diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index c200db47..3a476fd2 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,5 +1,5 @@ # Bun doesn't run well on Musl but this seems to work -FROM oven/bun:1.2.5-alpine as base +FROM oven/bun:1.2.7-alpine as base # Switch to Bash by editing /etc/passwd RUN apk add --no-cache libstdc++ git bash curl openssh cloc && \ diff --git a/CHANGELOG.md b/CHANGELOG.md index 25e2bf69..ab64b1e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,33 +10,33 @@ Please see [Database Changes](#database-changes) and [New Configuration](#new-co ### Federation -- [x] 🦄 Updated to [`Versia 0.5`](https://versia.pub/changelog). -- [x] 📦 Added support for new Versia features: - - [x] [**Instance Messaging Extension**](https://versia.pub/extensions/instance-messaging) - - [x] [**Shared Inboxes**](https://versia.pub/federation#inboxes) -- [x] 🔗 Changed entity URIs to be more readable (`example.org/objects/:id` → `example.org/{notes,likes,...}/:id`) +- [x] 🦄 Updated to [`Versia 0.5`](https://versia.pub/changelog). +- [x] 📦 Added support for new Versia features: + - [x] [**Instance Messaging Extension**](https://versia.pub/extensions/instance-messaging) + - [x] [**Shared Inboxes**](https://versia.pub/federation#inboxes) +- [x] 🔗 Changed entity URIs to be more readable (`example.org/objects/:id` → `example.org/{notes,likes,...}/:id`) ### API -- [x] 📲 Added [Push Notifications](https://docs.joinmastodon.org/methods/push) support. -- [x] 📖 Overhauled OpenAPI schemas to match [Mastodon API docs](https://docs.joinmastodon.org) -- [x] 👷 Improved [**Roles API**](https://server.versia.pub/api/roles) to allow for full role control (create, update, delete, assign). -- [x] ✏️ `
` and `` tags are now allowed in Markdown. +- [x] 📲 Added [Push Notifications](https://docs.joinmastodon.org/methods/push) support. +- [x] 📖 Overhauled OpenAPI schemas to match [Mastodon API docs](https://docs.joinmastodon.org) +- [x] 👷 Improved [**Roles API**](https://server.versia.pub/api/roles) to allow for full role control (create, update, delete, assign). +- [x] ✏️ `
` and `` tags are now allowed in Markdown. ### CLI -- [x] ⌨️ New commands! - - [x] ✨️ `cli user token` to generate API tokens. - - [x] ✨️ `cli notes recalculate` to recalculate note attributes (such as emojis). Useful after deleting and reuploading emojis with the same name. +- [x] ⌨️ New commands! + - [x] ✨️ `cli user token` to generate API tokens. + - [x] ✨️ `cli notes recalculate` to recalculate note attributes (such as emojis). Useful after deleting and reuploading emojis with the same name. ### Backend -- [x] 🚀 Upgraded Bun to `1.2.5` -- [x] 🖼️ Simplified media pipeline: this will improve S3 performance - - [ ] 📈 It is now possible to disable media proxying for your CDN (offloading considerable bandwidth to your more optimized CDN). -- [x] 👷 Outbound federation, inbox processing, data fetching and media processing are now handled by a queue system. - - [x] 🌐 An administration panel is available at `/admin/queues` to monitor and manage queues. -- [x] 🔥 Removed support for **from-source** installations, as Versia Server is designed around containerization and maintaining support was a large burden. +- [x] 🚀 Upgraded Bun to `1.2.7` +- [x] 🖼️ Simplified media pipeline: this will improve S3 performance + - [ ] 📈 It is now possible to disable media proxying for your CDN (offloading considerable bandwidth to your more optimized CDN). +- [x] 👷 Outbound federation, inbox processing, data fetching and media processing are now handled by a queue system. + - [x] 🌐 An administration panel is available at `/admin/queues` to monitor and manage queues. +- [x] 🔥 Removed support for **from-source** installations, as Versia Server is designed around containerization and maintaining support was a large burden. ## New Configuration @@ -46,16 +46,16 @@ Configuration parsing and validation has been overhauled. Unfortunately, this me Various media-related attributes have been merged into a single `Medias` table. This will require a migration in order to preserve the old data. -Since very few instances are running `0.7.0`, we have decided to "rawdog it" instead of making a proper migration script (as that would take a ton of *unpaid* time). +Since very few instances are running `0.7.0`, we have decided to "rawdog it" instead of making a proper migration script (as that would take a ton of _unpaid_ time). In the case that you've been running secret instances in the shadows, let us know and we'll help you out. ## Bug Fixes -- 🐛 All URIs in custom Markdown text are now correctly proxied. -- 🐛 Fixed several issues with the [ActivityPub Federation Bridge](https://github.com/versia-pub/activitypub) preventing it from operating properly. -- 🐛 Fixed incorrect content-type on some media when using S3. -- 🐛 All media content-type is now correctly fetched, instead of guessed from the file extension as before. +- 🐛 All URIs in custom Markdown text are now correctly proxied. +- 🐛 Fixed several issues with the [ActivityPub Federation Bridge](https://github.com/versia-pub/activitypub) preventing it from operating properly. +- 🐛 Fixed incorrect content-type on some media when using S3. +- 🐛 All media content-type is now correctly fetched, instead of guessed from the file extension as before. # `0.7.0` • The Auth and APIs Update @@ -68,32 +68,32 @@ Versia Server `0.7.0` is backwards compatible with `0.6.0`. However, some new fe ## Features -- Upgraded Bun to `1.1.34`. This brings performance upgrades and better stability. -- Added support for the [ActivityPub Federation Bridge](https://github.com/versia-pub/activitypub). -- Added support for the [Sonic](https://github.com/valeriansaliou/sonic) search indexer. -- Note deletions are now federated. -- Note edits are now federated. -- Added support for [Sentry](https://sentry.io). -- Added option for more federation debug logging. -- Added [**Roles API**](https://server.versia.pub/api/roles). -- Added [**Permissions API**](https://server.versia.pub/api/roles) and enabled it for every route. -- Added [**TOS and Privacy Policy**](https://server.versia.pub/api/mastodon) endpoints. -- Added [**Challenge API**](https://server.versia.pub/api/challenges). (basically CAPTCHAS). This can be enabled/disabled by administrators. No `versia-fe` support yet. -- Added ability to refetch user data from remote instances. -- Added ability to change the `username` of a user. ([Mastodon API extension](https://server.versia.pub/api/mastodon#api-v1-accounts-update-credentials)). -- Added an endpoint to get a user by its username. -- Add OpenID Connect registration support. Admins can now disable username/password registration entirely and still allow users to sign up via OpenID Connect. -- Add option to never convert vector images to a raster format. -- Refactor logging system to be more robust and easier to use. Log files are now automatically rotated. -- Add support for HTTP proxies. -- Add support for serving Versia over a Tor hidden service. -- Add global server error handler, to properly return 500 error messages to clients. -- Sign all federation HTTP requests. -- Add JSON schema for configuration file. -- Rewrite federation stack -- Updated federation to Versia 0.4 -- Implement OAuth2 token revocation -- Add new **Plugin API** +- Upgraded Bun to `1.1.34`. This brings performance upgrades and better stability. +- Added support for the [ActivityPub Federation Bridge](https://github.com/versia-pub/activitypub). +- Added support for the [Sonic](https://github.com/valeriansaliou/sonic) search indexer. +- Note deletions are now federated. +- Note edits are now federated. +- Added support for [Sentry](https://sentry.io). +- Added option for more federation debug logging. +- Added [**Roles API**](https://server.versia.pub/api/roles). +- Added [**Permissions API**](https://server.versia.pub/api/roles) and enabled it for every route. +- Added [**TOS and Privacy Policy**](https://server.versia.pub/api/mastodon) endpoints. +- Added [**Challenge API**](https://server.versia.pub/api/challenges). (basically CAPTCHAS). This can be enabled/disabled by administrators. No `versia-fe` support yet. +- Added ability to refetch user data from remote instances. +- Added ability to change the `username` of a user. ([Mastodon API extension](https://server.versia.pub/api/mastodon#api-v1-accounts-update-credentials)). +- Added an endpoint to get a user by its username. +- Add OpenID Connect registration support. Admins can now disable username/password registration entirely and still allow users to sign up via OpenID Connect. +- Add option to never convert vector images to a raster format. +- Refactor logging system to be more robust and easier to use. Log files are now automatically rotated. +- Add support for HTTP proxies. +- Add support for serving Versia over a Tor hidden service. +- Add global server error handler, to properly return 500 error messages to clients. +- Sign all federation HTTP requests. +- Add JSON schema for configuration file. +- Rewrite federation stack +- Updated federation to Versia 0.4 +- Implement OAuth2 token revocation +- Add new **Plugin API** ## Plugin System @@ -105,50 +105,50 @@ A new plugin system for extending Versia Server has been added in this release! Plugins using this framework support: -- [x] Plugin hotswapping and hotreloading -- [x] Manifest files (JSON, JSON5, JSONC supported) with metadata (JSON schema provided) -- [x] Installation by dropping a folder into the plugins/ directory -- [x] Support for plugins having their own NPM dependencies -- [x] Support for storing plugins' configuration in the main config.toml (single source of truth) -- [x] Schema-based strict config validation (plugins can specify their own schemas) -- [x] Full type-safety -- [x] Custom hooks -- [x] FFI compatibility (with `bun:ffi` or Node's FFI) -- [x] Custom API route registration or overriding or middlewaring -- [x] Automatic OpenAPI schema generation for all installed plugins -- [x] End-to-end and unit testing supported -- [x] Automatic user input validation for API routes with schemas (specify a schema for the route and the server will take care of validating everything) -- [x] Access to internal database abstractions -- [x] Support for sending raw SQL to database (type-safe!) -- [x] Plugin autoload on startup with override controls (enable/disable) +- [x] Plugin hotswapping and hotreloading +- [x] Manifest files (JSON, JSON5, JSONC supported) with metadata (JSON schema provided) +- [x] Installation by dropping a folder into the plugins/ directory +- [x] Support for plugins having their own NPM dependencies +- [x] Support for storing plugins' configuration in the main config.toml (single source of truth) +- [x] Schema-based strict config validation (plugins can specify their own schemas) +- [x] Full type-safety +- [x] Custom hooks +- [x] FFI compatibility (with `bun:ffi` or Node's FFI) +- [x] Custom API route registration or overriding or middlewaring +- [x] Automatic OpenAPI schema generation for all installed plugins +- [x] End-to-end and unit testing supported +- [x] Automatic user input validation for API routes with schemas (specify a schema for the route and the server will take care of validating everything) +- [x] Access to internal database abstractions +- [x] Support for sending raw SQL to database (type-safe!) +- [x] Plugin autoload on startup with override controls (enable/disable) As a demonstration of the power of this system and an effort to modularize the codebase further, OpenID functionality has been moved to a plugin. This plugin is required for login. ## Bug Fixes -- Fix favouriting/unfavouriting sometimes returning negative counts. -- Non-images will now properly be uploaded to object storage. -- Make account searches case-insensitive -- Fix image decoding error when passing media through proxy. -- OpenID Connect now correctly remembers and passes `state` parameter. -- OpenID Connect will not reject some correct but weird redirect URIs. -- Markdown posts will not have invisible anchor tags anymore (this messed up accessibility). -- Reverse proxies incorrectly reporting an HTTPS request as HTTP will now be handled correctly during OpenID Connect flows. -- API Relationships will now correctly return `requested_by`. -- Make process wait for Ctrl+C to exit on error, instead of exiting immediately. This fixes some issues with Docker restarting endlessly. -- Animated media will now stay animated when uploaded. -- Some instance metadata will no longer be missing from `/api/v2/instabnce` endpoint. In fact, it will now be more complete than Mastodon's implementation. -- The Origin HTTP header will no longer be used to determine the origin of a request. This was a security issue. -- New notes will no longer incorrectly be federated to *all* remote users at once. -- Fix [Elk Client](https://elk.zone/) not being able to log in. +- Fix favouriting/unfavouriting sometimes returning negative counts. +- Non-images will now properly be uploaded to object storage. +- Make account searches case-insensitive +- Fix image decoding error when passing media through proxy. +- OpenID Connect now correctly remembers and passes `state` parameter. +- OpenID Connect will not reject some correct but weird redirect URIs. +- Markdown posts will not have invisible anchor tags anymore (this messed up accessibility). +- Reverse proxies incorrectly reporting an HTTPS request as HTTP will now be handled correctly during OpenID Connect flows. +- API Relationships will now correctly return `requested_by`. +- Make process wait for Ctrl+C to exit on error, instead of exiting immediately. This fixes some issues with Docker restarting endlessly. +- Animated media will now stay animated when uploaded. +- Some instance metadata will no longer be missing from `/api/v2/instabnce` endpoint. In fact, it will now be more complete than Mastodon's implementation. +- The Origin HTTP header will no longer be used to determine the origin of a request. This was a security issue. +- New notes will no longer incorrectly be federated to _all_ remote users at once. +- Fix [Elk Client](https://elk.zone/) not being able to log in. ## Removals -- Remove old logging system, to be replaced by a new one. -- Removed Meilisearch support, in favor of Sonic. Follow instructions in the [installation guide](https://server.versia.pub/setup/installation) to set up Sonic. -- Removed explicit Glitch-FE support. Glitch-FE will still work, but must be hosted separately like any other frontend. +- Remove old logging system, to be replaced by a new one. +- Removed Meilisearch support, in favor of Sonic. Follow instructions in the [installation guide](https://server.versia.pub/setup/installation) to set up Sonic. +- Removed explicit Glitch-FE support. Glitch-FE will still work, but must be hosted separately like any other frontend. ## Miscellaneous -- Remove Node.js from Docker build. -- Update all dependencies. +- Remove Node.js from Docker build. +- Update all dependencies. diff --git a/Dockerfile b/Dockerfile index b700eca8..ffd28db2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,7 +26,7 @@ RUN bun run build WORKDIR /temp/dist # Copy production dependencies and source code into final image -FROM oven/bun:1.2.5-alpine +FROM oven/bun:1.2.7-alpine # Install libstdc++ for Bun and create app directory RUN apk add --no-cache libstdc++ && \ diff --git a/Worker.Dockerfile b/Worker.Dockerfile index 45b232a3..14f3a5a8 100644 --- a/Worker.Dockerfile +++ b/Worker.Dockerfile @@ -26,7 +26,7 @@ RUN bun run build:worker WORKDIR /temp/dist # Copy production dependencies and source code into final image -FROM oven/bun:1.2.5-alpine +FROM oven/bun:1.2.7-alpine # Install libstdc++ for Bun and create app directory RUN apk add --no-cache libstdc++ && \ diff --git a/bun.lock b/bun.lock index 19857d03..acef8323 100644 --- a/bun.lock +++ b/bun.lock @@ -4,82 +4,82 @@ "": { "name": "versia-server", "dependencies": { - "@bull-board/api": "latest", - "@bull-board/hono": "latest", - "@clerc/plugin-completions": "latest", - "@clerc/plugin-friendly-error": "latest", - "@clerc/plugin-help": "latest", - "@clerc/plugin-not-found": "latest", - "@clerc/plugin-version": "latest", - "@hackmd/markdown-it-task-lists": "latest", - "@hono/prometheus": "latest", - "@hono/zod-openapi": "latest", - "@hono/zod-validator": "latest", - "@inquirer/confirm": "latest", - "@logtape/file": "latest", - "@logtape/logtape": "latest", - "@scalar/hono-api-reference": "latest", - "@sentry/bun": "latest", + "@bull-board/api": "^6.7.10", + "@bull-board/hono": "^6.7.10", + "@clerc/plugin-completions": "^0.44.0", + "@clerc/plugin-friendly-error": "^0.44.0", + "@clerc/plugin-help": "^0.44.0", + "@clerc/plugin-not-found": "^0.44.0", + "@clerc/plugin-version": "^0.44.0", + "@hackmd/markdown-it-task-lists": "^2.1.4", + "@hono/prometheus": "^1.0.1", + "@hono/zod-openapi": "0.19.2", + "@hono/zod-validator": "^0.4.3", + "@inquirer/confirm": "^5.1.8", + "@logtape/file": "^0.9.0", + "@logtape/logtape": "^0.9.0", + "@scalar/hono-api-reference": "^0.7.3", + "@sentry/bun": "^9.9.0", "@versia/client": "workspace:*", - "@versia/federation": "latest", + "@versia/federation": "^0.2.1", "@versia/kit": "workspace:*", - "altcha-lib": "latest", - "blurhash": "latest", - "bullmq": "latest", - "c12": "latest", - "chalk": "latest", - "clerc": "latest", - "confbox": "latest", - "drizzle-orm": "latest", - "hono": "latest", - "html-to-text": "latest", - "ioredis": "latest", - "ip-matching": "latest", - "iso-639-1": "latest", - "jose": "latest", - "linkify-html": "latest", - "linkify-string": "latest", - "linkifyjs": "latest", - "magic-regexp": "latest", - "markdown-it": "latest", - "markdown-it-anchor": "latest", - "markdown-it-container": "latest", - "markdown-it-toc-done-right": "latest", - "mime-types": "latest", - "mitata": "latest", - "oauth4webapi": "latest", - "ora": "latest", - "pg": "latest", - "qs": "latest", - "sharp": "latest", - "sonic-channel": "latest", - "string-comparison": "latest", - "stringify-entities": "latest", - "uqr": "latest", - "web-push": "latest", - "xss": "latest", - "zod": "latest", - "zod-validation-error": "latest", + "altcha-lib": "^1.2.0", + "blurhash": "^2.0.5", + "bullmq": "^5.44.4", + "c12": "^3.0.2", + "chalk": "^5.4.1", + "clerc": "^0.44.0", + "confbox": "^0.2.1", + "drizzle-orm": "^0.41.0", + "hono": "^4.7.5", + "html-to-text": "^9.0.5", + "ioredis": "^5.6.0", + "ip-matching": "^2.1.2", + "iso-639-1": "^3.1.5", + "jose": "^6.0.10", + "linkify-html": "^4.2.0", + "linkify-string": "^4.2.0", + "linkifyjs": "^4.2.0", + "magic-regexp": "^0.8.0", + "markdown-it": "^14.1.0", + "markdown-it-anchor": "^9.2.0", + "markdown-it-container": "^4.0.0", + "markdown-it-toc-done-right": "^4.2.0", + "mime-types": "^3.0.1", + "mitata": "^1.0.34", + "oauth4webapi": "^3.3.1", + "ora": "^8.2.0", + "pg": "^8.14.1", + "qs": "^6.14.0", + "sharp": "^0.33.5", + "sonic-channel": "^1.3.1", + "string-comparison": "^1.3.0", + "stringify-entities": "^4.0.4", + "uqr": "^0.1.2", + "web-push": "^3.6.7", + "xss": "^1.0.15", + "zod": "^3.24.2", + "zod-validation-error": "^3.4.0", }, "devDependencies": { - "@biomejs/biome": "latest", - "@types/bun": "latest", - "@types/html-to-text": "latest", - "@types/markdown-it-container": "latest", - "@types/mime-types": "latest", - "@types/pg": "latest", - "@types/qs": "latest", - "@types/web-push": "latest", - "drizzle-kit": "latest", - "markdown-it-image-figures": "latest", - "markdown-it-mathjax3": "latest", - "ts-prune": "latest", - "typescript": "latest", - "vitepress": "latest", - "vitepress-plugin-tabs": "latest", - "vitepress-sidebar": "latest", - "vue": "latest", - "zod-to-json-schema": "latest", + "@biomejs/biome": "^1.9.4", + "@types/bun": "^1.2.7", + "@types/html-to-text": "^9.0.4", + "@types/markdown-it-container": "^2.0.10", + "@types/mime-types": "^2.1.4", + "@types/pg": "^8.11.11", + "@types/qs": "^6.9.18", + "@types/web-push": "^3.6.4", + "drizzle-kit": "^0.30.6", + "markdown-it-image-figures": "^2.1.1", + "markdown-it-mathjax3": "^4.3.2", + "ts-prune": "^0.10.3", + "typescript": "^5.8.2", + "vitepress": "^1.6.3", + "vitepress-plugin-tabs": "^0.6.0", + "vitepress-sidebar": "^1.31.1", + "vue": "^3.5.13", + "zod-to-json-schema": "^3.24.5", }, "peerDependencies": { "typescript": "^5.7.2",