From e301630c9d3033e5c9aef843b2cc2eaedd85be7c Mon Sep 17 00:00:00 2001
From: MeiMei <30769358+mei23@users.noreply.github.com>
Date: Tue, 29 Jan 2019 13:46:24 +0900
Subject: [PATCH] Add visibility test (#4029)

---
 test/api-visibility.ts | 593 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 593 insertions(+)
 create mode 100644 test/api-visibility.ts

diff --git a/test/api-visibility.ts b/test/api-visibility.ts
new file mode 100644
index 000000000..2b62868ff
--- /dev/null
+++ b/test/api-visibility.ts
@@ -0,0 +1,593 @@
+/*
+ * Tests of API (visibility)
+ *
+ * How to run the tests:
+ * > mocha test/api-visibility.ts --require ts-node/register
+ *
+ * To specify test:
+ * > mocha test/api-visibility.ts --require ts-node/register -g 'test name'
+ */
+import * as http from 'http';
+import * as assert from 'chai';
+import { async, _signup, _request, _uploadFile, _post, _react, resetDb } from './utils';
+
+const expect = assert.expect;
+
+//#region process
+Error.stackTraceLimit = Infinity;
+
+// During the test the env variable is set to test
+process.env.NODE_ENV = 'test';
+
+// Display detail of unhandled promise rejection
+process.on('unhandledRejection', console.dir);
+//#endregion
+
+const app = require('../built/server/api').default;
+const db = require('../built/db/mongodb').default;
+
+const server = http.createServer(app.callback());
+
+//#region Utilities
+const request = _request(server);
+const signup = _signup(request);
+const post = _post(request);
+//#endregion
+
+describe('API visibility', () => {
+	// Reset database each test
+	before(resetDb(db));
+
+	after(() => {
+		server.close();
+	});
+
+	describe('Note visibility', async () => {
+		//#region vars
+		/** ヒロイン */
+		let alice: any;
+		/** フォロワー */
+		let follower: any;
+		/** 非フォロワー */
+		let other: any;
+		/** 非フォロワーでもリプライやメンションをされた人 */
+		let target: any;
+
+		/** public-post */
+		let pub: any;
+		/** home-post */
+		let home: any;
+		/** followers-post */
+		let fol: any;
+		/** specified-post */
+		let spe: any;
+		/** private-post */
+		let pri: any;
+
+		/** public-reply to target's post */
+		let pubR: any;
+		/** home-reply to target's post */
+		let homeR: any;
+		/** followers-reply to target's post */
+		let folR: any;
+		/** specified-reply to target's post */
+		let speR: any;
+		/** private-reply to target's post */
+		let priR: any;
+
+		/** public-mention to target */
+		let pubM: any;
+		/** home-mention to target */
+		let homeM: any;
+		/** followers-mention to target */
+		let folM: any;
+		/** specified-mention to target */
+		let speM: any;
+		/** private-mention to target */
+		let priM: any;
+
+		/** reply target post */
+		let tgt: any;
+		//#endregion
+
+		const show = async (noteId: any, by: any) => {
+			return await request('/notes/show', {
+				noteId
+			}, by);
+		};
+
+		before(async () => {
+			//#region prepare
+			// signup
+			alice    = await signup({ username: 'alice' });
+			follower = await signup({ username: 'follower' });
+			other    = await signup({ username: 'other' });
+			target   = await signup({ username: 'target' });
+
+			// follow alice <= follower
+			await request('/following/create', { userId: alice.id }, follower);
+
+			// normal posts
+			pub  = await post(alice, { text: 'x', visibility: 'public' });
+			home = await post(alice, { text: 'x', visibility: 'home' });
+			fol  = await post(alice, { text: 'x', visibility: 'followers' });
+			spe  = await post(alice, { text: 'x', visibility: 'specified', visibleUserIds: [target.id] });
+			pri  = await post(alice, { text: 'x', visibility: 'private' });
+
+			// replies
+			tgt = await post(target, { text: 'y', visibility: 'public' });
+			pubR  = await post(alice, { text: 'x', replyId: tgt.id, visibility: 'public' });
+			homeR = await post(alice, { text: 'x', replyId: tgt.id, visibility: 'home' });
+			folR  = await post(alice, { text: 'x', replyId: tgt.id, visibility: 'followers' });
+			speR  = await post(alice, { text: 'x', replyId: tgt.id, visibility: 'specified' });
+			priR  = await post(alice, { text: 'x', replyId: tgt.id, visibility: 'private' });
+
+			// mentions
+			pubM  = await post(alice, { text: '@target x', replyId: tgt.id, visibility: 'public' });
+			homeM = await post(alice, { text: '@target x', replyId: tgt.id, visibility: 'home' });
+			folM  = await post(alice, { text: '@target x', replyId: tgt.id, visibility: 'followers' });
+			speM  = await post(alice, { text: '@target x', replyId: tgt.id, visibility: 'specified' });
+			priM  = await post(alice, { text: '@target x', replyId: tgt.id, visibility: 'private' });
+			//#endregion
+		});
+
+		//#region show post
+		// public
+		it('[show] public-postを自分が見れる', async(async () => {
+			const res = await show(pub.id, alice);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] public-postをフォロワーが見れる', async(async () => {
+			const res = await show(pub.id, follower);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] public-postを非フォロワーが見れる', async(async () => {
+			const res = await show(pub.id, other);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] public-postを未認証が見れる', async(async () => {
+			const res = await show(pub.id, null);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		// home
+		it('[show] home-postを自分が見れる', async(async () => {
+			const res = await show(home.id, alice);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] home-postをフォロワーが見れる', async(async () => {
+			const res = await show(home.id, follower);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] home-postを非フォロワーが見れる', async(async () => {
+			const res = await show(home.id, other);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] home-postを未認証が見れる', async(async () => {
+			const res = await show(home.id, null);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		// followers
+		it('[show] followers-postを自分が見れる', async(async () => {
+			const res = await show(fol.id, alice);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] followers-postをフォロワーが見れる', async(async () => {
+			const res = await show(fol.id, follower);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] followers-postを非フォロワーが見れない', async(async () => {
+			const res = await show(fol.id, other);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] followers-postを未認証が見れない', async(async () => {
+			const res = await show(fol.id, null);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		// specified
+		it('[show] specified-postを自分が見れる', async(async () => {
+			const res = await show(spe.id, alice);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] specified-postを指定ユーザーが見れる', async(async () => {
+			const res = await show(spe.id, target);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] specified-postをフォロワーが見れない', async(async () => {
+			const res = await show(spe.id, follower);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] specified-postを非フォロワーが見れない', async(async () => {
+			const res = await show(spe.id, other);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] specified-postを未認証が見れない', async(async () => {
+			const res = await show(spe.id, null);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		// private
+		it('[show] private-postを自分が見れる', async(async () => {
+			const res = await show(pri.id, alice);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] private-postをフォロワーが見れない', async(async () => {
+			const res = await show(pri.id, follower);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] private-postを非フォロワーが見れない', async(async () => {
+			const res = await show(pri.id, other);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] private-postを未認証が見れない', async(async () => {
+			const res = await show(pri.id, null);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+		//#endregion
+
+		//#region show reply
+		// public
+		it('[show] public-replyを自分が見れる', async(async () => {
+			const res = await show(pubR.id, alice);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] public-replyをされた人が見れる', async(async () => {
+			const res = await show(pubR.id, target);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] public-replyをフォロワーが見れる', async(async () => {
+			const res = await show(pubR.id, follower);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] public-replyを非フォロワーが見れる', async(async () => {
+			const res = await show(pubR.id, other);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] public-replyを未認証が見れる', async(async () => {
+			const res = await show(pubR.id, null);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		// home
+		it('[show] home-replyを自分が見れる', async(async () => {
+			const res = await show(homeR.id, alice);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] home-replyをされた人が見れる', async(async () => {
+			const res = await show(homeR.id, target);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] home-replyをフォロワーが見れる', async(async () => {
+			const res = await show(homeR.id, follower);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] home-replyを非フォロワーが見れる', async(async () => {
+			const res = await show(homeR.id, other);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] home-replyを未認証が見れる', async(async () => {
+			const res = await show(homeR.id, null);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		// followers
+		it('[show] followers-replyを自分が見れる', async(async () => {
+			const res = await show(folR.id, alice);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] followers-replyをされた人がフォロワーでなくても見れる', async(async () => {
+			const res = await show(folR.id, target);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] followers-replyをフォロワーが見れる', async(async () => {
+			const res = await show(folR.id, follower);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] followers-replyを非フォロワーが見れない', async(async () => {
+			const res = await show(folR.id, other);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] followers-replyを未認証が見れない', async(async () => {
+			const res = await show(folR.id, null);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		// specified
+		it('[show] specified-replyを自分が見れる', async(async () => {
+			const res = await show(speR.id, alice);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] specified-replyを指定ユーザーが見れる', async(async () => {
+			const res = await show(speR.id, target);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] specified-replyをされた人が指定されてなくても見れる', async(async () => {
+			const res = await show(speR.id, target);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] specified-replyをフォロワーが見れない', async(async () => {
+			const res = await show(speR.id, follower);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] specified-replyを非フォロワーが見れない', async(async () => {
+			const res = await show(speR.id, other);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] specified-replyを未認証が見れない', async(async () => {
+			const res = await show(speR.id, null);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		// private
+		it('[show] private-replyを自分が見れる', async(async () => {
+			const res = await show(priR.id, alice);
+			expect(res.body).have.property('text').eql('x');
+		}));
+
+		it('[show] private-replyをフォロワーが見れない', async(async () => {
+			const res = await show(priR.id, follower);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] private-replyを非フォロワーが見れない', async(async () => {
+			const res = await show(priR.id, other);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] private-replyを未認証が見れない', async(async () => {
+			const res = await show(priR.id, null);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+		//#endregion
+
+		//#region show mention
+		// public
+		it('[show] public-mentionを自分が見れる', async(async () => {
+			const res = await show(pubM.id, alice);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] public-mentionをされた人が見れる', async(async () => {
+			const res = await show(pubM.id, target);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] public-mentionをフォロワーが見れる', async(async () => {
+			const res = await show(pubM.id, follower);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] public-mentionを非フォロワーが見れる', async(async () => {
+			const res = await show(pubM.id, other);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] public-mentionを未認証が見れる', async(async () => {
+			const res = await show(pubM.id, null);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		// home
+		it('[show] home-mentionを自分が見れる', async(async () => {
+			const res = await show(homeM.id, alice);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] home-mentionをされた人が見れる', async(async () => {
+			const res = await show(homeM.id, target);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] home-mentionをフォロワーが見れる', async(async () => {
+			const res = await show(homeM.id, follower);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] home-mentionを非フォロワーが見れる', async(async () => {
+			const res = await show(homeM.id, other);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] home-mentionを未認証が見れる', async(async () => {
+			const res = await show(homeM.id, null);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		// followers
+		it('[show] followers-mentionを自分が見れる', async(async () => {
+			const res = await show(folM.id, alice);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] followers-mentionをされた人がフォロワーでなくても見れる', async(async () => {
+			const res = await show(folM.id, target);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] followers-mentionをフォロワーが見れる', async(async () => {
+			const res = await show(folM.id, follower);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] followers-mentionを非フォロワーが見れない', async(async () => {
+			const res = await show(folM.id, other);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] followers-mentionを未認証が見れない', async(async () => {
+			const res = await show(folM.id, null);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		// specified
+		it('[show] specified-mentionを自分が見れる', async(async () => {
+			const res = await show(speM.id, alice);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] specified-mentionを指定ユーザーが見れる', async(async () => {
+			const res = await show(speM.id, target);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] specified-mentionをされた人が指定されてなくても見れる', async(async () => {
+			const res = await show(speM.id, target);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] specified-mentionをフォロワーが見れない', async(async () => {
+			const res = await show(speM.id, follower);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] specified-mentionを非フォロワーが見れない', async(async () => {
+			const res = await show(speM.id, other);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] specified-mentionを未認証が見れない', async(async () => {
+			const res = await show(speM.id, null);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		// private
+		it('[show] private-mentionを自分が見れる', async(async () => {
+			const res = await show(priM.id, alice);
+			expect(res.body).have.property('text').eql('@target x');
+		}));
+
+		it('[show] private-mentionをフォロワーが見れない', async(async () => {
+			const res = await show(priM.id, follower);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] private-mentionを非フォロワーが見れない', async(async () => {
+			const res = await show(priM.id, other);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+
+		it('[show] private-mentionを未認証が見れない', async(async () => {
+			const res = await show(priM.id, null);
+			expect(res.body).have.property('isHidden').eql(true);
+		}));
+		//#endregion
+
+		//#region HTL
+		it('[HTL] public-post が 自分が見れる', async(async () => {
+			const res = await request('/notes/timeline', { limit: 100 }, alice);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == pub.id);
+			expect(notes[0]).have.property('text').eql('x');
+		}));
+
+		it('[HTL] public-post が 非フォロワーから見れない', async(async () => {
+			const res = await request('/notes/timeline', { limit: 100 }, other);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == pub.id);
+			expect(notes).length(0);
+		}));
+
+		it('[HTL] followers-post が フォロワーから見れる', async(async () => {
+			const res = await request('/notes/timeline', { limit: 100 }, follower);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == fol.id);
+			expect(notes[0]).have.property('text').eql('x');
+		}));
+		//#endregion
+
+		//#region RTL
+		it('[RTL] followers-reply が 非フォロワー (リプライ先ではない) から見れない', async(async () => {
+			const res = await request('/notes/replies', { noteId: tgt.id, limit: 100 }, other);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == folR.id);
+			expect(notes).length(0);
+		}));
+
+		it('[RTL] followers-reply が 非フォロワー (リプライ先である) から見れない', async(async () => {
+			const res = await request('/notes/replies', { noteId: tgt.id, limit: 100 }, target);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == folR.id);
+			expect(notes).length(0);
+		}));
+		//#endregion
+
+		//#region MTL
+		it('[MTL] public-reply が 非フォロワー (リプライ先ではない) から見れる', async(async () => {
+			const res = await request('/notes/mentions', { noteId: tgt.id, limit: 100 }, other);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == pubR.id);
+			expect(notes).length(0);
+		}));
+
+		it('[MTL] followers-reply が 非フォロワー (リプライ先ではない) から見れない', async(async () => {
+			const res = await request('/notes/mentions', { noteId: tgt.id, limit: 100 }, other);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == folR.id);
+			expect(notes).length(0);
+		}));
+
+		it('[MTL] followers-reply が 非フォロワー (リプライ先である) から見れない', async(async () => {
+			const res = await request('/notes/mentions', { noteId: tgt.id, limit: 100 }, target);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == folR.id);
+			expect(notes).length(0);
+		}));
+
+		it('[MTL] public-mention が 非フォロワー (メンション先ではない) から見れる', async(async () => {
+			const res = await request('/notes/mentions', { noteId: tgt.id, limit: 100 }, other);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == pubM.id);
+			expect(notes).length(0);
+		}));
+
+		it('[MTL] followers-mention が 非フォロワー (メンション先ではない) から見れない', async(async () => {
+			const res = await request('/notes/mentions', { noteId: tgt.id, limit: 100 }, other);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == folM.id);
+			expect(notes).length(0);
+		}));
+
+		it('[MTL] followers-reply が 非フォロワー (メンション先である) から見れない', async(async () => {
+			const res = await request('/notes/mentions', { noteId: tgt.id, limit: 100 }, target);
+			expect(res).have.status(200);
+			const notes = res.body.filter((n: any) => n.id == folM.id);
+			expect(notes).length(0);
+		}));
+		//#endregion
+	});
+});