diff options
| author | Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com> | 2023-12-27 15:08:59 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-27 15:08:59 +0900 |
| commit | c96bc36fedc804dc840ea791a9355d7df0748e64 (patch) | |
| tree | 127f0cc1478cb0248aa03b39e07f051423244c6c /packages/backend/test/utils.ts | |
| parent | chore(frontend): update team members (diff) | |
| download | misskey-c96bc36fedc804dc840ea791a9355d7df0748e64.tar.gz misskey-c96bc36fedc804dc840ea791a9355d7df0748e64.tar.bz2 misskey-c96bc36fedc804dc840ea791a9355d7df0748e64.zip | |
Merge pull request from GHSA-7pxq-6xx9-xpgm
* fix: fix improper authorization when accessing with third-party application
* refactor: refactor type definitions
* fix: get rid of unnecessary access limitation
* enhance: サードパーティアプリケーションがWebsocket APIを使えるように
* fix: add missing parentheses
* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"
This reverts commit 5150053275594278e9eb23e72d98b16593c4c230.
* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする
* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加
* enhance(test): Websocket APIに対するテストも追加
* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合
* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正
* enhance(backend): Websocketの接続に最低限必要な権限を変更
* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように
* fix(backend): エンドポイントにアクセスするために必要な権限を変更
* fix(frontend/locale): Add missing type declaration
* chore: update `misskey-js/src/autogen`
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
Diffstat (limited to 'packages/backend/test/utils.ts')
| -rw-r--r-- | packages/backend/test/utils.ts | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/packages/backend/test/utils.ts b/packages/backend/test/utils.ts index 97118d73c0..db7629d2c4 100644 --- a/packages/backend/test/utils.ts +++ b/packages/backend/test/utils.ts @@ -6,6 +6,7 @@ import * as assert from 'node:assert'; import { readFile } from 'node:fs/promises'; import { isAbsolute, basename } from 'node:path'; +import { randomUUID } from 'node:crypto'; import { inspect } from 'node:util'; import WebSocket, { ClientOptions } from 'ws'; import fetch, { File, RequestInit } from 'node-fetch'; @@ -126,6 +127,15 @@ export const post = async (user: UserToken, params?: misskey.Endpoints['notes/cr return res.body ? res.body.createdNote : null; }; +export const createAppToken = async (user: UserToken, permissions: (typeof misskey.permissions)[number][]) => { + const res = await api('miauth/gen-token', { + session: randomUUID(), + permission: permissions, + }, user); + + return (res.body as misskey.entities.MiauthGenTokenResponse).token; +}; + // 非公開ノートをAPI越しに見たときのノート NoteEntityService.ts export const hiddenNote = (note: any): any => { const temp = { |