add/translate comments
This commit is contained in:
parent
2b5a35147a
commit
e366116ac1
GPG key ID:
9EE6577A2A06F8F1
2 changed files with 15 additions and 4 deletions
|
|
@ -83,7 +83,7 @@ export default define(meta, paramDef, async (ps, me) => {
|
||||||
});
|
});
|
||||||
|
|
||||||
/***
|
/***
|
||||||
* URIからUserかNoteを解決する
|
* Resolve a User or Note from a given URI
|
||||||
*/
|
*/
|
||||||
async function fetchAny(uri: string, me: ILocalUser | null | undefined): Promise<SchemaType<typeof meta['res']> | null> {
|
async function fetchAny(uri: string, me: ILocalUser | null | undefined): Promise<SchemaType<typeof meta['res']> | null> {
|
||||||
// Stop if the host is blocked.
|
// Stop if the host is blocked.
|
||||||
|
|
@ -92,6 +92,7 @@ async function fetchAny(uri: string, me: ILocalUser | null | undefined): Promise
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// first try to fetch the object from the database
|
||||||
const dbResolver = new DbResolver();
|
const dbResolver = new DbResolver();
|
||||||
|
|
||||||
let local = await mergePack(me, ...await Promise.all([
|
let local = await mergePack(me, ...await Promise.all([
|
||||||
|
|
@ -100,13 +101,15 @@ async function fetchAny(uri: string, me: ILocalUser | null | undefined): Promise
|
||||||
]));
|
]));
|
||||||
if (local != null) return local;
|
if (local != null) return local;
|
||||||
|
|
||||||
// fetch object from remote
|
// getting the object from the database failed, fetch from remote
|
||||||
const resolver = new Resolver();
|
const resolver = new Resolver();
|
||||||
// allow redirect
|
// allow redirect
|
||||||
const object = await resolver.resolve(uri, true) as any;
|
const object = await resolver.resolve(uri, true) as any;
|
||||||
|
|
||||||
// /@user のような正規id以外で取得できるURIが指定されていた場合、ここで初めて正規URIが確定する
|
// If a URI other than the canonical id such as `/@user` is specified,
|
||||||
// これはDBに存在する可能性があるため再度DB検索
|
// the canonical URI is determined here for the first time.
|
||||||
|
//
|
||||||
|
// DB search again, since this may exist in the DB
|
||||||
if (uri !== object.id) {
|
if (uri !== object.id) {
|
||||||
local = await mergePack(me, ...await Promise.all([
|
local = await mergePack(me, ...await Promise.all([
|
||||||
dbResolver.getUserFromApId(object.id),
|
dbResolver.getUserFromApId(object.id),
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,14 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
|
/*
|
||||||
|
Note: It should not be allowed for the actual file contents to be updated.
|
||||||
|
Not allowing the user to change the contents after the public URL has been determined
|
||||||
|
is relevant because it is a defense mechanism against AcitivtyPub content "impersonation".
|
||||||
|
|
||||||
|
If the URL is known, an integrity check could be defeated which checks that the `id`
|
||||||
|
indicated in an ActivityPub object is actually retrievable at that given `id`.
|
||||||
|
*/
|
||||||
const file = await DriveFiles.findOneBy({ id: ps.fileId });
|
const file = await DriveFiles.findOneBy({ id: ps.fileId });
|
||||||
|
|
||||||
if (file == null) throw new ApiError('NO_SUCH_FILE');
|
if (file == null) throw new ApiError('NO_SUCH_FILE');
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue