HoovesSocial/hippofish
2
0
Fork 0
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix (backend): hide remote user's reactions and network (following/followers) in case it's set to hidden on their end

Browse source
This commit is contained in:
naskya 2024-03-17 01:34:17 +09:00
parent 27be8e06cb
commit 517022f9b2
No known key found for this signature in database
GPG key ID: 712D413B3A9FED5C
4 changed files with 20 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
packages/backend/src/models/repositories/user.ts
View file

@ -528,8 +528,11 @@ export const UserRepository = db.getRepository(User).extend({
pinnedPage: profile!.pinnedPageId
? Pages.pack(profile!.pinnedPageId, me)
: null,
publicReactions: profile!.publicReactions,
ffVisibility: profile!.ffVisibility,
// TODO: federate publicReactions
publicReactions:
user.host == null ? profile!.publicReactions : false,
// TODO: federate ffVisibility
ffVisibility: user.host == null ? profile!.ffVisibility : "private",
twoFactorEnabled: profile!.twoFactorEnabled,
usePasswordLessLogin: profile!.usePasswordLessLogin,
securityKeys: UserSecurityKeys.countBy({

5
packages/backend/src/server/api/endpoints/users/followers.ts
View file

@ -90,6 +90,11 @@ export default define(meta, paramDef, async (ps, me) => {
const profile = await UserProfiles.findOneByOrFail({ userId: user.id });
// TODO: federate ffVisibility
if (profile.userHost != null) {
throw new ApiError(meta.errors.forbidden);
}
if (profile.ffVisibility === "private") {
if (me == null || me.id !== user.id) {
throw new ApiError(meta.errors.forbidden);

5
packages/backend/src/server/api/endpoints/users/following.ts
View file

@ -89,6 +89,11 @@ export default define(meta, paramDef, async (ps, me) => {
const profile = await UserProfiles.findOneByOrFail({ userId: user.id });
// TODO: federate ffVisibility
if (profile.userHost != null) {
throw new ApiError(meta.errors.forbidden);
}
if (profile.ffVisibility === "private") {
if (me == null || me.id !== user.id) {
throw new ApiError(meta.errors.forbidden);

5
packages/backend/src/server/api/endpoints/users/reactions.ts
View file

@ -49,6 +49,11 @@ export const paramDef = {
export default define(meta, paramDef, async (ps, me) => {
const profile = await UserProfiles.findOneByOrFail({ userId: ps.userId });
// TODO: federate publicReactions
if (profile.userHost != null) {
throw new ApiError(meta.errors.reactionsNotPublic);
}
if (!profile.publicReactions && (me == null || me.id !== ps.userId)) {
throw new ApiError(meta.errors.reactionsNotPublic);
}