mirror of
https://git.boykissers.com/pawkey/pawkey-sk.git
synced 2025-12-20 04:04:16 +00:00
c96bc36fed
* fix: fix improper authorization when accessing with third-party application
* refactor: refactor type definitions
* fix: get rid of unnecessary access limitation
* enhance: サードパーティアプリケーションがWebsocket APIを使えるように
* fix: add missing parentheses
* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"
This reverts commit 5150053275.
* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする
* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加
* enhance(test): Websocket APIに対するテストも追加
* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合
* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正
* enhance(backend): Websocketの接続に最低限必要な権限を変更
* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように
* fix(backend): エンドポイントにアクセスするために必要な権限を変更
* fix(frontend/locale): Add missing type declaration
* chore: update `misskey-js/src/autogen`
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
81 lines
2.1 KiB
TypeScript
81 lines
2.1 KiB
TypeScript
/*
|
|
* SPDX-FileCopyrightText: syuilo and other misskey contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
import { Inject, Injectable } from '@nestjs/common';
|
|
import { Endpoint } from '@/server/api/endpoint-base.js';
|
|
import type { AdsRepository } from '@/models/_.js';
|
|
import { DI } from '@/di-symbols.js';
|
|
import { ModerationLogService } from '@/core/ModerationLogService.js';
|
|
import { ApiError } from '../../../error.js';
|
|
|
|
export const meta = {
|
|
tags: ['admin'],
|
|
|
|
requireCredential: true,
|
|
requireModerator: true,
|
|
kind: 'write:admin:ad',
|
|
|
|
errors: {
|
|
noSuchAd: {
|
|
message: 'No such ad.',
|
|
code: 'NO_SUCH_AD',
|
|
id: 'b7aa1727-1354-47bc-a182-3a9c3973d300',
|
|
},
|
|
},
|
|
} as const;
|
|
|
|
export const paramDef = {
|
|
type: 'object',
|
|
properties: {
|
|
id: { type: 'string', format: 'misskey:id' },
|
|
memo: { type: 'string' },
|
|
url: { type: 'string', minLength: 1 },
|
|
imageUrl: { type: 'string', minLength: 1 },
|
|
place: { type: 'string' },
|
|
priority: { type: 'string' },
|
|
ratio: { type: 'integer' },
|
|
expiresAt: { type: 'integer' },
|
|
startsAt: { type: 'integer' },
|
|
dayOfWeek: { type: 'integer' },
|
|
},
|
|
required: ['id', 'memo', 'url', 'imageUrl', 'place', 'priority', 'ratio', 'expiresAt', 'startsAt', 'dayOfWeek'],
|
|
} as const;
|
|
|
|
@Injectable()
|
|
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
|
|
constructor(
|
|
@Inject(DI.adsRepository)
|
|
private adsRepository: AdsRepository,
|
|
|
|
private moderationLogService: ModerationLogService,
|
|
) {
|
|
super(meta, paramDef, async (ps, me) => {
|
|
const ad = await this.adsRepository.findOneBy({ id: ps.id });
|
|
|
|
if (ad == null) throw new ApiError(meta.errors.noSuchAd);
|
|
|
|
await this.adsRepository.update(ad.id, {
|
|
url: ps.url,
|
|
place: ps.place,
|
|
priority: ps.priority,
|
|
ratio: ps.ratio,
|
|
memo: ps.memo,
|
|
imageUrl: ps.imageUrl,
|
|
expiresAt: new Date(ps.expiresAt),
|
|
startsAt: new Date(ps.startsAt),
|
|
dayOfWeek: ps.dayOfWeek,
|
|
});
|
|
|
|
const updatedAd = await this.adsRepository.findOneByOrFail({ id: ad.id });
|
|
|
|
this.moderationLogService.log(me, 'updateAd', {
|
|
adId: ad.id,
|
|
before: ad,
|
|
after: updatedAd,
|
|
});
|
|
});
|
|
}
|
|
}
|