diff options
| author | Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com> | 2023-12-27 15:08:59 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-27 15:08:59 +0900 |
| commit | c96bc36fedc804dc840ea791a9355d7df0748e64 (patch) | |
| tree | 127f0cc1478cb0248aa03b39e07f051423244c6c /packages/backend/src/server/api/endpoints/admin/roles | |
| parent | chore(frontend): update team members (diff) | |
| download | sharkey-c96bc36fedc804dc840ea791a9355d7df0748e64.tar.gz sharkey-c96bc36fedc804dc840ea791a9355d7df0748e64.tar.bz2 sharkey-c96bc36fedc804dc840ea791a9355d7df0748e64.zip | |
Merge pull request from GHSA-7pxq-6xx9-xpgm
* fix: fix improper authorization when accessing with third-party application
* refactor: refactor type definitions
* fix: get rid of unnecessary access limitation
* enhance: サードパーティアプリケーションがWebsocket APIを使えるように
* fix: add missing parentheses
* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"
This reverts commit 5150053275594278e9eb23e72d98b16593c4c230.
* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする
* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加
* enhance(test): Websocket APIに対するテストも追加
* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合
* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正
* enhance(backend): Websocketの接続に最低限必要な権限を変更
* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように
* fix(backend): エンドポイントにアクセスするために必要な権限を変更
* fix(frontend/locale): Add missing type declaration
* chore: update `misskey-js/src/autogen`
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
Diffstat (limited to 'packages/backend/src/server/api/endpoints/admin/roles')
9 files changed, 9 insertions, 18 deletions
diff --git a/packages/backend/src/server/api/endpoints/admin/roles/assign.ts b/packages/backend/src/server/api/endpoints/admin/roles/assign.ts index bbd4cfabbe..8eb3d2bf59 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/assign.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/assign.ts @@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/create.ts b/packages/backend/src/server/api/endpoints/admin/roles/create.ts index ac6085d921..de23d2fb11 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/create.ts @@ -11,10 +11,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/roles/delete.ts b/packages/backend/src/server/api/endpoints/admin/roles/delete.ts index f60d6754a5..9e2968e317 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/delete.ts @@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/list.ts b/packages/backend/src/server/api/endpoints/admin/roles/list.ts index 30917ce984..d3d1a10a69 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/list.ts @@ -12,10 +12,9 @@ import { RoleEntityService } from '@/core/entities/RoleEntityService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:roles', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/roles/show.ts b/packages/backend/src/server/api/endpoints/admin/roles/show.ts index 91e32d95be..ad4345e5a5 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/show.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/show.ts @@ -13,10 +13,9 @@ import { RoleEntityService } from '@/core/entities/RoleEntityService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts b/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts index 701fea1ed5..c11265252c 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts @@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts b/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts index 066fc73234..203f749a6e 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts @@ -11,10 +11,9 @@ import { MetaService } from '@/core/MetaService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/update.ts b/packages/backend/src/server/api/endpoints/admin/roles/update.ts index 6cfcd8ca4a..74d5aae5d8 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/update.ts @@ -14,10 +14,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/users.ts b/packages/backend/src/server/api/endpoints/admin/roles/users.ts index 6a0f7f9987..66f4d9d26b 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/users.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/users.ts @@ -16,10 +16,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin', 'role', 'users'], - kind: 'read:admin', - requireCredential: false, requireAdmin: true, + kind: 'read:admin:roles', errors: { noSuchRole: { |