Merge branch 'refactor/push-notification' into 'develop'

Draft: refactor: port push notification sender to backend-rs


See merge request firefish/firefish!10760

.config/ci.yml

@@ -1,195 +1,11 @@
-#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# Firefish configuration
-#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-#   ┌─────┐
-#───┘ URL └─────────────────────────────────────────────────────
-
-# Final accessible URL seen by a user.
-url: https://example.tld/
-
-# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
-# URL SETTINGS AFTER THAT!
-
-#   ┌───────────────────────┐
-#───┘ Port and TLS settings └───────────────────────────────────
-
-#
-# Misskey requires a reverse proxy to support HTTPS connections.
-#
-#                 +----- https://example.tld/ ------------+
-#   +------+      |+-------------+      +----------------+|
-#   | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
-#   +------+      |+-------------+      +----------------+|
-#                 +---------------------------------------+
-#
-#   You need to set up a reverse proxy. (e.g. nginx)
-#   An encrypted connection with HTTPS is highly recommended
-#   because tokens may be transferred in GET requests.
-
-# The port that your Misskey server should listen on.
+url: http://localhost:3000
 port: 3000
-
-#   ┌──────────────────────────┐
-#───┘ PostgreSQL configuration └────────────────────────────────
-
 db:
   host: postgres
   port: 5432
-
-  # Database name
-  db: postgres
-
-  # Auth
-  user: postgres
-  pass: test
-
-  # Whether disable Caching queries
-  #disableCache: true
-
-  # Extra Connection options
-  #extra:
-  #  ssl: true
-
-#   ┌─────────────────────┐
-#───┘ Redis configuration └─────────────────────────────────────
-
+  db: firefish_db
+  user: firefish
+  pass: password
 redis:
   host: redis
   port: 6379
-  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
-  #pass: example-pass
-  #prefix: example-prefix
-  #db: 1
-
-#   ┌─────────────────────────────┐
-#───┘ Elasticsearch configuration └─────────────────────────────
-
-#elasticsearch:
-#  host: localhost
-#  port: 9200
-#  ssl: false
-#  user: 
-#  pass: 
-
-#   ┌───────────────┐
-#───┘ ID generation └───────────────────────────────────────────
-
-# You can select the ID generation method.
-# You don't usually need to change this setting, but you can
-# change it according to your preferences.
-
-# Available methods:
-# aid ... Short, Millisecond accuracy
-# meid ... Similar to ObjectID, Millisecond accuracy
-# ulid ... Millisecond accuracy
-# objectid ... This is left for backward compatibility
-
-# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
-# ID SETTINGS AFTER THAT!
-
-id: 'aid'
-
-#   ┌─────────────────────┐
-#───┘ Other configuration └─────────────────────────────────────
-
-# Max note length, should be < 8000.
-#maxNoteLength: 3000
-
-# Whether disable HSTS
-#disableHsts: true
-
-# Number of worker processes
-#clusterLimit: 1
-
-# Job concurrency per worker
-# deliverJobConcurrency: 128
-# inboxJobConcurrency: 16
-
-# Job rate limiter
-# deliverJobPerSec: 128
-# inboxJobPerSec: 16
-
-# Job attempts
-# deliverJobMaxAttempts: 12
-# inboxJobMaxAttempts: 8
-
-# IP address family used for outgoing request (ipv4, ipv6 or dual)
-#outgoingAddressFamily: ipv4
-
-# Syslog option
-#syslog:
-#  host: localhost
-#  port: 514
-
-# Proxy for HTTP/HTTPS
-#proxy: http://127.0.0.1:3128
-
-#proxyBypassHosts: [
-#  'example.com',
-#  '192.0.2.8'
-#]
-
-# Proxy for SMTP/SMTPS
-#proxySmtp: http://127.0.0.1:3128   # use HTTP/1.1 CONNECT
-#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
-#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
-
-# Media Proxy
-#mediaProxy: https://example.com/proxy
-
-# Proxy remote files (default: false)
-#proxyRemoteFiles: true
-
-#allowedPrivateNetworks: [
-#  '127.0.0.1/32'
-#]
-
-# Upload or download file size limits (bytes)
-#maxFileSize: 262144000
-
-# Managed hosting settings
-# !!!!!!!!!!
-# >>>>>> NORMAL SELF-HOSTERS, STAY AWAY! <<<<<<
-# >>>>>> YOU DON'T NEED THIS! <<<<<<
-# !!!!!!!!!!
-# Each category is optional, but if each item in each category is mandatory!
-# If you mess this up, that's on you, you've been warned...
-
-#maxUserSignups: 100
-#isManagedHosting: true
-#deepl:
-#  managed: true
-#  authKey: ''
-#  isPro: false
-#
-#email:
-#  managed: true
-#  address: 'example@email.com'
-#  host: 'email.com'
-#  port: 587
-#  user: 'example@email.com'
-#  pass: ''
-#  useImplicitSslTls: false
-#
-#objectStorage:
-#  managed: true
-#  baseUrl: ''
-#  bucket: ''
-#  prefix: ''
-#  endpoint: ''
-#  region: ''
-#  accessKey: ''
-#  secretKey: ''
-#  useSsl: true
-#  connnectOverProxy: false
-#  setPublicReadOnUpload: true
-#  s3ForcePathStyle: true
-
-# !!!!!!!!!!
-# >>>>>> AGAIN, NORMAL SELF-HOSTERS, STAY AWAY! <<<<<<
-# >>>>>> YOU DON'T NEED THIS, ABOVE SETTINGS ARE FOR MANAGED HOSTING ONLY! <<<<<<
-# !!!!!!!!!!
-
-# Seriously. Do NOT fill out the above settings if you're self-hosting.
-# They're much better off being set from the control panel. 

.gitlab-ci.yml

@@ -0,0 +1,57 @@
+image: docker.io/rust:slim-bookworm
+
+services:
+  - name: docker.io/groonga/pgroonga:latest-alpine-12-slim
+    alias: postgres
+  - name: docker.io/redis:7-alpine
+    alias: redis
+
+workflow:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+      when: always
+    - if: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == 'main'
+      when: never
+
+cache:
+  paths:
+    - node_modules
+    # - /usr/local/cargo/registry/index
+    # - /usr/local/cargo/registry/cache
+    - target/debug/deps
+    - target/debug/build
+
+stages:
+  - test
+
+variables:
+  POSTGRES_DB: 'firefish_db'
+  POSTGRES_USER: 'firefish'
+  POSTGRES_PASSWORD: 'password'
+  POSTGRES_HOST_AUTH_METHOD: 'trust'
+  DEBIAN_FRONTEND: 'noninteractive'
+  CARGO_PROFILE_DEV_OPT_LEVEL: '0'
+  CARGO_PROFILE_DEV_LTO: 'off'
+  CARGO_PROFILE_DEV_DEBUG: 'none'
+
+default:
+  before_script:
+    - mkdir -p "${CARGO_HOME}"
+    - apt-get update && apt-get -y upgrade
+    - apt-get -y --no-install-recommends install curl
+    - curl -fsSL 'https://deb.nodesource.com/setup_18.x' | bash -
+    - apt-get install -y --no-install-recommends build-essential clang mold python3 perl nodejs postgresql-client
+    - corepack enable
+    - corepack prepare pnpm@latest --activate
+    - cp .config/ci.yml .config/default.yml
+    - cp ci/cargo/config.toml /usr/local/cargo/config.toml
+    - export PGPASSWORD="${POSTGRES_PASSWORD}"
+    - psql --host postgres --user "${POSTGRES_USER}" --dbname "${POSTGRES_DB}" --command 'CREATE EXTENSION pgroonga'
+
+build_and_cargo_unit_test:
+  stage: test
+  script:
+    - pnpm install --frozen-lockfile
+    - pnpm run build:debug
+    - pnpm run migrate
+    - cargo test

Dockerfile

@@ -45,7 +45,7 @@ COPY packages/backend-rs/index.js packages/backend-rs/built/index.js
 # Copy in the rest of the files to compile
 COPY . ./
 RUN NODE_ENV='production' pnpm run --filter firefish-js build
-RUN NODE_ENV='production' pnpm run --recursive --parallel --filter '!backend-rs' --filter '!firefish-js' build && pnpm run gulp
+RUN NODE_ENV='production' pnpm run --recursive --parallel --filter '!backend-rs' --filter '!firefish-js' build && pnpm run build:assets
 
 # Trim down the dependencies to only those for production
 RUN find . -path '*/node_modules/*' -delete && pnpm install --prod --frozen-lockfile

ci/cargo/config.toml

@@ -0,0 +1,3 @@
+[target.x86_64-unknown-linux-gnu]
+linker = "/usr/bin/clang"
+rustflags = ["-C", "link-arg=--ld-path=/usr/bin/mold"]

docs/api-change.md

@@ -2,6 +2,8 @@
 
 Breaking changes are indicated by the :warning: icon.
 
+- Adding `lang` to the response of `i` and the request parameter of `i/update`.
+
 ## v20240504
 
 - :warning: Removed `release` endpoint.

docs/downgrade.sql

@@ -1,6 +1,7 @@
 BEGIN;
 
 DELETE FROM "migrations" WHERE name IN (
+    'AddUserProfileLanguage1714888400293',
     'DropUnusedIndexes1714643926317',
     'AlterAkaType1714099399879',
     'AddDriveFileUsage1713451569342',
@@ -764,9 +765,6 @@ CREATE SEQUENCE public.__chart_day__users_id_seq
     CACHE 1;
 ALTER SEQUENCE public.__chart_day__users_id_seq OWNED BY public.__chart_day__users.id;
 
--- drop-user-profile-language
-ALTER TABLE "user_profile" ADD COLUMN "lang" character varying(32);
-
 -- emoji-moderator
 ALTER TABLE "user" DROP COLUMN "emojiModPerm";
 DROP TYPE "public"."user_emojimodperm_enum";

docs/install.md

@@ -326,7 +326,7 @@ cd ~/firefish
 - To add custom locales, place them in the `./custom/locales/` directory. If you name your custom locale the same as an existing locale, it will overwrite it. If you give it a unique name, it will be added to the list. Also make sure that the first part of the filename matches the locale you're basing it on. (Example: `en-FOO.yml`)
 - To add custom error images, place them in the `./custom/assets/badges` directory, replacing the files already there.
 - To add custom sounds, place only mp3 files in the `./custom/assets/sounds` directory.
-- To update custom assets without rebuilding, just run `pnpm run gulp`.
+- To update custom assets without rebuilding, just run `pnpm run build:assets`.
 - To block ChatGPT, CommonCrawl, or other crawlers from indexing your instance, uncomment the respective rules in `./custom/robots.txt`.
 
 ## Tips & Tricks

gulpfile.js

@@ -1,101 +0,0 @@
-/**
- * Gulp tasks
- */
-
-const fs = require("fs");
-const gulp = require("gulp");
-const replace = require("gulp-replace");
-const terser = require("gulp-terser");
-const cssnano = require("gulp-cssnano");
-
-const meta = require("./package.json");
-
-gulp.task("copy:backend:views", () =>
-	gulp
-		.src("./packages/backend/src/server/web/views/**/*")
-		.pipe(gulp.dest("./packages/backend/built/server/web/views")),
-);
-
-gulp.task("copy:backend:custom", () =>
-	gulp
-		.src("./custom/assets/**/*")
-		.pipe(gulp.dest("./packages/backend/assets/")),
-);
-
-gulp.task("copy:client:fonts", () =>
-	gulp
-		.src("./packages/client/node_modules/three/examples/fonts/**/*")
-		.pipe(gulp.dest("./built/_client_dist_/fonts/")),
-);
-
-gulp.task("copy:client:locales", async (cb) => {
-	fs.mkdirSync("./built/_client_dist_/locales", { recursive: true });
-	const { default: locales } = await import("./locales/index.mjs");
-
-	const v = { _version_: meta.version };
-
-	for (const [lang, locale] of Object.entries(locales)) {
-		fs.writeFileSync(
-			`./built/_client_dist_/locales/${lang}.${meta.version}.json`,
-			JSON.stringify({ ...locale, ...v }),
-			"utf-8",
-		);
-	}
-
-	cb();
-});
-
-gulp.task("build:backend:script", async () => {
-	const { default: locales } = await import("./locales/index.mjs");
-
-	return gulp
-		.src([
-			"./packages/backend/src/server/web/boot.js",
-			"./packages/backend/src/server/web/bios.js",
-			"./packages/backend/src/server/web/cli.js",
-		])
-		.pipe(replace("SUPPORTED_LANGS", JSON.stringify(Object.keys(locales))))
-		.pipe(
-			terser({
-				toplevel: true,
-			}),
-		)
-		.pipe(gulp.dest("./packages/backend/built/server/web/"));
-});
-
-gulp.task("build:backend:style", () => {
-	return gulp
-		.src([
-			"./packages/backend/src/server/web/style.css",
-			"./packages/backend/src/server/web/bios.css",
-			"./packages/backend/src/server/web/cli.css",
-		])
-		.pipe(
-			cssnano({
-				zindex: false,
-			}),
-		)
-		.pipe(gulp.dest("./packages/backend/built/server/web/"));
-});
-
-gulp.task(
-	"build",
-	gulp.parallel(
-		"copy:client:locales",
-		"copy:backend:views",
-		"copy:backend:custom",
-		"build:backend:script",
-		"build:backend:style",
-		"copy:client:fonts",
-	),
-);
-
-gulp.task("default", gulp.task("build"));
-
-gulp.task("watch", () => {
-	gulp.watch(
-		["./packages/*/src/**/*"],
-		{ ignoreInitial: false },
-		gulp.task("build"),
-	);
-});

locales/en-US.yml

@@ -766,6 +766,9 @@ confirmToUnclipAlreadyClippedNote: "This post is already part of the \"{name}\"
 public: "Public"
 i18nInfo: "Firefish is being translated into various languages by volunteers. You
   can help at {link}."
+i18nServerInfo: "New clients will be in {language} by default."
+i18nServerChange: "Use {language} instead."
+i18nServerSet: "Use {language} for new clients."
 manageAccessTokens: "Manage access tokens"
 accountInfo: "Account Info"
 notesCount: "Number of posts"

locales/ja-JP.yml

@@ -685,6 +685,9 @@ unclip: "クリップ解除"
 confirmToUnclipAlreadyClippedNote: "この投稿はすでにクリップ「{name}」に含まれています。投稿をこのクリップから除外しますか？"
 public: "公開"
 i18nInfo: "Firefishは有志によって様々な言語に翻訳されています。{link}で翻訳に協力できます。"
+i18nServerInfo: "新しい端末では{language}が既定の言語になります。"
+i18nServerChange: "{language}に変更する。"
+i18nServerSet: "新しい端末での表示言語を{language}にします。"
 manageAccessTokens: "アクセストークンの管理"
 accountInfo: "アカウント情報"
 notesCount: "投稿の数"

locales/zh-CN.yml

@@ -667,6 +667,9 @@ unclip: "移除便签"
 confirmToUnclipAlreadyClippedNote: "本帖已包含在便签 \"{name}\" 里。您想要将本帖从该便签中移除吗？"
 public: "公开"
 i18nInfo: "Firefish 已经被志愿者们翻译成了各种语言。如果您也有兴趣，可以通过 {link} 帮助翻译。"
+i18nServerInfo: "新客户端将默认使用 {language}。"
+i18nServerChange: "改为 {language}。"
+i18nServerSet: "设定新客户端使用 {language}。"
 manageAccessTokens: "管理访问令牌"
 accountInfo: "账号信息"
 notesCount: "帖子数量"

locales/zh-TW.yml

@@ -661,6 +661,9 @@ unclip: "解除摘錄"
 confirmToUnclipAlreadyClippedNote: "此貼文已包含在摘錄「{name}」中。 你想將貼文從這個摘錄中排除嗎？"
 public: "公開"
 i18nInfo: "Firefish已經被志願者們翻譯成各種語言版本，如果想要幫忙的話，可以進入{link}幫助翻譯。"
+i18nServerInfo: "新客戶端將默認使用 {language}。"
+i18nServerChange: "改為 {language}。"
+i18nServerSet: "設定新客戶端使用 {language}。"
 manageAccessTokens: "管理存取權杖"
 accountInfo: "帳戶資訊"
 notesCount: "貼文數量"

package.json

@@ -9,14 +9,15 @@
 	"private": true,
 	"scripts": {
 		"rebuild": "pnpm run clean && pnpm run build",
-		"build": "pnpm node ./scripts/build.mjs && pnpm run gulp",
+		"build": "pnpm node ./scripts/build.mjs && pnpm run build:assets",
+		"build:assets": "pnpm node ./scripts/copy-assets.mjs",
+		"build:debug": "pnpm run clean && pnpm node ./scripts/dev-build.mjs && pnpm run build:assets",
 		"start": "pnpm --filter backend run start",
-		"start:container": "pnpm run gulp && pnpm run migrate && pnpm run start",
+		"start:container": "pnpm run build:assets && pnpm run migrate && pnpm run start",
 		"start:test": "pnpm --filter backend run start:test",
 		"init": "pnpm run migrate",
 		"migrate": "pnpm --filter backend run migration:run",
 		"revertmigration": "pnpm --filter backend run migration:revert",
-		"gulp": "gulp build",
 		"watch": "pnpm run dev",
 		"dev": "pnpm node ./scripts/dev.mjs",
 		"dev:staging": "NODE_OPTIONS=--max_old_space_size=3072 NODE_ENV=development pnpm run build && pnpm run start",
@@ -24,7 +25,6 @@
 		"lint:ts": "pnpm --filter !firefish-js -r --parallel run lint",
 		"lint:rs": "cargo clippy --fix --allow-dirty --allow-staged && cargo fmt --all --",
 		"debug": "pnpm run build:debug && pnpm run start",
-		"build:debug": "pnpm run clean && pnpm node ./scripts/dev-build.mjs && pnpm run gulp",
 		"mocha": "pnpm --filter backend run mocha",
 		"test": "pnpm run test:ts && pnpm run test:rs",
 		"test:ts": "pnpm run mocha",
@@ -38,10 +38,6 @@
 		"clean-all": "pnpm run clean && pnpm run clean-cargo && pnpm run clean-npm"
 	},
 	"dependencies": {
-		"gulp": "4.0.2",
-		"gulp-cssnano": "2.1.3",
-		"gulp-replace": "1.1.4",
-		"gulp-terser": "2.1.0",
 		"js-yaml": "4.1.0"
 	},
 	"devDependencies": {

packages/backend-rs/index.d.ts

@@ -268,6 +268,7 @@ export interface NoteLikeForGetNoteSummary {
   hasPoll: boolean
 }
 export function getNoteSummary(note: NoteLikeForGetNoteSummary): string
+export function isSafeUrl(url: string): boolean
 export function latestVersion(): Promise<string>
 export function toMastodonId(firefishId: string): string | null
 export function fromMastodonId(mastodonId: string): string | null
@@ -1129,6 +1130,7 @@ export interface UserProfile {
   preventAiLearning: boolean
   isIndexable: boolean
   mutedPatterns: Array<string>
+  lang: string | null
 }
 export interface UserPublickey {
   userId: string

packages/backend-rs/index.js

@@ -310,7 +310,7 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
 
-const { SECOND, MINUTE, HOUR, DAY, USER_ONLINE_THRESHOLD, USER_ACTIVE_THRESHOLD, FILE_TYPE_BROWSERSAFE, loadEnv, loadConfig, stringToAcct, acctToString, addNoteToAntenna, isBlockedServer, isSilencedServer, isAllowedServer, checkWordMute, getFullApAccount, isSelfHost, isSameOrigin, extractHost, toPuny, isUnicodeEmoji, sqlLikeEscape, safeForSql, formatMilliseconds, getImageSizeFromUrl, getNoteSummary, latestVersion, toMastodonId, fromMastodonId, fetchMeta, metaToPugArgs, nyaify, hashPassword, verifyPassword, isOldPasswordAlgorithm, decodeReaction, countReactions, toDbReaction, removeOldAttestationChallenges, AntennaSrcEnum, DriveFileUsageHintEnum, MutedNoteReasonEnum, NoteVisibilityEnum, NotificationTypeEnum, PageVisibilityEnum, PollNotevisibilityEnum, RelayStatusEnum, UserEmojimodpermEnum, UserProfileFfvisibilityEnum, UserProfileMutingnotificationtypesEnum, initializeRustLogger, fetchNodeinfo, nodeinfo_2_1, nodeinfo_2_0, Protocol, Inbound, Outbound, watchNote, unwatchNote, PushNotificationKind, sendPushNotification, publishToChannelStream, ChatEvent, publishToChatStream, ChatIndexEvent, publishToChatIndexStream, publishToBroadcastStream, publishToGroupChatStream, publishToModerationStream, getTimestamp, genId, genIdAt, secureRndstr } = nativeBinding
+const { SECOND, MINUTE, HOUR, DAY, USER_ONLINE_THRESHOLD, USER_ACTIVE_THRESHOLD, FILE_TYPE_BROWSERSAFE, loadEnv, loadConfig, stringToAcct, acctToString, addNoteToAntenna, isBlockedServer, isSilencedServer, isAllowedServer, checkWordMute, getFullApAccount, isSelfHost, isSameOrigin, extractHost, toPuny, isUnicodeEmoji, sqlLikeEscape, safeForSql, formatMilliseconds, getImageSizeFromUrl, getNoteSummary, isSafeUrl, latestVersion, toMastodonId, fromMastodonId, fetchMeta, metaToPugArgs, nyaify, hashPassword, verifyPassword, isOldPasswordAlgorithm, decodeReaction, countReactions, toDbReaction, removeOldAttestationChallenges, AntennaSrcEnum, DriveFileUsageHintEnum, MutedNoteReasonEnum, NoteVisibilityEnum, NotificationTypeEnum, PageVisibilityEnum, PollNotevisibilityEnum, RelayStatusEnum, UserEmojimodpermEnum, UserProfileFfvisibilityEnum, UserProfileMutingnotificationtypesEnum, initializeRustLogger, fetchNodeinfo, nodeinfo_2_1, nodeinfo_2_0, Protocol, Inbound, Outbound, watchNote, unwatchNote, PushNotificationKind, sendPushNotification, publishToChannelStream, ChatEvent, publishToChatStream, ChatIndexEvent, publishToChatIndexStream, publishToBroadcastStream, publishToGroupChatStream, publishToModerationStream, getTimestamp, genId, genIdAt, secureRndstr } = nativeBinding
 
 module.exports.SECOND = SECOND
 module.exports.MINUTE = MINUTE
@@ -339,6 +339,7 @@ module.exports.safeForSql = safeForSql
 module.exports.formatMilliseconds = formatMilliseconds
 module.exports.getImageSizeFromUrl = getImageSizeFromUrl
 module.exports.getNoteSummary = getNoteSummary
+module.exports.isSafeUrl = isSafeUrl
 module.exports.latestVersion = latestVersion
 module.exports.toMastodonId = toMastodonId
 module.exports.fromMastodonId = fromMastodonId

packages/backend-rs/src/misc/is_safe_url.rs

@@ -0,0 +1,34 @@
+#[crate::export]
+pub fn is_safe_url(url: &str) -> bool {
+    if let Ok(url) = url.parse::<url::Url>() {
+        if url.host_str().unwrap_or_default() == "unix"
+            || !["http", "https"].contains(&url.scheme())
+            || ![None, Some(80), Some(443)].contains(&url.port())
+        {
+            return false;
+        }
+        true
+    } else {
+        false
+    }
+}
+
+#[cfg(test)]
+mod unit_test {
+    use super::is_safe_url;
+
+    #[test]
+    fn safe_url() {
+        assert!(is_safe_url("http://firefish.dev/firefish/firefish"));
+        assert!(is_safe_url("https://firefish.dev/firefish/firefish"));
+        assert!(is_safe_url("http://firefish.dev:80/firefish/firefish"));
+        assert!(is_safe_url("https://firefish.dev:80/firefish/firefish"));
+        assert!(is_safe_url("http://firefish.dev:443/firefish/firefish"));
+        assert!(is_safe_url("https://firefish.dev:443/firefish/firefish"));
+        assert!(!is_safe_url("https://unix/firefish/firefish"));
+        assert!(!is_safe_url("https://firefish.dev:35/firefish/firefish"));
+        assert!(!is_safe_url("ftp://firefish.dev/firefish/firefish"));
+        assert!(!is_safe_url("nyaa"));
+        assert!(!is_safe_url(""));
+    }
+}

packages/backend-rs/src/misc/mod.rs

@@ -8,6 +8,7 @@ pub mod escape_sql;
 pub mod format_milliseconds;
 pub mod get_image_size;
 pub mod get_note_summary;
+pub mod is_safe_url;
 pub mod latest_version;
 pub mod mastodon_id;
 pub mod meta;

packages/backend-rs/src/model/entity/user_profile.rs

@@ -78,6 +78,7 @@ pub struct Model {
     pub is_indexable: bool,
     #[sea_orm(column_name = "mutedPatterns")]
     pub muted_patterns: Vec<String>,
+    pub lang: Option<String>,
 }
 
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]

packages/backend/src/migration/1714888400293-add-user-profile-language.ts

@@ -0,0 +1,13 @@
+import type { MigrationInterface, QueryRunner } from "typeorm";
+
+export class AddUserProfileLanguage1714888400293 implements MigrationInterface {
+	async up(queryRunner: QueryRunner): Promise<void> {
+		await queryRunner.query(
+			`ALTER TABLE "user_profile" ADD COLUMN "lang" character varying(32)`,
+		);
+	}
+
+	async down(queryRunner: QueryRunner): Promise<void> {
+		await queryRunner.query(`ALTER TABLE "user_profile" DROP COLUMN "lang"`);
+	}
+}

packages/backend/src/misc/download-url.ts

@@ -7,10 +7,10 @@ import chalk from "chalk";
 import Logger from "@/services/logger.js";
 import IPCIDR from "ip-cidr";
 import PrivateIp from "private-ip";
-import { isValidUrl } from "./is-valid-url.js";
+import { isSafeUrl } from "backend-rs";
 
 export async function downloadUrl(url: string, path: string): Promise<void> {
-	if (!isValidUrl(url)) {
+	if (!isSafeUrl(url)) {
 		throw new StatusError("Invalid URL", 400);
 	}
 
@@ -43,8 +43,8 @@ export async function downloadUrl(url: string, path: string): Promise<void> {
 				limit: 0,
 			},
 		})
-		.on("redirect", (res: Got.Response, opts: Got.NormalizedOptions) => {
-			if (!isValidUrl(opts.url)) {
+		.on("redirect", (_res: Got.Response, opts: Got.NormalizedOptions) => {
+			if (!isSafeUrl(opts.url)) {
 				downloadLogger.warn(`Invalid URL: ${opts.url}`);
 				req.destroy();
 			}

packages/backend/src/misc/fetch.ts

@@ -5,7 +5,7 @@ import CacheableLookup from "cacheable-lookup";
 import fetch, { type RequestRedirect } from "node-fetch";
 import { HttpProxyAgent, HttpsProxyAgent } from "hpagent";
 import { config } from "@/config.js";
-import { isValidUrl } from "./is-valid-url.js";
+import { isSafeUrl } from "backend-rs";
 
 export async function getJson(
 	url: string,
@@ -60,7 +60,7 @@ export async function getResponse(args: {
 	size?: number;
 	redirect?: RequestRedirect;
 }) {
-	if (!isValidUrl(args.url)) {
+	if (!isSafeUrl(args.url)) {
 		throw new StatusError("Invalid URL", 400);
 	}
 
@@ -83,7 +83,7 @@ export async function getResponse(args: {
 	});
 
 	if (args.redirect === "manual" && [301, 302, 307, 308].includes(res.status)) {
-		if (!isValidUrl(res.url)) {
+		if (!isSafeUrl(res.url)) {
 			throw new StatusError("Invalid URL", 400);
 		}
 		return res;

packages/backend/src/misc/is-valid-url.ts

@@ -1,20 +0,0 @@
-export function isValidUrl(url: string | URL | undefined): boolean {
-	if (process.env.NODE_ENV !== "production") return true;
-
-	try {
-		if (url == null) return false;
-
-		const u = typeof url === "string" ? new URL(url) : url;
-		if (!u.protocol.match(/^https?:$/) || u.hostname === "unix") {
-			return false;
-		}
-
-		if (u.port !== "" && !["80", "443"].includes(u.port)) {
-			return false;
-		}
-
-		return true;
-	} catch {
-		return false;
-	}
-}

packages/backend/src/models/entities/user-profile.ts

@@ -50,6 +50,12 @@ export class UserProfile {
 		verified?: boolean;
 	}[];
 
+	@Column("varchar", {
+		length: 32,
+		nullable: true,
+	})
+	public lang: string | null;
+
 	@Column("varchar", {
 		length: 512,
 		nullable: true,

packages/backend/src/models/repositories/user.ts

@@ -512,6 +512,7 @@ export const UserRepository = db.getRepository(User).extend({
 						description: profile!.description,
 						location: profile!.location,
 						birthday: profile!.birthday,
+						lang: profile!.lang,
 						fields: profile!.fields,
 						followersCount: followersCount ?? null,
 						followingCount: followingCount ?? null,

packages/backend/src/models/schema/user.ts

@@ -204,6 +204,12 @@ export const packedUserDetailedNotMeOnlySchema = {
 			optional: false,
 			example: "2018-03-12",
 		},
+		lang: {
+			type: "string",
+			nullable: true,
+			optional: false,
+			example: "ja-JP",
+		},
 		fields: {
 			type: "array",
 			nullable: false,

packages/backend/src/remote/activitypub/request.ts

@@ -5,8 +5,8 @@ import { StatusError, getResponse } from "@/misc/fetch.js";
 import { createSignedPost, createSignedGet } from "./ap-request.js";
 import type { Response } from "node-fetch";
 import type { IObject } from "./type.js";
-import { isValidUrl } from "@/misc/is-valid-url.js";
 import { apLogger } from "@/remote/activitypub/logger.js";
+import { isSafeUrl } from "backend-rs";
 
 export default async (user: { id: User["id"] }, url: string, object: any) => {
 	const body = JSON.stringify(object);
@@ -44,7 +44,7 @@ export async function apGet(
 	user?: ILocalUser,
 	redirects: boolean = true,
 ): Promise<{ finalUrl: string; content: IObject }> {
-	if (!isValidUrl(url)) {
+	if (!isSafeUrl(url)) {
 		throw new StatusError("Invalid URL", 400);
 	}
 

packages/backend/src/server/api/endpoints/i/update.ts

@@ -87,6 +87,7 @@ export const paramDef = {
 		description: { ...Users.descriptionSchema, nullable: true },
 		location: { ...Users.locationSchema, nullable: true },
 		birthday: { ...Users.birthdaySchema, nullable: true },
+		lang: { type: "string", nullable: true },
 		avatarId: { type: "string", format: "misskey:id", nullable: true },
 		bannerId: { type: "string", format: "misskey:id", nullable: true },
 		fields: {
@@ -154,6 +155,7 @@ export default define(meta, paramDef, async (ps, _user, token) => {
 
 	if (ps.name !== undefined) updates.name = ps.name;
 	if (ps.description !== undefined) profileUpdates.description = ps.description;
+	if (typeof ps.lang === "string") profileUpdates.lang = ps.lang;
 	if (ps.location !== undefined) profileUpdates.location = ps.location;
 	if (ps.birthday !== undefined) profileUpdates.birthday = ps.birthday;
 	if (ps.ffVisibility !== undefined)

packages/client/package.json

@@ -21,8 +21,6 @@
 		"@syuilo/aiscript": "0.17.0",
 		"@types/autosize": "^4.0.3",
 		"@types/glob": "8.1.0",
-		"@types/gulp": "4.0.17",
-		"@types/gulp-rename": "2.0.6",
 		"@types/insert-text-at-cursor": "^0.3.2",
 		"@types/katex": "0.16.7",
 		"@types/matter-js": "0.19.6",

packages/client/src/account.ts

@@ -132,6 +132,9 @@ export async function signIn(token: Account["token"], redirect?: string) {
 	if (_DEV_) console.log("logging as token ", token);
 	const newAccount = await fetchAccount(token);
 	localStorage.setItem("account", JSON.stringify(newAccount));
+	if (newAccount.lang) {
+		localStorage.setItem("lang", newAccount.lang);
+	}
 	document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う
 	await addAccount(newAccount.id, token);
 

packages/client/src/pages/settings/general.vue

@@ -14,6 +14,12 @@
 						>
 					</template>
 				</I18n>
+				<I18n :src="i18n.ts.i18nServerInfo" v-if="serverLang" tag="span">
+					<template #language><strong>{{ langs.find(a => a[0] === serverLang)?.[1] ?? serverLang }}</strong></template>
+				</I18n>
+				<button class="_textButton" @click="updateServerLang" v-if="lang && lang !== serverLang">
+					{{i18n.t(serverLang ? "i18nServerChange" : "i18nServerSet", { language: langs.find(a => a[0] === lang)?.[1] ?? lang })}}
+				</button>
 			</template>
 		</FormSelect>
 
@@ -404,6 +410,7 @@ import { deviceKind } from "@/scripts/device-kind";
 import icon from "@/scripts/icon";
 
 const lang = ref(localStorage.getItem("lang"));
+const serverLang = ref(me?.lang);
 const translateLang = ref(localStorage.getItem("translateLang"));
 const fontSize = ref(localStorage.getItem("fontSize"));
 const useSystemFont = ref(localStorage.getItem("useSystemFont") !== "f");
@@ -559,6 +566,14 @@ const foldNotification = computed(
 // 	});
 // }
 
+function updateServerLang() {
+	os.api("i/update", {
+		lang: lang.value,
+	}).then((i) => {
+		serverLang.value = i.lang;
+	});
+}
+
 watch(swipeOnDesktop, () => {
 	defaultStore.set("swipeOnMobile", true);
 });

scripts/copy-assets.mjs

@@ -0,0 +1,41 @@
+import fs from "node:fs/promises";
+import path, { join } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const repositoryRootDir = join(path.dirname(fileURLToPath(import.meta.url)), "../");
+const file = (relativePath) => join(repositoryRootDir, relativePath);
+
+await (async () => {
+	await fs.rm(file("built/_client_dist_/locales"), { recursive: true, force: true });
+	await Promise.all([
+		fs.cp(file("packages/backend/src/server/web"), file("packages/backend/built/server/web"), { recursive: true }),
+		fs.cp(file("custom/assets"), file("packages/backend/assets"), { recursive: true }),
+		fs.cp(file("packages/client/node_modules/three/examples/fonts"), file("built/_client_dist_/fonts"), { recursive: true }),
+		fs.mkdir(file("built/_client_dist_/locales"), { recursive: true }),
+	]);
+
+	const locales = (await import("../locales/index.mjs")).default;
+	const meta = (await import("../built/meta.json", { assert: { type: "json" } })).default;
+
+	for await (const [lang, locale] of Object.entries(locales)) {
+		await fs.writeFile(
+			file(`built/_client_dist_/locales/${lang}.${meta.version}.json`),
+			JSON.stringify({ ...locale, _version_: meta.version }),
+			"utf-8",
+		);
+	}
+
+	const js_assets = [
+		file("packages/backend/built/server/web/boot.js"),
+		file("packages/backend/built/server/web/bios.js"),
+		file("packages/backend/built/server/web/cli.js"),
+	];
+
+	for await (const js_file of js_assets) {
+		const content = (await fs.readFile(js_file, "utf-8"))
+			.replace("SUPPORTED_LANGS", JSON.stringify(Object.keys(locales)));
+		await fs.writeFile(js_file, content, "utf-8");
+	}
+
+	// TODO?: minify packages/backend/built/server/web/*.css
+})();

scripts/dev-build.mjs

@@ -1,6 +1,7 @@
 import path, { join } from "node:path";
 import { fileURLToPath } from "node:url";
 import { execa } from "execa";
+import fs from "node:fs";
 
 (async () => {
 	const __dirname = path.dirname(fileURLToPath(import.meta.url));
@@ -32,4 +33,18 @@ import { execa } from "execa";
 			stdio: "inherit",
 		}
 	);
+
+	if (!fs.existsSync(join(__dirname, "/../packages/backend-rs/built/index.js"))) {
+		fs.copyFileSync(
+			join(__dirname, "/../packages/backend-rs/index.js"),
+			join(__dirname, "/../packages/backend-rs/built/index.js"),
+		);
+		console.warn("backend-rs/built/index.js has not been updated (https://github.com/napi-rs/napi-rs/issues/1768)");
+	}
+	if (!fs.existsSync(join(__dirname, "/../packages/backend-rs/built/index.d.ts"))) {
+		fs.copyFileSync(
+			join(__dirname, "/../packages/backend-rs/index.d.ts"),
+			join(__dirname, "/../packages/backend-rs/built/index.d.ts"),
+		);
+	}
 })();

scripts/dev.mjs

@@ -11,12 +11,6 @@ import { execa } from "execa";
 		stderr: process.stderr,
 	});
 
-	execa("pnpm", ["dlx", "gulp", "watch"], {
-		cwd: join(__dirname, "/../"),
-		stdout: process.stdout,
-		stderr: process.stderr,
-	});
-
 	execa("pnpm", ["--filter", "backend", "watch"], {
 		cwd: join(__dirname, "/../"),
 		stdout: process.stdout,