versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2025-12-06 08:28:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: versia-pub:9eac364e0173e68986e2299945f8506244d6fb45
Branches Tags
versia-pub:main
versia-pub:staging
versia-pub:release
versia-pub:v0.8.0
versia-pub:v0.8.0-rc.0
versia-pub:v0.7.0
versia-pub:v0.7.0-rc.0
versia-pub:v0.6.0
versia-pub:v0.5.1
versia-pub:v0.5.0
versia-pub:v0.4.1
versia-pub:v0.4.0
versia-pub:v0.3.0
versia-pub:v0.2.0
versia-pub:v0.1.2
versia-pub:v0.1.1
versia-pub:v0.1.0
..
compare: versia-pub:1fba91f77281ebd4d24f28b5d135c3a29654157d
Branches Tags
versia-pub:main
versia-pub:staging
versia-pub:release
versia-pub:v0.8.0
versia-pub:v0.8.0-rc.0
versia-pub:v0.7.0
versia-pub:v0.7.0-rc.0
versia-pub:v0.6.0
versia-pub:v0.5.1
versia-pub:v0.5.0
versia-pub:v0.4.1
versia-pub:v0.4.0
versia-pub:v0.3.0
versia-pub:v0.2.0
versia-pub:v0.1.2
versia-pub:v0.1.1
versia-pub:v0.1.0

3 commits
9eac364e01 ... 1fba91f772

Author SHA1 Message Date
Jesse Wierzbinski 1fba91f772
chore(config): 👽 Update JSON schema files
Some checks failed
CodeQL Scan / Analyze (javascript-typescript) (push) Failing after 0s
Details
Build Docker Images / lint (push) Failing after 8s
Details
Build Docker Images / check (push) Failing after 7s
Details
Build Docker Images / tests (push) Failing after 8s
Details
Deploy Docs to GitHub Pages / build (push) Failing after 0s
Details
Build Docker Images / build (server, Dockerfile, ${{ github.repository_owner }}/server) (push) Has been skipped
Details
Build Docker Images / build (worker, Worker.Dockerfile, ${{ github.repository_owner }}/worker) (push) Has been skipped
Details
Deploy Docs to GitHub Pages / Deploy (push) Has been skipped
Details
Mirror to Codeberg / Mirror (push) Failing after 0s
Details
Nix Build / check (push) Failing after 0s
Details
Test Publish / build (client) (push) Failing after 0s
Details
Test Publish / build (sdk) (push) Failing after 0s
Details
2025-05-28 03:06:49 +02:00
Jesse Wierzbinski 710f965144
fix(federation): 🔒 Enforce content filters for remote content as well 2025-05-28 02:59:26 +02:00
Jesse Wierzbinski c737aeba8e
fix(api): 🐛 Enforce emoji shortcode filters 2025-05-28 02:45:53 +02:00
7 changed files with 133 additions and 190 deletions
Show stats Expand all files Collapse all files

10
api/api/v1/emojis/[id]/index.ts
View file

@ -113,8 +113,14 @@ export default apiRoute((app) => {
"json",
z
.object({
shortcode: CustomEmojiSchema.shape.shortcode.max(
config.validation.emojis.max_shortcode_characters,
shortcode: CustomEmojiSchema.shape.shortcode
.max(config.validation.emojis.max_shortcode_characters)
.refine(
(s) =>
!config.validation.filters.emoji_shortcode.some(
(filter) => filter.test(s),
),
"Shortcode contains blocked words",
),
element: z
.string()

10
api/api/v1/emojis/index.ts
View file

@ -45,8 +45,14 @@ export default apiRoute((app) =>
validator(
"json",
z.object({
shortcode: CustomEmojiSchema.shape.shortcode.max(
config.validation.emojis.max_shortcode_characters,
shortcode: CustomEmojiSchema.shape.shortcode
.max(config.validation.emojis.max_shortcode_characters)
.refine(
(s) =>
!config.validation.filters.emoji_shortcode.some(
(filter) => filter.test(s),
),
"Shortcode contains blocked words",
),
element: z
.string()

8
classes/config/to-json-schema.ts
View file

@ -1,6 +1,12 @@
import { zodToJsonSchema } from "zod-to-json-schema";
import { ConfigSchema } from "./schema.ts";
await import("~/config.ts");
// This is an awkward way to avoid import cycles for some reason
await (async () => {
const { ConfigSchema } = await import("./schema.ts");
const jsonSchema = zodToJsonSchema(ConfigSchema, {});
console.write(`${JSON.stringify(jsonSchema, null, 4)}\n`);
})();

11
classes/database/note.ts
View file

@ -500,9 +500,14 @@ export class Note extends BaseInterface<typeof Notes, NoteTypeWithRelations> {
);
const emojis = await Promise.all(
extensions?.["pub.versia:custom_emojis"]?.emojis.map((emoji) =>
Emoji.fetchFromRemote(emoji, instance),
) ?? [],
extensions?.["pub.versia:custom_emojis"]?.emojis
.filter(
(e) =>
!config.validation.filters.emoji_shortcode.some(
(filter) => filter.test(e.name),
),
)
.map((emoji) => Emoji.fetchFromRemote(emoji, instance)) ?? [],
);
const mentions = (

68
classes/inbox/processor.ts
View file

@ -181,9 +181,7 @@ export class InboxProcessor {
try {
await new EntitySorter(this.body)
.on(VersiaEntities.Note, async (n) => {
await Note.fromVersia(n);
})
.on(VersiaEntities.Note, (n) => InboxProcessor.processNote(n))
.on(VersiaEntities.Follow, (f) =>
InboxProcessor.processFollowRequest(f),
)
@ -199,9 +197,7 @@ export class InboxProcessor {
.on(VersiaEntities.Delete, (d) =>
InboxProcessor.processDelete(d),
)
.on(VersiaEntities.User, async (u) => {
await User.fromVersia(u);
})
.on(VersiaEntities.User, (u) => InboxProcessor.processUser(u))
.on(VersiaEntities.Share, async (s) =>
InboxProcessor.processShare(s),
)
@ -213,6 +209,66 @@ export class InboxProcessor {
}
}
/**
* Handles Note entity processing
*
* @param {VersiaNote} note - The Note entity to process.
* @returns {Promise<void>}
*/
private static async processNote(note: VersiaEntities.Note): Promise<void> {
// If note has a blocked word
if (
Object.values(note.content?.data ?? {})
.flatMap((c) => c.content)
.some((content) =>
config.validation.filters.note_content.some((filter) =>
filter.test(content),
),
)
) {
// Drop silently
return;
}
await Note.fromVersia(note);
}
/**
* Handles User entity processing.
*
* @param {VersiaUser} user - The User entity to process.
* @returns {Promise<void>}
*/
private static async processUser(user: VersiaEntities.User): Promise<void> {
if (
config.validation.filters.username.some((filter) =>
filter.test(user.data.username),
) ||
(user.data.display_name &&
config.validation.filters.displayname.some((filter) =>
filter.test(user.data.display_name ?? ""),
))
) {
// Drop silently
return;
}
if (
Object.values(user.bio?.data ?? {})
.flatMap((c) => c.content)
.some((content) =>
config.validation.filters.bio.some((filter) =>
filter.test(content),
),
)
) {
// Drop silently
return;
}
await User.fromVersia(user);
}
/**
* Handles Follow entity processing.
*

196
config/config.schema.json
View file

@ -57,27 +57,14 @@
"default": "versia"
}
},
"required": [
"host",
"port",
"username",
"password",
"database"
],
"required": ["host", "username"],
"additionalProperties": false
},
"description": "Additional read-only replicas",
"default": []
}
},
"required": [
"host",
"port",
"username",
"password",
"database",
"replicas"
],
"required": ["username"],
"additionalProperties": false,
"description": "PostgreSQL database configuration"
},
@ -106,7 +93,6 @@
"default": 0
}
},
"required": ["host", "port", "password", "database"],
"additionalProperties": false,
"description": "A Redis database used for managing queues."
},
@ -132,12 +118,11 @@
"default": 1
}
},
"required": ["host", "port", "password", "database"],
"additionalProperties": false,
"description": "A Redis database used for caching SQL queries. Optional."
}
},
"required": ["queue", "cache"],
"required": ["queue"],
"additionalProperties": false,
"description": "Redis configuration. Used for queues and caching."
},
@ -165,12 +150,11 @@
"$ref": "#/properties/postgres/properties/password"
}
},
"required": ["host", "port", "password"],
"required": ["password"],
"additionalProperties": false,
"description": "Sonic database configuration"
}
},
"required": ["enabled", "sonic"],
"additionalProperties": false,
"description": "Search and indexing configuration"
},
@ -191,7 +175,6 @@
"description": "Message to show to users when registration is disabled"
}
},
"required": ["allow", "require_approval", "message"],
"additionalProperties": false
},
"http": {
@ -250,20 +233,12 @@
"description": "This value must be a file path"
}
},
"required": ["key", "cert", "passphrase", "ca"],
"required": ["key", "cert"],
"additionalProperties": false,
"description": "TLS configuration. You should probably be using a reverse proxy instead of this"
}
},
"required": [
"base_url",
"bind",
"bind_port",
"banned_ips",
"banned_user_agents",
"proxy_address",
"tls"
],
"required": ["base_url"],
"additionalProperties": false
},
"frontend": {
@ -275,7 +250,7 @@
},
"path": {
"type": "string",
"default": "/home/jessew/Dev/versia-server"
"default": "frontend"
},
"routes": {
"type": "object",
@ -302,13 +277,6 @@
"default": "/oauth/reset"
}
},
"required": [
"home",
"login",
"consent",
"register",
"password_reset"
],
"additionalProperties": false
},
"settings": {
@ -317,7 +285,7 @@
"default": {}
}
},
"required": ["enabled", "path", "routes", "settings"],
"required": ["routes"],
"additionalProperties": false
},
"email": {
@ -351,17 +319,10 @@
"default": true
}
},
"required": [
"server",
"port",
"username",
"password",
"tls"
],
"required": ["server", "username"],
"additionalProperties": false
}
},
"required": ["send_emails", "smtp"],
"additionalProperties": false
},
"media": {
@ -393,15 +354,10 @@
"default": false
}
},
"required": [
"convert_images",
"convert_to",
"convert_vectors"
],
"additionalProperties": false
}
},
"required": ["backend", "uploads_path", "conversion"],
"required": ["conversion"],
"additionalProperties": false
},
"s3": {
@ -425,14 +381,19 @@
"public_url": {
"$ref": "#/properties/http/properties/base_url",
"description": "Public URL that uploaded media will be accessible at"
},
"path": {
"type": "string"
},
"path_style": {
"type": "boolean",
"default": true
}
},
"required": [
"endpoint",
"access_key",
"secret_access_key",
"region",
"bucket_name",
"public_url"
],
"additionalProperties": false
@ -518,18 +479,6 @@
"default": 20
}
},
"required": [
"max_displayname_characters",
"max_username_characters",
"max_bio_characters",
"max_avatar_bytes",
"max_header_bytes",
"disallowed_usernames",
"max_field_count",
"max_field_name_characters",
"max_field_value_characters",
"max_pinned_notes"
],
"additionalProperties": false
},
"notes": {
@ -570,11 +519,6 @@
"default": 16
}
},
"required": [
"max_characters",
"allowed_url_schemes",
"max_attachments"
],
"additionalProperties": false
},
"media": {
@ -1838,11 +1782,6 @@
]
}
},
"required": [
"max_bytes",
"max_description_characters",
"allowed_mime_types"
],
"additionalProperties": false
},
"emojis": {
@ -1864,11 +1803,6 @@
"default": 1000
}
},
"required": [
"max_bytes",
"max_shortcode_characters",
"max_description_characters"
],
"additionalProperties": false
},
"polls": {
@ -1895,12 +1829,6 @@
"default": 8640000
}
},
"required": [
"max_options",
"max_option_characters",
"min_duration_seconds",
"max_duration_seconds"
],
"additionalProperties": false
},
"emails": {
@ -1919,7 +1847,6 @@
"default": []
}
},
"required": ["disallow_tempmail", "disallowed_domains"],
"additionalProperties": false
},
"challenges": {
@ -1940,7 +1867,7 @@
"description": "You can use PATH:/path/to/file to load this value from a file"
}
},
"required": ["difficulty", "expiration", "key"],
"required": ["key"],
"additionalProperties": false,
"description": "CAPTCHA challenge configuration. Challenges are disabled if not provided."
},
@ -1983,13 +1910,6 @@
"default": []
}
},
"required": [
"note_content",
"emoji_shortcode",
"username",
"displayname",
"bio"
],
"additionalProperties": false,
"description": "Block content that matches these regular expressions"
}
@ -2001,7 +1921,6 @@
"emojis",
"polls",
"emails",
"challenges",
"filters"
],
"additionalProperties": false
@ -2016,13 +1935,14 @@
"type": "object",
"properties": {
"public": {
"$ref": "#/properties/postgres/properties/password"
"$ref": "#/properties/postgres/properties/password",
"description": "You can use PATH:/path/to/file to load this value from a file"
},
"private": {
"$ref": "#/properties/postgres/properties/password"
"$ref": "#/properties/postgres/properties/password",
"description": "You can use PATH:/path/to/file to load this value from a file"
}
},
"required": ["public", "private"],
"additionalProperties": false
},
"subject": {
@ -2030,12 +1950,11 @@
"description": "Subject field embedded in the push notification. Example: 'mailto:contact@example.com'"
}
},
"required": ["vapid_keys", "subject"],
"required": ["vapid_keys"],
"additionalProperties": false,
"description": "Web Push Notifications configuration. Leave out to disable."
}
},
"required": ["push"],
"additionalProperties": false
},
"defaults": {
@ -2062,13 +1981,6 @@
"description": "A style name from https://www.dicebear.com/styles"
}
},
"required": [
"visibility",
"language",
"avatar",
"header",
"placeholder_style"
],
"additionalProperties": false
},
"federation": {
@ -2155,17 +2067,6 @@
"default": []
}
},
"required": [
"reports",
"deletes",
"updates",
"media",
"follows",
"likes",
"reactions",
"banners",
"avatars"
],
"additionalProperties": false
},
"bridge": {
@ -2196,11 +2097,11 @@
"$ref": "#/properties/http/properties/proxy_address"
}
},
"required": ["software", "allowed_ips", "token", "url"],
"required": ["software", "token", "url"],
"additionalProperties": false
}
},
"required": ["blocked", "followers_only", "discard", "bridge"],
"required": ["discard"],
"additionalProperties": false
},
"queues": {
@ -2219,10 +2120,6 @@
"default": 31536000
}
},
"required": [
"remove_after_complete_seconds",
"remove_after_failure_seconds"
],
"additionalProperties": false
},
"propertyNames": {
@ -2264,7 +2161,6 @@
"$ref": "#/properties/http/properties/proxy_address"
}
},
"required": ["logo", "banner"],
"additionalProperties": false
},
"languages": {
@ -2489,7 +2385,7 @@
"description": "Longer version of the rule with additional information"
}
},
"required": ["text", "hint"],
"required": ["text"],
"additionalProperties": false
},
"default": []
@ -2498,28 +2394,18 @@
"type": "object",
"properties": {
"public": {
"$ref": "#/properties/postgres/properties/password"
"$ref": "#/properties/postgres/properties/password",
"description": "You can use PATH:/path/to/file to load this value from a file"
},
"private": {
"$ref": "#/properties/postgres/properties/password"
"$ref": "#/properties/postgres/properties/password",
"description": "You can use PATH:/path/to/file to load this value from a file"
}
},
"required": ["public", "private"],
"additionalProperties": false
}
},
"required": [
"name",
"description",
"extended_description_path",
"tos_path",
"privacy_policy_path",
"branding",
"languages",
"contact",
"rules",
"keys"
],
"required": ["branding", "languages", "contact"],
"additionalProperties": false
},
"permissions": {
@ -2798,7 +2684,6 @@
]
}
},
"required": ["anonymous", "default", "admin"],
"additionalProperties": false
},
"logging": {
@ -2830,7 +2715,6 @@
"type": "string"
}
},
"required": ["level", "log_file_path"],
"additionalProperties": false
}
]
@ -2886,15 +2770,7 @@
"type": "string"
}
},
"required": [
"dsn",
"debug",
"sample_rate",
"traces_sample_rate",
"trace_propagation_targets",
"max_breadcrumbs",
"environment"
],
"required": ["dsn"],
"additionalProperties": false
},
"log_file_path": {
@ -2902,7 +2778,7 @@
"default": "logs/versia.log"
}
},
"required": ["types", "log_level", "sentry", "log_file_path"],
"required": ["types"],
"additionalProperties": false
},
"debug": {
@ -2913,7 +2789,6 @@
"default": false
}
},
"required": ["federation"],
"additionalProperties": false
},
"plugins": {
@ -2941,7 +2816,6 @@
"default": []
}
},
"required": ["enabled", "disabled"],
"additionalProperties": false
},
"config": {
@ -2949,7 +2823,7 @@
"additionalProperties": {}
}
},
"required": ["autoload", "overrides", "config"],
"required": ["overrides"],
"additionalProperties": false
}
},
@ -2962,7 +2836,6 @@
"frontend",
"email",
"media",
"s3",
"validation",
"notifications",
"defaults",
@ -2971,7 +2844,6 @@
"instance",
"permissions",
"logging",
"debug",
"plugins"
],
"additionalProperties": false,

12
packages/plugin-kit/manifest.schema.json
View file

@ -37,7 +37,7 @@
"format": "uri"
}
},
"required": ["name", "email", "url"],
"required": ["name"],
"additionalProperties": false
}
},
@ -75,18 +75,10 @@
"format": "uri"
}
},
"required": ["type", "url"],
"additionalProperties": false
}
},
"required": [
"$schema",
"name",
"version",
"description",
"authors",
"repository"
],
"required": ["name", "version", "description"],
"additionalProperties": false,
"$schema": "http://json-schema.org/draft-07/schema#"
}