Feat: 色々な修正 (#22)

.github/workflows/lint.yml

@@ -16,24 +16,45 @@ jobs:
         submodules: true
     - uses: actions/setup-node@v3
       with:
-        node-version: 20.x
+        node-version-file: '.node-version'
         cache: 'npm'
-        cache-dependency-path: |
-          packages/backend/package-lock.json
-    - run: npm install
+    - run: npm install --frozen-lockfile
+    - run: npm run ci:all
     - run: npm --cwd ./packages/backend lint
 
-  client:
+  frontend:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
       with:
         submodules: true
     - uses: actions/setup-node@v3
       with:
-        node-version: 20.x
+        node-version-file: '.node-version'
         cache: 'npm'
-        cache-dependency-path: |
-          packages/client/package-lock.json
-    - run: npm install
-    - run: npm --cwd ./packages/client lint
+    - run: npm install --frozen-lockfile
+    - run: npm run ci:all
+    - run: npm --cwd ./packages/frontend lint
+
+  typecheck:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    strategy:
+      matrix:
+        workspace:
+        - backend
+        - misskey-js
+    steps:
+    - uses: actions/checkout@v4.1.1
+      with:
+        fetch-depth: 0
+        submodules: true
+    - uses: actions/setup-node@v4.0.2
+      with:
+        node-version-file: '.node-version'
+        cache: 'npm'
+    - run: corepack enable
+    - run: npm install --frozen-lockfile
+    - run: npm run ci:all
+      if: ${{ matrix.workspace == 'backend' }}
+    - run: pnpm --filter ${{ matrix.workspace }} run typecheck

.github/workflows/test-production.yml

@@ -0,0 +1,35 @@
+name: Test (production install and build)
+
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+env:
+  NODE_ENV: production
+
+jobs:
+  production:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version-file: '.node-version'
+
+    steps:
+    - uses: actions/checkout@v4.1.1
+      with:
+        submodules: true
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v4.0.2
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+    - run: npm install --frozen-lockfile
+    - run: npm run ci:all
+    - name: Copy Configure
+      run: cp .github/misskey/test.yml .config/default.yml
+    - name: Build
+      run: npm run build

.github/workflows/test.yml

@@ -13,18 +13,18 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [20.x]
+        node-version-file: '.node-version'
 
     services:
       postgres:
-        image: postgres:13
+        image: postgres:15
         ports:
           - 54312:5432
         env:
           POSTGRES_DB: test-misskey
           POSTGRES_HOST_AUTH_METHOD: trust
       redis:
-        image: redis:6
+        image: redis:7
         ports:
           - 56312:6379
 
@@ -41,7 +41,8 @@ jobs:
           packages/backend/package-lock.json
           packages/client/package-lock.json
     - name: Install dependencies
-      run: npm install
+      run: npm install --frozen-lockfile
+      run: npm ci:all
     - name: Check package-lock.json
       run: git diff --exit-code package-lock.json
     - name: Copy Configure
@@ -57,19 +58,19 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node-version: [20.x]
+        node-version-file: '.node-version'
         browser: [chrome]
 
     services:
       postgres:
-        image: postgres:13
+        image: postgres:15
         ports:
           - 54312:5432
         env:
           POSTGRES_DB: test-misskey
           POSTGRES_HOST_AUTH_METHOD: trust
       redis:
-        image: redis:6
+        image: redis:7
         ports:
           - 56312:6379
 
@@ -92,7 +93,8 @@ jobs:
           packages/backend/package-lock.json
           packages/client/package-lock.json
     - name: Install dependencies
-      run: npm install
+      run: npm install --frozen-lockfile
+      run: npm run ci:all
     - name: Check package-lock.json
       run: git diff --exit-code package-lock.json
     - name: Copy Configure

CHANGELOG.md

@@ -9,6 +9,17 @@
 
 You should also include the user name that made the change.
 -->
+
+## 13.x.x (unreleased)
+
+### Improvements
+- Chore: Workflow が正常に動作するように。
+
+### Bugfixes
+- Fix(QFE): Bypass authentication of Bull dashboard( GHSA-9fj2-gjcf-cqqc )
+- Fix(QFE): Misskey's missing signature validation allows arbitrary users to impersonate any remote user. ( GHSA-3f39-6537-3cgc )
+
+
 ## 13.8.0 (2023/02/26)
 
 ### Improvements

packages/backend/package.json

@@ -77,6 +77,7 @@
 		"@nestjs/testing": "10.3.3",
 		"@peertube/http-signature": "1.7.0",
 		"@sinonjs/fake-timers": "11.2.2",
+		"@smithy/node-http-handler": "2.1.5",
 		"@swc/cli": "0.1.62",
 		"@swc/core": "1.3.36",
 		"@syuilo/aiscript": "0.17.0",
@@ -101,6 +102,7 @@
 		"deep-email-validator": "0.1.21",
 		"escape-regexp": "0.0.1",
 		"fastify": "4.26.2",
+		"fastify-raw-body": "^4.2.2",
 		"feed": "4.2.2",
 		"file-type": "19.0.0",
 		"fluent-ffmpeg": "2.1.2",