Compare commits

..

11 Commits

Author SHA1 Message Date
dependabot[bot] e26ba8a110
Merge abae4537bf into 752606fe88 2024-11-21 08:22:11 +00:00
github-actions[bot] 752606fe88 Bump version to 2024.11.0-beta.4 2024-11-21 08:21:54 +00:00
かっこかり 7f0ae038d4
Update CHANGELOG.md 2024-11-21 17:16:06 +09:00
syuilo 9871035597
Update CHANGELOG.md 2024-11-21 15:41:01 +09:00
github-actions[bot] a21a2c52d7 Bump version to 2024.11.0-alpha.3 2024-11-21 06:27:16 +00:00
dependabot[bot] abae4537bf
chore(deps-dev): bump the typescript-eslint group across 1 directory with 2 updates
Bumps the typescript-eslint group with 2 updates in the / directory: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser).


Updates `@typescript-eslint/eslint-plugin` from 7.1.0 to 8.15.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.15.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 7.1.0 to 8.15.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.15.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: typescript-eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: typescript-eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-21 06:11:09 +00:00
かっこかり c1f19fad1e
fix(backend): fix apResolver (#15010)
* fix(backend): fix apResolver

* fix

* add comments

* tweak comment
2024-11-21 14:36:24 +09:00
かっこかり 3a6c2aa835
fix(backend): fix type error(s) in security fixes (#15009)
* Fix type error in security fixes

(cherry picked from commit fa3cf6c2996741e642955c5e2fca8ad785e83205)

* Fix error in test function calls

(cherry picked from commit 1758f29364eca3cbd13dbb5c84909c93712b3b3b)

* Fix style error

(cherry picked from commit 23c4aa25714af145098baa7edd74c1d217e51c1a)

* Fix another style error

(cherry picked from commit 36af07abe28bec670aaebf9f5af5694bb582c29a)

* Fix `.punyHost` misuse

(cherry picked from commit 6027b516e1c82324d55d6e54d0e17cbd816feb42)

* attempt to fix test: make yaml valid

---------

Co-authored-by: Julia Johannesen <julia@insertdomain.name>
2024-11-21 12:10:02 +09:00
かっこかり 53e827b18c
fix(backend): fix security patches (#15008) 2024-11-21 10:30:30 +09:00
syuilo 0f59adc436 fix ap/show 2024-11-21 09:25:18 +09:00
syuilo 9fdabe3666 fix(backend): use atomic command to improve security
Co-Authored-By: Acid Chicken <root@acid-chicken.com>
2024-11-21 09:22:15 +09:00
11 changed files with 29 additions and 26 deletions

View File

@ -8,9 +8,9 @@
### General
- Feat: コンテンツの表示にログインを必須にできるように
- Feat: 過去のノートを非公開化/フォロワーのみ表示可能にできるように
- Fix: お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 ( #14976 )
- Enhance: 依存関係の更新
- Enhance: l10nの更新
- Fix: お知らせ作成時に画像URL入力欄を空欄に変更できないのを修正 ( #14976 )
### Client
- Enhance: Bull DashboardでRelationship Queueの状態も確認できるように
@ -67,6 +67,7 @@
- Fix: User Webhookテスト機能のMock Payloadを修正
- Fix: アカウント削除のモデレーションログが動作していないのを修正 (#14996)
- Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正
- Fix: セキュリティに関する修正
### Misskey.js
- Fix: Stream初期化時、別途WebSocketを指定する場合の型定義を修正

View File

@ -1,6 +1,6 @@
{
"name": "misskey",
"version": "2024.11.0-alpha.2",
"version": "2024.11.0-beta.4",
"codename": "nasubi",
"repository": {
"type": "git",

View File

@ -54,7 +54,7 @@ class HttpRequestServiceAgent extends http.Agent {
}
});
return socket;
};
}
@bindThis
private isPrivateIp(ip: string): boolean {
@ -93,7 +93,7 @@ class HttpsRequestServiceAgent extends https.Agent {
}
});
return socket;
};
}
@bindThis
private isPrivateIp(ip: string): boolean {

View File

@ -54,7 +54,7 @@ export class RemoteUserResolveService {
}) as MiLocalUser;
}
host = this.utilityService.punyHost(host);
host = this.utilityService.toPuny(host);
if (host === this.utilityService.toPuny(this.config.host)) {
this.logger.info(`return local user: ${usernameLower}`);

View File

@ -246,14 +246,12 @@ export class WebAuthnService {
@bindThis
public async verifyAuthentication(userId: MiUser['id'], response: AuthenticationResponseJSON): Promise<boolean> {
const challenge = await this.redisClient.get(`webauthn:challenge:${userId}`);
const challenge = await this.redisClient.getdel(`webauthn:challenge:${userId}`);
if (!challenge) {
throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', 'challenge not found');
}
await this.redisClient.del(`webauthn:challenge:${userId}`);
const key = await this.userSecurityKeysRepository.findOneBy({
id: response.id,
userId: userId,

View File

@ -130,6 +130,7 @@ export class ApInboxService {
if (actor.uri) {
if (actor.lastFetchedAt == null || Date.now() - actor.lastFetchedAt.getTime() > 1000 * 60 * 60 * 24) {
setImmediate(() => {
// 同一ユーザーの情報を再度処理するので、使用済みのresolverを再利用してはいけない
this.apPersonService.updatePerson(actor.uri);
});
}

View File

@ -163,13 +163,16 @@ export class ApPersonService implements OnModuleInit {
}
for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) {
const collectionUri = getApId((x as IActor)[collection]);
if (typeof collectionUri === 'string' && collectionUri.length > 0) {
if (this.utilityService.punyHost(collectionUri) !== expectHost) {
throw new Error(`invalid Actor: ${collection} has different host`);
const xCollection = (x as IActor)[collection];
if (xCollection != null) {
const collectionUri = getApId(xCollection);
if (typeof collectionUri === 'string' && collectionUri.length > 0) {
if (this.utilityService.punyHost(collectionUri) !== expectHost) {
throw new Error(`invalid Actor: ${collection} has different host`);
}
} else if (collectionUri != null) {
throw new Error(`invalid Actor: wrong ${collection}`);
}
} else if (collectionUri != null) {
throw new Error(`invalid Actor: wrong ${collection}`);
}
}

View File

@ -137,10 +137,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
if (local != null) return local;
}
// 同一ユーザーの情報を再度処理するので、使用済みのresolverを再利用してはいけない
return await this.mergePack(
me,
isActor(object) ? await this.apPersonService.createPerson(getApId(object)) : null,
isPost(object) ? await this.apNoteService.createNote(getApId(object), undefined, true) : null,
isPost(object) ? await this.apNoteService.createNote(getApId(object), undefined, undefined, true) : null,
);
}

View File

@ -19,7 +19,6 @@ proxyBypassHosts:
- challenges.cloudflare.com
proxyRemoteFiles: true
signToActivityPubGet: true
allowedPrivateNetworks: [
'127.0.0.1/32',
'172.20.0.0/16'
]
allowedPrivateNetworks:
- 127.0.0.1/32
- 172.20.0.0/16

View File

@ -176,7 +176,7 @@ describe('ActivityPub', () => {
resolver.register(actor.id, actor);
resolver.register(post.id, post);
const note = await noteService.createNote(post.id, resolver, true);
const note = await noteService.createNote(post.id, undefined, resolver, true);
assert.deepStrictEqual(note?.uri, post.id);
assert.deepStrictEqual(note.visibility, 'public');
@ -336,7 +336,7 @@ describe('ActivityPub', () => {
resolver.register(actor.featured, featured);
resolver.register(firstNote.id, firstNote);
const note = await noteService.createNote(firstNote.id as string, resolver);
const note = await noteService.createNote(firstNote.id as string, undefined, resolver);
assert.strictEqual(note?.uri, firstNote.id);
});
});

View File

@ -1,7 +1,7 @@
{
"type": "module",
"name": "misskey-js",
"version": "2024.11.0-alpha.2",
"version": "2024.11.0-beta.4",
"description": "Misskey SDK for JavaScript",
"license": "MIT",
"main": "./built/index.js",