diff options
| author | MomentQYC <62551256+MomentQYC@users.noreply.github.com> | 2023-08-21 16:21:57 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-21 17:21:57 +0900 |
| commit | 388448f29823194a7e807c63df379321dfcbd0a2 (patch) | |
| tree | c5c79de1f665c29a15a8833b2c7dba76b10678b1 /packages/backend | |
| parent | feat: 'server' webhook payload which hold misskey server url (#11752) (diff) | |
| download | misskey-388448f29823194a7e807c63df379321dfcbd0a2.tar.gz misskey-388448f29823194a7e807c63df379321dfcbd0a2.tar.bz2 misskey-388448f29823194a7e807c63df379321dfcbd0a2.zip | |
feat: Removing stack trace info in production env (#11657)
* feat: Hiding stack traces in production env
* sytle
* style
* style
* add SPDX
* move ./error.js to ./misc/error.js
* revert: remove frontend changes
* feat: Hiding stack traces in production env
* feat: Hiding stack traces in production env
* revert
* revert
* revert
* change and fix
* revert
* fix queue endpoint test
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
Diffstat (limited to 'packages/backend')
| -rw-r--r-- | packages/backend/src/server/web/ClientServerService.ts | 12 | ||||
| -rw-r--r-- | packages/backend/test/e2e/fetch-resource.ts | 12 |
2 files changed, 17 insertions, 7 deletions
diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts index 25f59914ff..56aa343632 100644 --- a/packages/backend/src/server/web/ClientServerService.ts +++ b/packages/backend/src/server/web/ClientServerService.ts @@ -148,18 +148,18 @@ export class ClientServerService { if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) { const token = request.cookies.token; if (token == null) { - reply.code(401); - throw new Error('login required'); + reply.code(401).send('Login required'); + return; } const user = await this.usersRepository.findOneBy({ token }); if (user == null) { - reply.code(403); - throw new Error('no such user'); + reply.code(403).send('No such user'); + return; } const isAdministrator = await this.roleService.isAdministrator(user); if (!isAdministrator) { - reply.code(403); - throw new Error('access denied'); + reply.code(403).send('Access denied'); + return; } } }); diff --git a/packages/backend/test/e2e/fetch-resource.ts b/packages/backend/test/e2e/fetch-resource.ts index 96683ce594..1cbfec3e5f 100644 --- a/packages/backend/test/e2e/fetch-resource.ts +++ b/packages/backend/test/e2e/fetch-resource.ts @@ -34,6 +34,8 @@ describe('Webリソース', () => { let aliceGalleryPost: any; let aliceChannel: any; + let bob: misskey.entities.MeSignup; + type Request = { path: string, accept?: string, @@ -90,6 +92,8 @@ describe('Webリソース', () => { fileIds: [aliceUploadedFile.body.id], }); aliceChannel = await channel(alice, {}); + + bob = await signup({ username: 'alice' }); }, 1000 * 60 * 2); afterAll(async () => { @@ -163,9 +167,15 @@ describe('Webリソース', () => { }); describe.each([{ path: '/queue' }])('$path', ({ path }) => { + test('はログインしないとGETできない。', async () => await notOk({ + path, + status: 401, + })); + test('はadminでなければGETできない。', async () => await notOk({ path, - status: 500, // FIXME? 403ではない。 + cookie: cookie(bob), + status: 403, })); test('はadminならGETできる。', async () => await ok({ |