diff options
| author | Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com> | 2023-12-27 15:08:59 +0900 |
|---|---|---|
| committer | Marie <marie@kaifa.ch> | 2023-12-28 09:45:54 +0100 |
| commit | 82822e29d9414556b6cc1ea0d8c8dbbdb7f4fd1d (patch) | |
| tree | 3c7793de433bd9106bf965747c4de082fb0b572e /packages/backend/src/server/api/endpoints.ts | |
| parent | refactor: paginationの型を明示する (#12809) (diff) | |
| download | sharkey-82822e29d9414556b6cc1ea0d8c8dbbdb7f4fd1d.tar.gz sharkey-82822e29d9414556b6cc1ea0d8c8dbbdb7f4fd1d.tar.bz2 sharkey-82822e29d9414556b6cc1ea0d8c8dbbdb7f4fd1d.zip | |
Merge pull request from GHSA-7pxq-6xx9-xpgm
* fix: fix improper authorization when accessing with third-party application
* refactor: refactor type definitions
* fix: get rid of unnecessary access limitation
* enhance: サードパーティアプリケーションがWebsocket APIを使えるように
* fix: add missing parentheses
* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"
This reverts commit 5150053275594278e9eb23e72d98b16593c4c230.
* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする
* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加
* enhance(test): Websocket APIに対するテストも追加
* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合
* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正
* enhance(backend): Websocketの接続に最低限必要な権限を変更
* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように
* fix(backend): エンドポイントにアクセスするために必要な権限を変更
* fix(frontend/locale): Add missing type declaration
* chore: update `misskey-js/src/autogen`
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
Diffstat (limited to 'packages/backend/src/server/api/endpoints.ts')
| -rw-r--r-- | packages/backend/src/server/api/endpoints.ts | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/packages/backend/src/server/api/endpoints.ts b/packages/backend/src/server/api/endpoints.ts index de858d5304..f82bf257fc 100644 --- a/packages/backend/src/server/api/endpoints.ts +++ b/packages/backend/src/server/api/endpoints.ts @@ -4,6 +4,7 @@ */ import type { Schema } from '@/misc/json-schema.js'; +import { permissions } from 'misskey-js'; import { RolePolicies } from '@/core/RoleService.js'; import * as ep___admin_meta from './endpoints/admin/meta.js'; @@ -750,7 +751,7 @@ const eps = [ ['sponsors', ep___sponsors], ]; -export interface IEndpointMeta { +interface IEndpointMetaBase { readonly stability?: 'deprecated' | 'experimental' | 'stable'; readonly tags?: ReadonlyArray<string>; @@ -849,6 +850,23 @@ export interface IEndpointMeta { readonly cacheSec?: number; } +export type IEndpointMeta = (Omit<IEndpointMetaBase, 'requireCrential' | 'requireModerator' | 'requireAdmin'> & { + requireCredential?: false, + requireAdmin?: false, + requireModerator?: false, +}) | (Omit<IEndpointMetaBase, 'secure'> & { + secure: true, +}) | (Omit<IEndpointMetaBase, 'requireCredential' | 'kind'> & { + requireCredential: true, + kind: (typeof permissions)[number], +}) | (Omit<IEndpointMetaBase, 'requireModerator' | 'kind'> & { + requireModerator: true, + kind: (typeof permissions)[number], +}) | (Omit<IEndpointMetaBase, 'requireAdmin' | 'kind'> & { + requireAdmin: true, + kind: (typeof permissions)[number], +}) + export interface IEndpoint { name: string; meta: IEndpointMeta; |