fix: primitive 19 & 20: respect blocks and hide more

Ideally, the user property should also be hidden (as leaving it in leaks
information slightly), but given the schema of the note endpoint, I
don't think that would be possible without introducing some kind of
"ghost" user, who is attributed for posts by users who have you blocked.
This commit is contained in:
Julia Johannesen 2024-11-14 21:38:17 -05:00
parent cbf8cc376e
commit 408e782507
No known key found for this signature in database
GPG Key ID: 4A1377AF3E7FBC46

View File

@ -11,7 +11,7 @@ import type { Packed } from '@/misc/json-schema.js';
import { awaitAll } from '@/misc/prelude/await-all.js';
import type { MiUser } from '@/models/User.js';
import type { MiNote } from '@/models/Note.js';
import type { UsersRepository, NotesRepository, FollowingsRepository, PollsRepository, PollVotesRepository, NoteReactionsRepository, ChannelsRepository, MiMeta } from '@/models/_.js';
import type { BlockingsRepository, UsersRepository, NotesRepository, FollowingsRepository, PollsRepository, PollVotesRepository, NoteReactionsRepository, ChannelsRepository, MiMeta } from '@/models/_.js';
import { bindThis } from '@/decorators.js';
import { DebounceLoader } from '@/misc/loader.js';
import { IdService } from '@/core/IdService.js';
@ -39,6 +39,9 @@ export class NoteEntityService implements OnModuleInit {
@Inject(DI.meta)
private meta: MiMeta,
@Inject(DI.blockingsRepository)
private blockingsRepository: BlockingsRepository,
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@ -142,6 +145,17 @@ export class NoteEntityService implements OnModuleInit {
}
}
if (!hide && meId && packedNote.userId !== meId) {
const isBlocked = await this.blockingsRepository.exists({
where: {
blockeeId: meId,
blockerId: packedNote.userId,
},
});
if (isBlocked) hide = true;
}
if (hide) {
packedNote.visibleUserIds = undefined;
packedNote.fileIds = [];
@ -149,6 +163,12 @@ export class NoteEntityService implements OnModuleInit {
packedNote.text = null;
packedNote.poll = undefined;
packedNote.cw = null;
packedNote.repliesCount = 0;
packedNote.reactionAcceptance = null;
packedNote.reactionAndUserPairCache = undefined;
packedNote.reactionCount = 0;
packedNote.reactionEmojis = undefined;
packedNote.reactions = undefined;
packedNote.isHidden = true;
}
}
@ -262,7 +282,13 @@ export class NoteEntityService implements OnModuleInit {
return true;
} else {
// フォロワーかどうか
const [following, user] = await Promise.all([
const [blocked, following, user] = await Promise.all([
this.blockingsRepository.exists({
where: {
blockeeId: meId,
blockerId: note.userId,
},
}),
this.followingsRepository.count({
where: {
followeeId: note.userId,
@ -273,6 +299,8 @@ export class NoteEntityService implements OnModuleInit {
this.usersRepository.findOneByOrFail({ id: meId }),
]);
if (blocked) return false;
/* If we know the following, everyhting is fine.
But if we do not know the following, it might be that both the
@ -284,6 +312,17 @@ export class NoteEntityService implements OnModuleInit {
}
}
if (meId != null) {
const isBlocked = await this.blockingsRepository.exists({
where: {
blockeeId: meId,
blockerId: note.userId,
},
});
if (isBlocked) return false;
}
return true;
}