fix(backend): センシティブ設定されたチャンネルの投稿をusers/notesで返さないように

This commit is contained in:
syuilo 2023-10-10 20:06:02 +09:00
parent 51b6a012a5
commit 854ac95511

View File

@ -77,6 +77,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const untilId = ps.untilId ?? (ps.untilDate ? this.idService.genId(new Date(ps.untilDate!)) : null); const untilId = ps.untilId ?? (ps.untilDate ? this.idService.genId(new Date(ps.untilDate!)) : null);
const sinceId = ps.sinceId ?? (ps.sinceDate ? this.idService.genId(new Date(ps.sinceDate!)) : null); const sinceId = ps.sinceId ?? (ps.sinceDate ? this.idService.genId(new Date(ps.sinceDate!)) : null);
const isRangeSpecified = untilId != null && sinceId != null; const isRangeSpecified = untilId != null && sinceId != null;
const isSelf = me && (me.id === ps.userId);
if (isRangeSpecified || sinceId == null) { if (isRangeSpecified || sinceId == null) {
const [ const [
@ -100,7 +101,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
noteIds = noteIds.slice(0, ps.limit); noteIds = noteIds.slice(0, ps.limit);
if (noteIds.length > 0) { if (noteIds.length > 0) {
const isFollowing = me ? me.id === ps.userId || Object.hasOwn(await this.cacheService.userFollowingsCache.fetch(me.id), ps.userId) : false; const isFollowing = me && Object.hasOwn(await this.cacheService.userFollowingsCache.fetch(me.id), ps.userId);
const query = this.notesRepository.createQueryBuilder('note') const query = this.notesRepository.createQueryBuilder('note')
.where('note.id IN (:...noteIds)', { noteIds: noteIds }) .where('note.id IN (:...noteIds)', { noteIds: noteIds })
@ -122,8 +123,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
} }
} }
if (note.channel?.isSensitive && !isSelf) return false;
if (note.visibility === 'specified' && (!me || (me.id !== note.userId && !note.visibleUserIds.some(v => v === me.id)))) return false; if (note.visibility === 'specified' && (!me || (me.id !== note.userId && !note.visibleUserIds.some(v => v === me.id)))) return false;
if (note.visibility === 'followers' && !isFollowing) return false; if (note.visibility === 'followers' && !isFollowing && !isSelf) return false;
return true; return true;
}); });