m33/FoundKey
1
0
Fork 0
forked from FoundKeyGang/FoundKey
Code Issues Pull requests Projects Releases Packages Wiki Activity

Skip rendering private data in privateMode

Browse source 
Co-authored-by: Francis Dinh <normandy@biribiri.dev>
This commit is contained in:
nullobsi 2021-08-25 20:48:57 -07:00 committed by Francis Dinh
parent 61b7c8ca53
commit aa76c974f3
Signed by untrusted user: norm
GPG key ID: 7123E30E441E80DE
7 changed files with 61 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
packages/backend/src/remote/activitypub/check-fetch.ts
View file

@ -7,7 +7,6 @@ import { toPuny } from '@/misc/convert-host.js';
import DbResolver from '@/remote/activitypub/db-resolver.js';
import { getApId } from '@/remote/activitypub/type.js';
export default async function checkFetch(req: IncomingMessage): Promise<number> {
const meta = await fetchMeta();
if (meta.secureMode || meta.privateMode) {

16
packages/backend/src/server/activitypub.ts
View file

@ -70,7 +70,7 @@ router.get('/notes/:note', async (ctx, next) => {
if (!isActivityPubReq(ctx)) return await next();
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}
@ -87,7 +87,7 @@ router.get('/notes/:note', async (ctx, next) => {
}
// リモートだったらリダイレクト
if (note.userHost != null) {
if (note.userHost !== null) {
if (note.uri == null || isSelfHost(note.userHost)) {
ctx.status = 500;
return;
@ -110,7 +110,7 @@ router.get('/notes/:note', async (ctx, next) => {
// note activity
router.get('/notes/:note/activity', async ctx => {
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}
@ -160,7 +160,7 @@ router.get('/users/:user/publickey', async ctx => {
}
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}
@ -220,7 +220,7 @@ router.get('/users/:user', async (ctx, next) => {
}
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}
@ -246,7 +246,7 @@ router.get('/@:user', async (ctx, next) => {
}
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}
@ -291,7 +291,7 @@ router.get('/emojis/:emoji', async ctx => {
// like
router.get('/likes/:like', async ctx => {
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}
@ -326,7 +326,7 @@ router.get('/likes/:like', async ctx => {
// follow
router.get('/follows/:follower/:followee', async ctx => {
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}

2
packages/backend/src/server/activitypub/featured.ts
View file

@ -12,7 +12,7 @@ import { fetchMeta } from '@/misc/fetch-meta.js';
export default async (ctx: Router.RouterContext) => {
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}

4
packages/backend/src/server/activitypub/followers.ts
View file

@ -14,7 +14,7 @@ import { fetchMeta } from '@/misc/fetch-meta.js';
export default async (ctx: Router.RouterContext) => {
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}
@ -22,7 +22,7 @@ export default async (ctx: Router.RouterContext) => {
const userId = ctx.params.user;
const cursor = ctx.request.query.cursor;
if (cursor != null && typeof cursor !== 'string') {
if (cursor !== null && typeof cursor !== 'string') {
ctx.status = 400;
return;
}

4
packages/backend/src/server/activitypub/following.ts
View file

@ -14,7 +14,7 @@ import { fetchMeta } from '@/misc/fetch-meta.js';
export default async (ctx: Router.RouterContext) => {
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}
@ -22,7 +22,7 @@ export default async (ctx: Router.RouterContext) => {
const userId = ctx.params.user;
const cursor = ctx.request.query.cursor;
if (cursor != null && typeof cursor !== 'string') {
if (cursor !== null && typeof cursor !== 'string') {
ctx.status = 400;
return;
}

8
packages/backend/src/server/activitypub/outbox.ts
View file

@ -19,7 +19,7 @@ import { fetchMeta } from '@/misc/fetch-meta.js';
export default async (ctx: Router.RouterContext) => {
const verify = await checkFetch(ctx.req);
if (verify != 200) {
if (verify !== 200) {
ctx.status = verify;
return;
}
@ -27,20 +27,20 @@ export default async (ctx: Router.RouterContext) => {
const userId = ctx.params.user;
const sinceId = ctx.request.query.since_id;
if (sinceId != null && typeof sinceId !== 'string') {
if (sinceId !== null && typeof sinceId !== 'string') {
ctx.status = 400;
return;
}
const untilId = ctx.request.query.until_id;
if (untilId != null && typeof untilId !== 'string') {
if (untilId !== null && typeof untilId !== 'string') {
ctx.status = 400;
return;
}
const page = ctx.request.query.page === 'true';
if (countIf(x => x != null, [sinceId, untilId]) > 1) {
if (countIf(x => x !== null, [sinceId, untilId]) > 1) {
ctx.status = 400;
return;
}

44
packages/backend/src/server/web/index.ts
View file

@ -24,6 +24,7 @@ import { getNoteSummary } from '@/misc/get-note-summary.js';
import { queues } from '@/queue/queues.js';
import { MINUTE, DAY } from '@/const.js';
import { genOpenapiSpec } from '../api/openapi/gen-spec.js';
import meta from '../api/endpoints/meta.js';
import { urlPreviewHandler } from './url-preview.js';
import { manifestHandler } from './manifest.js';
import packFeed from './feed.js';
@ -218,6 +219,10 @@ router.get('/api.json', async ctx => {
});
const getFeed = async (acct: string) => {
const meta = await fetchMeta();
if (meta.privateMode) {
return;
}
const { username, host } = Acct.parse(acct);
const user = await Users.findOneBy({
usernameLower: username.toLowerCase(),
@ -267,6 +272,12 @@ router.get('/@:user.json', async ctx => {
//#region SSR (for crawlers)
// User
router.get(['/@:user', '/@:user/:sub'], async (ctx, next) => {
const meta = await fetchMeta();
if (meta.privateMode) {
await next();
return;
}
const { username, host } = Acct.parse(ctx.params.user);
const user = await Users.findOneBy({
usernameLower: username.toLowerCase(),
@ -355,6 +366,12 @@ router.get('/notes/:note', async (ctx, next) => {
// Page
router.get('/@:user/pages/:page', async (ctx, next) => {
const meta = await fetchMeta();
if (meta.privateMode) {
await next();
return;
}
const { username, host } = Acct.parse(ctx.params.user);
const user = await Users.findOneBy({
usernameLower: username.toLowerCase(),
@ -396,6 +413,12 @@ router.get('/@:user/pages/:page', async (ctx, next) => {
// Clip
// TODO: 非publicなclipのハンドリング
router.get('/clips/:clip', async (ctx, next) => {
const meta = await fetchMeta();
if (meta.privateMode) {
await next();
return;
}
const clip = await Clips.findOneBy({
id: ctx.params.clip,
});
@ -409,6 +432,7 @@ router.get('/clips/:clip', async (ctx, next) => {
profile,
avatarUrl: await Users.getAvatarUrl(await Users.findOneByOrFail({ id: clip.userId })),
instanceName: meta.name || 'FoundKey',
privateMode: meta.privateMode,
icon: meta.iconUrl,
themeColor: meta.themeColor,
});
@ -423,6 +447,12 @@ router.get('/clips/:clip', async (ctx, next) => {
// Gallery post
router.get('/gallery/:post', async (ctx, next) => {
const meta = await fetchMeta();
if (meta.privateMode) {
await next();
return;
}
const post = await GalleryPosts.findOneBy({ id: ctx.params.post });
if (post) {
@ -448,6 +478,12 @@ router.get('/gallery/:post', async (ctx, next) => {
// Channel
router.get('/channels/:channel', async (ctx, next) => {
const meta = await fetchMeta();
if (meta.privateMode) {
await next();
return;
}
const channel = await Channels.findOneBy({
id: ctx.params.channel,
});
@ -473,6 +509,10 @@ router.get('/channels/:channel', async (ctx, next) => {
router.get('/_info_card_', async ctx => {
const meta = await fetchMeta(true);
if (meta.privateMode) {
ctx.status = 403;
return;
}
ctx.remove('X-Frame-Options');
@ -513,6 +553,10 @@ router.get('/streaming', async ctx => {
// Render base html for all requests
router.get('(.*)', async ctx => {
const meta = await fetchMeta();
if (meta.privateMode) {
return;
}
await ctx.render('base', {
img: meta.bannerUrl,
title: meta.name || 'FoundKey',