Compare commits

..

1 Commits

Author SHA1 Message Date
おさむのひと f3e2795da9
Merge add32485fe into 090e9392cd 2024-11-21 08:38:57 +09:00
11 changed files with 25 additions and 28 deletions

View File

@ -72,7 +72,6 @@
- Fix: User Webhookテスト機能のMock Payloadを修正 - Fix: User Webhookテスト機能のMock Payloadを修正
- Fix: アカウント削除のモデレーションログが動作していないのを修正 (#14996) - Fix: アカウント削除のモデレーションログが動作していないのを修正 (#14996)
- Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正 - Fix: リノートミュートが新規投稿通知に対して作用していなかった問題を修正
- Fix: セキュリティに関する修正
### Misskey.js ### Misskey.js
- Fix: Stream初期化時、別途WebSocketを指定する場合の型定義を修正 - Fix: Stream初期化時、別途WebSocketを指定する場合の型定義を修正

View File

@ -1,6 +1,6 @@
{ {
"name": "misskey", "name": "misskey",
"version": "2024.11.0-alpha.3", "version": "2024.11.0-alpha.2",
"codename": "nasubi", "codename": "nasubi",
"repository": { "repository": {
"type": "git", "type": "git",

View File

@ -54,19 +54,19 @@ class HttpRequestServiceAgent extends http.Agent {
} }
}); });
return socket; return socket;
} };
@bindThis @bindThis
private isPrivateIp(ip: string): boolean { private isPrivateIp(ip: string): boolean {
const parsedIp = ipaddr.parse(ip); const parsedIp = ipaddr.parse(ip);
for (const net of this.config.allowedPrivateNetworks ?? []) { for (const net of this.config.allowedPrivateNetworks ?? []) {
const cidr = ipaddr.parseCIDR(net); const cidr = ipaddr.parseCIDR(net);
if (cidr[0].kind() === parsedIp.kind() && parsedIp.match(ipaddr.parseCIDR(net))) { if (cidr[0].kind() === parsedIp.kind() && parsedIp.match(ipaddr.parseCIDR(net))) {
return false; return false;
} }
} }
return parsedIp.range() !== 'unicast'; return parsedIp.range() !== 'unicast';
} }
} }
@ -93,19 +93,19 @@ class HttpsRequestServiceAgent extends https.Agent {
} }
}); });
return socket; return socket;
} };
@bindThis @bindThis
private isPrivateIp(ip: string): boolean { private isPrivateIp(ip: string): boolean {
const parsedIp = ipaddr.parse(ip); const parsedIp = ipaddr.parse(ip);
for (const net of this.config.allowedPrivateNetworks ?? []) { for (const net of this.config.allowedPrivateNetworks ?? []) {
const cidr = ipaddr.parseCIDR(net); const cidr = ipaddr.parseCIDR(net);
if (cidr[0].kind() === parsedIp.kind() && parsedIp.match(ipaddr.parseCIDR(net))) { if (cidr[0].kind() === parsedIp.kind() && parsedIp.match(ipaddr.parseCIDR(net))) {
return false; return false;
} }
} }
return parsedIp.range() !== 'unicast'; return parsedIp.range() !== 'unicast';
} }
} }

View File

@ -54,7 +54,7 @@ export class RemoteUserResolveService {
}) as MiLocalUser; }) as MiLocalUser;
} }
host = this.utilityService.toPuny(host); host = this.utilityService.punyHost(host);
if (host === this.utilityService.toPuny(this.config.host)) { if (host === this.utilityService.toPuny(this.config.host)) {
this.logger.info(`return local user: ${usernameLower}`); this.logger.info(`return local user: ${usernameLower}`);

View File

@ -246,12 +246,14 @@ export class WebAuthnService {
@bindThis @bindThis
public async verifyAuthentication(userId: MiUser['id'], response: AuthenticationResponseJSON): Promise<boolean> { public async verifyAuthentication(userId: MiUser['id'], response: AuthenticationResponseJSON): Promise<boolean> {
const challenge = await this.redisClient.getdel(`webauthn:challenge:${userId}`); const challenge = await this.redisClient.get(`webauthn:challenge:${userId}`);
if (!challenge) { if (!challenge) {
throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', 'challenge not found'); throw new IdentifiableError('2d16e51c-007b-4edd-afd2-f7dd02c947f6', 'challenge not found');
} }
await this.redisClient.del(`webauthn:challenge:${userId}`);
const key = await this.userSecurityKeysRepository.findOneBy({ const key = await this.userSecurityKeysRepository.findOneBy({
id: response.id, id: response.id,
userId: userId, userId: userId,

View File

@ -130,7 +130,6 @@ export class ApInboxService {
if (actor.uri) { if (actor.uri) {
if (actor.lastFetchedAt == null || Date.now() - actor.lastFetchedAt.getTime() > 1000 * 60 * 60 * 24) { if (actor.lastFetchedAt == null || Date.now() - actor.lastFetchedAt.getTime() > 1000 * 60 * 60 * 24) {
setImmediate(() => { setImmediate(() => {
// 同一ユーザーの情報を再度処理するので、使用済みのresolverを再利用してはいけない
this.apPersonService.updatePerson(actor.uri); this.apPersonService.updatePerson(actor.uri);
}); });
} }

View File

@ -163,16 +163,13 @@ export class ApPersonService implements OnModuleInit {
} }
for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) { for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) {
const xCollection = (x as IActor)[collection]; const collectionUri = getApId((x as IActor)[collection]);
if (xCollection != null) { if (typeof collectionUri === 'string' && collectionUri.length > 0) {
const collectionUri = getApId(xCollection); if (this.utilityService.punyHost(collectionUri) !== expectHost) {
if (typeof collectionUri === 'string' && collectionUri.length > 0) { throw new Error(`invalid Actor: ${collection} has different host`);
if (this.utilityService.punyHost(collectionUri) !== expectHost) {
throw new Error(`invalid Actor: ${collection} has different host`);
}
} else if (collectionUri != null) {
throw new Error(`invalid Actor: wrong ${collection}`);
} }
} else if (collectionUri != null) {
throw new Error(`invalid Actor: wrong ${collection}`);
} }
} }

View File

@ -137,11 +137,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
if (local != null) return local; if (local != null) return local;
} }
// 同一ユーザーの情報を再度処理するので、使用済みのresolverを再利用してはいけない
return await this.mergePack( return await this.mergePack(
me, me,
isActor(object) ? await this.apPersonService.createPerson(getApId(object)) : null, isActor(object) ? await this.apPersonService.createPerson(getApId(object)) : null,
isPost(object) ? await this.apNoteService.createNote(getApId(object), undefined, undefined, true) : null, isPost(object) ? await this.apNoteService.createNote(getApId(object), undefined, true) : null,
); );
} }

View File

@ -19,6 +19,7 @@ proxyBypassHosts:
- challenges.cloudflare.com - challenges.cloudflare.com
proxyRemoteFiles: true proxyRemoteFiles: true
signToActivityPubGet: true signToActivityPubGet: true
allowedPrivateNetworks: allowedPrivateNetworks: [
- 127.0.0.1/32 '127.0.0.1/32',
- 172.20.0.0/16 '172.20.0.0/16'
]

View File

@ -176,7 +176,7 @@ describe('ActivityPub', () => {
resolver.register(actor.id, actor); resolver.register(actor.id, actor);
resolver.register(post.id, post); resolver.register(post.id, post);
const note = await noteService.createNote(post.id, undefined, resolver, true); const note = await noteService.createNote(post.id, resolver, true);
assert.deepStrictEqual(note?.uri, post.id); assert.deepStrictEqual(note?.uri, post.id);
assert.deepStrictEqual(note.visibility, 'public'); assert.deepStrictEqual(note.visibility, 'public');
@ -336,7 +336,7 @@ describe('ActivityPub', () => {
resolver.register(actor.featured, featured); resolver.register(actor.featured, featured);
resolver.register(firstNote.id, firstNote); resolver.register(firstNote.id, firstNote);
const note = await noteService.createNote(firstNote.id as string, undefined, resolver); const note = await noteService.createNote(firstNote.id as string, resolver);
assert.strictEqual(note?.uri, firstNote.id); assert.strictEqual(note?.uri, firstNote.id);
}); });
}); });

View File

@ -1,7 +1,7 @@
{ {
"type": "module", "type": "module",
"name": "misskey-js", "name": "misskey-js",
"version": "2024.11.0-alpha.3", "version": "2024.11.0-alpha.2",
"description": "Misskey SDK for JavaScript", "description": "Misskey SDK for JavaScript",
"license": "MIT", "license": "MIT",
"main": "./built/index.js", "main": "./built/index.js",