kaslo/pawkey-sk
1
0
Fork 0
Code Packages Activity
28,826 Commits 1 Branch 0 Tags
fc4599ec07bb8def91fedf5afa9bb469bb54362a
Commit Graph

1589 Commits

Author SHA1 Message Date
Hazelnoot fc4599ec07 fix rate limit scaling (it's no longer inverted) 2024-12-08 12:02:58 -05:00
Hazelnoot 91c9b67cb0 bypass rate limits when factor is 0 2024-12-08 11:58:57 -05:00
Hazelnoot 6fa0f2230e increase rate limit for /api/endpoint based on real-world testing 2024-12-08 11:56:48 -05:00
Hazelnoot 7c002ce56e move all Rate Limit type defs to rate-limit-utils.ts 2024-12-08 11:33:57 -05:00
Hazelnoot 8b091f77ca check for invalid rate limit inputs 2024-12-08 09:46:49 -05:00
Hazelnoot a7a1edc92e fix NaN from extremely high rate limits 2024-12-08 09:22:38 -05:00
Hazelnoot 2781f53d6b support fractional rate limit scaling 2024-12-08 08:32:05 -05:00
Hazelnoot afb026ebea fix import order in SigninWithPasskeyApiService 2024-12-08 07:49:06 -05:00
Hazelnoot fc5399a67d revert un-needed changes to RateLimiterService 2024-12-08 07:47:52 -05:00
Hazelnoot f6b256620b separate SkRateLimiterService from RateLimiterService and update all usages 2024-12-07 13:13:19 -05:00
Hazelnoot 29c3beaa62 respect rate limit factor in FileServerService 2024-12-07 12:18:42 -05:00
Hazelnoot 32635ecc25 fix rate limit storage in redis 2024-12-07 12:15:38 -05:00
Hazelnoot 8239ce4282 fix incorrect X-RateLimit-Remaining header 2024-12-07 12:14:42 -05:00
Hazelnoot 7698db88e5 fix DI in SkRateLimiterService 2024-12-07 12:14:25 -05:00
Hazelnoot ffc2737478 implement SkRateLimiterService with Leaky Bucket rate limiting 2024-12-07 10:22:49 -05:00
Ada 6a4ed3a3ea Fix Content-Length resetting for partial content length requests 2024-12-04 19:59:30 +00:00
Julia 52976588a7 merge: Bump develop version (!789) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/789
 2024-11-28 06:15:32 +00:00
dakkar 9309872cff simpler check for "property present" 2024-11-27 21:25:54 +00:00
dakkar 3ea85b14a3 silence linter 
those objects always have the normal prototype, and can't have
`hasOwnProperty` redefined, let me call it normally

(otherwise I'd have to write
`Object.prototype.hasOwnProperty.call(newUser, field)` and that's
ugly)
 2024-11-27 21:01:12 +00:00
dakkar 3164e7b4fc merge: only "publish to followers" when things really change - fixes #733 (!781) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/781

Closes #733

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
 2024-11-27 20:41:37 +00:00
Marie 531a003a2a merge: embed video thumbnail (!782) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/782

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
 2024-11-27 19:20:54 +00:00
dakkar 1626e50fbf expose video thumbnail to 3rd parties "cards" 2024-11-27 11:23:32 +00:00
dakkar fc277839b6 only "publish to followers" when things really change - fixes #733 2024-11-27 10:36:19 +00:00
dakkar 57b31366e5 fix XRD+XML serialisation of Alias 2024-11-27 10:06:21 +00:00
dakkar 1ec5e846c5 merge: Add aliases to webfinger request. (!778) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/778

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-11-27 09:29:33 +00:00
piuvas f1168f0165 add profile link to aliases 2024-11-26 20:31:20 -03:00
Hazelnoot a47590e64c add shared (cross-resource) rate limit for proxy 2024-11-25 13:03:51 -05:00
dakkar a51fef29c0 remove minInterval from FileServerService 
when showing a reply, browser will request the replied-to avatar twice
at the same time, and get confused if one of the requests is refused

something similar seems to happen with videos and their previews
 2024-11-22 23:25:07 +00:00
dakkar 8e07eb7f44 remove duplicate limit 
the `users/lists/push` endpoint already has a limit, of 30/hour
 2024-11-22 23:14:37 +00:00
dakkar caaa78d98d merge: Add default rate limit (!768) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/768

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Tess K <me@thvxl.se>
Approved-by: Marie <github@yuugi.dev>
 2024-11-22 23:03:34 +00:00
Hazelnoot dbab122a99 fix typo "to many requests" 2024-11-22 15:26:55 -05:00
Hazelnoot e3b826db5a add rate limits to all public endpoints 2024-11-22 15:19:24 -05:00
Hazelnoot 6b54405003 add default / fallback rate limit 2024-11-22 13:53:41 -05:00
Hazelnoot 2a4c432f41 don't generate URL previews for blocked domains 2024-11-20 22:25:49 -05:00
Hazelnoot 4c6cec552e verify that preview URL is valid 2024-11-20 22:25:49 -05:00
Hazelnoot c48faca707 fix lint errors in UrlPreviewService 2024-11-20 22:25:49 -05:00
Julia 41536480ce merge: Bump develop version (!766) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/766
 2024-11-21 02:58:28 +00:00
Hazelnoot b0834ebf55 prevent DoS from spammed media proxy requests 2024-11-20 19:37:38 -05:00
Julia Johannesen 8e90484b3e Bump version 2024-11-20 19:21:57 -05:00
rectcoordsystem 776f6fd1f5 fix(backend): allow fetchSummaryFromProxy, trueMail to access local addresses 2024-11-20 19:17:25 -05:00
Julia Johannesen cbf8cc376e fix: primitive 18: ap/get bypasses access checks 
One might argue that we could make this one actually preform access
checks against the returned activity object, but I feel like that's a
lot more work than just restricting it to administrators, since, to me
at least, it seems more like a debugging tool than anything else.
 2024-11-20 19:17:25 -05:00
Julia Johannesen c04f344049 fix: primitive 13: check attribution against actor in notes 2024-11-20 19:17:25 -05:00
Laura Hausmann 9ab25ede28 fix: primitives 9, 10 & 11: http signature validation doesn't enforce required headers or specify auth header name 2024-11-20 19:17:24 -05:00
Julia Johannesen fb54546573 Fix linter error in emojis endpoint 2024-11-20 01:17:24 -05:00
Julia 9e0b759197 merge: Bump develop version (!757) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/757
 2024-11-20 05:56:55 +00:00
Hazelnoot d150e92f41 prevent DoS from spammed media proxy requests 2024-11-19 23:31:59 -05:00
dakkar 482538c7f8 merge: make emoji categories and names case insensitive. (!746) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/746

Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: dakkar <dakkar@thenautilus.net>
 2024-11-17 13:22:39 +00:00
Hazelnoot da2dfee0a8 merge: Remove check to prevent admin reporting (Fixes #757) (!727) 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/727

Closes #757

Approved-by: Julia <julia@insertdomain.name>
Approved-by: Marie <github@yuugi.dev>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
 2024-11-17 00:39:08 +00:00
piuvas eaad96aae3 edit query 2024-11-15 13:40:53 -03:00
Caramel 03559156b9 Improve performance of notes/following API 2024-11-09 00:32:03 +01:00