getNote checks visibility

Raise an error When a note is not visible to the requesting user.
This commit is contained in:
Johann150 2022-03-08 21:16:51 +01:00
parent bbb16208ab
commit 97edaca351
Signed by untrusted user: Johann150
GPG key ID: 9EE6577A2A06F8F1
21 changed files with 76 additions and 64 deletions

View file

@ -2,12 +2,20 @@ import { IdentifiableError } from '@/misc/identifiable-error.js';
import { User } from '@/models/entities/user.js'; import { User } from '@/models/entities/user.js';
import { Note } from '@/models/entities/note.js'; import { Note } from '@/models/entities/note.js';
import { Notes, Users } from '@/models/index.js'; import { Notes, Users } from '@/models/index.js';
import { generateVisibilityQuery } from './generate-visibility-query.js';
/** /**
* Get note for API processing * Get note for API processing, taking into account visibility.
*/ */
export async function getNote(noteId: Note['id']) { export async function getNote(noteId: Note['id'], me: { id: User['id'] } | null) {
const note = await Notes.findOneBy({ id: noteId }); const query = Notes.createQueryBuilder('note')
.where("note.id = :id", {
id: noteId,
});
generateVisibilityQuery(query, me);
const note = await query.getOne();
if (note == null) { if (note == null) {
throw new IdentifiableError('9725d0ce-ba28-4dde-95a7-2cbb2c15de24', 'No such note.'); throw new IdentifiableError('9725d0ce-ba28-4dde-95a7-2cbb2c15de24', 'No such note.');

View file

@ -35,9 +35,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
const exist = await PromoNotes.findOneBy({ noteId: note.id }); const exist = await PromoNotes.findOneBy({ noteId: note.id });

View file

@ -52,9 +52,9 @@ export default define(meta, paramDef, async (ps, user) => {
throw new ApiError(meta.errors.noSuchClip); throw new ApiError(meta.errors.noSuchClip);
} }
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
const exist = await ClipNotes.findOneBy({ const exist = await ClipNotes.findOneBy({

View file

@ -38,9 +38,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, me) => { export default define(meta, paramDef, async (ps, me) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, me).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
const clipNotes = await ClipNotes.findBy({ const clipNotes = await ClipNotes.findBy({

View file

@ -40,9 +40,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
const conversation: Note[] = []; const conversation: Note[] = [];

View file

@ -43,9 +43,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
if ((!user.isAdmin && !user.isModerator) && (note.userId !== user.id)) { if ((!user.isAdmin && !user.isModerator) && (note.userId !== user.id)) {

View file

@ -37,9 +37,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
// Get favoritee // Get favoritee
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
// if already favorited // if already favorited

View file

@ -36,9 +36,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
// Get favoritee // Get favoritee
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
// if already favorited // if already favorited

View file

@ -72,9 +72,9 @@ export default define(meta, paramDef, async (ps, user) => {
const createdAt = new Date(); const createdAt = new Date();
// Get votee // Get votee
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
if (!note.hasPoll) { if (!note.hasPoll) {

View file

@ -2,6 +2,8 @@ import { FindOptionsWhere } from 'typeorm';
import { NoteReactions } from '@/models/index.js'; import { NoteReactions } from '@/models/index.js';
import { NoteReaction } from '@/models/entities/note-reaction.js'; import { NoteReaction } from '@/models/entities/note-reaction.js';
import define from '../../define.js'; import define from '../../define.js';
import { ApiError } from '../../error.js';
import { getNote } from '../../common/getters.js';
export const meta = { export const meta = {
tags: ['notes', 'reactions'], tags: ['notes', 'reactions'],
@ -45,6 +47,12 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
// check note visibility
const note = await getNote(ps.noteId, user).catch(err => {
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw err;
});
const query = { const query = {
noteId: ps.noteId, noteId: ps.noteId,
} as FindOptionsWhere<NoteReaction>; } as FindOptionsWhere<NoteReaction>;

View file

@ -42,9 +42,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
await createReaction(user, note, ps.reaction).catch(e => { await createReaction(user, note, ps.reaction).catch(e => {
if (e.id === '51c42bb4-931a-456b-bff7-e5a8a70dd298') throw new ApiError(meta.errors.alreadyReacted); if (e.id === '51c42bb4-931a-456b-bff7-e5a8a70dd298') throw new ApiError(meta.errors.alreadyReacted);

View file

@ -42,9 +42,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
await deleteReaction(user, note).catch(e => { await deleteReaction(user, note).catch(e => {
if (e.id === '60527ec9-b4cb-4a88-a6bd-32d3ad26817d') throw new ApiError(meta.errors.notReacted); if (e.id === '60527ec9-b4cb-4a88-a6bd-32d3ad26817d') throw new ApiError(meta.errors.notReacted);

View file

@ -44,9 +44,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
const query = makePaginationQuery(Notes.createQueryBuilder('note'), ps.sinceId, ps.untilId) const query = makePaginationQuery(Notes.createQueryBuilder('note'), ps.sinceId, ps.untilId)

View file

@ -33,9 +33,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
return await Notes.pack(note, user, { return await Notes.pack(note, user, {

View file

@ -31,9 +31,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
const mutedNotes = await Notes.find({ const mutedNotes = await Notes.find({

View file

@ -29,9 +29,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
await NoteThreadMutings.delete({ await NoteThreadMutings.delete({

View file

@ -38,15 +38,11 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
if (!(await Notes.isVisibleForMe(note, user ? user.id : null))) {
return 204; // TODO: 良い感じのエラー返す
}
if (note.text == null) { if (note.text == null) {
return 204; return 204;
} }

View file

@ -37,9 +37,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
const renotes = await Notes.findBy({ const renotes = await Notes.findBy({

View file

@ -29,9 +29,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
await watch(user.id, note); await watch(user.id, note);

View file

@ -29,9 +29,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
await unwatch(user.id, note); await unwatch(user.id, note);

View file

@ -28,9 +28,9 @@ export const paramDef = {
// eslint-disable-next-line import/no-default-export // eslint-disable-next-line import/no-default-export
export default define(meta, paramDef, async (ps, user) => { export default define(meta, paramDef, async (ps, user) => {
const note = await getNote(ps.noteId).catch(e => { const note = await getNote(ps.noteId, user).catch(err => {
if (e.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote); if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
throw e; throw err;
}); });
const exist = await PromoReads.findOneBy({ const exist = await PromoReads.findOneBy({