hide metadata of private notes #14

Manually merged
Johann150 merged 9 commits from private-notes into main 2022-07-25 16:18:55 +00:00
Owner

Analog of https://github.com/misskey-dev/misskey/pull/8641, the history is slightly rewritten to prevent errors that were spotted later which should make for a cleaner commit history.

The hideNote function has been removed. This has the additional advantage that it removes duplicated code for checking the visibility of a note already in isVisibleForMe.

Users will no longer be able to see notes that are not visible to them. The previous behaviour was to show the note just with the text replaced by a message that the note is not visible to the user. The new behaviour is that the server claims that the note does not exist at all if it is not visible to the user.

Users will no longer be able to reply to or renote notes that are not visible to them.

Analog of <https://github.com/misskey-dev/misskey/pull/8641>, the history is slightly rewritten to prevent errors that were spotted later which should make for a cleaner commit history. The `hideNote` function has been removed. This has the additional advantage that it removes duplicated code for checking the visibility of a note already in `isVisibleForMe`. Users will no longer be able to see notes that are not visible to them. The previous behaviour was to show the note just with the text replaced by a message that the note is not visible to the user. The new behaviour is that the server claims that the note does not exist at all if it is not visible to the user. Users will no longer be able to reply to or renote notes that are not visible to them.
Johann150 added this to the (deleted) project 2022-07-17 18:36:04 +00:00
Author
Owner

There are some issues with this in combination with the added possibility of using GET requests for the API. For example, hovering over a reaction to a followers-only post does not work any more and returns the error NO_SUCH_NOTE.

The problem is that the GET part of the API does not use/support authentication properly. We would have to introduce a proper Authentication HTTP header probably for that to work correctly unless we want the token in the URL parameters.

Alternatively revert that endpoint back to a POST request. But we would also have to check each API endpoint. (sigh how many times did i already do that for this PR)

There are some issues with this in combination with the added possibility of using GET requests for the API. For example, hovering over a reaction to a followers-only post does not work any more and returns the error `NO_SUCH_NOTE`. The problem is that the GET part of the API does not use/support authentication properly. We would have to introduce a proper `Authentication` HTTP header probably for that to work correctly unless we want the token in the URL parameters. Alternatively revert that endpoint back to a POST request. But we would also have to check each API endpoint. (*sigh* how many times did i already do that for this PR)
Johann150 added a new dependency 2022-07-18 21:34:41 +00:00
Johann150 added a new dependency 2022-07-19 19:37:08 +00:00
Johann150 force-pushed private-notes from a3f8bde92e to 3fe351df6d 2022-07-23 20:28:52 +00:00 Compare
Owner

Kind of wonder what the performance penalty is on the overall here. I'm noticing a couple of allSettled promise calls.
I'd imagine it should be fine, but might be a good idea to check in case it actively tanks.
Besides that looks fine!

P.S. Maybe we can start the "shared code" package between client/backend/etc and put errors into it? That way we could have something like errors.AUTH_ERROR instead of UUIDs...

Kind of wonder what the performance penalty is on the overall here. I'm noticing a couple of allSettled promise calls. I'd imagine it should be fine, but might be a good idea to check in case it actively tanks. Besides that looks fine! P.S. Maybe we can start the "shared code" package between client/backend/etc and put errors into it? That way we could have something like `errors.AUTH_ERROR` instead of UUIDs...
Author
Owner

Kind of wonder what the performance penalty is on the overall here. I'm noticing a couple of allSettled promise calls.

The reason for the allSettled calls is because the way of determining that a note is not visible to the given user is to throw an error. However, I don't want one invisible note to make all other notes that I am trying to pack become invisibile as well. I assume there are no other rejection conditions in what is essentially transforming data, as there were none dealth with before, and I don't think performance should be impacted. (Not measured though because no idea how to.)

have something like errors.AUTH_ERROR instead of UUIDs...

In this case the explicit goal was to not have a separate error cases for these notes but instead just pretend they do not exist in the first place. But I think even in that case there were multiple errors that essentially said "this note doesnt exist" so that might be something to look into in the future. Out of scope for this PR though I think.

> Kind of wonder what the performance penalty is on the overall here. I'm noticing a couple of `allSettled` promise calls. The reason for the `allSettled` calls is because the way of determining that a note is not visible to the given user is to throw an error. However, I don't want one invisible note to make all other notes that I am trying to pack become invisibile as well. I assume there are no other rejection conditions in what is essentially transforming data, as there were none dealth with before, and I don't *think* performance should be impacted. (Not measured though because no idea how to.) > have something like `errors.AUTH_ERROR` instead of UUIDs... In this case the explicit goal was to not have a separate error cases for these notes but instead just pretend they do not exist in the first place. But I think even in that case there were multiple errors that essentially said "this note doesnt exist" so that might be something to look into in the future. Out of scope for this PR though I think.
Johann150 referenced this pull request from a commit 2022-07-25 16:16:31 +00:00
Johann150 manually merged commit 9ee609d700 into main 2022-07-25 16:18:55 +00:00
Johann150 deleted branch private-notes 2022-07-25 16:19:05 +00:00
norm referenced this pull request from a commit 2022-08-28 14:46:46 +00:00
Johann150 added the
fix
label 2022-12-23 10:21:08 +00:00
Johann150 removed this from the (deleted) project 2022-12-23 10:21:11 +00:00
Sign in to join this conversation.
No reviewers
No labels
feature
fix
upkeep
No milestone
No project
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks Depends on
Reference: FoundKeyGang/FoundKey#14
No description provided.