1
0
Commit Graph

1882 Commits

Author SHA1 Message Date
dakkar ec404fd3ce remove leftover debug line 2025-04-30 20:30:52 +01:00
dakkar 58c0ac6c89 check signatures with and without query - fix #1036
@Oneric explained:

> Spec says query params must be included in the signature; Mastodon
> being Mastodon used to always exclude it though and for
> compatibility everyone followed this. At some point GtS decided to
> follow spec instead which caused interop issues, but succeeded in
> getting Mastodon (and others like *oma) to accept incoming requests
> with (and also still without) query params though outgoing requests
> remaing query-param-free. Some still only accept query-param-less
> requests though and GtS uses a retry mechanism to resend any request
> failing with 401 with an query-parama-less signature once. (Also
> see:
> https://docs.gotosocial.org/en/latest/federation/http_signatures/ )
>
> So for incoming requests both versions need to be checked. For
> outgoing requests, unless you want to jump through retry hoops like
> GtS, omitting query-params is the safer bet for now (presumably this
> will only change if Mastodon ever decides to send out requests
> signed with query params)
2025-04-21 16:44:13 +01:00
piuvas 6df82f4eef remove redundant sql query. 2025-04-20 23:21:50 -03:00
piuvas 46fa99fc28 requested changes to verifyFieldLinks
Co-authored-by: dakkar <dakkar@thenautilus.net>
2025-04-20 12:34:00 -03:00
piuvas 6a77512737 refactor link verification. 2025-04-19 23:04:48 -03:00
Marie 4f64803ef2 merge: make MOTD html unescaped. (requires discussion?) (!759)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/759

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
2025-04-15 07:45:51 +00:00
Zlendy ce26d8d3cb feat: Allow injection of raw HTML strings inside <head> 2025-04-11 22:56:26 +02:00
Hazelnoot 922a7ba1d4 track the number of concurrent requests to redis, and bypass if the request is guaranteed to reject 2025-03-29 09:47:05 -04:00
Hazelnoot 47ea8527fd fix wsmessage rate limit definition 2025-03-29 09:44:38 -04:00
Hazelnoot fafb811333 increase limits on WS note subscriptions and cached notes 2025-03-28 11:44:29 -04:00
Hazelnoot 86e34175d3 SkRateLimiterService revision 3: cache lockouts in memory to avoid redis calls 2025-03-28 11:43:30 -04:00
Hazelnoot c41d617e63 limit the number of active connections per client, and limit upgrade requests by user 2025-03-28 11:03:31 -04:00
Hazelnoot eff7321860 avoid duplicate channels in WS connection 2025-03-28 11:03:31 -04:00
Hazelnoot 14a7309cfb avoid leaking cached notes in WS connection 2025-03-28 11:03:31 -04:00
Hazelnoot 045ff5d2c0 make sure that note subscriptions can't stay above limit 2025-03-28 11:03:31 -04:00
Hazelnoot b8fd9d0bc0 clear subscriptions when connection closes 2025-03-28 11:03:31 -04:00
Hazelnoot 831329499d limit the number of note subscriptions per connection 2025-03-28 11:03:31 -04:00
Hazelnoot bf1c9b67d6 close websocket when rate limit exceeded 2025-03-28 11:03:31 -04:00
Hazelnoot 18655386f3 convert streaming rate limit to bucket 2025-03-28 11:03:31 -04:00
Hazelnoot 848a07a170 Ignore notifications that reference missing notes 2025-03-27 20:30:04 -04:00
Hazelnoot a92416904f use exclusive ranges in api/i/notifications and /api/v1/notifications 2025-03-27 20:20:42 -04:00
Hazelnoot 58cdee77d5 convert notification types in mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot 8a9979b3d3 don't render CW as HTML for mastodon 2025-03-27 19:51:43 -04:00
Hazelnoot ebc3abea54 hide sensitive content from Discord previews 2025-03-27 19:51:43 -04:00
Hazelnoot 36dee5ff20 render profile bios in masto API 2025-03-27 19:51:43 -04:00
Hazelnoot 81f7346f80 fixes to CW and quote conversion for mastodon 2025-03-27 19:51:43 -04:00
Hazelnoot 1fa290c3eb handle errors in mastodon search endpoints 2025-03-27 19:51:43 -04:00
Hazelnoot 971bc6fd3e improve mastodon API error handling 2025-03-27 19:51:43 -04:00
Hazelnoot a81a00e94d rename MastodonConverters.ts to matching naming scheme 2025-03-27 19:51:43 -04:00
Hazelnoot 4754942301 add additional required CORS headers for masto-api requests 2025-03-27 19:51:43 -04:00
Hazelnoot 984be9e7aa enable local timeline in Phanpy clients 2025-03-27 19:51:43 -04:00
Hazelnoot 3c54680860 support reactions in mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot fbdee815da remove unused async from toMastoApiHtml / fromMastoApiHtml 2025-03-27 19:51:43 -04:00
Hazelnoot 8d67a8c9ae don't log query parameters from mastodon API 2025-03-27 19:51:43 -04:00
Hazelnoot fc1d0c958c support Mastodon v4 "link header" pagination 2025-03-27 19:51:43 -04:00
Hazelnoot 3d8930f070 implement /api/v1/favourites 2025-03-27 19:51:43 -04:00
Hazelnoot cac8377e4e fix empty response from /api/v1/notifications 2025-03-27 19:51:43 -04:00
Hazelnoot 178fe16f68 fix empty response from /api/v1/blocks 2025-03-27 19:51:43 -04:00
Hazelnoot c69f7b87f0 fix empty response from /api/v1/mutes 2025-03-27 19:51:43 -04:00
Hazelnoot 2b03f51315 don't return httpStatusCode in mastodon errors 2025-03-27 19:51:43 -04:00
Hazelnoot f00a0fee45 minor fixes to /v1/accounts/verify_credentials 2025-03-27 19:51:42 -04:00
Hazelnoot de26ffd60b improve performance of /v1/accounts/relationships 2025-03-27 19:51:42 -04:00
Hazelnoot f5be341acc normalize mastodon API query parameters to strip [] suffix 2025-03-27 19:51:42 -04:00
Hazelnoot 8b0555cab8 fix /api/v1/instance response 2025-03-27 19:51:42 -04:00
Hazelnoot 4a1dd7165e normalize mastodon BAD_REQUEST errors 2025-03-27 19:51:42 -04:00
Hazelnoot 67e57ab50a fix several mastodon converters 2025-03-27 19:51:42 -04:00
Hazelnoot 75b6c63f44 remove unused megalodon components 2025-03-27 19:51:42 -04:00
Hazelnoot cb9079208a format mastodon API endpoints 2025-03-27 19:51:42 -04:00
Hazelnoot da25595ba3 de-duplicate mastodon API logging 2025-03-27 19:51:42 -04:00
Hazelnoot f61d71ac8c refactor mastodon API and preserve remote user agent for requests 2025-03-27 19:51:42 -04:00