Security: SSRプライバシー方面の改善
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
parent
c2029ed271
commit
756c8b3ef4
1 changed files with 11 additions and 0 deletions
|
@ -562,6 +562,7 @@ export class ClientServerService {
|
|||
usernameLower: username.toLowerCase(),
|
||||
host: host ?? IsNull(),
|
||||
isSuspended: false,
|
||||
requireSigninToViewContents: false,
|
||||
});
|
||||
|
||||
return user && await this.feedService.packFeed(user);
|
||||
|
@ -616,12 +617,21 @@ export class ClientServerService {
|
|||
// User
|
||||
fastify.get<{ Params: { user: string; sub?: string; } }>('/@:user/:sub?', async (request, reply) => {
|
||||
const { username, host } = Acct.parse(request.params.user);
|
||||
|
||||
if (host) {
|
||||
return await renderBase(reply); // リモートユーザーのページはSSRしない (プライバシーの観点から)
|
||||
}
|
||||
|
||||
const user = await this.usersRepository.findOneBy({
|
||||
usernameLower: username.toLowerCase(),
|
||||
host: host ?? IsNull(),
|
||||
isSuspended: false,
|
||||
});
|
||||
|
||||
if (user?.requireSigninToViewContents) {
|
||||
return await renderBase(reply);
|
||||
}
|
||||
|
||||
vary(reply.raw, 'Accept');
|
||||
|
||||
if (user != null) {
|
||||
|
@ -663,6 +673,7 @@ export class ClientServerService {
|
|||
id: request.params.user,
|
||||
host: IsNull(),
|
||||
isSuspended: false,
|
||||
requireSigninToViewContents: false,
|
||||
});
|
||||
|
||||
if (user == null) {
|
||||
|
|
Loading…
Reference in a new issue