forked from FoundKeyGang/FoundKey
getNote checks visibility
Raise an error When a note is not visible to the requesting user.
This commit is contained in:
parent
bbb16208ab
commit
97edaca351
21 changed files with 76 additions and 64 deletions
|
@ -2,12 +2,20 @@ import { IdentifiableError } from '@/misc/identifiable-error.js';
|
||||||
import { User } from '@/models/entities/user.js';
|
import { User } from '@/models/entities/user.js';
|
||||||
import { Note } from '@/models/entities/note.js';
|
import { Note } from '@/models/entities/note.js';
|
||||||
import { Notes, Users } from '@/models/index.js';
|
import { Notes, Users } from '@/models/index.js';
|
||||||
|
import { generateVisibilityQuery } from './generate-visibility-query.js';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get note for API processing
|
* Get note for API processing, taking into account visibility.
|
||||||
*/
|
*/
|
||||||
export async function getNote(noteId: Note['id']) {
|
export async function getNote(noteId: Note['id'], me: { id: User['id'] } | null) {
|
||||||
const note = await Notes.findOneBy({ id: noteId });
|
const query = Notes.createQueryBuilder('note')
|
||||||
|
.where("note.id = :id", {
|
||||||
|
id: noteId,
|
||||||
|
});
|
||||||
|
|
||||||
|
generateVisibilityQuery(query, me);
|
||||||
|
|
||||||
|
const note = await query.getOne();
|
||||||
|
|
||||||
if (note == null) {
|
if (note == null) {
|
||||||
throw new IdentifiableError('9725d0ce-ba28-4dde-95a7-2cbb2c15de24', 'No such note.');
|
throw new IdentifiableError('9725d0ce-ba28-4dde-95a7-2cbb2c15de24', 'No such note.');
|
||||||
|
|
|
@ -35,9 +35,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
const exist = await PromoNotes.findOneBy({ noteId: note.id });
|
const exist = await PromoNotes.findOneBy({ noteId: note.id });
|
||||||
|
|
|
@ -52,9 +52,9 @@ export default define(meta, paramDef, async (ps, user) => {
|
||||||
throw new ApiError(meta.errors.noSuchClip);
|
throw new ApiError(meta.errors.noSuchClip);
|
||||||
}
|
}
|
||||||
|
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
const exist = await ClipNotes.findOneBy({
|
const exist = await ClipNotes.findOneBy({
|
||||||
|
|
|
@ -38,9 +38,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, me) => {
|
export default define(meta, paramDef, async (ps, me) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, me).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
const clipNotes = await ClipNotes.findBy({
|
const clipNotes = await ClipNotes.findBy({
|
||||||
|
|
|
@ -40,9 +40,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
const conversation: Note[] = [];
|
const conversation: Note[] = [];
|
||||||
|
|
|
@ -43,9 +43,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
if ((!user.isAdmin && !user.isModerator) && (note.userId !== user.id)) {
|
if ((!user.isAdmin && !user.isModerator) && (note.userId !== user.id)) {
|
||||||
|
|
|
@ -37,9 +37,9 @@ export const paramDef = {
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
// Get favoritee
|
// Get favoritee
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
// if already favorited
|
// if already favorited
|
||||||
|
|
|
@ -36,9 +36,9 @@ export const paramDef = {
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
// Get favoritee
|
// Get favoritee
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
// if already favorited
|
// if already favorited
|
||||||
|
|
|
@ -72,9 +72,9 @@ export default define(meta, paramDef, async (ps, user) => {
|
||||||
const createdAt = new Date();
|
const createdAt = new Date();
|
||||||
|
|
||||||
// Get votee
|
// Get votee
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
if (!note.hasPoll) {
|
if (!note.hasPoll) {
|
||||||
|
|
|
@ -2,6 +2,8 @@ import { FindOptionsWhere } from 'typeorm';
|
||||||
import { NoteReactions } from '@/models/index.js';
|
import { NoteReactions } from '@/models/index.js';
|
||||||
import { NoteReaction } from '@/models/entities/note-reaction.js';
|
import { NoteReaction } from '@/models/entities/note-reaction.js';
|
||||||
import define from '../../define.js';
|
import define from '../../define.js';
|
||||||
|
import { ApiError } from '../../error.js';
|
||||||
|
import { getNote } from '../../common/getters.js';
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
tags: ['notes', 'reactions'],
|
tags: ['notes', 'reactions'],
|
||||||
|
@ -45,6 +47,12 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
|
// check note visibility
|
||||||
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
|
throw err;
|
||||||
|
});
|
||||||
|
|
||||||
const query = {
|
const query = {
|
||||||
noteId: ps.noteId,
|
noteId: ps.noteId,
|
||||||
} as FindOptionsWhere<NoteReaction>;
|
} as FindOptionsWhere<NoteReaction>;
|
||||||
|
|
|
@ -42,9 +42,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
await createReaction(user, note, ps.reaction).catch(e => {
|
await createReaction(user, note, ps.reaction).catch(e => {
|
||||||
if (e.id === '51c42bb4-931a-456b-bff7-e5a8a70dd298') throw new ApiError(meta.errors.alreadyReacted);
|
if (e.id === '51c42bb4-931a-456b-bff7-e5a8a70dd298') throw new ApiError(meta.errors.alreadyReacted);
|
||||||
|
|
|
@ -42,9 +42,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
await deleteReaction(user, note).catch(e => {
|
await deleteReaction(user, note).catch(e => {
|
||||||
if (e.id === '60527ec9-b4cb-4a88-a6bd-32d3ad26817d') throw new ApiError(meta.errors.notReacted);
|
if (e.id === '60527ec9-b4cb-4a88-a6bd-32d3ad26817d') throw new ApiError(meta.errors.notReacted);
|
||||||
|
|
|
@ -44,9 +44,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
const query = makePaginationQuery(Notes.createQueryBuilder('note'), ps.sinceId, ps.untilId)
|
const query = makePaginationQuery(Notes.createQueryBuilder('note'), ps.sinceId, ps.untilId)
|
||||||
|
|
|
@ -33,9 +33,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
return await Notes.pack(note, user, {
|
return await Notes.pack(note, user, {
|
||||||
|
|
|
@ -31,9 +31,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
const mutedNotes = await Notes.find({
|
const mutedNotes = await Notes.find({
|
||||||
|
|
|
@ -29,9 +29,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
await NoteThreadMutings.delete({
|
await NoteThreadMutings.delete({
|
||||||
|
|
|
@ -38,15 +38,11 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
if (!(await Notes.isVisibleForMe(note, user ? user.id : null))) {
|
|
||||||
return 204; // TODO: 良い感じのエラー返す
|
|
||||||
}
|
|
||||||
|
|
||||||
if (note.text == null) {
|
if (note.text == null) {
|
||||||
return 204;
|
return 204;
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,9 +37,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
const renotes = await Notes.findBy({
|
const renotes = await Notes.findBy({
|
||||||
|
|
|
@ -29,9 +29,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
await watch(user.id, note);
|
await watch(user.id, note);
|
||||||
|
|
|
@ -29,9 +29,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
await unwatch(user.id, note);
|
await unwatch(user.id, note);
|
||||||
|
|
|
@ -28,9 +28,9 @@ export const paramDef = {
|
||||||
|
|
||||||
// eslint-disable-next-line import/no-default-export
|
// eslint-disable-next-line import/no-default-export
|
||||||
export default define(meta, paramDef, async (ps, user) => {
|
export default define(meta, paramDef, async (ps, user) => {
|
||||||
const note = await getNote(ps.noteId).catch(e => {
|
const note = await getNote(ps.noteId, user).catch(err => {
|
||||||
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
||||||
throw e;
|
throw err;
|
||||||
});
|
});
|
||||||
|
|
||||||
const exist = await PromoReads.findOneBy({
|
const exist = await PromoReads.findOneBy({
|
||||||
|
|
Loading…
Reference in a new issue