diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts
index 25f59914ff..56aa343632 100644
--- a/packages/backend/src/server/web/ClientServerService.ts
+++ b/packages/backend/src/server/web/ClientServerService.ts
@@ -148,18 +148,18 @@ export class ClientServerService {
if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) {
const token = request.cookies.token;
if (token == null) {
- reply.code(401);
- throw new Error('login required');
+ reply.code(401).send('Login required');
+ return;
}
const user = await this.usersRepository.findOneBy({ token });
if (user == null) {
- reply.code(403);
- throw new Error('no such user');
+ reply.code(403).send('No such user');
+ return;
}
const isAdministrator = await this.roleService.isAdministrator(user);
if (!isAdministrator) {
- reply.code(403);
- throw new Error('access denied');
+ reply.code(403).send('Access denied');
+ return;
}
}
});
diff --git a/packages/backend/test/e2e/fetch-resource.ts b/packages/backend/test/e2e/fetch-resource.ts
index 96683ce594..1cbfec3e5f 100644
--- a/packages/backend/test/e2e/fetch-resource.ts
+++ b/packages/backend/test/e2e/fetch-resource.ts
@@ -34,6 +34,8 @@ describe('Webリソース', () => {
let aliceGalleryPost: any;
let aliceChannel: any;
+ let bob: misskey.entities.MeSignup;
+
type Request = {
path: string,
accept?: string,
@@ -90,6 +92,8 @@ describe('Webリソース', () => {
fileIds: [aliceUploadedFile.body.id],
});
aliceChannel = await channel(alice, {});
+
+ bob = await signup({ username: 'alice' });
}, 1000 * 60 * 2);
afterAll(async () => {
@@ -163,9 +167,15 @@ describe('Webリソース', () => {
});
describe.each([{ path: '/queue' }])('$path', ({ path }) => {
+ test('はログインしないとGETできない。', async () => await notOk({
+ path,
+ status: 401,
+ }));
+
test('はadminでなければGETできない。', async () => await notOk({
path,
- status: 500, // FIXME? 403ではない。
+ cookie: cookie(bob),
+ status: 403,
}));
test('はadminならGETできる。', async () => await ok({