heartles/egirlskey
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity
egirlskey/packages/backend/src/server/api/endpoints/users/relation.ts
Chocolate Pie 82822e29d9
Merge pull request from GHSA-7pxq-6xx9-xpgm 
* fix: fix improper authorization when accessing with third-party application

* refactor: refactor type definitions

* fix: get rid of unnecessary access limitation

* enhance: サードパーティアプリケーションがWebsocket APIを使えるように

* fix: add missing parentheses

* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"

This reverts commit 5150053275.

* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする

* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加

* enhance(test): Websocket APIに対するテストも追加

* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合

* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正

* enhance(backend): Websocketの接続に最低限必要な権限を変更

* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように

* fix(backend): エンドポイントにアクセスするために必要な権限を変更

* fix(frontend/locale): Add missing type declaration

* chore: update `misskey-js/src/autogen`

---------

Co-authored-by: tamaina <tamaina@hotmail.co.jp>
2023-12-28 09:45:54 +01:00

142 lines
3.2 KiB
TypeScript
Raw Blame History

/*
* SPDX-FileCopyrightText: syuilo and other misskey contributors
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import { UserEntityService } from '@/core/entities/UserEntityService.js';
export const meta = {
tags: ['users'],
requireCredential: true,
kind: 'read:account',
description: 'Show the different kinds of relations between the authenticated user and the specified user(s).',
res: {
optional: false, nullable: false,
oneOf: [
{
type: 'object',
properties: {
id: {
type: 'string',
optional: false, nullable: false,
format: 'id',
},
isFollowing: {
type: 'boolean',
optional: false, nullable: false,
},
hasPendingFollowRequestFromYou: {
type: 'boolean',
optional: false, nullable: false,
},
hasPendingFollowRequestToYou: {
type: 'boolean',
optional: false, nullable: false,
},
isFollowed: {
type: 'boolean',
optional: false, nullable: false,
},
isBlocking: {
type: 'boolean',
optional: false, nullable: false,
},
isBlocked: {
type: 'boolean',
optional: false, nullable: false,
},
isMuted: {
type: 'boolean',
optional: false, nullable: false,
},
isRenoteMuted: {
type: 'boolean',
optional: false, nullable: false,
},
},
},
{
type: 'array',
items: {
type: 'object',
optional: false, nullable: false,
properties: {
id: {
type: 'string',
optional: false, nullable: false,
format: 'id',
},
isFollowing: {
type: 'boolean',
optional: false, nullable: false,
},
hasPendingFollowRequestFromYou: {
type: 'boolean',
optional: false, nullable: false,
},
hasPendingFollowRequestToYou: {
type: 'boolean',
optional: false, nullable: false,
},
isFollowed: {
type: 'boolean',
optional: false, nullable: false,
},
isBlocking: {
type: 'boolean',
optional: false, nullable: false,
},
isBlocked: {
type: 'boolean',
optional: false, nullable: false,
},
isMuted: {
type: 'boolean',
optional: false, nullable: false,
},
isRenoteMuted: {
type: 'boolean',
optional: false, nullable: false,
},
},
},
},
],
},
} as const;
export const paramDef = {
type: 'object',
properties: {
userId: {
anyOf: [
{ type: 'string', format: 'misskey:id' },
{
type: 'array',
items: { type: 'string', format: 'misskey:id' },
},
],
},
},
required: ['userId'],
} as const;
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
constructor(
private userEntityService: UserEntityService,
) {
super(meta, paramDef, async (ps, me) => {
const ids = Array.isArray(ps.userId) ? ps.userId : [ps.userId];
const relations = await Promise.all(ids.map(id => this.userEntityService.getRelation(me.id, id)));
return Array.isArray(ps.userId) ? relations : relations[0];
});
}
}
Reference in a new issue View git blame Copy permalink