Add secure mode settings to Security tab

locales/en-US.yml

@@ -829,6 +829,13 @@ middle: "Medium"
 low: "Low"
 emailNotConfiguredWarning: "Email address not set."
 ratio: "Ratio"
+secureMode: "Secure Mode (Authorized Fetch)"
+instanceSecurity: "Instance Security"
+secureModeInfo: "Requests from other instances must be signed, otherwise notes won't be returned."
+privateMode: "Private Mode"
+privateModeInfo: "When enabled, only authorized instances may fetch notes. Hides all notes from public."
+allowedInstances: "Allowed Instances"
+allowedInstancesDescription: "Set the hosts of the instances you want to allow, separated by line. Valid in private mode only."
 previewNoteText: "Show preview"
 customCss: "Custom CSS"
 customCssWarn: "This setting should only be used if you know what it does. Entering\

locales/ja-JP.yml

@@ -771,6 +771,13 @@ middle: "中"
 low: "低"
 emailNotConfiguredWarning: "メールアドレスの設定がされていません。"
 ratio: "比率"
+secureMode: "セキュアモード (Authorized Fetch)"
+instanceSecurity: "インスタンスのセキュリティー"
+secureModeInfo: "他のインスタンスからリクエストするときに、証明を付けなければ返送しません。"
+privateMode: "非公開モード"
+privateModeInfo: "有効にして、許可されているインスタンスのみがリクエストできます。すべてのノートが公開に非表示にします。"
+allowedInstances: "許可されたインスタンス"
+allowedInstancesDescription: "許可したいインスタンスのホストを改行で区切って設定します。非公開モードだけで有効です。"
 previewNoteText: "本文をプレビュー"
 customCss: "カスタムCSS"
 customCssWarn: "この設定は必ず知識のある方が行ってください。不適切な設定を行うとクライアントが正常に使用できなくなる恐れがあります。"

packages/backend/src/server/api/endpoints/admin/meta.ts

@@ -153,6 +153,22 @@ export const meta = {
 					optional: false, nullable: false,
 				},
 			},
+			allowedHosts: {
+				type: 'array',
+				optional: true, nullable: false,
+				items: {
+					type: 'string',
+					optional: false, nullable: false,
+				},
+			},
+			privateMode: {
+				type: 'boolean',
+				optional: false, nullable: false,
+			},
+			secureMode: {
+				type: 'boolean',
+				optional: false, nullable: false,
+			},
 			hcaptchaSecretKey: {
 				type: 'string',
 				optional: true, nullable: true,
@@ -327,6 +343,9 @@ export default define(meta, paramDef, async (ps, me) => {
 		pinnedUsers: instance.pinnedUsers,
 		hiddenTags: instance.hiddenTags,
 		blockedHosts: instance.blockedHosts,
+		allowedHosts: instance.allowedHosts,
+		privateMode: instance.privateMode,
+		secureMode: instance.secureMode,
 		hcaptchaSecretKey: instance.hcaptchaSecretKey,
 		recaptchaSecretKey: instance.recaptchaSecretKey,
 		proxyAccountId: instance.proxyAccountId,

packages/backend/src/server/api/endpoints/admin/update-meta.ts

@@ -26,6 +26,11 @@ export const paramDef = {
 		blockedHosts: { type: 'array', nullable: true, items: {
 			type: 'string',
 		} },
+		allowedHosts: { type: 'array', nullable: true, items: {
+			type: 'string',
+    } },
+		secureMode: { type: 'boolean', nullable: true },
+		privateMode: { type: 'boolean', nullable: true },
 		themeColor: { type: 'string', nullable: true, pattern: '^#[0-9a-fA-F]{6}$' },
 		bannerUrl: { type: 'string', nullable: true },
 		iconUrl: { type: 'string', nullable: true },
@@ -131,6 +136,18 @@ export default define(meta, paramDef, async (ps, me) => {
 		set.themeColor = ps.themeColor;
 	}
 
+	if (Array.isArray(ps.allowedHosts)) {
+		set.allowedHosts = ps.allowedHosts.filter(Boolean);
+	}
+
+	if (typeof ps.privateMode === 'boolean') {
+		set.privateMode = ps.privateMode;
+	}
+
+	if (typeof ps.secureMode === 'boolean') {
+		set.secureMode = ps.secureMode;
+	}
+
 	if (ps.bannerUrl !== undefined) {
 		set.bannerUrl = ps.bannerUrl;
 	}

packages/client/src/pages/admin/security.vue

@@ -26,6 +26,26 @@
 						<FormButton primary class="_formBlock" @click="save"><i class="fas fa-save"></i> {{ i18n.ts.save }}</FormButton>
 					</div>
 				</FormFolder>
+
+				<FormFolder class="_formBlock">
+					<template #label>{{ i18n.ts.instanceSecurity }}</template>
+
+					<div class="_formRoot">
+						<FormSwitch v-if="!privateMode" v-model="secureMode">
+							<template #label>{{ i18n.ts.secureMode }}</template>
+							<template #caption>{{ i18n.ts.secureModeInfo }}</template>
+						</FormSwitch>
+						<FormSwitch v-model="privateMode">
+							<template #label>{{ i18n.ts.privateMode }}</template>
+							<template #caption>{{ i18n.ts.privateModeInfo }}</template>
+						</FormSwitch>
+						<FormTextarea v-if="privateMode" v-model="allowedHosts">
+							<template #label>{{ i18n.ts.allowedInstances }}</template>
+							<template #caption>{{ i18n.ts.allowedInstancesDescription }}</template>
+						</FormTextarea>
+						<FormButton primary class="_formBlock" @click="save"><i class="fas fa-save"></i> {{ i18n.ts.save }}</FormButton>
+					</div>
+				</FormFolder>
 			</div>
 		</FormSuspense>
 	</MkSpacer>
@@ -38,6 +58,7 @@ import FormFolder from '@/components/form/folder.vue';
 import FormSuspense from '@/components/form/suspense.vue';
 import FormInput from '@/components/form/input.vue';
 import FormButton from '@/components/ui/button.vue';
+import FormTextarea from '@/components/form/textarea.vue';
 import * as os from '@/os';
 import { fetchInstance } from '@/instance';
 import { i18n } from '@/i18n';
@@ -47,16 +68,27 @@ let summalyProxy: string = $ref('');
 let enableHcaptcha: boolean = $ref(false);
 let enableRecaptcha: boolean = $ref(false);
 
+let secureMode: boolean = $ref(false);
+let privateMode: boolean = $ref(false);
+let allowedHosts: string = $ref('');
+
 async function init(): Promise<void> {
 	const meta = await os.api('admin/meta');
 	summalyProxy = meta.summalyProxy;
 	enableHcaptcha = meta.enableHcaptcha;
 	enableRecaptcha = meta.enableRecaptcha;
+
+	secureMode = meta.secureMode;
+	privateMode = meta.privateMode;
+	allowedHosts = meta.allowedHosts.join('\n');
 }
 
 function save(): void {
 	os.apiWithDialog('admin/update-meta', {
 		summalyProxy,
+		secureMode,
+		privateMode,
+		allowedHosts: allowedHosts.split('\n'),
 	}).then(() => {
 		fetchInstance();
 	});