gitea/nas
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 17
23272 commits 21 branches 90 tags 309 MiB
Commit graph

69 commits

Author SHA1 Message Date
KMY
c538c23ef7 Merge remote-tracking branch 'parent/main' into kbtopic-remove-quote 2025-05-29 12:52:49 +09:00
Emelia Smith
a73ade526a
Assert usage of client credentials for account registration (#34828) 2025-05-28 12:09:32 +00:00
KMY
80542ea172 Merge remote-tracking branch 'parent/main' into kbtopic-remove-quote 2025-04-26 08:30:17 +09:00
Claire
d4944a2467
Fix incorrect redirect in response to unauthenticated API requests in limited federation mode (#34549) 2025-04-25 11:24:57 +00:00
KMY
8b09a57a91 Merge remote-tracking branch 'parent/main' into upstream-20240731 2024-07-31 13:00:13 +09:00
Claire
598ae4f2da
Add endpoints for unread notifications count (#31191) 2024-07-30 08:39:11 +00:00
KMY
44f4a93430 Merge remote-tracking branch 'parent/main' into upstream-20240422 2024-04-22 08:58:37 +09:00
Matt Jankowski
1d3ecd3fba
Add API::Pagination concern (#28826) 2024-04-17 09:22:45 +00:00
KMY
76598bd542 Merge remote-tracking branch 'parent/main' into upstream-20240319 2024-03-19 09:15:20 +09:00
Matt Jankowski
b5115850bb
Move repeated insert_pagination_headers method to api base class (#29606) 2024-03-18 10:11:53 +00:00
Matt Jankowski
f9100743ec
Add Api::ErrorHandling concern for api/base controller (#29574) 2024-03-14 09:09:47 +00:00
Matt Jankowski
9754967d5f
Move pagination_max_id and pagination_since_id into api/base controller (#28844) 2024-03-13 08:51:44 +00:00
KMY
a6b57e3890 Merge remote-tracking branch 'parent/main' into upstream-20231221 2023-12-21 08:37:12 +09:00
Matt Jankowski
c28976d89e
Handle negative offset param in api/v2/search (#28282) 2023-12-19 10:55:39 +00:00
KMY
94c2396a34 Merge remote-tracking branch 'parent/main' into upstream-20231204 2023-12-04 12:04:52 +09:00
Matt Jankowski
3bc437b99a
Fix Style/RedundantParentheses cop (#28176) 2023-12-01 16:00:44 +00:00
Claire
963354978a
Add Account#unavailable? and Account#permanently_unavailable? aliases (#28053) 2023-11-30 15:43:26 +00:00
Matt Jankowski
1f1c75bba5
File cleanup/organization in controllers/concerns (#27846) 2023-11-30 14:39:41 +00:00
KMY
24371d6b2a Merge remote-tracking branch 'parent/main' into upstream-20231116 2023-11-15 13:01:29 +09:00
Matt Jankowski
d562fb8459
Specs for minimal CSP policy in Api:: controllers (#27845) 2023-11-14 14:34:30 +00:00
KMY
82d61dad96 Merge commit '2f932cb2bb' into kb_migration 2023-08-03 15:48:07 +09:00
Emelia Smith
e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252) 2023-08-02 19:32:48 +02:00
KMY
9461db713b Merge commit '36631e40cc' into kb_migration 2023-04-26 11:39:42 +09:00
Claire
276c39361b
Fix anonymous visitors getting a session cookie on first visit (#24584) 2023-04-25 16:51:38 +02:00
Eugen Rochko
6084461cd0
Change unauthenticated responses to be cached in REST API (#24348) 2023-04-25 15:41:34 +02:00
KMY
70ea37a4cc Merge commit '8099ba04be' into kb_migration 2023-04-25 17:08:32 +09:00
Claire
58a1b2e330
Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604) 2023-04-23 22:27:24 +02:00
KMY
a1f6ef00db Merge commit 'c62604b5f6' into kb_migration 2023-04-20 17:41:07 +09:00
Eugen Rochko
e98c86050a
Refactor Cache-Control and Vary definitions (#24347) 2023-04-19 16:07:29 +02:00
KMY
47bedd20ca Move emoji reaction limitation constraints 2023-03-08 16:31:22 +09:00
KMY
a1485f242d Add emoji reaction detail status 2023-02-26 23:44:52 +09:00
Claire
623d3d2e32
Change CSP directives on API to be tight and concise (#20960) 2022-12-15 16:40:32 +01:00
Daniel Axtens
4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations (#20608) 
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)

We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
 2022-11-16 04:56:30 +01:00
Eugen Rochko
b31afc6294
Fix error when passing unknown filter param in REST API (#20626) 
Fix #19156
 2022-11-14 08:06:06 +01:00
Eugen Rochko
3a41fccc43
Change AUTHORIZED_FETCH to not block unauthenticated REST API access (#19803) 
New environment variable `DISALLOW_UNAUTHENTICATED_API_ACCESS`
 2022-11-05 22:56:03 +01:00
Eugen Rochko
3e18e05330
Fix uncaught error when invalid date is supplied to API (#19480) 
Fix #19213
 2022-10-27 14:30:52 +02:00
Claire
2750a7a0e6
Fix REST API sometimes returning HTML on error (#19135) 
Fixes #19115
 2022-09-08 09:44:36 +02:00
Eugen Rochko
9f81b9f29a
Fix suspended users being able to access APIs that don't require a user (#18524) 2022-05-26 22:04:05 +02:00
Eugen Rochko
67d550830b
Fix locale not being set in REST API (#17847) 2022-03-22 12:29:04 +01:00
Eugen Rochko
50ea54b3ed
Change authorized applications page (#17656) 
* Change authorized applications page

* Hide revoke button for superapps and suspended accounts

* Clean up db/schema.rb
 2022-03-01 16:48:58 +01:00
Claire
d8629e7b86
Add logging of S3-related errors (#16381) 2021-07-21 18:34:39 +02:00
Eugen Rochko
1045549f85
Add stoplight for object storage failures, return HTTP 503 (#13043) 2020-12-15 12:55:29 +01:00
Eugen Rochko
8532429af7
Fix 2FA/sign-in token sessions being valid after password change (#14802) 
If someone tries logging in to an account and is prompted for a 2FA
code or sign-in token, even if the account's password or e-mail is
updated in the meantime, the session will show the prompt and allow
the login process to complete with a valid 2FA code or sign-in token
 2020-11-12 23:05:01 +01:00
Eugen Rochko
ed099d8bdc
Change account suspensions to be reversible by default (#14726) 2020-09-15 14:37:58 +02:00
dependabot[bot]
8972e5f7f6
Bump rubocop from 0.86.0 to 0.88.0 (#14412) 
* Bump rubocop from 0.86.0 to 0.88.0

Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.86.0 to 0.88.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.88.0)

Signed-off-by: dependabot[bot] <support@github.com>

* Fix for latest RuboCop

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
 2020-09-01 03:04:00 +02:00
ThibG
ac8a788370
Fix functional user requirements in whitelist mode (#14093) 
Fixes #14092
 2020-06-19 19:18:47 +02:00
Eugen Rochko
339ce1c4e9
Add specific rate limits for posting and following (#13172) 2020-03-08 15:17:39 +01:00
Eugen Rochko
f52c988e12
Add announcements (#12662) 
* Add announcements

Fix #11006

* Add reactions to announcements

* Add admin UI for announcements

* Add unit tests

* Fix issues

- Add `with_dismissed` param to announcements API
- Fix end date not being formatted when time range is given
- Fix announcement delete causing reactions to send streaming updates
- Fix announcements container growing too wide and mascot too small
- Fix `all_day` being settable when no time range is given
- Change text "Update" to "Announcement"

* Fix scheduler unpublishing announcements before they are due

* Fix filter params not being passed to announcements filter
 2020-01-23 22:00:13 +01:00
Eugen Rochko
6d7daf6154
Fix generic HTTP 500 error on duplicate records (#12563) 
Fix #12551
Fix #12547
 2019-12-06 22:40:06 +01:00
Eugen Rochko
22ce4778eb
Fix uncaught parameter missing exceptions and missing error templates (#11702) 2019-08-30 01:34:47 +02:00