merge upstream 2025-02-03

10 files changed, 430 insertions, 26 deletions

diff --git a/packages/backend/src/server/api/endpoints/admin/captcha/current.ts b/packages/backend/src/server/api/endpoints/admin/captcha/current.ts
new file mode 100644
index 0000000000..63ec740348
--- /dev/null
+++ b/packages/backend/src/server/api/endpoints/admin/captcha/current.ts
@@ -0,0 +1,70 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+import { Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import { CaptchaService, supportedCaptchaProviders } from '@/core/CaptchaService.js';
+
+export const meta = {
+	tags: ['admin', 'captcha'],
+
+	requireCredential: true,
+	requireAdmin: true,
+
+	// 実態はmetaの取得であるため
+	kind: 'read:admin:meta',
+
+	res: {
+		type: 'object',
+		properties: {
+			provider: {
+				type: 'string',
+				enum: supportedCaptchaProviders,
+			},
+			hcaptcha: {
+				type: 'object',
+				properties: {
+					siteKey: { type: 'string', nullable: true },
+					secretKey: { type: 'string', nullable: true },
+				},
+			},
+			mcaptcha: {
+				type: 'object',
+				properties: {
+					siteKey: { type: 'string', nullable: true },
+					secretKey: { type: 'string', nullable: true },
+					instanceUrl: { type: 'string', nullable: true },
+				},
+			},
+			recaptcha: {
+				type: 'object',
+				properties: {
+					siteKey: { type: 'string', nullable: true },
+					secretKey: { type: 'string', nullable: true },
+				},
+			},
+			turnstile: {
+				type: 'object',
+				properties: {
+					siteKey: { type: 'string', nullable: true },
+					secretKey: { type: 'string', nullable: true },
+				},
+			},
+		},
+	},
+} as const;
+
+export const paramDef = {} as const;
+
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
+	constructor(
+		private captchaService: CaptchaService,
+	) {
+		super(meta, paramDef, async () => {
+			return this.captchaService.get();
+		});
+	}
+}
diff --git a/packages/backend/src/server/api/endpoints/admin/captcha/save.ts b/packages/backend/src/server/api/endpoints/admin/captcha/save.ts
new file mode 100644
index 0000000000..98ec278ebe
--- /dev/null
+++ b/packages/backend/src/server/api/endpoints/admin/captcha/save.ts
@@ -0,0 +1,129 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+import { Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import { captchaErrorCodes, CaptchaService, supportedCaptchaProviders } from '@/core/CaptchaService.js';
+import { ApiError } from '@/server/api/error.js';
+
+export const meta = {
+	tags: ['admin', 'captcha'],
+
+	requireCredential: true,
+	requireAdmin: true,
+
+	// 実態はmetaの更新であるため
+	kind: 'write:admin:meta',
+
+	errors: {
+		invalidProvider: {
+			message: 'Invalid provider.',
+			code: 'INVALID_PROVIDER',
+			id: '14bf7ae1-80cc-4363-acb2-4fd61d086af0',
+			httpStatusCode: 400,
+		},
+		invalidParameters: {
+			message: 'Invalid parameters.',
+			code: 'INVALID_PARAMETERS',
+			id: '26654194-410e-44e2-b42e-460ff6f92476',
+			httpStatusCode: 400,
+		},
+		noResponseProvided: {
+			message: 'No response provided.',
+			code: 'NO_RESPONSE_PROVIDED',
+			id: '40acbba8-0937-41fb-bb3f-474514d40afe',
+			httpStatusCode: 400,
+		},
+		requestFailed: {
+			message: 'Request failed.',
+			code: 'REQUEST_FAILED',
+			id: '0f4fe2f1-2c15-4d6e-b714-efbfcde231cd',
+			httpStatusCode: 500,
+		},
+		verificationFailed: {
+			message: 'Verification failed.',
+			code: 'VERIFICATION_FAILED',
+			id: 'c41c067f-24f3-4150-84b2-b5a3ae8c2214',
+			httpStatusCode: 400,
+		},
+		unknown: {
+			message: 'unknown',
+			code: 'UNKNOWN',
+			id: 'f868d509-e257-42a9-99c1-42614b031a97',
+			httpStatusCode: 500,
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		provider: {
+			type: 'string',
+			enum: supportedCaptchaProviders,
+		},
+		captchaResult: {
+			type: 'string', nullable: true,
+		},
+		sitekey: {
+			type: 'string', nullable: true,
+		},
+		secret: {
+			type: 'string', nullable: true,
+		},
+		instanceUrl: {
+			type: 'string', nullable: true,
+		},
+	},
+	required: ['provider'],
+} as const;
+
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
+	constructor(
+		private captchaService: CaptchaService,
+	) {
+		super(meta, paramDef, async (ps) => {
+			const result = await this.captchaService.save(ps.provider, {
+				sitekey: ps.sitekey,
+				secret: ps.secret,
+				instanceUrl: ps.instanceUrl,
+				captchaResult: ps.captchaResult,
+			});
+
+			if (!result.success) {
+				switch (result.error.code) {
+					case captchaErrorCodes.invalidProvider:
+						throw new ApiError({
+							...meta.errors.invalidProvider,
+							message: result.error.message,
+						});
+					case captchaErrorCodes.invalidParameters:
+						throw new ApiError({
+							...meta.errors.invalidParameters,
+							message: result.error.message,
+						});
+					case captchaErrorCodes.noResponseProvided:
+						throw new ApiError({
+							...meta.errors.noResponseProvided,
+							message: result.error.message,
+						});
+					case captchaErrorCodes.requestFailed:
+						throw new ApiError({
+							...meta.errors.requestFailed,
+							message: result.error.message,
+						});
+					case captchaErrorCodes.verificationFailed:
+						throw new ApiError({
+							...meta.errors.verificationFailed,
+							message: result.error.message,
+						});
+					default:
+						throw new ApiError(meta.errors.unknown);
+				}
+			}
+		});
+	}
+}
diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/add.ts b/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
index b45a3c7156..1c5316a002 100644
--- a/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
@@ -9,6 +9,7 @@ import type { DriveFilesRepository } from '@/models/_.js';
 import { DI } from '@/di-symbols.js';
 import { CustomEmojiService } from '@/core/CustomEmojiService.js';
 import { EmojiEntityService } from '@/core/entities/EmojiEntityService.js';
+import { FILE_TYPE_IMAGE } from '@/const.js';
 import { ApiError } from '../../../error.js';
 
 export const meta = {
@@ -24,6 +25,11 @@ export const meta = {
 			code: 'NO_SUCH_FILE',
 			id: 'fc46b5a4-6b92-4c33-ac66-b806659bb5cf',
 		},
+		unsupportedFileType: {
+			message: 'Unsupported file type.',
+			code: 'UNSUPPORTED_FILE_TYPE',
+			id: 'f7599d96-8750-af68-1633-9575d625c1a7',
+		},
 		duplicateName: {
 			message: 'Duplicate name.',
 			code: 'DUPLICATE_NAME',
@@ -47,15 +53,21 @@ export const paramDef = {
 			nullable: true,
 			description: 'Use `null` to reset the category.',
 		},
-		aliases: { type: 'array', items: {
-			type: 'string',
-		} },
+		aliases: {
+			type: 'array',
+			items: {
+				type: 'string',
+			},
+		},
 		license: { type: 'string', nullable: true },
 		isSensitive: { type: 'boolean' },
 		localOnly: { type: 'boolean' },
-		roleIdsThatCanBeUsedThisEmojiAsReaction: { type: 'array', items: {
-			type: 'string',
-		} },
+		roleIdsThatCanBeUsedThisEmojiAsReaction: {
+			type: 'array',
+			items: {
+				type: 'string',
+			},
+		},
 	},
 	required: ['name', 'fileId'],
 } as const;
@@ -67,9 +79,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 	constructor(
 		@Inject(DI.driveFilesRepository)
 		private driveFilesRepository: DriveFilesRepository,
-
 		private customEmojiService: CustomEmojiService,
-
 		private emojiEntityService: EmojiEntityService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
@@ -78,11 +88,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			if (driveFile == null) throw new ApiError(meta.errors.noSuchFile);
 			const isDuplicate = await this.customEmojiService.checkDuplicate(nameNfc);
 			if (isDuplicate) throw new ApiError(meta.errors.duplicateName);
+			if (!FILE_TYPE_IMAGE.includes(driveFile.type)) throw new ApiError(meta.errors.unsupportedFileType);
 
 			if (driveFile.user !== null) await this.driveFilesRepository.update(driveFile.id, { user: null });
 
 			const emoji = await this.customEmojiService.add({
-				driveFile,
+				originalUrl: driveFile.url,
+				publicUrl: driveFile.webpublicUrl ?? driveFile.url,
+				fileType: driveFile.webpublicType ?? driveFile.type,
 				name: nameNfc,
 				category: ps.category?.normalize('NFC') ?? null,
 				aliases: ps.aliases?.map(a => a.normalize('NFC')) ?? [],
diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts b/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts
index acd2494131..07ffa0b1c7 100644
--- a/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts
@@ -4,7 +4,6 @@
  */
 
 import { Inject, Injectable } from '@nestjs/common';
-import { IsNull } from 'typeorm';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { EmojisRepository } from '@/models/_.js';
 import type { MiDriveFile } from '@/models/DriveFile.js';
@@ -88,10 +87,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			if (isDuplicate) throw new ApiError(meta.errors.duplicateName);
 
 			const addedEmoji = await this.customEmojiService.add({
-				driveFile,
+				originalUrl: driveFile.url,
+				publicUrl: driveFile.webpublicUrl ?? driveFile.url,
+				fileType: driveFile.webpublicType ?? driveFile.type,
 				name: nameNfc,
 				category: emoji.category?.normalize('NFC') ?? null,
-				aliases: emoji.aliases?.map(a => a.normalize('NFC')),
+				aliases: emoji.aliases.map(a => a.normalize('NFC')),
 				host: null,
 				license: emoji.license,
 				isSensitive: emoji.isSensitive,
diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/update.ts b/packages/backend/src/server/api/endpoints/admin/emoji/update.ts
index 071ddbef18..fd6db9c4ab 100644
--- a/packages/backend/src/server/api/endpoints/admin/emoji/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/update.ts
@@ -86,7 +86,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 			const error = await this.customEmojiService.update({
 				...required,
-				driveFile,
+				originalUrl: driveFile != null ? driveFile.url : undefined,
+				publicUrl: driveFile != null ? (driveFile.webpublicUrl ?? driveFile.url) : undefined,
+				fileType: driveFile != null ? (driveFile.webpublicType ?? driveFile.type) : undefined,
 				category: ps.category?.normalize('NFC'),
 				aliases: ps.aliases?.map(a => a.normalize('NFC')),
 				license: ps.license,
diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts
index 616a77e337..19ca3ceb8e 100644
--- a/packages/backend/src/server/api/endpoints/ap/show.ts
+++ b/packages/backend/src/server/api/endpoints/ap/show.ts
@@ -19,6 +19,7 @@ import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
 import { UtilityService } from '@/core/UtilityService.js';
 import { bindThis } from '@/decorators.js';
 import { ApiError } from '../../error.js';
+import { IdentifiableError } from '@/misc/identifiable-error.js';
 
 export const meta = {
 	tags: ['federation'],
@@ -32,6 +33,31 @@ export const meta = {
 	},
 
 	errors: {
+		federationNotAllowed: {
+			message: 'Federation for this host is not allowed.',
+			code: 'FEDERATION_NOT_ALLOWED',
+			id: '974b799e-1a29-4889-b706-18d4dd93e266',
+		},
+		uriInvalid: {
+			message: 'URI is invalid.',
+			code: 'URI_INVALID',
+			id: '1a5eab56-e47b-48c2-8d5e-217b897d70db',
+		},
+		requestFailed: {
+			message: 'Request failed.',
+			code: 'REQUEST_FAILED',
+			id: '81b539cf-4f57-4b29-bc98-032c33c0792e',
+		},
+		responseInvalid: {
+			message: 'Response from remote server is invalid.',
+			code: 'RESPONSE_INVALID',
+			id: '70193c39-54f3-4813-82f0-70a680f7495b',
+		},
+		responseInvalidIdHostNotMatch: {
+			message: 'Requested URI and response URI host does not match.',
+			code: 'RESPONSE_INVALID_ID_HOST_NOT_MATCH',
+			id: 'a2c9c61a-cb72-43ab-a964-3ca5fddb410a',
+		},
 		noSuchObject: {
 			message: 'No such object.',
 			code: 'NO_SUCH_OBJECT',
@@ -110,7 +136,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 	 */
 	@bindThis
 	private async fetchAny(uri: string, me: MiLocalUser | null | undefined): Promise<SchemaType<typeof meta['res']> | null> {
-		if (!this.utilityService.isFederationAllowedUri(uri)) return null;
+		if (!this.utilityService.isFederationAllowedUri(uri)) {
+			throw new ApiError(meta.errors.federationNotAllowed);
+		}
 
 		let local = await this.mergePack(me, ...await Promise.all([
 			this.apDbResolverService.getUserFromApId(uri),
@@ -125,7 +153,40 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 		// リモートから一旦オブジェクトフェッチ
 		const resolver = this.apResolverService.createResolver();
-		const object = await resolver.resolve(uri) as any;
+		const object = await resolver.resolve(uri).catch((err) => {
+			if (err instanceof IdentifiableError) {
+				switch (err.id) {
+					// resolve
+					case 'b94fd5b1-0e3b-4678-9df2-dad4cd515ab2':
+						throw new ApiError(meta.errors.uriInvalid);
+					case '0dc86cf6-7cd6-4e56-b1e6-5903d62d7ea5':
+					case 'd592da9f-822f-4d91-83d7-4ceefabcf3d2':
+						throw new ApiError(meta.errors.requestFailed);
+					case '09d79f9e-64f1-4316-9cfa-e75c4d091574':
+						throw new ApiError(meta.errors.federationNotAllowed);
+					case '72180409-793c-4973-868e-5a118eb5519b':
+					case 'ad2dc287-75c1-44c4-839d-3d2e64576675':
+						throw new ApiError(meta.errors.responseInvalid);
+					case 'fd93c2fa-69a8-440f-880b-bf178e0ec877':
+						throw new ApiError(meta.errors.responseInvalidIdHostNotMatch);
+
+					// resolveLocal
+					case '02b40cd0-fa92-4b0c-acc9-fb2ada952ab8':
+						throw new ApiError(meta.errors.uriInvalid);
+					case 'a9d946e5-d276-47f8-95fb-f04230289bb0':
+					case '06ae3170-1796-4d93-a697-2611ea6d83b6':
+						throw new ApiError(meta.errors.noSuchObject);
+					case '7a5d2fc0-94bc-4db6-b8b8-1bf24a2e23d0':
+						throw new ApiError(meta.errors.responseInvalid);
+				}
+			}
+
+			throw new ApiError(meta.errors.requestFailed);
+		});
+
+		if (object.id == null) {
+			throw new ApiError(meta.errors.responseInvalid);
+		}
 
 		// /@user のような正規id以外で取得できるURIが指定されていた場合、ここで初めて正規URIが確定する
 		// これはDBに存在する可能性があるため再度DB検索
diff --git a/packages/backend/src/server/api/endpoints/i/apps.ts b/packages/backend/src/server/api/endpoints/i/apps.ts
index 661fa257a6..f290ff6844 100644
--- a/packages/backend/src/server/api/endpoints/i/apps.ts
+++ b/packages/backend/src/server/api/endpoints/i/apps.ts
@@ -93,7 +93,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				name: token.name ?? token.app?.name,
 				createdAt: this.idService.parse(token.id).date.toISOString(),
 				lastUsedAt: token.lastUsedAt?.toISOString(),
-				permission: token.permission,
+				permission: token.app ? token.app.permission : token.permission,
 			})));
 		});
 	}
diff --git a/packages/backend/src/server/api/endpoints/i/update.ts b/packages/backend/src/server/api/endpoints/i/update.ts
index 09c06a108d..a80e5ed033 100644
--- a/packages/backend/src/server/api/endpoints/i/update.ts
+++ b/packages/backend/src/server/api/endpoints/i/update.ts
@@ -592,7 +592,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			const html = await this.httpRequestService.getHtml(url);
 
 			const { window } = new JSDOM(html);
-			const doc = window.document;
+			const doc: Document = window.document;
 
 			const myLink = `${this.config.url}/@${user.username}`;
 
diff --git a/packages/backend/src/server/api/endpoints/pages/update.ts b/packages/backend/src/server/api/endpoints/pages/update.ts
index f11bbbcb1a..e52d9c32df 100644
--- a/packages/backend/src/server/api/endpoints/pages/update.ts
+++ b/packages/backend/src/server/api/endpoints/pages/update.ts
@@ -102,15 +102,17 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				}
 			}
 
-			await this.pagesRepository.findBy({
-				id: Not(ps.pageId),
-				userId: me.id,
-				name: ps.name,
-			}).then(result => {
-				if (result.length > 0) {
-					throw new ApiError(meta.errors.nameAlreadyExists);
-				}
-			});
+			if (ps.name != null) {
+				await this.pagesRepository.findBy({
+					id: Not(ps.pageId),
+					userId: me.id,
+					name: ps.name,
+				}).then(result => {
+					if (result.length > 0) {
+						throw new ApiError(meta.errors.nameAlreadyExists);
+					}
+				});
+			}
 
 			await this.pagesRepository.update(page.id, {
 				updatedAt: new Date(),
diff --git a/packages/backend/src/server/api/endpoints/v2/admin/emoji/list.ts b/packages/backend/src/server/api/endpoints/v2/admin/emoji/list.ts
new file mode 100644
index 0000000000..9426318e34
--- /dev/null
+++ b/packages/backend/src/server/api/endpoints/v2/admin/emoji/list.ts
@@ -0,0 +1,126 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and other misskey contributors
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+import { Injectable } from '@nestjs/common';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import { EmojiEntityService } from '@/core/entities/EmojiEntityService.js';
+import { CustomEmojiService, fetchEmojisHostTypes, fetchEmojisSortKeys } from '@/core/CustomEmojiService.js';
+
+export const meta = {
+	tags: ['admin'],
+
+	requireCredential: true,
+	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'read:admin:emoji',
+
+	res: {
+		type: 'object',
+		properties: {
+			emojis: {
+				type: 'array',
+				items: {
+					type: 'object',
+					ref: 'EmojiDetailedAdmin',
+				},
+			},
+			count: { type: 'integer' },
+			allCount: { type: 'integer' },
+			allPages: { type: 'integer' },
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		query: {
+			type: 'object',
+			nullable: true,
+			properties: {
+				updatedAtFrom: { type: 'string' },
+				updatedAtTo: { type: 'string' },
+				name: { type: 'string' },
+				host: { type: 'string' },
+				uri: { type: 'string' },
+				publicUrl: { type: 'string' },
+				originalUrl: { type: 'string' },
+				type: { type: 'string' },
+				aliases: { type: 'string' },
+				category: { type: 'string' },
+				license: { type: 'string' },
+				isSensitive: { type: 'boolean' },
+				localOnly: { type: 'boolean' },
+				hostType: {
+					type: 'string',
+					enum: fetchEmojisHostTypes,
+					default: 'all',
+				},
+				roleIds: {
+					type: 'array',
+					items: { type: 'string', format: 'misskey:id' },
+				},
+			},
+		},
+		sinceId: { type: 'string', format: 'misskey:id' },
+		untilId: { type: 'string', format: 'misskey:id' },
+		limit: { type: 'integer', minimum: 1, maximum: 100, default: 10 },
+		page: { type: 'integer' },
+		sortKeys: {
+			type: 'array',
+			default: ['-id'],
+			items: {
+				type: 'string',
+				enum: fetchEmojisSortKeys,
+			},
+		},
+	},
+	required: [],
+} as const;
+
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
+	constructor(
+		private customEmojiService: CustomEmojiService,
+		private emojiEntityService: EmojiEntityService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			const q = ps.query;
+			const result = await this.customEmojiService.fetchEmojis(
+				{
+					query: {
+						updatedAtFrom: q?.updatedAtFrom,
+						updatedAtTo: q?.updatedAtTo,
+						name: q?.name,
+						host: q?.host,
+						uri: q?.uri,
+						publicUrl: q?.publicUrl,
+						type: q?.type,
+						aliases: q?.aliases,
+						category: q?.category,
+						license: q?.license,
+						isSensitive: q?.isSensitive,
+						localOnly: q?.localOnly,
+						hostType: q?.hostType,
+						roleIds: q?.roleIds,
+					},
+					sinceId: ps.sinceId,
+					untilId: ps.untilId,
+				},
+				{
+					limit: ps.limit,
+					page: ps.page,
+					sortKeys: ps.sortKeys,
+				},
+			);
+
+			return {
+				emojis: await this.emojiEntityService.packDetailedAdminMany(result.emojis),
+				count: result.count,
+				allCount: result.allCount,
+				allPages: result.allPages,
+			};
+		});
+	}
+}