diff options
| author | Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com> | 2023-12-27 15:08:59 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-27 15:08:59 +0900 |
| commit | c96bc36fedc804dc840ea791a9355d7df0748e64 (patch) | |
| tree | 127f0cc1478cb0248aa03b39e07f051423244c6c /packages/backend/src/server/api/endpoints.ts | |
| parent | chore(frontend): update team members (diff) | |
| download | sharkey-c96bc36fedc804dc840ea791a9355d7df0748e64.tar.gz sharkey-c96bc36fedc804dc840ea791a9355d7df0748e64.tar.bz2 sharkey-c96bc36fedc804dc840ea791a9355d7df0748e64.zip | |
Merge pull request from GHSA-7pxq-6xx9-xpgm
* fix: fix improper authorization when accessing with third-party application
* refactor: refactor type definitions
* fix: get rid of unnecessary access limitation
* enhance: サードパーティアプリケーションがWebsocket APIを使えるように
* fix: add missing parentheses
* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"
This reverts commit 5150053275594278e9eb23e72d98b16593c4c230.
* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする
* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加
* enhance(test): Websocket APIに対するテストも追加
* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合
* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正
* enhance(backend): Websocketの接続に最低限必要な権限を変更
* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように
* fix(backend): エンドポイントにアクセスするために必要な権限を変更
* fix(frontend/locale): Add missing type declaration
* chore: update `misskey-js/src/autogen`
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
Diffstat (limited to 'packages/backend/src/server/api/endpoints.ts')
| -rw-r--r-- | packages/backend/src/server/api/endpoints.ts | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/packages/backend/src/server/api/endpoints.ts b/packages/backend/src/server/api/endpoints.ts index e458d720ab..41232091c6 100644 --- a/packages/backend/src/server/api/endpoints.ts +++ b/packages/backend/src/server/api/endpoints.ts @@ -4,6 +4,7 @@ */ import type { Schema } from '@/misc/json-schema.js'; +import { permissions } from 'misskey-js'; import { RolePolicies } from '@/core/RoleService.js'; import * as ep___admin_meta from './endpoints/admin/meta.js'; @@ -724,7 +725,7 @@ const eps = [ ['retention', ep___retention], ]; -export interface IEndpointMeta { +interface IEndpointMetaBase { readonly stability?: 'deprecated' | 'experimental' | 'stable'; readonly tags?: ReadonlyArray<string>; @@ -823,6 +824,23 @@ export interface IEndpointMeta { readonly cacheSec?: number; } +export type IEndpointMeta = (Omit<IEndpointMetaBase, 'requireCrential' | 'requireModerator' | 'requireAdmin'> & { + requireCredential?: false, + requireAdmin?: false, + requireModerator?: false, +}) | (Omit<IEndpointMetaBase, 'secure'> & { + secure: true, +}) | (Omit<IEndpointMetaBase, 'requireCredential' | 'kind'> & { + requireCredential: true, + kind: (typeof permissions)[number], +}) | (Omit<IEndpointMetaBase, 'requireModerator' | 'kind'> & { + requireModerator: true, + kind: (typeof permissions)[number], +}) | (Omit<IEndpointMetaBase, 'requireAdmin' | 'kind'> & { + requireAdmin: true, + kind: (typeof permissions)[number], +}) + export interface IEndpoint { name: string; meta: IEndpointMeta; |