From 517022f9b2b34099c9d1339f5aee53d66227fcd3 Mon Sep 17 00:00:00 2001 From: naskya Date: Sun, 17 Mar 2024 01:34:17 +0900 Subject: [PATCH] fix (backend): hide remote user's reactions and network (following/followers) in case it's set to hidden on their end --- packages/backend/src/models/repositories/user.ts | 7 +++++-- .../backend/src/server/api/endpoints/users/followers.ts | 5 +++++ .../backend/src/server/api/endpoints/users/following.ts | 5 +++++ .../backend/src/server/api/endpoints/users/reactions.ts | 5 +++++ 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/packages/backend/src/models/repositories/user.ts b/packages/backend/src/models/repositories/user.ts index d880ac9741..d71cf4ac7f 100644 --- a/packages/backend/src/models/repositories/user.ts +++ b/packages/backend/src/models/repositories/user.ts @@ -528,8 +528,11 @@ export const UserRepository = db.getRepository(User).extend({ pinnedPage: profile!.pinnedPageId ? Pages.pack(profile!.pinnedPageId, me) : null, - publicReactions: profile!.publicReactions, - ffVisibility: profile!.ffVisibility, + // TODO: federate publicReactions + publicReactions: + user.host == null ? profile!.publicReactions : false, + // TODO: federate ffVisibility + ffVisibility: user.host == null ? profile!.ffVisibility : "private", twoFactorEnabled: profile!.twoFactorEnabled, usePasswordLessLogin: profile!.usePasswordLessLogin, securityKeys: UserSecurityKeys.countBy({ diff --git a/packages/backend/src/server/api/endpoints/users/followers.ts b/packages/backend/src/server/api/endpoints/users/followers.ts index f57983d4b9..68f605ecb2 100644 --- a/packages/backend/src/server/api/endpoints/users/followers.ts +++ b/packages/backend/src/server/api/endpoints/users/followers.ts @@ -90,6 +90,11 @@ export default define(meta, paramDef, async (ps, me) => { const profile = await UserProfiles.findOneByOrFail({ userId: user.id }); + // TODO: federate ffVisibility + if (profile.userHost != null) { + throw new ApiError(meta.errors.forbidden); + } + if (profile.ffVisibility === "private") { if (me == null || me.id !== user.id) { throw new ApiError(meta.errors.forbidden); diff --git a/packages/backend/src/server/api/endpoints/users/following.ts b/packages/backend/src/server/api/endpoints/users/following.ts index 84eb7cccc5..c6e3e06f1d 100644 --- a/packages/backend/src/server/api/endpoints/users/following.ts +++ b/packages/backend/src/server/api/endpoints/users/following.ts @@ -89,6 +89,11 @@ export default define(meta, paramDef, async (ps, me) => { const profile = await UserProfiles.findOneByOrFail({ userId: user.id }); + // TODO: federate ffVisibility + if (profile.userHost != null) { + throw new ApiError(meta.errors.forbidden); + } + if (profile.ffVisibility === "private") { if (me == null || me.id !== user.id) { throw new ApiError(meta.errors.forbidden); diff --git a/packages/backend/src/server/api/endpoints/users/reactions.ts b/packages/backend/src/server/api/endpoints/users/reactions.ts index 483a78865f..1f9aec25a4 100644 --- a/packages/backend/src/server/api/endpoints/users/reactions.ts +++ b/packages/backend/src/server/api/endpoints/users/reactions.ts @@ -49,6 +49,11 @@ export const paramDef = { export default define(meta, paramDef, async (ps, me) => { const profile = await UserProfiles.findOneByOrFail({ userId: ps.userId }); + // TODO: federate publicReactions + if (profile.userHost != null) { + throw new ApiError(meta.errors.reactionsNotPublic); + } + if (!profile.publicReactions && (me == null || me.id !== ps.userId)) { throw new ApiError(meta.errors.reactionsNotPublic); }