enhance: 招待機能の改善 (#11195)

* refactor(backend): 招待機能を改修

* feat(backend): 招待コードのcreate/delete/listエンドポイントを追加

* add(misskey-js): エンドポイントと型を追加

* change(backend): metaでinvite関連の情報も返すように

* add(misskey-js): エンドポイントと型を追加

* add(backend): `/endpoints/invite/limit`を追加

* fix: createdByがnullableではなかったのを修正

* fix: relationが取得できていなかった問題を修正

* fix: パラメータを間違えていたのを修正

* feat(client): 招待ページを実装

* change(client): インスタンスメニューの「招待」押した場合に招待ページに飛ぶように変更

* feat: 招待コードをコピーできるように

* change(backend): metaに招待コード発行に関する情報を持たせるのをやめる

* feat: ロールごとに招待コードの発行上限数などを設定できるように

* change(client): 招待コードをコピーしたときにダイアログを出すように

* add: 招待に関する管理者用のエンドポイントを追加

* change(backend): モデレーターであれば作成者以外でも招待コードを削除できるように

* change(backend): admin/invite/listはオフセットでページネーションするように

* feat(client): 招待コードの管理ページを追加

* feat(client): 招待コードのリストをソートできるように

* change: `admin/invite/create`のレスポンスを修正

* fix(client): 有効期限を指定できていなかった問題を修正

* refactor: 必要のない箇所を削除

* perf(backend): use limit() instead of take()

* change(client): 作成ボタンを見た目を変更

* refactor: 招待コードの生成部分を共通化し、コード内に"01OI"のいずれかの文字を含まないように

* fix(client): paginationの仕様が変わっていたので修正

* change(backend): expiresAtパラメータのnullを許容

* change(client): 有効期限を設けないときは日付の入力欄を非表示に

* fix: 自身のポリシーよりもインスタンス側のポリシーが優先表示される問題を修正

* fix: n時間のときに「n時間間」となってしまうのを修正

* fix(backend): ポリシーが途中で変更されたときに作成可能数がマイナス表記になってしまうのを修正

* change(client): 招待コードのユーザー名が不明な理由を表示するように

* update: CHANGELOG.md

* lint

* refactor

* refactor

* tweak ui

* :art:

* :art:

* add(backend): indexを追加

* change(backend): indexの追加に伴う変更

* change(client): インスタンスメニューの「招待」の場所を変更

* add(frontend): MkInviteCode用のstorybookを追加

* Update misskey-js.api.md

* fix(misskey-js): InviteのcreatedByの型が間違っていたのを修正

---------

Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
Co-authored-by: tamaina <tamaina@hotmail.co.jp>

6 files changed, 373 insertions, 18 deletions

diff --git a/packages/backend/src/server/api/endpoints/admin/invite/create.ts b/packages/backend/src/server/api/endpoints/admin/invite/create.ts
new file mode 100644
index 0000000000..664b4d819f
--- /dev/null
+++ b/packages/backend/src/server/api/endpoints/admin/invite/create.ts
@@ -0,0 +1,80 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RegistrationTicketsRepository } from '@/models/index.js';
+import { InviteCodeEntityService } from '@/core/entities/InviteCodeEntityService.js';
+import { IdService } from '@/core/IdService.js';
+import { DI } from '@/di-symbols.js';
+import { generateInviteCode } from '@/misc/generate-invite-code.js';
+import { ApiError } from '../../../error.js';
+
+export const meta = {
+	tags: ['admin'],
+
+	requireCredential: true,
+	requireModerator: true,
+
+	errors: {
+		invalidDateTime: {
+			message: 'Invalid date-time format',
+			code: 'INVALID_DATE_TIME',
+			id: 'f1380b15-3760-4c6c-a1db-5c3aaf1cbd49',
+		},
+	},
+
+	res: {
+		type: 'array',
+		optional: false, nullable: false,
+		items: {
+			type: 'object',
+			optional: false, nullable: false,
+			properties: {
+				code: {
+					type: 'string',
+					optional: false, nullable: false,
+					example: 'GR6S02ERUA5VR',
+				},
+			},
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		count: { type: 'integer', minimum: 1, maximum: 100, default: 1 },
+		expiresAt: { type: 'string', nullable: true },
+	},
+	required: [],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.registrationTicketsRepository)
+		private registrationTicketsRepository: RegistrationTicketsRepository,
+
+		private inviteCodeEntityService: InviteCodeEntityService,
+		private idService: IdService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			if (ps.expiresAt && isNaN(Date.parse(ps.expiresAt))) {
+				throw new ApiError(meta.errors.invalidDateTime);
+			}
+
+			const ticketsPromises = [];
+
+			for (let i = 0; i < ps.count; i++) {
+				ticketsPromises.push(this.registrationTicketsRepository.insert({
+					id: this.idService.genId(),
+					createdAt: new Date(),
+					expiresAt: ps.expiresAt ? new Date(ps.expiresAt) : null,
+					code: generateInviteCode(),
+				}).then(x => this.registrationTicketsRepository.findOneByOrFail(x.identifiers[0])));
+			}
+
+			const tickets = await Promise.all(ticketsPromises);
+			return await this.inviteCodeEntityService.packMany(tickets, me);
+		});
+	}
+}
diff --git a/packages/backend/src/server/api/endpoints/admin/invite/list.ts b/packages/backend/src/server/api/endpoints/admin/invite/list.ts
new file mode 100644
index 0000000000..5d7a7f632c
--- /dev/null
+++ b/packages/backend/src/server/api/endpoints/admin/invite/list.ts
@@ -0,0 +1,70 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RegistrationTicketsRepository } from '@/models/index.js';
+import { InviteCodeEntityService } from '@/core/entities/InviteCodeEntityService.js';
+import { DI } from '@/di-symbols.js';
+
+export const meta = {
+	tags: ['admin'],
+
+	requireCredential: true,
+	requireModerator: true,
+
+	res: {
+		type: 'array',
+		optional: false, nullable: false,
+		items: {
+			type: 'object',
+			optional: false, nullable: false,
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		limit: { type: 'integer', minimum: 1, maximum: 100, default: 30 },
+		offset: { type: 'integer', default: 0 },
+		type: { type: 'string', enum: ['unused', 'used', 'expired', 'all'], default: 'all' },
+		sort: { type: 'string', enum: ['+createdAt', '-createdAt', '+usedAt', '-usedAt'] },
+	},
+	required: [],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.registrationTicketsRepository)
+		private registrationTicketsRepository: RegistrationTicketsRepository,
+
+		private inviteCodeEntityService: InviteCodeEntityService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const query = this.registrationTicketsRepository.createQueryBuilder('ticket')
+				.leftJoinAndSelect('ticket.createdBy', 'createdBy')
+				.leftJoinAndSelect('ticket.usedBy', 'usedBy');
+
+			switch (ps.type) {
+				case 'unused': query.andWhere('ticket.usedBy IS NULL'); break;
+				case 'used': query.andWhere('ticket.usedBy IS NOT NULL'); break;
+				case 'expired': query.andWhere('ticket.expiresAt < :now', { now: new Date() }); break;
+			}
+
+			switch (ps.sort) {
+				case '+createdAt': query.orderBy('ticket.createdAt', 'DESC'); break;
+				case '-createdAt': query.orderBy('ticket.createdAt', 'ASC'); break;
+				case '+usedAt': query.orderBy('ticket.usedAt', 'DESC', 'NULLS LAST'); break;
+				case '-usedAt': query.orderBy('ticket.usedAt', 'ASC', 'NULLS FIRST'); break;
+				default: query.orderBy('ticket.id', 'DESC'); break;
+			}
+
+			query.limit(ps.limit);
+			query.skip(ps.offset);
+
+			const tickets = await query.getMany();
+
+			return await this.inviteCodeEntityService.packMany(tickets, me);
+		});
+	}
+}
diff --git a/packages/backend/src/server/api/endpoints/invite/create.ts b/packages/backend/src/server/api/endpoints/invite/create.ts
new file mode 100644
index 0000000000..a64184be10
--- /dev/null
+++ b/packages/backend/src/server/api/endpoints/invite/create.ts
@@ -0,0 +1,82 @@
+import { MoreThan } from 'typeorm';
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RegistrationTicketsRepository } from '@/models/index.js';
+import { InviteCodeEntityService } from '@/core/entities/InviteCodeEntityService.js';
+import { IdService } from '@/core/IdService.js';
+import { RoleService } from '@/core/RoleService.js';
+import { DI } from '@/di-symbols.js';
+import { generateInviteCode } from '@/misc/generate-invite-code.js';
+import { ApiError } from '../../error.js';
+
+export const meta = {
+	tags: ['meta'],
+
+	requireCredential: true,
+	requireRolePolicy: 'canInvite',
+
+	errors: {
+		exceededCreateLimit: {
+			message: 'You have exceeded the limit for creating an invitation code.',
+			code: 'EXCEEDED_LIMIT_OF_CREATE_INVITE_CODE',
+			id: '8b165dd3-6f37-4557-8db1-73175d63c641',
+		},
+	},
+
+	res: {
+		type: 'object',
+		optional: false, nullable: false,
+		properties: {
+			code: {
+				type: 'string',
+				optional: false, nullable: false,
+				example: 'GR6S02ERUA5VR',
+			},
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {},
+	required: [],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.registrationTicketsRepository)
+		private registrationTicketsRepository: RegistrationTicketsRepository,
+
+		private inviteCodeEntityService: InviteCodeEntityService,
+		private idService: IdService,
+		private roleService: RoleService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const policies = await this.roleService.getUserPolicies(me.id);
+
+			if (policies.inviteLimit) {
+				const count = await this.registrationTicketsRepository.countBy({
+					createdAt: MoreThan(new Date(Date.now() - (policies.inviteLimitCycle * 1000 * 60))),
+					createdById: me.id,
+				});
+
+				if (count >= policies.inviteLimit) {
+					throw new ApiError(meta.errors.exceededCreateLimit);
+				}
+			}
+
+			const ticket = await this.registrationTicketsRepository.insert({
+				id: this.idService.genId(),
+				createdAt: new Date(),
+				createdBy: me,
+				createdById: me.id,
+				expiresAt: policies.inviteExpirationTime ? new Date(Date.now() + (policies.inviteExpirationTime * 1000 * 60)) : null,
+				code: generateInviteCode(),
+			}).then(x => this.registrationTicketsRepository.findOneByOrFail(x.identifiers[0]));
+
+			return await this.inviteCodeEntityService.pack(ticket, me);
+		});
+	}
+}
diff --git a/packages/backend/src/server/api/endpoints/invite/delete.ts b/packages/backend/src/server/api/endpoints/invite/delete.ts
new file mode 100644
index 0000000000..afca44954d
--- /dev/null
+++ b/packages/backend/src/server/api/endpoints/invite/delete.ts
@@ -0,0 +1,71 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RegistrationTicketsRepository } from '@/models/index.js';
+import { RoleService } from '@/core/RoleService.js';
+import { DI } from '@/di-symbols.js';
+import { ApiError } from '../../error.js';
+
+export const meta = {
+	tags: ['meta'],
+
+	requireCredential: true,
+	requireRolePolicy: 'canInvite',
+
+	errors: {
+		noSuchCode: {
+			message: 'No such invite code.',
+			code: 'NO_SUCH_INVITE_CODE',
+			id: 'cd4f9ae4-7854-4e3e-8df9-c296f051e634',
+		},
+
+		cantDelete: {
+			message: 'You can\'t delete this invite code.',
+			code: 'CAN_NOT_DELETE_INVITE_CODE',
+			id: 'ff17af39-000c-4d4e-abdf-848fa30fc1ce',
+		},
+
+		accessDenied: {
+			message: 'Access denied.',
+			code: 'ACCESS_DENIED',
+			id: '5eb8d909-2540-4970-90b8-dd6f86088121',
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		inviteId: { type: 'string', format: 'misskey:id' },
+	},
+	required: ['inviteId'],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.registrationTicketsRepository)
+		private registrationTicketsRepository: RegistrationTicketsRepository,
+
+		private roleService: RoleService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const ticket = await this.registrationTicketsRepository.findOneBy({ id: ps.inviteId });
+			const isModerator = await this.roleService.isModerator(me);
+
+			if (ticket == null) {
+				throw new ApiError(meta.errors.noSuchCode);
+			}
+
+			if (ticket.createdById !== me.id && !isModerator) {
+				throw new ApiError(meta.errors.accessDenied);
+			}
+
+			if (ticket.usedAt && !isModerator) {
+				throw new ApiError(meta.errors.cantDelete);
+			}
+
+			await this.registrationTicketsRepository.delete(ticket.id);
+		});
+	}
+}
diff --git a/packages/backend/src/server/api/endpoints/invite.ts b/packages/backend/src/server/api/endpoints/invite/limit.ts
index 276adcb07f..9a213b7b25 100644
--- a/packages/backend/src/server/api/endpoints/invite.ts
+++ b/packages/backend/src/server/api/endpoints/invite/limit.ts
@@ -1,9 +1,9 @@
 import { Inject, Injectable } from '@nestjs/common';
+import { MoreThan } from 'typeorm';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { RegistrationTicketsRepository } from '@/models/index.js';
-import { IdService } from '@/core/IdService.js';
+import { RoleService } from '@/core/RoleService.js';
 import { DI } from '@/di-symbols.js';
-import { secureRndstr } from '@/misc/secure-rndstr.js';
 
 export const meta = {
 	tags: ['meta'],
@@ -15,12 +15,9 @@ export const meta = {
 		type: 'object',
 		optional: false, nullable: false,
 		properties: {
-			code: {
-				type: 'string',
-				optional: false, nullable: false,
-				example: '2ERUA5VR',
-				maxLength: 8,
-				minLength: 8,
+			remaining: {
+				type: 'integer',
+				optional: false, nullable: true,
 			},
 		},
 	},
@@ -39,21 +36,18 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 		@Inject(DI.registrationTicketsRepository)
 		private registrationTicketsRepository: RegistrationTicketsRepository,
 
-		private idService: IdService,
+		private roleService: RoleService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
-			const code = secureRndstr(8, {
-				chars: '23456789ABCDEFGHJKLMNPQRSTUVWXYZ', // [0-9A-Z] w/o [01IO] (32 patterns)
-			});
+			const policies = await this.roleService.getUserPolicies(me.id);
 
-			await this.registrationTicketsRepository.insert({
-				id: this.idService.genId(),
-				createdAt: new Date(),
-				code,
-			});
+			const count = policies.inviteLimit ? await this.registrationTicketsRepository.countBy({
+				createdAt: MoreThan(new Date(Date.now() - (policies.inviteExpirationTime * 60 * 1000))),
+				createdById: me.id,
+			}) : null;
 
 			return {
-				code,
+				remaining: count !== null ? Math.max(0, policies.inviteLimit - count) : null,
 			};
 		});
 	}
diff --git a/packages/backend/src/server/api/endpoints/invite/list.ts b/packages/backend/src/server/api/endpoints/invite/list.ts
new file mode 100644
index 0000000000..e047790261
--- /dev/null
+++ b/packages/backend/src/server/api/endpoints/invite/list.ts
@@ -0,0 +1,58 @@
+import { Inject, Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import type { RegistrationTicketsRepository } from '@/models/index.js';
+import { InviteCodeEntityService } from '@/core/entities/InviteCodeEntityService.js';
+import { QueryService } from '@/core/QueryService.js';
+import { DI } from '@/di-symbols.js';
+import { ApiError } from '../../error.js';
+
+export const meta = {
+	tags: ['meta'],
+
+	requireCredential: true,
+	requireRolePolicy: 'canInvite',
+
+	res: {
+		type: 'array',
+		optional: false, nullable: false,
+		items: {
+			type: 'object',
+			optional: false, nullable: false,
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		limit: { type: 'integer', minimum: 1, maximum: 100, default: 30 },
+		sinceId: { type: 'string', format: 'misskey:id' },
+		untilId: { type: 'string', format: 'misskey:id' },
+	},
+	required: [],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.registrationTicketsRepository)
+		private registrationTicketsRepository: RegistrationTicketsRepository,
+
+		private inviteCodeEntityService: InviteCodeEntityService,
+		private queryService: QueryService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const query = this.queryService.makePaginationQuery(this.registrationTicketsRepository.createQueryBuilder('ticket'), ps.sinceId, ps.untilId)
+				.andWhere('ticket.createdById = :meId', { meId: me.id })
+				.leftJoinAndSelect('ticket.createdBy', 'createdBy')
+				.leftJoinAndSelect('ticket.usedBy', 'usedBy');
+
+			const tickets = await query
+				.limit(ps.limit)
+				.getMany();
+
+			return await this.inviteCodeEntityService.packMany(tickets, me);
+		});
+	}
+}