From aa76c974f39e0e15f0e363817baa2a5593153f9b Mon Sep 17 00:00:00 2001 From: nullobsi Date: Wed, 25 Aug 2021 20:48:57 -0700 Subject: [PATCH] Skip rendering private data in privateMode Co-authored-by: Francis Dinh --- .../src/remote/activitypub/check-fetch.ts | 1 - packages/backend/src/server/activitypub.ts | 16 +++---- .../src/server/activitypub/featured.ts | 2 +- .../src/server/activitypub/followers.ts | 4 +- .../src/server/activitypub/following.ts | 4 +- .../backend/src/server/activitypub/outbox.ts | 8 ++-- packages/backend/src/server/web/index.ts | 44 +++++++++++++++++++ 7 files changed, 61 insertions(+), 18 deletions(-) diff --git a/packages/backend/src/remote/activitypub/check-fetch.ts b/packages/backend/src/remote/activitypub/check-fetch.ts index 63103aa64..7dd9a51c0 100644 --- a/packages/backend/src/remote/activitypub/check-fetch.ts +++ b/packages/backend/src/remote/activitypub/check-fetch.ts @@ -7,7 +7,6 @@ import { toPuny } from '@/misc/convert-host.js'; import DbResolver from '@/remote/activitypub/db-resolver.js'; import { getApId } from '@/remote/activitypub/type.js'; - export default async function checkFetch(req: IncomingMessage): Promise { const meta = await fetchMeta(); if (meta.secureMode || meta.privateMode) { diff --git a/packages/backend/src/server/activitypub.ts b/packages/backend/src/server/activitypub.ts index dd66f29c4..c423b37f0 100644 --- a/packages/backend/src/server/activitypub.ts +++ b/packages/backend/src/server/activitypub.ts @@ -70,7 +70,7 @@ router.get('/notes/:note', async (ctx, next) => { if (!isActivityPubReq(ctx)) return await next(); const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } @@ -87,7 +87,7 @@ router.get('/notes/:note', async (ctx, next) => { } // リモートだったらリダイレクト - if (note.userHost != null) { + if (note.userHost !== null) { if (note.uri == null || isSelfHost(note.userHost)) { ctx.status = 500; return; @@ -110,7 +110,7 @@ router.get('/notes/:note', async (ctx, next) => { // note activity router.get('/notes/:note/activity', async ctx => { const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } @@ -160,7 +160,7 @@ router.get('/users/:user/publickey', async ctx => { } const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } @@ -220,7 +220,7 @@ router.get('/users/:user', async (ctx, next) => { } const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } @@ -246,7 +246,7 @@ router.get('/@:user', async (ctx, next) => { } const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } @@ -291,7 +291,7 @@ router.get('/emojis/:emoji', async ctx => { // like router.get('/likes/:like', async ctx => { const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } @@ -326,7 +326,7 @@ router.get('/likes/:like', async ctx => { // follow router.get('/follows/:follower/:followee', async ctx => { const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } diff --git a/packages/backend/src/server/activitypub/featured.ts b/packages/backend/src/server/activitypub/featured.ts index 6d3680798..f3f9207b7 100644 --- a/packages/backend/src/server/activitypub/featured.ts +++ b/packages/backend/src/server/activitypub/featured.ts @@ -12,7 +12,7 @@ import { fetchMeta } from '@/misc/fetch-meta.js'; export default async (ctx: Router.RouterContext) => { const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } diff --git a/packages/backend/src/server/activitypub/followers.ts b/packages/backend/src/server/activitypub/followers.ts index 3c8ea9458..04a58dc57 100644 --- a/packages/backend/src/server/activitypub/followers.ts +++ b/packages/backend/src/server/activitypub/followers.ts @@ -14,7 +14,7 @@ import { fetchMeta } from '@/misc/fetch-meta.js'; export default async (ctx: Router.RouterContext) => { const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } @@ -22,7 +22,7 @@ export default async (ctx: Router.RouterContext) => { const userId = ctx.params.user; const cursor = ctx.request.query.cursor; - if (cursor != null && typeof cursor !== 'string') { + if (cursor !== null && typeof cursor !== 'string') { ctx.status = 400; return; } diff --git a/packages/backend/src/server/activitypub/following.ts b/packages/backend/src/server/activitypub/following.ts index 836cd4d26..2b6c64513 100644 --- a/packages/backend/src/server/activitypub/following.ts +++ b/packages/backend/src/server/activitypub/following.ts @@ -14,7 +14,7 @@ import { fetchMeta } from '@/misc/fetch-meta.js'; export default async (ctx: Router.RouterContext) => { const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } @@ -22,7 +22,7 @@ export default async (ctx: Router.RouterContext) => { const userId = ctx.params.user; const cursor = ctx.request.query.cursor; - if (cursor != null && typeof cursor !== 'string') { + if (cursor !== null && typeof cursor !== 'string') { ctx.status = 400; return; } diff --git a/packages/backend/src/server/activitypub/outbox.ts b/packages/backend/src/server/activitypub/outbox.ts index 5dfaff366..3c0379546 100644 --- a/packages/backend/src/server/activitypub/outbox.ts +++ b/packages/backend/src/server/activitypub/outbox.ts @@ -19,7 +19,7 @@ import { fetchMeta } from '@/misc/fetch-meta.js'; export default async (ctx: Router.RouterContext) => { const verify = await checkFetch(ctx.req); - if (verify != 200) { + if (verify !== 200) { ctx.status = verify; return; } @@ -27,20 +27,20 @@ export default async (ctx: Router.RouterContext) => { const userId = ctx.params.user; const sinceId = ctx.request.query.since_id; - if (sinceId != null && typeof sinceId !== 'string') { + if (sinceId !== null && typeof sinceId !== 'string') { ctx.status = 400; return; } const untilId = ctx.request.query.until_id; - if (untilId != null && typeof untilId !== 'string') { + if (untilId !== null && typeof untilId !== 'string') { ctx.status = 400; return; } const page = ctx.request.query.page === 'true'; - if (countIf(x => x != null, [sinceId, untilId]) > 1) { + if (countIf(x => x !== null, [sinceId, untilId]) > 1) { ctx.status = 400; return; } diff --git a/packages/backend/src/server/web/index.ts b/packages/backend/src/server/web/index.ts index e97b14d8d..f23712f7b 100644 --- a/packages/backend/src/server/web/index.ts +++ b/packages/backend/src/server/web/index.ts @@ -24,6 +24,7 @@ import { getNoteSummary } from '@/misc/get-note-summary.js'; import { queues } from '@/queue/queues.js'; import { MINUTE, DAY } from '@/const.js'; import { genOpenapiSpec } from '../api/openapi/gen-spec.js'; +import meta from '../api/endpoints/meta.js'; import { urlPreviewHandler } from './url-preview.js'; import { manifestHandler } from './manifest.js'; import packFeed from './feed.js'; @@ -218,6 +219,10 @@ router.get('/api.json', async ctx => { }); const getFeed = async (acct: string) => { + const meta = await fetchMeta(); + if (meta.privateMode) { + return; + } const { username, host } = Acct.parse(acct); const user = await Users.findOneBy({ usernameLower: username.toLowerCase(), @@ -267,6 +272,12 @@ router.get('/@:user.json', async ctx => { //#region SSR (for crawlers) // User router.get(['/@:user', '/@:user/:sub'], async (ctx, next) => { + const meta = await fetchMeta(); + if (meta.privateMode) { + await next(); + return; + } + const { username, host } = Acct.parse(ctx.params.user); const user = await Users.findOneBy({ usernameLower: username.toLowerCase(), @@ -355,6 +366,12 @@ router.get('/notes/:note', async (ctx, next) => { // Page router.get('/@:user/pages/:page', async (ctx, next) => { + const meta = await fetchMeta(); + if (meta.privateMode) { + await next(); + return; + } + const { username, host } = Acct.parse(ctx.params.user); const user = await Users.findOneBy({ usernameLower: username.toLowerCase(), @@ -396,6 +413,12 @@ router.get('/@:user/pages/:page', async (ctx, next) => { // Clip // TODO: 非publicなclipのハンドリング router.get('/clips/:clip', async (ctx, next) => { + const meta = await fetchMeta(); + if (meta.privateMode) { + await next(); + return; + } + const clip = await Clips.findOneBy({ id: ctx.params.clip, }); @@ -409,6 +432,7 @@ router.get('/clips/:clip', async (ctx, next) => { profile, avatarUrl: await Users.getAvatarUrl(await Users.findOneByOrFail({ id: clip.userId })), instanceName: meta.name || 'FoundKey', + privateMode: meta.privateMode, icon: meta.iconUrl, themeColor: meta.themeColor, }); @@ -423,6 +447,12 @@ router.get('/clips/:clip', async (ctx, next) => { // Gallery post router.get('/gallery/:post', async (ctx, next) => { + const meta = await fetchMeta(); + if (meta.privateMode) { + await next(); + return; + } + const post = await GalleryPosts.findOneBy({ id: ctx.params.post }); if (post) { @@ -448,6 +478,12 @@ router.get('/gallery/:post', async (ctx, next) => { // Channel router.get('/channels/:channel', async (ctx, next) => { + const meta = await fetchMeta(); + if (meta.privateMode) { + await next(); + return; + } + const channel = await Channels.findOneBy({ id: ctx.params.channel, }); @@ -473,6 +509,10 @@ router.get('/channels/:channel', async (ctx, next) => { router.get('/_info_card_', async ctx => { const meta = await fetchMeta(true); + if (meta.privateMode) { + ctx.status = 403; + return; + } ctx.remove('X-Frame-Options'); @@ -513,6 +553,10 @@ router.get('/streaming', async ctx => { // Render base html for all requests router.get('(.*)', async ctx => { const meta = await fetchMeta(); + if (meta.privateMode) { + return; + } + await ctx.render('base', { img: meta.bannerUrl, title: meta.name || 'FoundKey',