FoundKeyGang/FoundKey
FoundKeyGang/FoundKey
7
20
Fork 23
Code Issues 37 Pull requests 3 Releases Activity

WIP: Secure mode #31

Closed
norm wants to merge 21 commits from (deleted):feat/secure-fetch into main
pull from: (deleted):feat/secure-fetch
merge into: FoundKeyGang:main
Conversation 10 Commits 21 Files changed 88 +526 -34
88 changed files with 526 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.config/example.yml
View file

@ -120,9 +120,6 @@ redis:
# Proxy remote files (default: false)
#proxyRemoteFiles: true
# Sign to ActivityPub GET request (default: false)
#signToActivityPubGet: true
#allowedPrivateNetworks: [
# '127.0.0.1/32'
#]

3
chart/files/default.yml
View file

@ -154,9 +154,6 @@ id: "aid"
# Media Proxy
#mediaProxy: https://example.com/proxy
# Sign to ActivityPub GET request (default: false)
#signToActivityPubGet: true
#allowedPrivateNetworks: [
# '127.0.0.1/32'
#]

7
locales/en-US.yml
View file

@ -774,6 +774,13 @@ middle: "Medium"
low: "Low"
emailNotConfiguredWarning: "Email address not set."
ratio: "Ratio"
secureMode: "Secure Mode (Authorized Fetch)"
instanceSecurity: "Instance Security"
secureModeInfo: "Requests from other instances must be signed, otherwise notes won't be returned."
privateMode: "Private Mode"
privateModeInfo: "When enabled, only authorized instances may fetch notes. Hides all notes from public."
allowedInstances: "Allowed Instances"
allowedInstancesDescription: "Set the hosts of the instances you want to allow, separated by line. Valid in private mode only."
previewNoteText: "Show preview"
customCss: "Custom CSS"
customCssWarn: "This setting should only be used if you know what it does. Entering improper values may cause the client to stop functioning normally."

7
locales/ja-JP.yml
View file

@ -776,6 +776,13 @@ middle: "中"
low: "低"
emailNotConfiguredWarning: "メールアドレスの設定がされていません。"
ratio: "比率"
secureMode: "セキュアモード (Authorized Fetch)"
instanceSecurity: "インスタンスのセキュリティー"
secureModeInfo: "他のインスタンスからリクエストするときに、証明を付けなければ返送しません。"
privateMode: "非公開モード"
privateModeInfo: "有効にして、許可されているインスタンスのみがリクエストできます。すべてのノートが公開に非表示にします。"
allowedInstances: "許可されたインスタンス"
allowedInstancesDescription: "許可したいインスタンスのホストを改行で区切って設定します。非公開モードだけで有効です。"
previewNoteText: "本文をプレビュー"
customCss: "カスタムCSS"
customCssWarn: "この設定は必ず知識のある方が行ってください。不適切な設定を行うとクライアントが正常に使用できなくなる恐れがあります。"

17
packages/backend/migration/1626733991004-allowlist-secure-mode.js Normal file
View file

@ -0,0 +1,17 @@
export class allowlistSecureMode1626733991004 {
name = 'allowlistSecureMode1626733991004';
async up(queryRunner) {
await queryRunner.query(`ALTER TABLE "meta" ADD "allowedHosts" character varying(256) [] default '{}'`);
await queryRunner.query(`ALTER TABLE "meta" ADD "secureMode" bool default false`);
await queryRunner.query(`ALTER TABLE "meta" ADD "privateMode" bool default false`);
}
async down(queryRunner) {
await queryRunner.query(`ALTER TABLE "meta" DROP COLUMN "allowedHosts"`);
await queryRunner.query(`ALTER TABLE "meta" DROP COLUMN "secureMode"`);
await queryRunner.query(`ALTER TABLE "meta" DROP COLUMN "privateMode"`);
}
}

2
packages/backend/src/config/types.ts
View file

@ -63,8 +63,6 @@ export type Source = {
mediaProxy?: string;
proxyRemoteFiles?: boolean;
signToActivityPubGet?: boolean;
};
/**

15
packages/backend/src/models/entities/meta.ts
View file

@ -77,6 +77,21 @@ export class Meta {
})
public blockedHosts: string[];
@Column('boolean', {
default: false
})
public secureMode: boolean;
@Column('boolean', {
default: false
})
public privateMode: boolean;
@Column('varchar', {
length: 256, array: true, default: '{}'
})
public allowedHosts: string[];
@Column('varchar', {
length: 512, array: true, default: '{/featured,/channels,/explore,/pages,/about-misskey}',
})

4
packages/backend/src/queue/processors/deliver.ts
View file

@ -28,6 +28,10 @@ export default async (job: Bull.Job<DeliverJobData>) => {
return 'skip (blocked)';
}
if (meta.privateMode && !meta.allowedHosts.includes(toPuny(host))) {
return 'skip (not allowed)';
}
// isSuspendedなら中断
let suspendedHosts = suspendedHostsCache.get(null);
if (suspendedHosts == null) {

5
packages/backend/src/queue/processors/inbox.ts
View file

@ -39,6 +39,11 @@ export default async (job: Bull.Job<InboxJobData>): Promise<string> => {
return `Blocked request: ${host}`;
}
// Only permitted instances if in private mode.
if (meta.privateMode && !meta.allowedHosts.includes(host)) {
return `Blocked request: ${host}`;
}
const keyIdLower = signature.keyId.toLowerCase();
if (keyIdLower.startsWith('acct:')) {
return `Old keyId is no longer supported. ${keyIdLower}`;

69
packages/backend/src/remote/activitypub/check-fetch.ts Normal file
View file

@ -0,0 +1,69 @@
import config from '@/config/index.js';
import { IncomingMessage } from 'http';
import { fetchMeta } from '@/misc/fetch-meta.js';
import httpSignature from '@peertube/http-signature';
import { URL } from 'url';
import { toPuny } from '@/misc/convert-host.js';
import DbResolver from '@/remote/activitypub/db-resolver.js';
import { getApId } from '@/remote/activitypub/type.js';
export default async function checkFetch(req: IncomingMessage): Promise<number> {
Johann150 marked this conversation as resolved
Johann150 commented 2022-08-01 00:30:35 +00:00
Copy link

If you want you could maybe take a stab at reusing this in packages/backend/src/queue/processors/inbox.ts since its essentially the same code for validating a HTTP signature.

If you want you could maybe take a stab at reusing this in `packages/backend/src/queue/processors/inbox.ts` since its essentially the same code for validating a HTTP signature.
norm commented 2022-08-01 04:32:37 +00:00
Copy link

Not enitrely sure how to extract out the common logic here, may leave it to someone else to handle that.

Not enitrely sure how to extract out the common logic here, may leave it to someone else to handle that.
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
let signature;
try {
signature = httpSignature.parseRequest(req, { 'headers': [] });
} catch (e) {
return 401;
}
const keyId = new URL(signature.keyId);
const host = toPuny(keyId.hostname);
if (meta.blockedHosts.includes(host)) {
return 403;
}
if (meta.privateMode && host !== config.host && !meta.allowedHosts.includes(host)) {
return 403;
}
const keyIdLower = signature.keyId.toLowerCase();
if (keyIdLower.startsWith('acct:')) {
// Old keyId is no longer supported.
return 401;
}
const dbResolver = new DbResolver();
// Get user from database based on HTTP-Signature keyId
let authUser = await dbResolver.getAuthUserFromKeyId(signature.keyId);
// If keyid is unknown, try resolving it
if (authUser == null) {
try {
keyId.hash = '';
authUser = await dbResolver.getAuthUserFromApId(getApId(keyId.toString()));
} catch (e) {
return 403;
}
}
if (authUser?.key == null) {
return 403;
}
if (authUser.user.host !== host) {
return 403;
}
// HTTP-Signature validation
const httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
if (!httpSignatureValidated) {
return 403;
}
}
return 200;
}

6
packages/backend/src/remote/activitypub/resolver.ts
View file

@ -72,7 +72,11 @@ export default class Resolver {
throw new Error('Instance is blocked');
}
if (config.signToActivityPubGet && !this.user) {
if (meta.privateMode && config.host !== host && !meta.allowedHosts.includes(host)) {
throw new Error('Instance is not allowed');
}
if (!this.user) {
this.user = await getInstanceActor();
}

123
packages/backend/src/server/activitypub.ts
View file

@ -9,11 +9,14 @@ import renderKey from '@/remote/activitypub/renderer/key.js';
import { renderPerson } from '@/remote/activitypub/renderer/person.js';
import renderEmoji from '@/remote/activitypub/renderer/emoji.js';
import { inbox as processInbox } from '@/queue/index.js';
import { isSelfHost } from '@/misc/convert-host.js';
import { isSelfHost, toPuny } from '@/misc/convert-host.js';
import { Notes, Users, Emojis, NoteReactions } from '@/models/index.js';
import { ILocalUser, User } from '@/models/entities/user.js';
import { renderLike } from '@/remote/activitypub/renderer/like.js';
import { getUserKeypair } from '@/misc/keypair-store.js';
import checkFetch from '@/remote/activitypub/check-fetch.js';
import { getInstanceActor } from '@/services/instance-actor.js';
import { fetchMeta } from '@/misc/fetch-meta.js';
import renderFollow from '@/remote/activitypub/renderer/follow.js';
import Outbox, { packActivity } from './activitypub/outbox.js';
import Followers from './activitypub/followers.js';
@ -66,6 +69,12 @@ router.post('/users/:user/inbox', json(), inbox);
router.get('/notes/:note', async (ctx, next) => {
if (!isActivityPubReq(ctx)) return await next();
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
const note = await Notes.findOneBy({
id: ctx.params.note,
visibility: In(['public' as const, 'home' as const]),
@ -78,7 +87,7 @@ router.get('/notes/:note', async (ctx, next) => {
}
// リモートだったらリダイレクト
if (note.userHost != null) {
if (note.userHost !== null) {
if (note.uri == null || isSelfHost(note.userHost)) {
ctx.status = 500;
return;
@ -88,12 +97,24 @@ router.get('/notes/:note', async (ctx, next) => {
}
ctx.body = renderActivity(await renderNote(note, false));
ctx.set('Cache-Control', 'public, max-age=180');
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
setResponseType(ctx);
});
// note activity
router.get('/notes/:note/activity', async ctx => {
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
const note = await Notes.findOneBy({
id: ctx.params.note,
userHost: IsNull(),
@ -107,7 +128,12 @@ router.get('/notes/:note/activity', async ctx => {
}
ctx.body = renderActivity(await packActivity(note));
ctx.set('Cache-Control', 'public, max-age=180');
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
setResponseType(ctx);
});
@ -125,6 +151,20 @@ router.get('/users/:user/collections/featured', Featured);
// publickey
router.get('/users/:user/publickey', async ctx => {
const instanceActor = await getInstanceActor();
if (ctx.params.user === instanceActor.id) {
ctx.body = renderActivity(renderKey(instanceActor, await getUserKeypair(instanceActor.id)));
ctx.set('Cache-Control', 'public, max-age=180');
setResponseType(ctx);
return;
}
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
const userId = ctx.params.user;
const user = await Users.findOneBy({
@ -141,7 +181,12 @@ router.get('/users/:user/publickey', async ctx => {
if (Users.isLocalUser(user)) {
ctx.body = renderActivity(renderKey(user, keypair));
ctx.set('Cache-Control', 'public, max-age=180');
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
setResponseType(ctx);
} else {
ctx.status = 400;
@ -156,13 +201,30 @@ async function userInfo(ctx: Router.RouterContext, user: User | null) {
}
ctx.body = renderActivity(await renderPerson(user as ILocalUser));
ctx.set('Cache-Control', 'public, max-age=180');
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
setResponseType(ctx);
}
router.get('/users/:user', async (ctx, next) => {
if (!isActivityPubReq(ctx)) return await next();
const instanceActor = await getInstanceActor();
if (ctx.params.user === instanceActor.id) {
await userInfo(ctx, instanceActor);
return;
}
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
const userId = ctx.params.user;
const user = await Users.findOneBy({
@ -177,6 +239,18 @@ router.get('/users/:user', async (ctx, next) => {
router.get('/@:user', async (ctx, next) => {
if (!isActivityPubReq(ctx)) return await next();
if (ctx.params.user === 'instance.actor') {
const instanceActor = await getInstanceActor();
await userInfo(ctx, instanceActor);
return;
}
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
const user = await Users.findOneBy({
usernameLower: ctx.params.user.toLowerCase(),
host: IsNull(),
@ -185,6 +259,11 @@ router.get('/@:user', async (ctx, next) => {
await userInfo(ctx, user);
});
router.get('/actor', async (ctx, next) => {
const instanceActor = await getInstanceActor();
await userInfo(ctx, instanceActor);
});
//#endregion
// emoji
@ -200,12 +279,23 @@ router.get('/emojis/:emoji', async ctx => {
}
ctx.body = renderActivity(await renderEmoji(emoji));
ctx.set('Cache-Control', 'public, max-age=180');
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'no-store');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
setResponseType(ctx);
});
// like
router.get('/likes/:like', async ctx => {
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
const reaction = await NoteReactions.findOneBy({ id: ctx.params.like });
if (reaction == null) {
@ -221,12 +311,22 @@ router.get('/likes/:like', async ctx => {
}
ctx.body = renderActivity(await renderLike(reaction, note));
ctx.set('Cache-Control', 'public, max-age=180');
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
setResponseType(ctx);
});
// follow
router.get('/follows/:follower/:followee', async ctx => {
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
// This may be used before the follow is completed, so we do not
// check if the following exists.
@ -247,7 +347,12 @@ router.get('/follows/:follower/:followee', async ctx => {
}
ctx.body = renderActivity(renderFollow(follower, followee));
ctx.set('Cache-Control', 'public, max-age=180');
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
setResponseType(ctx);
});

17
packages/backend/src/server/activitypub/featured.ts
View file

@ -5,9 +5,18 @@ import { renderActivity } from '@/remote/activitypub/renderer/index.js';
import renderOrderedCollection from '@/remote/activitypub/renderer/ordered-collection.js';
import renderNote from '@/remote/activitypub/renderer/note.js';
import { Users, Notes, UserNotePinings } from '@/models/index.js';
import { IsNull } from 'typeorm';
import checkFetch from '@/remote/activitypub/check-fetch.js';
import { fetchMeta } from '@/misc/fetch-meta.js';
import { setResponseType } from '../activitypub.js';
export default async (ctx: Router.RouterContext) => {
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
const userId = ctx.params.user;
const user = await Users.findOneBy({
@ -36,6 +45,12 @@ export default async (ctx: Router.RouterContext) => {
);
ctx.body = renderActivity(rendered);
ctx.set('Cache-Control', 'public, max-age=180');
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
setResponseType(ctx);
};

17
packages/backend/src/server/activitypub/followers.ts
View file

@ -9,12 +9,20 @@ import renderFollowUser from '@/remote/activitypub/renderer/follow-user.js';
import { Users, Followings, UserProfiles } from '@/models/index.js';
import { Following } from '@/models/entities/following.js';
import { setResponseType } from '../activitypub.js';
import checkFetch from '@/remote/activitypub/check-fetch.js';
import { fetchMeta } from '@/misc/fetch-meta.js';
export default async (ctx: Router.RouterContext) => {
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
const userId = ctx.params.user;
const cursor = ctx.request.query.cursor;
if (cursor != null && typeof cursor !== 'string') {
if (cursor !== null && typeof cursor !== 'string') {
ctx.status = 400;
return;
}
@ -89,7 +97,12 @@ export default async (ctx: Router.RouterContext) => {
// index page
const rendered = renderOrderedCollection(partOf, user.followersCount, `${partOf}?page=true`);
ctx.body = renderActivity(rendered);
ctx.set('Cache-Control', 'public, max-age=180');
setResponseType(ctx);
}
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
};

17
packages/backend/src/server/activitypub/following.ts
View file

@ -9,12 +9,20 @@ import renderFollowUser from '@/remote/activitypub/renderer/follow-user.js';
import { Users, Followings, UserProfiles } from '@/models/index.js';
import { Following } from '@/models/entities/following.js';
import { setResponseType } from '../activitypub.js';
import checkFetch from '@/remote/activitypub/check-fetch.js';
import { fetchMeta } from '@/misc/fetch-meta.js';
export default async (ctx: Router.RouterContext) => {
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
const userId = ctx.params.user;
const cursor = ctx.request.query.cursor;
if (cursor != null && typeof cursor !== 'string') {
if (cursor !== null && typeof cursor !== 'string') {
ctx.status = 400;
return;
}
@ -89,7 +97,12 @@ export default async (ctx: Router.RouterContext) => {
// index page
const rendered = renderOrderedCollection(partOf, user.followingCount, `${partOf}?page=true`);
ctx.body = renderActivity(rendered);
ctx.set('Cache-Control', 'public, max-age=180');
setResponseType(ctx);
}
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
};

23
packages/backend/src/server/activitypub/outbox.ts
View file

@ -14,25 +14,34 @@ import { Note } from '@/models/entities/note.js';
import { isPureRenote } from '@/misc/renote.js';
import { makePaginationQuery } from '../api/common/make-pagination-query.js';
import { setResponseType } from '../activitypub.js';
import checkFetch from '@/remote/activitypub/check-fetch.js';
import { fetchMeta } from '@/misc/fetch-meta.js';
import { isPureRenote } from '@/misc/renote.js';
export default async (ctx: Router.RouterContext) => {
const verify = await checkFetch(ctx.req);
if (verify !== 200) {
ctx.status = verify;
return;
}
const userId = ctx.params.user;
const sinceId = ctx.request.query.since_id;
if (sinceId != null && typeof sinceId !== 'string') {
if (sinceId !== null && typeof sinceId !== 'string') {
ctx.status = 400;
return;
}
const untilId = ctx.request.query.until_id;
if (untilId != null && typeof untilId !== 'string') {
if (untilId !== null && typeof untilId !== 'string') {
ctx.status = 400;
return;
}
const page = ctx.request.query.page === 'true';
if (countIf(x => x != null, [sinceId, untilId]) > 1) {
if (countIf(x => x !== null, [sinceId, untilId]) > 1) {
ctx.status = 400;
return;
}
@ -90,9 +99,15 @@ export default async (ctx: Router.RouterContext) => {
`${partOf}?page=true&since_id=000000000000000000000000`,
);
ctx.body = renderActivity(rendered);
ctx.set('Cache-Control', 'public, max-age=180');
setResponseType(ctx);
}
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {
ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');
} else {
ctx.set('Cache-Control', 'public, max-age=180');
}
};
/**

13
packages/backend/src/server/api/call.ts
View file

@ -7,6 +7,8 @@ import { limiter } from './limiter.js';
import endpoints, { IEndpointMeta } from './endpoints.js';
import { ApiError } from './error.js';
import { apiLogger } from './logger.js';
import { AccessToken } from '@/models/entities/access-token.js';
import { fetchMeta } from '@/misc/fetch-meta.js';
const accessDenied = {
message: 'Access denied.',
@ -93,6 +95,17 @@ export default async (endpoint: string, user: CacheableLocalUser | null | undefi
});
}
// private mode
const meta = await fetchMeta();
if (meta.privateMode && ep.meta.requireCredentialPrivateMode && user == null) {
throw new ApiError({
message: 'Credential required.',
code: 'CREDENTIAL_REQUIRED',
id: '1384574d-a912-4b81-8601-c7b1c4085df1',
httpStatusCode: 401
});
}
// Cast non JSON input
if ((ep.meta.requireFile || ctx?.method === 'GET') && ep.params.properties) {
for (const k of Object.keys(ep.params.properties)) {

6
packages/backend/src/server/api/endpoints.ts
View file

@ -690,6 +690,12 @@ export interface IEndpointMeta {
*/
readonly secure?: boolean;
/**
* If in private mode, whether credentials are required when making a request to this endpoint.
* If omitted, this is interpreted as false.
*/
readonly requireCredentialPrivateMode?: boolean;
/**
*
*

19
packages/backend/src/server/api/endpoints/admin/meta.ts
View file

@ -153,6 +153,22 @@ export const meta = {
optional: false, nullable: false,
},
},
allowedHosts: {
type: 'array',
optional: true, nullable: false,
items: {
type: 'string',
optional: false, nullable: false,
},
},
privateMode: {
type: 'boolean',
optional: false, nullable: false,
},
secureMode: {
type: 'boolean',
optional: false, nullable: false,
},
hcaptchaSecretKey: {
type: 'string',
optional: true, nullable: true,
@ -327,6 +343,9 @@ export default define(meta, paramDef, async (ps, me) => {
pinnedUsers: instance.pinnedUsers,
hiddenTags: instance.hiddenTags,
blockedHosts: instance.blockedHosts,
allowedHosts: instance.allowedHosts,
privateMode: instance.privateMode,
secureMode: instance.secureMode,
hcaptchaSecretKey: instance.hcaptchaSecretKey,
recaptchaSecretKey: instance.recaptchaSecretKey,
proxyAccountId: instance.proxyAccountId,

17
packages/backend/src/server/api/endpoints/admin/update-meta.ts
View file

@ -26,6 +26,11 @@ export const paramDef = {
blockedHosts: { type: 'array', nullable: true, items: {
type: 'string',
} },
allowedHosts: { type: 'array', nullable: true, items: {
type: 'string',
} },
secureMode: { type: 'boolean', nullable: true },
privateMode: { type: 'boolean', nullable: true },
themeColor: { type: 'string', nullable: true, pattern: '^#[0-9a-fA-F]{6}$' },
bannerUrl: { type: 'string', nullable: true },
iconUrl: { type: 'string', nullable: true },
@ -131,6 +136,18 @@ export default define(meta, paramDef, async (ps, me) => {
set.themeColor = ps.themeColor;
}
if (Array.isArray(ps.allowedHosts)) {
set.allowedHosts = ps.allowedHosts.filter(Boolean);
}
if (typeof ps.privateMode === 'boolean') {
set.privateMode = ps.privateMode;
}
if (typeof ps.secureMode === 'boolean') {
set.secureMode = ps.secureMode;
}
if (ps.bannerUrl !== undefined) {
set.bannerUrl = ps.bannerUrl;
}

1
packages/backend/src/server/api/endpoints/announcements.ts
View file

@ -6,6 +6,7 @@ export const meta = {
tags: ['meta'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/channels/featured.ts
View file

@ -5,6 +5,7 @@ export const meta = {
tags: ['channels'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/channels/show.ts
View file

@ -6,6 +6,7 @@ export const meta = {
tags: ['channels'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'object',

1
packages/backend/src/server/api/endpoints/channels/timeline.ts
View file

@ -8,6 +8,7 @@ export const meta = {
tags: ['notes', 'channels'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/charts/active-users.ts
View file

@ -4,6 +4,7 @@ import define from '../../define.js';
export const meta = {
tags: ['charts', 'users'],
requireCredentialPrivateMode: true,
res: getJsonSchema(activeUsersChart.schema),

1
packages/backend/src/server/api/endpoints/charts/ap-request.ts
View file

@ -4,6 +4,7 @@ import define from '../../define.js';
export const meta = {
tags: ['charts'],
requireCredentialPrivateMode: true,
res: getJsonSchema(apRequestChart.schema),

1
packages/backend/src/server/api/endpoints/charts/drive.ts
View file

@ -4,6 +4,7 @@ import define from '../../define.js';
export const meta = {
tags: ['charts', 'drive'],
requireCredentialPrivateMode: true,
res: getJsonSchema(driveChart.schema),

1
packages/backend/src/server/api/endpoints/charts/federation.ts
View file

@ -4,6 +4,7 @@ import define from '../../define.js';
export const meta = {
tags: ['charts'],
requireCredentialPrivateMode: true,
res: getJsonSchema(federationChart.schema),

1
packages/backend/src/server/api/endpoints/charts/hashtag.ts
View file

@ -4,6 +4,7 @@ import define from '../../define.js';
export const meta = {
tags: ['charts', 'hashtags'],
requireCredentialPrivateMode: true,
res: getJsonSchema(hashtagChart.schema),

1
packages/backend/src/server/api/endpoints/charts/instance.ts
View file

@ -4,6 +4,7 @@ import define from '../../define.js';
export const meta = {
tags: ['charts'],
requireCredentialPrivateMode: true,
res: getJsonSchema(instanceChart.schema),

1
packages/backend/src/server/api/endpoints/charts/notes.ts
View file

@ -4,6 +4,7 @@ import define from '../../define.js';
export const meta = {
tags: ['charts', 'notes'],
requireCredentialPrivateMode: true,
res: getJsonSchema(notesChart.schema),

1
packages/backend/src/server/api/endpoints/charts/user/drive.ts
View file

@ -4,6 +4,7 @@ import define from '../../../define.js';
export const meta = {
tags: ['charts', 'drive', 'users'],
requireCredentialPrivateMode: true,
res: getJsonSchema(perUserDriveChart.schema),

1
packages/backend/src/server/api/endpoints/charts/user/following.ts
View file

@ -4,6 +4,7 @@ import define from '../../../define.js';
export const meta = {
tags: ['charts', 'users', 'following'],
requireCredentialPrivateMode: true,
res: getJsonSchema(perUserFollowingChart.schema),

1
packages/backend/src/server/api/endpoints/charts/user/notes.ts
View file

@ -4,6 +4,7 @@ import define from '../../../define.js';
export const meta = {
tags: ['charts', 'users', 'notes'],
requireCredentialPrivateMode: true,
res: getJsonSchema(perUserNotesChart.schema),

1
packages/backend/src/server/api/endpoints/charts/user/reactions.ts
View file

@ -4,6 +4,7 @@ import define from '../../../define.js';
export const meta = {
tags: ['charts', 'users', 'reactions'],
requireCredentialPrivateMode: true,
res: getJsonSchema(perUserReactionsChart.schema),

1
packages/backend/src/server/api/endpoints/charts/users.ts
View file

@ -4,6 +4,7 @@ import define from '../../define.js';
export const meta = {
tags: ['charts', 'users'],
requireCredentialPrivateMode: true,
res: getJsonSchema(usersChart.schema),

1
packages/backend/src/server/api/endpoints/clips/notes.ts
View file

@ -10,6 +10,7 @@ export const meta = {
tags: ['account', 'notes', 'clips'],
requireCredential: false,
requireCredentialPrivateMode: true,
kind: 'read:account',

1
packages/backend/src/server/api/endpoints/clips/show.ts
View file

@ -6,6 +6,7 @@ export const meta = {
tags: ['clips', 'account'],
requireCredential: false,
requireCredentialPrivateMode: true,
kind: 'read:account',

1
packages/backend/src/server/api/endpoints/federation/followers.ts
View file

@ -6,6 +6,7 @@ export const meta = {
tags: ['federation'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/federation/following.ts
View file

@ -6,6 +6,7 @@ export const meta = {
tags: ['federation'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/federation/instances.ts
View file

@ -6,6 +6,7 @@ export const meta = {
tags: ['federation'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/federation/show-instance.ts
View file

@ -6,6 +6,7 @@ export const meta = {
tags: ['federation'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
oneOf: [{

1
packages/backend/src/server/api/endpoints/federation/users.ts
View file

@ -6,6 +6,7 @@ export const meta = {
tags: ['federation'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/gallery/featured.ts
View file

@ -5,6 +5,7 @@ export const meta = {
tags: ['gallery'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/gallery/popular.ts
View file

@ -5,6 +5,7 @@ export const meta = {
tags: ['gallery'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/gallery/posts.ts
View file

@ -4,6 +4,7 @@ import { makePaginationQuery } from '../../common/make-pagination-query.js';
export const meta = {
tags: ['gallery'],
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/gallery/posts/show.ts
View file

@ -6,6 +6,7 @@ export const meta = {
tags: ['gallery'],
requireCredential: false,
requireCredentialPrivateMode: true,
errors: {
noSuchPost: {

1
packages/backend/src/server/api/endpoints/get-online-users-count.ts
View file

@ -7,6 +7,7 @@ export const meta = {
tags: ['meta'],
requireCredential: false,
requireCredentialPrivateMode: true,
} as const;
export const paramDef = {

1
packages/backend/src/server/api/endpoints/hashtags/list.ts
View file

@ -5,6 +5,7 @@ export const meta = {
tags: ['hashtags'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/hashtags/search.ts
View file

@ -5,6 +5,7 @@ export const meta = {
tags: ['hashtags'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/hashtags/show.ts
View file

@ -7,6 +7,7 @@ export const meta = {
tags: ['hashtags'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'object',

1
packages/backend/src/server/api/endpoints/hashtags/trend.ts
View file

@ -24,6 +24,7 @@ export const meta = {
tags: ['hashtags'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/hashtags/users.ts
View file

@ -4,6 +4,7 @@ import define from '../../define.js';
export const meta = {
requireCredential: false,
requireCredentialPrivateMode: true,
tags: ['hashtags', 'users'],

26
packages/backend/src/server/api/endpoints/meta.ts
View file

@ -246,6 +246,16 @@ export const meta = {
},
},
},
secureMode: {
type: 'boolean',
optional: true, nullable: false,
default: false,
},
privateMode: {
type: 'boolean',
optional: true, nullable: false,
default: false,
},
},
},
} as const;
@ -287,6 +297,10 @@ export default define(meta, paramDef, async (ps, me) => {
description: instance.description,
langs: instance.langs,
tosUrl: instance.ToSUrl,
secureMode: instance.secureMode,
norm marked this conversation as resolved
Johann150 commented 2022-08-01 00:34:48 +00:00
Copy link

We do not have repositoryUrl and feedbackUrl any more. Same as mascotImageUrl above.

We do not have `repositoryUrl` and `feedbackUrl` any more. Same as `mascotImageUrl` above.
privateMode: instance.privateMode,
disableRegistration: instance.disableRegistration,
disableLocalTimeline: instance.disableLocalTimeline,
disableGlobalTimeline: instance.disableGlobalTimeline,
@ -304,7 +318,7 @@ export default define(meta, paramDef, async (ps, me) => {
backgroundImageUrl: instance.backgroundImageUrl,
logoImageUrl: instance.logoImageUrl,
maxNoteTextLength: MAX_NOTE_TEXT_LENGTH, // 後方互換性のため
emojis: await Emojis.packMany(emojis),
emojis: instance.privateMode && !me ? [] : await Emojis.packMany(emojis),
defaultLightTheme: instance.defaultLightTheme,
defaultDarkTheme: instance.defaultDarkTheme,
enableEmail: instance.enableEmail,
@ -318,8 +332,8 @@ export default define(meta, paramDef, async (ps, me) => {
translatorAvailable: instance.deeplAuthKey != null,
...(ps.detail ? {
pinnedPages: instance.pinnedPages,
pinnedClipId: instance.pinnedClipId,
pinnedPages: instance.privateMode && !me ? [] : instance.pinnedPages,
pinnedClipId: instance.privateMode && !me ? [] : instance.pinnedClipId,
cacheRemoteFiles: instance.cacheRemoteFiles,
requireSetup: (await Users.countBy({
host: IsNull(),
@ -328,9 +342,11 @@ export default define(meta, paramDef, async (ps, me) => {
};
if (ps.detail) {
const proxyAccount = instance.proxyAccountId ? await Users.pack(instance.proxyAccountId).catch(() => null) : null;
if (!instance.privateMode || me) {
const proxyAccount = instance.proxyAccountId ? await Users.pack(instance.proxyAccountId).catch(() => null) : null;
response.proxyAccountName = proxyAccount ? proxyAccount.username : null;
}
response.proxyAccountName = proxyAccount ? proxyAccount.username : null;
response.features = {
registration: !instance.disableRegistration,
localTimeLine: !instance.disableLocalTimeline,

1
packages/backend/src/server/api/endpoints/notes.ts
View file

@ -5,6 +5,7 @@ import { makePaginationQuery } from '../common/make-pagination-query.js';
export const meta = {
tags: ['notes'],
requireCredentialPrivateMode: true,
res: {
type: 'array',
optional: false, nullable: false,

3
packages/backend/src/server/api/endpoints/notes/children.ts
View file

@ -10,6 +10,7 @@ export const meta = {
tags: ['notes'],
requireCredential: false,
requireCredentialPrivateMode: true,
description: 'Get a list of children of a notes. Children includes replies as well as quote renotes that quote the respective post. A post will not be duplicated if it is a reply and a quote of a note in this thread. For depths larger than 1 the threading has to be computed by the client.',
@ -22,7 +23,7 @@ export const meta = {
ref: 'Note',
},
},
} as const;
};
export const paramDef = {
type: 'object',

1
packages/backend/src/server/api/endpoints/notes/clips.ts
View file

@ -8,6 +8,7 @@ export const meta = {
tags: ['clips', 'notes'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/notes/conversation.ts
View file

@ -8,6 +8,7 @@ export const meta = {
tags: ['notes'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/notes/featured.ts
View file

@ -7,6 +7,7 @@ export const meta = {
tags: ['notes'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/notes/global-timeline.ts
View file

@ -12,6 +12,7 @@ import { generateBlockedUserQuery } from '../../common/generate-block-query.js';
export const meta = {
tags: ['notes'],
requireCredentialPrivateMode: true,
res: {
type: 'array',
optional: false, nullable: false,

1
packages/backend/src/server/api/endpoints/notes/local-timeline.ts
View file

@ -14,6 +14,7 @@ import { generateBlockedUserQuery } from '../../common/generate-block-query.js';
export const meta = {
tags: ['notes'],
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/notes/reactions.ts
View file

@ -9,6 +9,7 @@ export const meta = {
tags: ['notes', 'reactions'],
requireCredential: false,
requireCredentialPrivateMode: true,
allowGet: true,
cacheSec: 60,

1
packages/backend/src/server/api/endpoints/notes/renotes.ts
View file

@ -11,6 +11,7 @@ export const meta = {
tags: ['notes'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/notes/replies.ts
View file

@ -9,6 +9,7 @@ export const meta = {
tags: ['notes'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/notes/search-by-tag.ts
View file

@ -10,6 +10,7 @@ import { generateBlockedUserQuery } from '../../common/generate-block-query.js';
export const meta = {
tags: ['notes', 'hashtags'],
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/notes/search.ts
View file

@ -12,6 +12,7 @@ export const meta = {
tags: ['notes'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/notes/show.ts
View file

@ -7,6 +7,7 @@ export const meta = {
tags: ['notes'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'object',

1
packages/backend/src/server/api/endpoints/notes/translate.ts
View file

@ -12,6 +12,7 @@ export const meta = {
tags: ['notes'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'object',

1
packages/backend/src/server/api/endpoints/pages/featured.ts
View file

@ -5,6 +5,7 @@ export const meta = {
tags: ['pages'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/pages/show.ts
View file

@ -8,6 +8,7 @@ export const meta = {
tags: ['pages'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'object',

1
packages/backend/src/server/api/endpoints/pinned-users.ts
View file

@ -9,6 +9,7 @@ export const meta = {
tags: ['users'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/server-info.ts
View file

@ -4,6 +4,7 @@ import define from '../define.js';
export const meta = {
requireCredential: false,
requireCredentialPrivateMode: true,
tags: ['meta'],
} as const;

1
packages/backend/src/server/api/endpoints/stats.ts
View file

@ -5,6 +5,7 @@ import define from '../define.js';
export const meta = {
requireCredential: false,
requireCredentialPrivateMode: true,
tags: ['meta'],

1
packages/backend/src/server/api/endpoints/users.ts
View file

@ -7,6 +7,7 @@ export const meta = {
tags: ['users'],
requireCredential: false,
requireCredentialPrivateMode: true,
res: {
type: 'array',

1
packages/backend/src/server/api/endpoints/users/clips.ts
View file

@ -4,6 +4,7 @@ import { makePaginationQuery } from '../../common/make-pagination-query.js';
export const meta = {
tags: ['users', 'clips'],
requireCredentialPrivateMode: true,
description: 'Show all clips this user owns.',

1
packages/backend/src/server/api/endpoints/users/followers.ts
View file

@ -9,6 +9,7 @@ export const meta = {
tags: ['users'],
requireCredential: false,
requireCredentialPrivateMode: true,
description: 'Show everyone that follows this user.',

1
packages/backend/src/server/api/endpoints/users/following.ts
View file

@ -9,6 +9,7 @@ export const meta = {
tags: ['users'],
requireCredential: false,
requireCredentialPrivateMode: true,
description: 'Show everyone that this user is following.',

1
packages/backend/src/server/api/endpoints/users/gallery/posts.ts
View file

@ -4,6 +4,7 @@ import { makePaginationQuery } from '../../../common/make-pagination-query.js';
export const meta = {
tags: ['users', 'gallery'],
requireCredentialPrivateMode: true,
description: 'Show all gallery posts by the given user.',

1
packages/backend/src/server/api/endpoints/users/get-frequently-replied-users.ts
View file

@ -9,6 +9,7 @@ export const meta = {
tags: ['users'],
requireCredential: false,
requireCredentialPrivateMode: true,
description: 'Get a list of other users that the specified user frequently replies to.',

1
packages/backend/src/server/api/endpoints/users/notes.ts
View file

@ -11,6 +11,7 @@ import { generateBlockedUserQuery } from '../../common/generate-block-query.js';
export const meta = {
tags: ['users', 'notes'],
requireCredentialPrivateMode: true,
description: 'Show all notes that this user created.',
res: {

1
packages/backend/src/server/api/endpoints/users/pages.ts
View file

@ -4,6 +4,7 @@ import { makePaginationQuery } from '../../common/make-pagination-query.js';
export const meta = {
tags: ['users', 'pages'],
requireCredentialPrivateMode: true,
description: 'Show all pages this user created.',

1
packages/backend/src/server/api/endpoints/users/reactions.ts
View file

@ -8,6 +8,7 @@ export const meta = {
tags: ['users', 'reactions'],
requireCredential: false,
requireCredentialPrivateMode: true,
description: 'Show all reactions this user made.',

1
packages/backend/src/server/api/endpoints/users/search-by-username-and-host.ts
View file

@ -7,6 +7,7 @@ export const meta = {
tags: ['users'],
requireCredential: false,
requireCredentialPrivateMode: true,
description: 'Search for a user by username and/or host.',

1
packages/backend/src/server/api/endpoints/users/search.ts
View file

@ -7,6 +7,7 @@ export const meta = {
tags: ['users'],
requireCredential: false,
requireCredentialPrivateMode: true,
description: 'Search for users.',

1
packages/backend/src/server/api/endpoints/users/show.ts
View file

@ -10,6 +10,7 @@ export const meta = {
tags: ['users'],
requireCredential: false,
requireCredentialPrivateMode: true,
description: 'Show the properties of a user.',

1
packages/backend/src/server/api/endpoints/users/stats.ts
View file

@ -7,6 +7,7 @@ export const meta = {
tags: ['users'],
requireCredential: false,
requireCredentialPrivateMode: true,
description: 'Show statistics about a user.',

43
packages/backend/src/server/web/index.ts
View file

@ -24,6 +24,7 @@ import { getNoteSummary } from '@/misc/get-note-summary.js';
import { queues } from '@/queue/queues.js';
import { MINUTE, DAY } from '@/const.js';
import { genOpenapiSpec } from '../api/openapi/gen-spec.js';
import meta from '../api/endpoints/meta.js';
import { urlPreviewHandler } from './url-preview.js';
import { manifestHandler } from './manifest.js';
import packFeed from './feed.js';
@ -218,6 +219,10 @@ router.get('/api.json', async ctx => {
});
const getFeed = async (acct: string) => {
const meta = await fetchMeta();
if (meta.privateMode) {
return;
}
const { username, host } = Acct.parse(acct);
const user = await Users.findOneBy({
usernameLower: username.toLowerCase(),
@ -267,6 +272,12 @@ router.get('/@:user.json', async ctx => {
//#region SSR (for crawlers)
// User
router.get(['/@:user', '/@:user/:sub'], async (ctx, next) => {
const meta = await fetchMeta();
if (meta.privateMode) {
await next();
return;
}
const { username, host } = Acct.parse(ctx.params.user);
const user = await Users.findOneBy({
usernameLower: username.toLowerCase(),
@ -355,6 +366,12 @@ router.get('/notes/:note', async (ctx, next) => {
// Page
router.get('/@:user/pages/:page', async (ctx, next) => {
const meta = await fetchMeta();
if (meta.privateMode) {
await next();
return;
}
const { username, host } = Acct.parse(ctx.params.user);
const user = await Users.findOneBy({
usernameLower: username.toLowerCase(),
@ -396,6 +413,12 @@ router.get('/@:user/pages/:page', async (ctx, next) => {
// Clip
// TODO: 非publicなclipのハンドリング
router.get('/clips/:clip', async (ctx, next) => {
const meta = await fetchMeta();
if (meta.privateMode) {
await next();
return;
}
const clip = await Clips.findOneBy({
id: ctx.params.clip,
});
@ -423,6 +446,12 @@ router.get('/clips/:clip', async (ctx, next) => {
// Gallery post
router.get('/gallery/:post', async (ctx, next) => {
const meta = await fetchMeta();
if (meta.privateMode) {
await next();
return;
}
const post = await GalleryPosts.findOneBy({ id: ctx.params.post });
if (post) {
@ -448,6 +477,12 @@ router.get('/gallery/:post', async (ctx, next) => {
// Channel
router.get('/channels/:channel', async (ctx, next) => {
const meta = await fetchMeta();
if (meta.privateMode) {
await next();
return;
}
const channel = await Channels.findOneBy({
id: ctx.params.channel,
});
@ -473,6 +508,10 @@ router.get('/channels/:channel', async (ctx, next) => {
router.get('/_info_card_', async ctx => {
const meta = await fetchMeta(true);
if (meta.privateMode) {
ctx.status = 403;
return;
}
ctx.remove('X-Frame-Options');
@ -513,6 +552,10 @@ router.get('/streaming', async ctx => {
// Render base html for all requests
router.get('(.*)', async ctx => {
const meta = await fetchMeta();
if (meta.privateMode) {
return;
}
await ctx.render('base', {
img: meta.bannerUrl,
title: meta.name || 'Misskey',

34
packages/client/src/pages/admin/security.vue
View file

@ -26,6 +26,26 @@
<FormButton primary class="_formBlock" @click="save"><i class="fas fa-save"></i> {{ i18n.ts.save }}</FormButton>
</div>
</FormFolder>
<FormFolder class="_formBlock">
<template #label>{{ i18n.ts.instanceSecurity }}</template>
<div class="_formRoot">
<FormSwitch v-if="!privateMode" v-model="secureMode">
<template #label>{{ i18n.ts.secureMode }}</template>
<template #caption>{{ i18n.ts.secureModeInfo }}</template>
</FormSwitch>
<FormSwitch v-model="privateMode">
<template #label>{{ i18n.ts.privateMode }}</template>
<template #caption>{{ i18n.ts.privateModeInfo }}</template>
</FormSwitch>
<FormTextarea v-if="privateMode" v-model="allowedHosts">
<template #label>{{ i18n.ts.allowedInstances }}</template>
<template #caption>{{ i18n.ts.allowedInstancesDescription }}</template>
</FormTextarea>
<FormButton primary class="_formBlock" @click="save"><i class="fas fa-save"></i> {{ i18n.ts.save }}</FormButton>
</div>
</FormFolder>
</div>
</FormSuspense>
</MkSpacer>
@ -43,6 +63,7 @@ import FormSuspense from '@/components/form/suspense.vue';
import FormSection from '@/components/form/section.vue';
import FormInput from '@/components/form/input.vue';
import FormButton from '@/components/ui/button.vue';
import FormTextarea from '@/components/form/textarea.vue';
import * as os from '@/os';
import { fetchInstance } from '@/instance';
import { i18n } from '@/i18n';
@ -52,16 +73,27 @@ let summalyProxy: string = $ref('');
let enableHcaptcha: boolean = $ref(false);
let enableRecaptcha: boolean = $ref(false);
let secureMode: boolean = $ref(false);
let privateMode: boolean = $ref(false);
let allowedHosts: string = $ref('');
async function init() {
const meta = await os.api('admin/meta');
summalyProxy = meta.summalyProxy;
enableHcaptcha = meta.enableHcaptcha;
enableRecaptcha = meta.enableRecaptcha;
secureMode = meta.secureMode;
privateMode = meta.privateMode;
allowedHosts = meta.allowedHosts.join('\n');
}
function save() {
function save(): void {
os.apiWithDialog('admin/update-meta', {
summalyProxy,
secureMode,
privateMode,
allowedHosts: allowedHosts.split('\n'),
}).then(() => {
fetchInstance();
});
norm marked this conversation as resolved
Johann150 commented 2022-08-01 00:14:21 +00:00
Copy link

Why is this a separate function and not in the other save function?

Why is this a separate function and not in the other `save` function?