c96bc36fed
* fix: fix improper authorization when accessing with third-party application
* refactor: refactor type definitions
* fix: get rid of unnecessary access limitation
* enhance: サードパーティアプリケーションがWebsocket APIを使えるように
* fix: add missing parentheses
* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"
This reverts commit 5150053275.
* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする
* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加
* enhance(test): Websocket APIに対するテストも追加
* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合
* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正
* enhance(backend): Websocketの接続に最低限必要な権限を変更
* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように
* fix(backend): エンドポイントにアクセスするために必要な権限を変更
* fix(frontend/locale): Add missing type declaration
* chore: update `misskey-js/src/autogen`
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
80 lines
2.4 KiB
TypeScript
80 lines
2.4 KiB
TypeScript
/*
|
|
* SPDX-FileCopyrightText: syuilo and other misskey contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
import { MoreThan } from 'typeorm';
|
|
import { Inject, Injectable } from '@nestjs/common';
|
|
import { Endpoint } from '@/server/api/endpoint-base.js';
|
|
import type { RegistrationTicketsRepository } from '@/models/_.js';
|
|
import { InviteCodeEntityService } from '@/core/entities/InviteCodeEntityService.js';
|
|
import { IdService } from '@/core/IdService.js';
|
|
import { RoleService } from '@/core/RoleService.js';
|
|
import { DI } from '@/di-symbols.js';
|
|
import { generateInviteCode } from '@/misc/generate-invite-code.js';
|
|
import { ApiError } from '../../error.js';
|
|
|
|
export const meta = {
|
|
tags: ['meta'],
|
|
|
|
requireCredential: true,
|
|
requireRolePolicy: 'canInvite',
|
|
kind: 'write:invite-codes',
|
|
|
|
errors: {
|
|
exceededCreateLimit: {
|
|
message: 'You have exceeded the limit for creating an invitation code.',
|
|
code: 'EXCEEDED_LIMIT_OF_CREATE_INVITE_CODE',
|
|
id: '8b165dd3-6f37-4557-8db1-73175d63c641',
|
|
},
|
|
},
|
|
|
|
res: {
|
|
type: 'object',
|
|
optional: false, nullable: false,
|
|
ref: 'InviteCode',
|
|
},
|
|
} as const;
|
|
|
|
export const paramDef = {
|
|
type: 'object',
|
|
properties: {},
|
|
required: [],
|
|
} as const;
|
|
|
|
@Injectable()
|
|
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
|
|
constructor(
|
|
@Inject(DI.registrationTicketsRepository)
|
|
private registrationTicketsRepository: RegistrationTicketsRepository,
|
|
|
|
private inviteCodeEntityService: InviteCodeEntityService,
|
|
private idService: IdService,
|
|
private roleService: RoleService,
|
|
) {
|
|
super(meta, paramDef, async (ps, me) => {
|
|
const policies = await this.roleService.getUserPolicies(me.id);
|
|
|
|
if (policies.inviteLimit) {
|
|
const count = await this.registrationTicketsRepository.countBy({
|
|
id: MoreThan(this.idService.gen(Date.now() - (policies.inviteLimitCycle * 1000 * 60))),
|
|
createdById: me.id,
|
|
});
|
|
|
|
if (count >= policies.inviteLimit) {
|
|
throw new ApiError(meta.errors.exceededCreateLimit);
|
|
}
|
|
}
|
|
|
|
const ticket = await this.registrationTicketsRepository.insert({
|
|
id: this.idService.gen(),
|
|
createdBy: me,
|
|
createdById: me.id,
|
|
expiresAt: policies.inviteExpirationTime ? new Date(Date.now() + (policies.inviteExpirationTime * 1000 * 60)) : null,
|
|
code: generateInviteCode(),
|
|
}).then(x => this.registrationTicketsRepository.findOneByOrFail(x.identifiers[0]));
|
|
|
|
return await this.inviteCodeEntityService.pack(ticket, me);
|
|
});
|
|
}
|
|
}
|