1
0
Commit Graph

3277 Commits

Author SHA1 Message Date
Marie cb3f5f598d Update instance.ts 2025-05-05 17:33:27 +00:00
Marie e2be44fb99 change regex to include a zero-length match 2025-05-05 13:03:39 +00:00
Marie 581cc2b513 remove http/https protocol 2025-05-05 13:00:31 +00:00
Julia Johannesen ac905118cc Merge branch 'stable' into merge-stable-into-develop 2025-04-27 16:19:44 -04:00
Julia Johannesen 35df3944c1 Update summaly 2025-04-27 13:31:27 -04:00
Julia Johannesen 0bb4e57b0c Security fixes
Co-Authored-By: dakkar <dakkar@thenautilus.net>
2025-04-27 13:05:09 -04:00
piuvas 6df82f4eef remove redundant sql query. 2025-04-20 23:21:50 -03:00
piuvas 06fb6fbeca requested changes. 2025-04-20 23:20:59 -03:00
piuvas 8609426e71 remove fortnite. 2025-04-20 14:21:44 -03:00
piuvas 46fa99fc28 requested changes to verifyFieldLinks
Co-authored-by: dakkar <dakkar@thenautilus.net>
2025-04-20 12:34:00 -03:00
piuvas 1d9876d3fa make link detection slightly more performant. 2025-04-19 23:20:21 -03:00
piuvas 8a60c7df02 verify links in remote profiles. 2025-04-19 23:10:27 -03:00
piuvas 6a77512737 refactor link verification. 2025-04-19 23:04:48 -03:00
Marie 28ad2ae534 fix: friendlycaptcha always failing 2025-04-15 20:13:16 +00:00
Marie 4f64803ef2 merge: make MOTD html unescaped. (requires discussion?) (!759)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/759

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
2025-04-15 07:45:51 +00:00
Zlendy ce26d8d3cb feat: Allow injection of raw HTML strings inside <head> 2025-04-11 22:56:26 +02:00
Marie 865a9c4906 merge: Prevent streaming API denial-of-service (resolves #1019) (!951)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/951

Closes #1019

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
2025-03-30 10:40:56 +00:00
dakkar 3a6bba3306 merge: Remove visibility of DMs for non-recipient users (!912)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/912

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>
2025-03-30 09:20:54 +00:00
Hazelnoot 922a7ba1d4 track the number of concurrent requests to redis, and bypass if the request is guaranteed to reject 2025-03-29 09:47:05 -04:00
Hazelnoot 47ea8527fd fix wsmessage rate limit definition 2025-03-29 09:44:38 -04:00
Hazelnoot fafb811333 increase limits on WS note subscriptions and cached notes 2025-03-28 11:44:29 -04:00
Hazelnoot 86e34175d3 SkRateLimiterService revision 3: cache lockouts in memory to avoid redis calls 2025-03-28 11:43:30 -04:00
Hazelnoot c41d617e63 limit the number of active connections per client, and limit upgrade requests by user 2025-03-28 11:03:31 -04:00
Hazelnoot eff7321860 avoid duplicate channels in WS connection 2025-03-28 11:03:31 -04:00
Hazelnoot 14a7309cfb avoid leaking cached notes in WS connection 2025-03-28 11:03:31 -04:00
Hazelnoot 045ff5d2c0 make sure that note subscriptions can't stay above limit 2025-03-28 11:03:31 -04:00
Hazelnoot b8fd9d0bc0 clear subscriptions when connection closes 2025-03-28 11:03:31 -04:00
Hazelnoot 831329499d limit the number of note subscriptions per connection 2025-03-28 11:03:31 -04:00
Hazelnoot bf1c9b67d6 close websocket when rate limit exceeded 2025-03-28 11:03:31 -04:00
Hazelnoot 18655386f3 convert streaming rate limit to bucket 2025-03-28 11:03:31 -04:00
dakkar 920bf71eb5 merge: More Mastodon API fixes (resolves #405, #471, and #984) (!954)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/954

Closes #405, #471, and #984

Approved-by: Marie <github@yuugi.dev>
Approved-by: dakkar <dakkar@thenautilus.net>
2025-03-28 12:45:54 +00:00
Hazelnoot 848a07a170 Ignore notifications that reference missing notes 2025-03-27 20:30:04 -04:00
Hazelnoot a92416904f use exclusive ranges in api/i/notifications and /api/v1/notifications 2025-03-27 20:20:42 -04:00
Hazelnoot 58cdee77d5 convert notification types in mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot 8a9979b3d3 don't render CW as HTML for mastodon 2025-03-27 19:51:43 -04:00
Hazelnoot ebc3abea54 hide sensitive content from Discord previews 2025-03-27 19:51:43 -04:00
Hazelnoot 36dee5ff20 render profile bios in masto API 2025-03-27 19:51:43 -04:00
Hazelnoot 81f7346f80 fixes to CW and quote conversion for mastodon 2025-03-27 19:51:43 -04:00
Hazelnoot 1fa290c3eb handle errors in mastodon search endpoints 2025-03-27 19:51:43 -04:00
Hazelnoot 971bc6fd3e improve mastodon API error handling 2025-03-27 19:51:43 -04:00
Hazelnoot a81a00e94d rename MastodonConverters.ts to matching naming scheme 2025-03-27 19:51:43 -04:00
Hazelnoot 4754942301 add additional required CORS headers for masto-api requests 2025-03-27 19:51:43 -04:00
Hazelnoot 984be9e7aa enable local timeline in Phanpy clients 2025-03-27 19:51:43 -04:00
Hazelnoot 3c54680860 support reactions in mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot fbdee815da remove unused async from toMastoApiHtml / fromMastoApiHtml 2025-03-27 19:51:43 -04:00
Hazelnoot 8d67a8c9ae don't log query parameters from mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot fc1d0c958c support Mastodon v4 "link header" pagination 2025-03-27 19:51:43 -04:00
Hazelnoot 3d8930f070 implement /api/v1/favourites 2025-03-27 19:51:43 -04:00
Hazelnoot cac8377e4e fix empty response from /api/v1/notifications 2025-03-27 19:51:43 -04:00
Hazelnoot 178fe16f68 fix empty response from /api/v1/blocks 2025-03-27 19:51:43 -04:00