Compare commits
9 Commits
4546cd99d6
...
254e9fa91c
| Author | SHA1 | Date |
|---|---|---|
饺子w (Yumechi)
|
254e9fa91c | |
github-actions[bot]
|
752606fe88 | |
かっこかり
|
7f0ae038d4 | |
syuilo
|
9871035597 | |
|
github-actions[bot]
|
a21a2c52d7 | |
|
かっこかり
|
c1f19fad1e | |
|
かっこかり
|
3a6c2aa835 | |
|
かっこかり
|
53e827b18c | |
eternal-flame-AD
|
f767c22cc1 |
|
|
@ -8,9 +8,9 @@
|
|||
### General
|
||||
- Feat: コンテンツの表示にログインを必須にできるように
|
||||
- Feat: 過去のノートを非公開化/フォロワーのみ表示可能にできるように
|
||||
- Fix: お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 ( #14976 )
|
||||
- Enhance: 依存関係の更新
|
||||
- Enhance: l10nの更新
|
||||
- Fix: お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 ( #14976 )
|
||||
|
||||
### Client
|
||||
- Enhance: Bull DashboardでRelationship Queueの状態も確認できるように
|
||||
|
|
@ -51,6 +51,7 @@
|
|||
(Based on https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/588)
|
||||
(Cherry-picked from https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/715)
|
||||
- Enhance: リモートユーザーの照会をオリジナルにリダイレクトするように
|
||||
- Enhance: アクセストークンでアカウントを作成できるように
|
||||
- Fix: sharedInboxが無いActorに紐づくリモートユーザーを照会できない
|
||||
- Fix: Aproving request from GtS appears with some delay
|
||||
- Fix: フォロワーへのメッセージの絵文字をemojisに含めるように
|
||||
|
|
@ -67,6 +68,7 @@
|
|||
- Fix: User Webhookテスト機能のMock Payloadを修正
|
||||
- Fix: アカウント削除のモデレーションログが動作していないのを修正 (#14996)
|
||||
- Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正
|
||||
- Fix: セキュリティに関する修正
|
||||
|
||||
### Misskey.js
|
||||
- Fix: Stream初期化時、別途WebSocketを指定する場合の型定義を修正
|
||||
|
|
|
|||
|
|
@ -2121,6 +2121,7 @@ _permissions:
|
|||
"read:flash-likes": "View list of liked Plays"
|
||||
"write:flash-likes": "Edit list of liked Plays"
|
||||
"read:admin:abuse-user-reports": "View user reports"
|
||||
"write:admin:create-account": "Create user account"
|
||||
"write:admin:delete-account": "Delete user account"
|
||||
"write:admin:delete-all-files-of-a-user": "Delete all files of a user"
|
||||
"read:admin:index-stats": "View database index stats"
|
||||
|
|
|
|||
|
|
@ -8250,6 +8250,10 @@ export interface Locale extends ILocale {
|
|||
* ユーザーからの通報を見る
|
||||
*/
|
||||
"read:admin:abuse-user-reports": string;
|
||||
/**
|
||||
* ユーザーアカウントを作成する
|
||||
*/
|
||||
"write:admin:create-account": string;
|
||||
/**
|
||||
* ユーザーアカウントを削除する
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -2166,6 +2166,7 @@ _permissions:
|
|||
"read:flash-likes": "Playのいいねを見る"
|
||||
"write:flash-likes": "Playのいいねを操作する"
|
||||
"read:admin:abuse-user-reports": "ユーザーからの通報を見る"
|
||||
"write:admin:create-account": "ユーザーアカウントを作成する"
|
||||
"write:admin:delete-account": "ユーザーアカウントを削除する"
|
||||
"write:admin:delete-all-files-of-a-user": "ユーザーのすべてのファイルを削除する"
|
||||
"read:admin:index-stats": "データベースインデックスに関する情報を見る"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "misskey",
|
||||
"version": "2024.11.0-alpha.2",
|
||||
"version": "2024.11.0-beta.4",
|
||||
"codename": "nasubi",
|
||||
"repository": {
|
||||
"type": "git",
|
||||
|
|
|
|||
|
|
@ -54,19 +54,19 @@ class HttpRequestServiceAgent extends http.Agent {
|
|||
}
|
||||
});
|
||||
return socket;
|
||||
};
|
||||
}
|
||||
|
||||
@bindThis
|
||||
private isPrivateIp(ip: string): boolean {
|
||||
const parsedIp = ipaddr.parse(ip);
|
||||
|
||||
|
||||
for (const net of this.config.allowedPrivateNetworks ?? []) {
|
||||
const cidr = ipaddr.parseCIDR(net);
|
||||
if (cidr[0].kind() === parsedIp.kind() && parsedIp.match(ipaddr.parseCIDR(net))) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return parsedIp.range() !== 'unicast';
|
||||
}
|
||||
}
|
||||
|
|
@ -93,19 +93,19 @@ class HttpsRequestServiceAgent extends https.Agent {
|
|||
}
|
||||
});
|
||||
return socket;
|
||||
};
|
||||
}
|
||||
|
||||
@bindThis
|
||||
private isPrivateIp(ip: string): boolean {
|
||||
const parsedIp = ipaddr.parse(ip);
|
||||
|
||||
|
||||
for (const net of this.config.allowedPrivateNetworks ?? []) {
|
||||
const cidr = ipaddr.parseCIDR(net);
|
||||
if (cidr[0].kind() === parsedIp.kind() && parsedIp.match(ipaddr.parseCIDR(net))) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return parsedIp.range() !== 'unicast';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ export class RemoteUserResolveService {
|
|||
}) as MiLocalUser;
|
||||
}
|
||||
|
||||
host = this.utilityService.punyHost(host);
|
||||
host = this.utilityService.toPuny(host);
|
||||
|
||||
if (host === this.utilityService.toPuny(this.config.host)) {
|
||||
this.logger.info(`return local user: ${usernameLower}`);
|
||||
|
|
|
|||
|
|
@ -130,6 +130,7 @@ export class ApInboxService {
|
|||
if (actor.uri) {
|
||||
if (actor.lastFetchedAt == null || Date.now() - actor.lastFetchedAt.getTime() > 1000 * 60 * 60 * 24) {
|
||||
setImmediate(() => {
|
||||
// 同一ユーザーの情報を再度処理するので、使用済みのresolverを再利用してはいけない
|
||||
this.apPersonService.updatePerson(actor.uri);
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -163,13 +163,16 @@ export class ApPersonService implements OnModuleInit {
|
|||
}
|
||||
|
||||
for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) {
|
||||
const collectionUri = getApId((x as IActor)[collection]);
|
||||
if (typeof collectionUri === 'string' && collectionUri.length > 0) {
|
||||
if (this.utilityService.punyHost(collectionUri) !== expectHost) {
|
||||
throw new Error(`invalid Actor: ${collection} has different host`);
|
||||
const xCollection = (x as IActor)[collection];
|
||||
if (xCollection != null) {
|
||||
const collectionUri = getApId(xCollection);
|
||||
if (typeof collectionUri === 'string' && collectionUri.length > 0) {
|
||||
if (this.utilityService.punyHost(collectionUri) !== expectHost) {
|
||||
throw new Error(`invalid Actor: ${collection} has different host`);
|
||||
}
|
||||
} else if (collectionUri != null) {
|
||||
throw new Error(`invalid Actor: wrong ${collection}`);
|
||||
}
|
||||
} else if (collectionUri != null) {
|
||||
throw new Error(`invalid Actor: wrong ${collection}`);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,18 +15,21 @@ import { DI } from '@/di-symbols.js';
|
|||
import type { Config } from '@/config.js';
|
||||
import { ApiError } from '@/server/api/error.js';
|
||||
import { Packed } from '@/misc/json-schema.js';
|
||||
import { RoleService } from '@/core/RoleService.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['admin'],
|
||||
|
||||
errors: {
|
||||
accessDenied: {
|
||||
httpStatusCode: 403,
|
||||
message: 'Access denied.',
|
||||
code: 'ACCESS_DENIED',
|
||||
id: '1fb7cb09-d46a-4fff-b8df-057708cce513',
|
||||
},
|
||||
|
||||
wrongInitialPassword: {
|
||||
httpStatusCode: 401,
|
||||
message: 'Initial password is incorrect.',
|
||||
code: 'INCORRECT_INITIAL_PASSWORD',
|
||||
id: '97147c55-1ae1-4f6f-91d6-e1c3e0e76d62',
|
||||
|
|
@ -65,6 +68,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
@Inject(DI.usersRepository)
|
||||
private usersRepository: UsersRepository,
|
||||
|
||||
private roleService: RoleService,
|
||||
private userEntityService: UserEntityService,
|
||||
private signupService: SignupService,
|
||||
private instanceActorService: InstanceActorService,
|
||||
|
|
@ -85,8 +89,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
// 初期パスワードが設定されていないのに初期パスワードが入力された場合
|
||||
throw new ApiError(meta.errors.wrongInitialPassword);
|
||||
}
|
||||
} else if ((realUsers && !me?.isRoot) || token !== null) {
|
||||
// 初回セットアップではなく、管理者でない場合 or 外部トークンを使用している場合
|
||||
} else if (!(me?.isRoot) && !await this.roleService.isAdministrator(me)) {
|
||||
// 管理者でない場合
|
||||
throw new ApiError(meta.errors.accessDenied);
|
||||
} else if (token && !token?.permission.includes('write:admin:create-account')) {
|
||||
// access token を使うときは write:admin:create-account 権限が必要
|
||||
throw new ApiError(meta.errors.accessDenied);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -137,10 +137,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
if (local != null) return local;
|
||||
}
|
||||
|
||||
// 同一ユーザーの情報を再度処理するので、使用済みのresolverを再利用してはいけない
|
||||
return await this.mergePack(
|
||||
me,
|
||||
isActor(object) ? await this.apPersonService.createPerson(getApId(object)) : null,
|
||||
isPost(object) ? await this.apNoteService.createNote(getApId(object), undefined, resolver) : null,
|
||||
isPost(object) ? await this.apNoteService.createNote(getApId(object), undefined, undefined, true) : null,
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ proxyBypassHosts:
|
|||
- challenges.cloudflare.com
|
||||
proxyRemoteFiles: true
|
||||
signToActivityPubGet: true
|
||||
allowedPrivateNetworks: [
|
||||
'127.0.0.1/32',
|
||||
'172.20.0.0/16'
|
||||
]
|
||||
allowedPrivateNetworks:
|
||||
- 127.0.0.1/32
|
||||
- 172.20.0.0/16
|
||||
|
|
|
|||
|
|
@ -0,0 +1,88 @@
|
|||
/*
|
||||
* SPDX-FileCopyrightText: syuilo and misskey-project
|
||||
* SPDX-License-Identifier: AGPL-3.0-only
|
||||
*/
|
||||
|
||||
process.env.NODE_ENV = 'test';
|
||||
|
||||
import * as assert from 'assert';
|
||||
|
||||
import type * as misskey from 'misskey-js';
|
||||
import { api, role, signup } from '../utils.js';
|
||||
|
||||
describe('Admin Create User', () => {
|
||||
let admin: misskey.entities.SignupResponse;
|
||||
let user: misskey.entities.SignupResponse;
|
||||
let formerAdmin: misskey.entities.SignupResponse;
|
||||
let adminRole : misskey.entities.Role;
|
||||
let formerAdminRole : misskey.entities.Role;
|
||||
|
||||
beforeAll(async () => {
|
||||
admin = await signup({ username: 'admin' });
|
||||
formerAdmin = await signup({ username: 'former_admin' });
|
||||
user = await signup({ username: 'user' });
|
||||
adminRole = await role(admin, {
|
||||
name: 'admin',
|
||||
isAdministrator: true
|
||||
});
|
||||
formerAdminRole = await role(admin, {
|
||||
name: 'former_admin',
|
||||
isAdministrator: true
|
||||
});
|
||||
const addAdminRole = await api('admin/roles/assign', {
|
||||
userId: admin.id,
|
||||
roleId: adminRole.id
|
||||
}, admin);
|
||||
assert.strictEqual(addAdminRole.status, 204);
|
||||
|
||||
const addFormerAdminRole = await api('admin/roles/assign', {
|
||||
userId: formerAdmin.id,
|
||||
roleId: formerAdminRole.id
|
||||
}, admin);
|
||||
assert.strictEqual(addFormerAdminRole.status, 204);
|
||||
}, 1000 * 60 * 2);
|
||||
|
||||
test('Create User', async () => {
|
||||
const newUser1 = await api('admin/accounts/create', {
|
||||
username: 'new_user1',
|
||||
password: 'password',
|
||||
}, admin);
|
||||
assert.strictEqual(newUser1.status, 200);
|
||||
|
||||
const newUser2 = await api('admin/accounts/create', {
|
||||
username: 'new_user2',
|
||||
password: 'password',
|
||||
}, formerAdmin);
|
||||
assert.strictEqual(newUser2.status, 200);
|
||||
|
||||
const newUser3 = await api('admin/accounts/create', {
|
||||
username: 'new_user3',
|
||||
password: 'password',
|
||||
}, user);
|
||||
assert.strictEqual(newUser3.status, 403);
|
||||
});
|
||||
|
||||
test('Revoking Admin Role', async () => {
|
||||
const res = await api('admin/roles/delete', {roleId: formerAdminRole.id}, admin);
|
||||
assert.strictEqual(res.status, 204);
|
||||
|
||||
const res2 = await api('admin/roles/delete', {roleId: adminRole.id}, formerAdmin);
|
||||
assert.strictEqual(res2.status, 403);
|
||||
});
|
||||
|
||||
test('Revoked User Should Not Create User', async () => {
|
||||
const newUser4 = await api('admin/accounts/create', {
|
||||
username: 'new_user4',
|
||||
password: 'password',
|
||||
}, formerAdmin);
|
||||
|
||||
assert.strictEqual(newUser4.status, 403);
|
||||
|
||||
const newUser5 = await api('admin/accounts/create', {
|
||||
username: 'new_user5',
|
||||
password: 'password',
|
||||
}, admin);
|
||||
|
||||
assert.strictEqual(newUser5.status, 200);
|
||||
});
|
||||
})
|
||||
|
|
@ -176,7 +176,7 @@ describe('ActivityPub', () => {
|
|||
resolver.register(actor.id, actor);
|
||||
resolver.register(post.id, post);
|
||||
|
||||
const note = await noteService.createNote(post.id, resolver, true);
|
||||
const note = await noteService.createNote(post.id, undefined, resolver, true);
|
||||
|
||||
assert.deepStrictEqual(note?.uri, post.id);
|
||||
assert.deepStrictEqual(note.visibility, 'public');
|
||||
|
|
@ -336,7 +336,7 @@ describe('ActivityPub', () => {
|
|||
resolver.register(actor.featured, featured);
|
||||
resolver.register(firstNote.id, firstNote);
|
||||
|
||||
const note = await noteService.createNote(firstNote.id as string, resolver);
|
||||
const note = await noteService.createNote(firstNote.id as string, undefined, resolver);
|
||||
assert.strictEqual(note?.uri, firstNote.id);
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -2880,7 +2880,7 @@ type PartialRolePolicyOverride = Partial<{
|
|||
}>;
|
||||
|
||||
// @public (undocumented)
|
||||
export const permissions: readonly ["read:account", "write:account", "read:blocks", "write:blocks", "read:drive", "write:drive", "read:favorites", "write:favorites", "read:following", "write:following", "read:messaging", "write:messaging", "read:mutes", "write:mutes", "write:notes", "read:notifications", "write:notifications", "read:reactions", "write:reactions", "write:votes", "read:pages", "write:pages", "write:page-likes", "read:page-likes", "read:user-groups", "write:user-groups", "read:channels", "write:channels", "read:gallery", "write:gallery", "read:gallery-likes", "write:gallery-likes", "read:flash", "write:flash", "read:flash-likes", "write:flash-likes", "read:admin:abuse-user-reports", "write:admin:delete-account", "write:admin:delete-all-files-of-a-user", "read:admin:index-stats", "read:admin:table-stats", "read:admin:user-ips", "read:admin:meta", "write:admin:reset-password", "write:admin:resolve-abuse-user-report", "write:admin:send-email", "read:admin:server-info", "read:admin:show-moderation-log", "read:admin:show-user", "write:admin:suspend-user", "write:admin:unset-user-avatar", "write:admin:unset-user-banner", "write:admin:unsuspend-user", "write:admin:meta", "write:admin:user-note", "write:admin:roles", "read:admin:roles", "write:admin:relays", "read:admin:relays", "write:admin:invite-codes", "read:admin:invite-codes", "write:admin:announcements", "read:admin:announcements", "write:admin:avatar-decorations", "read:admin:avatar-decorations", "write:admin:federation", "write:admin:account", "read:admin:account", "write:admin:emoji", "read:admin:emoji", "write:admin:queue", "read:admin:queue", "write:admin:promo", "write:admin:drive", "read:admin:drive", "write:admin:ad", "read:admin:ad", "write:invite-codes", "read:invite-codes", "write:clip-favorite", "read:clip-favorite", "read:federation", "write:report-abuse"];
|
||||
export const permissions: readonly ["read:account", "write:account", "read:blocks", "write:blocks", "read:drive", "write:drive", "read:favorites", "write:favorites", "read:following", "write:following", "read:messaging", "write:messaging", "read:mutes", "write:mutes", "write:notes", "read:notifications", "write:notifications", "read:reactions", "write:reactions", "write:votes", "read:pages", "write:pages", "write:page-likes", "read:page-likes", "read:user-groups", "write:user-groups", "read:channels", "write:channels", "read:gallery", "write:gallery", "read:gallery-likes", "write:gallery-likes", "read:flash", "write:flash", "read:flash-likes", "write:flash-likes", "read:admin:abuse-user-reports", "write:admin:create-account", "write:admin:delete-account", "write:admin:delete-all-files-of-a-user", "read:admin:index-stats", "read:admin:table-stats", "read:admin:user-ips", "read:admin:meta", "write:admin:reset-password", "write:admin:resolve-abuse-user-report", "write:admin:send-email", "read:admin:server-info", "read:admin:show-moderation-log", "read:admin:show-user", "write:admin:suspend-user", "write:admin:unset-user-avatar", "write:admin:unset-user-banner", "write:admin:unsuspend-user", "write:admin:meta", "write:admin:user-note", "write:admin:roles", "read:admin:roles", "write:admin:relays", "read:admin:relays", "write:admin:invite-codes", "read:admin:invite-codes", "write:admin:announcements", "read:admin:announcements", "write:admin:avatar-decorations", "read:admin:avatar-decorations", "write:admin:federation", "write:admin:account", "read:admin:account", "write:admin:emoji", "read:admin:emoji", "write:admin:queue", "read:admin:queue", "write:admin:promo", "write:admin:drive", "read:admin:drive", "write:admin:ad", "read:admin:ad", "write:invite-codes", "read:invite-codes", "write:clip-favorite", "read:clip-favorite", "read:federation", "write:report-abuse"];
|
||||
|
||||
// @public (undocumented)
|
||||
type PingResponse = operations['ping']['responses']['200']['content']['application/json'];
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"type": "module",
|
||||
"name": "misskey-js",
|
||||
"version": "2024.11.0-alpha.2",
|
||||
"version": "2024.11.0-beta.4",
|
||||
"description": "Misskey SDK for JavaScript",
|
||||
"license": "MIT",
|
||||
"main": "./built/index.js",
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ export const permissions = [
|
|||
'read:flash-likes',
|
||||
'write:flash-likes',
|
||||
'read:admin:abuse-user-reports',
|
||||
'write:admin:create-account',
|
||||
'write:admin:delete-account',
|
||||
'write:admin:delete-all-files-of-a-user',
|
||||
'read:admin:index-stats',
|
||||
|
|
|
|||
Loading…
Reference in New Issue