i18n Support and Task improvements (#80)

* fix: release workflow * feat: move mostly to internal tasks system * feat: migrate object clean to new task system * fix: release not getting good base version * chore: set version v0.3.0 * chore: style * feat: basic task concurrency * feat: temp pages to fill in page links * feat: inital i18n support * feat: localize store page * chore: style * fix: weblate doesn't like multifile thing * fix: update nuxt * feat: improved error logging * fix: using old task api * feat: basic translation docs * feat: add i18n eslint plugin * feat: translate store and auth pages * feat: more translation progress * feat: admin dash i18n progress * feat: enable update check by default in prod * fix: using wrong i18n keys * fix: crash in library sources page * feat: finish i18n work * fix: missing i18n translations * feat: use twemoji for emojis * feat: sanatize object ids * fix: EmojiText's alt text * fix: UserWidget not using links * feat: cache and auth for emoji api * fix: add more missing translations
2025-11-13 00:02:37 +10:00 · 2025-06-04 19:53:30 -04:00
parent c7fab132ab
commit 681efe95af
86 changed files with 5175 additions and 2816 deletions
--- a/server/api/v1/auth/signup/simple.get.ts
+++ b/server/api/v1/auth/signup/simple.get.ts
@ -1,4 +1,5 @@
 import prisma from "~/server/internal/db/database";
+import taskHandler from "~/server/internal/tasks";

 export default defineEventHandler(async (h3) => {
  const query = getQuery(h3);
@ -8,8 +9,7 @@ export default defineEventHandler(async (h3) => {
      statusCode: 400,
      statusMessage: "id required in fetching invitation",
    });
-
-  await runTask("cleanup:invitations");
+  taskHandler.runTaskGroupByName("cleanup:invitations");

  const invitation = await prisma.invitation.findUnique({ where: { id: id } });
  if (!invitation)
--- a/server/api/v1/emojis/[id]/index.get.ts
+++ b/server/api/v1/emojis/[id]/index.get.ts
@ -0,0 +1,45 @@
+import path from "path";
+import module from "module";
+import fs from "fs/promises";
+import sanitize from "sanitize-filename";
+
+import aclManager from "~/server/internal/acls";
+
+const twemojiJson = module.findPackageJSON(
+  "@discordapp/twemoji",
+  import.meta.url,
+);
+
+export default defineEventHandler(async (h3) => {
+  const userId = await aclManager.getUserIdACL(h3, ["object:read"]);
+  if (!userId)
+    throw createError({
+      statusCode: 403,
+    });
+
+  if (!twemojiJson)
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Failed to resolve emoji package",
+    });
+
+  const unsafeId = getRouterParam(h3, "id");
+  if (!unsafeId)
+    throw createError({ statusCode: 400, statusMessage: "Invalid ID" });
+
+  const svgPath = path.join(
+    path.dirname(twemojiJson),
+    "dist",
+    "svg",
+    sanitize(unsafeId),
+  );
+
+  setHeader(
+    h3,
+    "Cache-Control",
+    // 7 days
+    "public, max-age=604800, s-maxage=604800",
+  );
+  setHeader(h3, "Content-Type", "image/svg+xml");
+  return await fs.readFile(svgPath);
+});
--- a/server/api/v1/object/[id]/index.delete.ts
+++ b/server/api/v1/object/[id]/index.delete.ts
@ -1,12 +1,15 @@
 import aclManager from "~/server/internal/acls";
 import objectHandler from "~/server/internal/objects";
+import sanitize from "sanitize-filename";

 export default defineEventHandler(async (h3) => {
-  const id = getRouterParam(h3, "id");
-  if (!id) throw createError({ statusCode: 400, statusMessage: "Invalid ID" });
+  const unsafeId = getRouterParam(h3, "id");
+  if (!unsafeId)
+    throw createError({ statusCode: 400, statusMessage: "Invalid ID" });

  const userId = await aclManager.getUserIdACL(h3, ["object:delete"]);

+  const id = sanitize(unsafeId);
  const result = await objectHandler.deleteWithPermission(id, userId);
  return { success: result };
 });
--- a/server/api/v1/object/[id]/index.get.ts
+++ b/server/api/v1/object/[id]/index.get.ts
@ -1,12 +1,15 @@
 import aclManager from "~/server/internal/acls";
 import objectHandler from "~/server/internal/objects";
+import sanitize from "sanitize-filename";

 export default defineEventHandler(async (h3) => {
-  const id = getRouterParam(h3, "id");
-  if (!id) throw createError({ statusCode: 400, statusMessage: "Invalid ID" });
+  const unsafeId = getRouterParam(h3, "id");
+  if (!unsafeId)
+    throw createError({ statusCode: 400, statusMessage: "Invalid ID" });

  const userId = await aclManager.getUserIdACL(h3, ["object:read"]);

+  const id = sanitize(unsafeId);
  const object = await objectHandler.fetchWithPermissions(id, userId);
  if (!object)
    throw createError({ statusCode: 404, statusMessage: "Object not found" });
--- a/server/api/v1/object/[id]/index.head.ts
+++ b/server/api/v1/object/[id]/index.head.ts
@ -1,13 +1,16 @@
 import aclManager from "~/server/internal/acls";
 import objectHandler from "~/server/internal/objects";
+import sanitize from "sanitize-filename";

 // this request method is purely used by the browser to check if etag values are still valid
 export default defineEventHandler(async (h3) => {
-  const id = getRouterParam(h3, "id");
-  if (!id) throw createError({ statusCode: 400, statusMessage: "Invalid ID" });
+  const unsafeId = getRouterParam(h3, "id");
+  if (!unsafeId)
+    throw createError({ statusCode: 400, statusMessage: "Invalid ID" });

  const userId = await aclManager.getUserIdACL(h3, ["object:read"]);

+  const id = sanitize(unsafeId);
  const object = await objectHandler.fetchWithPermissions(id, userId);
  if (!object)
    throw createError({ statusCode: 404, statusMessage: "Object not found" });
--- a/server/api/v1/object/[id]/index.post.ts
+++ b/server/api/v1/object/[id]/index.post.ts
@ -1,9 +1,11 @@
 import aclManager from "~/server/internal/acls";
 import objectHandler from "~/server/internal/objects";
+import sanitize from "sanitize-filename";

 export default defineEventHandler(async (h3) => {
-  const id = getRouterParam(h3, "id");
-  if (!id) throw createError({ statusCode: 400, statusMessage: "Invalid ID" });
+  const unsafeId = getRouterParam(h3, "id");
+  if (!unsafeId)
+    throw createError({ statusCode: 400, statusMessage: "Invalid ID" });

  const body = await readRawBody(h3, "binary");
  if (!body)
@ -15,6 +17,7 @@ export default defineEventHandler(async (h3) => {
  const userId = await aclManager.getUserIdACL(h3, ["object:update"]);
  const buffer = Buffer.from(body);

+  const id = sanitize(unsafeId);
  const result = await objectHandler.writeWithPermissions(
    id,
    async () => buffer,
--- a/server/api/v1/screenshots/[id]/index.delete.ts
+++ b/server/api/v1/screenshots/[id]/index.delete.ts
@ -1,18 +1,20 @@
 // get a specific screenshot
 import aclManager from "~/server/internal/acls";
 import screenshotManager from "~/server/internal/screenshots";
+import sanitize from "sanitize-filename";

 export default defineEventHandler(async (h3) => {
  const userId = await aclManager.getUserIdACL(h3, ["screenshots:delete"]);
  if (!userId) throw createError({ statusCode: 403 });

-  const screenshotId = getRouterParam(h3, "id");
-  if (!screenshotId)
+  const unsafeId = getRouterParam(h3, "id");
+  if (!unsafeId)
    throw createError({
      statusCode: 400,
      statusMessage: "Missing screenshot ID",
    });

+  const screenshotId = sanitize(unsafeId);
  const result = await screenshotManager.get(screenshotId);
  if (!result)
    throw createError({
--- a/server/api/v1/screenshots/[id]/index.get.ts
+++ b/server/api/v1/screenshots/[id]/index.get.ts
@ -1,19 +1,20 @@
 // get a specific screenshot
 import aclManager from "~/server/internal/acls";
 import screenshotManager from "~/server/internal/screenshots";
+import sanitize from "sanitize-filename";

 export default defineEventHandler(async (h3) => {
  const userId = await aclManager.getUserIdACL(h3, ["screenshots:read"]);
  if (!userId) throw createError({ statusCode: 403 });

-  const screenshotId = getRouterParam(h3, "id");
-  if (!screenshotId)
+  const unsafeId = getRouterParam(h3, "id");
+  if (!unsafeId)
    throw createError({
      statusCode: 400,
      statusMessage: "Missing screenshot ID",
    });

-  const result = await screenshotManager.get(screenshotId);
+  const result = await screenshotManager.get(sanitize(unsafeId));
  if (!result)
    throw createError({
      statusCode: 404,