In private mode, block access to many public APIs
This commit is contained in:
parent
2bf2eac765
commit
e7f20affc9
@ -7,6 +7,8 @@ import { limiter } from './limiter.js';
|
||||
import endpoints, { IEndpointMeta } from './endpoints.js';
|
||||
import { ApiError } from './error.js';
|
||||
import { apiLogger } from './logger.js';
|
||||
import { AccessToken } from '@/models/entities/access-token.js';
|
||||
import { fetchMeta } from '@/misc/fetch-meta.js';
|
||||
|
||||
const accessDenied = {
|
||||
message: 'Access denied.',
|
||||
@ -93,6 +95,17 @@ export default async (endpoint: string, user: CacheableLocalUser | null | undefi
|
||||
});
|
||||
}
|
||||
|
||||
// private mode
|
||||
const meta = await fetchMeta();
|
||||
if (meta.privateMode && ep.meta.requireCredentialPrivateMode && user == null) {
|
||||
throw new ApiError({
|
||||
message: 'Credential required.',
|
||||
code: 'CREDENTIAL_REQUIRED',
|
||||
id: '1384574d-a912-4b81-8601-c7b1c4085df1',
|
||||
httpStatusCode: 401
|
||||
});
|
||||
}
|
||||
|
||||
// Cast non JSON input
|
||||
if ((ep.meta.requireFile || ctx?.method === 'GET') && ep.params.properties) {
|
||||
for (const k of Object.keys(ep.params.properties)) {
|
||||
|
@ -706,6 +706,12 @@ export interface IEndpointMeta {
|
||||
*/
|
||||
readonly secure?: boolean;
|
||||
|
||||
/**
|
||||
* プライベートモードでなら、このエンドポイントにリクエストするときにユーザー情報が必要か否か
|
||||
* 省略した場合は false として解釈されます
|
||||
*/
|
||||
readonly requireCredentialPrivateMode?: boolean;
|
||||
|
||||
/**
|
||||
* エンドポイントの種類
|
||||
* パーミッションの実現に利用されます。
|
||||
|
@ -6,6 +6,7 @@ export const meta = {
|
||||
tags: ['meta'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -5,6 +5,7 @@ export const meta = {
|
||||
tags: ['channels'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -6,6 +6,7 @@ export const meta = {
|
||||
tags: ['channels'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'object',
|
||||
|
@ -8,6 +8,7 @@ export const meta = {
|
||||
tags: ['notes', 'channels'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -4,6 +4,7 @@ import define from '../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts', 'users'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(activeUsersChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import define from '../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(apRequestChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import define from '../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts', 'drive'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(driveChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import define from '../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(federationChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import define from '../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts', 'hashtags'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(hashtagChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import define from '../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(instanceChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import define from '../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts', 'notes'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(notesChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import define from '../../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts', 'drive', 'users'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(perUserDriveChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import { perUserFollowingChart } from '@/services/chart/index.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts', 'users', 'following'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(perUserFollowingChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import define from '../../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts', 'users', 'notes'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(perUserNotesChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import define from '../../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts', 'users', 'reactions'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(perUserReactionsChart.schema),
|
||||
|
||||
|
@ -4,6 +4,7 @@ import define from '../../define.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['charts', 'users'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: getJsonSchema(usersChart.schema),
|
||||
|
||||
|
@ -10,6 +10,7 @@ export const meta = {
|
||||
tags: ['account', 'notes', 'clips'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
kind: 'read:account',
|
||||
|
||||
|
@ -6,6 +6,7 @@ export const meta = {
|
||||
tags: ['clips', 'account'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
kind: 'read:account',
|
||||
|
||||
|
@ -6,6 +6,7 @@ export const meta = {
|
||||
tags: ['federation'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -6,6 +6,7 @@ export const meta = {
|
||||
tags: ['federation'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -7,6 +7,7 @@ export const meta = {
|
||||
tags: ['federation'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -6,6 +6,7 @@ export const meta = {
|
||||
tags: ['federation'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
oneOf: [{
|
||||
|
@ -6,6 +6,7 @@ export const meta = {
|
||||
tags: ['federation'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -5,6 +5,7 @@ export const meta = {
|
||||
tags: ['gallery'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -5,6 +5,7 @@ export const meta = {
|
||||
tags: ['gallery'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -4,6 +4,7 @@ import { GalleryPosts } from '@/models/index.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['gallery'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -6,6 +6,7 @@ export const meta = {
|
||||
tags: ['gallery'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
errors: {
|
||||
noSuchPost: {
|
||||
|
@ -7,6 +7,7 @@ export const meta = {
|
||||
tags: ['meta'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
} as const;
|
||||
|
||||
export const paramDef = {
|
||||
|
@ -5,6 +5,7 @@ export const meta = {
|
||||
tags: ['hashtags'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -5,6 +5,7 @@ export const meta = {
|
||||
tags: ['hashtags'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -7,6 +7,7 @@ export const meta = {
|
||||
tags: ['hashtags'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'object',
|
||||
|
@ -24,6 +24,7 @@ export const meta = {
|
||||
tags: ['hashtags'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -4,6 +4,7 @@ import { normalizeForSearch } from '@/misc/normalize-for-search.js';
|
||||
|
||||
export const meta = {
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
tags: ['hashtags', 'users'],
|
||||
|
||||
|
@ -336,7 +336,7 @@ export default define(meta, paramDef, async (ps, me) => {
|
||||
expiresAt: MoreThan(new Date()),
|
||||
},
|
||||
});
|
||||
// TODO: add secure mode, etc
|
||||
|
||||
const response: any = {
|
||||
maintainerName: instance.maintainerName,
|
||||
maintainerEmail: instance.maintainerEmail,
|
||||
@ -350,6 +350,10 @@ export default define(meta, paramDef, async (ps, me) => {
|
||||
tosUrl: instance.ToSUrl,
|
||||
repositoryUrl: instance.repositoryUrl,
|
||||
feedbackUrl: instance.feedbackUrl,
|
||||
|
||||
secureMode: instance.secureMode,
|
||||
privateMode: instance.privateMode,
|
||||
|
||||
disableRegistration: instance.disableRegistration,
|
||||
disableLocalTimeline: instance.disableLocalTimeline,
|
||||
disableGlobalTimeline: instance.disableGlobalTimeline,
|
||||
@ -369,10 +373,10 @@ export default define(meta, paramDef, async (ps, me) => {
|
||||
backgroundImageUrl: instance.backgroundImageUrl,
|
||||
logoImageUrl: instance.logoImageUrl,
|
||||
maxNoteTextLength: MAX_NOTE_TEXT_LENGTH, // 後方互換性のため
|
||||
emojis: await Emojis.packMany(emojis),
|
||||
emojis: instance.privateMode && !me ? [] : await Emojis.packMany(emojis),
|
||||
defaultLightTheme: instance.defaultLightTheme,
|
||||
defaultDarkTheme: instance.defaultDarkTheme,
|
||||
ads: ads.map(ad => ({
|
||||
ads: instance.privateMode && !me ? [] : ads.map(ad => ({
|
||||
id: ad.id,
|
||||
url: ad.url,
|
||||
place: ad.place,
|
||||
@ -390,8 +394,8 @@ export default define(meta, paramDef, async (ps, me) => {
|
||||
translatorAvailable: instance.deeplAuthKey != null,
|
||||
|
||||
...(ps.detail ? {
|
||||
pinnedPages: instance.pinnedPages,
|
||||
pinnedClipId: instance.pinnedClipId,
|
||||
pinnedPages: instance.privateMode && !me ? [] : instance.pinnedPages,
|
||||
pinnedClipId: instance.privateMode && !me ? [] : instance.pinnedClipId,
|
||||
cacheRemoteFiles: instance.cacheRemoteFiles,
|
||||
requireSetup: (await Users.countBy({
|
||||
host: IsNull(),
|
||||
@ -400,9 +404,11 @@ export default define(meta, paramDef, async (ps, me) => {
|
||||
};
|
||||
|
||||
if (ps.detail) {
|
||||
if (!instance.privateMode || me) {
|
||||
const proxyAccount = instance.proxyAccountId ? await Users.pack(instance.proxyAccountId).catch(() => null) : null;
|
||||
|
||||
response.proxyAccountName = proxyAccount ? proxyAccount.username : null;
|
||||
}
|
||||
|
||||
response.features = {
|
||||
registration: !instance.disableRegistration,
|
||||
localTimeLine: !instance.disableLocalTimeline,
|
||||
|
@ -5,6 +5,7 @@ import { makePaginationQuery } from '../common/make-pagination-query.js';
|
||||
export const meta = {
|
||||
tags: ['notes'],
|
||||
|
||||
requireCredentialPrivateMode: true,
|
||||
res: {
|
||||
type: 'array',
|
||||
optional: false, nullable: false,
|
||||
|
@ -10,6 +10,7 @@ export const meta = {
|
||||
tags: ['notes'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
@ -20,7 +21,7 @@ export const meta = {
|
||||
ref: 'Note',
|
||||
},
|
||||
},
|
||||
} as const;
|
||||
};
|
||||
|
||||
export const paramDef = {
|
||||
type: 'object',
|
||||
|
@ -8,6 +8,7 @@ export const meta = {
|
||||
tags: ['clips', 'notes'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -8,6 +8,7 @@ export const meta = {
|
||||
tags: ['notes'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -7,6 +7,7 @@ export const meta = {
|
||||
tags: ['notes'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -12,6 +12,7 @@ import { generateBlockedUserQuery } from '../../common/generate-block-query.js';
|
||||
export const meta = {
|
||||
tags: ['notes'],
|
||||
|
||||
requireCredentialPrivateMode: true,
|
||||
res: {
|
||||
type: 'array',
|
||||
optional: false, nullable: false,
|
||||
|
@ -14,6 +14,7 @@ import { generateBlockedUserQuery } from '../../common/generate-block-query.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['notes'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -8,6 +8,7 @@ export const meta = {
|
||||
tags: ['notes', 'reactions'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
allowGet: true,
|
||||
cacheSec: 60,
|
||||
|
@ -11,6 +11,7 @@ export const meta = {
|
||||
tags: ['notes'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -9,6 +9,7 @@ export const meta = {
|
||||
tags: ['notes'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -10,6 +10,7 @@ import { generateBlockedUserQuery } from '../../common/generate-block-query.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['notes', 'hashtags'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -12,6 +12,7 @@ export const meta = {
|
||||
tags: ['notes'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -7,6 +7,7 @@ export const meta = {
|
||||
tags: ['notes'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'object',
|
||||
|
@ -12,6 +12,7 @@ export const meta = {
|
||||
tags: ['notes'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'object',
|
||||
|
@ -5,6 +5,7 @@ export const meta = {
|
||||
tags: ['pages'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -8,6 +8,7 @@ export const meta = {
|
||||
tags: ['pages'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'object',
|
||||
|
@ -9,6 +9,7 @@ export const meta = {
|
||||
tags: ['users'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -4,6 +4,7 @@ import define from '../define.js';
|
||||
|
||||
export const meta = {
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
tags: ['meta'],
|
||||
} as const;
|
||||
|
@ -5,6 +5,7 @@ import { IsNull } from 'typeorm';
|
||||
|
||||
export const meta = {
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
tags: ['meta'],
|
||||
|
||||
|
@ -7,6 +7,7 @@ export const meta = {
|
||||
tags: ['users'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
res: {
|
||||
type: 'array',
|
||||
|
@ -4,6 +4,7 @@ import { makePaginationQuery } from '../../common/make-pagination-query.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['users', 'clips'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Show all clips this user owns.',
|
||||
|
||||
|
@ -9,6 +9,7 @@ export const meta = {
|
||||
tags: ['users'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Show everyone that follows this user.',
|
||||
|
||||
|
@ -9,6 +9,7 @@ export const meta = {
|
||||
tags: ['users'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Show everyone that this user is following.',
|
||||
|
||||
|
@ -4,6 +4,7 @@ import { makePaginationQuery } from '../../../common/make-pagination-query.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['users', 'gallery'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Show all gallery posts by the given user.',
|
||||
|
||||
|
@ -9,6 +9,7 @@ export const meta = {
|
||||
tags: ['users'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Get a list of other users that the specified user frequently replies to.',
|
||||
|
||||
|
@ -11,6 +11,7 @@ import { generateBlockedUserQuery } from '../../common/generate-block-query.js';
|
||||
export const meta = {
|
||||
tags: ['users', 'notes'],
|
||||
|
||||
requireCredentialPrivateMode: true,
|
||||
description: 'Show all notes that this user created.',
|
||||
|
||||
res: {
|
||||
|
@ -4,6 +4,7 @@ import { makePaginationQuery } from '../../common/make-pagination-query.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['users', 'pages'],
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Show all pages this user created.',
|
||||
|
||||
|
@ -8,6 +8,7 @@ export const meta = {
|
||||
tags: ['users', 'reactions'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Show all reactions this user made.',
|
||||
|
||||
|
@ -8,6 +8,7 @@ export const meta = {
|
||||
tags: ['users'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Search for a user by username and/or host.',
|
||||
|
||||
|
@ -7,6 +7,7 @@ export const meta = {
|
||||
tags: ['users'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Search for users.',
|
||||
|
||||
|
@ -10,6 +10,7 @@ export const meta = {
|
||||
tags: ['users'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Show the properties of a user.',
|
||||
|
||||
|
@ -7,6 +7,7 @@ export const meta = {
|
||||
tags: ['users'],
|
||||
|
||||
requireCredential: false,
|
||||
requireCredentialPrivateMode: true,
|
||||
|
||||
description: 'Show statistics about a user.',
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user