mirror of
https://github.com/misskey-dev/misskey.git
synced 2026-05-19 11:15:28 +02:00
Merge commit from fork
* Tighten security in `HashtagChannel` * Add isNoteVisibleForMe in stream channel Co-Authored-By: Julia Johannesen <julia@insertdomain.name> * Tighten note visibility checks in WebSocket (No.1) * refactor * Fix main channel Co-Authored-By: Julia Johannesen <julia@insertdomain.name> * fix typo * fix missing lockdown (requireSigninToViewContents) checks * fix(backend): streamingでのロックダウン挙動修正 * fix: 引用リノートを無条件で隠していた問題を修正 * fix: 引用リノートを単純にリノート場合に内容が見えることがある問題を修正 * refac * fix * fix * fix * Update docs --------- Co-authored-by: Julia Johannesen <julia@insertdomain.name> Co-authored-by: KanariKanaru <93921745+kanarikanaru@users.noreply.github.com>
This commit is contained in:
かっこかり
GitHub
@@ -5,7 +5,9 @@
|
||||
|
||||
import { Inject, Injectable, Scope } from '@nestjs/common';
|
||||
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
|
||||
import { NoteStreamingHidingService } from '../NoteStreamingHidingService.js';
|
||||
import { bindThis } from '@/decorators.js';
|
||||
import { isRenotePacked, isQuotePacked } from '@/misc/is-renote.js';
|
||||
import type { GlobalEvents } from '@/core/GlobalEventService.js';
|
||||
import type { JsonObject } from '@/misc/json-value.js';
|
||||
import Channel, { type ChannelRequest } from '../channel.js';
|
||||
@@ -24,6 +26,7 @@ export class AntennaChannel extends Channel {
|
||||
request: ChannelRequest,
|
||||
|
||||
private noteEntityService: NoteEntityService,
|
||||
private noteStreamingHidingService: NoteStreamingHidingService,
|
||||
) {
|
||||
super(request);
|
||||
//this.onEvent = this.onEvent.bind(this);
|
||||
@@ -43,8 +46,21 @@ export class AntennaChannel extends Channel {
|
||||
if (data.type === 'note') {
|
||||
const note = await this.noteEntityService.pack(data.body.id, this.user, { detail: true });
|
||||
|
||||
if (!this.isNoteVisibleForMe(note)) return;
|
||||
if (this.isNoteMutedOrBlocked(note)) return;
|
||||
|
||||
const { shouldSkip } = await this.noteStreamingHidingService.processHiding(note, this.user?.id ?? null);
|
||||
if (shouldSkip) return;
|
||||
|
||||
if (this.user) {
|
||||
if (isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
this.send('note', note);
|
||||
} else {
|
||||
this.send(data.type, data.body);
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
import { Inject, Injectable, Scope } from '@nestjs/common';
|
||||
import type { Packed } from '@/misc/json-schema.js';
|
||||
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
|
||||
import { NoteStreamingHidingService } from '../NoteStreamingHidingService.js';
|
||||
import { bindThis } from '@/decorators.js';
|
||||
import { isRenotePacked, isQuotePacked } from '@/misc/is-renote.js';
|
||||
import { isInstanceMuted } from '@/misc/is-instance-muted.js';
|
||||
@@ -26,6 +27,7 @@ export class ChannelChannel extends Channel {
|
||||
request: ChannelRequest,
|
||||
|
||||
private noteEntityService: NoteEntityService,
|
||||
private noteStreamingHidingService: NoteStreamingHidingService,
|
||||
) {
|
||||
super(request);
|
||||
//this.onNote = this.onNote.bind(this);
|
||||
@@ -48,12 +50,18 @@ export class ChannelChannel extends Channel {
|
||||
if (note.renote && note.renote.user.requireSigninToViewContents && this.user == null) return;
|
||||
if (note.reply && note.reply.user.requireSigninToViewContents && this.user == null) return;
|
||||
|
||||
if (!this.isNoteVisibleForMe(note)) return;
|
||||
if (this.isNoteMutedOrBlocked(note)) return;
|
||||
|
||||
if (this.user && isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
const { shouldSkip } = await this.noteStreamingHidingService.processHiding(note, this.user?.id ?? null);
|
||||
if (shouldSkip) return;
|
||||
|
||||
if (this.user) {
|
||||
if (isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ import { Inject, Injectable, Scope } from '@nestjs/common';
|
||||
import type { Packed } from '@/misc/json-schema.js';
|
||||
import { MetaService } from '@/core/MetaService.js';
|
||||
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
|
||||
import { NoteStreamingHidingService } from '../NoteStreamingHidingService.js';
|
||||
import { bindThis } from '@/decorators.js';
|
||||
import { RoleService } from '@/core/RoleService.js';
|
||||
import { isRenotePacked, isQuotePacked } from '@/misc/is-renote.js';
|
||||
@@ -29,6 +30,7 @@ export class GlobalTimelineChannel extends Channel {
|
||||
private metaService: MetaService,
|
||||
private roleService: RoleService,
|
||||
private noteEntityService: NoteEntityService,
|
||||
private noteStreamingHidingService: NoteStreamingHidingService,
|
||||
) {
|
||||
super(request);
|
||||
//this.onNote = this.onNote.bind(this);
|
||||
@@ -60,10 +62,15 @@ export class GlobalTimelineChannel extends Channel {
|
||||
|
||||
if (this.isNoteMutedOrBlocked(note)) return;
|
||||
|
||||
if (this.user && isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
const { shouldSkip } = await this.noteStreamingHidingService.processHiding(note, this.user?.id ?? null);
|
||||
if (shouldSkip) return;
|
||||
|
||||
if (this.user) {
|
||||
if (isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -7,12 +7,12 @@ import { Inject, Injectable, Scope } from '@nestjs/common';
|
||||
import { normalizeForSearch } from '@/misc/normalize-for-search.js';
|
||||
import type { Packed } from '@/misc/json-schema.js';
|
||||
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
|
||||
import { NoteStreamingHidingService } from '../NoteStreamingHidingService.js';
|
||||
import { bindThis } from '@/decorators.js';
|
||||
import { isRenotePacked, isQuotePacked } from '@/misc/is-renote.js';
|
||||
import type { JsonObject } from '@/misc/json-value.js';
|
||||
import Channel, { type ChannelRequest } from '../channel.js';
|
||||
import { REQUEST } from '@nestjs/core';
|
||||
|
||||
@Injectable({ scope: Scope.TRANSIENT })
|
||||
export class HashtagChannel extends Channel {
|
||||
public readonly chName = 'hashtag';
|
||||
@@ -25,6 +25,7 @@ export class HashtagChannel extends Channel {
|
||||
request: ChannelRequest,
|
||||
|
||||
private noteEntityService: NoteEntityService,
|
||||
private noteStreamingHidingService: NoteStreamingHidingService,
|
||||
) {
|
||||
super(request);
|
||||
//this.onNote = this.onNote.bind(this);
|
||||
@@ -33,7 +34,11 @@ export class HashtagChannel extends Channel {
|
||||
@bindThis
|
||||
public async init(params: JsonObject) {
|
||||
if (!Array.isArray(params.q)) return;
|
||||
if (!params.q.every(x => Array.isArray(x) && x.every(y => typeof y === 'string'))) return;
|
||||
if (!params.q.every((x): x is string[] => (
|
||||
Array.isArray(x) &&
|
||||
x.length >= 1 &&
|
||||
x.every(y => typeof y === 'string')
|
||||
))) return;
|
||||
this.q = params.q;
|
||||
|
||||
// Subscribe stream
|
||||
@@ -46,12 +51,21 @@ export class HashtagChannel extends Channel {
|
||||
const matched = this.q.some(tags => tags.every(tag => noteTags.includes(normalizeForSearch(tag))));
|
||||
if (!matched) return;
|
||||
|
||||
if (!this.isNoteVisibleForMe(note)) return;
|
||||
if (note.user.requireSigninToViewContents && this.user == null) return;
|
||||
if (note.renote && note.renote.user.requireSigninToViewContents && this.user == null) return;
|
||||
if (note.reply && note.reply.user.requireSigninToViewContents && this.user == null) return;
|
||||
if (this.isNoteMutedOrBlocked(note)) return;
|
||||
|
||||
if (this.user && isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
const { shouldSkip } = await this.noteStreamingHidingService.processHiding(note, this.user?.id ?? null);
|
||||
if (shouldSkip) return;
|
||||
|
||||
if (this.user) {
|
||||
if (isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
import { Inject, Injectable, Scope } from '@nestjs/common';
|
||||
import type { Packed } from '@/misc/json-schema.js';
|
||||
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
|
||||
import { NoteStreamingHidingService } from '../NoteStreamingHidingService.js';
|
||||
import { bindThis } from '@/decorators.js';
|
||||
import { isRenotePacked, isQuotePacked } from '@/misc/is-renote.js';
|
||||
import type { JsonObject } from '@/misc/json-value.js';
|
||||
@@ -26,6 +27,7 @@ export class HomeTimelineChannel extends Channel {
|
||||
request: ChannelRequest,
|
||||
|
||||
private noteEntityService: NoteEntityService,
|
||||
private noteStreamingHidingService: NoteStreamingHidingService,
|
||||
) {
|
||||
super(request);
|
||||
//this.onNote = this.onNote.bind(this);
|
||||
@@ -55,11 +57,7 @@ export class HomeTimelineChannel extends Channel {
|
||||
if (!isMe && !Object.hasOwn(this.following, note.userId)) return;
|
||||
}
|
||||
|
||||
if (note.visibility === 'followers') {
|
||||
if (!isMe && !Object.hasOwn(this.following, note.userId)) return;
|
||||
} else if (note.visibility === 'specified') {
|
||||
if (!isMe && !note.visibleUserIds!.includes(this.user!.id)) return;
|
||||
}
|
||||
if (!this.isNoteVisibleForMe(note)) return;
|
||||
|
||||
if (note.reply) {
|
||||
const reply = note.reply;
|
||||
@@ -84,10 +82,15 @@ export class HomeTimelineChannel extends Channel {
|
||||
|
||||
if (this.isNoteMutedOrBlocked(note)) return;
|
||||
|
||||
if (this.user && isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
const { shouldSkip } = await this.noteStreamingHidingService.processHiding(note, this.user?.id ?? null);
|
||||
if (shouldSkip) return;
|
||||
|
||||
if (this.user) {
|
||||
if (isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ import { Inject, Injectable, Scope } from '@nestjs/common';
|
||||
import type { Packed } from '@/misc/json-schema.js';
|
||||
import { MetaService } from '@/core/MetaService.js';
|
||||
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
|
||||
import { NoteStreamingHidingService } from '../NoteStreamingHidingService.js';
|
||||
import { bindThis } from '@/decorators.js';
|
||||
import { RoleService } from '@/core/RoleService.js';
|
||||
import { isRenotePacked, isQuotePacked } from '@/misc/is-renote.js';
|
||||
@@ -31,6 +32,7 @@ export class HybridTimelineChannel extends Channel {
|
||||
private metaService: MetaService,
|
||||
private roleService: RoleService,
|
||||
private noteEntityService: NoteEntityService,
|
||||
private noteStreamingHidingService: NoteStreamingHidingService,
|
||||
) {
|
||||
super(request);
|
||||
//this.onNote = this.onNote.bind(this);
|
||||
@@ -75,12 +77,7 @@ export class HybridTimelineChannel extends Channel {
|
||||
}
|
||||
}
|
||||
|
||||
if (note.visibility === 'followers') {
|
||||
if (!isMe && !Object.hasOwn(this.following, note.userId)) return;
|
||||
} else if (note.visibility === 'specified') {
|
||||
if (!isMe && !note.visibleUserIds!.includes(this.user!.id)) return;
|
||||
}
|
||||
|
||||
if (!this.isNoteVisibleForMe(note)) return;
|
||||
if (this.isNoteMutedOrBlocked(note)) return;
|
||||
|
||||
if (note.reply) {
|
||||
@@ -104,10 +101,15 @@ export class HybridTimelineChannel extends Channel {
|
||||
}
|
||||
}
|
||||
|
||||
if (this.user && note.renoteId && !note.text) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
const { shouldSkip } = await this.noteStreamingHidingService.processHiding(note, this.user?.id ?? null);
|
||||
if (shouldSkip) return;
|
||||
|
||||
if (this.user) {
|
||||
if (isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ import { Inject, Injectable, Scope } from '@nestjs/common';
|
||||
import type { Packed } from '@/misc/json-schema.js';
|
||||
import { MetaService } from '@/core/MetaService.js';
|
||||
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
|
||||
import { NoteStreamingHidingService } from '../NoteStreamingHidingService.js';
|
||||
import { bindThis } from '@/decorators.js';
|
||||
import { RoleService } from '@/core/RoleService.js';
|
||||
import { isQuotePacked, isRenotePacked } from '@/misc/is-renote.js';
|
||||
@@ -30,6 +31,7 @@ export class LocalTimelineChannel extends Channel {
|
||||
private metaService: MetaService,
|
||||
private roleService: RoleService,
|
||||
private noteEntityService: NoteEntityService,
|
||||
private noteStreamingHidingService: NoteStreamingHidingService,
|
||||
) {
|
||||
super(request);
|
||||
//this.onNote = this.onNote.bind(this);
|
||||
@@ -70,10 +72,15 @@ export class LocalTimelineChannel extends Channel {
|
||||
|
||||
if (this.isNoteMutedOrBlocked(note)) return;
|
||||
|
||||
if (this.user && isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
const { shouldSkip } = await this.noteStreamingHidingService.processHiding(note, this.user?.id ?? null);
|
||||
if (shouldSkip) return;
|
||||
|
||||
if (this.user) {
|
||||
if (isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -47,8 +47,8 @@ export class MainChannel extends Channel {
|
||||
}
|
||||
case 'mention': {
|
||||
if (isInstanceMuted(data.body, new Set<string>(this.userProfile?.mutedInstances ?? []))) return;
|
||||
|
||||
if (this.userIdsWhoMeMuting.has(data.body.userId)) return;
|
||||
if (!this.isNoteVisibleForMe(data.body)) return;
|
||||
if (this.isNoteMutedOrBlocked(data.body)) return;
|
||||
if (data.body.isHidden) {
|
||||
const note = await this.noteEntityService.pack(data.body.id, this.user, {
|
||||
detail: true,
|
||||
|
||||
@@ -7,6 +7,8 @@ import { Inject, Injectable, Scope } from '@nestjs/common';
|
||||
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
|
||||
import { bindThis } from '@/decorators.js';
|
||||
import { RoleService } from '@/core/RoleService.js';
|
||||
import { NoteStreamingHidingService } from '../NoteStreamingHidingService.js';
|
||||
import { isRenotePacked, isQuotePacked } from '@/misc/is-renote.js';
|
||||
import type { GlobalEvents } from '@/core/GlobalEventService.js';
|
||||
import type { JsonObject } from '@/misc/json-value.js';
|
||||
import Channel, { type ChannelRequest } from '../channel.js';
|
||||
@@ -25,6 +27,7 @@ export class RoleTimelineChannel extends Channel {
|
||||
|
||||
private noteEntityService: NoteEntityService,
|
||||
private roleservice: RoleService,
|
||||
private noteStreamingHidingService: NoteStreamingHidingService,
|
||||
) {
|
||||
super(request);
|
||||
//this.onNote = this.onNote.bind(this);
|
||||
@@ -47,9 +50,24 @@ export class RoleTimelineChannel extends Channel {
|
||||
return;
|
||||
}
|
||||
if (note.visibility !== 'public') return;
|
||||
if (note.user.requireSigninToViewContents && this.user == null) return;
|
||||
if (note.renote && note.renote.user.requireSigninToViewContents && this.user == null) return;
|
||||
if (note.reply && note.reply.user.requireSigninToViewContents && this.user == null) return;
|
||||
|
||||
if (this.isNoteMutedOrBlocked(note)) return;
|
||||
|
||||
const { shouldSkip } = await this.noteStreamingHidingService.processHiding(note, this.user?.id ?? null);
|
||||
if (shouldSkip) return;
|
||||
|
||||
if (this.user) {
|
||||
if (isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
this.send('note', note);
|
||||
} else {
|
||||
this.send(data.type, data.body);
|
||||
|
||||
@@ -7,6 +7,7 @@ import { Inject, Injectable, Scope } from '@nestjs/common';
|
||||
import type { MiUserListMembership, UserListMembershipsRepository, UserListsRepository } from '@/models/_.js';
|
||||
import type { Packed } from '@/misc/json-schema.js';
|
||||
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
|
||||
import { NoteStreamingHidingService } from '../NoteStreamingHidingService.js';
|
||||
import { DI } from '@/di-symbols.js';
|
||||
import { bindThis } from '@/decorators.js';
|
||||
import { isRenotePacked, isQuotePacked } from '@/misc/is-renote.js';
|
||||
@@ -36,6 +37,7 @@ export class UserListChannel extends Channel {
|
||||
request: ChannelRequest,
|
||||
|
||||
private noteEntityService: NoteEntityService,
|
||||
private noteStreamingHidingService: NoteStreamingHidingService,
|
||||
) {
|
||||
super(request);
|
||||
//this.updateListUsers = this.updateListUsers.bind(this);
|
||||
@@ -96,11 +98,7 @@ export class UserListChannel extends Channel {
|
||||
|
||||
if (!Object.hasOwn(this.membershipsMap, note.userId)) return;
|
||||
|
||||
if (note.visibility === 'followers') {
|
||||
if (!isMe && !Object.hasOwn(this.following, note.userId)) return;
|
||||
} else if (note.visibility === 'specified') {
|
||||
if (!note.visibleUserIds!.includes(this.user!.id)) return;
|
||||
}
|
||||
if (!this.isNoteVisibleForMe(note)) return;
|
||||
|
||||
if (note.reply) {
|
||||
const reply = note.reply;
|
||||
@@ -117,10 +115,15 @@ export class UserListChannel extends Channel {
|
||||
|
||||
if (this.isNoteMutedOrBlocked(note)) return;
|
||||
|
||||
if (this.user && isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
const { shouldSkip } = await this.noteStreamingHidingService.processHiding(note, this.user?.id ?? null);
|
||||
if (shouldSkip) return;
|
||||
|
||||
if (this.user) {
|
||||
if (isRenotePacked(note) && !isQuotePacked(note)) {
|
||||
if (note.renote && Object.keys(note.renote.reactions).length > 0) {
|
||||
const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
|
||||
note.renote.myReaction = myRenoteReaction;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user