Security: SSRプライバシー方面の改善

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
ゆめ 2024-11-24 06:24:21 -06:00
parent c2029ed271
commit 756c8b3ef4
No known key found for this signature in database

View file

@ -562,6 +562,7 @@ export class ClientServerService {
usernameLower: username.toLowerCase(),
host: host ?? IsNull(),
isSuspended: false,
requireSigninToViewContents: false,
});
return user && await this.feedService.packFeed(user);
@ -616,12 +617,21 @@ export class ClientServerService {
// User
fastify.get<{ Params: { user: string; sub?: string; } }>('/@:user/:sub?', async (request, reply) => {
const { username, host } = Acct.parse(request.params.user);
if (host) {
return await renderBase(reply); // リモートユーザーのページはSSRしない (プライバシーの観点から)
}
const user = await this.usersRepository.findOneBy({
usernameLower: username.toLowerCase(),
host: host ?? IsNull(),
isSuspended: false,
});
if (user?.requireSigninToViewContents) {
return await renderBase(reply);
}
vary(reply.raw, 'Accept');
if (user != null) {
@ -663,6 +673,7 @@ export class ClientServerService {
id: request.params.user,
host: IsNull(),
isSuspended: false,
requireSigninToViewContents: false,
});
if (user == null) {