diff options
Diffstat (limited to 'src/server/api')
| -rw-r--r-- | src/server/api/call.ts | 4 | ||||
| -rw-r--r-- | src/server/api/endpoints/admin/suspend-user.ts | 4 | ||||
| -rw-r--r-- | src/server/api/private/signin.ts | 4 | ||||
| -rw-r--r-- | src/server/api/stream/hybrid-timeline.ts | 6 |
4 files changed, 11 insertions, 7 deletions
diff --git a/src/server/api/call.ts b/src/server/api/call.ts index e4bb30b695..e9abc11f54 100644 --- a/src/server/api/call.ts +++ b/src/server/api/call.ts @@ -1,6 +1,6 @@ import { performance } from 'perf_hooks'; import limitter from './limitter'; -import { IUser, isLocalUser } from '../../models/user'; +import { IUser } from '../../models/user'; import { IApp } from '../../models/app'; import endpoints from './endpoints'; @@ -21,7 +21,7 @@ export default (endpoint: string, user: IUser, app: IApp, data: any, file?: any) return rej('YOUR_ACCOUNT_HAS_BEEN_SUSPENDED'); } - if (ep.meta.requireAdmin && !(isLocalUser(user) && user.isAdmin)) { + if (ep.meta.requireAdmin && !user.isAdmin) { return rej('YOU_ARE_NOT_ADMIN'); } diff --git a/src/server/api/endpoints/admin/suspend-user.ts b/src/server/api/endpoints/admin/suspend-user.ts index 9c32ba987d..9b492c6e15 100644 --- a/src/server/api/endpoints/admin/suspend-user.ts +++ b/src/server/api/endpoints/admin/suspend-user.ts @@ -34,6 +34,10 @@ export default (params: any) => new Promise(async (res, rej) => { return rej('user not found'); } + if (user.isAdmin) { + return rej('cannot suspend admin'); + } + await User.findOneAndUpdate({ _id: user._id }, { diff --git a/src/server/api/private/signin.ts b/src/server/api/private/signin.ts index 65413208dd..9f26c09c45 100644 --- a/src/server/api/private/signin.ts +++ b/src/server/api/private/signin.ts @@ -63,7 +63,7 @@ export default async (ctx: Koa.Context) => { if (verified) { signin(ctx, user); } else { - ctx.throw(400, { + ctx.throw(403, { error: 'invalid token' }); } @@ -71,7 +71,7 @@ export default async (ctx: Koa.Context) => { signin(ctx, user); } } else { - ctx.throw(400, { + ctx.throw(403, { error: 'incorrect password' }); } diff --git a/src/server/api/stream/hybrid-timeline.ts b/src/server/api/stream/hybrid-timeline.ts index 5f411317c3..c401145abe 100644 --- a/src/server/api/stream/hybrid-timeline.ts +++ b/src/server/api/stream/hybrid-timeline.ts @@ -11,13 +11,13 @@ export default async function( subscriber: Xev, user: IUser ) { + const mute = await Mute.find({ muterId: user._id }); + const mutedUserIds = mute.map(m => m.muteeId.toString()); + // Subscribe stream subscriber.on('hybrid-timeline', onEvent); subscriber.on(`hybrid-timeline:${user._id}`, onEvent); - const mute = await Mute.find({ muterId: user._id }); - const mutedUserIds = mute.map(m => m.muteeId.toString()); - async function onEvent(note: any) { //#region 流れてきたNoteがミュートしているユーザーが関わるものだったら無視する if (mutedUserIds.indexOf(note.userId) != -1) { |