fix: prohibit Apps to use admin/moderator permission
This commit is contained in:
parent
f7a36bf836
commit
4a659e131a
2 changed files with 15 additions and 3 deletions
|
@ -130,6 +130,18 @@ export default async (
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (token && ep.meta.requireAdmin) {
|
||||||
|
throw new ApiError(accessDenied, {
|
||||||
|
reason: "Apps cannot use admin privileges.",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (token && ep.meta.requireModerator) {
|
||||||
|
throw new ApiError(accessDenied, {
|
||||||
|
reason: "Apps cannot use moderator privileges.",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
// Cast non JSON input
|
// Cast non JSON input
|
||||||
if ((ep.meta.requireFile || ctx?.method === "GET") && ep.params.properties) {
|
if ((ep.meta.requireFile || ctx?.method === "GET") && ep.params.properties) {
|
||||||
for (const k of Object.keys(ep.params.properties)) {
|
for (const k of Object.keys(ep.params.properties)) {
|
||||||
|
|
|
@ -30,14 +30,14 @@ export const paramDef = {
|
||||||
required: ["username", "password"],
|
required: ["username", "password"],
|
||||||
} as const;
|
} as const;
|
||||||
|
|
||||||
export default define(meta, paramDef, async (ps, _me) => {
|
export default define(meta, paramDef, async (ps, _me, token) => {
|
||||||
const me = _me ? await Users.findOneByOrFail({ id: _me.id }) : null;
|
const me = _me ? await Users.findOneByOrFail({ id: _me.id }) : null;
|
||||||
const noUsers =
|
const noUsers =
|
||||||
(await Users.countBy({
|
(await Users.countBy({
|
||||||
host: IsNull(),
|
host: IsNull(),
|
||||||
isAdmin: true,
|
|
||||||
})) === 0;
|
})) === 0;
|
||||||
if (!(noUsers || me?.isAdmin)) throw new Error("access denied");
|
if (!noUsers && !me?.isAdmin) throw new Error("access denied");
|
||||||
|
if (token) throw new Error("access denied");
|
||||||
|
|
||||||
const { account, secret } = await signup({
|
const { account, secret } = await signup({
|
||||||
username: ps.username,
|
username: ps.username,
|
||||||
|
|
Loading…
Reference in a new issue