935 Commits

Author	SHA1	Message	Date
Barış Uşaklı	62d88555ae	feat: eslint10 (#13967) ... * feat: eslint10 * lint: no-useless-assignment	2026-02-10 12:39:11 -05:00
Barış Soner Uşaklı	07d1f22401	refactor: get rid of global.env, use process.env.NODE_ENV	2026-01-21 20:14:15 -05:00
Julian Lam	560ad81f32	feat: remote account banning, #13904	2026-01-19 14:42:13 -05:00
Shlomo	5ae8d553ed	fix: disallow inline viewing of unsafe files (#13833)	2025-12-15 13:16:38 -05:00
Barış Soner Uşaklı	50951d5db5	Merge branch 'master' into develop	2025-11-13 12:25:24 -05:00
Julian Lam	5d9da6035e	fix: log out user if session cookie resolves to non-existent uid	2025-11-10 11:55:19 -05:00
Julian Lam	2066727f3e	fix: renderOverride to not clobber url if already set in template data	2025-11-05 13:43:04 -05:00
Barış Soner Uşaklı	008e1ae4e4	lint: fix lint	2025-10-24 11:27:43 -04:00
Barış Soner Uşaklı	9410f466d8	fix: closes #13729, fix filename encoding	2025-10-24 11:04:29 -04:00
Julian Lam	be9212b59f	fix: update activitypubFilterList logic so that it is also checked on resolveInbox and ActivityPub.get methods, updated instances.isAllowed to no longer return a promise	2025-09-19 10:56:35 -04:00
Julian Lam	559155da63	refactor: notes.assert to add finally block, update assertPayload to update instances:lastSeen via method instead of direct db call	2025-09-19 10:34:57 -04:00
Barış Soner Uşaklı	56fad0be0d	fix: check brand:touchIcon for correct path	2025-09-12 19:19:52 -04:00
Barış Soner Uşaklı	9bdf24f08b	fix: catch exceptions in assertPayload, closes #13611	2025-08-21 21:25:14 -04:00
Barış Soner Uşaklı	e1423636a5	feat: closes #13578, increase uniquevisitors ... on ap pageviews like normal pageviews	2025-08-05 10:46:10 -04:00
Barış Soner Uşaklı	54fae3b12b	set max on upload rate limit	2025-07-20 13:38:31 -04:00
Barış Soner Uşaklı	3f520c33ef	fix: add missing cache name	2025-07-18 21:35:08 -04:00
Barış Soner Uşaklı	a08551a5e1	refactor: add names to caches, add max to request cache	2025-07-16 17:42:23 -04:00
Barış Soner Uşaklı	559a2d233d	feat: add ap pageviews analytics	2025-07-11 15:09:55 -04:00
Barış Soner Uşaklı	8d16367ad4	Merge branch 'master' into develop	2025-05-30 11:02:56 -04:00
Barış Soner Uşaklı	390f642850	fix: browser title translation	2025-05-30 11:00:08 -04:00
Barış Uşaklı	385f4f12be	replace connect-multiparty with Multer (#13439) ... * post upload route * more multer changes keep name and type fields in file objects so we dont break all plugins using these * remove log * fix: thumbs delete * test: add array check	2025-05-20 10:45:56 -04:00
Barış Soner Uşaklı	f88f99b7a2	Merge branch 'master' into develop	2025-05-12 10:29:45 -04:00
Barış Soner Uşaklı	dfa213298b	refactor: call verify if request is POST	2025-05-12 10:28:26 -04:00
Julian Lam	15b6a2c117	chore: remove unused require	2025-05-06 13:38:42 -04:00
Julian Lam	9d8061eab9	breaking: removal of filter:router.page	2025-05-06 13:38:42 -04:00
Barış Soner Uşaklı	537a742898	fix: closes #13360, catch error in buildAccountData middleware	2025-04-29 10:28:18 -04:00
Barış Soner Uşaklı	f1d1d0820a	fix: closes #13289, id can be null	2025-04-29 10:28:18 -04:00
Julian Lam	6dee3e56e6	fix: key ownership cross-check to also work with remote categories, #13255	2025-04-29 10:28:18 -04:00
Barış Soner Uşaklı	389bc062e3	feat: body-parser-2.x test (#13278) ... * feat: body-parser-2.x test * fix req.body	2025-03-27 11:29:37 -04:00
Julian Lam	95f2c4edb5	feat: support remote "Video" type objects in note assertion, #13120 ... - handle array attributedTo (plus per-object actor assertion instead of batched) - explicit "Video" type handling to automatically save URL as post attachment - handle array url property	2025-02-26 13:55:39 -05:00
Julian Lam	e63f1234a7	fix: typo	2025-02-20 12:50:05 -05:00
Julian Lam	93f48409c5	fix: #13136, do not log 404s for AP requests	2025-02-20 12:24:17 -05:00
Barış Soner Uşaklı	6073a25bb5	fix: closes #13056, guard against undefined keyid,compare	2025-01-15 17:19:27 -05:00
Julian Lam	0ad8ed9d4e	fix: #13014, possible fix for peertube incompatibility: strip hash value from key IDs during check	2024-12-30 17:06:08 -05:00
Barış Soner Uşaklı	7585517a28	Merge branch 'master' into develop	2024-12-25 17:08:59 -05:00
Barış Soner Uşaklı	e4dd697ae8	refactor: get rid of RegExp	2024-12-25 17:08:45 -05:00
Barış Soner Uşaklı	9190721865	Merge branch 'master' into develop	2024-12-25 09:03:53 -05:00
Barış Soner Uşaklı	25655d5a5f	fix: #13011, catch errors	2024-12-25 09:03:47 -05:00
Julian Lam	2ab72ada3f	Merge remote-tracking branch 'origin/develop' into activitypub	2024-12-11 10:12:33 -05:00
Barış Soner Uşaklı	fe811537e9	refactor: remove "password" in comments	2024-12-09 14:40:49 -05:00
Julian Lam	fc3243d617	fix: #12865, crash on liking a chat message	2024-10-25 12:11:48 -04:00
Julian Lam	13c048a515	feat: normalization middleware to ensure incoming objects' data types are as expected (simplifies later logic)	2024-10-17 13:45:56 -04:00
Julian Lam	b472c58946	fix: backend logic fixes for #12853	2024-10-16 15:22:49 -04:00
Julian Lam	a226ee9e91	fix: re-enable logging only for dev mode	2024-10-12 22:49:24 -04:00
Julian Lam	8ef0df57e6	refactor: check HTTP signatures on all activitypub requests ... - `validate` is now renamed `assertPayload` - HTTP signature checking is now in new middleware `verify` - `verify` is now called on all routes in activitypub controller - Rejects on signature failure for POST requests	2024-10-07 14:08:57 -04:00
Julian Lam	2b71434ef4	feat: update mdidleware.assert.message so roomId is optional	2024-10-07 14:02:15 -04:00
Julian Lam	d42d3b1c39	fix: crash when AP S2S call made to retrieve a remote user account (not allowed); now returning 404	2024-09-10 11:37:56 -04:00
Julian Lam	7e23e192d8	chore: restore activity history check in AP inbox middleware now that NodeBB sends unique IDs with applicable activities	2024-07-04 14:59:10 -04:00
Barış Soner Uşaklı	6b33faac54	Merge branch 'develop' into activitypub	2024-06-27 10:40:14 -04:00
Barış Soner Uşaklı	61e5293a76	test: dont track session for api/v3 (#12660) ... since they get destroyed when the request ends	2024-06-27 10:26:06 -04:00