Commit graph

8 commits

Author SHA1 Message Date
Kagami Sascha Rosylight
ad346b6f36
feat(backend/oauth): allow CORS for token endpoint (#12814)
* feat(backend/oauth): allow CORS for token endpoint

* no need to explicitly set origin to `*`

* Update CHANGELOG.md
2023-12-27 15:10:24 +09:00
Chocolate Pie
c96bc36fed
Merge pull request from GHSA-7pxq-6xx9-xpgm
* fix: fix improper authorization when accessing with third-party application

* refactor: refactor type definitions

* fix: get rid of unnecessary access limitation

* enhance: サードパーティアプリケーションがWebsocket APIを使えるように

* fix: add missing parentheses

* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"

This reverts commit 5150053275.

* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする

* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加

* enhance(test): Websocket APIに対するテストも追加

* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合

* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正

* enhance(backend): Websocketの接続に最低限必要な権限を変更

* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように

* fix(backend): エンドポイントにアクセスするために必要な権限を変更

* fix(frontend/locale): Add missing type declaration

* chore: update `misskey-js/src/autogen`

---------

Co-authored-by: tamaina <tamaina@hotmail.co.jp>
2023-12-27 15:08:59 +09:00
syuilo
1fa1d31696 perf(backend): createdAtをidから取得するように & 無駄なDateインスタンスの生成を避けるように 2023-10-16 10:45:22 +09:00
syuilo
053da10e94 refactor(backend): update directory structure for models 2023-09-20 11:33:36 +09:00
syuilo
6cf466e5d1
update deps (#11820)
* update deps

* fix

* wip

* wip

* wip

* Update docker-compose.yml.example

* Delete reviewer-lottery.yml

* Update RepositoryModule.ts

* wip

* wip

* clean up

* update deps

* wip

* wip
2023-09-15 14:28:29 +09:00
syuilo
792622aead
refactor: prefix Mi for all entities (#11719)
* wip

* wip

* wip

* wip

* Update RepositoryModule.ts

* wip

* wip

* wip

* Revert "wip"

This reverts commit c1c13b37d2aaf3c65bc148212da302b0eb7868bf.
2023-08-16 17:51:28 +09:00
syuilo
ab3cd7b837 chore: add missing license identifier 2023-07-28 14:02:58 +09:00
Kagami Sascha Rosylight
eb7b5f905a
feat(backend): support OAuth 2.0 authorization (#11053)
* feat(backend): support OAuth 2.0 authorization

* secureRndstr fix

* nanndekowareta

* nanndekowareta2

* nanndekowareta3

* unref?

* refactor to not close fastify

* use microformats-parser

* Update OAuth2ProviderService.ts

* clarify the reason behind dns lookup

* refactor(backend): use @types/oauth2orize-pkce (#11350)

* refactor(backend): use @types/oauth2orize-pkce

* Update package.json

* Update pnpm-lock.yaml

---------

Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>

---------

Co-authored-by: mtgto <hogerappa@gmail.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
2023-07-27 18:51:58 +09:00