From 9ed1a09e8ce516ad4501e771e3e25e0c5d92582d Mon Sep 17 00:00:00 2001 From: nullobsi Date: Wed, 25 Aug 2021 20:48:57 -0700 Subject: [PATCH] Hide private data in pug when private mode is enabled --- packages/backend/src/server/web/index.ts | 15 ++++++ .../backend/src/server/web/views/base.pug | 6 ++- .../backend/src/server/web/views/channel.pug | 16 +++--- .../backend/src/server/web/views/clip.pug | 33 ++++++------ .../src/server/web/views/gallery-post.pug | 35 +++++++------ .../backend/src/server/web/views/note.pug | 51 ++++++++++--------- .../backend/src/server/web/views/page.pug | 33 ++++++------ .../backend/src/server/web/views/user.pug | 47 +++++++++-------- 8 files changed, 135 insertions(+), 101 deletions(-) diff --git a/packages/backend/src/server/web/index.ts b/packages/backend/src/server/web/index.ts index 682497e28..435d2a5e2 100644 --- a/packages/backend/src/server/web/index.ts +++ b/packages/backend/src/server/web/index.ts @@ -218,6 +218,10 @@ router.get('/api.json', async ctx => { }); const getFeed = async (acct: string) => { + const meta = await fetchMeta(); + if (meta.privateMode) { + return; + } const { username, host } = Acct.parse(acct); const user = await Users.findOneBy({ usernameLower: username.toLowerCase(), @@ -290,6 +294,7 @@ router.get(['/@:user', '/@:user/:sub'], async (ctx, next) => { instanceName: meta.name || 'Misskey', icon: meta.iconUrl, themeColor: meta.themeColor, + privateMode: meta.privateMode, }); ctx.set('Cache-Control', 'public, max-age=15'); } else { @@ -333,6 +338,7 @@ router.get('/notes/:note', async (ctx, next) => { summary: getNoteSummary(_note), instanceName: meta.name || 'Misskey', icon: meta.iconUrl, + privateMode: meta.privateMode, themeColor: meta.themeColor, }); @@ -370,6 +376,7 @@ router.get('/@:user/pages/:page', async (ctx, next) => { instanceName: meta.name || 'Misskey', icon: meta.iconUrl, themeColor: meta.themeColor, + privateMode: meta.privateMode, }); if (['public'].includes(page.visibility)) { @@ -400,6 +407,7 @@ router.get('/clips/:clip', async (ctx, next) => { profile, avatarUrl: await Users.getAvatarUrl(await Users.findOneByOrFail({ id: clip.userId })), instanceName: meta.name || 'Misskey', + privateMode: meta.privateMode, icon: meta.iconUrl, themeColor: meta.themeColor, }); @@ -427,6 +435,7 @@ router.get('/gallery/:post', async (ctx, next) => { instanceName: meta.name || 'Misskey', icon: meta.iconUrl, themeColor: meta.themeColor, + privateMode: meta.privateMode, }); ctx.set('Cache-Control', 'public, max-age=15'); @@ -451,6 +460,7 @@ router.get('/channels/:channel', async (ctx, next) => { instanceName: meta.name || 'Misskey', icon: meta.iconUrl, themeColor: meta.themeColor, + privateMode: meta.privateMode, }); ctx.set('Cache-Control', 'public, max-age=15'); @@ -464,6 +474,10 @@ router.get('/channels/:channel', async (ctx, next) => { router.get('/_info_card_', async ctx => { const meta = await fetchMeta(true); + if (meta.privateMode) { + ctx.status = 403; + return; + } ctx.remove('X-Frame-Options'); @@ -511,6 +525,7 @@ router.get('(.*)', async ctx => { desc: meta.description, icon: meta.iconUrl, themeColor: meta.themeColor, + privateMode: meta.privateMode, }); ctx.set('Cache-Control', 'public, max-age=15'); }); diff --git a/packages/backend/src/server/web/views/base.pug b/packages/backend/src/server/web/views/base.pug index 5bb156f0f..effa0743b 100644 --- a/packages/backend/src/server/web/views/base.pug +++ b/packages/backend/src/server/web/views/base.pug @@ -51,10 +51,12 @@ html meta(name='description' content= desc || '✨🌎✨ A interplanetary communication platform ✨🚀✨') block meta + if privateMode + meta(name='robots' content='noindex') block og - meta(property='og:title' content= title || 'Misskey') - meta(property='og:description' content= desc || '✨🌎✨ A interplanetary communication platform ✨🚀✨') + meta(property='og:title' content= title || 'Misskey') + meta(property='og:description' content= desc || '✨🌎✨ A interplanetary communication platform ✨🚀✨') meta(property='og:image' content= img) style diff --git a/packages/backend/src/server/web/views/channel.pug b/packages/backend/src/server/web/views/channel.pug index 486f0ecc4..c4594b766 100644 --- a/packages/backend/src/server/web/views/channel.pug +++ b/packages/backend/src/server/web/views/channel.pug @@ -1,18 +1,20 @@ extends ./base block vars - - const title = channel.name; + - const title = privateMode ? instanceName : channel.name; - const url = `${config.url}/channels/${channel.id}`; block title = `${title} | ${instanceName}` block desc - meta(name='description' content= channel.description) + unless privateMode + meta(name='description' content=channel.description) block og - meta(property='og:type' content='article') - meta(property='og:title' content= title) - meta(property='og:description' content= channel.description) - meta(property='og:url' content= url) - meta(property='og:image' content= channel.bannerUrl) + unless privateMode + meta(property='og:type' content='article') + meta(property='og:title' content= title) + meta(property='og:description' content= channel.description) + meta(property='og:url' content= url) + meta(property='og:image' content= channel.bannerUrl) diff --git a/packages/backend/src/server/web/views/clip.pug b/packages/backend/src/server/web/views/clip.pug index 4c692bf59..2432470c1 100644 --- a/packages/backend/src/server/web/views/clip.pug +++ b/packages/backend/src/server/web/views/clip.pug @@ -2,30 +2,33 @@ extends ./base block vars - const user = clip.user; - - const title = clip.name; + - const title = privateMode ? instanceName : clip.name; - const url = `${config.url}/clips/${clip.id}`; block title = `${title} | ${instanceName}` block desc - meta(name='description' content= clip.description) + unless privateMode + meta(name='description' content= clip.description) block og - meta(property='og:type' content='article') - meta(property='og:title' content= title) - meta(property='og:description' content= clip.description) - meta(property='og:url' content= url) - meta(property='og:image' content= avatarUrl) + unless privateMode + meta(property='og:type' content='article') + meta(property='og:title' content= title) + meta(property='og:description' content= clip.description) + meta(property='og:url' content= url) + meta(property='og:image' content= avatarUrl) block meta - if profile.noCrawle - meta(name='robots' content='noindex') + unless privateMode + if profile.noCrawle + meta(name='robots' content='noindex') - meta(name='misskey:user-username' content=user.username) - meta(name='misskey:user-id' content=user.id) - meta(name='misskey:clip-id' content=clip.id) + meta(name='misskey:user-username' content=user.username) + meta(name='misskey:user-id' content=user.id) + meta(name='misskey:clip-id' content=clip.id) - // todo - if user.twitter - meta(name='twitter:creator' content=`@${user.twitter.screenName}`) + // todo + if user.twitter + meta(name='twitter:creator' content=`@${user.twitter.screenName}`) diff --git a/packages/backend/src/server/web/views/gallery-post.pug b/packages/backend/src/server/web/views/gallery-post.pug index ca0663a48..1b1c2fbfb 100644 --- a/packages/backend/src/server/web/views/gallery-post.pug +++ b/packages/backend/src/server/web/views/gallery-post.pug @@ -2,32 +2,35 @@ extends ./base block vars - const user = post.user; - - const title = post.title; + - const title = privateMode ? instanceName : post.title; - const url = `${config.url}/gallery/${post.id}`; block title = `${title} | ${instanceName}` block desc - meta(name='description' content= post.description) + unless privateMode + meta(name='description' content= post.description) block og - meta(property='og:type' content='article') - meta(property='og:title' content= title) - meta(property='og:description' content= post.description) - meta(property='og:url' content= url) - meta(property='og:image' content= post.files[0].thumbnailUrl) + unless privateMode + meta(property='og:type' content='article') + meta(property='og:title' content= title) + meta(property='og:description' content= post.description) + meta(property='og:url' content= url) + meta(property='og:image' content= post.files[0].thumbnailUrl) block meta - if user.host || profile.noCrawle - meta(name='robots' content='noindex') + unless privateMode + if user.host || profile.noCrawle + meta(name='robots' content='noindex') - meta(name='misskey:user-username' content=user.username) - meta(name='misskey:user-id' content=user.id) + meta(name='misskey:user-username' content=user.username) + meta(name='misskey:user-id' content=user.id) - // todo - if user.twitter - meta(name='twitter:creator' content=`@${user.twitter.screenName}`) + // todo + if user.twitter + meta(name='twitter:creator' content=`@${user.twitter.screenName}`) - if !user.host - link(rel='alternate' href=url type='application/activity+json') + if !user.host + link(rel='alternate' href=url type='application/activity+json') diff --git a/packages/backend/src/server/web/views/note.pug b/packages/backend/src/server/web/views/note.pug index 65696ea13..6b55f6ba0 100644 --- a/packages/backend/src/server/web/views/note.pug +++ b/packages/backend/src/server/web/views/note.pug @@ -2,7 +2,7 @@ extends ./base block vars - const user = note.user; - - const title = user.name ? `${user.name} (@${user.username})` : `@${user.username}`; + - const title = privateMode ? instanceName : (user.name ? `${user.name} (@${user.username})` : `@${user.username}`); - const url = `${config.url}/notes/${note.id}`; - const isRenote = note.renote && note.text == null && note.fileIds.length == 0 && note.poll == null; @@ -10,33 +10,36 @@ block title = `${title} | ${instanceName}` block desc - meta(name='description' content= summary) + unless privateMode + meta(name='description' content= summary) block og - meta(property='og:type' content='article') - meta(property='og:title' content= title) - meta(property='og:description' content= summary) - meta(property='og:url' content= url) - meta(property='og:image' content= avatarUrl) + unless privateMode + meta(property='og:type' content='article') + meta(property='og:title' content= title) + meta(property='og:description' content= summary) + meta(property='og:url' content= url) + meta(property='og:image' content= avatarUrl) block meta - if user.host || isRenote || profile.noCrawle - meta(name='robots' content='noindex') + unless privateMode + if user.host || isRenote || profile.noCrawle + meta(name='robots' content='noindex') - meta(name='misskey:user-username' content=user.username) - meta(name='misskey:user-id' content=user.id) - meta(name='misskey:note-id' content=note.id) - - // todo - if user.twitter - meta(name='twitter:creator' content=`@${user.twitter.screenName}`) + meta(name='misskey:user-username' content=user.username) + meta(name='misskey:user-id' content=user.id) + meta(name='misskey:note-id' content=note.id) - if note.prev - link(rel='prev' href=`${config.url}/notes/${note.prev}`) - if note.next - link(rel='next' href=`${config.url}/notes/${note.next}`) + // todo + if user.twitter + meta(name='twitter:creator' content=`@${user.twitter.screenName}`) - if !user.host - link(rel='alternate' href=url type='application/activity+json') - if note.uri - link(rel='alternate' href=note.uri type='application/activity+json') + if note.prev + link(rel='prev' href=`${config.url}/notes/${note.prev}`) + if note.next + link(rel='next' href=`${config.url}/notes/${note.next}`) + + if !user.host + link(rel='alternate' href=url type='application/activity+json') + if note.uri + link(rel='alternate' href=note.uri type='application/activity+json') diff --git a/packages/backend/src/server/web/views/page.pug b/packages/backend/src/server/web/views/page.pug index 4219e76a5..109528213 100644 --- a/packages/backend/src/server/web/views/page.pug +++ b/packages/backend/src/server/web/views/page.pug @@ -2,30 +2,33 @@ extends ./base block vars - const user = page.user; - - const title = page.title; + - const title = privateMode ? instanceName : page.title; - const url = `${config.url}/@${user.username}/${page.name}`; block title = `${title} | ${instanceName}` block desc - meta(name='description' content= page.summary) + unless privateMode + meta(name='description' content= page.summary) block og - meta(property='og:type' content='article') - meta(property='og:title' content= title) - meta(property='og:description' content= page.summary) - meta(property='og:url' content= url) - meta(property='og:image' content= page.eyeCatchingImage ? page.eyeCatchingImage.thumbnailUrl : avatarUrl) + unless privateMode + meta(property='og:type' content='article') + meta(property='og:title' content= title) + meta(property='og:description' content= page.summary) + meta(property='og:url' content= url) + meta(property='og:image' content= page.eyeCatchingImage ? page.eyeCatchingImage.thumbnailUrl : avatarUrl) block meta - if profile.noCrawle - meta(name='robots' content='noindex') + unless privateMode + if profile.noCrawle + meta(name='robots' content='noindex') - meta(name='misskey:user-username' content=user.username) - meta(name='misskey:user-id' content=user.id) - meta(name='misskey:page-id' content=page.id) + meta(name='misskey:user-username' content=user.username) + meta(name='misskey:user-id' content=user.id) + meta(name='misskey:page-id' content=page.id) - // todo - if user.twitter - meta(name='twitter:creator' content=`@${user.twitter.screenName}`) + // todo + if user.twitter + meta(name='twitter:creator' content=`@${user.twitter.screenName}`) diff --git a/packages/backend/src/server/web/views/user.pug b/packages/backend/src/server/web/views/user.pug index 119993fdb..cc14dedb3 100644 --- a/packages/backend/src/server/web/views/user.pug +++ b/packages/backend/src/server/web/views/user.pug @@ -1,39 +1,42 @@ extends ./base block vars - - const title = user.name ? `${user.name} (@${user.username})` : `@${user.username}`; + - const title = privateMode ? instanceName : (user.name ? `${user.name} (@${user.username})` : `@${user.username}`); - const url = `${config.url}/@${(user.host ? `${user.username}@${user.host}` : user.username)}`; block title = `${title} | ${instanceName}` block desc - meta(name='description' content= profile.description) + unless privateMode + meta(name='description' content= profile.description) block og - meta(property='og:type' content='blog') - meta(property='og:title' content= title) - meta(property='og:description' content= profile.description) - meta(property='og:url' content= url) - meta(property='og:image' content= avatarUrl) + unless privateMode + meta(property='og:type' content='blog') + meta(property='og:title' content= title) + meta(property='og:description' content= profile.description) + meta(property='og:url' content= url) + meta(property='og:image' content= avatarUrl) block meta - if user.host || profile.noCrawle - meta(name='robots' content='noindex') + unless privateMode + if user.host || profile.noCrawle + meta(name='robots' content='noindex') - meta(name='misskey:user-username' content=user.username) - meta(name='misskey:user-id' content=user.id) + meta(name='misskey:user-username' content=user.username) + meta(name='misskey:user-id' content=user.id) - if profile.twitter - meta(name='twitter:creator' content=`@${profile.twitter.screenName}`) + if profile.twitter + meta(name='twitter:creator' content=`@${profile.twitter.screenName}`) - if !sub - if !user.host - link(rel='alternate' href=`${config.url}/users/${user.id}` type='application/activity+json') - if user.uri - link(rel='alternate' href=user.uri type='application/activity+json') - if profile.url - link(rel='alternate' href=profile.url type='text/html') + if !sub + if !user.host + link(rel='alternate' href=`${config.url}/users/${user.id}` type='application/activity+json') + if user.uri + link(rel='alternate' href=user.uri type='application/activity+json') + if profile.url + link(rel='alternate' href=profile.url type='text/html') - each m in me - link(rel='me' href=`${m}`) + each m in me + link(rel='me' href=`${m}`)