Merge commit from fork

* Tighten security in `HashtagChannel` * Add isNoteVisibleForMe in stream channel Co-Authored-By: Julia Johannesen <julia@insertdomain.name> * Tighten note visibility checks in WebSocket (No.1) * refactor * Fix main channel Co-Authored-By: Julia Johannesen <julia@insertdomain.name> * fix typo * fix missing lockdown (requireSigninToViewContents) checks * fix(backend): streamingでのロックダウン挙動修正 * fix: 引用リノートを無条件で隠していた問題を修正 * fix: 引用リノートを単純にリノート場合に内容が見えることがある問題を修正 * refac * fix * fix * fix * Update docs --------- Co-authored-by: Julia Johannesen <julia@insertdomain.name> Co-authored-by: KanariKanaru <93921745+kanarikanaru@users.noreply.github.com>
2026-05-25 20:13:57 +02:00 · 2026-03-09 08:15:31 +09:00
parent a07dc589e7
commit b361a10c48
15 changed files with 346 additions and 103 deletions
--- a/packages/backend/src/server/api/stream/channels/role-timeline.ts
+++ b/packages/backend/src/server/api/stream/channels/role-timeline.ts
@@ -7,6 +7,8 @@ import { Inject, Injectable, Scope } from '@nestjs/common';
 import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
 import { bindThis } from '@/decorators.js';
 import { RoleService } from '@/core/RoleService.js';
+import { NoteStreamingHidingService } from '../NoteStreamingHidingService.js';
+import { isRenotePacked, isQuotePacked } from '@/misc/is-renote.js';
 import type { GlobalEvents } from '@/core/GlobalEventService.js';
 import type { JsonObject } from '@/misc/json-value.js';
 import Channel, { type ChannelRequest } from '../channel.js';
@@ -25,6 +27,7 @@ export class RoleTimelineChannel extends Channel {

 		private noteEntityService: NoteEntityService,
 		private roleservice: RoleService,
+		private noteStreamingHidingService: NoteStreamingHidingService,
 	) {
 		super(request);
 		//this.onNote = this.onNote.bind(this);
@@ -47,9 +50,24 @@ export class RoleTimelineChannel extends Channel {
 				return;
 			}
 			if (note.visibility !== 'public') return;
+			if (note.user.requireSigninToViewContents && this.user == null) return;
+			if (note.renote && note.renote.user.requireSigninToViewContents && this.user == null) return;
+			if (note.reply && note.reply.user.requireSigninToViewContents && this.user == null) return;

 			if (this.isNoteMutedOrBlocked(note)) return;

+			const { shouldSkip } = await this.noteStreamingHidingService.processHiding(note, this.user?.id ?? null);
+			if (shouldSkip) return;
+
+			if (this.user) {
+				if (isRenotePacked(note) && !isQuotePacked(note)) {
+					if (note.renote && Object.keys(note.renote.reactions).length > 0) {
+						const myRenoteReaction = await this.noteEntityService.populateMyReaction(note.renote, this.user.id);
+						note.renote.myReaction = myRenoteReaction;
+					}
+				}
+			}
+
 			this.send('note', note);
 		} else {
 			this.send(data.type, data.body);