From 2696c34f6c12b78169a9e75f52cc503affcc2cfb Mon Sep 17 00:00:00 2001 From: Johann150 Date: Sun, 28 May 2023 23:26:59 +0200 Subject: [PATCH] fix some audience parsing assumptions The assumptions made in the comment is actually wrong. The comment says: "If value is a string, this means it must have passed through the resolver, which means it must be public." But this is not true because we do signed GET requests which means we may well get non-public posts using the resolver. --- packages/backend/src/remote/activitypub/models/note.ts | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/packages/backend/src/remote/activitypub/models/note.ts b/packages/backend/src/remote/activitypub/models/note.ts index e12d99b63..e1d256ae9 100644 --- a/packages/backend/src/remote/activitypub/models/note.ts +++ b/packages/backend/src/remote/activitypub/models/note.ts @@ -101,10 +101,8 @@ export async function createNote(value: string | IObject, resolver: Resolver, si // If audience(to,cc) was not specified if (visibility === 'specified' && visibleUsers.length === 0) { - if (typeof value === 'string') { // 入力がstringならばresolverでGETが発生している - // こちらから匿名GET出来たものならばpublic - visibility = 'public'; - } + // TODO derive audience from context (e.g. whose inbox this was in?) + throw new Error('audience not understood'); } let isTalk = note._misskey_talk && visibility === 'specified';