yume/yumechi-no-kuni
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

Security: SSRプライバシー方面の改善

Browse source 
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
ゆめ 2024-11-24 06:24:21 -06:00
parent 50255432c4
commit d6bb63c1d2
No known key found for this signature in database
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
packages/backend/src/server/web/ClientServerService.ts
View file

@ -562,6 +562,7 @@ export class ClientServerService {
usernameLower: username.toLowerCase(),
host: host ?? IsNull(),
isSuspended: false,
requireSigninToViewContents: false,
});
return user && await this.feedService.packFeed(user);
@ -616,12 +617,21 @@ export class ClientServerService {
// User
fastify.get<{ Params: { user: string; sub?: string; } }>('/@:user/:sub?', async (request, reply) => {
const { username, host } = Acct.parse(request.params.user);
if (host) {
return await renderBase(reply); // リモートユーザーのページはSSRしない (プライバシーの観点から)
}
const user = await this.usersRepository.findOneBy({
usernameLower: username.toLowerCase(),
host: host ?? IsNull(),
isSuspended: false,
});
if (user?.requireSigninToViewContents) {
return await renderBase(reply);
}
vary(reply.raw, 'Accept');
if (user != null) {
@ -663,6 +673,7 @@ export class ClientServerService {
id: request.params.user,
host: IsNull(),
isSuspended: false,
requireSigninToViewContents: false,
});
if (user == null) {