
 driveCapacityPerRemoteAccount: "Capacidad del drive por usuario remoto"

locales/fr-FR.yml

@@ -8,6 +8,9 @@ search: "Rechercher"
 notifications: "Notifications"
 username: "Nom d’utilisateur·rice"
 password: "Mot de passe"
+initialPasswordForSetup: "Mot de passe initial pour la configuration"
+initialPasswordIsIncorrect: "Mot de passe initial pour la configuration est incorrecte"
+initialPasswordForSetupDescription: "Utilisez le mot de passe que vous avez entré pour le fichier de configuration si vous avez installé Misskey vous-même.\nSi vous utilisez un service d'hébergement Misskey, utilisez le mot de passe fourni.\nSi vous n'avez pas défini de mot de passe, laissez le champ vide pour continuer."
 forgotPassword: "Mot de passe oublié"
 fetchingAsApObject: "Récupération depuis le fédiverse …"
 ok: "OK"
@@ -60,6 +63,7 @@ copyFileId: "Copier l'identifiant du fichier"
 copyFolderId: "Copier l'identifiant du dossier"
 copyProfileUrl: "Copier l'URL du profil"
 searchUser: "Chercher un·e utilisateur·rice"
+searchThisUsersNotes: "Cherchez les notes de cet·te utilisateur·rice"
 reply: "Répondre"
 loadMore: "Afficher plus …"
 showMore: "Voir plus"
@@ -108,6 +112,7 @@ enterEmoji: "Insérer un émoji"
 renote: "Renoter"
 unrenote: "Annuler la Renote"
 renoted: "Renoté !"
+renotedToX: "Renoté en {name}"
 cantRenote: "Ce message ne peut pas être renoté."
 cantReRenote: "Impossible de renoter une Renote."
 quote: "Citer"
@@ -151,6 +156,7 @@ editList: "Modifier la liste"
 selectChannel: "Sélectionner un canal"
 selectAntenna: "Sélectionner une antenne"
 editAntenna: "Modifier l'antenne"
+createAntenna: "Créer une antenne"
 selectWidget: "Sélectionner un widget"
 editWidgets: "Modifier les widgets"
 editWidgetsExit: "Valider les modifications"
@@ -177,6 +183,7 @@ addAccount: "Ajouter un compte"
 reloadAccountsList: "Rafraichir la liste des comptes"
 loginFailed: "Échec de la connexion"
 showOnRemote: "Voir sur l’instance distante"
+continueOnRemote: "Continuer sur l'instance distante"
 general: "Général"
 wallpaper: "Fond d’écran"
 setWallpaper: "Définir le fond d’écran"
@@ -187,6 +194,7 @@ followConfirm: "Êtes-vous sûr·e de vouloir suivre {name} ?"
 proxyAccount: "Compte proxy"
 proxyAccountDescription: "Un compte proxy se comporte, dans certaines conditions, comme un·e abonné·e distant·e pour les utilisateurs d'autres instances. Par exemple, quand un·e utilisateur·rice ajoute un·e utilisateur·rice distant·e à une liste, ses notes ne seront pas visibles sur l'instance si personne ne suit cet·te utilisateur·rice. Le compte proxy va donc suivre cet·te utilisateur·rice pour que ses notes soient acheminées."
 host: "Serveur distant"
+selectSelf: "Sélectionner manuellement"
 selectUser: "Sélectionner un·e utilisateur·rice"
 recipient: "Destinataire"
 annotation: "Commentaires"
@@ -320,6 +328,7 @@ renameFolder: "Renommer le dossier"
 deleteFolder: "Supprimer le dossier"
 folder: "Dossier"
 addFile: "Ajouter un fichier"
+showFile: "Voir les fichiers"
 emptyDrive: "Le Disque est vide"
 emptyFolder: "Le dossier est vide"
 unableToDelete: "Suppression impossible"
@@ -362,7 +371,6 @@ enableLocalTimeline: "Activer le fil local"
 enableGlobalTimeline: "Activer le fil global"
 disablingTimelinesInfo: "Même si vous désactivez ces fils, les administrateur·rice·s et les modérateur·rice·s pourront toujours y accéder."
 registration: "S’inscrire"
-enableRegistration: "Autoriser les nouvelles inscriptions"
 invite: "Inviter"
 driveCapacityPerLocalAccount: "Capacité de stockage du Disque par utilisateur local"
 driveCapacityPerRemoteAccount: "Capacité de stockage du Disque par utilisateur distant"
@@ -430,10 +438,11 @@ token: "Jeton"
 2fa: "Authentification à deux facteurs"
 setupOf2fa: "Configuration de l’authentification à deux facteurs"
 totp: "Application d'authentification"
-totpDescription: "Entrez un mot de passe à usage unique à l'aide d'une application d'authentification"
+totpDescription: "Entrer un mot de passe à usage unique à l'aide d'une application d'authentification"
 moderator: "Modérateur·rice·s"
 moderation: "Modérations"
 moderationNote: "Note de modération"
+moderationNoteDescription: "Vous pouvez remplir des notes qui seront partagés seulement entre modérateurs."
 addModerationNote: "Ajouter une note de modération"
 moderationLogs: "Journal de modération"
 nUsersMentioned: "{n} utilisateur·rice·s mentionné·e·s"
@@ -493,6 +502,10 @@ uiLanguage: "Langue d’affichage de l’interface"
 aboutX: "À propos de {x}"
 emojiStyle: "Style des émojis"
 native: "Natif"
+menuStyle: "Style du menu"
+style: "Style"
+drawer: "Sélecteur"
+popup: "Pop-up"
 showNoteActionsOnlyHover: "Afficher les actions de note uniquement au survol"
 showReactionsCount: "Afficher le nombre de réactions des notes"
 noHistory: "Pas d'historique"
@@ -575,6 +588,7 @@ ascendingOrder: "Ascendant"
 descendingOrder: "Descendant"
 scratchpad: "ScratchPad"
 scratchpadDescription: "ScratchPad fournit un environnement expérimental pour AiScript. Vous pouvez vérifier la rédaction de votre code, sa bonne exécution et le résultat de son interaction avec Misskey."
+uiInspector: "Inspecteur UI"
 output: "Sortie"
 script: "Script"
 disablePagesScript: "Désactiver AiScript sur les Pages"
@@ -618,7 +632,7 @@ description: "Description"
 describeFile: "Ajouter une description d'image"
 enterFileDescription: "Saisissez une description"
 author: "Auteur·rice"
-leaveConfirm: "Vous avez des modifications non-sauvegardées. Voulez-vous les ignorer ?"
+leaveConfirm: "Vous avez des modifications non sauvegardées. Voulez-vous les ignorer ?"
 manage: "Gestion"
 plugins: "Extensions"
 preferencesBackups: "Sauvegarder les paramètres"
@@ -828,6 +842,7 @@ administration: "Gestion"
 accounts: "Comptes"
 switch: "Remplacer"
 noMaintainerInformationWarning: "Informations administrateur non configurées."
+noInquiryUrlWarning: "L'URL demandé n'est pas définie"
 noBotProtectionWarning: "La protection contre les bots n'est pas configurée."
 configure: "Configurer"
 postToGallery: "Publier dans la galerie"
@@ -892,6 +907,7 @@ followersVisibility: "Visibilité des abonnés"
 continueThread: "Afficher la suite du fil"
 deleteAccountConfirm: "Votre compte sera supprimé. Êtes vous certain ?"
 incorrectPassword: "Le mot de passe est incorrect."
+incorrectTotp: "Le mot de passe à usage unique est incorrect ou a expiré."
 voteConfirm: "Confirmez-vous votre vote pour « {choice} » ?"
 hide: "Masquer"
 useDrawerReactionPickerForMobile: "Afficher le sélecteur de réactions en tant que panneau sur mobile"
@@ -916,6 +932,9 @@ oneHour: "1 heure"
 oneDay: "1 jour"
 oneWeek: "1 semaine"
 oneMonth: "Un mois"
+threeMonths: "3 mois"
+oneYear: "1 an"
+threeDays: "3 jours"
 reflectMayTakeTime: "Cela peut prendre un certain temps avant que cela ne se termine."
 failedToFetchAccountInformation: "Impossible de récupérer les informations du compte."
 rateLimitExceeded: "Limite de taux dépassée"
@@ -923,7 +942,7 @@ cropImage: "Recadrer l'image"
 cropImageAsk: "Voulez-vous recadrer cette image ?"
 cropYes: "Rogner"
 cropNo: "Utiliser en l'état"
-file: "Fichiers"
+file: "Fichier"
 recentNHours: "Dernières {n} heures"
 recentNDays: "Derniers {n} jours"
 noEmailServerWarning: "Serveur de courrier non configuré."
@@ -1055,6 +1074,7 @@ retryAllQueuesConfirmTitle: "Vraiment réessayer ?"
 retryAllQueuesConfirmText: "Cela peut augmenter temporairement la charge du serveur."
 enableChartsForRemoteUser: "Générer les graphiques pour les utilisateurs distants"
 enableChartsForFederatedInstances: "Générer les graphiques pour les instances distantes"
+enableStatsForFederatedInstances: "Recevoir les statistiques des instances distantes"
 showClipButtonInNoteFooter: "Ajouter « Clip » au menu d'action de la note"
 reactionsDisplaySize: "Taille de l'affichage des réactions"
 limitWidthOfReaction: "Limiter la largeur maximale des réactions et les afficher en taille réduite"
@@ -1102,6 +1122,8 @@ preventAiLearning: "Refuser l'usage dans l'apprentissage automatique d'IA géné
 preventAiLearningDescription: "Demander aux robots d'indexation de ne pas utiliser le contenu publié, tel que les notes et les images, dans l'apprentissage automatique d'IA générative. Cela est réalisé en incluant le drapeau « noai » dans la réponse HTML. Une prévention complète n'est toutefois pas possible, car il est au robot d'indexation de respecter cette demande."
 options: "Options"
 specifyUser: "Spécifier l'utilisateur·rice"
+openTagPageConfirm: "Ouvrir une page d'hashtags ?"
+specifyHost: "Spécifier un serveur distant"
 failedToPreviewUrl: "Aperçu d'URL échoué"
 update: "Mettre à jour"
 rolesThatCanBeUsedThisEmojiAsReaction: "Rôles qui peuvent utiliser cet émoji comme réaction"
@@ -1222,13 +1244,55 @@ enableHorizontalSwipe: "Glisser pour changer d'onglet"
 loading: "Chargement en cours"
 surrender: "Annuler"
 gameRetry: "Réessayer"
+notUsePleaseLeaveBlank: "Laisser vide si non utilisé"
+useTotp: "Entrer un mot de passe à usage unique"
+useBackupCode: "Utiliser le codes de secours"
 launchApp: "Lancer l'app"
+useNativeUIForVideoAudioPlayer: "Lire les vidéos et audios en utilisant l'UI du navigateur"
+keepOriginalFilename: "Garder le nom original du fichier"
+keepOriginalFilenameDescription: "Si vous désactivez ce paramètre, les noms de fichiers seront automatiquement remplacés par des noms aléatoires lorsque vous téléchargerez des fichiers."
+noDescription: "Il n'y a pas de description"
+alwaysConfirmFollow: "Confirmer lors d'un abonnement"
 inquiry: "Contact"
+tryAgain: "Veuillez réessayer plus tard"
+confirmWhenRevealingSensitiveMedia: "Confirmer pour révéler du contenu sensible"
+sensitiveMediaRevealConfirm: "Ceci pourrait être du contenu sensible. Voulez-vous l'afficher ?"
+createdLists: "Listes créées"
+createdAntennas: "Antennes créées"
+fromX: "De {x}"
+genEmbedCode: "Générer le code d'intégration"
+noteOfThisUser: "Notes de cet·te utilisateur·rice"
+clipNoteLimitExceeded: "Aucune note supplémentaire ne peut être ajoutée à ce clip."
+performance: "Performance"
+modified: "Modifié"
+discard: "Annuler"
+thereAreNChanges: "Il y a {n} modification(s)"
+signinWithPasskey: "Se connecter avec une clé d'accès"
+unknownWebAuthnKey: "Clé d'accès inconnue."
+passkeyVerificationFailed: "La vérification de la clé d'accès a échoué."
+passkeyVerificationSucceededButPasswordlessLoginDisabled: "La vérification de la clé d'accès a réussi, mais la connexion sans mot de passe est désactivée."
+messageToFollower: "Message aux abonné·es"
+target: "Destinataire"
+prohibitedWordsForNameOfUser: "Mots interdits pour les noms d'utilisateur·rices"
+lockdown: "Verrouiller"
+pleaseSelectAccount: "Sélectionner un compte"
+availableRoles: "Rôles disponibles"
+_abuseUserReport:
+  forward: "Transférer"
+  forwardDescription: "Transférer le signalement vers une instance distante en tant qu'anonyme."
+  resolve: "Résoudre"
+  accept: "Accepter"
+  reject: "Rejeter"
+  resolveTutorial: "Si le signalement est légitime dans son contenu, sélectionnez « Accepter » pour marquer le cas comme résolu par l'affirmative.\nSi le contenu du rapport n'est pas légitime, sélectionnez « Rejeter » pour marquer le cas comme résolu par la négative."
 _delivery:
   status: "Statut de la diffusion"
   stop: "Suspendu·e"
+  resume: "Reprendre"
   _type:
     none: "Publié"
+    manuallySuspended: "Suspendre manuellement"
+    goneSuspended: "L'instance est suspendue en raison de la suppression de ce dernier"
+    autoSuspendedForNotResponding: "L'instance est suspendue car elle ne répond pas"
 _bubbleGame:
   howToPlay: "Comment jouer"
   hold: "Réserver"
@@ -1239,6 +1303,7 @@ _bubbleGame:
     maxChain: "Nombre maximum de chaînes"
     yen: "{yen} yens"
     estimatedQty: "{qty} pièces"
+    scoreSweets: "{onigiriQtyWithUnit} Onigiri(s)"
 _announcement:
   forExistingUsers: "Pour les utilisateurs existants seulement"
   needConfirmationToRead: "Exiger la confirmation de la lecture"
@@ -1258,6 +1323,7 @@ _initialAccountSetting:
   profileSetting: "Paramètres du profil"
   privacySetting: "Paramètres de confidentialité"
   initialAccountSettingCompleted: "Configuration du profil terminée avec succès !"
+  haveFun: "Profitez de {name} !"
   youCanContinueTutorial: "Vous pouvez procéder au tutoriel sur l'utilisation de {name}(Misskey) ou vous arrêter ici et commencer à l'utiliser immédiatement."
   startTutorial: "Démarrer le tutoriel"
   skipAreYouSure: "Désirez-vous ignorer la configuration du profil ?"
@@ -1351,18 +1417,60 @@ _achievements:
       flavor: "Passez un bon moment avec Misskey !"
     _notes10:
       title: "Quelques notes"
+      description: "Poster 10 notes"
     _notes100:
       title: "Beaucoup de notes"
+      description: "Poster 100 notes"
+    _notes500:
+      title: "Couvert de notes"
+      description: "Poster 500 notes"
+    _notes1000:
+      title: "Une montagne de notes"
+      description: "Poster 1000 notes"
+    _notes5000:
+      title: "Débordement de notes"
+      description: "Poster 5 000 notes"
+    _notes10000:
+      title: "Super note"
+      description: "Poster 10 000 notes"
+    _notes20000:
+      title: "Encore... plus... de... notes..."
+      description: "Poster 20 000 notes"
+    _notes30000:
+      title: "Notes notes notes !"
+      description: "Poster 30 000 notes"
+    _notes40000:
+      title: "Usine de notes"
+      description: "Poster 40 000 notes"
+    _notes50000:
+      title: "Planète des notes"
+      description: "Poster 50 000 notes"
+    _notes60000:
+      title: "Quasar de note"
+      description: "Poster 50 000 notes"
+    _notes70000:
+      title: "Trou noir de notes"
+      description: "Poster 70 000 notes"
+    _notes80000:
+      title: "Galaxie de notes"
+      description: "Poster 80 000 notes"
+    _notes90000:
+      title: "Univers de notes"
+      description: "Poster 90 000 notes"
     _notes100000:
       title: "ALL YOUR NOTE ARE BELONG TO US"
+      description: "Poster 100 000 notes"
+      flavor: "Avez-vous tant de choses à dire ?"
     _login3:
-      title: "Débutant Ⅰ"
+      title: "Débutant I"
       description: "Se connecter pour un total de 3 jours"
+      flavor: "Dès maintenant, appelez-moi Misskeynaute"
     _login7:
-      title: "Débutant Ⅱ"
+      title: "Débutant II"
       description: "Se connecter pour un total de 7 jours"
+      flavor: "On s'habitue ?"
     _login15:
-      title: "Débutant Ⅲ"
+      title: "Débutant III"
       description: "Se connecter pour un total de 15 jours"
     _login30:
       title: "Misskeynaute I"
@@ -1386,6 +1494,7 @@ _achievements:
     _login500:
       title: "Expert I"
       description: "Se connecter pour un total de 500 jours"
+      flavor: "Non, mes amis, j'aime les notes"
     _login600:
       title: "Expert II"
       description: "Se connecter pour un total de 600 jours"
@@ -1393,11 +1502,18 @@ _achievements:
       title: "Expert III"
       description: "Se connecter pour un total de 700 jours"
     _login800:
+      title: "Maître des notes I"
       description: "Se connecter pour un total de 800 jours"
     _login900:
+      title: "Maître des notes II"
       description: "Se connecter pour un total de 900 jours"
     _login1000:
+      title: "Maître des notes III"
+      description: "Se connecter pour un total de 1 000 jours"
       flavor: "Merci d'utiliser Misskey !"
+    _noteClipped1:
+      title: "Je... dois... clip..."
+      description: "Ajouter sa première note aux clips"
     _profileFilled:
       title: "Bien préparé"
       description: "Configuration de votre profil"
@@ -1456,21 +1572,31 @@ _achievements:
     _driveFolderCircularReference:
       title: "Référence circulaire"
     _setNameToSyuilo:
+      title: "Complexe de dieu"
       description: "Vous avez spécifié « syuilo » comme nom"
     _passedSinceAccountCreated1:
       title: "Premier anniversaire"
+      description: "Un an est passé depuis la création du compte"
     _passedSinceAccountCreated2:
       title: "Second anniversaire"
+      description: "Deux ans sont passés depuis la création du compte"
     _passedSinceAccountCreated3:
       title: "3ème anniversaire"
+      description: "Trois ans sont passés depuis la création du compte"
     _loggedInOnBirthday:
       title: "Joyeux Anniversaire !"
       description: "Vous vous êtes connecté à la date de votre anniversaire"
     _loggedInOnNewYearsDay:
       title: "Bonne année !"
+      description: "Vous vous êtes connecté le premier jour de l'année"
+      flavor: "Merci pour le soutient continue sur cette instance."
     _cookieClicked:
+      title: "Jeu de clic sur des cookies"
+      description: "Cliqué sur un cookie"
       flavor: "Attendez une minute, vous êtes sur le mauvais site web ?"
     _brainDiver:
+      title: "Brain Diver"
+      description: "Poster le lien sur Brain Diver"
       flavor: "Misskey-Misskey La-Tu-Ma"
     _smashTestNotificationButton:
       title: "Débordement de tests"
@@ -1478,6 +1604,11 @@ _achievements:
     _tutorialCompleted:
       title: "Diplôme de la course élémentaire de Misskey"
       description: "Terminer le tutoriel"
+    _bubbleGameExplodingHead:
+      title: "🤯"
+      description: "Le plus gros objet du jeu de bulles"
+    _bubbleGameDoubleExplodingHead:
+      title: "Double🤯"
 _role:
   new: "Nouveau rôle"
   edit: "Modifier le rôle"
@@ -1508,9 +1639,11 @@ _role:
     canManageCustomEmojis: "Gestion des émojis personnalisés"
     canManageAvatarDecorations: "Gestion des décorations d'avatar"
     driveCapacity: "Capacité de stockage du Disque"
+    antennaMax: "Nombre maximum d'antennes"
     wordMuteMax: "Nombre maximal de caractères dans le filtre de mots"
     canUseTranslator: "Usage de la fonctionnalité de traduction"
     avatarDecorationLimit: "Nombre maximal de décorations d'avatar"
+    canImportAntennas: "Autoriser l'importation d'antennes"
 _sensitiveMediaDetection:
   description: "L'apprentissage automatique peut être utilisé pour détecter automatiquement les médias sensibles à modérer. La sollicitation des serveurs augmente légèrement."
   sensitivity: "Sensibilité de la détection"
@@ -1793,6 +1926,29 @@ _permissions:
   "write:gallery": "Éditer la galerie"
   "read:gallery-likes": "Voir les mentions « J'aime » dans la galerie"
   "write:gallery-likes": "Gérer les mentions « J'aime » dans la galerie"
+  "read:flash": "Voir le Play"
+  "write:flash": "Modifier le Play"
+  "read:flash-likes": "Lire vos mentions j'aime des Play"
+  "write:flash-likes": "Modifier vos mentions j'aime des Play"
+  "read:admin:abuse-user-reports": "Voir les utilisateurs signalés"
+  "write:admin:delete-account": "Supprimer le compte d'utilisateur"
+  "write:admin:delete-all-files-of-a-user": "Supprimer tous les fichiers d'un utilisateur"
+  "read:admin:index-stats": "Voir les statistiques sur les index de base de données"
+  "read:admin:table-stats": "Voir les statistiques sur les index de base de données"
+  "read:admin:user-ips": "Voir l'adresse IP de l'utilisateur"
+  "read:admin:meta": "Voir les métadonnées de l'instance"
+  "write:admin:reset-password": "Réinitialiser le mot de passe de l'utilisateur"
+  "write:admin:resolve-abuse-user-report": "Résoudre le signalement d'un utilisateur"
+  "write:admin:send-email": "Envoyer un mail"
+  "read:admin:server-info": "Voir les informations de l'instance"
+  "read:admin:show-moderation-log": "Voir les logs de modération"
+  "read:admin:show-user": "Voir les informations privées de l'utilisateur"
+  "write:admin:suspend-user": "Suspendre l'utilisateur"
+  "write:admin:unset-user-avatar": "Retirer l'avatar de l'utilisateur"
+  "write:admin:unset-user-banner": "Retirer la bannière de l'utilisateur"
+  "write:admin:unsuspend-user": "Lever la suspension d'un utilisateur"
+  "write:admin:meta": "Gérer les métadonnées de l'instance"
+  "write:admin:roles": "Gérer les rôles"
 _auth:
   shareAccess: "Autoriser \"{name}\" à accéder à votre compte ?"
   shareAccessAsk: "Voulez-vous vraiment autoriser cette application à accéder à votre compte?"
@@ -1944,7 +2100,16 @@ _timelines:
   social: "Social"
   global: "Global"
 _play:
+  new: "Créer un Play"
+  edit: "Modifier un Play"
+  created: "Play créé"
+  updated: "Play édité"
+  deleted: "Play supprimé"
+  pageSetting: "Configuration du Play"
+  editThisPage: "Modifier ce Play"
   viewSource: "Afficher la source"
+  my: "Mes Play"
+  liked: "Play aimés"
   featured: "Populaire"
   title: "Titre"
   script: "Script"
@@ -2018,10 +2183,13 @@ _notification:
   achievementEarned: "Accomplissement déverrouillé"
   testNotification: "Tester la notification"
   reactedBySomeUsers: "{n} utilisateur·rice·s ont réagi"
+  likedBySomeUsers: "{n} utilisateurs ont aimé votre note"
   renotedBySomeUsers: "{n} utilisateur·rice·s ont renoté"
   followedBySomeUsers: "{n} utilisateur·rice·s se sont abonné·e·s à vous"
+  login: "Quelqu'un s'est connecté"
   _types:
     all: "Toutes"
+    note: "Nouvelles notes"
     follow: "Nouvel·le abonné·e"
     mention: "Mentions"
     reply: "Réponses"
@@ -2071,11 +2239,14 @@ _drivecleaner:
   orderByCreatedAtAsc: "Date d'ajout ascendante"
 _webhookSettings:
   name: "Nom"
+  secret: "Secret"
+  trigger: "Activateur"
   active: "Activé"
 _abuseReport:
   _notificationRecipient:
     _recipientType:
       mail: "E-mail "
+    keywords: "Mots clés "
 _moderationLogTypes:
   createRole: "Rôle créé"
   deleteRole: "Rôle supprimé"
@@ -2112,6 +2283,7 @@ _moderationLogTypes:
   deleteAvatarDecoration: "Décoration d'avatar supprimée"
   unsetUserAvatar: "Supprimer l'avatar de l'utilisateur·rice"
   unsetUserBanner: "Supprimer la bannière de l'utilisateur·rice"
+  deleteFlash: "Supprimer le Play"
 _fileViewer:
   title: "Détails du fichier"
   type: "Type du fichier"
@@ -2175,5 +2347,20 @@ _dataSaver:
     title: "Mise en évidence du code"
     description: "Si la notation de mise en évidence du code est utilisée, par exemple dans la MFM, elle ne sera pas chargée tant qu'elle n'aura pas été tapée. La mise en évidence du code nécessite le chargement du fichier de définition de chaque langue à mettre en évidence, mais comme ces fichiers ne sont plus chargés automatiquement, on peut s'attendre à une réduction du trafic de données."
 _reversi:
+  reversi: "Reversi"
+  blackIs: "{name} joue les noirs"
+  rules: "Règles"
   waitingBoth: "Préparez-vous"
+  myTurn: "C’est votre tour"
+  turnOf: "C'est le tour de {name}"
+  pastTurnOf: "Tour de {name}"
+  surrender: "Se rendre"
+  surrendered: "Par abandon"
   total: "Total"
+  playing: "En cours"
+  lookingForPlayer: "Recherche d'adversaire"
+_mediaControls:
+  playbackRate: "Vitesse de lecture"
+_embedCodeGen:
+  title: "Personnaliser le code d'intégration"
+  generateCode: "Générer le code d'intégration"

locales/id-ID.yml

@@ -375,7 +375,6 @@ enableLocalTimeline: "Nyalakan lini masa lokal"
 enableGlobalTimeline: "Nyalakan lini masa global"
 disablingTimelinesInfo: "Admin dan Moderator akan selalu memiliki akses ke semua lini masa meskipun lini masa tersebut tidak diaktifkan."
 registration: "Pendaftaran"
-enableRegistration: "Nyalakan pendaftaran pengguna baru"
 invite: "Undang"
 driveCapacityPerLocalAccount: "Kapasitas drive per pengguna lokal"
 driveCapacityPerRemoteAccount: "Kapasitas drive per pengguna remote"

locales/index.d.ts

@@ -1546,10 +1546,6 @@ export interface Locale extends ILocale {
      * 登録
      */
     "registration": string;
-    /**
-     * 誰でも新規登録できるようにする
-     */
-    "enableRegistration": string;
     /**
      * 招待
      */
@@ -2366,6 +2362,10 @@ export interface Locale extends ILocale {
      * 詳細
      */
     "details": string;
+    /**
+     * リノートの詳細
+     */
+    "renoteDetails": string;
     /**
      * 絵文字を選択
      */
@@ -5218,6 +5218,10 @@ export interface Locale extends ILocale {
      * 利用可能なロール
      */
     "availableRoles": string;
+    /**
+     * 注意事項を理解した上でオンにします。
+     */
+    "acknowledgeNotesAndEnable": string;
     "_accountSettings": {
         /**
          * コンテンツの表示にログインを必須にする
@@ -5794,6 +5798,14 @@ export interface Locale extends ILocale {
          * サーバー運営者へのお問い合わせフォームのURLや、運営者の連絡先等が記載されたWebページのURLを指定します。
          */
         "inquiryUrlDescription": string;
+        /**
+         * アカウントの作成をオープンにする
+         */
+        "openRegistration": string;
+        /**
+         * 登録を開放することはリスクが伴います。サーバーを常に監視し、トラブルが発生した際にすぐに対応できる体制がある場合のみオンにすることを推奨します。
+         */
+        "openRegistrationWarning": string;
         /**
          * 一定期間モデレーターのアクティビティが検出されなかった場合、スパム防止のためこの設定は自動でオフになります。
          */
@@ -10579,6 +10591,16 @@ export interface Locale extends ILocale {
          */
         "description3": ParameterizedString<"link">;
     };
+    "_followRequest": {
+        /**
+         * 受け取った申請
+         */
+        "recieved": string;
+        /**
+         * 送った申請
+         */
+        "sent": string;
+    };
 }
 declare const locales: {
     [lang: string]: Locale;

locales/it-IT.yml

@@ -382,7 +382,6 @@ enableLocalTimeline: "Abilita la timeline locale"
 enableGlobalTimeline: "Abilita la timeline federata"
 disablingTimelinesInfo: "Anche disabilitandole, gli Amministratori e i Moderatori potranno comunque accedervi."
 registration: "Iscriviti"
-enableRegistration: "Consenti a chiunque di registrarsi"
 invite: "Invita"
 driveCapacityPerLocalAccount: "Capienza del Drive per profilo locale"
 driveCapacityPerRemoteAccount: "Capienza del Drive per profilo remoto"

locales/ja-JP.yml

@@ -382,7 +382,6 @@ enableLocalTimeline: "ローカルタイムラインを有効にする"
 enableGlobalTimeline: "グローバルタイムラインを有効にする"
 disablingTimelinesInfo: "これらのタイムラインを無効化しても、利便性のため管理者およびモデレーターは引き続き利用することができます。"
 registration: "登録"
-enableRegistration: "誰でも新規登録できるようにする"
 invite: "招待"
 driveCapacityPerLocalAccount: "ローカルユーザーひとりあたりのドライブ容量"
 driveCapacityPerRemoteAccount: "リモートユーザーひとりあたりのドライブ容量"
@@ -587,6 +586,7 @@ masterVolume: "マスター音量"
 notUseSound: "サウンドを出力しない"
 useSoundOnlyWhenActive: "Misskeyがアクティブな時のみサウンドを出力する"
 details: "詳細"
+renoteDetails: "リノートの詳細"
 chooseEmoji: "絵文字を選択"
 unableToProcess: "操作を完了できません"
 recentUsed: "最近使用"
@@ -1300,6 +1300,7 @@ thisContentsAreMarkedAsSigninRequiredByAuthor: "投稿者により、表示に
 lockdown: "ロックダウン"
 pleaseSelectAccount: "アカウントを選択してください"
 availableRoles: "利用可能なロール"
+acknowledgeNotesAndEnable: "注意事項を理解した上でオンにします。"
 
 _accountSettings:
   requireSigninToViewContents: "コンテンツの表示にログインを必須にする"
@@ -1466,6 +1467,8 @@ _serverSettings:
   reactionsBufferingDescription: "有効にすると、リアクション作成時のパフォーマンスが大幅に向上し、データベースへの負荷を軽減することが可能です。ただし、Redisのメモリ使用量は増加します。"
   inquiryUrl: "問い合わせ先URL"
   inquiryUrlDescription: "サーバー運営者へのお問い合わせフォームのURLや、運営者の連絡先等が記載されたWebページのURLを指定します。"
+  openRegistration: "アカウントの作成をオープンにする"
+  openRegistrationWarning: "登録を開放することはリスクが伴います。サーバーを常に監視し、トラブルが発生した際にすぐに対応できる体制がある場合のみオンにすることを推奨します。"
   thisSettingWillAutomaticallyOffWhenModeratorsInactive: "一定期間モデレーターのアクティビティが検出されなかった場合、スパム防止のためこの設定は自動でオフになります。"
 
 _accountMigration:
@@ -2819,3 +2822,7 @@ _selfXssPrevention:
   description1: "ここに何かを貼り付けると、悪意のあるユーザーにアカウントを乗っ取られたり、個人情報を盗まれたりする可能性があります。"
   description2: "貼り付けようとしているものが何なのかを正確に理解していない場合は、%c今すぐ作業を中止してこのウィンドウを閉じてください。"
   description3: "詳しくはこちらをご確認ください。 {link}"
+
+_followRequest:
+  recieved: "受け取った申請"
+  sent: "送った申請"

locales/ja-KS.yml

@@ -382,7 +382,6 @@ enableLocalTimeline: "ローカルタイムラインを使えるようにする
 enableGlobalTimeline: "グローバルタイムラインを使えるようにするわ"
 disablingTimelinesInfo: "ここらへんのタイムラインを使えんようにしてしもても、管理者とモデレーターは使えるままになってるで、そうやなかったら不便やからな。"
 registration: "登録"
-enableRegistration: "一見さんでも誰でもいらっしゃ～い"
 invite: "来てや"
 driveCapacityPerLocalAccount: "ローカルユーザーはんひとりあたりのドライブ容量"
 driveCapacityPerRemoteAccount: "リモートユーザーはんひとりあたりのドライブ容量"

locales/ko-GS.yml

@@ -356,7 +356,6 @@ enableLocalTimeline: "로컬 타임라인 키기"
 enableGlobalTimeline: "글로벌 타임라인 키기"
 disablingTimelinesInfo: "요 타임라인얼 꺼도 간리자하고 중재자넌 고대로 설 수 잇십니다."
 registration: "맨걸기"
-enableRegistration: "누라도 새로 맨걸 수 잇거로 하기"
 invite: "초대하기"
 driveCapacityPerLocalAccount: "로컬 사용자 하나마중 드라이브 커기"
 driveCapacityPerRemoteAccount: "웬겍 사용자 하나마중 드라이브 커기"

locales/ko-KR.yml

@@ -42,7 +42,7 @@ favorite: "즐겨찾기"
 favorites: "즐겨찾기"
 unfavorite: "즐겨찾기에서 제거"
 favorited: "즐겨찾기에 등록했습니다."
-alreadyFavorited: "이미 즐겨찾기에 등록했습니다."
+alreadyFavorited: "이미 즐겨찾기에 등록되어 있습니다."
 cantFavorite: "즐겨찾기에 등록하지 못했습니다."
 pin: "프로필에 고정"
 unpin: "프로필에서 고정 해제"
@@ -382,7 +382,6 @@ enableLocalTimeline: "로컬 타임라인 활성화"
 enableGlobalTimeline: "글로벌 타임라인 활성화"
 disablingTimelinesInfo: "특정 타임라인을 비활성화하더라도 관리자 및 모더레이터는 계속 사용할 수 있습니다."
 registration: "등록"
-enableRegistration: "신규 회원가입을 활성화"
 invite: "초대"
 driveCapacityPerLocalAccount: "로컬 유저 한 명당 드라이브 용량"
 driveCapacityPerRemoteAccount: "원격 사용자별 드라이브 용량"
@@ -947,6 +946,9 @@ oneHour: "1시간"
 oneDay: "1일"
 oneWeek: "일주일"
 oneMonth: "1개월"
+threeMonths: "3개월"
+oneYear: "1년"
+threeDays: "3일"
 reflectMayTakeTime: "반영되기까지 시간이 걸릴 수 있습니다."
 failedToFetchAccountInformation: "계정 정보를 가져오지 못했습니다"
 rateLimitExceeded: "요청 제한 횟수를 초과하였습니다"
@@ -1254,7 +1256,7 @@ lastNDays: "최근 {n}일"
 backToTitle: "타이틀로 가기"
 hemisphere: "거주 지역"
 withSensitive: "민감한 파일이 포함된 노트 보기"
-userSaysSomethingSensitive: "{name} 같은 민감한 파일이 포함된 글"
+userSaysSomethingSensitive: "{name}의 민감한 파일이 포함된 게시물"
 enableHorizontalSwipe: "스와이프하여 탭 전환"
 loading: "불러오는 중"
 surrender: "그만두기"
@@ -1286,13 +1288,29 @@ signinWithPasskey: "패스키로 로그인"
 unknownWebAuthnKey: "등록되지 않은 패스키입니다."
 passkeyVerificationFailed: "패스키 검증을 실패했습니다."
 passkeyVerificationSucceededButPasswordlessLoginDisabled: "패스키를 검증했으나, 비밀번호 없이 로그인하기가 꺼져 있습니다."
-messageToFollower: "팔로워에 보낼 메시지"
+messageToFollower: "팔로워에게 보낼 메시지"
 target: "대상"
 testCaptchaWarning: "CAPTCHA를 테스트하기 위한 기능입니다. <strong>실제 환경에서는 사용하지 마세요.</strong>"
 prohibitedWordsForNameOfUser: "금지 단어 (사용자 이름)"
 prohibitedWordsForNameOfUserDescription: "이 목록에 포함되는 키워드가 사용자 이름에 있는 경우, 일반 사용자는 이름을 바꿀 수 없습니다. 모더레이터 권한을 가진 사용자는 제한 대상에서 제외됩니다."
 yourNameContainsProhibitedWords: "바꾸려는 이름에 금지된 키워드가 포함되어 있습니다."
 yourNameContainsProhibitedWordsDescription: "이름에 금지된 키워드가 있습니다. 이름을 사용해야 하는 경우, 서버 관리자에 문의하세요."
+thisContentsAreMarkedAsSigninRequiredByAuthor: "게시자에 의해 로그인해야 볼 수 있도록 설정되어 있습니다."
+lockdown: "잠금"
+pleaseSelectAccount: "계정을 선택해주세요."
+availableRoles: "사용 가능한 역할"
+_accountSettings:
+  requireSigninToViewContents: "콘텐츠 열람을 위해 로그인으 필수로 설정하기"
+  requireSigninToViewContentsDescription1: "자신이 작성한 모든 노트 등의 콘텐츠를 보기 위해 로그인을 필수로 설정합니다. 크롤러가 정보 수집하는 것을 방지하는 효과를 기대할 수 있습니다."
+  requireSigninToViewContentsDescription2: "URL 미리보기(OGP), 웹페이지에 삽입, 노트 인용을 지원하지 않는 서버에서 볼 수 없게 됩니다."
+  requireSigninToViewContentsDescription3: "원격 서버에 연합된 콘텐츠에는 이러한 제한이 적용되지 않을 수 있습니다."
+  makeNotesFollowersOnlyBefore: "과거 노트는 팔로워만 볼 수 있도록 설정하기"
+  makeNotesFollowersOnlyBeforeDescription: "이 기능이 활성화되어 있는 동안, 설정된 날짜 및 시간보다 과거 또는 설정된 시간이 지난 노트는 팔로워만 볼 수 있게 됩니다.비활성화하면 노트의 공개 상태도 원래대로 돌아갑니다."
+  makeNotesHiddenBefore: "과거 노트 비공개로 전환하기"
+  makeNotesHiddenBeforeDescription: "이 기능이 활성화되어 있는 동안 설정한 날짜 및 시간보다 과거 또는 설정한 시간이 지난 노트는 본인만 볼 수 있게(비공개로 전환) 됩니다. 비활성화하면 노트의 공개 상태도 원래대로 돌아갑니다."
+  mayNotEffectForFederatedNotes: "원격 서버에 연합된 노트에는 효과가 없을 수도 있습니다."
+  notesHavePassedSpecifiedPeriod: "지정한 시간이 경과된 노트"
+  notesOlderThanSpecifiedDateAndTime: "지정된 날짜 및 시간 이전의 노트"
 _abuseUserReport:
   forward: "전달"
   forwardDescription: "익명 시스템 계정을 사용하여 리모트 서버에 신고 내용을 전달할 수 있습니다."
@@ -2157,8 +2175,11 @@ _auth:
   permissionAsk: "이 앱은 다음의 권한을 요청합니다"
   pleaseGoBack: "앱으로 돌아가서 시도해 주세요"
   callback: "앱으로 돌아갑니다"
+  accepted: "접근 권한이 부여되었습니다."
   denied: "접근이 거부되었습니다"
+  scopeUser: "다음 사용자로 활동하고 있습니다."
   pleaseLogin: "어플리케이션의 접근을 허가하려면 로그인하십시오."
+  byClickingYouWillBeRedirectedToThisUrl: "접근을 허용하면 자동으로 다음 URL로 이동합니다."
 _antennaSources:
   all: "모든 노트"
   homeTimeline: "팔로우중인 유저의 노트"
@@ -2710,3 +2731,9 @@ _embedCodeGen:
   generateCode: "임베디드 코드를 만들기"
   codeGenerated: "코드를 만들었습니다."
   codeGeneratedDescription: "만들어진 코드를 웹 사이트에 붙여서 사용하세요."
+_selfXssPrevention:
+  warning: "경고"
+  title: "“이 화면에 뭔가를 붙여넣어라\"는 것은 모두 사기입니다."
+  description1: "여기에 무언가를 붙여넣으면 악의적인 사용자에게 계정을 탈취당하거나 개인정보를 도용당할 수 있습니다."
+  description2: "붙여 넣으려는 항목이 무엇인지 정확히 이해하지 못하는 경우, %c지금 바로 작업을 중단하고 이 창을 닫으십시오."
+  description3: "자세한 내용은 여기를 확인해 주세요.  {link}"

locales/lo-LA.yml

@@ -299,7 +299,6 @@ enableLocalTimeline: "ເປີດໃຊ້ທາມລາຍທ້ອງຖິ
 enableGlobalTimeline: "ເປີດໃຊ້ທາມລາຍທົ່ວໂລກ"
 disablingTimelinesInfo: "ຜູ້ດູແລລະບບແລະຜູ້ຄວບຄຸມຈະສາມາດເຂົ້າເຖີງໄທມ໌ໄລນ໌ທັ້ງເບີດ ເຖີງວ່າຈະບໍ່ໄດ້ເປີດໃຊ້ງານກໍ່ຕາມ"
 registration: "ລົງທະບຽນ"
-enableRegistration: "ເປີດໃຊ້ການລົງທະບຽນຜູ້ໃຊ້ໃໝ່"
 invite: "ເຊີນ"
 driveCapacityPerLocalAccount: "ຄວາມຈຸຂອງ drive ຕໍ່ຜູ້ໃຊ້ທ້ອງຖິ່ນ"
 driveCapacityPerRemoteAccount: "ຄວາມຈຸຂອງ drive ຕໍ່ຜູ້ໃຊ້ໄລຍະໄກ"

locales/nl-NL.yml

@@ -333,7 +333,6 @@ enableLocalTimeline: "Inschakelen lokale tijdlijn"
 enableGlobalTimeline: "Inschakelen globale tijdlijn "
 disablingTimelinesInfo: "Beheerders en moderators hebben altijd toegang tot alle tijdlijnen, ook als ze niet actief zijn."
 registration: "Registreren"
-enableRegistration: "Inschakelen registratie nieuwe gebruikers "
 invite: "Uitnodigen"
 driveCapacityPerLocalAccount: "Opslagruimte per lokale gebruiker"
 driveCapacityPerRemoteAccount: "Opslagruimte per externe gebruiker"

locales/no-NO.yml

@@ -260,7 +260,6 @@ enableLocalTimeline: "Aktiver lokal tidslinje"
 enableGlobalTimeline: "Aktiver global tidslinje"
 disablingTimelinesInfo: "Administratorer og Moderatorer vil alltid ha tilgang til alle tidslinjer, selv om de ikke er aktivert."
 registration: "Registrer"
-enableRegistration: "Aktiver registrering av nye brukere"
 invite: "Inviter"
 basicInfo: "Grunnleggende informasjon"
 pinnedUsers: "Festede brukrere"

locales/pl-PL.yml

@@ -362,7 +362,6 @@ enableLocalTimeline: "Włącz lokalną oś czasu"
 enableGlobalTimeline: "Włącz globalną oś czasu"
 disablingTimelinesInfo: "Administratorzy i moderatorzy będą zawsze mieć dostęp do wszystkich osi czasu, nawet gdy są one wyłączone."
 registration: "Zarejestruj się"
-enableRegistration: "Włącz rejestrację nowych użytkowników"
 invite: "Zaproś"
 driveCapacityPerLocalAccount: "Powierzchnia dyskowa na lokalnego użytkownika"
 driveCapacityPerRemoteAccount: "Powierzchnia dyskowa na zdalnego użytkownika"
@@ -492,6 +491,10 @@ uiLanguage: "Język wyświetlania UI"
 aboutX: "O {x}"
 emojiStyle: "Styl emoji"
 native: "Natywny"
+menuStyle: "Styl Menu"
+style: "Styl"
+drawer: "Schowek"
+popup: "Wyskakujące okienka"
 showNoteActionsOnlyHover: "Pokazuj akcje notatek tylko po najechaniu myszką"
 showReactionsCount: "Wyświetl liczbę reakcji na notatkę"
 noHistory: "Brak historii"
@@ -574,6 +577,7 @@ ascendingOrder: "Rosnąco"
 descendingOrder: "Malejąco"
 scratchpad: "Brudnopis"
 scratchpadDescription: "Brudnopis zawiera eksperymentalne środowisko dla AiScript. Możesz pisać, wykonywać i sprawdzać wyniki w interakcji z Misskey."
+uiInspector: "Inspektor UI"
 output: "Wyjście"
 script: "Skrypt"
 disablePagesScript: "Wyłącz AiScript na Stronach"
@@ -654,6 +658,7 @@ smtpSecure: "Użyj niejawnego SSL/TLS dla połączeń SMTP"
 smtpSecureInfo: "Wyłącz, jeżeli używasz STARTTLS"
 testEmail: "Przetestuj dostarczanie wiadomości e-mail"
 wordMute: "Wyciszenie słowa"
+hardWordMute: "Wyciszaj przekleństwa"
 regexpError: "Błąd wyrażenia regularnego"
 regexpErrorDescription: "Wystąpił błąd w wyrażeniu regularnym w linii {line} twoich {tab} wyciszeń:"
 instanceMute: "Wyciszone instancje"
@@ -826,6 +831,7 @@ administration: "Zarządzanie"
 accounts: "Konta"
 switch: "Przełącz"
 noMaintainerInformationWarning: "Informacje o administratorze nie są skonfigurowane."
+noInquiryUrlWarning: "Adres URL zapytania nie został ustawiony"
 noBotProtectionWarning: "Zabezpieczenie przed botami nie jest skonfigurowane."
 configure: "Skonfiguruj"
 postToGallery: "Opublikuj w galerii"
@@ -890,6 +896,7 @@ followersVisibility: "Widoczność obserwujących"
 continueThread: "Pokaż kontynuację wątku"
 deleteAccountConfirm: "Spowoduje to nieodwracalne usunięcie Twojego konta. Kontynuować?"
 incorrectPassword: "Nieprawidłowe hasło."
+incorrectTotp: "Hasło pojedynczego użytku jest nie poprawne, lub straciło ważność"
 voteConfirm: "Potwierdzić swój głos na \"{choice}\"?"
 hide: "Ukryj"
 useDrawerReactionPickerForMobile: "Wyświetlaj wybornik reakcji jako szufladę na urządzeniach mobilnych"
@@ -914,6 +921,10 @@ oneHour: "1 godzina"
 oneDay: "1 dzień"
 oneWeek: "1 tydzień"
 oneMonth: "jeden miesiąc"
+threeMonths: "3 miesiące"
+oneYear: "Rok"
+threeDays: "3 dni"
+reflectMayTakeTime: "Może minąć trochę czasu, zanim będzie to uwzględnione"
 failedToFetchAccountInformation: "Nie udało się uzyskać informacji o koncie"
 rateLimitExceeded: "Limit szybkości przekroczony"
 cropImage: "Przytnij obraz"
@@ -924,9 +935,11 @@ file: "Pliki"
 recentNHours: "W ciągu ostatnich {n} godzin"
 recentNDays: "W ciągu ostatnich {n} dni"
 noEmailServerWarning: "Serwer Email nie jest skonfigurowany"
+thereIsUnresolvedAbuseReportWarning: "Istnieją niewyjaśnione raporty"
 recommended: "Zalecane"
 check: "Zweryfikuj"
 driveCapOverrideLabel: "Zmień limit pojemności dysku użytkownika"
+driveCapOverrideCaption: "Resetuje pojemność do wartości domyślnej, przez wpisanie wartości 0 lub niższej"
 requireAdminForView: "Aby to zobaczyć, musisz być administratorem"
 isSystemAccount: "To jest konto stworzone i zarządzane przez system"
 typeToConfirm: "Wprowadź {x}, aby potwierdzić"
@@ -995,17 +1008,29 @@ unassign: "Cofnij przydzielenie"
 color: "Kolor"
 manageCustomEmojis: "Zarządzaj niestandardowymi Emoji"
 manageAvatarDecorations: "Zarządzaj dekoracjami awatara"
+youCannotCreateAnymore: "Limit kreacji został przekroczony"
+cannotPerformTemporary: "Opcja tymczasowo niedostępna"
+cannotPerformTemporaryDescription: "Ta akcja nie może zostać wykonana, z powodu przekroczenia limitu wykonań. Prosimy poczekać chwilę i spróbować ponownie"
 invalidParamError: "Błąd parametrów"
+invalidParamErrorDescription: "Wartości, które zostały podane są niepoprawne. Zwykle jest to spowodowane bugiem, lecz również może być to spowodowane przekroczeniem limitu wartości, lub podobnym problemem"
 permissionDeniedError: "Odrzucono operacje"
 permissionDeniedErrorDescription: "Konto nie posiada uprawnień"
 preset: "Konfiguracja"
 selectFromPresets: "Wybierz konfiguracje"
 achievements: "Osiągnięcia"
+gotInvalidResponseError: "Niepoprawna odpowiedź serwera"
+gotInvalidResponseErrorDescription: "Wystąpił problem z Twoim połączeniem z Internetem, lub z serwerem. {Spróbuj ponownie} wkrótce."
+thisPostMayBeAnnoying: "Ten wpis może obrażać pozostałych użytkowników"
+thisPostMayBeAnnoyingHome: "Opublikuj na domowej osi czasu"
 thisPostMayBeAnnoyingCancel: "Odrzuć"
+thisPostMayBeAnnoyingIgnore: "Zignoruj i wyślij"
+collapseRenotes: "Zwiń wpisy, które już zobaczyłeś"
+collapseRenotesDescription: "Zwiń wpisy, na które już zareagowałeś lub udostępniłeś"
 internalServerError: "Wewnętrzny błąd serwera"
 internalServerErrorDescription: "Niespodziewany błąd po stronie serwera"
 copyErrorInfo: "Kopiuj informacje o błędzie"
 joinThisServer: "Dołącz do chaty"
+exploreOtherServers: "Szukaj innej instancji"
 disableFederationOk: "Wyłącz federacje"
 invitationRequiredToRegister: "Ten serwer wymaga zaproszenia. Tylko osoby z zaproszeniem mogą się zarejestrować"
 emailNotSupported: "Wysyłanie wiadomości E-mail nie jest obsługiwane na tym serwerze"

locales/pt-PT.yml

@@ -376,7 +376,6 @@ enableLocalTimeline: "Ativar linha do tempo local"
 enableGlobalTimeline: "Ativar linha do tempo global"
 disablingTimelinesInfo: "Se você desabilitar essas linhas do tempo, administradores e moderadores ainda poderão usá-las por conveniência."
 registration: "Registar"
-enableRegistration: "Permitir que qualquer pessoa se registre"
 invite: "Convidar"
 driveCapacityPerLocalAccount: "Capacidade do drive por usuário local"
 driveCapacityPerRemoteAccount: "Capacidade do drive por usuário remoto"

locales/ro-RO.yml

@@ -341,7 +341,6 @@ enableLocalTimeline: "Activează cronologia locală"
 enableGlobalTimeline: "Activeaza cronologia globală"
 disablingTimelinesInfo: "Administratorii și Moderatorii vor avea mereu access la toate cronologiile, chiar dacă nu sunt activate."
 registration: "Inregistrare"
-enableRegistration: "Activează înregistrările pentru utilizatori noi"
 invite: "Invită"
 driveCapacityPerLocalAccount: "Capacitatea Drive-ului per utilizator local"
 driveCapacityPerRemoteAccount: "Capacitatea Drive-ului per utilizator extern"

locales/ru-RU.yml

@@ -377,7 +377,6 @@ enableLocalTimeline: "Включить локальную ленту"
 enableGlobalTimeline: "Включить глобальную ленту"
 disablingTimelinesInfo: "У администраторов и модераторов есть доступ ко всем лентам, даже если они отключены."
 registration: "Регистрация"
-enableRegistration: "Разрешить регистрацию"
 invite: "Пригласить"
 driveCapacityPerLocalAccount: "Объём Диска на одного локального пользователя"
 driveCapacityPerRemoteAccount: "Объём Диска на одного пользователя с другого экземпляра"

locales/sk-SK.yml

@@ -331,7 +331,6 @@ enableLocalTimeline: "Povoliť lokálnu časovú os"
 enableGlobalTimeline: "Povoliť globálnu časovú os"
 disablingTimelinesInfo: "Administrátori a moderátori majú vždy prístup ku všetkým časovým osiam, aj keď sú vypnuté."
 registration: "Registrácia"
-enableRegistration: "Povoliť registráciu nových používateľov"
 invite: "Pozvať"
 driveCapacityPerLocalAccount: "Kapacita disku pre používateľa"
 driveCapacityPerRemoteAccount: "Kapacita disku pre vzdialeného používateľa"

locales/sv-SE.yml

@@ -333,7 +333,6 @@ disconnectService: "Koppla från"
 enableLocalTimeline: "Aktivera lokal tidslinje"
 enableGlobalTimeline: "Aktivera global tidslinje"
 registration: "Registrera"
-enableRegistration: "Aktivera registrering av nya användare"
 invite: "Inbjudan"
 inMb: "I megabyte"
 bannerUrl: "URL till banner-bilden"
@@ -385,6 +384,7 @@ passwordLessLoginDescription: "Tillåter lösenordsfri inloggning med endast en
 resetPassword: "Återställ Lösenord"
 newPasswordIs: "Det nya lösenordet är \"{password}\""
 share: "Dela"
+markAsReadAllTalkMessages: "Markera alla meddelanden som lästa"
 help: "Hjälp"
 close: "Stäng"
 invites: "Inbjudan"
@@ -393,12 +393,15 @@ transfer: "Överför"
 text: "Text"
 enable: "Aktivera"
 next: "Nästa"
+retype: "Ange igen"
+noMessagesYet: "Inga meddelanden än"
 invitations: "Inbjudan"
 invitationCode: "Inbjudningskod"
 available: "Tillgängligt"
 weakPassword: "Svagt Lösenord"
 normalPassword: "Medel Lösenord"
 strongPassword: "Starkt Lösenord"
+signinWith: "Logga in med {x}"
 signinFailed: "Kan inte logga in. Det angivna användarnamnet eller lösenordet är felaktigt."
 or: "eller"
 language: "Språk"
@@ -410,70 +413,124 @@ existingAccount: "Existerande konto"
 regenerate: "Regenerera"
 fontSize: "Textstorlek"
 openImageInNewTab: "Öppna bild i ny flik"
+appearance: "Utseende"
 clientSettings: "Klientinställningar"
 accountSettings: "Kontoinställningar"
 numberOfDays: "Antal dagar"
+objectStorageUseSSL: "Använd SSL"
+serverLogs: "Serverloggar"
 deleteAll: "Radera alla"
 sounds: "Ljud"
 sound: "Ljud"
 listen: "Lyssna"
 none: "Ingen"
 volume: "Volym"
+notUseSound: "Inaktivera ljud"
 chooseEmoji: "Välj en emoji"
 recentUsed: "Senast använd"
 install: "Installera"
 uninstall: "Avinstallera"
+deleteAllFiles: "Radera alla filer"
+deleteAllFilesConfirm: "Är du säker på att du vill radera alla filer?"
 menu: "Meny"
+addItem: "Lägg till objekt"
 serviceworkerInfo: "Måste vara aktiverad för pushnotiser."
 enableInfiniteScroll: "Ladda mer automatiskt"
 enablePlayer: "Öppna videospelare"
+description: "Beskrivning"
 permission: "Behörigheter"
 enableAll: "Aktivera alla"
+disableAll: "Inaktivera alla"
 edit: "Ändra"
 enableEmail: "Aktivera epost-utskick"
 email: "E-post"
+emailAddress: "E-postadress"
 smtpHost: "Värd"
 smtpUser: "Användarnamn"
 smtpPass: "Lösenord"
 emptyToDisableSmtpAuth: "Lämna användarnamn och lösenord tomt för att avaktivera SMTP verifiering"
+makeActive: "Aktivera"
+copy: "Kopiera"
+overview: "Översikt"
 logs: "Logg"
+database: "Databas"
 channel: "kanal"
 create: "Skapa"
 other: "Mer"
+abuseReports: "Rapporter"
+reportAbuse: "Rapporter"
+reportAbuseOf: "Rapportera {name}"
+abuseReported: "Din rapport har skickats. Tack så mycket."
 send: "Skicka"
 openInNewTab: "Öppna i ny flik"
 createNew: "Skapa ny"
+private: "Privat"
 i18nInfo: "Misskey översätts till många olika språk av volontärer. Du kan hjälpa till med översättningen på {link}."
 accountInfo: "Kontoinformation"
+followersCount: "Antal följare"
+yes: "Ja"
+no: "Nej"
 clips: "Klipp"
 duplicate: "Duplicera"
 reloadToApplySetting: "Inställningen tillämpas efter sidan laddas om. Vill du göra det nu?"
 clearCache: "Rensa cache"
 onlineUsersCount: "{n} användare är online"
+nUsers: "{n} användare"
 nNotes: "{n} Noter"
 backgroundColor: "Bakgrundsbild"
 textColor: "Text"
+saveAs: "Spara som..."
+saveConfirm: "Spara ändringar?"
 youAreRunningUpToDateClient: "Klienten du använder är uppdaterat."
 newVersionOfClientAvailable: "Ny version av klienten är tillgänglig."
+editCode: "Redigera kod"
 publish: "Publicera"
 typingUsers: "{users} skriver"
+goBack: "Tillbaka"
+addDescription: "Lägg till beskrivning"
 info: "Om"
+online: "Online"
+active: "Aktiv"
+offline: "Offline"
 enabled: "Aktiverad"
+quickAction: "Snabbåtgärder"
 user: "Användare"
+gallery: "Galleri"
+popularPosts: "Populära inlägg"
 customCssWarn: "Den här inställningen borde bara ändrats av en som har rätta kunskaper. Om du ställer in det här fel så kan klienten sluta fungera rätt."
 global: "Global"
 squareAvatars: "Visa fyrkantiga profilbilder"
 sent: "Skicka"
+searchResult: "Sökresultat"
+learnMore: "Läs mer"
 misskeyUpdated: "Misskey har uppdaterats!"
+translate: "Översätt"
+controlPanel: "Kontrollpanel"
+manageAccounts: "Hantera konton"
 incorrectPassword: "Fel lösenord."
+hide: "Dölj"
 welcomeBackWithName: "Välkommen tillbaka, {name}"
 clickToFinishEmailVerification: "Tryck på [{ok}] för att slutföra bekräftelsen på e-postadressen."
+size: "Storlek"
 searchByGoogle: "Sök"
+indefinitely: "Aldrig"
+tenMinutes: "10 minuter"
+oneHour: "En timme"
+oneDay: "En dag"
+oneWeek: "En vecka"
+oneMonth: "En månad"
+threeMonths: "3 månader"
+oneYear: "1 år"
+threeDays: "3 dagar"
 file: "Filer"
+deleteAccount: "Radera konto"
+label: "Etikett"
 cannotUploadBecauseNoFreeSpace: "Kan inte ladda upp filen för att det finns inget lagringsutrymme kvar."
 cannotUploadBecauseExceedsFileSizeLimit: "Kan inte ladda upp filen för att den är större än filstorleksgränsen."
+beta: "Beta"
 enableAutoSensitive: "Automatisk NSFW markering"
 enableAutoSensitiveDescription: "Tillåter automatiskt detektering och marketing av NSFW media genom Maskininlärning när möjligt. Även om denna inställningen är avaktiverad, kan det vara aktiverat på hela instansen."
+move: "Flytta"
 pushNotification: "Pushnotiser"
 subscribePushNotification: "Aktivera pushnotiser"
 unsubscribePushNotification: "Avaktivera pushnotiser"
@@ -482,38 +539,86 @@ pushNotificationNotSupported: "Din webbläsare eller instans har inte stöd för
 windowMaximize: "Maximera"
 windowMinimize: "Minimera"
 windowRestore: "Återställ"
+tools: "Verktyg"
+like: "Gilla"
 pleaseDonate: "Misskey är en gratis programvara som används på {host}. Donera gärna för att göra utvecklingen ständigt, tack!"
+roles: "Roll"
+role: "Roll"
+color: "Färg"
 resetPasswordConfirm: "Återställ verkligen ditt lösenord?"
 dataSaver: "Databesparing"
 icon: "Profilbild"
+forYou: "För dig"
 replies: "Svara"
 renotes: "Omnotera"
+loadReplies: "Visa svar"
+loadConversation: "Visa konversation"
+authentication: "Autentisering"
+sourceCode: "Källkod"
+doReaction: "Lägg till reaktion"
+code: "Kod"
+gameRetry: "Försök igen"
+inquiry: "Kontakt"
+tryAgain: "Försök igen senare"
+signinWithPasskey: "Logga in med nyckel"
+unknownWebAuthnKey: "Okänd nyckel"
 _delivery:
   stop: "Suspenderad"
   _type:
     none: "Publiceras"
+_initialAccountSetting:
+  profileSetting: "Profilinställningar"
+_initialTutorial:
+  _reaction:
+    title: "Vad är reaktioner?"
 _achievements:
   _types:
     _open3windows:
       title: "Flera Fönster"
       description: "Ha minst 3 fönster öppna samtidigt"
+_role:
+  edit: "Redigera roll"
 _ffVisibility:
   public: "Publicera"
+  private: "Privat"
+_accountDelete:
+  accountDelete: "Radera konto"
+_ad:
+  back: "Tillbaka"
+_gallery:
+  like: "Gilla"
 _email:
   _follow:
     title: "följde dig"
+_aboutMisskey:
+  source: "Källkod"
+  projectMembers: "Projektmedlemmar"
 _channel:
   setBanner: "Välj banner"
   removeBanner: "Ta bort banner"
+  nameAndDescription: "Namn och beskrivning"
+_menuDisplay:
+  hide: "Dölj"
 _theme:
+  description: "Beskrivning"
+  color: "Färg"
   keys:
     mention: "Nämn"
     renote: "Omnotera"
 _sfx:
   note: "Noter"
   notification: "Notifikationer"
+_ago:
+  justNow: "Just nu"
 _2fa:
+  step3Title: "Ange en autentiseringskod"
   renewTOTPCancel: "Nej tack"
+_permissions:
+  "read:reactions": "Visa dina reaktioner"
+  "write:reactions": "Redigera dina reaktioner"
+  "write:admin:delete-account": "Radera användarkonto"
+  "write:admin:roles": "Hantera roller"
+  "read:admin:roles": "Visa roller"
 _antennaSources:
   all: "Alla noter"
   homeTimeline: "Noter från följda användare"
@@ -530,13 +635,19 @@ _widgets:
   _userList:
     chooseList: "Välj lista"
 _cw:
+  hide: "Dölj"
   show: "Ladda mer"
+  chars: "{count} tecken"
+  files: "{count} fil(er)"
+_poll:
+  infinite: "Aldrig"
 _visibility:
   home: "Hem"
   followers: "Följare"
 _profile:
   name: "Namn"
   username: "Användarnamn"
+  metadataLabel: "Etikett"
   changeAvatar: "Ändra profilbild"
   changeBanner: "Ändra banner"
 _exportOrImport:
@@ -547,9 +658,12 @@ _exportOrImport:
   userLists: "Listor"
 _charts:
   federation: "Federation"
+  activeUsers: "Aktiva användare"
 _timelines:
   home: "Hem"
   global: "Global"
+_play:
+  summary: "Beskrivning"
 _pages:
   blocks:
     image: "Bilder"
@@ -567,6 +681,8 @@ _notification:
     reply: "Svara"
     renote: "Omnotera"
 _deck:
+  addColumn: "Lägg till kolumn"
+  deleteProfile: "Radera profil"
   _columns:
     notifications: "Notifikationer"
     tl: "Tidslinje"
@@ -584,3 +700,10 @@ _abuseReport:
 _moderationLogTypes:
   suspend: "Suspendera"
   resetPassword: "Återställ Lösenord"
+_reversi:
+  blackOrWhite: "Svart/Vit"
+  rules: "Regler"
+  black: "Svart"
+  white: "Vit"
+_selfXssPrevention:
+  warning: "VARNING"

locales/th-TH.yml

@@ -382,7 +382,6 @@ enableLocalTimeline: "เปิดใช้งานไทม์ไลน์ท
 enableGlobalTimeline: "เปิดใช้งานไทม์ไลน์ทั่วโลก"
 disablingTimelinesInfo: "ผู้ดูแลระบบและผู้ควบคุมจะสามารถเข้าถึงไทม์ไลน์ทั้งหมด ถึงแม้ว่าจะไม่ได้เปิดใช้งานก็ตาม"
 registration: "ลงทะเบียน"
-enableRegistration: "เปิดใช้งานการลงทะเบียนผู้ใช้ใหม่"
 invite: "คำเชิญ"
 driveCapacityPerLocalAccount: "ความจุของไดรฟ์ต่อผู้ใช้ท้องถิ่น"
 driveCapacityPerRemoteAccount: "ความจุของไดรฟ์ต่อผู้ใช้ระยะไกล"

locales/tr-TR.yml

@@ -344,7 +344,6 @@ today: "Bugün"
 monthX: "{month} ay"
 pages: "Sayfalar"
 integration: "Entegrasyon"
-enableRegistration: "Kayıtlara izin ver"
 basicInfo: "Temel bilgiler"
 pinnedUsers: "Sabitlenmiş kullanıcılar"
 pinnedNotes: "Sabitlenen"

locales/uk-UA.yml

@@ -334,7 +334,6 @@ enableLocalTimeline: "Увімкнути локальну стрічку"
 enableGlobalTimeline: "Увімкнути глобальну стрічку"
 disablingTimelinesInfo: "Адміністратори та модератори завжди мають доступ до всіх стрічок, навіть якщо вони вимкнуті."
 registration: "Реєстрація"
-enableRegistration: "Дозволити реєстрацію"
 invite: "Запросити"
 driveCapacityPerLocalAccount: "Об'єм диска на одного локального користувача"
 driveCapacityPerRemoteAccount: "Об'єм диска на одного віддаленого користувача"

locales/uz-UZ.yml

@@ -349,7 +349,6 @@ enableLocalTimeline: "Mahalliy vaqt mintaqasini yoqing"
 enableGlobalTimeline: "Global vaqt mintaqasini yoqing"
 disablingTimelinesInfo: "Administratorlar va Moderatorlar har doim barcha vaqt jadvallariga kirish huquqiga ega bo'ladilar, hatto ular yoqilmagan bo'lsa ham."
 registration: "Ro'yxatdan o'tish"
-enableRegistration: "Ro'yxatdan o'tishni yoqing"
 invite: "Taklif qilish"
 driveCapacityPerLocalAccount: "Har bir mahalliy foydalanuvchi uchun disk maydoni"
 driveCapacityPerRemoteAccount: "Har bir masofaviy foydalanuvchi uchun disk maydoni"

locales/vi-VN.yml

@@ -8,6 +8,9 @@ search: "Tìm kiếm"
 notifications: "Thông báo"
 username: "Tên người dùng"
 password: "Mật khẩu"
+initialPasswordForSetup: "Mật khẩu ban đầu để thiết lập"
+initialPasswordIsIncorrect: "Mật khẩu ban đầu đã nhập sai"
+initialPasswordForSetupDescription: "Nếu bạn tự cài đặt Misskey, hãy sử dụng mật khẩu ban đầu của bạn đã nhập trong tệp cấu hình.\nNếu bạn đang sử dụng dịch vụ nào đó giống như dịch vụ lưu trữ của Misskey, hãy sử dụng mật khẩu ban đầu được cung cấp.\nNếu bạn chưa đặt mật khẩu ban đầu, vui lòng để trống và tiếp tục."
 forgotPassword: "Quên mật khẩu"
 fetchingAsApObject: "Đang nạp dữ liệu từ Fediverse..."
 ok: "Đồng ý"
@@ -354,7 +357,6 @@ enableLocalTimeline: "Bật bảng tin máy chủ"
 enableGlobalTimeline: "Bật bảng tin liên hợp"
 disablingTimelinesInfo: "Quản trị viên và Kiểm duyệt viên luôn có quyền truy cập mọi bảng tin, kể cả khi chúng không được bật."
 registration: "Đăng ký"
-enableRegistration: "Cho phép đăng ký mới"
 invite: "Mời"
 driveCapacityPerLocalAccount: "Dung lượng ổ đĩa tối đa cho mỗi người dùng"
 driveCapacityPerRemoteAccount: "Dung lượng ổ đĩa tối đa cho mỗi người dùng từ xa"

locales/zh-CN.yml

@@ -107,7 +107,7 @@ follow: "关注"
 followRequest: "关注申请"
 followRequests: "关注申请"
 unfollow: "取消关注"
-followRequestPending: "关注请求批准中"
+followRequestPending: "关注请求待批准"
 enterEmoji: "输入表情符号"
 renote: "转发"
 unrenote: "取消转发"
@@ -136,7 +136,7 @@ overwriteFromPinnedEmojisForReaction: "从「置顶（回应）」设置覆盖"
 overwriteFromPinnedEmojis: "从全局设置覆盖"
 reactionSettingDescription2: "拖动重新排序，单击删除，点击 + 添加。"
 rememberNoteVisibility: "保存上次设置的可见性"
-attachCancel: "删除附件"
+attachCancel: "取消添加附件"
 deleteFile: "删除文件"
 markAsSensitive: "标记为敏感内容"
 unmarkAsSensitive: "取消标记为敏感内容"
@@ -382,7 +382,6 @@ enableLocalTimeline: "启用本地时间线"
 enableGlobalTimeline: "启用全局时间线"
 disablingTimelinesInfo: "即使时间线功能被禁用，出于方便，管理员和监察员也可以继续使用。"
 registration: "注册"
-enableRegistration: "允许任何人注册"
 invite: "邀请"
 driveCapacityPerLocalAccount: "每个用户的网盘容量"
 driveCapacityPerRemoteAccount: "每个远程用户的网盘容量"
@@ -587,6 +586,7 @@ masterVolume: "主音量"
 notUseSound: "静音"
 useSoundOnlyWhenActive: "仅在 Misskey 活跃时输出声音"
 details: "详情"
+renoteDetails: "转帖详情"
 chooseEmoji: "选择表情符号"
 unableToProcess: "操作无法完成"
 recentUsed: "最近使用"
@@ -603,7 +603,7 @@ descendingOrder: "降序"
 scratchpad: "AiScript 控制台"
 scratchpadDescription: "AiScript 控制台为 AiScript 提供了实验环境。您可以编写代码与 Misskey 交互，运行并查看结果。"
 uiInspector: "UI 检查器"
-uiInspectorDescription: "查看所有内存中由 UI 组件生成出的实例。UI 组件由 UI:C 系列函数所生成。"
+uiInspectorDescription: "查看内存中所有由 UI 组件生成出的实例。UI 组件由 UI:C 系列函数所生成。"
 output: "输出"
 script: "脚本"
 disablePagesScript: "禁用页面脚本"
@@ -856,9 +856,9 @@ user: "用户"
 administration: "管理"
 accounts: "账户"
 switch: "切换"
-noMaintainerInformationWarning: "管理人员信息未设置。"
+noMaintainerInformationWarning: "尚未设置管理员信息。"
 noInquiryUrlWarning: "尚未设置联络地址。"
-noBotProtectionWarning: "Bot 防御未设置。"
+noBotProtectionWarning: "尚未设置 Bot 防御。"
 configure: "设置"
 postToGallery: "发送到图库"
 postToHashtag: "投稿到这个标签"
@@ -874,11 +874,11 @@ priority: "优先级"
 high: "高"
 middle: "中"
 low: "低"
-emailNotConfiguredWarning: "电子邮件地址未设置。"
+emailNotConfiguredWarning: "尚未设置电子邮件地址。"
 ratio: "比率"
 previewNoteText: "预览文本"
 customCss: "自定义 CSS"
-customCssWarn: "这些设置必须有相关的基础知识，不当的配置可能导致客户端无法正常使用！"
+customCssWarn: "这些设置必须有相关的基础知识，不当的配置可能导致客户端无法正常使用。"
 global: "全局"
 squareAvatars: "显示方形头像图标"
 sent: "发送"
@@ -1057,7 +1057,7 @@ internalServerErrorDescription: "内部服务器发生了预期外的错误"
 copyErrorInfo: "复制错误信息"
 joinThisServer: "在本服务器上注册"
 exploreOtherServers: "探索其他服务器"
-letsLookAtTimeline: "时间线"
+letsLookAtTimeline: "看看时间线"
 disableFederationConfirm: "确定要禁用联合？"
 disableFederationConfirmWarn: "禁用联合不会将帖子设为私有。在大多数情况下，不需要禁用联合。"
 disableFederationOk: "联合禁用"
@@ -1076,7 +1076,7 @@ sensitiveWords: "敏感词"
 sensitiveWordsDescription: "包含这些词的帖子将只在首页可见。可用换行来设定多个词。"
 sensitiveWordsDescription2: "AND 条件用空格分隔，正则表达式用斜线包裹。"
 prohibitedWords: "禁用词"
-prohibitedWordsDescription: "发布包含设定词汇的帖子时将出错。可用换行设定多个关键字"
+prohibitedWordsDescription: "发布包含设定词汇的帖子时将出错。可用换行设定多个关键字。"
 prohibitedWordsDescription2: "AND 条件用空格分隔，正则表达式用斜线包裹。"
 hiddenTags: "隐藏标签"
 hiddenTagsDescription: "设定的标签将不会在时间线上显示。可使用换行来设置多个标签。"
@@ -1119,7 +1119,7 @@ vertical: "纵向"
 horizontal: "横向"
 position: "位置"
 serverRules: "服务器规则"
-pleaseConfirmBelowBeforeSignup: "在这个服务器上注册账号前，请确认以下信息。"
+pleaseConfirmBelowBeforeSignup: "如果要在此服务器上注册，需要确认并同意以下内容。"
 pleaseAgreeAllToContinue: "必须全部勾选「同意」才能够继续。"
 continue: "继续"
 preservedUsernames: "保留的用户名"
@@ -1159,10 +1159,10 @@ turnOffToImprovePerformance: "关闭该选项可以提高性能。"
 createInviteCode: "生成邀请码"
 createWithOptions: "使用选项来创建"
 createCount: "发行数"
-inviteCodeCreated: "已创建邀请码"
-inviteLimitExceeded: "可供发行的邀请码已达上限。"
-createLimitRemaining: "可供发行的邀请码：剩余{limit}个"
-inviteLimitResetCycle: "可以在{time}内发行最多{limit}个邀请码。"
+inviteCodeCreated: "已生成邀请码"
+inviteLimitExceeded: "可供生成的邀请码已达上限。"
+createLimitRemaining: "可供生成的邀请码：剩余 {limit} 个"
+inviteLimitResetCycle: "可以在 {time} 内生成最多 {limit} 个邀请码。"
 expirationDate: "有效日期"
 noExpirationDate: "不设置有效日期"
 inviteCodeUsedAt: "邀请码被使用的日期和时间"
@@ -1299,6 +1299,8 @@ yourNameContainsProhibitedWordsDescription: "用户名内含有违禁词。若
 thisContentsAreMarkedAsSigninRequiredByAuthor: "根据发帖者的设定，需要登录才能显示"
 lockdown: "锁定"
 pleaseSelectAccount: "请选择帐户"
+availableRoles: "可用角色"
+acknowledgeNotesAndEnable: "理解注意事项后再开启。"
 _accountSettings:
   requireSigninToViewContents: "需要登录才能显示内容"
   requireSigninToViewContentsDescription1: "您发布的所有帖子将变成需要登入后才会显示。有望防止爬虫收集各种信息。"
@@ -1426,8 +1428,8 @@ _initialTutorial:
     description: "对于服务器方针所要求要求的，又或者不适合直接展示的附件，请添加「敏感」标记。\n"
     tryThisFile: "试试看，将附加到此窗口的图像标注为敏感！"
     _exampleNote:
-      note: "拆纳豆包装时出错了…"
-    method: "要标注附件为敏感内容，请单击该文件以打开菜单，然后单击“标记为敏感内容”。"
+      note: "拆纳豆包装时失手了…"
+    method: "要标注附件为敏感内容，请单击该文件以打开菜单，然后单击「标记为敏感内容」。"
     sensitiveSucceeded: "附加文件时，请遵循服务器的条款来设置正确敏感设定。\n"
     doItToContinue: "将图像标记为敏感后才能够继续"
   _done:
@@ -1455,6 +1457,8 @@ _serverSettings:
   reactionsBufferingDescription: "开启时可显著提高发送回应时的性能，及减轻数据库负荷。但 Redis 的内存用量会相应增加。"
   inquiryUrl: "联络地址"
   inquiryUrlDescription: "用来指定诸如向服务运营商咨询的论坛地址，或记载了运营商联系方式之类的网页地址。"
+  openRegistration: "开放注册"
+  openRegistrationWarning: "开放注册有风险。建议仅当能够持续监控服务器并在出现问题时能够立即响应时才打开它。"
   thisSettingWillAutomaticallyOffWhenModeratorsInactive: "若在一段时间内没有检测到管理活动，为防止垃圾信息，此设定将自动关闭。"
 _accountMigration:
   moveFrom: "从别的账号迁移到此账户"
@@ -2737,3 +2741,6 @@ _selfXssPrevention:
   description1: "如果在此处粘贴了什么，恶意用户可能会接管账户或者盗取个人资料。"
   description2: "如果不能完全理解将要粘贴的内容，%c 请立即停止操作并关闭这个窗口。"
   description3: "详情请看这里。{link}"
+_followRequest:
+  recieved: "已收到申请"
+  sent: "已发送申请"

locales/zh-TW.yml

@@ -8,8 +8,8 @@ search: "搜尋"
 notifications: "通知"
 username: "使用者名稱"
 password: "密碼"
-initialPasswordForSetup: "初始設定用的密碼"
-initialPasswordIsIncorrect: "初始設定用的密碼錯誤。"
+initialPasswordForSetup: "啟動初始設定的密碼"
+initialPasswordIsIncorrect: "啟動初始設定的密碼錯誤。"
 initialPasswordForSetupDescription: "如果您自己安裝了 Misskey，請使用您在設定檔中輸入的密碼。\n如果您使用 Misskey 的託管服務之類的服務，請使用提供的密碼。\n如果您尚未設定密碼，請將其留空並繼續。"
 forgotPassword: "忘記密碼"
 fetchingAsApObject: "從聯邦宇宙取得中..."
@@ -382,7 +382,6 @@ enableLocalTimeline: "啟用本地時間軸"
 enableGlobalTimeline: "啟用全域時間軸"
 disablingTimelinesInfo: "為了方便，即使您關閉了時間軸功能，管理員和審查員仍可以繼續使用。"
 registration: "註冊"
-enableRegistration: "開放新使用者註冊"
 invite: "邀請"
 driveCapacityPerLocalAccount: "每個本地使用者的雲端硬碟容量"
 driveCapacityPerRemoteAccount: "每個非本地用戶的雲端空間大小"
@@ -1119,7 +1118,7 @@ vertical: "直向"
 horizontal: "橫向"
 position: "位置"
 serverRules: "伺服器規則"
-pleaseConfirmBelowBeforeSignup: "在本伺服器註冊之前，請確認下列事項。"
+pleaseConfirmBelowBeforeSignup: "在本伺服器註冊之前，必須確認並同意以下內容。"
 pleaseAgreeAllToContinue: "必須全部勾選「同意」才能繼續。"
 continue: "繼續"
 preservedUsernames: "保留的使用者名稱"
@@ -1299,6 +1298,8 @@ yourNameContainsProhibitedWordsDescription: "名稱中包含禁止使用的字
 thisContentsAreMarkedAsSigninRequiredByAuthor: "作者將其設定為需要登入才能顯示。"
 lockdown: "鎖定"
 pleaseSelectAccount: "請選擇帳戶"
+availableRoles: "可用角色"
+acknowledgeNotesAndEnable: "了解注意事項後再開啟。"
 _accountSettings:
   requireSigninToViewContents: "須登入以顯示內容"
   requireSigninToViewContentsDescription1: "必須登入才會顯示您建立的貼文等內容。可望有效防止資訊被爬蟲蒐集。"
@@ -1455,6 +1456,8 @@ _serverSettings:
   reactionsBufferingDescription: "啟用時，可以顯著提高建立反應時的效能並減少資料庫的負載。 但是，Redis 記憶體使用量會增加。"
   inquiryUrl: "聯絡表單網址"
   inquiryUrlDescription: "指定伺服器運營者的聯絡表單網址，或包含運營者聯絡資訊網頁的網址。"
+  openRegistration: "允許建立帳戶"
+  openRegistrationWarning: "開放註冊伴隨著風險。 建議只有在伺服器受到持續監控，並準備好在出現問題時能立即處理的情況下才開放註冊。"
   thisSettingWillAutomaticallyOffWhenModeratorsInactive: "為了防止 spam，如果一段期間內沒有偵測到審查員的活動，此設定將自動關閉。"
 _accountMigration:
   moveFrom: "從其他帳戶遷移到這個帳戶"
@@ -2737,3 +2740,6 @@ _selfXssPrevention:
   description1: "如果您在此處貼上任何內容，惡意使用者可能會接管您的帳戶或竊取您的個人資訊。"
   description2: "如果您不確切知道要貼上的內容，%c 請立即停止工作並關閉此視窗。"
   description3: "細節請看這裡。{link}"
+_followRequest:
+  recieved: "收到的請求"
+  sent: "送出的請求"

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "misskey",
-	"version": "2024.11.0-alpha.0",
+	"version": "2024.11.0-alpha.2",
 	"codename": "nasubi",
 	"repository": {
 		"type": "git",
@@ -56,22 +56,22 @@
 		"fast-glob": "3.3.2",
 		"ignore-walk": "6.0.5",
 		"js-yaml": "4.1.0",
-		"postcss": "8.4.47",
+		"postcss": "8.4.49",
 		"tar": "6.2.1",
-		"terser": "5.33.0",
-		"typescript": "5.6.2",
-		"esbuild": "0.23.1",
+		"terser": "5.36.0",
+		"typescript": "5.6.3",
+		"esbuild": "0.24.0",
 		"glob": "11.0.0"
 	},
 	"devDependencies": {
 		"@misskey-dev/eslint-plugin": "2.0.3",
-		"@types/node": "20.14.12",
+		"@types/node": "22.9.0",
 		"@typescript-eslint/eslint-plugin": "7.17.0",
 		"@typescript-eslint/parser": "7.17.0",
 		"cross-env": "7.0.3",
-		"cypress": "13.14.2",
-		"eslint": "9.8.0",
-		"globals": "15.9.0",
+		"cypress": "13.15.2",
+		"eslint": "9.14.0",
+		"globals": "15.12.0",
 		"ncp": "2.0.0",
 		"start-server-and-test": "2.0.8"
 	},

packages/backend/migration/1708980134301-APMultipleKeys.js

@@ -0,0 +1,39 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+export class APMultipleKeys1708980134301 {
+    name = 'APMultipleKeys1708980134301'
+
+    async up(queryRunner) {
+        await queryRunner.query(`DROP INDEX "public"."IDX_171e64971c780ebd23fae140bb"`);
+        await queryRunner.query(`ALTER TABLE "user_keypair" ADD "ed25519PublicKey" character varying(128)`);
+        await queryRunner.query(`ALTER TABLE "user_keypair" ADD "ed25519PrivateKey" character varying(128)`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "FK_10c146e4b39b443ede016f6736d"`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "PK_10c146e4b39b443ede016f6736d"`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "PK_0db6a5fdb992323449edc8ee421" PRIMARY KEY ("userId", "keyId")`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "PK_0db6a5fdb992323449edc8ee421"`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "PK_171e64971c780ebd23fae140bba" PRIMARY KEY ("keyId")`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "UQ_10c146e4b39b443ede016f6736d" UNIQUE ("userId")`);
+        await queryRunner.query(`CREATE INDEX "IDX_10c146e4b39b443ede016f6736" ON "user_publickey" ("userId") `);
+        await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "FK_10c146e4b39b443ede016f6736d" FOREIGN KEY ("userId") REFERENCES "user"("id") ON DELETE CASCADE ON UPDATE NO ACTION`);
+    }
+
+    async down(queryRunner) {
+        await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "FK_10c146e4b39b443ede016f6736d"`);
+        await queryRunner.query(`DROP INDEX "public"."IDX_10c146e4b39b443ede016f6736"`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "UQ_10c146e4b39b443ede016f6736d"`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "PK_171e64971c780ebd23fae140bba"`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "PK_0db6a5fdb992323449edc8ee421" PRIMARY KEY ("userId", "keyId")`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "PK_0db6a5fdb992323449edc8ee421"`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "PK_10c146e4b39b443ede016f6736d" PRIMARY KEY ("userId")`);
+        await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "FK_10c146e4b39b443ede016f6736d" FOREIGN KEY ("userId") REFERENCES "user"("id") ON DELETE CASCADE ON UPDATE NO ACTION`);
+        await queryRunner.query(`ALTER TABLE "user_profile" ALTER COLUMN "followersVisibility" DROP DEFAULT`);
+        await queryRunner.query(`ALTER TABLE "user_profile" ALTER COLUMN "followersVisibility" TYPE "public"."user_profile_followersVisibility_enum_old" USING "followersVisibility"::"text"::"public"."user_profile_followersVisibility_enum_old"`);
+        await queryRunner.query(`ALTER TABLE "user_profile" ALTER COLUMN "followersVisibility" SET DEFAULT 'public'`);
+        await queryRunner.query(`ALTER TABLE "user_keypair" DROP COLUMN "ed25519PrivateKey"`);
+        await queryRunner.query(`ALTER TABLE "user_keypair" DROP COLUMN "ed25519PublicKey"`);
+        await queryRunner.query(`CREATE UNIQUE INDEX "IDX_171e64971c780ebd23fae140bb" ON "user_publickey" ("keyId") `);
+    }
+}

packages/backend/migration/1709242519122-HttpSignImplLv.js

@@ -0,0 +1,16 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+export class HttpSignImplLv1709242519122 {
+    name = 'HttpSignImplLv1709242519122'
+
+    async up(queryRunner) {
+        await queryRunner.query(`ALTER TABLE "instance" ADD "httpMessageSignaturesImplementationLevel" character varying(16) NOT NULL DEFAULT '00'`);
+    }
+
+    async down(queryRunner) {
+        await queryRunner.query(`ALTER TABLE "instance" DROP COLUMN "httpMessageSignaturesImplementationLevel"`);
+    }
+}

packages/backend/migration/1709269211718-APMultipleKeysFix1.js

@@ -0,0 +1,16 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+export class APMultipleKeys1709269211718 {
+    name = 'APMultipleKeys1709269211718'
+
+    async up(queryRunner) {
+        await queryRunner.query(`ALTER TABLE "user_publickey" DROP CONSTRAINT "UQ_10c146e4b39b443ede016f6736d"`);
+    }
+
+    async down(queryRunner) {
+			await queryRunner.query(`ALTER TABLE "user_publickey" ADD CONSTRAINT "UQ_10c146e4b39b443ede016f6736d" UNIQUE ("userId")`);
+    }
+}

packages/backend/package.json

@@ -69,32 +69,32 @@
 	"dependencies": {
 		"@aws-sdk/client-s3": "3.620.0",
 		"@aws-sdk/lib-storage": "3.620.0",
-		"@bull-board/api": "6.0.0",
-		"@bull-board/fastify": "6.0.0",
-		"@bull-board/ui": "6.0.0",
+		"@bull-board/api": "6.5.0",
+		"@bull-board/fastify": "6.5.0",
+		"@bull-board/ui": "6.5.0",
 		"@discordapp/twemoji": "15.1.0",
 		"@fastify/accepts": "5.0.1",
-		"@fastify/cookie": "10.0.1",
+		"@fastify/cookie": "11.0.1",
 		"@fastify/cors": "10.0.1",
 		"@fastify/express": "4.0.1",
-		"@fastify/http-proxy": "10.0.0",
+		"@fastify/http-proxy": "10.0.1",
 		"@fastify/multipart": "9.0.1",
-		"@fastify/static": "8.0.1",
+		"@fastify/static": "8.0.2",
 		"@fastify/view": "10.0.1",
+		"@misskey-dev/node-http-message-signatures": "0.0.10",
 		"@misskey-dev/sharp-read-bmp": "1.2.0",
 		"@misskey-dev/summaly": "5.1.0",
 		"@napi-rs/canvas": "0.1.56",
-		"@nestjs/common": "10.4.4",
-		"@nestjs/core": "10.4.4",
-		"@nestjs/testing": "10.4.4",
-		"@peertube/http-signature": "1.7.0",
-		"@sentry/node": "8.20.0",
-		"@sentry/profiling-node": "8.20.0",
+		"@nestjs/common": "10.4.7",
+		"@nestjs/core": "10.4.7",
+		"@nestjs/testing": "10.4.7",
+		"@sentry/node": "8.38.0",
+		"@sentry/profiling-node": "8.38.0",
 		"@simplewebauthn/server": "10.0.1",
 		"@sinonjs/fake-timers": "11.2.2",
 		"@smithy/node-http-handler": "2.5.0",
 		"@swc/cli": "0.3.12",
-		"@swc/core": "1.6.6",
+		"@swc/core": "1.9.2",
 		"@twemoji/parser": "15.1.1",
 		"accepts": "1.3.8",
 		"ajv": "8.17.1",
@@ -103,7 +103,7 @@
 		"bcryptjs": "2.4.3",
 		"blurhash": "2.0.5",
 		"body-parser": "1.20.3",
-		"bullmq": "5.15.0",
+		"bullmq": "5.26.1",
 		"cacheable-lookup": "7.0.0",
 		"cbor": "9.0.2",
 		"chalk": "5.3.0",
@@ -117,11 +117,11 @@
 		"fastify": "5.0.0",
 		"fastify-raw-body": "5.0.0",
 		"feed": "4.2.2",
-		"file-type": "19.5.0",
+		"file-type": "19.6.0",
 		"fluent-ffmpeg": "2.1.3",
-		"form-data": "4.0.0",
-		"got": "14.4.2",
-		"happy-dom": "15.7.4",
+		"form-data": "4.0.1",
+		"got": "14.4.4",
+		"happy-dom": "15.11.4",
 		"hpagent": "1.2.0",
 		"htmlescape": "1.1.1",
 		"http-link-header": "1.1.3",
@@ -134,7 +134,7 @@
 		"json5": "2.2.3",
 		"jsonld": "8.3.2",
 		"jsrsasign": "11.1.0",
-		"meilisearch": "0.42.0",
+		"meilisearch": "0.45.0",
 		"juice": "11.0.0",
 		"mfm-js": "0.24.0",
 		"microformats-parser": "2.0.2",
@@ -142,18 +142,18 @@
 		"misskey-js": "workspace:*",
 		"misskey-reversi": "workspace:*",
 		"ms": "3.0.0-canary.1",
-		"nanoid": "5.0.7",
+		"nanoid": "5.0.8",
 		"nested-property": "4.0.0",
 		"node-fetch": "3.3.2",
-		"nodemailer": "6.9.15",
+		"nodemailer": "6.9.16",
 		"nsfwjs": "2.4.2",
 		"oauth": "0.10.0",
 		"oauth2orize": "1.12.0",
 		"oauth2orize-pkce": "0.1.2",
 		"os-utils": "0.0.14",
 		"otpauth": "9.3.4",
-		"parse5": "7.1.2",
-		"pg": "8.13.0",
+		"parse5": "7.2.1",
+		"pg": "8.13.1",
 		"pkce-challenge": "4.1.0",
 		"probe-image-size": "7.2.3",
 		"promise-limit": "2.7.0",
@@ -180,7 +180,7 @@
 		"tsc-alias": "1.8.10",
 		"tsconfig-paths": "4.2.0",
 		"typeorm": "0.3.20",
-		"typescript": "5.6.2",
+		"typescript": "5.6.3",
 		"ulid": "2.3.0",
 		"vary": "1.1.2",
 		"web-push": "3.6.7",
@@ -189,28 +189,28 @@
 	},
 	"devDependencies": {
 		"@jest/globals": "29.7.0",
-		"@nestjs/platform-express": "10.4.4",
+		"@nestjs/platform-express": "10.4.7",
 		"@simplewebauthn/types": "10.0.0",
-		"@swc/jest": "0.2.36",
+		"@swc/jest": "0.2.37",
 		"@types/accepts": "1.3.7",
-		"@types/archiver": "6.0.2",
+		"@types/archiver": "6.0.3",
 		"@types/bcryptjs": "2.4.6",
 		"@types/body-parser": "1.19.5",
 		"@types/color-convert": "2.0.4",
 		"@types/content-disposition": "0.5.8",
-		"@types/fluent-ffmpeg": "2.1.26",
+		"@types/fluent-ffmpeg": "2.1.27",
 		"@types/htmlescape": "1.1.3",
 		"@types/http-link-header": "1.0.7",
-		"@types/jest": "29.5.13",
+		"@types/jest": "29.5.14",
 		"@types/js-yaml": "4.0.9",
 		"@types/jsdom": "21.1.7",
 		"@types/jsonld": "1.5.15",
 		"@types/jsrsasign": "10.5.14",
 		"@types/mime-types": "2.1.4",
 		"@types/ms": "0.7.34",
-		"@types/node": "20.14.12",
+		"@types/node": "22.9.0",
 		"@types/nodemailer": "6.4.16",
-		"@types/oauth": "0.9.5",
+		"@types/oauth": "0.9.6",
 		"@types/oauth2orize": "1.11.5",
 		"@types/oauth2orize-pkce": "0.1.2",
 		"@types/pg": "8.11.10",
@@ -227,14 +227,14 @@
 		"@types/tinycolor2": "1.4.6",
 		"@types/tmp": "0.2.6",
 		"@types/vary": "1.1.3",
-		"@types/web-push": "3.6.3",
-		"@types/ws": "8.5.12",
+		"@types/web-push": "3.6.4",
+		"@types/ws": "8.5.13",
 		"@typescript-eslint/eslint-plugin": "7.17.0",
 		"@typescript-eslint/parser": "7.17.0",
 		"aws-sdk-client-mock": "4.0.1",
 		"cross-env": "7.0.3",
 		"eslint-plugin-import": "2.30.0",
-		"execa": "9.4.0",
+		"execa": "8.0.1",
 		"fkill": "9.0.0",
 		"jest": "29.7.0",
 		"jest-mock": "29.7.0",

packages/backend/src/@types/http-signature.d.ts

@@ -1,82 +0,0 @@
-/*
- * SPDX-FileCopyrightText: syuilo and misskey-project
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-declare module '@peertube/http-signature' {
-	import type { IncomingMessage, ClientRequest } from 'node:http';
-
-	interface ISignature {
-		keyId: string;
-		algorithm: string;
-		headers: string[];
-		signature: string;
-	}
-
-	interface IOptions {
-		headers?: string[];
-		algorithm?: string;
-		strict?: boolean;
-		authorizationHeaderName?: string;
-	}
-
-	interface IParseRequestOptions extends IOptions {
-		clockSkew?: number;
-	}
-
-	interface IParsedSignature {
-		scheme: string;
-		params: ISignature;
-		signingString: string;
-		algorithm: string;
-		keyId: string;
-	}
-
-	type RequestSignerConstructorOptions =
-		IRequestSignerConstructorOptionsFromProperties |
-		IRequestSignerConstructorOptionsFromFunction;
-
-	interface IRequestSignerConstructorOptionsFromProperties {
-		keyId: string;
-		key: string | Buffer;
-		algorithm?: string;
-	}
-
-	interface IRequestSignerConstructorOptionsFromFunction {
-		sign?: (data: string, cb: (err: any, sig: ISignature) => void) => void;
-	}
-
-	class RequestSigner {
-		constructor(options: RequestSignerConstructorOptions);
-
-		public writeHeader(header: string, value: string): string;
-
-		public writeDateHeader(): string;
-
-		public writeTarget(method: string, path: string): void;
-
-		public sign(cb: (err: any, authz: string) => void): void;
-	}
-
-	interface ISignRequestOptions extends IOptions {
-		keyId: string;
-		key: string;
-		httpVersion?: string;
-	}
-
-	export function parse(request: IncomingMessage, options?: IParseRequestOptions): IParsedSignature;
-	export function parseRequest(request: IncomingMessage, options?: IParseRequestOptions): IParsedSignature;
-
-	export function sign(request: ClientRequest, options: ISignRequestOptions): boolean;
-	export function signRequest(request: ClientRequest, options: ISignRequestOptions): boolean;
-	export function createSigner(): RequestSigner;
-	export function isSigner(obj: any): obj is RequestSigner;
-
-	export function sshKeyToPEM(key: string): string;
-	export function sshKeyFingerprint(key: string): string;
-	export function pemToRsaSSHKey(pem: string, comment: string): string;
-
-	export function verify(parsedSignature: IParsedSignature, pubkey: string | Buffer): boolean;
-	export function verifySignature(parsedSignature: IParsedSignature, pubkey: string | Buffer): boolean;
-	export function verifyHMAC(parsedSignature: IParsedSignature, secret: string): boolean;
-}

packages/backend/src/const.ts

@@ -8,6 +8,11 @@ export const MAX_NOTE_TEXT_LENGTH = 3000;
 export const USER_ONLINE_THRESHOLD = 1000 * 60 * 10; // 10min
 export const USER_ACTIVE_THRESHOLD = 1000 * 60 * 60 * 24 * 3; // 3days
 
+export const REMOTE_USER_CACHE_TTL = 1000 * 60 * 60 * 3; // 3hours
+export const REMOTE_USER_MOVE_COOLDOWN = 1000 * 60 * 60 * 24 * 14; // 14days
+
+export const REMOTE_SERVER_CACHE_TTL = 1000 * 60 * 60 * 3; // 3hours
+
 export const PER_NOTE_REACTION_USER_PAIR_CACHE_MAX = 16;
 
 //#region hard limits

packages/backend/src/core/AbuseReportNotificationService.ts

@@ -154,9 +154,9 @@ export class AbuseReportNotificationService implements OnApplicationShutdown {
 		const convertedReports = abuseReports.map(it => {
 			return {
 				...it,
-				reporter: usersMap.get(it.reporterId),
-				targetUser: usersMap.get(it.targetUserId),
-				assignee: it.assigneeId ? usersMap.get(it.assigneeId) : null,
+				reporter: usersMap.get(it.reporterId) ?? null,
+				targetUser: usersMap.get(it.targetUserId) ?? null,
+				assignee: it.assigneeId ? (usersMap.get(it.assigneeId) ?? null) : null,
 			};
 		});
 

packages/backend/src/core/AccountUpdateService.ts

@@ -3,7 +3,8 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
-import { Inject, Injectable } from '@nestjs/common';
+import { Inject, Injectable, OnModuleInit } from '@nestjs/common';
+import { ModuleRef } from '@nestjs/core';
 import { DI } from '@/di-symbols.js';
 import type { UsersRepository } from '@/models/_.js';
 import type { MiUser } from '@/models/User.js';
@@ -12,30 +13,44 @@ import { RelayService } from '@/core/RelayService.js';
 import { ApDeliverManagerService } from '@/core/activitypub/ApDeliverManagerService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { bindThis } from '@/decorators.js';
+import type { PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
 
 @Injectable()
-export class AccountUpdateService {
+export class AccountUpdateService implements OnModuleInit {
+	private apDeliverManagerService: ApDeliverManagerService;
 	constructor(
+		private moduleRef: ModuleRef,
+
 		@Inject(DI.usersRepository)
 		private usersRepository: UsersRepository,
 
 		private userEntityService: UserEntityService,
 		private apRendererService: ApRendererService,
-		private apDeliverManagerService: ApDeliverManagerService,
 		private relayService: RelayService,
 	) {
 	}
 
+	async onModuleInit() {
+		this.apDeliverManagerService = this.moduleRef.get(ApDeliverManagerService.name);
+	}
+
 	@bindThis
-	public async publishToFollowers(userId: MiUser['id']) {
+	/**
+	 * Deliver account update to followers
+	 * @param userId user id
+	 * @param deliverKey optional. Private key to sign the deliver.
+	 */
+	public async publishToFollowers(userId: MiUser['id'], deliverKey?: PrivateKeyWithPem) {
 		const user = await this.usersRepository.findOneBy({ id: userId });
 		if (user == null) throw new Error('user not found');
 
 		// フォロワーがリモートユーザーかつ投稿者がローカルユーザーならUpdateを配信
 		if (this.userEntityService.isLocalUser(user)) {
 			const content = this.apRendererService.addContext(this.apRendererService.renderUpdate(await this.apRendererService.renderPerson(user), user));
-			this.apDeliverManagerService.deliverToFollowers(user, content);
-			this.relayService.deliverToRelays(user, content);
+			await Promise.allSettled([
+				this.apDeliverManagerService.deliverToFollowers(user, content, deliverKey),
+				this.relayService.deliverToRelays(user, content, deliverKey),
+			]);
 		}
 	}
 }

packages/backend/src/core/AnnouncementService.ts

@@ -72,7 +72,7 @@ export class AnnouncementService {
 			updatedAt: null,
 			title: values.title,
 			text: values.text,
-			imageUrl: values.imageUrl,
+			imageUrl: values.imageUrl || null,
 			icon: values.icon,
 			display: values.display,
 			forExistingUsers: values.forExistingUsers,

packages/backend/src/core/CreateSystemUserService.ts

@@ -7,7 +7,7 @@ import { randomUUID } from 'node:crypto';
 import { Inject, Injectable } from '@nestjs/common';
 import bcrypt from 'bcryptjs';
 import { IsNull, DataSource } from 'typeorm';
-import { genRsaKeyPair } from '@/misc/gen-key-pair.js';
+import { genRSAAndEd25519KeyPair } from '@/misc/gen-key-pair.js';
 import { MiUser } from '@/models/User.js';
 import { MiUserProfile } from '@/models/UserProfile.js';
 import { IdService } from '@/core/IdService.js';
@@ -38,7 +38,7 @@ export class CreateSystemUserService {
 		// Generate secret
 		const secret = generateNativeUserToken();
 
-		const keyPair = await genRsaKeyPair();
+		const keyPair = await genRSAAndEd25519KeyPair();
 
 		let account!: MiUser;
 
@@ -64,9 +64,8 @@ export class CreateSystemUserService {
 			}).then(x => transactionalEntityManager.findOneByOrFail(MiUser, x.identifiers[0]));
 
 			await transactionalEntityManager.insert(MiUserKeypair, {
-				publicKey: keyPair.publicKey,
-				privateKey: keyPair.privateKey,
 				userId: account.id,
+				...keyPair,
 			});
 
 			await transactionalEntityManager.insert(MiUserProfile, {

packages/backend/src/core/FetchInstanceMetadataService.ts

@@ -15,6 +15,7 @@ import { LoggerService } from '@/core/LoggerService.js';
 import { HttpRequestService } from '@/core/HttpRequestService.js';
 import { bindThis } from '@/decorators.js';
 import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
+import { REMOTE_SERVER_CACHE_TTL } from '@/const.js';
 import type { DOMWindow } from 'jsdom';
 
 type NodeInfo = {
@@ -24,6 +25,7 @@ type NodeInfo = {
 		version?: unknown;
 	};
 	metadata?: {
+		httpMessageSignaturesImplementationLevel?: unknown,
 		name?: unknown;
 		nodeName?: unknown;
 		nodeDescription?: unknown;
@@ -39,6 +41,7 @@ type NodeInfo = {
 @Injectable()
 export class FetchInstanceMetadataService {
 	private logger: Logger;
+	private httpColon = 'https://';
 
 	constructor(
 		private httpRequestService: HttpRequestService,
@@ -48,6 +51,7 @@ export class FetchInstanceMetadataService {
 		private redisClient: Redis.Redis,
 	) {
 		this.logger = this.loggerService.getLogger('metadata', 'cyan');
+		this.httpColon = process.env.MISSKEY_USE_HTTP?.toLowerCase() === 'true' ? 'http://' : 'https://';
 	}
 
 	@bindThis
@@ -59,7 +63,7 @@ export class FetchInstanceMetadataService {
 		return await this.redisClient.set(
 			`fetchInstanceMetadata:mutex:v2:${host}`, '1',
 			'EX', 30, // 30秒したら自動でロック解除 https://github.com/misskey-dev/misskey/issues/13506#issuecomment-1975375395
-			'GET' // 古い値を返す（なかったらnull）
+			'GET', // 古い値を返す（なかったらnull）
 		);
 	}
 
@@ -73,23 +77,24 @@ export class FetchInstanceMetadataService {
 	public async fetchInstanceMetadata(instance: MiInstance, force = false): Promise<void> {
 		const host = instance.host;
 
-		// finallyでunlockされてしまうのでtry内でロックチェックをしない
-		// （returnであってもfinallyは実行される）
-		if (!force && await this.tryLock(host) === '1') {
-			// 1が返ってきていたらロックされているという意味なので、何もしない
-			return;
+		if (!force) {
+			// キャッシュ有効チェックはロック取得前に行う
+			const _instance = await this.federatedInstanceService.fetchOrRegister(host);
+			const now = Date.now();
+			if (_instance && _instance.infoUpdatedAt != null && (now - _instance.infoUpdatedAt.getTime() < REMOTE_SERVER_CACHE_TTL)) {
+				this.logger.debug(`Skip because updated recently ${_instance.infoUpdatedAt.toJSON()}`);
+				return;
+			}
+
+			// finallyでunlockされてしまうのでtry内でロックチェックをしない
+			// （returnであってもfinallyは実行される）
+			if (await this.tryLock(host) === '1') {
+				// 1が返ってきていたら他にロックされているという意味なので、何もしない
+				return;
+			}
 		}
 
 		try {
-			if (!force) {
-				const _instance = await this.federatedInstanceService.fetchOrRegister(host);
-				const now = Date.now();
-				if (_instance && _instance.infoUpdatedAt && (now - _instance.infoUpdatedAt.getTime() < 1000 * 60 * 60 * 24)) {
-					// unlock at the finally caluse
-					return;
-				}
-			}
-
 			this.logger.info(`Fetching metadata of ${instance.host} ...`);
 
 			const [info, dom, manifest] = await Promise.all([
@@ -118,6 +123,14 @@ export class FetchInstanceMetadataService {
 				updates.openRegistrations = info.openRegistrations;
 				updates.maintainerName = info.metadata ? info.metadata.maintainer ? (info.metadata.maintainer.name ?? null) : null : null;
 				updates.maintainerEmail = info.metadata ? info.metadata.maintainer ? (info.metadata.maintainer.email ?? null) : null : null;
+				if (info.metadata && info.metadata.httpMessageSignaturesImplementationLevel && (
+					info.metadata.httpMessageSignaturesImplementationLevel === '01' ||
+					info.metadata.httpMessageSignaturesImplementationLevel === '11'
+				)) {
+					updates.httpMessageSignaturesImplementationLevel = info.metadata.httpMessageSignaturesImplementationLevel;
+				} else {
+					updates.httpMessageSignaturesImplementationLevel = '00';
+				}
 			}
 
 			if (name) updates.name = name;
@@ -129,6 +142,12 @@ export class FetchInstanceMetadataService {
 			await this.federatedInstanceService.update(instance.id, updates);
 
 			this.logger.succ(`Successfuly updated metadata of ${instance.host}`);
+			this.logger.debug('Updated metadata:', {
+				info: !!info,
+				dom: !!dom,
+				manifest: !!manifest,
+				updates,
+			});
 		} catch (e) {
 			this.logger.error(`Failed to update metadata of ${instance.host}: ${e}`);
 		} finally {
@@ -141,7 +160,7 @@ export class FetchInstanceMetadataService {
 		this.logger.info(`Fetching nodeinfo of ${instance.host} ...`);
 
 		try {
-			const wellknown = await this.httpRequestService.getJson('https://' + instance.host + '/.well-known/nodeinfo')
+			const wellknown = await this.httpRequestService.getJson(this.httpColon + instance.host + '/.well-known/nodeinfo')
 				.catch(err => {
 					if (err.statusCode === 404) {
 						throw new Error('No nodeinfo provided');
@@ -184,7 +203,7 @@ export class FetchInstanceMetadataService {
 	private async fetchDom(instance: MiInstance): Promise<DOMWindow['document']> {
 		this.logger.info(`Fetching HTML of ${instance.host} ...`);
 
-		const url = 'https://' + instance.host;
+		const url = this.httpColon + instance.host;
 
 		const html = await this.httpRequestService.getHtml(url);
 
@@ -196,7 +215,7 @@ export class FetchInstanceMetadataService {
 
 	@bindThis
 	private async fetchManifest(instance: MiInstance): Promise<Record<string, unknown> | null> {
-		const url = 'https://' + instance.host;
+		const url = this.httpColon + instance.host;
 
 		const manifestUrl = url + '/manifest.json';
 
@@ -207,7 +226,7 @@ export class FetchInstanceMetadataService {
 
 	@bindThis
 	private async fetchFaviconUrl(instance: MiInstance, doc: DOMWindow['document'] | null): Promise<string | null> {
-		const url = 'https://' + instance.host;
+		const url = this.httpColon + instance.host;
 
 		if (doc) {
 			// https://github.com/misskey-dev/misskey/pull/8220#issuecomment-1025104043
@@ -234,12 +253,12 @@ export class FetchInstanceMetadataService {
 	@bindThis
 	private async fetchIconUrl(instance: MiInstance, doc: DOMWindow['document'] | null, manifest: Record<string, any> | null): Promise<string | null> {
 		if (manifest && manifest.icons && manifest.icons.length > 0 && manifest.icons[0].src) {
-			const url = 'https://' + instance.host;
+			const url = this.httpColon + instance.host;
 			return (new URL(manifest.icons[0].src, url)).href;
 		}
 
 		if (doc) {
-			const url = 'https://' + instance.host;
+			const url = this.httpColon + instance.host;
 
 			// https://github.com/misskey-dev/misskey/pull/8220#issuecomment-1025104043
 			const links = Array.from(doc.getElementsByTagName('link')).reverse();

packages/backend/src/core/GlobalEventService.ts

@@ -249,6 +249,7 @@ export interface InternalEventTypes {
 	unmute: { muterId: MiUser['id']; muteeId: MiUser['id']; };
 	userListMemberAdded: { userListId: MiUserList['id']; memberId: MiUser['id']; };
 	userListMemberRemoved: { userListId: MiUserList['id']; memberId: MiUser['id']; };
+	userKeypairUpdated: { userId: MiUser['id']; };
 }
 
 type EventTypesToEventPayload<T> = EventUnionFromDictionary<UndefinedAsNullAll<SerializedAll<T>>>;

packages/backend/src/core/HttpRequestService.ts

@@ -70,7 +70,7 @@ export class HttpRequestService {
 			localAddress: config.outgoingAddress,
 		});
 
-		const maxSockets = Math.max(256, config.deliverJobConcurrency ?? 128);
+		const maxSockets = Math.max(256, config.deliverJobConcurrency ?? 16);
 
 		this.httpAgent = config.proxy
 			? new HttpProxyAgent({

packages/backend/src/core/QueueService.ts

@@ -7,13 +7,14 @@ import { randomUUID } from 'node:crypto';
 import { Inject, Injectable } from '@nestjs/common';
 import type { IActivity } from '@/core/activitypub/type.js';
 import type { MiDriveFile } from '@/models/DriveFile.js';
-import type { MiWebhook, WebhookEventTypes, webhookEventTypes } from '@/models/Webhook.js';
+import type { MiWebhook, WebhookEventTypes } from '@/models/Webhook.js';
 import type { MiSystemWebhook, SystemWebhookEventType } from '@/models/SystemWebhook.js';
 import type { Config } from '@/config.js';
 import { DI } from '@/di-symbols.js';
 import { bindThis } from '@/decorators.js';
 import type { Antenna } from '@/server/api/endpoints/i/import-antennas.js';
-import { ApRequestCreator } from '@/core/activitypub/ApRequestService.js';
+import { type SystemWebhookPayload } from '@/core/SystemWebhookService.js';
+import { type UserWebhookPayload } from './UserWebhookService.js';
 import type {
 	DbJobData,
 	DeliverJobData,
@@ -30,12 +31,11 @@ import type {
 	ObjectStorageQueue,
 	RelationshipQueue,
 	SystemQueue,
-	UserWebhookDeliverQueue,
 	SystemWebhookDeliverQueue,
+	UserWebhookDeliverQueue,
 } from './QueueModule.js';
-import type httpSignature from '@peertube/http-signature';
+import { genRFC3230DigestHeader, type PrivateKeyWithPem, type ParsedSignature } from '@misskey-dev/node-http-message-signatures';
 import type * as Bull from 'bullmq';
-import { type UserWebhookPayload } from './UserWebhookService.js';
 
 @Injectable()
 export class QueueService {
@@ -104,21 +104,21 @@ export class QueueService {
 	}
 
 	@bindThis
-	public deliver(user: ThinUser, content: IActivity | null, to: string | null, isSharedInbox: boolean) {
+	public async deliver(user: ThinUser, content: IActivity | null, to: string | null, isSharedInbox: boolean, privateKey?: PrivateKeyWithPem) {
 		if (content == null) return null;
 		if (to == null) return null;
 
 		const contentBody = JSON.stringify(content);
-		const digest = ApRequestCreator.createDigest(contentBody);
 
 		const data: DeliverJobData = {
 			user: {
 				id: user.id,
 			},
 			content: contentBody,
-			digest,
+			digest: await genRFC3230DigestHeader(contentBody, 'SHA-256'),
 			to,
 			isSharedInbox,
+			privateKey,
 		};
 
 		return this.deliverQueue.add(to, data, {
@@ -136,13 +136,13 @@ export class QueueService {
 	 * @param user `{ id: string; }` この関数ではThinUserに変換しないので前もって変換してください
 	 * @param content IActivity | null
 	 * @param inboxes `Map<string, boolean>` / key: to (inbox url), value: isSharedInbox (whether it is sharedInbox)
+	 * @param forceMainKey boolean | undefined, force to use main (rsa) key
 	 * @returns void
 	 */
 	@bindThis
-	public async deliverMany(user: ThinUser, content: IActivity | null, inboxes: Map<string, boolean>) {
+	public async deliverMany(user: ThinUser, content: IActivity | null, inboxes: Map<string, boolean>, privateKey?: PrivateKeyWithPem) {
 		if (content == null) return null;
 		const contentBody = JSON.stringify(content);
-		const digest = ApRequestCreator.createDigest(contentBody);
 
 		const opts = {
 			attempts: this.config.deliverJobMaxAttempts ?? 12,
@@ -158,9 +158,9 @@ export class QueueService {
 			data: {
 				user,
 				content: contentBody,
-				digest,
 				to: d[0],
 				isSharedInbox: d[1],
+				privateKey,
 			} as DeliverJobData,
 			opts,
 		})));
@@ -169,7 +169,7 @@ export class QueueService {
 	}
 
 	@bindThis
-	public inbox(activity: IActivity, signature: httpSignature.IParsedSignature) {
+	public inbox(activity: IActivity, signature: ParsedSignature | null) {
 		const data = {
 			activity: activity,
 			signature,
@@ -501,10 +501,10 @@ export class QueueService {
 	 * @see SystemWebhookDeliverProcessorService
 	 */
 	@bindThis
-	public systemWebhookDeliver(
+	public systemWebhookDeliver<T extends SystemWebhookEventType>(
 		webhook: MiSystemWebhook,
-		type: SystemWebhookEventType,
-		content: unknown,
+		type: T,
+		content: SystemWebhookPayload<T>,
 		opts?: { attempts?: number },
 	) {
 		const data: SystemWebhookDeliverJobData = {

packages/backend/src/core/RelayService.ts

@@ -16,6 +16,8 @@ import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
 import { DI } from '@/di-symbols.js';
 import { deepClone } from '@/misc/clone.js';
 import { bindThis } from '@/decorators.js';
+import { UserKeypairService } from './UserKeypairService.js';
+import type { PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
 
 const ACTOR_USERNAME = 'relay.actor' as const;
 
@@ -34,6 +36,7 @@ export class RelayService {
 		private queueService: QueueService,
 		private createSystemUserService: CreateSystemUserService,
 		private apRendererService: ApRendererService,
+		private userKeypairService: UserKeypairService,
 	) {
 		this.relaysCache = new MemorySingleCache<MiRelay[]>(1000 * 60 * 10); // 10m
 	}
@@ -111,7 +114,7 @@ export class RelayService {
 	}
 
 	@bindThis
-	public async deliverToRelays(user: { id: MiUser['id']; host: null; }, activity: any): Promise<void> {
+	public async deliverToRelays(user: { id: MiUser['id']; host: null; }, activity: any, privateKey?: PrivateKeyWithPem): Promise<void> {
 		if (activity == null) return;
 
 		const relays = await this.relaysCache.fetch(() => this.relaysRepository.findBy({
@@ -121,11 +124,9 @@ export class RelayService {
 
 		const copy = deepClone(activity);
 		if (!copy.to) copy.to = ['https://www.w3.org/ns/activitystreams#Public'];
+		privateKey = privateKey ?? await this.userKeypairService.getLocalUserPrivateKeyPem(user.id);
+		const signed = await this.apRendererService.attachLdSignature(copy, privateKey);
 
-		const signed = await this.apRendererService.attachLdSignature(copy, user);
-
-		for (const relay of relays) {
-			this.queueService.deliver(user, signed, relay.inbox, false);
-		}
+		this.queueService.deliverMany(user, signed, new Map(relays.map(({ inbox }) => [inbox, false])), privateKey);
 	}
 }

packages/backend/src/core/SignupService.ts

@@ -3,7 +3,6 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
-import { generateKeyPair } from 'node:crypto';
 import { Inject, Injectable } from '@nestjs/common';
 import bcrypt from 'bcryptjs';
 import { DataSource, IsNull } from 'typeorm';
@@ -20,6 +19,7 @@ import { InstanceActorService } from '@/core/InstanceActorService.js';
 import { bindThis } from '@/decorators.js';
 import UsersChart from '@/core/chart/charts/users.js';
 import { UtilityService } from '@/core/UtilityService.js';
+import { genRSAAndEd25519KeyPair } from '@/misc/gen-key-pair.js';
 import { UserService } from '@/core/UserService.js';
 
 @Injectable()
@@ -95,22 +95,7 @@ export class SignupService {
 			}
 		}
 
-		const keyPair = await new Promise<string[]>((res, rej) =>
-			generateKeyPair('rsa', {
-				modulusLength: 2048,
-				publicKeyEncoding: {
-					type: 'spki',
-					format: 'pem',
-				},
-				privateKeyEncoding: {
-					type: 'pkcs8',
-					format: 'pem',
-					cipher: undefined,
-					passphrase: undefined,
-				},
-			}, (err, publicKey, privateKey) =>
-				err ? rej(err) : res([publicKey, privateKey]),
-			));
+		const keyPair = await genRSAAndEd25519KeyPair();
 
 		let account!: MiUser;
 
@@ -133,9 +118,8 @@ export class SignupService {
 			}));
 
 			await transactionalEntityManager.save(new MiUserKeypair({
-				publicKey: keyPair[0],
-				privateKey: keyPair[1],
 				userId: account.id,
+				...keyPair,
 			}));
 
 			await transactionalEntityManager.save(new MiUserProfile({

packages/backend/src/core/SystemWebhookService.ts

@@ -15,8 +15,39 @@ import { QueueService } from '@/core/QueueService.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
 import { LoggerService } from '@/core/LoggerService.js';
 import Logger from '@/logger.js';
+import { Packed } from '@/misc/json-schema.js';
+import { AbuseReportResolveType } from '@/models/AbuseUserReport.js';
+import { ModeratorInactivityRemainingTime } from '@/queue/processors/CheckModeratorsActivityProcessorService.js';
 import type { OnApplicationShutdown } from '@nestjs/common';
 
+export type AbuseReportPayload = {
+	id: string;
+	targetUserId: string;
+	targetUser: Packed<'UserLite'> | null;
+	targetUserHost: string | null;
+	reporterId: string;
+	reporter: Packed<'UserLite'> | null;
+	reporterHost: string | null;
+	assigneeId: string | null;
+	assignee: Packed<'UserLite'> | null;
+	resolved: boolean;
+	forwarded: boolean;
+	comment: string;
+	moderationNote: string;
+	resolvedAs: AbuseReportResolveType | null;
+};
+
+export type InactiveModeratorsWarningPayload = {
+	remainingTime: ModeratorInactivityRemainingTime;
+};
+
+export type SystemWebhookPayload<T extends SystemWebhookEventType> =
+	T extends 'abuseReport' | 'abuseReportResolved' ? AbuseReportPayload :
+	T extends 'userCreated' ? Packed<'UserLite'> :
+	T extends 'inactiveModeratorsWarning' ? InactiveModeratorsWarningPayload :
+	T extends 'inactiveModeratorsInvitationOnlyChanged' ? Record<string, never> :
+		never;
+
 @Injectable()
 export class SystemWebhookService implements OnApplicationShutdown {
 	private logger: Logger;
@@ -168,7 +199,7 @@ export class SystemWebhookService implements OnApplicationShutdown {
 	public async enqueueSystemWebhook<T extends SystemWebhookEventType>(
 		webhook: MiSystemWebhook | MiSystemWebhook['id'],
 		type: T,
-		content: unknown,
+		content: SystemWebhookPayload<T>,
 	) {
 		const webhookEntity = typeof webhook === 'string'
 			? (await this.fetchActiveSystemWebhooks()).find(a => a.id === webhook)

packages/backend/src/core/UserKeypairService.ts

@@ -5,41 +5,184 @@
 
 import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';
 import * as Redis from 'ioredis';
+import { genEd25519KeyPair, importPrivateKey, PrivateKey, PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
 import type { MiUser } from '@/models/User.js';
 import type { UserKeypairsRepository } from '@/models/_.js';
-import { RedisKVCache } from '@/misc/cache.js';
+import { RedisKVCache, MemoryKVCache } from '@/misc/cache.js';
 import type { MiUserKeypair } from '@/models/UserKeypair.js';
 import { DI } from '@/di-symbols.js';
 import { bindThis } from '@/decorators.js';
+import { GlobalEventService, GlobalEvents } from '@/core/GlobalEventService.js';
+import { UserEntityService } from '@/core/entities/UserEntityService.js';
+import type { webcrypto } from 'node:crypto';
 
 @Injectable()
 export class UserKeypairService implements OnApplicationShutdown {
-	private cache: RedisKVCache<MiUserKeypair>;
+	private keypairEntityCache: RedisKVCache<MiUserKeypair>;
+	private privateKeyObjectCache: MemoryKVCache<webcrypto.CryptoKey>;
 
 	constructor(
 		@Inject(DI.redis)
 		private redisClient: Redis.Redis,
-
+		@Inject(DI.redisForSub)
+		private redisForSub: Redis.Redis,
 		@Inject(DI.userKeypairsRepository)
 		private userKeypairsRepository: UserKeypairsRepository,
+
+		private globalEventService: GlobalEventService,
+		private userEntityService: UserEntityService,
 	) {
-		this.cache = new RedisKVCache<MiUserKeypair>(this.redisClient, 'userKeypair', {
+		this.keypairEntityCache = new RedisKVCache<MiUserKeypair>(this.redisClient, 'userKeypair', {
 			lifetime: 1000 * 60 * 60 * 24, // 24h
 			memoryCacheLifetime: 1000 * 60 * 60, // 1h
 			fetcher: (key) => this.userKeypairsRepository.findOneByOrFail({ userId: key }),
 			toRedisConverter: (value) => JSON.stringify(value),
 			fromRedisConverter: (value) => JSON.parse(value),
 		});
+		this.privateKeyObjectCache = new MemoryKVCache<webcrypto.CryptoKey>(1000 * 60 * 60 * 1);
+
+		this.redisForSub.on('message', this.onMessage);
 	}
 
 	@bindThis
 	public async getUserKeypair(userId: MiUser['id']): Promise<MiUserKeypair> {
-		return await this.cache.fetch(userId);
+		return await this.keypairEntityCache.fetch(userId);
+	}
+
+	/**
+	 * Get private key [Only PrivateKeyWithPem for queue data etc.]
+	 * @param userIdOrHint user id or MiUserKeypair
+	 * @param preferType
+	 *		If ed25519-like(`ed25519`, `01`, `11`) is specified, ed25519 keypair will be returned if exists.
+	 *		Otherwise, main keypair will be returned.
+	 * @returns
+	 */
+	@bindThis
+	public async getLocalUserPrivateKeyPem(
+		userIdOrHint: MiUser['id'] | MiUserKeypair,
+		preferType?: string,
+	): Promise<PrivateKeyWithPem> {
+		const keypair = typeof userIdOrHint === 'string' ? await this.getUserKeypair(userIdOrHint) : userIdOrHint;
+		if (
+			preferType && ['01', '11', 'ed25519'].includes(preferType.toLowerCase()) &&
+			keypair.ed25519PublicKey != null && keypair.ed25519PrivateKey != null
+		) {
+			return {
+				keyId: `${this.userEntityService.genLocalUserUri(keypair.userId)}#ed25519-key`,
+				privateKeyPem: keypair.ed25519PrivateKey,
+			};
+		}
+		return {
+			keyId: `${this.userEntityService.genLocalUserUri(keypair.userId)}#main-key`,
+			privateKeyPem: keypair.privateKey,
+		};
+	}
+
+	/**
+	 * Get private key [Only PrivateKey for ap request]
+	 * Using cache due to performance reasons of `crypto.subtle.importKey`
+	 * @param userIdOrHint user id, MiUserKeypair, or PrivateKeyWithPem
+	 * @param preferType
+	 * 		If ed25519-like(`ed25519`, `01`, `11`) is specified, ed25519 keypair will be returned if exists.
+	 *		Otherwise, main keypair will be returned. (ignored if userIdOrHint is PrivateKeyWithPem)
+	 * @returns
+	 */
+	@bindThis
+	public async getLocalUserPrivateKey(
+		userIdOrHint: MiUser['id'] | MiUserKeypair | PrivateKeyWithPem,
+		preferType?: string,
+	): Promise<PrivateKey> {
+		if (typeof userIdOrHint === 'object' && 'privateKeyPem' in userIdOrHint) {
+			// userIdOrHint is PrivateKeyWithPem
+			return {
+				keyId: userIdOrHint.keyId,
+				privateKey: await this.privateKeyObjectCache.fetch(userIdOrHint.keyId, async () => {
+					return await importPrivateKey(userIdOrHint.privateKeyPem);
+				}),
+			};
+		}
+
+		const userId = typeof userIdOrHint === 'string' ? userIdOrHint : userIdOrHint.userId;
+		const getKeypair = () => typeof userIdOrHint === 'string' ? this.getUserKeypair(userId) : userIdOrHint;
+
+		if (preferType && ['01', '11', 'ed25519'].includes(preferType.toLowerCase())) {
+			const keyId = `${this.userEntityService.genLocalUserUri(userId)}#ed25519-key`;
+			const fetched = await this.privateKeyObjectCache.fetchMaybe(keyId, async () => {
+				const keypair = await getKeypair();
+				if (keypair.ed25519PublicKey != null && keypair.ed25519PrivateKey != null) {
+					return await importPrivateKey(keypair.ed25519PrivateKey);
+				}
+				return;
+			});
+			if (fetched) {
+				return {
+					keyId,
+					privateKey: fetched,
+				};
+			}
+		}
+
+		const keyId = `${this.userEntityService.genLocalUserUri(userId)}#main-key`;
+		return {
+			keyId,
+			privateKey: await this.privateKeyObjectCache.fetch(keyId, async () => {
+				const keypair = await getKeypair();
+				return await importPrivateKey(keypair.privateKey);
+			}),
+		};
 	}
 
+	@bindThis
+	public async refresh(userId: MiUser['id']): Promise<void> {
+		return await this.keypairEntityCache.refresh(userId);
+	}
+
+	/**
+	 * If DB has ed25519 keypair, refresh cache and return it.
+	 * If not, create, save and return ed25519 keypair.
+	 * @param userId user id
+	 * @returns MiUserKeypair if keypair is created, void if keypair is already exists
+	 */
+	@bindThis
+	public async refreshAndPrepareEd25519KeyPair(userId: MiUser['id']): Promise<MiUserKeypair | void> {
+		await this.refresh(userId);
+		const keypair = await this.keypairEntityCache.fetch(userId);
+		if (keypair.ed25519PublicKey != null) {
+			return;
+		}
+
+		const ed25519 = await genEd25519KeyPair();
+		await this.userKeypairsRepository.update({ userId }, {
+			ed25519PublicKey: ed25519.publicKey,
+			ed25519PrivateKey: ed25519.privateKey,
+		});
+		this.globalEventService.publishInternalEvent('userKeypairUpdated', { userId });
+		const result = {
+			...keypair,
+			ed25519PublicKey: ed25519.publicKey,
+			ed25519PrivateKey: ed25519.privateKey,
+		};
+		this.keypairEntityCache.set(userId, result);
+		return result;
+	}
+
+	@bindThis
+	private async onMessage(_: string, data: string): Promise<void> {
+		const obj = JSON.parse(data);
+
+		if (obj.channel === 'internal') {
+			const { type, body } = obj.message as GlobalEvents['internal']['payload'];
+			switch (type) {
+				case 'userKeypairUpdated': {
+					this.refresh(body.userId);
+					break;
+				}
+			}
+		}
+	}
 	@bindThis
 	public dispose(): void {
-		this.cache.dispose();
+		this.keypairEntityCache.dispose();
 	}
 
 	@bindThis

packages/backend/src/core/UserSuspendService.ts

@@ -7,14 +7,16 @@ import { Inject, Injectable } from '@nestjs/common';
 import { Not, IsNull } from 'typeorm';
 import type { FollowingsRepository, FollowRequestsRepository, UsersRepository } from '@/models/_.js';
 import type { MiUser } from '@/models/User.js';
-import { QueueService } from '@/core/QueueService.js';
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { DI } from '@/di-symbols.js';
 import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { bindThis } from '@/decorators.js';
+import { UserKeypairService } from './UserKeypairService.js';
+import { ApDeliverManagerService } from './activitypub/ApDeliverManagerService.js';
 import { RelationshipJobData } from '@/queue/types.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
+import { QueueService } from '@/core/QueueService.js';
 
 @Injectable()
 export class UserSuspendService {
@@ -32,6 +34,8 @@ export class UserSuspendService {
 		private queueService: QueueService,
 		private globalEventService: GlobalEventService,
 		private apRendererService: ApRendererService,
+		private userKeypairService: UserKeypairService,
+		private apDeliverManagerService: ApDeliverManagerService,
 		private moderationLogService: ModerationLogService,
 	) {
 	}
@@ -83,28 +87,12 @@ export class UserSuspendService {
 		});
 
 		if (this.userEntityService.isLocalUser(user)) {
-			// 知り得る全SharedInboxにDelete配信
 			const content = this.apRendererService.addContext(this.apRendererService.renderDelete(this.userEntityService.genLocalUserUri(user.id), user));
-
-			const queue: string[] = [];
-
-			const followings = await this.followingsRepository.find({
-				where: [
-					{ followerSharedInbox: Not(IsNull()) },
-					{ followeeSharedInbox: Not(IsNull()) },
-				],
-				select: ['followerSharedInbox', 'followeeSharedInbox'],
-			});
-
-			const inboxes = followings.map(x => x.followerSharedInbox ?? x.followeeSharedInbox);
-
-			for (const inbox of inboxes) {
-				if (inbox != null && !queue.includes(inbox)) queue.push(inbox);
-			}
-
-			for (const inbox of queue) {
-				this.queueService.deliver(user, content, inbox, true);
-			}
+			const manager = this.apDeliverManagerService.createDeliverManager(user, content);
+			manager.addAllKnowingSharedInboxRecipe();
+			// process deliver時にはキーペアが消去されているはずなので、ここで挿入する
+			const privateKey = await this.userKeypairService.getLocalUserPrivateKeyPem(user.id, 'main');
+			manager.execute({ privateKey });
 		}
 	}
 
@@ -113,28 +101,12 @@ export class UserSuspendService {
 		this.globalEventService.publishInternalEvent('userChangeSuspendedState', { id: user.id, isSuspended: false });
 
 		if (this.userEntityService.isLocalUser(user)) {
-			// 知り得る全SharedInboxにUndo Delete配信
 			const content = this.apRendererService.addContext(this.apRendererService.renderUndo(this.apRendererService.renderDelete(this.userEntityService.genLocalUserUri(user.id), user), user));
-
-			const queue: string[] = [];
-
-			const followings = await this.followingsRepository.find({
-				where: [
-					{ followerSharedInbox: Not(IsNull()) },
-					{ followeeSharedInbox: Not(IsNull()) },
-				],
-				select: ['followerSharedInbox', 'followeeSharedInbox'],
-			});
-
-			const inboxes = followings.map(x => x.followerSharedInbox ?? x.followeeSharedInbox);
-
-			for (const inbox of inboxes) {
-				if (inbox != null && !queue.includes(inbox)) queue.push(inbox);
-			}
-
-			for (const inbox of queue) {
-				this.queueService.deliver(user as any, content, inbox, true);
-			}
+			const manager = this.apDeliverManagerService.createDeliverManager(user, content);
+			manager.addAllKnowingSharedInboxRecipe();
+			// process deliver時にはキーペアが消去されているはずなので、ここで挿入する
+			const privateKey = await this.userKeypairService.getLocalUserPrivateKeyPem(user.id, 'main');
+			manager.execute({ privateKey });
 		}
 	}
 

packages/backend/src/core/WebfingerService.ts

@@ -46,7 +46,7 @@ export class WebfingerService {
 		const m = query.match(mRegex);
 		if (m) {
 			const hostname = m[2];
-			const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
+			const useHttp = process.env.MISSKEY_USE_HTTP && process.env.MISSKEY_USE_HTTP.toLowerCase() === 'true';
 			return `http${useHttp ? '' : 's'}://${hostname}/.well-known/webfinger?${urlQuery({ resource: `acct:${query}` })}`;
 		}
 

packages/backend/src/core/WebhookTestService.ts

@@ -7,7 +7,7 @@ import { Injectable } from '@nestjs/common';
 import { MiAbuseUserReport, MiNote, MiUser, MiWebhook } from '@/models/_.js';
 import { bindThis } from '@/decorators.js';
 import { MiSystemWebhook, type SystemWebhookEventType } from '@/models/SystemWebhook.js';
-import { SystemWebhookService } from '@/core/SystemWebhookService.js';
+import { AbuseReportPayload, SystemWebhookPayload, SystemWebhookService } from '@/core/SystemWebhookService.js';
 import { Packed } from '@/misc/json-schema.js';
 import { type WebhookEventTypes } from '@/models/Webhook.js';
 import { type UserWebhookPayload, UserWebhookService } from '@/core/UserWebhookService.js';
@@ -16,13 +16,7 @@ import { ModeratorInactivityRemainingTime } from '@/queue/processors/CheckModera
 
 const oneDayMillis = 24 * 60 * 60 * 1000;
 
-type AbuseUserReportDto = Omit<MiAbuseUserReport, 'targetUser' | 'reporter' | 'assignee'> & {
-	targetUser: Packed<'UserLite'> | null,
-	reporter: Packed<'UserLite'> | null,
-	assignee: Packed<'UserLite'> | null,
-};
-
-function generateAbuseReport(override?: Partial<MiAbuseUserReport>): AbuseUserReportDto {
+function generateAbuseReport(override?: Partial<MiAbuseUserReport>): AbuseReportPayload {
 	const result: MiAbuseUserReport = {
 		id: 'dummy-abuse-report1',
 		targetUserId: 'dummy-target-user',
@@ -389,7 +383,8 @@ export class WebhookTestService {
 				break;
 			}
 			// まだ実装されていない (#9485)
-			case 'reaction': return;
+			case 'reaction':
+				return;
 			default: {
 				// eslint-disable-next-line @typescript-eslint/no-unused-vars
 				const _exhaustiveAssertion: never = params.type;
@@ -407,10 +402,10 @@ export class WebhookTestService {
 	 * - 送信対象イベント（on）に関する設定
 	 */
 	@bindThis
-	public async testSystemWebhook(
+	public async testSystemWebhook<T extends SystemWebhookEventType>(
 		params: {
 			webhookId: MiSystemWebhook['id'],
-			type: SystemWebhookEventType,
+			type: T,
 			override?: Partial<Omit<MiSystemWebhook, 'id'>>,
 		},
 	) {
@@ -420,7 +415,7 @@ export class WebhookTestService {
 		}
 
 		const webhook = webhooks[0];
-		const send = (contents: unknown) => {
+		const send = <U extends SystemWebhookEventType>(type: U, contents: SystemWebhookPayload<U>) => {
 			const merged = {
 				...webhook,
 				...params.override,
@@ -428,12 +423,12 @@ export class WebhookTestService {
 
 			// テスト目的なのでSystemWebhookServiceの機能を経由せず直接キューに追加する（チェック処理などをスキップする意図）.
 			// また、Jobの試行回数も1回だけ.
-			this.queueService.systemWebhookDeliver(merged, params.type, contents, { attempts: 1 });
+			this.queueService.systemWebhookDeliver(merged, type, contents, { attempts: 1 });
 		};
 
 		switch (params.type) {
 			case 'abuseReport': {
-				send(generateAbuseReport({
+				send('abuseReport', generateAbuseReport({
 					targetUserId: dummyUser1.id,
 					targetUser: dummyUser1,
 					reporterId: dummyUser2.id,
@@ -442,7 +437,7 @@ export class WebhookTestService {
 				break;
 			}
 			case 'abuseReportResolved': {
-				send(generateAbuseReport({
+				send('abuseReportResolved', generateAbuseReport({
 					targetUserId: dummyUser1.id,
 					targetUser: dummyUser1,
 					reporterId: dummyUser2.id,
@@ -454,7 +449,7 @@ export class WebhookTestService {
 				break;
 			}
 			case 'userCreated': {
-				send(toPackedUserLite(dummyUser1));
+				send('userCreated', toPackedUserLite(dummyUser1));
 				break;
 			}
 			case 'inactiveModeratorsWarning': {
@@ -464,15 +459,20 @@ export class WebhookTestService {
 					asHours: 24,
 				};
 
-				send({
+				send('inactiveModeratorsWarning', {
 					remainingTime: dummyTime,
 				});
 				break;
 			}
 			case 'inactiveModeratorsInvitationOnlyChanged': {
-				send({});
+				send('inactiveModeratorsInvitationOnlyChanged', {});
 				break;
 			}
+			default: {
+				// eslint-disable-next-line @typescript-eslint/no-unused-vars
+				const _exhaustiveAssertion: never = params.type;
+				return;
+			}
 		}
 	}
 }

packages/backend/src/core/activitypub/ApDbResolverService.ts

@@ -4,8 +4,9 @@
  */
 
 import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';
+import * as Redis from 'ioredis';
 import { DI } from '@/di-symbols.js';
-import type { NotesRepository, UserPublickeysRepository, UsersRepository } from '@/models/_.js';
+import type { MiUser, NotesRepository, UserPublickeysRepository, UsersRepository } from '@/models/_.js';
 import type { Config } from '@/config.js';
 import { MemoryKVCache } from '@/misc/cache.js';
 import type { MiUserPublickey } from '@/models/UserPublickey.js';
@@ -13,9 +14,13 @@ import { CacheService } from '@/core/CacheService.js';
 import type { MiNote } from '@/models/Note.js';
 import { bindThis } from '@/decorators.js';
 import { MiLocalUser, MiRemoteUser } from '@/models/User.js';
+import Logger from '@/logger.js';
+import { UtilityService } from '@/core/UtilityService.js';
 import { getApId } from './type.js';
 import { ApPersonService } from './models/ApPersonService.js';
+import { ApLoggerService } from './ApLoggerService.js';
 import type { IObject } from './type.js';
+import { GlobalEvents } from '@/core/GlobalEventService.js';
 
 export type UriParseResult = {
 	/** wether the URI was generated by us */
@@ -35,8 +40,8 @@ export type UriParseResult = {
 
 @Injectable()
 export class ApDbResolverService implements OnApplicationShutdown {
-	private publicKeyCache: MemoryKVCache<MiUserPublickey | null>;
-	private publicKeyByUserIdCache: MemoryKVCache<MiUserPublickey | null>;
+	private publicKeyByUserIdCache: MemoryKVCache<MiUserPublickey[] | null>;
+	private logger: Logger;
 
 	constructor(
 		@Inject(DI.config)
@@ -51,11 +56,23 @@ export class ApDbResolverService implements OnApplicationShutdown {
 		@Inject(DI.userPublickeysRepository)
 		private userPublickeysRepository: UserPublickeysRepository,
 
+		@Inject(DI.redisForSub)
+		private redisForSub: Redis.Redis,
+
 		private cacheService: CacheService,
 		private apPersonService: ApPersonService,
+		private apLoggerService: ApLoggerService,
+		private utilityService: UtilityService,
 	) {
-		this.publicKeyCache = new MemoryKVCache<MiUserPublickey | null>(1000 * 60 * 60 * 12); // 12h
-		this.publicKeyByUserIdCache = new MemoryKVCache<MiUserPublickey | null>(1000 * 60 * 60 * 12); // 12h
+		this.publicKeyByUserIdCache = new MemoryKVCache<MiUserPublickey[] | null>(1000 * 60 * 60 * 12); // 12h
+		this.logger = this.apLoggerService.logger.createSubLogger('db-resolver');
+		this.redisForSub.on('message', this.onMessage);
+	}
+
+	private punyHost(url: string): string {
+		const urlObj = new URL(url);
+		const host = `${this.utilityService.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`;
+		return host;
 	}
 
 	@bindThis
@@ -116,63 +133,159 @@ export class ApDbResolverService implements OnApplicationShutdown {
 		}
 	}
 
-	/**
-	 * AP KeyId => Misskey User and Key
-	 */
 	@bindThis
-	public async getAuthUserFromKeyId(keyId: string): Promise<{
-		user: MiRemoteUser;
-		key: MiUserPublickey;
-	} | null> {
-		const key = await this.publicKeyCache.fetch(keyId, async () => {
-			const key = await this.userPublickeysRepository.findOneBy({
-				keyId,
-			});
-
-			if (key == null) return null;
-
-			return key;
-		}, key => key != null);
-
-		if (key == null) return null;
-
-		const user = await this.cacheService.findUserById(key.userId).catch(() => null) as MiRemoteUser | null;
-		if (user == null) return null;
-		if (user.isDeleted) return null;
-
-		return {
-			user,
-			key,
-		};
+	private async refreshAndFindKey(userId: MiUser['id'], keyId: string): Promise<MiUserPublickey | null> {
+		this.refreshCacheByUserId(userId);
+		const keys = await this.getPublicKeyByUserId(userId);
+		if (keys == null || !Array.isArray(keys) || keys.length === 0) {
+			this.logger.warn(`No key found (refreshAndFindKey) userId=${userId} keyId=${keyId} keys=${JSON.stringify(keys)}`);
+			return null;
+		}
+		const exactKey = keys.find(x => x.keyId === keyId);
+		if (exactKey) return exactKey;
+		this.logger.warn(`No exact key found (refreshAndFindKey) userId=${userId} keyId=${keyId} keys=${JSON.stringify(keys)}`);
+		return null;
 	}
 
 	/**
 	 * AP Actor id => Misskey User and Key
+	 * @param uri AP Actor id
+	 * @param keyId Key id to find. If not specified, main key will be selected.
+	 * @returns
+	 *	1. `null` if the user and key host do not match
+	 *	2. `{ user: null, key: null }` if the user is not found
+	 *	3. `{ user: MiRemoteUser, key: null }` if key is not found
+	 *  4. `{ user: MiRemoteUser, key: MiUserPublickey }` if both are found
 	 */
 	@bindThis
-	public async getAuthUserFromApId(uri: string): Promise<{
+	public async getAuthUserFromApId(uri: string, keyId?: string): Promise<{
 		user: MiRemoteUser;
 		key: MiUserPublickey | null;
-	} | null> {
-		const user = await this.apPersonService.resolvePerson(uri) as MiRemoteUser;
-		if (user.isDeleted) return null;
+	} | {
+		user: null;
+		key: null;
+	} |
+	null> {
+		if (keyId) {
+			if (this.punyHost(uri) !== this.punyHost(keyId)) {
+				/**
+				 * keyIdはURL形式かつkeyIdのホストはuriのホストと一致するはず
+				 * （ApPersonService.validateActorに由来）
+				 *
+				 * ただ、Mastodonはリプライ関連で他人のトゥートをHTTP Signature署名して送ってくることがある
+				 * そのような署名は有効性に疑問があるので無視することにする
+				 * ここではuriとkeyIdのホストが一致しない場合は無視する
+				 * ハッシュをなくしたkeyIdとuriの同一性を比べてみてもいいが、`uri#*-key`というkeyIdを設定するのが
+				 * 決まりごとというわけでもないため幅を持たせることにする
+				 *
+				 *
+				 * The keyId should be in URL format and its host should match the host of the uri
+				 * (derived from ApPersonService.validateActor)
+				 *
+				 * However, Mastodon sometimes sends toots from other users with HTTP Signature signing for reply-related purposes
+				 * Such signatures are of questionable validity, so we choose to ignore them
+				 * Here, we ignore cases where the hosts of uri and keyId do not match
+				 * We could also compare the equality of keyId without the hash and uri, but since setting a keyId like `uri#*-key`
+				 * is not a strict rule, we decide to allow for some flexibility
+				 */
+				this.logger.warn(`actor uri and keyId are not matched uri=${uri} keyId=${keyId}`);
+				return null;
+			}
+		}
 
-		const key = await this.publicKeyByUserIdCache.fetch(
-			user.id,
-			() => this.userPublickeysRepository.findOneBy({ userId: user.id }),
+		const user = await this.apPersonService.resolvePerson(uri, undefined, true) as MiRemoteUser;
+		if (user.isDeleted) return { user: null, key: null };
+
+		const keys = await this.getPublicKeyByUserId(user.id);
+
+		if (keys == null || !Array.isArray(keys) || keys.length === 0) {
+			this.logger.warn(`No key found uri=${uri} userId=${user.id} keys=${JSON.stringify(keys)}`);
+			return { user, key: null };
+		}
+
+		if (!keyId) {
+			// Choose the main-like
+			const mainKey = keys.find(x => {
+				try {
+					const url = new URL(x.keyId);
+					const path = url.pathname.split('/').pop()?.toLowerCase();
+					if (url.hash) {
+						if (url.hash.toLowerCase().includes('main')) {
+							return true;
+						}
+					} else if (path?.includes('main') || path === 'publickey') {
+						return true;
+					}
+				} catch { /* noop */ }
+
+				return false;
+			});
+			return { user, key: mainKey ?? keys[0] };
+		}
+
+		const exactKey = keys.find(x => x.keyId === keyId);
+		if (exactKey) return { user, key: exactKey };
+
+		/**
+		 * keyIdで見つからない場合、まずはキャッシュを更新して再取得
+		 * If not found with keyId, update cache and reacquire
+		 */
+		const cacheRaw = this.publicKeyByUserIdCache.getRaw(user.id);
+		if (cacheRaw && Date.now() - cacheRaw.date > 1000 * 60 * 5) {
+			const exactKey = await this.refreshAndFindKey(user.id, keyId);
+			if (exactKey) return { user, key: exactKey };
+		}
+
+		/**
+		 * lastFetchedAtでの更新制限を弱めて再取得
+		 * Reacquisition with weakened update limit at lastFetchedAt
+		 */
+		if (user.lastFetchedAt == null || Date.now() - user.lastFetchedAt.getTime() > 1000 * 60 * 5) {
+			this.logger.info(`Fetching user to find public key uri=${uri} userId=${user.id} keyId=${keyId}`);
+			const renewed = await this.apPersonService.fetchPersonWithRenewal(uri, 0);
+			if (renewed == null || renewed.isDeleted) return null;
+
+			return { user, key: await this.refreshAndFindKey(user.id, keyId) };
+		}
+
+		this.logger.warn(`No key found uri=${uri} userId=${user.id} keyId=${keyId}`);
+		return { user, key: null };
+	}
+
+	@bindThis
+	public async getPublicKeyByUserId(userId: MiUser['id']): Promise<MiUserPublickey[] | null> {
+		return await this.publicKeyByUserIdCache.fetch(
+			userId,
+			() => this.userPublickeysRepository.find({ where: { userId } }),
 			v => v != null,
 		);
+	}
 
-		return {
-			user,
-			key,
-		};
+	@bindThis
+	public refreshCacheByUserId(userId: MiUser['id']): void {
+		this.publicKeyByUserIdCache.delete(userId);
+	}
+
+	@bindThis
+	private async onMessage(_: string, data: string): Promise<void> {
+		const obj = JSON.parse(data);
+		if (obj.channel === 'internal') {
+			const { type, body } = obj.message as GlobalEvents['internal']['payload'];
+			switch (type) {
+				case 'remoteUserUpdated': {
+					this.refreshCacheByUserId(body.id);
+					break;
+				}
+				default:
+					break;
+			}
+		}
 	}
 
 	@bindThis
 	public dispose(): void {
-		this.publicKeyCache.dispose();
 		this.publicKeyByUserIdCache.dispose();
+		this.redisForSub.off('message', this.onMessage);
 	}
 
 	@bindThis

packages/backend/src/core/activitypub/ApDeliverManagerService.ts

@@ -9,10 +9,14 @@ import { DI } from '@/di-symbols.js';
 import type { FollowingsRepository } from '@/models/_.js';
 import type { MiLocalUser, MiRemoteUser, MiUser } from '@/models/User.js';
 import { QueueService } from '@/core/QueueService.js';
-import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { bindThis } from '@/decorators.js';
 import type { IActivity } from '@/core/activitypub/type.js';
 import { ThinUser } from '@/queue/types.js';
+import { AccountUpdateService } from '@/core/AccountUpdateService.js';
+import type Logger from '@/logger.js';
+import { UserKeypairService } from '../UserKeypairService.js';
+import { ApLoggerService } from './ApLoggerService.js';
+import type { PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
 
 interface IRecipe {
 	type: string;
@@ -27,12 +31,19 @@ interface IDirectRecipe extends IRecipe {
 	to: MiRemoteUser;
 }
 
+interface IAllKnowingSharedInboxRecipe extends IRecipe {
+	type: 'AllKnowingSharedInbox';
+}
+
 const isFollowers = (recipe: IRecipe): recipe is IFollowersRecipe =>
 	recipe.type === 'Followers';
 
 const isDirect = (recipe: IRecipe): recipe is IDirectRecipe =>
 	recipe.type === 'Direct';
 
+const isAllKnowingSharedInbox = (recipe: IRecipe): recipe is IAllKnowingSharedInboxRecipe =>
+	recipe.type === 'AllKnowingSharedInbox';
+
 class DeliverManager {
 	private actor: ThinUser;
 	private activity: IActivity | null;
@@ -40,16 +51,18 @@ class DeliverManager {
 
 	/**
 	 * Constructor
-	 * @param userEntityService
+	 * @param userKeypairService
 	 * @param followingsRepository
 	 * @param queueService
 	 * @param actor Actor
 	 * @param activity Activity to deliver
 	 */
 	constructor(
-		private userEntityService: UserEntityService,
+		private userKeypairService: UserKeypairService,
 		private followingsRepository: FollowingsRepository,
 		private queueService: QueueService,
+		private accountUpdateService: AccountUpdateService,
+		private logger: Logger,
 
 		actor: { id: MiUser['id']; host: null; },
 		activity: IActivity | null,
@@ -91,6 +104,18 @@ class DeliverManager {
 		this.addRecipe(recipe);
 	}
 
+	/**
+	 * Add recipe for all-knowing shared inbox deliver
+	 */
+	@bindThis
+	public addAllKnowingSharedInboxRecipe(): void {
+		const deliver: IAllKnowingSharedInboxRecipe = {
+			type: 'AllKnowingSharedInbox',
+		};
+
+		this.addRecipe(deliver);
+	}
+
 	/**
 	 * Add recipe
 	 * @param recipe Recipe
@@ -104,11 +129,44 @@ class DeliverManager {
 	 * Execute delivers
 	 */
 	@bindThis
-	public async execute(): Promise<void> {
+	public async execute(opts?: { privateKey?: PrivateKeyWithPem }): Promise<void> {
+		//#region MIGRATION
+		if (!opts?.privateKey) {
+			/**
+			 * ed25519の署名がなければ追加する
+			 */
+			const created = await this.userKeypairService.refreshAndPrepareEd25519KeyPair(this.actor.id);
+			if (created) {
+				// createdが存在するということは新規作成されたということなので、フォロワーに配信する
+				this.logger.info(`ed25519 key pair created for user ${this.actor.id} and publishing to followers`);
+				// リモートに配信
+				const keyPair = await this.userKeypairService.getLocalUserPrivateKeyPem(created, 'main');
+				await this.accountUpdateService.publishToFollowers(this.actor.id, keyPair);
+			}
+		}
+		//#endregion
+
+		//#region collect inboxes by recipes
 		// The value flags whether it is shared or not.
 		// key: inbox URL, value: whether it is sharedInbox
 		const inboxes = new Map<string, boolean>();
 
+		if (this.recipes.some(r => isAllKnowingSharedInbox(r))) {
+			// all-knowing shared inbox
+			const followings = await this.followingsRepository.find({
+				where: [
+					{ followerSharedInbox: Not(IsNull()) },
+					{ followeeSharedInbox: Not(IsNull()) },
+				],
+				select: ['followerSharedInbox', 'followeeSharedInbox'],
+			});
+
+			for (const following of followings) {
+				if (following.followeeSharedInbox) inboxes.set(following.followeeSharedInbox, true);
+				if (following.followerSharedInbox) inboxes.set(following.followerSharedInbox, true);
+			}
+		}
+
 		// build inbox list
 		// Process follower recipes first to avoid duplication when processing direct recipes later.
 		if (this.recipes.some(r => isFollowers(r))) {
@@ -142,39 +200,49 @@ class DeliverManager {
 
 			inboxes.set(recipe.to.inbox, false);
 		}
+		//#endregion
 
 		// deliver
-		await this.queueService.deliverMany(this.actor, this.activity, inboxes);
+		await this.queueService.deliverMany(this.actor, this.activity, inboxes, opts?.privateKey);
+		this.logger.info(`Deliver queues dispatched: inboxes=${inboxes.size} actorId=${this.actor.id} activityId=${this.activity?.id}`);
 	}
 }
 
 @Injectable()
 export class ApDeliverManagerService {
+	private logger: Logger;
+
 	constructor(
 		@Inject(DI.followingsRepository)
 		private followingsRepository: FollowingsRepository,
 
-		private userEntityService: UserEntityService,
+		private userKeypairService: UserKeypairService,
 		private queueService: QueueService,
+		private accountUpdateService: AccountUpdateService,
+		private apLoggerService: ApLoggerService,
 	) {
+		this.logger = this.apLoggerService.logger.createSubLogger('deliver-manager');
 	}
 
 	/**
 	 * Deliver activity to followers
 	 * @param actor
 	 * @param activity Activity
+	 * @param forceMainKey Force to use main (rsa) key
 	 */
 	@bindThis
-	public async deliverToFollowers(actor: { id: MiLocalUser['id']; host: null; }, activity: IActivity): Promise<void> {
+	public async deliverToFollowers(actor: { id: MiLocalUser['id']; host: null; }, activity: IActivity, privateKey?: PrivateKeyWithPem): Promise<void> {
 		const manager = new DeliverManager(
-			this.userEntityService,
+			this.userKeypairService,
 			this.followingsRepository,
 			this.queueService,
+			this.accountUpdateService,
+			this.logger,
 			actor,
 			activity,
 		);
 		manager.addFollowersRecipe();
-		await manager.execute();
+		await manager.execute({ privateKey });
 	}
 
 	/**
@@ -186,9 +254,11 @@ export class ApDeliverManagerService {
 	@bindThis
 	public async deliverToUser(actor: { id: MiLocalUser['id']; host: null; }, activity: IActivity, to: MiRemoteUser): Promise<void> {
 		const manager = new DeliverManager(
-			this.userEntityService,
+			this.userKeypairService,
 			this.followingsRepository,
 			this.queueService,
+			this.accountUpdateService,
+			this.logger,
 			actor,
 			activity,
 		);
@@ -199,10 +269,11 @@ export class ApDeliverManagerService {
 	@bindThis
 	public createDeliverManager(actor: { id: MiUser['id']; host: null; }, activity: IActivity | null): DeliverManager {
 		return new DeliverManager(
-			this.userEntityService,
+			this.userKeypairService,
 			this.followingsRepository,
 			this.queueService,
-
+			this.accountUpdateService,
+			this.logger,
 			actor,
 			activity,
 		);

packages/backend/src/core/activitypub/ApInboxService.ts

@@ -115,15 +115,8 @@ export class ApInboxService {
 			result = await this.performOneActivity(actor, activity);
 		}
 
-		// ついでにリモートユーザーの情報が古かったら更新しておく
-		if (actor.uri) {
-			if (actor.lastFetchedAt == null || Date.now() - actor.lastFetchedAt.getTime() > 1000 * 60 * 60 * 24) {
-				setImmediate(() => {
-					this.apPersonService.updatePerson(actor.uri);
-				});
-			}
-		}
-		return result;
+		// ついでにリモートユーザーの情報が古かったら更新しておく?
+		// → No, この関数が呼び出される前に署名検証で更新されているはず
 	}
 
 	@bindThis

packages/backend/src/core/activitypub/ApRendererService.ts

@@ -22,7 +22,6 @@ import { UserKeypairService } from '@/core/UserKeypairService.js';
 import { MfmService } from '@/core/MfmService.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.js';
-import type { MiUserKeypair } from '@/models/UserKeypair.js';
 import type { UsersRepository, UserProfilesRepository, NotesRepository, DriveFilesRepository, PollsRepository } from '@/models/_.js';
 import { bindThis } from '@/decorators.js';
 import { CustomEmojiService } from '@/core/CustomEmojiService.js';
@@ -31,6 +30,7 @@ import { JsonLdService } from './JsonLdService.js';
 import { ApMfmService } from './ApMfmService.js';
 import { CONTEXT } from './misc/contexts.js';
 import type { IAccept, IActivity, IAdd, IAnnounce, IApDocument, IApEmoji, IApHashtag, IApImage, IApMention, IBlock, ICreate, IDelete, IFlag, IFollow, IKey, ILike, IMove, IObject, IPost, IQuestion, IReject, IRemove, ITombstone, IUndo, IUpdate } from './type.js';
+import type { PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
 
 @Injectable()
 export class ApRendererService {
@@ -251,15 +251,15 @@ export class ApRendererService {
 	}
 
 	@bindThis
-	public renderKey(user: MiLocalUser, key: MiUserKeypair, postfix?: string): IKey {
+	public renderKey(user: MiLocalUser, publicKey: string, postfix?: string): IKey {
 		return {
-			id: `${this.config.url}/users/${user.id}${postfix ?? '/publickey'}`,
+			id: `${this.userEntityService.genLocalUserUri(user.id)}${postfix ?? '/publickey'}`,
 			type: 'Key',
 			owner: this.userEntityService.genLocalUserUri(user.id),
-			publicKeyPem: createPublicKey(key.publicKey).export({
+			publicKeyPem: createPublicKey(publicKey).export({
 				type: 'spki',
 				format: 'pem',
-			}),
+			}) as string,
 		};
 	}
 
@@ -503,7 +503,10 @@ export class ApRendererService {
 			tag,
 			manuallyApprovesFollowers: user.isLocked,
 			discoverable: user.isExplorable,
-			publicKey: this.renderKey(user, keypair, '#main-key'),
+			publicKey: this.renderKey(user, keypair.publicKey, '#main-key'),
+			additionalPublicKeys: [
+				...(keypair.ed25519PublicKey ? [this.renderKey(user, keypair.ed25519PublicKey, '#ed25519-key')] : []),
+			],
 			isCat: user.isCat,
 			attachment: attachment.length ? attachment : undefined,
 		};
@@ -626,12 +629,10 @@ export class ApRendererService {
 	}
 
 	@bindThis
-	public async attachLdSignature(activity: any, user: { id: MiUser['id']; host: null; }): Promise<IActivity> {
-		const keypair = await this.userKeypairService.getUserKeypair(user.id);
-
+	public async attachLdSignature(activity: any, key: PrivateKeyWithPem): Promise<IActivity> {
 		const jsonLd = this.jsonLdService.use();
 		jsonLd.debug = false;
-		activity = await jsonLd.signRsaSignature2017(activity, keypair.privateKey, `${this.config.url}/users/${user.id}#main-key`);
+		activity = await jsonLd.signRsaSignature2017(activity, key.privateKeyPem, key.keyId);
 
 		return activity;
 	}

packages/backend/src/core/activitypub/ApRequestService.ts

@@ -3,9 +3,9 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
-import * as crypto from 'node:crypto';
 import { URL } from 'node:url';
 import { Inject, Injectable } from '@nestjs/common';
+import { genRFC3230DigestHeader, signAsDraftToRequest } from '@misskey-dev/node-http-message-signatures';
 import { Window } from 'happy-dom';
 import { DI } from '@/di-symbols.js';
 import type { Config } from '@/config.js';
@@ -16,122 +16,61 @@ import { LoggerService } from '@/core/LoggerService.js';
 import { bindThis } from '@/decorators.js';
 import type Logger from '@/logger.js';
 import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
+import type { PrivateKeyWithPem, PrivateKey } from '@misskey-dev/node-http-message-signatures';
 
-type Request = {
-	url: string;
-	method: string;
-	headers: Record<string, string>;
-};
+export async function createSignedPost(args: { level: string; key: PrivateKey; url: string; body: string; digest?: string, additionalHeaders: Record<string, string> }) {
+	const u = new URL(args.url);
+	const request = {
+		url: u.href,
+		method: 'POST',
+		headers: {
+			'Date': new Date().toUTCString(),
+			'Host': u.host,
+			'Content-Type': 'application/activity+json',
+			...args.additionalHeaders,
+		} as Record<string, string>,
+	};
 
-type Signed = {
-	request: Request;
-	signingString: string;
-	signature: string;
-	signatureHeader: string;
-};
+	// TODO: httpMessageSignaturesImplementationLevelによって新規格で通信をするようにする
+	const digestHeader = args.digest ?? await genRFC3230DigestHeader(args.body, 'SHA-256');
+	request.headers['Digest'] = digestHeader;
 
-type PrivateKey = {
-	privateKeyPem: string;
-	keyId: string;
-};
+	const result = await signAsDraftToRequest(
+		request,
+		args.key,
+		['(request-target)', 'date', 'host', 'digest'],
+	);
 
-export class ApRequestCreator {
-	static createSignedPost(args: { key: PrivateKey, url: string, body: string, digest?: string, additionalHeaders: Record<string, string> }): Signed {
-		const u = new URL(args.url);
-		const digestHeader = args.digest ?? this.createDigest(args.body);
+	return {
+		request,
+		...result,
+	};
+}
 
-		const request: Request = {
-			url: u.href,
-			method: 'POST',
-			headers: this.#objectAssignWithLcKey({
-				'Date': new Date().toUTCString(),
-				'Host': u.host,
-				'Content-Type': 'application/activity+json',
-				'Digest': digestHeader,
-			}, args.additionalHeaders),
-		};
+export async function createSignedGet(args: { level: string; key: PrivateKey; url: string; additionalHeaders: Record<string, string> }) {
+	const u = new URL(args.url);
+	const request = {
+		url: u.href,
+		method: 'GET',
+		headers: {
+			'Accept': 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
+			'Date': new Date().toUTCString(),
+			'Host': new URL(args.url).host,
+			...args.additionalHeaders,
+		} as Record<string, string>,
+	};
 
-		const result = this.#signToRequest(request, args.key, ['(request-target)', 'date', 'host', 'digest']);
+	// TODO: httpMessageSignaturesImplementationLevelによって新規格で通信をするようにする
+	const result = await signAsDraftToRequest(
+		request,
+		args.key,
+		['(request-target)', 'date', 'host', 'accept'],
+	);
 
-		return {
-			request,
-			signingString: result.signingString,
-			signature: result.signature,
-			signatureHeader: result.signatureHeader,
-		};
-	}
-
-	static createDigest(body: string) {
-		return `SHA-256=${crypto.createHash('sha256').update(body).digest('base64')}`;
-	}
-
-	static createSignedGet(args: { key: PrivateKey, url: string, additionalHeaders: Record<string, string> }): Signed {
-		const u = new URL(args.url);
-
-		const request: Request = {
-			url: u.href,
-			method: 'GET',
-			headers: this.#objectAssignWithLcKey({
-				'Accept': 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
-				'Date': new Date().toUTCString(),
-				'Host': new URL(args.url).host,
-			}, args.additionalHeaders),
-		};
-
-		const result = this.#signToRequest(request, args.key, ['(request-target)', 'date', 'host', 'accept']);
-
-		return {
-			request,
-			signingString: result.signingString,
-			signature: result.signature,
-			signatureHeader: result.signatureHeader,
-		};
-	}
-
-	static #signToRequest(request: Request, key: PrivateKey, includeHeaders: string[]): Signed {
-		const signingString = this.#genSigningString(request, includeHeaders);
-		const signature = crypto.sign('sha256', Buffer.from(signingString), key.privateKeyPem).toString('base64');
-		const signatureHeader = `keyId="${key.keyId}",algorithm="rsa-sha256",headers="${includeHeaders.join(' ')}",signature="${signature}"`;
-
-		request.headers = this.#objectAssignWithLcKey(request.headers, {
-			Signature: signatureHeader,
-		});
-		// node-fetch will generate this for us. if we keep 'Host', it won't change with redirects!
-		delete request.headers['host'];
-
-		return {
-			request,
-			signingString,
-			signature,
-			signatureHeader,
-		};
-	}
-
-	static #genSigningString(request: Request, includeHeaders: string[]): string {
-		request.headers = this.#lcObjectKey(request.headers);
-
-		const results: string[] = [];
-
-		for (const key of includeHeaders.map(x => x.toLowerCase())) {
-			if (key === '(request-target)') {
-				results.push(`(request-target): ${request.method.toLowerCase()} ${new URL(request.url).pathname}`);
-			} else {
-				results.push(`${key}: ${request.headers[key]}`);
-			}
-		}
-
-		return results.join('\n');
-	}
-
-	static #lcObjectKey(src: Record<string, string>): Record<string, string> {
-		const dst: Record<string, string> = {};
-		for (const key of Object.keys(src).filter(x => x !== '__proto__' && typeof src[x] === 'string')) dst[key.toLowerCase()] = src[key];
-		return dst;
-	}
-
-	static #objectAssignWithLcKey(a: Record<string, string>, b: Record<string, string>): Record<string, string> {
-		return Object.assign(this.#lcObjectKey(a), this.#lcObjectKey(b));
-	}
+	return {
+		request,
+		...result,
+	};
 }
 
 @Injectable()
@@ -151,21 +90,28 @@ export class ApRequestService {
 	}
 
 	@bindThis
-	public async signedPost(user: { id: MiUser['id'] }, url: string, object: unknown, digest?: string): Promise<void> {
+	public async signedPost(user: { id: MiUser['id'] }, url: string, object: unknown, level: string, digest?: string, key?: PrivateKeyWithPem): Promise<void> {
 		const body = typeof object === 'string' ? object : JSON.stringify(object);
-
-		const keypair = await this.userKeypairService.getUserKeypair(user.id);
-
-		const req = ApRequestCreator.createSignedPost({
-			key: {
-				privateKeyPem: keypair.privateKey,
-				keyId: `${this.config.url}/users/${user.id}#main-key`,
-			},
+		const keyFetched = await this.userKeypairService.getLocalUserPrivateKey(key ?? user.id, level);
+		const req = await createSignedPost({
+			level,
+			key: keyFetched,
 			url,
 			body,
-			digest,
 			additionalHeaders: {
+				'User-Agent': this.config.userAgent,
 			},
+			digest,
+		});
+
+		// node-fetch will generate this for us. if we keep 'Host', it won't change with redirects!
+		delete req.request.headers['Host'];
+
+		this.logger.debug('create signed post', {
+			version: 'draft',
+			level,
+			url,
+			keyId: keyFetched.keyId,
 		});
 
 		await this.httpRequestService.send(url, {
@@ -181,20 +127,29 @@ export class ApRequestService {
 	 * @param url URL to fetch
 	 */
 	@bindThis
-	public async signedGet(url: string, user: { id: MiUser['id'] }, followAlternate?: boolean): Promise<unknown> {
+	public async signedGet(url: string, user: { id: MiUser['id'] }, level: string, followAlternate?: boolean): Promise<unknown> {
 		const _followAlternate = followAlternate ?? true;
-		const keypair = await this.userKeypairService.getUserKeypair(user.id);
 
-		const req = ApRequestCreator.createSignedGet({
-			key: {
-				privateKeyPem: keypair.privateKey,
-				keyId: `${this.config.url}/users/${user.id}#main-key`,
-			},
+		const key = await this.userKeypairService.getLocalUserPrivateKey(user.id, level);
+		const req = await createSignedGet({
+			level,
+			key,
 			url,
 			additionalHeaders: {
+				'User-Agent': this.config.userAgent,
 			},
 		});
 
+		// node-fetch will generate this for us. if we keep 'Host', it won't change with redirects!
+		delete req.request.headers['Host'];
+
+		this.logger.debug('create signed get', {
+			version: 'draft',
+			level,
+			url,
+			keyId: key.keyId,
+		});
+
 		const res = await this.httpRequestService.send(url, {
 			method: req.request.method,
 			headers: req.request.headers,
@@ -239,7 +194,7 @@ export class ApRequestService {
 				if (alternate) {
 					const href = alternate.getAttribute('href');
 					if (href) {
-						return await this.signedGet(href, user, false);
+						return await this.signedGet(href, user, level, false);
 					}
 				}
 			} catch (e) {

packages/backend/src/core/activitypub/ApResolverService.ts

@@ -15,6 +15,7 @@ import { UtilityService } from '@/core/UtilityService.js';
 import { bindThis } from '@/decorators.js';
 import { LoggerService } from '@/core/LoggerService.js';
 import type Logger from '@/logger.js';
+import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
 import { isCollectionOrOrderedCollection } from './type.js';
 import { ApDbResolverService } from './ApDbResolverService.js';
 import { ApRendererService } from './ApRendererService.js';
@@ -40,6 +41,7 @@ export class Resolver {
 		private httpRequestService: HttpRequestService,
 		private apRendererService: ApRendererService,
 		private apDbResolverService: ApDbResolverService,
+		private federatedInstanceService: FederatedInstanceService,
 		private loggerService: LoggerService,
 		private recursionLimit = 100,
 	) {
@@ -101,8 +103,10 @@ export class Resolver {
 			this.user = await this.instanceActorService.getInstanceActor();
 		}
 
+		const server = await this.federatedInstanceService.fetch(host);
+
 		const object = (this.user
-			? await this.apRequestService.signedGet(value, this.user) as IObject
+			? await this.apRequestService.signedGet(value, this.user, server?.httpMessageSignaturesImplementationLevel ?? '00') as IObject
 			: await this.httpRequestService.getActivityJson(value)) as IObject;
 
 		if (
@@ -200,6 +204,7 @@ export class ApResolverService {
 		private httpRequestService: HttpRequestService,
 		private apRendererService: ApRendererService,
 		private apDbResolverService: ApDbResolverService,
+		private federatedInstanceService: FederatedInstanceService,
 		private loggerService: LoggerService,
 	) {
 	}
@@ -220,6 +225,7 @@ export class ApResolverService {
 			this.httpRequestService,
 			this.apRendererService,
 			this.apDbResolverService,
+			this.federatedInstanceService,
 			this.loggerService,
 		);
 	}

packages/backend/src/core/activitypub/misc/contexts.ts

@@ -134,6 +134,7 @@ const security_v1 = {
 		'privateKey': { '@id': 'sec:privateKey', '@type': '@id' },
 		'privateKeyPem': 'sec:privateKeyPem',
 		'publicKey': { '@id': 'sec:publicKey', '@type': '@id' },
+		'additionalPublicKeys': { '@id': 'sec:publicKey', '@type': '@id' },
 		'publicKeyBase58': 'sec:publicKeyBase58',
 		'publicKeyPem': 'sec:publicKeyPem',
 		'publicKeyWif': 'sec:publicKeyWif',

packages/backend/src/core/activitypub/models/ApPersonService.ts

@@ -3,9 +3,10 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
+import { verify } from 'crypto';
 import { Inject, Injectable } from '@nestjs/common';
 import promiseLimit from 'promise-limit';
-import { DataSource } from 'typeorm';
+import { DataSource, In, Not } from 'typeorm';
 import { ModuleRef } from '@nestjs/core';
 import { DI } from '@/di-symbols.js';
 import type { FollowingsRepository, InstancesRepository, MiMeta, UserProfilesRepository, UserPublickeysRepository, UsersRepository } from '@/models/_.js';
@@ -38,6 +39,7 @@ import { RoleService } from '@/core/RoleService.js';
 import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.js';
 import type { AccountMoveService } from '@/core/AccountMoveService.js';
 import { checkHttps } from '@/misc/check-https.js';
+import { REMOTE_USER_CACHE_TTL, REMOTE_USER_MOVE_COOLDOWN } from '@/const.js';
 import { getApId, getApType, getOneApHrefNullable, isActor, isCollection, isCollectionOrOrderedCollection, isPropertyValue } from '../type.js';
 import { extractApHashtags } from './tag.js';
 import type { OnModuleInit } from '@nestjs/common';
@@ -47,7 +49,7 @@ import type { ApResolverService, Resolver } from '../ApResolverService.js';
 import type { ApLoggerService } from '../ApLoggerService.js';
 
 import type { ApImageService } from './ApImageService.js';
-import type { IActor, ICollection, IObject, IOrderedCollection } from '../type.js';
+import type { IActor, IKey, IObject, ICollection, IOrderedCollection } from '../type.js';
 
 const nameLength = 128;
 const summaryLength = 2048;
@@ -185,13 +187,38 @@ export class ApPersonService implements OnModuleInit {
 		}
 
 		if (x.publicKey) {
-			if (typeof x.publicKey.id !== 'string') {
-				throw new Error('invalid Actor: publicKey.id is not a string');
+			const publicKeys = Array.isArray(x.publicKey) ? x.publicKey : [x.publicKey];
+
+			for (const publicKey of publicKeys) {
+				if (typeof publicKey.id !== 'string') {
+					throw new Error('invalid Actor: publicKey.id is not a string');
+				}
+
+				const publicKeyIdHost = this.punyHost(publicKey.id);
+				if (publicKeyIdHost !== expectHost) {
+					throw new Error('invalid Actor: publicKey.id has different host');
+				}
+			}
+		}
+
+		if (x.additionalPublicKeys) {
+			if (!x.publicKey) {
+				throw new Error('invalid Actor: additionalPublicKeys is set but publicKey is not');
 			}
 
-			const publicKeyIdHost = this.punyHost(x.publicKey.id);
-			if (publicKeyIdHost !== expectHost) {
-				throw new Error('invalid Actor: publicKey.id has different host');
+			if (!Array.isArray(x.additionalPublicKeys)) {
+				throw new Error('invalid Actor: additionalPublicKeys is not an array');
+			}
+
+			for (const key of x.additionalPublicKeys) {
+				if (typeof key.id !== 'string') {
+					throw new Error('invalid Actor: additionalPublicKeys.id is not a string');
+				}
+
+				const keyIdHost = this.punyHost(key.id);
+				if (keyIdHost !== expectHost) {
+					throw new Error('invalid Actor: additionalPublicKeys.id has different host');
+				}
 			}
 		}
 
@@ -228,6 +255,33 @@ export class ApPersonService implements OnModuleInit {
 		return null;
 	}
 
+	/**
+	 * uriからUser(Person)をフェッチします。
+	 *
+	 * Misskeyに対象のPersonが登録されていればそれを返し、登録がなければnullを返します。
+	 * また、TTLが0でない場合、TTLを過ぎていた場合はupdatePersonを実行します。
+	 */
+	@bindThis
+	async fetchPersonWithRenewal(uri: string, TTL = REMOTE_USER_CACHE_TTL): Promise<MiLocalUser | MiRemoteUser | null> {
+		const exist = await this.fetchPerson(uri);
+		if (exist == null) return null;
+
+		if (this.userEntityService.isRemoteUser(exist)) {
+			if (TTL === 0 || exist.lastFetchedAt == null || Date.now() - exist.lastFetchedAt.getTime() > TTL) {
+				this.logger.debug('fetchPersonWithRenewal: renew', { uri, TTL, lastFetchedAt: exist.lastFetchedAt });
+				try {
+					await this.updatePerson(exist.uri);
+					return await this.fetchPerson(uri);
+				} catch (err) {
+					this.logger.error('error occurred while renewing user', { err });
+				}
+			}
+			this.logger.debug('fetchPersonWithRenewal: use cache', { uri, TTL, lastFetchedAt: exist.lastFetchedAt });
+		}
+
+		return exist;
+	}
+
 	private async resolveAvatarAndBanner(user: MiRemoteUser, icon: any, image: any): Promise<Partial<Pick<MiRemoteUser, 'avatarId' | 'bannerId' | 'avatarUrl' | 'bannerUrl' | 'avatarBlurhash' | 'bannerBlurhash'>>> {
 		if (user == null) throw new Error('failed to create user: user is null');
 
@@ -355,7 +409,7 @@ export class ApPersonService implements OnModuleInit {
 					usernameLower: person.preferredUsername?.toLowerCase(),
 					host,
 					inbox: person.inbox,
-					sharedInbox: person.sharedInbox ?? person.endpoints?.sharedInbox,
+					sharedInbox: person.sharedInbox ?? person.endpoints?.sharedInbox ?? null,
 					followersUri: person.followers ? getApId(person.followers) : undefined,
 					featured: person.featured ? getApId(person.featured) : undefined,
 					uri: person.id,
@@ -390,11 +444,15 @@ export class ApPersonService implements OnModuleInit {
 				}));
 
 				if (person.publicKey) {
-					await transactionalEntityManager.save(new MiUserPublickey({
-						userId: user.id,
-						keyId: person.publicKey.id,
-						keyPem: person.publicKey.publicKeyPem,
-					}));
+					const publicKeys = new Map<string, IKey>();
+					(person.additionalPublicKeys ?? []).forEach(key => publicKeys.set(key.id, key));
+					(Array.isArray(person.publicKey) ? person.publicKey : [person.publicKey]).forEach(key => publicKeys.set(key.id, key));
+
+					await transactionalEntityManager.save(Array.from(publicKeys.values(), key => new MiUserPublickey({
+						keyId: key.id,
+						userId: user!.id,
+						keyPem: key.publicKeyPem,
+					})));
 				}
 			});
 		} catch (e) {
@@ -521,7 +579,7 @@ export class ApPersonService implements OnModuleInit {
 		const updates = {
 			lastFetchedAt: new Date(),
 			inbox: person.inbox,
-			sharedInbox: person.sharedInbox ?? person.endpoints?.sharedInbox,
+			sharedInbox: person.sharedInbox ?? person.endpoints?.sharedInbox ?? null,
 			followersUri: person.followers ? getApId(person.followers) : undefined,
 			featured: person.featured,
 			emojis: emojiNames,
@@ -559,11 +617,29 @@ export class ApPersonService implements OnModuleInit {
 		// Update user
 		await this.usersRepository.update(exist.id, updates);
 
-		if (person.publicKey) {
-			await this.userPublickeysRepository.update({ userId: exist.id }, {
-				keyId: person.publicKey.id,
-				keyPem: person.publicKey.publicKeyPem,
+		try {
+			// Deleteアクティビティ受信時にもここが走ってsaveがuserforeign key制約エラーを吐くことがある
+			// とりあえずtry-catchで囲っておく
+			const publicKeys = new Map<string, IKey>();
+			if (person.publicKey) {
+				(person.additionalPublicKeys ?? []).forEach(key => publicKeys.set(key.id, key));
+				(Array.isArray(person.publicKey) ? person.publicKey : [person.publicKey]).forEach(key => publicKeys.set(key.id, key));
+
+				await this.userPublickeysRepository.save(Array.from(publicKeys.values(), key => ({
+					keyId: key.id,
+					userId: exist.id,
+					keyPem: key.publicKeyPem,
+				})));
+			}
+
+			this.userPublickeysRepository.delete({
+				keyId: Not(In(Array.from(publicKeys.keys()))),
+				userId: exist.id,
+			}).catch(err => {
+				this.logger.error('something happened while deleting remote user public keys:', { userId: exist.id, err });
 			});
+		} catch (err) {
+			this.logger.error('something happened while updating remote user public keys:', { userId: exist.id, err });
 		}
 
 		let _description: string | null = null;
@@ -593,7 +669,7 @@ export class ApPersonService implements OnModuleInit {
 		// 該当ユーザーが既にフォロワーになっていた場合はFollowingもアップデートする
 		await this.followingsRepository.update(
 			{ followerId: exist.id },
-			{ followerSharedInbox: person.sharedInbox ?? person.endpoints?.sharedInbox },
+			{ followerSharedInbox: person.sharedInbox ?? person.endpoints?.sharedInbox ?? null },
 		);
 
 		await this.updateFeatured(exist.id, resolver).catch(err => this.logger.error(err));
@@ -608,7 +684,7 @@ export class ApPersonService implements OnModuleInit {
 			exist.movedAt == null ||
 			// 以前のmovingから14日以上経過した場合のみ移行処理を許可
 			// （Mastodonのクールダウン期間は30日だが若干緩めに設定しておく）
-			exist.movedAt.getTime() + 1000 * 60 * 60 * 24 * 14 < updated.movedAt.getTime()
+			exist.movedAt.getTime() + REMOTE_USER_MOVE_COOLDOWN < updated.movedAt.getTime()
 		)) {
 			this.logger.info(`Start to process Move of @${updated.username}@${updated.host} (${uri})`);
 			return this.processRemoteMove(updated, movePreventUris)
@@ -631,9 +707,9 @@ export class ApPersonService implements OnModuleInit {
 	 * リモートサーバーからフェッチしてMisskeyに登録しそれを返します。
 	 */
 	@bindThis
-	public async resolvePerson(uri: string, resolver?: Resolver): Promise<MiLocalUser | MiRemoteUser> {
+	public async resolvePerson(uri: string, resolver?: Resolver, withRenewal = false): Promise<MiLocalUser | MiRemoteUser> {
 		//#region このサーバーに既に登録されていたらそれを返す
-		const exist = await this.fetchPerson(uri);
+		const exist = withRenewal ? await this.fetchPersonWithRenewal(uri) : await this.fetchPerson(uri);
 		if (exist) return exist;
 		//#endregion
 

packages/backend/src/core/activitypub/type.ts

@@ -59,7 +59,7 @@ export function getOneApId(value: ApObject): string {
 export function getApId(value: string | IObject): string {
 	if (typeof value === 'string') return value;
 	if (typeof value.id === 'string') return value.id;
-	throw new Error('cannot detemine id');
+	throw new Error('cannot determine id');
 }
 
 /**
@@ -182,10 +182,8 @@ export interface IActor extends IObject {
 	discoverable?: boolean;
 	inbox: string;
 	sharedInbox?: string;	// 後方互換性のため
-	publicKey?: {
-		id: string;
-		publicKeyPem: string;
-	};
+	publicKey?: IKey | IKey[];
+	additionalPublicKeys?: IKey[];
 	followers?: string | ICollection | IOrderedCollection;
 	following?: string | ICollection | IOrderedCollection;
 	featured?: string | IOrderedCollection;
@@ -249,8 +247,9 @@ export const isEmoji = (object: IObject): object is IApEmoji =>
 
 export interface IKey extends IObject {
 	type: 'Key';
+	id: string;
 	owner: string;
-	publicKeyPem: string | Buffer;
+	publicKeyPem: string;
 }
 
 export const validDocumentTypes = ['Audio', 'Document', 'Image', 'Page', 'Video'];

packages/backend/src/core/entities/InstanceEntityService.ts

@@ -59,6 +59,7 @@ export class InstanceEntityService {
 			infoUpdatedAt: instance.infoUpdatedAt ? instance.infoUpdatedAt.toISOString() : null,
 			latestRequestReceivedAt: instance.latestRequestReceivedAt ? instance.latestRequestReceivedAt.toISOString() : null,
 			moderationNote: iAmModerator ? instance.moderationNote : null,
+			httpMessageSignaturesImplementationLevel: instance.httpMessageSignaturesImplementationLevel,
 		};
 	}
 

packages/backend/src/misc/cache.ts

@@ -237,6 +237,11 @@ export class MemoryKVCache<T> {
 		return cached.value;
 	}
 
+	@bindThis
+	public getRaw(key: string): { date: number; value: T; } | undefined {
+		return this.cache.get(key);
+	}
+
 	@bindThis
 	public delete(key: string): void {
 		this.cache.delete(key);

packages/backend/src/misc/gen-key-pair.ts

@@ -3,39 +3,14 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
-import * as crypto from 'node:crypto';
-import * as util from 'node:util';
+import { genEd25519KeyPair, genRsaKeyPair } from '@misskey-dev/node-http-message-signatures';
 
-const generateKeyPair = util.promisify(crypto.generateKeyPair);
-
-export async function genRsaKeyPair(modulusLength = 2048) {
-	return await generateKeyPair('rsa', {
-		modulusLength,
-		publicKeyEncoding: {
-			type: 'spki',
-			format: 'pem',
-		},
-		privateKeyEncoding: {
-			type: 'pkcs8',
-			format: 'pem',
-			cipher: undefined,
-			passphrase: undefined,
-		},
-	});
-}
-
-export async function genEcKeyPair(namedCurve: 'prime256v1' | 'secp384r1' | 'secp521r1' | 'curve25519' = 'prime256v1') {
-	return await generateKeyPair('ec', {
-		namedCurve,
-		publicKeyEncoding: {
-			type: 'spki',
-			format: 'pem',
-		},
-		privateKeyEncoding: {
-			type: 'pkcs8',
-			format: 'pem',
-			cipher: undefined,
-			passphrase: undefined,
-		},
-	});
+export async function genRSAAndEd25519KeyPair(rsaModulusLength = 4096) {
+	const [rsa, ed25519] = await Promise.all([genRsaKeyPair(rsaModulusLength), genEd25519KeyPair()]);
+	return {
+		publicKey: rsa.publicKey,
+		privateKey: rsa.privateKey,
+		ed25519PublicKey: ed25519.publicKey,
+		ed25519PrivateKey: ed25519.privateKey,
+	};
 }

packages/backend/src/models/AbuseUserReport.ts

@@ -7,6 +7,8 @@ import { PrimaryColumn, Entity, Index, JoinColumn, Column, ManyToOne } from 'typ
 import { id } from './util/id.js';
 import { MiUser } from './User.js';
 
+export type AbuseReportResolveType = 'accept' | 'reject';
+
 @Entity('abuse_user_report')
 export class MiAbuseUserReport {
 	@PrimaryColumn(id())
@@ -76,7 +78,7 @@ export class MiAbuseUserReport {
 	@Column('varchar', {
 		length: 128, nullable: true,
 	})
-	public resolvedAs: 'accept' | 'reject' | null;
+	public resolvedAs: AbuseReportResolveType | null;
 
 	//#region Denormalized fields
 	@Index()

packages/backend/src/models/Instance.ts

@@ -158,4 +158,9 @@ export class MiInstance {
 		length: 16384, default: '',
 	})
 	public moderationNote: string;
+
+	@Column('varchar', {
+		length: 16, default: '00', nullable: false,
+	})
+	public httpMessageSignaturesImplementationLevel: string;
 }

packages/backend/src/models/UserKeypair.ts

@@ -3,7 +3,7 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
-import { PrimaryColumn, Entity, JoinColumn, Column, OneToOne } from 'typeorm';
+import { PrimaryColumn, Entity, JoinColumn, Column, ManyToOne } from 'typeorm';
 import { id } from './util/id.js';
 import { MiUser } from './User.js';
 
@@ -12,22 +12,42 @@ export class MiUserKeypair {
 	@PrimaryColumn(id())
 	public userId: MiUser['id'];
 
-	@OneToOne(type => MiUser, {
+	@ManyToOne(type => MiUser, {
 		onDelete: 'CASCADE',
 	})
 	@JoinColumn()
 	public user: MiUser | null;
 
+	/**
+	 * RSA public key
+	 */
 	@Column('varchar', {
 		length: 4096,
 	})
 	public publicKey: string;
 
+	/**
+	 * RSA private key
+	 */
 	@Column('varchar', {
 		length: 4096,
 	})
 	public privateKey: string;
 
+	@Column('varchar', {
+		length: 128,
+		nullable: true,
+		default: null,
+	})
+	public ed25519PublicKey: string | null;
+
+	@Column('varchar', {
+		length: 128,
+		nullable: true,
+		default: null,
+	})
+	public ed25519PrivateKey: string | null;
+
 	constructor(data: Partial<MiUserKeypair>) {
 		if (data == null) return;
 

packages/backend/src/models/UserPublickey.ts

@@ -9,7 +9,13 @@ import { MiUser } from './User.js';
 
 @Entity('user_publickey')
 export class MiUserPublickey {
-	@PrimaryColumn(id())
+	@PrimaryColumn('varchar', {
+		length: 256,
+	})
+	public keyId: string;
+
+	@Index()
+	@Column(id())
 	public userId: MiUser['id'];
 
 	@OneToOne(type => MiUser, {
@@ -18,12 +24,6 @@ export class MiUserPublickey {
 	@JoinColumn()
 	public user: MiUser | null;
 
-	@Index({ unique: true })
-	@Column('varchar', {
-		length: 256,
-	})
-	public keyId: string;
-
 	@Column('varchar', {
 		length: 4096,
 	})

packages/backend/src/models/json-schema/federation-instance.ts

@@ -120,5 +120,9 @@ export const packedFederationInstanceSchema = {
 			type: 'string',
 			optional: true, nullable: true,
 		},
+		httpMessageSignaturesImplementationLevel: {
+			type: 'string',
+			optional: false, nullable: false,
+		},
 	},
 } as const;

packages/backend/src/queue/QueueProcessorService.ts

@@ -266,9 +266,9 @@ export class QueueProcessorService implements OnApplicationShutdown {
 			}, {
 				...baseQueueOptions(this.config, QUEUE.DELIVER),
 				autorun: false,
-				concurrency: this.config.deliverJobConcurrency ?? 128,
+				concurrency: this.config.deliverJobConcurrency ?? 16,
 				limiter: {
-					max: this.config.deliverJobPerSec ?? 128,
+					max: this.config.deliverJobPerSec ?? 1024,
 					duration: 1000,
 				},
 				settings: {
@@ -306,9 +306,9 @@ export class QueueProcessorService implements OnApplicationShutdown {
 			}, {
 				...baseQueueOptions(this.config, QUEUE.INBOX),
 				autorun: false,
-				concurrency: this.config.inboxJobConcurrency ?? 16,
+				concurrency: this.config.inboxJobConcurrency ?? 4,
 				limiter: {
-					max: this.config.inboxJobPerSec ?? 32,
+					max: this.config.inboxJobPerSec ?? 64,
 					duration: 1000,
 				},
 				settings: {

packages/backend/src/queue/processors/DeliverProcessorService.ts

@@ -72,34 +72,35 @@ export class DeliverProcessorService {
 		}
 
 		try {
-			await this.apRequestService.signedPost(job.data.user, job.data.to, job.data.content, job.data.digest);
+			const server = await (this.meta.enableStatsForFederatedInstances
+				? this.federatedInstanceService.fetchOrRegister(host)
+				: this.federatedInstanceService.fetch(host));
 
+			await this.apRequestService.signedPost(
+				job.data.user,
+				job.data.to,
+				job.data.content,
+				server?.httpMessageSignaturesImplementationLevel ?? '00',
+				job.data.digest,
+				job.data.privateKey,
+			);
+
+			// Update stats
 			this.apRequestChart.deliverSucc();
 			this.federationChart.deliverd(host, true);
 
-			// Update instance stats
-			process.nextTick(async () => {
-				const i = await (this.meta.enableStatsForFederatedInstances
-					? this.federatedInstanceService.fetchOrRegister(host)
-					: this.federatedInstanceService.fetch(host));
+			if (server == null) return 'Success';
 
-				if (i == null) return;
+			if (server.isNotResponding) {
+				this.federatedInstanceService.update(server.id, {
+					isNotResponding: false,
+					notRespondingSince: null,
+				});
+			}
 
-				if (i.isNotResponding) {
-					this.federatedInstanceService.update(i.id, {
-						isNotResponding: false,
-						notRespondingSince: null,
-					});
-				}
-
-				if (this.meta.enableStatsForFederatedInstances) {
-					this.fetchInstanceMetadataService.fetchInstanceMetadata(i);
-				}
-
-				if (this.meta.enableChartsForFederatedInstances) {
-					this.instanceChart.requestSent(i.host, true);
-				}
-			});
+			if (this.meta.enableChartsForFederatedInstances) {
+				this.instanceChart.requestSent(server.host, true);
+			}
 
 			return 'Success';
 		} catch (res) {
@@ -134,6 +135,11 @@ export class DeliverProcessorService {
 			});
 
 			if (res instanceof StatusError) {
+				if (res.statusCode === 401) {
+					// 401 Unauthorized: this may be caused by a time difference between the server and the target server.
+					// Let the job be retried.
+					throw new Error(`${res.statusCode} ${res.statusMessage}\n* 401 may be caused by a time difference between the server and the target server.`);
+				}
 				// 4xx
 				if (!res.isRetryable) {
 					// 相手が閉鎖していることを明示しているため、配送停止する

packages/backend/src/queue/processors/InboxProcessorService.ts

@@ -5,8 +5,8 @@
 
 import { URL } from 'node:url';
 import { Inject, Injectable, OnApplicationShutdown } from '@nestjs/common';
-import httpSignature from '@peertube/http-signature';
 import * as Bull from 'bullmq';
+import { verifyDraftSignature } from '@misskey-dev/node-http-message-signatures';
 import type Logger from '@/logger.js';
 import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
 import { FetchInstanceMetadataService } from '@/core/FetchInstanceMetadataService.js';
@@ -15,12 +15,10 @@ import ApRequestChart from '@/core/chart/charts/ap-request.js';
 import FederationChart from '@/core/chart/charts/federation.js';
 import { getApId } from '@/core/activitypub/type.js';
 import type { IActivity } from '@/core/activitypub/type.js';
-import type { MiRemoteUser } from '@/models/User.js';
-import type { MiUserPublickey } from '@/models/UserPublickey.js';
 import { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js';
 import { StatusError } from '@/misc/status-error.js';
+import * as Acct from '@/misc/acct.js';
 import { UtilityService } from '@/core/UtilityService.js';
-import { ApPersonService } from '@/core/activitypub/models/ApPersonService.js';
 import { JsonLdService } from '@/core/activitypub/JsonLdService.js';
 import { ApInboxService } from '@/core/activitypub/ApInboxService.js';
 import { bindThis } from '@/decorators.js';
@@ -51,7 +49,6 @@ export class InboxProcessorService implements OnApplicationShutdown {
 		private federatedInstanceService: FederatedInstanceService,
 		private fetchInstanceMetadataService: FetchInstanceMetadataService,
 		private jsonLdService: JsonLdService,
-		private apPersonService: ApPersonService,
 		private apDbResolverService: ApDbResolverService,
 		private instanceChart: InstanceChart,
 		private apRequestChart: ApRequestChart,
@@ -64,8 +61,15 @@ export class InboxProcessorService implements OnApplicationShutdown {
 
 	@bindThis
 	public async process(job: Bull.Job<InboxJobData>): Promise<string> {
-		const signature = job.data.signature;	// HTTP-signature
+		const signature = job.data.signature ?
+			'version' in job.data.signature ? job.data.signature.value : job.data.signature
+			: null;
+		if (Array.isArray(signature)) {
+			// RFC 9401はsignatureが配列になるが、とりあえずエラーにする
+			throw new Error('signature is array');
+		}
 		let activity = job.data.activity;
+		let actorUri = getApId(activity.actor);
 
 		//#region Log
 		const info = Object.assign({}, activity);
@@ -73,75 +77,82 @@ export class InboxProcessorService implements OnApplicationShutdown {
 		this.logger.debug(JSON.stringify(info, null, 2));
 		//#endregion
 
-		const host = this.utilityService.toPuny(new URL(signature.keyId).hostname);
+		const host = this.utilityService.toPuny(new URL(actorUri).hostname);
 
 		if (!this.utilityService.isFederationAllowedHost(host)) {
 			return `Blocked request: ${host}`;
 		}
 
-		const keyIdLower = signature.keyId.toLowerCase();
-		if (keyIdLower.startsWith('acct:')) {
-			return `Old keyId is no longer supported. ${keyIdLower}`;
-		}
-
 		// HTTP-Signature keyIdを元にDBから取得
-		let authUser: {
-			user: MiRemoteUser;
-			key: MiUserPublickey | null;
-		} | null = await this.apDbResolverService.getAuthUserFromKeyId(signature.keyId);
+		let authUser: Awaited<ReturnType<typeof this.apDbResolverService.getAuthUserFromApId>> = null;
+		let httpSignatureIsValid = null as boolean | null;
 
-		// keyIdでわからなければ、activity.actorを元にDBから取得 || activity.actorを元にリモートから取得
-		if (authUser == null) {
-			try {
-				authUser = await this.apDbResolverService.getAuthUserFromApId(getApId(activity.actor));
-			} catch (err) {
-				// 対象が4xxならスキップ
-				if (err instanceof StatusError) {
-					if (!err.isRetryable) {
-						throw new Bull.UnrecoverableError(`skip: Ignored deleted actors on both ends ${activity.actor} - ${err.statusCode}`);
-					}
-					throw new Error(`Error in actor ${activity.actor} - ${err.statusCode}`);
+		try {
+			authUser = await this.apDbResolverService.getAuthUserFromApId(actorUri, signature?.keyId);
+		} catch (err) {
+			// 対象が4xxならスキップ
+			if (err instanceof StatusError) {
+				if (!err.isRetryable) {
+					throw new Bull.UnrecoverableError(`skip: Ignored deleted actors on both ends ${activity.actor} - ${err.statusCode}`);
 				}
+				throw new Error(`Error in actor ${activity.actor} - ${err.statusCode}`);
 			}
 		}
 
-		// それでもわからなければ終了
-		if (authUser == null) {
+		// authUser.userがnullならスキップ
+		if (authUser != null && authUser.user == null) {
 			throw new Bull.UnrecoverableError('skip: failed to resolve user');
 		}
 
-		// publicKey がなくても終了
-		if (authUser.key == null) {
-			throw new Bull.UnrecoverableError('skip: failed to resolve user publicKey');
+		if (signature != null && authUser != null) {
+			if (signature.keyId.toLowerCase().startsWith('acct:')) {
+				this.logger.warn(`Old keyId is no longer supported. lowerKeyId=${signature.keyId.toLowerCase()}`);
+			} else if (authUser.key != null) {
+				// keyがなかったらLD Signatureで検証するべき
+				// HTTP-Signatureの検証
+				const errorLogger = (ms: any) => this.logger.error(ms);
+				httpSignatureIsValid = await verifyDraftSignature(signature, authUser.key.keyPem, errorLogger);
+				this.logger.debug('Inbox message validation: ', {
+					userId: authUser.user.id,
+					userAcct: Acct.toString(authUser.user),
+					parsedKeyId: signature.keyId,
+					foundKeyId: authUser.key.keyId,
+					httpSignatureValid: httpSignatureIsValid,
+				});
+			}
 		}
 
-		// HTTP-Signatureの検証
-		const httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
-
-		// また、signatureのsignerは、activity.actorと一致する必要がある
-		if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {
+		if (
+			authUser == null ||
+			httpSignatureIsValid !== true ||
+			authUser.user.uri !== actorUri // 一応チェック
+		) {
 			// 一致しなくても、でもLD-Signatureがありそうならそっちも見る
 			const ldSignature = activity.signature;
-			if (ldSignature) {
+
+			if (ldSignature && ldSignature.creator) {
 				if (ldSignature.type !== 'RsaSignature2017') {
 					throw new Bull.UnrecoverableError(`skip: unsupported LD-signature type ${ldSignature.type}`);
 				}
 
-				// ldSignature.creator: https://example.oom/users/user#main-key
-				// みたいになっててUserを引っ張れば公開キーも入ることを期待する
-				if (ldSignature.creator) {
-					const candicate = ldSignature.creator.replace(/#.*/, '');
-					await this.apPersonService.resolvePerson(candicate).catch(() => null);
+				if (ldSignature.creator.toLowerCase().startsWith('acct:')) {
+					throw new Bull.UnrecoverableError(`old key not supported ${ldSignature.creator}`);
 				}
 
-				// keyIdからLD-Signatureのユーザーを取得
-				authUser = await this.apDbResolverService.getAuthUserFromKeyId(ldSignature.creator);
+				authUser = await this.apDbResolverService.getAuthUserFromApId(actorUri, ldSignature.creator);
+
 				if (authUser == null) {
-					throw new Bull.UnrecoverableError('skip: LD-Signatureのユーザーが取得できませんでした');
+					throw new Bull.UnrecoverableError(`skip: LD-Signatureのactorとcreatorが一致しませんでした uri=${actorUri} creator=${ldSignature.creator}`);
+				}
+				if (authUser.user == null) {
+					throw new Bull.UnrecoverableError(`skip: LD-Signatureのユーザーが取得できませんでした uri=${actorUri} creator=${ldSignature.creator}`);
+				}
+				// 一応actorチェック
+				if (authUser.user.uri !== actorUri) {
+					throw new Bull.UnrecoverableError(`skip: LD-Signature user(${authUser.user.uri}) !== activity.actor(${actorUri})`);
 				}
-
 				if (authUser.key == null) {
-					throw new Bull.UnrecoverableError('skip: LD-SignatureのユーザーはpublicKeyを持っていませんでした');
+					throw new Bull.UnrecoverableError(`skip: LD-SignatureのユーザーはpublicKeyを持っていませんでした uri=${actorUri} creator=${ldSignature.creator}`);
 				}
 
 				const jsonLd = this.jsonLdService.use();
@@ -152,13 +163,27 @@ export class InboxProcessorService implements OnApplicationShutdown {
 					throw new Bull.UnrecoverableError('skip: LD-Signatureの検証に失敗しました');
 				}
 
+				// ブロックしてたら中断
+				const ldHost = this.utilityService.extractDbHost(authUser.user.uri);
+				if (this.utilityService.isFederationAllowedHost(ldHost)) {
+					throw new Bull.UnrecoverableError(`Blocked request: ${ldHost}`);
+				}
+
 				// アクティビティを正規化
+				// GHSA-2vxv-pv3m-3wvj
 				delete activity.signature;
 				try {
 					activity = await jsonLd.compact(activity) as IActivity;
 				} catch (e) {
 					throw new Bull.UnrecoverableError(`skip: failed to compact activity: ${e}`);
 				}
+
+				// actorが正規化前後で一致しているか確認
+				actorUri = getApId(activity.actor);
+				if (authUser.user.uri !== actorUri) {
+					throw new Bull.UnrecoverableError(`skip: LD-Signature user(${authUser.user.uri}) !== activity(after normalization).actor(${actorUri})`);
+				}
+
 				// TODO: 元のアクティビティと非互換な形に正規化される場合は転送をスキップする
 				// https://github.com/mastodon/mastodon/blob/664b0ca/app/services/activitypub/process_collection_service.rb#L24-L29
 				activity.signature = ldSignature;
@@ -168,18 +193,8 @@ export class InboxProcessorService implements OnApplicationShutdown {
 				delete compactedInfo['@context'];
 				this.logger.debug(`compacted: ${JSON.stringify(compactedInfo, null, 2)}`);
 				//#endregion
-
-				// もう一度actorチェック
-				if (authUser.user.uri !== activity.actor) {
-					throw new Bull.UnrecoverableError(`skip: LD-Signature user(${authUser.user.uri}) !== activity.actor(${activity.actor})`);
-				}
-
-				const ldHost = this.utilityService.extractDbHost(authUser.user.uri);
-				if (!this.utilityService.isFederationAllowedHost(ldHost)) {
-					throw new Bull.UnrecoverableError(`Blocked request: ${ldHost}`);
-				}
 			} else {
-				throw new Bull.UnrecoverableError(`skip: http-signature verification failed and no LD-Signature. keyId=${signature.keyId}`);
+				throw new Error(`http-signature verification failed and no LD-Signature. http_signature_keyId=${signature?.keyId}`);
 			}
 		}
 

packages/backend/src/queue/types.ts

@@ -9,7 +9,24 @@ import type { MiNote } from '@/models/Note.js';
 import type { MiUser } from '@/models/User.js';
 import type { MiWebhook } from '@/models/Webhook.js';
 import type { IActivity } from '@/core/activitypub/type.js';
-import type httpSignature from '@peertube/http-signature';
+import type { ParsedSignature, PrivateKeyWithPem } from '@misskey-dev/node-http-message-signatures';
+
+/**
+ * @peertube/http-signature 時代の古いデータにも対応しておく
+ * TODO: 2026年ぐらいには消す
+ */
+export interface OldParsedSignature {
+	scheme: 'Signature';
+	params: {
+		keyId: string;
+		algorithm: string;
+		headers: string[];
+		signature: string;
+	};
+	signingString: string;
+	algorithm: string;
+	keyId: string;
+}
 
 export type DeliverJobData = {
 	/** Actor */
@@ -22,11 +39,13 @@ export type DeliverJobData = {
 	to: string;
 	/** whether it is sharedInbox */
 	isSharedInbox: boolean;
+	/** force to use main (rsa) key */
+	privateKey?: PrivateKeyWithPem;
 };
 
 export type InboxJobData = {
 	activity: IActivity;
-	signature: httpSignature.IParsedSignature;
+	signature: ParsedSignature | OldParsedSignature | null;
 };
 
 export type RelationshipJobData = {

packages/backend/src/server/ActivityPubServerService.ts

@@ -3,11 +3,10 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
-import * as crypto from 'node:crypto';
 import { IncomingMessage } from 'node:http';
 import { Inject, Injectable } from '@nestjs/common';
 import fastifyAccepts from '@fastify/accepts';
-import httpSignature from '@peertube/http-signature';
+import { verifyDigestHeader, parseRequestSignature } from '@misskey-dev/node-http-message-signatures';
 import { Brackets, In, IsNull, LessThan, Not } from 'typeorm';
 import accepts from 'accepts';
 import vary from 'vary';
@@ -29,6 +28,8 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { bindThis } from '@/decorators.js';
 import { IActivity } from '@/core/activitypub/type.js';
 import { isQuote, isRenote } from '@/misc/is-renote.js';
+import { LoggerService } from '@/core/LoggerService.js';
+import Logger from '@/logger.js';
 import * as Acct from '@/misc/acct.js';
 import type { FastifyInstance, FastifyRequest, FastifyReply, FastifyPluginOptions, FastifyBodyParser } from 'fastify';
 import type { FindOptionsWhere } from 'typeorm';
@@ -38,6 +39,9 @@ const LD_JSON = 'application/ld+json; profile="https://www.w3.org/ns/activitystr
 
 @Injectable()
 export class ActivityPubServerService {
+	private logger: Logger;
+	private inboxLogger: Logger;
+
 	constructor(
 		@Inject(DI.config)
 		private config: Config,
@@ -72,8 +76,11 @@ export class ActivityPubServerService {
 		private queueService: QueueService,
 		private userKeypairService: UserKeypairService,
 		private queryService: QueryService,
+		private loggerService: LoggerService,
 	) {
 		//this.createServer = this.createServer.bind(this);
+		this.logger = this.loggerService.getLogger('server-ap', 'gray');
+		this.inboxLogger = this.logger.createSubLogger('inbox', 'gray');
 	}
 
 	@bindThis
@@ -101,70 +108,48 @@ export class ActivityPubServerService {
 	}
 
 	@bindThis
-	private inbox(request: FastifyRequest, reply: FastifyReply) {
-		let signature;
+	private async inbox(request: FastifyRequest, reply: FastifyReply) {
+		if (request.body == null) {
+			this.inboxLogger.warn('request body is empty');
+			reply.code(400);
+			return;
+		}
+
+		let signature: ReturnType<typeof parseRequestSignature>;
+
+		const verifyDigest = await verifyDigestHeader(request.raw, request.rawBody || '', true);
+		if (verifyDigest !== true) {
+			this.inboxLogger.warn('digest verification failed');
+			reply.code(401);
+			return;
+		}
 
 		try {
-			signature = httpSignature.parseRequest(request.raw, { 'headers': [] });
-		} catch (e) {
+			signature = parseRequestSignature(request.raw, {
+				requiredInputs: {
+					draft: ['(request-target)', 'digest', 'host', 'date'],
+				},
+				clockSkew: {
+					forward: 300_000,
+					delay: 300_000,
+				},
+			});
+		} catch (err) {
+			this.inboxLogger.warn('signature header parsing failed', { err });
+
+			if (typeof request.body === 'object' && 'signature' in request.body) {
+				// LD SignatureがあればOK
+				this.queueService.inbox(request.body as IActivity, null);
+				reply.code(202);
+				return;
+			}
+
+			this.inboxLogger.warn('signature header parsing failed and LD signature not found');
 			reply.code(401);
 			return;
 		}
 
-		if (signature.params.headers.indexOf('host') === -1
-			|| request.headers.host !== this.config.host) {
-			// Host not specified or not match.
-			reply.code(401);
-			return;
-		}
-
-		if (signature.params.headers.indexOf('digest') === -1) {
-			// Digest not found.
-			reply.code(401);
-		} else {
-			const digest = request.headers.digest;
-
-			if (typeof digest !== 'string') {
-				// Huh?
-				reply.code(401);
-				return;
-			}
-
-			const re = /^([a-zA-Z0-9\-]+)=(.+)$/;
-			const match = digest.match(re);
-
-			if (match == null) {
-				// Invalid digest
-				reply.code(401);
-				return;
-			}
-
-			const algo = match[1].toUpperCase();
-			const digestValue = match[2];
-
-			if (algo !== 'SHA-256') {
-				// Unsupported digest algorithm
-				reply.code(401);
-				return;
-			}
-
-			if (request.rawBody == null) {
-				// Bad request
-				reply.code(400);
-				return;
-			}
-
-			const hash = crypto.createHash('sha256').update(request.rawBody).digest('base64');
-
-			if (hash !== digestValue) {
-				// Invalid digest
-				reply.code(401);
-				return;
-			}
-		}
-
 		this.queueService.inbox(request.body as IActivity, signature);
-
 		reply.code(202);
 	}
 
@@ -651,7 +636,7 @@ export class ActivityPubServerService {
 			if (this.userEntityService.isLocalUser(user)) {
 				reply.header('Cache-Control', 'public, max-age=180');
 				this.setResponseType(request, reply);
-				return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair)));
+				return (this.apRendererService.addContext(this.apRendererService.renderKey(user, keypair.publicKey)));
 			} else {
 				reply.code(400);
 				return;

packages/backend/src/server/NodeinfoServerService.ts

@@ -94,6 +94,13 @@ export class NodeinfoServerService {
 					localComments: 0,
 				},
 				metadata: {
+					/**
+					 * '00': Draft, RSA only
+					 * '01': Draft, Ed25519 suported
+					 * '11': RFC 9421, Ed25519 supported
+					 */
+					httpMessageSignaturesImplementationLevel: '01',
+
 					nodeName: meta.name,
 					nodeDescription: meta.description,
 					nodeAdmins: [{

packages/backend/src/server/api/EndpointsModule.ts

@@ -187,6 +187,7 @@ import * as ep___following_invalidate from './endpoints/following/invalidate.js'
 import * as ep___following_requests_accept from './endpoints/following/requests/accept.js';
 import * as ep___following_requests_cancel from './endpoints/following/requests/cancel.js';
 import * as ep___following_requests_list from './endpoints/following/requests/list.js';
+import * as ep___following_requests_sent from './endpoints/following/requests/sent.js';
 import * as ep___following_requests_reject from './endpoints/following/requests/reject.js';
 import * as ep___gallery_featured from './endpoints/gallery/featured.js';
 import * as ep___gallery_popular from './endpoints/gallery/popular.js';
@@ -574,6 +575,7 @@ const $following_invalidate: Provider = { provide: 'ep:following/invalidate', us
 const $following_requests_accept: Provider = { provide: 'ep:following/requests/accept', useClass: ep___following_requests_accept.default };
 const $following_requests_cancel: Provider = { provide: 'ep:following/requests/cancel', useClass: ep___following_requests_cancel.default };
 const $following_requests_list: Provider = { provide: 'ep:following/requests/list', useClass: ep___following_requests_list.default };
+const $following_requests_sent: Provider = { provide: 'ep:following/requests/sent', useClass: ep___following_requests_sent.default };
 const $following_requests_reject: Provider = { provide: 'ep:following/requests/reject', useClass: ep___following_requests_reject.default };
 const $gallery_featured: Provider = { provide: 'ep:gallery/featured', useClass: ep___gallery_featured.default };
 const $gallery_popular: Provider = { provide: 'ep:gallery/popular', useClass: ep___gallery_popular.default };
@@ -965,6 +967,7 @@ const $reversi_verify: Provider = { provide: 'ep:reversi/verify', useClass: ep__
 		$following_requests_accept,
 		$following_requests_cancel,
 		$following_requests_list,
+		$following_requests_sent,
 		$following_requests_reject,
 		$gallery_featured,
 		$gallery_popular,

packages/backend/src/server/api/endpoints.ts

@@ -193,6 +193,7 @@ import * as ep___following_invalidate from './endpoints/following/invalidate.js'
 import * as ep___following_requests_accept from './endpoints/following/requests/accept.js';
 import * as ep___following_requests_cancel from './endpoints/following/requests/cancel.js';
 import * as ep___following_requests_list from './endpoints/following/requests/list.js';
+import * as ep___following_requests_sent from './endpoints/following/requests/sent.js';
 import * as ep___following_requests_reject from './endpoints/following/requests/reject.js';
 import * as ep___gallery_featured from './endpoints/gallery/featured.js';
 import * as ep___gallery_popular from './endpoints/gallery/popular.js';
@@ -578,6 +579,7 @@ const eps = [
 	['following/requests/accept', ep___following_requests_accept],
 	['following/requests/cancel', ep___following_requests_cancel],
 	['following/requests/list', ep___following_requests_list],
+	['following/requests/sent', ep___following_requests_sent],
 	['following/requests/reject', ep___following_requests_reject],
 	['gallery/featured', ep___gallery_featured],
 	['gallery/popular', ep___gallery_popular],

packages/backend/src/server/api/endpoints/admin/accounts/delete.ts

@@ -46,7 +46,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				throw new Error('cannot delete a root account');
 			}
 
-			await this.deleteAccoountService.deleteAccount(user);
+			await this.deleteAccoountService.deleteAccount(user, me);
 		});
 	}
 }

packages/backend/src/server/api/endpoints/admin/announcements/create.ts

@@ -55,7 +55,7 @@ export const paramDef = {
 	properties: {
 		title: { type: 'string', minLength: 1 },
 		text: { type: 'string', minLength: 1 },
-		imageUrl: { type: 'string', nullable: true, minLength: 1 },
+		imageUrl: { type: 'string', nullable: true, minLength: 0 },
 		icon: { type: 'string', enum: ['info', 'warning', 'error', 'success'], default: 'info' },
 		display: { type: 'string', enum: ['normal', 'banner', 'dialog'], default: 'normal' },
 		forExistingUsers: { type: 'boolean', default: false },
@@ -76,7 +76,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				updatedAt: null,
 				title: ps.title,
 				text: ps.text,
-				imageUrl: ps.imageUrl,
+				/* eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing -- 空の文字列の場合、nullを渡すようにするため */
+				imageUrl: ps.imageUrl || null,
 				icon: ps.icon,
 				display: ps.display,
 				forExistingUsers: ps.forExistingUsers,

packages/backend/src/server/api/endpoints/admin/delete-account.ts

@@ -33,13 +33,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 		private deleteAccountService: DeleteAccountService,
 	) {
-		super(meta, paramDef, async (ps) => {
+		super(meta, paramDef, async (ps, me) => {
 			const user = await this.usersRepository.findOneByOrFail({ id: ps.userId });
 			if (user.isDeleted) {
 				return;
 			}
 
-			await this.deleteAccountService.deleteAccount(user);
+			await this.deleteAccountService.deleteAccount(user, me);
 		});
 	}
 }

packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts

@@ -55,7 +55,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			const res = [] as [string, number][];
 
 			for (const job of jobs) {
-				const host = new URL(job.data.signature.keyId).host;
+				const signature = job.data.signature ? 'version' in job.data.signature ? job.data.signature.value : job.data.signature : null;
+				const host = signature ? Array.isArray(signature) ? 'TODO' : new URL(signature.keyId).host : new URL(job.data.activity.actor).host;
 				if (res.find(x => x[0] === host)) {
 					res.find(x => x[0] === host)![1]++;
 				} else {

packages/backend/src/server/api/endpoints/admin/show-user.ts

@@ -11,6 +11,9 @@ import { RoleService } from '@/core/RoleService.js';
 import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
 import { IdService } from '@/core/IdService.js';
 import { notificationRecieveConfig } from '@/models/json-schema/user.js';
+import { ApDbResolverService } from '@/core/activitypub/ApDbResolverService.js';
+import { UserEntityService } from '@/core/entities/UserEntityService.js';
+import { UserKeypairService } from '@/core/UserKeypairService.js';
 
 export const meta = {
 	tags: ['admin'],
@@ -176,6 +179,53 @@ export const meta = {
 					},
 				},
 			},
+			publicKeys: {
+				type: 'array',
+				optional: false, nullable: true,
+				items: {
+					type: 'object',
+					properties: {
+						userId: {
+							type: 'string',
+							optional: false, nullable: false,
+						},
+						keyId: {
+							type: 'string',
+							optional: false, nullable: false,
+						},
+						keyPem: {
+							type: 'string',
+							optional: false, nullable: false,
+						},
+					},
+				},
+			},
+			keyPairs: {
+				type: 'object',
+				optional: false, nullable: true,
+				properties: {
+					userId: {
+						type: 'string',
+						optional: false, nullable: false,
+					},
+					publicKey: {
+						type: 'string',
+						optional: false, nullable: false,
+					},
+					privateKey: {
+						type: 'string',
+						optional: false, nullable: false,
+					},
+					ed25519PublicKey: {
+						type: 'string',
+						optional: false, nullable: true,
+					},
+					ed25519PrivateKey: {
+						type: 'string',
+						optional: false, nullable: true,
+					},
+				},
+			},
 		},
 	},
 } as const;
@@ -203,6 +253,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private roleService: RoleService,
 		private roleEntityService: RoleEntityService,
 		private idService: IdService,
+		private apDbResolverService: ApDbResolverService,
+		private userEntityService: UserEntityService,
+		private userKeypairService: UserKeypairService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
 			const [user, profile] = await Promise.all([
@@ -256,6 +309,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 					expiresAt: a.expiresAt ? a.expiresAt.toISOString() : null,
 					roleId: a.roleId,
 				})),
+				publicKeys: this.userEntityService.isRemoteUser(user) ? await this.apDbResolverService.getPublicKeyByUserId(user.id) : null,
+				keyPairs: this.userEntityService.isLocalUser(user) ? await this.userKeypairService.getUserKeypair(user.id) : null,
 			};
 		});
 	}

packages/backend/src/server/api/endpoints/following/requests/sent.ts

@@ -0,0 +1,77 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import { QueryService } from '@/core/QueryService.js';
+import type { FollowRequestsRepository } from '@/models/_.js';
+import { FollowRequestEntityService } from '@/core/entities/FollowRequestEntityService.js';
+import { DI } from '@/di-symbols.js';
+
+export const meta = {
+	tags: ['following', 'account'],
+
+	requireCredential: true,
+
+	kind: 'read:following',
+
+	res: {
+		type: 'array',
+		optional: false, nullable: false,
+		items: {
+			type: 'object',
+			optional: false, nullable: false,
+			properties: {
+				id: {
+					type: 'string',
+					optional: false, nullable: false,
+					format: 'id',
+				},
+				follower: {
+					type: 'object',
+					optional: false, nullable: false,
+					ref: 'UserLite',
+				},
+				followee: {
+					type: 'object',
+					optional: false, nullable: false,
+					ref: 'UserLite',
+				},
+			},
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		sinceId: { type: 'string', format: 'misskey:id' },
+		untilId: { type: 'string', format: 'misskey:id' },
+		limit: { type: 'integer', minimum: 1, maximum: 100, default: 10 },
+	},
+	required: [],
+} as const;
+
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
+	constructor(
+		@Inject(DI.followRequestsRepository)
+		private followRequestsRepository: FollowRequestsRepository,
+
+		private followRequestEntityService: FollowRequestEntityService,
+		private queryService: QueryService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const query = this.queryService.makePaginationQuery(this.followRequestsRepository.createQueryBuilder('request'), ps.sinceId, ps.untilId)
+				.andWhere('request.followerId = :meId', { meId: me.id });
+
+			const requests = await query
+				.limit(ps.limit)
+				.getMany();
+
+			return await this.followRequestEntityService.packMany(requests, me);
+		});
+	}
+}

packages/backend/test/e2e/timelines.ts

@@ -397,7 +397,7 @@ describe('Timelines', () => {
 			assert.strictEqual(res.body.some(note => note.id === bobNote2.id), true);
 			assert.strictEqual(res.body.some(note => note.id === carolNote1.id), false);
 			assert.strictEqual(res.body.some(note => note.id === carolNote2.id), false);
-		}, 1000 * 10);
+		});
 
 		test.concurrent('フォローしているユーザーのチャンネル投稿が含まれない', async () => {
 			const [alice, bob] = await Promise.all([signup(), signup()]);
@@ -744,7 +744,7 @@ describe('Timelines', () => {
 
 			assert.strictEqual(res.body.some(note => note.id === bobNote1.id), false);
 			assert.strictEqual(res.body.some(note => note.id === bobNote2.id), true);
-		}, 1000 * 10);
+		});
 	});
 
 	describe('Social TL', () => {
@@ -955,7 +955,7 @@ describe('Timelines', () => {
 
 			assert.strictEqual(res.body.some(note => note.id === bobNote1.id), false);
 			assert.strictEqual(res.body.some(note => note.id === bobNote2.id), true);
-		}, 1000 * 10);
+		});
 	});
 
 	describe('User List TL', () => {
@@ -1168,7 +1168,7 @@ describe('Timelines', () => {
 
 			assert.strictEqual(res.body.some(note => note.id === bobNote1.id), false);
 			assert.strictEqual(res.body.some(note => note.id === bobNote2.id), true);
-		}, 1000 * 10);
+		});
 
 		test.concurrent('リスインしているユーザーの自身宛ての visibility: specified なノートが含まれる', async () => {
 			const [alice, bob] = await Promise.all([signup(), signup()]);
@@ -1327,7 +1327,7 @@ describe('Timelines', () => {
 
 			assert.strictEqual(res.body.some(note => note.id === bobNote1.id), false);
 			assert.strictEqual(res.body.some(note => note.id === bobNote2.id), true);
-		}, 1000 * 10);
+		});
 
 		test.concurrent('[withChannelNotes: true] チャンネル投稿が含まれる', async () => {
 			const [alice, bob] = await Promise.all([signup(), signup()]);

packages/backend/test/misc/mock-resolver.ts

@@ -14,6 +14,7 @@ import type { InstanceActorService } from '@/core/InstanceActorService.js';
 import type { LoggerService } from '@/core/LoggerService.js';
 import type { MetaService } from '@/core/MetaService.js';
 import type { UtilityService } from '@/core/UtilityService.js';
+import type { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
 import { bindThis } from '@/decorators.js';
 import type {
 	FollowRequestsRepository,
@@ -48,6 +49,7 @@ export class MockResolver extends Resolver {
 			{} as HttpRequestService,
 			{} as ApRendererService,
 			{} as ApDbResolverService,
+			{} as FederatedInstanceService,
 			loggerService,
 		);
 	}

packages/backend/test/unit/FetchInstanceMetadataService.ts

@@ -75,62 +75,61 @@ describe('FetchInstanceMetadataService', () => {
 	test('Lock and update', async () => {
 		redisClient.set = mockRedis();
 		const now = Date.now();
-		federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: { getTime: () => { return now - 10 * 1000 * 60 * 60 * 24; } } } as any);
+		federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: new Date(now - 10 * 1000 * 60 * 60 * 24) } as any);
 		httpRequestService.getJson.mockImplementation(() => { throw Error(); });
 		const tryLockSpy = jest.spyOn(fetchInstanceMetadataService, 'tryLock');
 		const unlockSpy = jest.spyOn(fetchInstanceMetadataService, 'unlock');
 
 		await fetchInstanceMetadataService.fetchInstanceMetadata({ host: 'example.com' } as any);
+		expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(1);
 		expect(tryLockSpy).toHaveBeenCalledTimes(1);
 		expect(unlockSpy).toHaveBeenCalledTimes(1);
-		expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(1);
 		expect(httpRequestService.getJson).toHaveBeenCalled();
 	});
 
-	test('Lock and don\'t update', async () => {
+	test('Don\'t lock and update if recently updated', async () => {
 		redisClient.set = mockRedis();
-		const now = Date.now();
-		federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: { getTime: () => now } } as any);
+		federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: new Date() } as any);
 		httpRequestService.getJson.mockImplementation(() => { throw Error(); });
 		const tryLockSpy = jest.spyOn(fetchInstanceMetadataService, 'tryLock');
 		const unlockSpy = jest.spyOn(fetchInstanceMetadataService, 'unlock');
 
 		await fetchInstanceMetadataService.fetchInstanceMetadata({ host: 'example.com' } as any);
-		expect(tryLockSpy).toHaveBeenCalledTimes(1);
-		expect(unlockSpy).toHaveBeenCalledTimes(1);
 		expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(1);
+		expect(tryLockSpy).toHaveBeenCalledTimes(0);
+		expect(unlockSpy).toHaveBeenCalledTimes(0);
 		expect(httpRequestService.getJson).toHaveBeenCalledTimes(0);
 	});
 
 	test('Do nothing when lock not acquired', async () => {
 		redisClient.set = mockRedis();
 		const now = Date.now();
-		federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: { getTime: () => now - 10 * 1000 * 60 * 60 * 24 } } as any);
+		federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: new Date(now - 10 * 1000 * 60 * 60 * 24) } as any);
 		httpRequestService.getJson.mockImplementation(() => { throw Error(); });
 		await fetchInstanceMetadataService.tryLock('example.com');
 		const tryLockSpy = jest.spyOn(fetchInstanceMetadataService, 'tryLock');
 		const unlockSpy = jest.spyOn(fetchInstanceMetadataService, 'unlock');
 
 		await fetchInstanceMetadataService.fetchInstanceMetadata({ host: 'example.com' } as any);
+		expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(1);
 		expect(tryLockSpy).toHaveBeenCalledTimes(1);
 		expect(unlockSpy).toHaveBeenCalledTimes(0);
-		expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(0);
 		expect(httpRequestService.getJson).toHaveBeenCalledTimes(0);
 	});
 
-	test('Do when lock not acquired but forced', async () => {
+	test('Do when forced', async () => {
 		redisClient.set = mockRedis();
 		const now = Date.now();
-		federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: { getTime: () => now - 10 * 1000 * 60 * 60 * 24 } } as any);
+		federatedInstanceService.fetchOrRegister.mockResolvedValue({ infoUpdatedAt: new Date(now - 10 * 1000 * 60 * 60 * 24) } as any);
 		httpRequestService.getJson.mockImplementation(() => { throw Error(); });
 		await fetchInstanceMetadataService.tryLock('example.com');
 		const tryLockSpy = jest.spyOn(fetchInstanceMetadataService, 'tryLock');
 		const unlockSpy = jest.spyOn(fetchInstanceMetadataService, 'unlock');
 
 		await fetchInstanceMetadataService.fetchInstanceMetadata({ host: 'example.com' } as any, true);
+		expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(0);
 		expect(tryLockSpy).toHaveBeenCalledTimes(0);
 		expect(unlockSpy).toHaveBeenCalledTimes(1);
-		expect(federatedInstanceService.fetchOrRegister).toHaveBeenCalledTimes(0);
 		expect(httpRequestService.getJson).toHaveBeenCalled();
 	});
 });

packages/backend/test/unit/ap-request.ts

@@ -4,10 +4,8 @@
  */
 
 import * as assert from 'assert';
-import httpSignature from '@peertube/http-signature';
-
-import { genRsaKeyPair } from '@/misc/gen-key-pair.js';
-import { ApRequestCreator } from '@/core/activitypub/ApRequestService.js';
+import { verifyDraftSignature, parseRequestSignature, genEd25519KeyPair, genRsaKeyPair, importPrivateKey } from '@misskey-dev/node-http-message-signatures';
+import { createSignedGet, createSignedPost } from '@/core/activitypub/ApRequestService.js';
 
 export const buildParsedSignature = (signingString: string, signature: string, algorithm: string) => {
 	return {
@@ -24,38 +22,68 @@ export const buildParsedSignature = (signingString: string, signature: string, a
 	};
 };
 
-describe('ap-request', () => {
-	test('createSignedPost with verify', async () => {
-		const keypair = await genRsaKeyPair();
-		const key = { keyId: 'x', 'privateKeyPem': keypair.privateKey };
-		const url = 'https://example.com/inbox';
-		const activity = { a: 1 };
-		const body = JSON.stringify(activity);
-		const headers = {
-			'User-Agent': 'UA',
-		};
+async function getKeyPair(level: string) {
+	if (level === '00') {
+		return await genRsaKeyPair();
+	} else if (level === '01') {
+		return await genEd25519KeyPair();
+	}
+	throw new Error('Invalid level');
+}
 
-		const req = ApRequestCreator.createSignedPost({ key, url, body, additionalHeaders: headers });
+describe('ap-request post', () => {
+	const url = 'https://example.com/inbox';
+	const activity = { a: 1 };
+	const body = JSON.stringify(activity);
+	const headers = {
+		'User-Agent': 'UA',
+	};
 
-		const parsed = buildParsedSignature(req.signingString, req.signature, 'rsa-sha256');
+	describe.each(['00', '01'])('createSignedPost with verify', (level) => {
+		test('pem', async () => {
+			const keypair = await getKeyPair(level);
+			const key = { keyId: 'x', 'privateKeyPem': keypair.privateKey };
 
-		const result = httpSignature.verifySignature(parsed, keypair.publicKey);
-		assert.deepStrictEqual(result, true);
-	});
+			const req = await createSignedPost({ level, key, url, body, additionalHeaders: headers });
 
-	test('createSignedGet with verify', async () => {
-		const keypair = await genRsaKeyPair();
-		const key = { keyId: 'x', 'privateKeyPem': keypair.privateKey };
-		const url = 'https://example.com/outbox';
-		const headers = {
-			'User-Agent': 'UA',
-		};
+			const parsed = parseRequestSignature(req.request);
+			expect(parsed.version).toBe('draft');
+			expect(Array.isArray(parsed.value)).toBe(false);
+			const verify = await verifyDraftSignature(parsed.value as any, keypair.publicKey);
+			assert.deepStrictEqual(verify, true);
+		});
+		test('imported', async () => {
+			const keypair = await getKeyPair(level);
+			const key = { keyId: 'x', 'privateKey': await importPrivateKey(keypair.privateKey) };
 
-		const req = ApRequestCreator.createSignedGet({ key, url, additionalHeaders: headers });
+			const req = await createSignedPost({ level, key, url, body, additionalHeaders: headers });
 
-		const parsed = buildParsedSignature(req.signingString, req.signature, 'rsa-sha256');
-
-		const result = httpSignature.verifySignature(parsed, keypair.publicKey);
-		assert.deepStrictEqual(result, true);
+			const parsed = parseRequestSignature(req.request);
+			expect(parsed.version).toBe('draft');
+			expect(Array.isArray(parsed.value)).toBe(false);
+			const verify = await verifyDraftSignature(parsed.value as any, keypair.publicKey);
+			assert.deepStrictEqual(verify, true);
+		});
+	});
+});
+
+describe('ap-request get', () => {
+	describe.each(['00', '01'])('createSignedGet with verify', (level) => {
+		test('pass', async () => {
+			const keypair = await getKeyPair(level);
+			const key = { keyId: 'x', 'privateKeyPem': keypair.privateKey };
+			const url = 'https://example.com/outbox';
+			const headers = {
+				'User-Agent': 'UA',
+			};
+
+			const req = await createSignedGet({ level, key, url, additionalHeaders: headers });
+
+			const parsed = parseRequestSignature(req.request);
+			expect(parsed.version).toBe('draft');
+			expect(Array.isArray(parsed.value)).toBe(false);
+			const verify = await verifyDraftSignature(parsed.value as any, keypair.publicKey);
+			assert.deepStrictEqual(verify, true);
+		});
 	});
 });

packages/frontend-embed/package.json

@@ -14,11 +14,11 @@
 		"@discordapp/twemoji": "15.1.0",
 		"@rollup/plugin-json": "6.1.0",
 		"@rollup/plugin-replace": "5.0.7",
-		"@rollup/pluginutils": "5.1.2",
+		"@rollup/pluginutils": "5.1.3",
 		"@tabler/icons-webfont": "3.3.0",
 		"@twemoji/parser": "15.1.1",
-		"@vitejs/plugin-vue": "5.1.4",
-		"@vue/compiler-sfc": "3.5.11",
+		"@vitejs/plugin-vue": "5.2.0",
+		"@vue/compiler-sfc": "3.5.12",
 		"astring": "1.9.0",
 		"buraha": "0.0.1",
 		"estree-walker": "3.0.3",
@@ -26,47 +26,47 @@
 		"misskey-js": "workspace:*",
 		"frontend-shared": "workspace:*",
 		"punycode": "2.3.1",
-		"rollup": "4.22.5",
+		"rollup": "4.26.0",
 		"sass": "1.79.4",
-		"shiki": "1.21.0",
+		"shiki": "1.22.2",
 		"tinycolor2": "1.6.0",
 		"tsc-alias": "1.8.10",
 		"tsconfig-paths": "4.2.0",
-		"typescript": "5.6.2",
+		"typescript": "5.6.3",
 		"uuid": "10.0.0",
 		"json5": "2.2.3",
-		"vite": "5.4.8",
-		"vue": "3.5.11"
+		"vite": "5.4.11",
+		"vue": "3.5.12"
 	},
 	"devDependencies": {
 		"@misskey-dev/summaly": "5.1.0",
 		"@testing-library/vue": "8.1.0",
 		"@types/estree": "1.0.6",
 		"@types/micromatch": "4.0.9",
-		"@types/node": "20.14.12",
+		"@types/node": "22.9.0",
 		"@types/punycode": "2.1.4",
 		"@types/tinycolor2": "1.4.6",
 		"@types/uuid": "10.0.0",
-		"@types/ws": "8.5.12",
+		"@types/ws": "8.5.13",
 		"@typescript-eslint/eslint-plugin": "7.17.0",
 		"@typescript-eslint/parser": "7.17.0",
 		"@vitest/coverage-v8": "1.6.0",
-		"@vue/runtime-core": "3.5.11",
-		"acorn": "8.12.1",
+		"@vue/runtime-core": "3.5.12",
+		"acorn": "8.14.0",
 		"cross-env": "7.0.3",
 		"eslint-plugin-import": "2.31.0",
-		"eslint-plugin-vue": "9.28.0",
+		"eslint-plugin-vue": "9.31.0",
 		"fast-glob": "3.3.2",
 		"happy-dom": "10.0.3",
 		"intersection-observer": "0.12.2",
 		"micromatch": "4.0.8",
-		"msw": "2.3.4",
+		"msw": "2.6.4",
 		"nodemon": "3.1.7",
 		"prettier": "3.3.3",
 		"start-server-and-test": "2.0.8",
 		"vite-plugin-turbosnap": "1.0.3",
-		"vue-component-type-helpers": "2.1.6",
+		"vue-component-type-helpers": "2.1.10",
 		"vue-eslint-parser": "9.4.3",
-		"vue-tsc": "2.1.6"
+		"vue-tsc": "2.1.10"
 	}
 }