Reject DMs where recipients don't match mentions

This commit is contained in:
jaina heartles 2024-03-03 21:09:39 -08:00
parent 3f92fcb96e
commit bd11dabf89
2 changed files with 18 additions and 0 deletions

View file

@ -367,6 +367,16 @@ export class NoteCreateService implements OnApplicationShutdown {
if (data.visibility === 'specified') { if (data.visibility === 'specified') {
if (data.visibleUsers == null) throw new Error('invalid param'); if (data.visibleUsers == null) throw new Error('invalid param');
// Check that mentions and recipients are the same set if note originates locally
if (user.host == null) {
if (mentionedUsers.length !== data.visibleUsers.length) {
throw new IdentifiableError('9d311820-f927-463c-ae38-b7435c6a9f4f', 'Note recipients and mentions must match');
}
if (!mentionedUsers.every((mention) => data.visibleUsers.some((visible) => mention.id === visible.id))) {
throw new IdentifiableError('9d311820-f927-463c-ae38-b7435c6a9f4f', 'Note recipients and mentions must match');
}
}
for (const u of data.visibleUsers) { for (const u of data.visibleUsers) {
if (!mentionedUsers.some(x => x.id === u.id)) { if (!mentionedUsers.some(x => x.id === u.id)) {
mentionedUsers.push(u); mentionedUsers.push(u);

View file

@ -139,6 +139,12 @@ export const meta = {
code: 'CONTAINS_TOO_MANY_MENTIONS', code: 'CONTAINS_TOO_MANY_MENTIONS',
id: '4de0363a-3046-481b-9b0f-feff3e211025', id: '4de0363a-3046-481b-9b0f-feff3e211025',
}, },
visibleUsersAndMentionsMustMatch: {
message: 'Cannot send message because message recipients and mentioned users must match',
code: 'RECIPIENTS_MUST_MATCH_MENTIONED_USERS',
id: 'ba675fa7-e993-4267-a20e-c611141742af',
},
}, },
} as const; } as const;
@ -408,6 +414,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
throw new ApiError(meta.errors.containsProhibitedWords); throw new ApiError(meta.errors.containsProhibitedWords);
} else if (e.id === '9f466dab-c856-48cd-9e65-ff90ff750580') { } else if (e.id === '9f466dab-c856-48cd-9e65-ff90ff750580') {
throw new ApiError(meta.errors.containsTooManyMentions); throw new ApiError(meta.errors.containsTooManyMentions);
} else if (e.id === '9d311820-f927-463c-ae38-b7435c6a9f4f') {
throw new ApiError(meta.errors.visibleUsersAndMentionsMustMatch);
} }
} }
throw e; throw e;