認証の修正 (#7597)

* authenticateのキャッシュを廃止

* 凍結ユーザーがサインイン出来てしまうのを修正

* 凍結ユーザーはストリーミング接続出来ないように

* 他人のアクセストークンはrevoke出来ないように, 正常削除を待機するように

* ユーザー/アクセストークンを無効化したらストリーミングを切断するように

* Revert TODO

* ストリーミングterminateは、ユーザー削除後に行うように

* signinでsuspendは別のエラーにする

* トークン再生成後のストリーミング切断は少し待つように

* サスペンド後のストリーミング切断はローカルユーザーのみに

4 files changed, 24 insertions, 2 deletions

diff --git a/src/server/api/endpoints/admin/suspend-user.ts b/src/server/api/endpoints/admin/suspend-user.ts
index 9f3c8eb6f8..912d6a5162 100644
--- a/src/server/api/endpoints/admin/suspend-user.ts
+++ b/src/server/api/endpoints/admin/suspend-user.ts
@@ -6,6 +6,7 @@ import { Users, Followings, Notifications } from '../../../../models';
 import { User } from '../../../../models/entities/user';
 import { insertModerationLog } from '../../../../services/insert-moderation-log';
 import { doPostSuspend } from '../../../../services/suspend-user';
+import { publishUserEvent } from '@/services/stream';
 
 export const meta = {
 	tags: ['admin'],
@@ -43,6 +44,11 @@ export default define(meta, async (ps, me) => {
 		targetId: user.id,
 	});
 
+	// Terminate streaming
+	if (Users.isLocalUser(user)) {
+		publishUserEvent(user.id, 'terminate', {});
+	}
+
 	(async () => {
 		await doPostSuspend(user).catch(e => {});
 		await unFollowAll(user).catch(e => {});
diff --git a/src/server/api/endpoints/i/delete-account.ts b/src/server/api/endpoints/i/delete-account.ts
index 0f04c4c92d..f5f0f32a4a 100644
--- a/src/server/api/endpoints/i/delete-account.ts
+++ b/src/server/api/endpoints/i/delete-account.ts
@@ -3,6 +3,7 @@ import * as bcrypt from 'bcryptjs';
 import define from '../../define';
 import { Users, UserProfiles } from '../../../../models';
 import { doPostSuspend } from '../../../../services/suspend-user';
+import { publishUserEvent } from '@/services/stream';
 
 export const meta = {
 	requireCredential: true as const,
@@ -30,4 +31,7 @@ export default define(meta, async (ps, user) => {
 	await doPostSuspend(user).catch(e => {});
 
 	await Users.delete(user.id);
+
+	// Terminate streaming
+	publishUserEvent(user.id, 'terminate', {});
 });
diff --git a/src/server/api/endpoints/i/regenerate-token.ts b/src/server/api/endpoints/i/regenerate-token.ts
index 3596e20197..3665ed0532 100644
--- a/src/server/api/endpoints/i/regenerate-token.ts
+++ b/src/server/api/endpoints/i/regenerate-token.ts
@@ -1,6 +1,6 @@
 import $ from 'cafy';
 import * as bcrypt from 'bcryptjs';
-import { publishMainStream } from '../../../../services/stream';
+import { publishMainStream, publishUserEvent } from '../../../../services/stream';
 import generateUserToken from '../../common/generate-native-user-token';
 import define from '../../define';
 import { Users, UserProfiles } from '../../../../models';
@@ -36,4 +36,9 @@ export default define(meta, async (ps, user) => {
 
 	// Publish event
 	publishMainStream(user.id, 'myTokenRegenerated');
+
+	// Terminate streaming
+	setTimeout(() => {
+		publishUserEvent(user.id, 'terminate', {});
+	}, 5000);
 });
diff --git a/src/server/api/endpoints/i/revoke-token.ts b/src/server/api/endpoints/i/revoke-token.ts
index d71a1bd135..d22d9ca693 100644
--- a/src/server/api/endpoints/i/revoke-token.ts
+++ b/src/server/api/endpoints/i/revoke-token.ts
@@ -2,6 +2,7 @@ import $ from 'cafy';
 import define from '../../define';
 import { AccessTokens } from '../../../../models';
 import { ID } from '@/misc/cafy-id';
+import { publishUserEvent } from '@/services/stream';
 
 export const meta = {
 	requireCredential: true as const,
@@ -19,6 +20,12 @@ export default define(meta, async (ps, user) => {
 	const token = await AccessTokens.findOne(ps.tokenId);
 
 	if (token) {
-		AccessTokens.delete(token.id);
+		await AccessTokens.delete({
+			id: ps.tokenId,
+			userId: user.id,
+		});
+
+		// Terminate streaming
+		publishUserEvent(user.id, 'terminate');
 	}
 });