From d87fecda7f8c281fd8c53e756e3f946f29f24a9a Mon Sep 17 00:00:00 2001 From: syuilo Date: Wed, 27 Dec 2023 14:21:34 +0900 Subject: [PATCH 01/19] chore(frontend): update team members --- packages/frontend/src/pages/about-misskey.vue | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/frontend/src/pages/about-misskey.vue b/packages/frontend/src/pages/about-misskey.vue index 7cf3aeb95..f8eced8d7 100644 --- a/packages/frontend/src/pages/about-misskey.vue +++ b/packages/frontend/src/pages/about-misskey.vue @@ -69,6 +69,14 @@ SPDX-License-Identifier: AGPL-3.0-only @tai-cha + + + @samunohito + + + + @anatawa12 + From c96bc36fedc804dc840ea791a9355d7df0748e64 Mon Sep 17 00:00:00 2001 From: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com> Date: Wed, 27 Dec 2023 15:08:59 +0900 Subject: [PATCH 02/19] Merge pull request from GHSA-7pxq-6xx9-xpgm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: fix improper authorization when accessing with third-party application * refactor: refactor type definitions * fix: get rid of unnecessary access limitation * enhance: サードパーティアプリケーションがWebsocket APIを使えるように * fix: add missing parentheses * Revert "fix(backend): add missing kind definition for admin endpoints to improve security" This reverts commit 5150053275594278e9eb23e72d98b16593c4c230. * frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする * enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加 * enhance(test): Websocket APIに対するテストも追加 * enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合 * fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正 * enhance(backend): Websocketの接続に最低限必要な権限を変更 * fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように * fix(backend): エンドポイントにアクセスするために必要な権限を変更 * fix(frontend/locale): Add missing type declaration * chore: update `misskey-js/src/autogen` --------- Co-authored-by: tamaina --- CHANGELOG.md | 1 - locales/index.d.ts | 49 ++ locales/ja-JP.yml | 49 ++ packages/backend/src/misc/api-permissions.ts | 40 -- .../backend/src/server/api/ApiCallService.ts | 3 +- .../server/api/StreamingApiServerService.ts | 4 + packages/backend/src/server/api/endpoints.ts | 20 +- .../api/endpoints/admin/abuse-user-reports.ts | 3 +- .../api/endpoints/admin/accounts/create.ts | 2 +- .../api/endpoints/admin/accounts/delete.ts | 3 +- .../endpoints/admin/accounts/find-by-email.ts | 3 +- .../server/api/endpoints/admin/ad/create.ts | 3 +- .../server/api/endpoints/admin/ad/delete.ts | 3 +- .../src/server/api/endpoints/admin/ad/list.ts | 3 +- .../server/api/endpoints/admin/ad/update.ts | 3 +- .../endpoints/admin/announcements/create.ts | 3 +- .../endpoints/admin/announcements/delete.ts | 3 +- .../api/endpoints/admin/announcements/list.ts | 3 +- .../endpoints/admin/announcements/update.ts | 3 +- .../admin/avatar-decorations/create.ts | 3 +- .../admin/avatar-decorations/delete.ts | 3 +- .../admin/avatar-decorations/list.ts | 3 +- .../admin/avatar-decorations/update.ts | 3 +- .../api/endpoints/admin/delete-account.ts | 3 +- .../admin/delete-all-files-of-a-user.ts | 3 +- .../admin/drive/clean-remote-files.ts | 3 +- .../api/endpoints/admin/drive/cleanup.ts | 3 +- .../server/api/endpoints/admin/drive/files.ts | 3 +- .../api/endpoints/admin/drive/show-file.ts | 3 +- .../endpoints/admin/emoji/add-aliases-bulk.ts | 3 +- .../server/api/endpoints/admin/emoji/add.ts | 3 +- .../server/api/endpoints/admin/emoji/copy.ts | 3 +- .../api/endpoints/admin/emoji/delete-bulk.ts | 3 +- .../api/endpoints/admin/emoji/delete.ts | 3 +- .../api/endpoints/admin/emoji/import-zip.ts | 2 +- .../api/endpoints/admin/emoji/list-remote.ts | 3 +- .../server/api/endpoints/admin/emoji/list.ts | 3 +- .../admin/emoji/remove-aliases-bulk.ts | 3 +- .../endpoints/admin/emoji/set-aliases-bulk.ts | 3 +- .../admin/emoji/set-category-bulk.ts | 3 +- .../endpoints/admin/emoji/set-license-bulk.ts | 3 +- .../api/endpoints/admin/emoji/update.ts | 3 +- .../admin/federation/delete-all-files.ts | 3 +- .../refresh-remote-instance-metadata.ts | 3 +- .../admin/federation/remove-all-following.ts | 3 +- .../admin/federation/update-instance.ts | 3 +- .../api/endpoints/admin/get-index-stats.ts | 3 +- .../api/endpoints/admin/get-table-stats.ts | 3 +- .../api/endpoints/admin/get-user-ips.ts | 5 +- .../api/endpoints/admin/invite/create.ts | 3 +- .../server/api/endpoints/admin/invite/list.ts | 3 +- .../src/server/api/endpoints/admin/meta.ts | 3 +- .../api/endpoints/admin/promo/create.ts | 3 +- .../server/api/endpoints/admin/queue/clear.ts | 3 +- .../endpoints/admin/queue/deliver-delayed.ts | 3 +- .../endpoints/admin/queue/inbox-delayed.ts | 3 +- .../api/endpoints/admin/queue/promote.ts | 3 +- .../server/api/endpoints/admin/queue/stats.ts | 3 +- .../server/api/endpoints/admin/relays/add.ts | 3 +- .../server/api/endpoints/admin/relays/list.ts | 3 +- .../api/endpoints/admin/relays/remove.ts | 3 +- .../api/endpoints/admin/reset-password.ts | 3 +- .../admin/resolve-abuse-user-report.ts | 3 +- .../api/endpoints/admin/roles/assign.ts | 3 +- .../api/endpoints/admin/roles/create.ts | 3 +- .../api/endpoints/admin/roles/delete.ts | 3 +- .../server/api/endpoints/admin/roles/list.ts | 3 +- .../server/api/endpoints/admin/roles/show.ts | 3 +- .../api/endpoints/admin/roles/unassign.ts | 3 +- .../admin/roles/update-default-policies.ts | 3 +- .../api/endpoints/admin/roles/update.ts | 3 +- .../server/api/endpoints/admin/roles/users.ts | 3 +- .../server/api/endpoints/admin/send-email.ts | 3 +- .../server/api/endpoints/admin/server-info.ts | 3 +- .../endpoints/admin/show-moderation-logs.ts | 3 +- .../server/api/endpoints/admin/show-user.ts | 3 +- .../server/api/endpoints/admin/show-users.ts | 3 +- .../api/endpoints/admin/suspend-user.ts | 3 +- .../api/endpoints/admin/unset-user-avatar.ts | 3 +- .../api/endpoints/admin/unset-user-banner.ts | 3 +- .../api/endpoints/admin/unsuspend-user.ts | 3 +- .../server/api/endpoints/admin/update-meta.ts | 3 +- .../api/endpoints/admin/update-user-note.ts | 3 +- .../src/server/api/endpoints/ap/get.ts | 1 + .../src/server/api/endpoints/ap/show.ts | 1 + .../federation/update-remote-user.ts | 2 +- .../api/endpoints/fetch-external-resources.ts | 1 + .../backend/src/server/api/endpoints/i.ts | 1 + .../api/endpoints/i/claim-achievement.ts | 1 + .../api/endpoints/i/registry/get-all.ts | 1 + .../api/endpoints/i/registry/get-detail.ts | 1 + .../server/api/endpoints/i/registry/get.ts | 1 + .../endpoints/i/registry/keys-with-type.ts | 1 + .../server/api/endpoints/i/registry/keys.ts | 1 + .../server/api/endpoints/i/registry/remove.ts | 1 + .../server/api/endpoints/i/registry/set.ts | 1 + .../src/server/api/endpoints/invite/create.ts | 1 + .../src/server/api/endpoints/invite/delete.ts | 1 + .../src/server/api/endpoints/invite/limit.ts | 1 + .../src/server/api/endpoints/invite/list.ts | 1 + .../src/server/api/endpoints/my/apps.ts | 1 + .../api/endpoints/notes/hybrid-timeline.ts | 1 + .../server/api/endpoints/notes/mentions.ts | 1 + .../endpoints/notes/polls/recommendation.ts | 1 + .../src/server/api/endpoints/notes/state.ts | 1 + .../server/api/endpoints/notes/timeline.ts | 1 + .../server/api/endpoints/notes/translate.ts | 1 + .../api/endpoints/notes/user-list-timeline.ts | 1 + .../src/server/api/endpoints/promo/read.ts | 1 + .../src/server/api/endpoints/roles/list.ts | 1 + .../src/server/api/endpoints/roles/notes.ts | 1 + .../src/server/api/endpoints/sw/register.ts | 1 + .../api/endpoints/sw/show-registration.ts | 1 + .../api/endpoints/sw/update-registration.ts | 1 + .../api/endpoints/users/achievements.ts | 4 +- .../users/lists/create-from-public.ts | 1 + .../api/endpoints/users/lists/favorite.ts | 1 + .../api/endpoints/users/lists/unfavorite.ts | 1 + .../server/api/endpoints/users/relation.ts | 1 + .../api/endpoints/users/report-abuse.ts | 1 + .../src/server/api/stream/ChannelsService.ts | 3 +- .../src/server/api/stream/Connection.ts | 5 + .../backend/src/server/api/stream/channel.ts | 8 + .../src/server/api/stream/channels/admin.ts | 8 +- .../src/server/api/stream/channels/antenna.ts | 8 +- .../src/server/api/stream/channels/channel.ts | 7 +- .../src/server/api/stream/channels/drive.ts | 8 +- .../api/stream/channels/global-timeline.ts | 7 +- .../src/server/api/stream/channels/hashtag.ts | 7 +- .../api/stream/channels/home-timeline.ts | 8 +- .../api/stream/channels/hybrid-timeline.ts | 8 +- .../api/stream/channels/local-timeline.ts | 7 +- .../src/server/api/stream/channels/main.ts | 8 +- .../server/api/stream/channels/queue-stats.ts | 7 +- .../api/stream/channels/role-timeline.ts | 7 +- .../api/stream/channels/server-stats.ts | 7 +- .../server/api/stream/channels/user-list.ts | 7 +- .../src/server/oauth/OAuth2ProviderService.ts | 4 +- packages/backend/test/e2e/api.ts | 43 +- packages/backend/test/e2e/streaming.ts | 25 +- packages/backend/test/utils.ts | 10 + .../src/components/MkTokenGenerateWindow.vue | 9 +- .../misskey-js/src/autogen/apiClientJSDoc.ts | 226 ++++----- packages/misskey-js/src/autogen/endpoint.ts | 2 +- packages/misskey-js/src/autogen/entities.ts | 2 +- packages/misskey-js/src/autogen/models.ts | 2 +- packages/misskey-js/src/autogen/types.ts | 450 +++++++++--------- packages/misskey-js/src/consts.ts | 50 +- 148 files changed, 797 insertions(+), 581 deletions(-) delete mode 100644 packages/backend/src/misc/api-permissions.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 52f5c07ab..8b71f6540 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -132,7 +132,6 @@ - Fix: モデレーションログがモデレーターは閲覧できないように修正 - Fix: ハッシュタグのトレンド除外設定が即時に効果を持つように修正 - Fix: HTTP Digestヘッダのアルゴリズム部分に大文字の"SHA-256"しか使えない -- Fix: 管理者用APIのアクセス権限が適切に設定されていない問題を修正 ## 2023.11.1 diff --git a/locales/index.d.ts b/locales/index.d.ts index b3589082e..89bdddbdc 100644 --- a/locales/index.d.ts +++ b/locales/index.d.ts @@ -2066,6 +2066,55 @@ export interface Locale { "write:flash": string; "read:flash-likes": string; "write:flash-likes": string; + "read:admin:abuse-user-reports": string; + "write:admin:delete-account": string; + "write:admin:delete-all-files-of-a-user": string; + "read:admin:index-stats": string; + "read:admin:table-stats": string; + "read:admin:user-ips": string; + "read:admin:meta": string; + "write:admin:reset-password": string; + "write:admin:resolve-abuse-user-report": string; + "write:admin:send-email": string; + "read:admin:server-info": string; + "read:admin:show-moderation-log": string; + "read:admin:show-user": string; + "read:admin:show-users": string; + "write:admin:suspend-user": string; + "write:admin:unset-user-avatar": string; + "write:admin:unset-user-banner": string; + "write:admin:unsuspend-user": string; + "write:admin:meta": string; + "write:admin:user-note": string; + "write:admin:roles": string; + "read:admin:roles": string; + "write:admin:relays": string; + "read:admin:relays": string; + "write:admin:invite-codes": string; + "read:admin:invite-codes": string; + "write:admin:announcements": string; + "read:admin:announcements": string; + "write:admin:avatar-decorations": string; + "read:admin:avatar-decorations": string; + "write:admin:federation": string; + "write:admin:account": string; + "read:admin:account": string; + "write:admin:emoji": string; + "read:admin:emoji": string; + "write:admin:queue": string; + "read:admin:queue": string; + "write:admin:promo": string; + "write:admin:drive": string; + "read:admin:drive": string; + "read:admin:stream": string; + "write:admin:ad": string; + "read:admin:ad": string; + "write:invite-codes": string; + "read:invite-codes": string; + "write:clip-favorite": string; + "read:clip-favorite": string; + "read:federation": string; + "write:report-abuse": string; }; "_auth": { "shareAccessTitle": string; diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml index b59fb6e74..7bc588929 100644 --- a/locales/ja-JP.yml +++ b/locales/ja-JP.yml @@ -1971,6 +1971,55 @@ _permissions: "write:flash": "Playを操作する" "read:flash-likes": "Playのいいねを見る" "write:flash-likes": "Playのいいねを操作する" + "read:admin:abuse-user-reports": "ユーザーからの通報を見る" + "write:admin:delete-account": "ユーザーアカウントを削除する" + "write:admin:delete-all-files-of-a-user": "ユーザーのすべてのファイルを削除する" + "read:admin:index-stats": "データベースインデックスに関する情報を見る" + "read:admin:table-stats": "データベーステーブルに関する情報を見る" + "read:admin:user-ips": "ユーザーのIPアドレスを見る" + "read:admin:meta": "インスタンスのメタデータを見る" + "write:admin:reset-password": "ユーザーのパスワードをリセットする" + "write:admin:resolve-abuse-user-report": "ユーザーからの通報を解決する" + "write:admin:send-email": "メールを送る" + "read:admin:server-info": "サーバーの情報を見る" + "read:admin:show-moderation-log": "モデレーションログを見る" + "read:admin:show-user": "ユーザーのプライベートな情報を見る" + "read:admin:show-users": "ユーザーのプライベートな情報を見る" + "write:admin:suspend-user": "ユーザーを凍結する" + "write:admin:unset-user-avatar": "ユーザーのアバターを削除する" + "write:admin:unset-user-banner": "ユーザーのバーナーを削除する" + "write:admin:unsuspend-user": "ユーザーの凍結を解除する" + "write:admin:meta": "インスタンスのメタデータを操作する" + "write:admin:user-note": "モデレーションノートを操作する" + "write:admin:roles": "ロールを操作する" + "read:admin:roles": "ロールを見る" + "write:admin:relays": "リレーを操作する" + "read:admin:relays": "リレーを見る" + "write:admin:invite-codes": "招待コードを操作する" + "read:admin:invite-codes": "招待コードを見る" + "write:admin:announcements": "お知らせを操作する" + "read:admin:announcements": "お知らせを見る" + "write:admin:avatar-decorations": "アバターデコレーションを操作する" + "read:admin:avatar-decorations": "アバターデコレーションを見る" + "write:admin:federation": "連合に関する情報を操作する" + "write:admin:account": "ユーザーアカウントを操作する" + "read:admin:account": "ユーザーに関する情報を見る" + "write:admin:emoji": "絵文字を操作する" + "read:admin:emoji": "絵文字を見る" + "write:admin:queue": "ジョブキューを操作する" + "read:admin:queue": "ジョブキューに関する情報を見る" + "write:admin:promo": "プロモーションノートを操作する" + "write:admin:drive": "ユーザーのドライブを操作する" + "read:admin:drive": "ユーザーのドライブの関する情報を見る" + "read:admin:stream": "管理者用のWebsocket APIを使う" + "write:admin:ad": "広告を操作する" + "read:admin:ad": "広告を見る" + "write:invite-codes": "招待コードを作成する" + "read:invite-codes": "招待コードを取得する" + "write:clip-favorite": "クリップのいいねを操作する" + "read:clip-favorite": "クリップのいいねを見る" + "read:federation": "連合に関する情報を取得する" + "write:report-abuse": "違反を報告する" _auth: shareAccessTitle: "アプリへのアクセス許可" diff --git a/packages/backend/src/misc/api-permissions.ts b/packages/backend/src/misc/api-permissions.ts deleted file mode 100644 index 57c930884..000000000 --- a/packages/backend/src/misc/api-permissions.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * SPDX-FileCopyrightText: syuilo and other misskey contributors - * SPDX-License-Identifier: AGPL-3.0-only - */ - -export const kinds = [ - 'read:account', - 'write:account', - 'read:blocks', - 'write:blocks', - 'read:drive', - 'write:drive', - 'read:favorites', - 'write:favorites', - 'read:following', - 'write:following', - 'read:messaging', - 'write:messaging', - 'read:mutes', - 'write:mutes', - 'write:notes', - 'read:notifications', - 'write:notifications', - 'read:reactions', - 'write:reactions', - 'write:votes', - 'read:pages', - 'write:pages', - 'write:page-likes', - 'read:page-likes', - 'read:user-groups', - 'write:user-groups', - 'read:channels', - 'write:channels', - 'read:gallery', - 'write:gallery', - 'read:gallery-likes', - 'write:gallery-likes', -]; -// IF YOU ADD KINDS(PERMISSIONS), YOU MUST ADD TRANSLATIONS (under _permissions). diff --git a/packages/backend/src/server/api/ApiCallService.ts b/packages/backend/src/server/api/ApiCallService.ts index 66f171a5d..56f804dee 100644 --- a/packages/backend/src/server/api/ApiCallService.ts +++ b/packages/backend/src/server/api/ApiCallService.ts @@ -330,7 +330,8 @@ export class ApiCallService implements OnApplicationShutdown { } } - if (token && ep.meta.kind && !token.permission.some(p => p === ep.meta.kind)) { + if (token && ((ep.meta.kind && !token.permission.some(p => p === ep.meta.kind)) + || (!ep.meta.kind && (ep.meta.requireCredential || ep.meta.requireModerator || ep.meta.requireAdmin)))) { throw new ApiError({ message: 'Your app does not have the necessary permissions to use this endpoint.', code: 'PERMISSION_DENIED', diff --git a/packages/backend/src/server/api/StreamingApiServerService.ts b/packages/backend/src/server/api/StreamingApiServerService.ts index dc3a00617..3b387d92c 100644 --- a/packages/backend/src/server/api/StreamingApiServerService.ts +++ b/packages/backend/src/server/api/StreamingApiServerService.ts @@ -71,6 +71,10 @@ export class StreamingApiServerService { try { [user, app] = await this.authenticateService.authenticate(token); + + if (app !== null && !app.permission.some(p => p === 'read:account')) { + throw new AuthenticationError('Your app does not have necessary permissions to use websocket API.'); + } } catch (e) { if (e instanceof AuthenticationError) { socket.write([ diff --git a/packages/backend/src/server/api/endpoints.ts b/packages/backend/src/server/api/endpoints.ts index e458d720a..41232091c 100644 --- a/packages/backend/src/server/api/endpoints.ts +++ b/packages/backend/src/server/api/endpoints.ts @@ -4,6 +4,7 @@ */ import type { Schema } from '@/misc/json-schema.js'; +import { permissions } from 'misskey-js'; import { RolePolicies } from '@/core/RoleService.js'; import * as ep___admin_meta from './endpoints/admin/meta.js'; @@ -724,7 +725,7 @@ const eps = [ ['retention', ep___retention], ]; -export interface IEndpointMeta { +interface IEndpointMetaBase { readonly stability?: 'deprecated' | 'experimental' | 'stable'; readonly tags?: ReadonlyArray; @@ -823,6 +824,23 @@ export interface IEndpointMeta { readonly cacheSec?: number; } +export type IEndpointMeta = (Omit & { + requireCredential?: false, + requireAdmin?: false, + requireModerator?: false, +}) | (Omit & { + secure: true, +}) | (Omit & { + requireCredential: true, + kind: (typeof permissions)[number], +}) | (Omit & { + requireModerator: true, + kind: (typeof permissions)[number], +}) | (Omit & { + requireAdmin: true, + kind: (typeof permissions)[number], +}) + export interface IEndpoint { name: string; meta: IEndpointMeta; diff --git a/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts b/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts index 484118cd4..3484d6707 100644 --- a/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts +++ b/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts @@ -13,10 +13,9 @@ import { AbuseUserReportEntityService } from '@/core/entities/AbuseUserReportEnt export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:abuse-user-reports', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts index 07f24d299..a2f9bf694 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts @@ -15,7 +15,7 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', + secure: true, res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts index 86f4b0709..52d8c8ce1 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts @@ -14,10 +14,9 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:account', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts b/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts index bc292fd53..93673453d 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts @@ -13,10 +13,9 @@ import { ApiError } from '@/server/api/error.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireAdmin: true, + kind: 'read:admin:account', errors: { userNotFound: { diff --git a/packages/backend/src/server/api/endpoints/admin/ad/create.ts b/packages/backend/src/server/api/endpoints/admin/ad/create.ts index 087ae4bef..041b10f9f 100644 --- a/packages/backend/src/server/api/endpoints/admin/ad/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/ad/create.ts @@ -13,10 +13,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:ad', res: { type: 'object', optional: false, diff --git a/packages/backend/src/server/api/endpoints/admin/ad/delete.ts b/packages/backend/src/server/api/endpoints/admin/ad/delete.ts index ba655a6aa..5b18b347d 100644 --- a/packages/backend/src/server/api/endpoints/admin/ad/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/ad/delete.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:ad', errors: { noSuchAd: { diff --git a/packages/backend/src/server/api/endpoints/admin/ad/list.ts b/packages/backend/src/server/api/endpoints/admin/ad/list.ts index 12528917d..586c1f44d 100644 --- a/packages/backend/src/server/api/endpoints/admin/ad/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/ad/list.ts @@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:ad', res: { type: 'array', optional: false, diff --git a/packages/backend/src/server/api/endpoints/admin/ad/update.ts b/packages/backend/src/server/api/endpoints/admin/ad/update.ts index b83c16300..bf96e44b0 100644 --- a/packages/backend/src/server/api/endpoints/admin/ad/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/ad/update.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:ad', errors: { noSuchAd: { diff --git a/packages/backend/src/server/api/endpoints/admin/announcements/create.ts b/packages/backend/src/server/api/endpoints/admin/announcements/create.ts index fb432336e..c9df70c76 100644 --- a/packages/backend/src/server/api/endpoints/admin/announcements/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/announcements/create.ts @@ -10,10 +10,9 @@ import { AnnouncementService } from '@/core/AnnouncementService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:announcements', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts b/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts index e84e63c66..939333345 100644 --- a/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:announcements', errors: { noSuchAnnouncement: { diff --git a/packages/backend/src/server/api/endpoints/admin/announcements/list.ts b/packages/backend/src/server/api/endpoints/admin/announcements/list.ts index e98ef0b16..429b13859 100644 --- a/packages/backend/src/server/api/endpoints/admin/announcements/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/announcements/list.ts @@ -14,10 +14,9 @@ import { IdService } from '@/core/IdService.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:announcements', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/announcements/update.ts b/packages/backend/src/server/api/endpoints/admin/announcements/update.ts index e2ec34489..db6db8356 100644 --- a/packages/backend/src/server/api/endpoints/admin/announcements/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/announcements/update.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:announcements', errors: { noSuchAnnouncement: { diff --git a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts index 158435ed2..4ac74253c 100644 --- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts @@ -10,10 +10,9 @@ import { AvatarDecorationService } from '@/core/AvatarDecorationService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageAvatarDecorations', + kind: 'write:admin:avatar-decorations', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts index 06083cc18..88977f801 100644 --- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts @@ -12,10 +12,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageAvatarDecorations', + kind: 'write:admin:avatar-decorations', errors: { }, } as const; diff --git a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts index 49a8718bc..33122c3ee 100644 --- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts @@ -15,10 +15,9 @@ import { AvatarDecorationService } from '@/core/AvatarDecorationService.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireRolePolicy: 'canManageAvatarDecorations', + kind: 'read:admin:avatar-decorations', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts index 3d8f3d63d..6211345f9 100644 --- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts @@ -12,10 +12,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageAvatarDecorations', + kind: 'write:admin:avatar-decorations', errors: { }, diff --git a/packages/backend/src/server/api/endpoints/admin/delete-account.ts b/packages/backend/src/server/api/endpoints/admin/delete-account.ts index adc446d14..2c82c2879 100644 --- a/packages/backend/src/server/api/endpoints/admin/delete-account.ts +++ b/packages/backend/src/server/api/endpoints/admin/delete-account.ts @@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:delete-account', res: { }, diff --git a/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts b/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts index 1fdbbfb12..7d33065f2 100644 --- a/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts +++ b/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts @@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:delete-all-files-of-a-user', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts b/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts index 3f23319a5..af2bb6b1c 100644 --- a/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts +++ b/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts @@ -10,10 +10,9 @@ import { QueueService } from '@/core/QueueService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:drive', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts b/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts index fd8fa46a4..a3b221284 100644 --- a/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts +++ b/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts @@ -13,10 +13,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:drive', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/drive/files.ts b/packages/backend/src/server/api/endpoints/admin/drive/files.ts index 816bbfbc4..37fa439bc 100644 --- a/packages/backend/src/server/api/endpoints/admin/drive/files.ts +++ b/packages/backend/src/server/api/endpoints/admin/drive/files.ts @@ -13,10 +13,9 @@ import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.j export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:drive', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts b/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts index 61cb84355..3aeb3e45e 100644 --- a/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts +++ b/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts @@ -14,10 +14,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:drive', errors: { noSuchFile: { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts index 5333adb62..1cd8125c5 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/add.ts b/packages/backend/src/server/api/endpoints/admin/emoji/add.ts index 76ff1c6b9..4a9418d05 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/add.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/add.ts @@ -14,10 +14,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', errors: { noSuchFile: { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts b/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts index 87260faa4..476780b23 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts @@ -16,10 +16,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', errors: { noSuchEmoji: { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts index c483794a4..450695984 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts b/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts index e15af7717..e1e6e7c2c 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', errors: { noSuchEmoji: { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts b/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts index b75616f3c..208616c0a 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts @@ -8,7 +8,7 @@ import { Endpoint } from '@/server/api/endpoint-base.js'; import { QueueService } from '@/core/QueueService.js'; export const meta = { - kind: 'write:admin', + secure: true, requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', } as const; diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts b/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts index a383e0933..f3e0c1ef1 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts @@ -15,10 +15,9 @@ import { sqlLikeEscape } from '@/misc/sql-like-escape.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'read:admin:emoji', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/list.ts b/packages/backend/src/server/api/endpoints/admin/emoji/list.ts index 210b3639c..59e87253f 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/list.ts @@ -15,10 +15,9 @@ import { EmojiEntityService } from '@/core/entities/EmojiEntityService.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'read:admin:emoji', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts index 8e92db1da..26dd43e92 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts index 5a06b5b32..18961976f 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts index b3e9c6df1..c680f2e2d 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts index c59d13ad1..47c692b61 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/update.ts b/packages/backend/src/server/api/endpoints/admin/emoji/update.ts index 61d857b7b..550bb0052 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/update.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', errors: { noSuchEmoji: { diff --git a/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts b/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts index b81297413..57612850b 100644 --- a/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts +++ b/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts @@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:federation', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts b/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts index 6cc4e3087..0d061c685 100644 --- a/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts +++ b/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts @@ -13,10 +13,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:federation', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts b/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts index 18884dfca..c15fb8345 100644 --- a/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts +++ b/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts @@ -12,10 +12,9 @@ import { QueueService } from '@/core/QueueService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:federation', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts b/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts index 4232d42ba..f429949e1 100644 --- a/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts +++ b/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts @@ -14,10 +14,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:federation', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts b/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts index b81d9857d..0b5021211 100644 --- a/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts +++ b/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts @@ -11,8 +11,7 @@ import { DI } from '@/di-symbols.js'; export const meta = { requireCredential: true, requireAdmin: true, - - kind: 'read:admin', + kind: 'read:admin:index-stats', tags: ['admin'], res: { diff --git a/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts b/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts index c104f653e..0d44b288c 100644 --- a/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts +++ b/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts @@ -11,8 +11,7 @@ import { DI } from '@/di-symbols.js'; export const meta = { requireCredential: true, requireAdmin: true, - - kind: 'read:admin', + kind: 'read:admin:table-stats', tags: ['admin'], diff --git a/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts b/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts index 76c32f2a9..1b437f718 100644 --- a/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts +++ b/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts @@ -12,10 +12,9 @@ import { IdService } from '@/core/IdService.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:user-ips', res: { type: 'array', optional: false, @@ -34,7 +33,7 @@ export const meta = { }, }, }, - } + }, } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/invite/create.ts b/packages/backend/src/server/api/endpoints/admin/invite/create.ts index 96de772ed..396b84623 100644 --- a/packages/backend/src/server/api/endpoints/admin/invite/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/invite/create.ts @@ -16,10 +16,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:invite-codes', errors: { invalidDateTime: { diff --git a/packages/backend/src/server/api/endpoints/admin/invite/list.ts b/packages/backend/src/server/api/endpoints/admin/invite/list.ts index 3b7dc72e1..d293dcadc 100644 --- a/packages/backend/src/server/api/endpoints/admin/invite/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/invite/list.ts @@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:invite-codes', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/meta.ts b/packages/backend/src/server/api/endpoints/admin/meta.ts index eef27b972..febc4ab1b 100644 --- a/packages/backend/src/server/api/endpoints/admin/meta.ts +++ b/packages/backend/src/server/api/endpoints/admin/meta.ts @@ -13,10 +13,9 @@ import { DEFAULT_POLICIES } from '@/core/RoleService.js'; export const meta = { tags: ['meta'], - kind: 'read:admin', - requireCredential: true, requireAdmin: true, + kind: 'read:admin:meta', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/promo/create.ts b/packages/backend/src/server/api/endpoints/admin/promo/create.ts index e2befec50..ab69dfba9 100644 --- a/packages/backend/src/server/api/endpoints/admin/promo/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/promo/create.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:promo', errors: { noSuchNote: { diff --git a/packages/backend/src/server/api/endpoints/admin/queue/clear.ts b/packages/backend/src/server/api/endpoints/admin/queue/clear.ts index 1d565e8f2..9912043c8 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/clear.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/clear.ts @@ -11,10 +11,9 @@ import { QueueService } from '@/core/QueueService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:queue', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts b/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts index 30005fc66..847390910 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts @@ -11,10 +11,9 @@ import type { DeliverQueue } from '@/core/QueueModule.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:queue', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts b/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts index aa8b6edee..19f7cb85c 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts @@ -11,10 +11,9 @@ import type { InboxQueue } from '@/core/QueueModule.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:queue', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/queue/promote.ts b/packages/backend/src/server/api/endpoints/admin/queue/promote.ts index 8f46cd637..d06780e04 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/promote.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/promote.ts @@ -11,10 +11,9 @@ import { QueueService } from '@/core/QueueService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:queue', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/queue/stats.ts b/packages/backend/src/server/api/endpoints/admin/queue/stats.ts index 1d92e2bf8..189690b70 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/stats.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/stats.ts @@ -10,10 +10,9 @@ import type { DbQueue, DeliverQueue, EndedPollNotificationQueue, InboxQueue, Obj export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:emoji', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/relays/add.ts b/packages/backend/src/server/api/endpoints/admin/relays/add.ts index 53b83560c..d55dff7b0 100644 --- a/packages/backend/src/server/api/endpoints/admin/relays/add.ts +++ b/packages/backend/src/server/api/endpoints/admin/relays/add.ts @@ -12,10 +12,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:relays', errors: { invalidUrl: { diff --git a/packages/backend/src/server/api/endpoints/admin/relays/list.ts b/packages/backend/src/server/api/endpoints/admin/relays/list.ts index 35c8e0548..61ea287bf 100644 --- a/packages/backend/src/server/api/endpoints/admin/relays/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/relays/list.ts @@ -10,10 +10,9 @@ import { RelayService } from '@/core/RelayService.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:relays', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/relays/remove.ts b/packages/backend/src/server/api/endpoints/admin/relays/remove.ts index fdc53cb70..8a6dd4e15 100644 --- a/packages/backend/src/server/api/endpoints/admin/relays/remove.ts +++ b/packages/backend/src/server/api/endpoints/admin/relays/remove.ts @@ -10,10 +10,9 @@ import { RelayService } from '@/core/RelayService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:relays', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/reset-password.ts b/packages/backend/src/server/api/endpoints/admin/reset-password.ts index 73bbd1f09..1a402b4a4 100644 --- a/packages/backend/src/server/api/endpoints/admin/reset-password.ts +++ b/packages/backend/src/server/api/endpoints/admin/reset-password.ts @@ -14,10 +14,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:reset-password', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts b/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts index fb26c82a9..26c4038b9 100644 --- a/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts +++ b/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts @@ -15,10 +15,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:resolve-abuse-user-report', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/assign.ts b/packages/backend/src/server/api/endpoints/admin/roles/assign.ts index bbd4cfabb..8eb3d2bf5 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/assign.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/assign.ts @@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/create.ts b/packages/backend/src/server/api/endpoints/admin/roles/create.ts index ac6085d92..de23d2fb1 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/create.ts @@ -11,10 +11,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/roles/delete.ts b/packages/backend/src/server/api/endpoints/admin/roles/delete.ts index f60d6754a..9e2968e31 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/delete.ts @@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/list.ts b/packages/backend/src/server/api/endpoints/admin/roles/list.ts index 30917ce98..d3d1a10a6 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/list.ts @@ -12,10 +12,9 @@ import { RoleEntityService } from '@/core/entities/RoleEntityService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:roles', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/roles/show.ts b/packages/backend/src/server/api/endpoints/admin/roles/show.ts index 91e32d95b..ad4345e5a 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/show.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/show.ts @@ -13,10 +13,9 @@ import { RoleEntityService } from '@/core/entities/RoleEntityService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts b/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts index 701fea1ed..c11265252 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts @@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts b/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts index 066fc7323..203f749a6 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts @@ -11,10 +11,9 @@ import { MetaService } from '@/core/MetaService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/update.ts b/packages/backend/src/server/api/endpoints/admin/roles/update.ts index 6cfcd8ca4..74d5aae5d 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/update.ts @@ -14,10 +14,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/users.ts b/packages/backend/src/server/api/endpoints/admin/roles/users.ts index 6a0f7f998..66f4d9d26 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/users.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/users.ts @@ -16,10 +16,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin', 'role', 'users'], - kind: 'read:admin', - requireCredential: false, requireAdmin: true, + kind: 'read:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/send-email.ts b/packages/backend/src/server/api/endpoints/admin/send-email.ts index d22066909..d20aee656 100644 --- a/packages/backend/src/server/api/endpoints/admin/send-email.ts +++ b/packages/backend/src/server/api/endpoints/admin/send-email.ts @@ -10,10 +10,9 @@ import { EmailService } from '@/core/EmailService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:send-email', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/server-info.ts b/packages/backend/src/server/api/endpoints/admin/server-info.ts index d3c3bebff..374712f57 100644 --- a/packages/backend/src/server/api/endpoints/admin/server-info.ts +++ b/packages/backend/src/server/api/endpoints/admin/server-info.ts @@ -14,11 +14,10 @@ import { DI } from '@/di-symbols.js'; export const meta = { requireCredential: true, requireModerator: true, + kind: 'read:admin:server-info', tags: ['admin', 'meta'], - kind: 'read:admin', - res: { type: 'object', optional: false, nullable: false, diff --git a/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts b/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts index c82532ed6..f3601be9b 100644 --- a/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts +++ b/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts @@ -15,8 +15,7 @@ export const meta = { requireCredential: true, requireAdmin: true, - - kind: 'read:admin', + kind: 'read:admin:show-moderation-log', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/show-user.ts b/packages/backend/src/server/api/endpoints/admin/show-user.ts index f1e7b75a3..2b50354ce 100644 --- a/packages/backend/src/server/api/endpoints/admin/show-user.ts +++ b/packages/backend/src/server/api/endpoints/admin/show-user.ts @@ -16,8 +16,7 @@ export const meta = { requireCredential: true, requireModerator: true, - - kind: 'read:admin', + kind: 'read:admin:show-user', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/show-users.ts b/packages/backend/src/server/api/endpoints/admin/show-users.ts index 508138368..1d31e5e80 100644 --- a/packages/backend/src/server/api/endpoints/admin/show-users.ts +++ b/packages/backend/src/server/api/endpoints/admin/show-users.ts @@ -16,8 +16,7 @@ export const meta = { requireCredential: true, requireModerator: true, - - kind: 'read:admin', + kind: 'read:admin:show-users', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/suspend-user.ts b/packages/backend/src/server/api/endpoints/admin/suspend-user.ts index 35c3f3748..a26fa81c1 100644 --- a/packages/backend/src/server/api/endpoints/admin/suspend-user.ts +++ b/packages/backend/src/server/api/endpoints/admin/suspend-user.ts @@ -19,10 +19,9 @@ import { QueueService } from '@/core/QueueService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:suspend-user', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts b/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts index 230949393..8b22fad1d 100644 --- a/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts +++ b/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts @@ -12,10 +12,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:unset-user-avatar', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts b/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts index 468c634e5..5ec359c0e 100644 --- a/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts +++ b/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts @@ -12,10 +12,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:unset-user-banner', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts b/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts index 8cdd317ea..9c896f0e6 100644 --- a/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts +++ b/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts @@ -13,10 +13,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:unsuspend-user', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/update-meta.ts b/packages/backend/src/server/api/endpoints/admin/update-meta.ts index 5f9de0523..5a215696f 100644 --- a/packages/backend/src/server/api/endpoints/admin/update-meta.ts +++ b/packages/backend/src/server/api/endpoints/admin/update-meta.ts @@ -12,10 +12,9 @@ import { MetaService } from '@/core/MetaService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:meta', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/update-user-note.ts b/packages/backend/src/server/api/endpoints/admin/update-user-note.ts index dd0b77737..e582147e7 100644 --- a/packages/backend/src/server/api/endpoints/admin/update-user-note.ts +++ b/packages/backend/src/server/api/endpoints/admin/update-user-note.ts @@ -12,10 +12,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:user-note', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/ap/get.ts b/packages/backend/src/server/api/endpoints/ap/get.ts index a4a7fd203..e0ef5d413 100644 --- a/packages/backend/src/server/api/endpoints/ap/get.ts +++ b/packages/backend/src/server/api/endpoints/ap/get.ts @@ -12,6 +12,7 @@ export const meta = { tags: ['federation'], requireCredential: true, + kind: 'read:federation', limit: { duration: ms('1hour'), diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts index f442fbdd2..7e5c7a917 100644 --- a/packages/backend/src/server/api/endpoints/ap/show.ts +++ b/packages/backend/src/server/api/endpoints/ap/show.ts @@ -25,6 +25,7 @@ export const meta = { tags: ['federation'], requireCredential: true, + kind: 'read:account', limit: { duration: ms('1hour'), diff --git a/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts b/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts index c0aa88208..e6198ff60 100644 --- a/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts +++ b/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts @@ -11,7 +11,7 @@ import { GetterService } from '@/server/api/GetterService.js'; export const meta = { tags: ['federation'], - requireCredential: true, + requireCredential: false, } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/fetch-external-resources.ts b/packages/backend/src/server/api/endpoints/fetch-external-resources.ts index 6391a2f58..cbe579eb6 100644 --- a/packages/backend/src/server/api/endpoints/fetch-external-resources.ts +++ b/packages/backend/src/server/api/endpoints/fetch-external-resources.ts @@ -14,6 +14,7 @@ export const meta = { tags: ['meta'], requireCredential: true, + secure: true, limit: { duration: ms('1hour'), diff --git a/packages/backend/src/server/api/endpoints/i.ts b/packages/backend/src/server/api/endpoints/i.ts index c0530bf39..c24e04918 100644 --- a/packages/backend/src/server/api/endpoints/i.ts +++ b/packages/backend/src/server/api/endpoints/i.ts @@ -14,6 +14,7 @@ export const meta = { tags: ['account'], requireCredential: true, + kind: "read:account", res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/i/claim-achievement.ts b/packages/backend/src/server/api/endpoints/i/claim-achievement.ts index b24b3438d..57f680bd7 100644 --- a/packages/backend/src/server/api/endpoints/i/claim-achievement.ts +++ b/packages/backend/src/server/api/endpoints/i/claim-achievement.ts @@ -10,6 +10,7 @@ import { AchievementService, ACHIEVEMENT_TYPES } from '@/core/AchievementService export const meta = { requireCredential: true, prohibitMoved: true, + kind: 'write:account', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/i/registry/get-all.ts b/packages/backend/src/server/api/endpoints/i/registry/get-all.ts index bd6e85a07..79a81cb73 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/get-all.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/get-all.ts @@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js'; export const meta = { requireCredential: true, + kind: 'read:account', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts b/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts index 2352beb13..d9b26cab2 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts @@ -10,6 +10,7 @@ import { ApiError } from '../../../error.js'; export const meta = { requireCredential: true, + kind: 'read:account', errors: { noSuchKey: { diff --git a/packages/backend/src/server/api/endpoints/i/registry/get.ts b/packages/backend/src/server/api/endpoints/i/registry/get.ts index 4155a43e0..c37341025 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/get.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/get.ts @@ -10,6 +10,7 @@ import { ApiError } from '../../../error.js'; export const meta = { requireCredential: true, + kind: 'read:account', errors: { noSuchKey: { diff --git a/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts b/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts index b411cdd3d..a91dcd954 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts @@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js'; export const meta = { requireCredential: true, + kind: 'read:account', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/i/registry/keys.ts b/packages/backend/src/server/api/endpoints/i/registry/keys.ts index 04e120d75..ad203d520 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/keys.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/keys.ts @@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js'; export const meta = { requireCredential: true, + kind: 'read:account', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/i/registry/remove.ts b/packages/backend/src/server/api/endpoints/i/registry/remove.ts index ba8100b54..9cbe271b9 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/remove.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/remove.ts @@ -12,6 +12,7 @@ import { ApiError } from '../../../error.js'; export const meta = { requireCredential: true, + kind: 'write:account', errors: { noSuchKey: { diff --git a/packages/backend/src/server/api/endpoints/i/registry/set.ts b/packages/backend/src/server/api/endpoints/i/registry/set.ts index 58bb450bc..c61d5b872 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/set.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/set.ts @@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js'; export const meta = { requireCredential: true, + kind: 'write:account', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/invite/create.ts b/packages/backend/src/server/api/endpoints/invite/create.ts index d82fa50e4..4f37f2f4b 100644 --- a/packages/backend/src/server/api/endpoints/invite/create.ts +++ b/packages/backend/src/server/api/endpoints/invite/create.ts @@ -19,6 +19,7 @@ export const meta = { requireCredential: true, requireRolePolicy: 'canInvite', + kind: 'write:invite-codes', errors: { exceededCreateLimit: { diff --git a/packages/backend/src/server/api/endpoints/invite/delete.ts b/packages/backend/src/server/api/endpoints/invite/delete.ts index 3b5777573..d84430a49 100644 --- a/packages/backend/src/server/api/endpoints/invite/delete.ts +++ b/packages/backend/src/server/api/endpoints/invite/delete.ts @@ -15,6 +15,7 @@ export const meta = { requireCredential: true, requireRolePolicy: 'canInvite', + kind: 'write:invite-codes', errors: { noSuchCode: { diff --git a/packages/backend/src/server/api/endpoints/invite/limit.ts b/packages/backend/src/server/api/endpoints/invite/limit.ts index 1f4190c94..fc3bb9bdc 100644 --- a/packages/backend/src/server/api/endpoints/invite/limit.ts +++ b/packages/backend/src/server/api/endpoints/invite/limit.ts @@ -16,6 +16,7 @@ export const meta = { requireCredential: true, requireRolePolicy: 'canInvite', + kind: 'read:invite-codes', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/invite/list.ts b/packages/backend/src/server/api/endpoints/invite/list.ts index 2107516ce..6734f27e1 100644 --- a/packages/backend/src/server/api/endpoints/invite/list.ts +++ b/packages/backend/src/server/api/endpoints/invite/list.ts @@ -15,6 +15,7 @@ export const meta = { requireCredential: true, requireRolePolicy: 'canInvite', + kind: 'read:invite-codes', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/my/apps.ts b/packages/backend/src/server/api/endpoints/my/apps.ts index 98c317346..1b70b85b0 100644 --- a/packages/backend/src/server/api/endpoints/my/apps.ts +++ b/packages/backend/src/server/api/endpoints/my/apps.ts @@ -13,6 +13,7 @@ export const meta = { tags: ['account', 'app'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts b/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts index effcbaf2e..01adfec7d 100644 --- a/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts +++ b/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts @@ -25,6 +25,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/notes/mentions.ts b/packages/backend/src/server/api/endpoints/notes/mentions.ts index 6fab024d1..2317f8f7b 100644 --- a/packages/backend/src/server/api/endpoints/notes/mentions.ts +++ b/packages/backend/src/server/api/endpoints/notes/mentions.ts @@ -16,6 +16,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts b/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts index af7ff8bdc..90af29a69 100644 --- a/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts +++ b/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts @@ -14,6 +14,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/notes/state.ts b/packages/backend/src/server/api/endpoints/notes/state.ts index b5fd47723..20faea566 100644 --- a/packages/backend/src/server/api/endpoints/notes/state.ts +++ b/packages/backend/src/server/api/endpoints/notes/state.ts @@ -12,6 +12,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/notes/timeline.ts b/packages/backend/src/server/api/endpoints/notes/timeline.ts index 790bcbe15..e90d6ec19 100644 --- a/packages/backend/src/server/api/endpoints/notes/timeline.ts +++ b/packages/backend/src/server/api/endpoints/notes/timeline.ts @@ -22,6 +22,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/notes/translate.ts b/packages/backend/src/server/api/endpoints/notes/translate.ts index d46bd6979..698c37b61 100644 --- a/packages/backend/src/server/api/endpoints/notes/translate.ts +++ b/packages/backend/src/server/api/endpoints/notes/translate.ts @@ -17,6 +17,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts b/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts index 10d3a7a69..71c2b8054 100644 --- a/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts +++ b/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts @@ -22,6 +22,7 @@ export const meta = { tags: ['notes', 'lists'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/promo/read.ts b/packages/backend/src/server/api/endpoints/promo/read.ts index 7d07c9217..f427939a7 100644 --- a/packages/backend/src/server/api/endpoints/promo/read.ts +++ b/packages/backend/src/server/api/endpoints/promo/read.ts @@ -15,6 +15,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'write:account', errors: { noSuchNote: { diff --git a/packages/backend/src/server/api/endpoints/roles/list.ts b/packages/backend/src/server/api/endpoints/roles/list.ts index dc2be8e11..d40e937d4 100644 --- a/packages/backend/src/server/api/endpoints/roles/list.ts +++ b/packages/backend/src/server/api/endpoints/roles/list.ts @@ -13,6 +13,7 @@ export const meta = { tags: ['role'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/roles/notes.ts b/packages/backend/src/server/api/endpoints/roles/notes.ts index 7010df22c..4ce3fc890 100644 --- a/packages/backend/src/server/api/endpoints/roles/notes.ts +++ b/packages/backend/src/server/api/endpoints/roles/notes.ts @@ -18,6 +18,7 @@ export const meta = { tags: ['role', 'notes'], requireCredential: true, + kind: 'read:account', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/sw/register.ts b/packages/backend/src/server/api/endpoints/sw/register.ts index 9ab062326..bb50048d9 100644 --- a/packages/backend/src/server/api/endpoints/sw/register.ts +++ b/packages/backend/src/server/api/endpoints/sw/register.ts @@ -14,6 +14,7 @@ export const meta = { tags: ['account'], requireCredential: true, + secure: true, description: 'Register to receive push notifications.', diff --git a/packages/backend/src/server/api/endpoints/sw/show-registration.ts b/packages/backend/src/server/api/endpoints/sw/show-registration.ts index 126299e3f..15d3df858 100644 --- a/packages/backend/src/server/api/endpoints/sw/show-registration.ts +++ b/packages/backend/src/server/api/endpoints/sw/show-registration.ts @@ -12,6 +12,7 @@ export const meta = { tags: ['account'], requireCredential: true, + secure: true, description: 'Check push notification registration exists.', diff --git a/packages/backend/src/server/api/endpoints/sw/update-registration.ts b/packages/backend/src/server/api/endpoints/sw/update-registration.ts index a1a97df0b..7bf59784a 100644 --- a/packages/backend/src/server/api/endpoints/sw/update-registration.ts +++ b/packages/backend/src/server/api/endpoints/sw/update-registration.ts @@ -13,6 +13,7 @@ export const meta = { tags: ['account'], requireCredential: true, + secure: true, description: 'Update push notification registration.', diff --git a/packages/backend/src/server/api/endpoints/users/achievements.ts b/packages/backend/src/server/api/endpoints/users/achievements.ts index d6ad718df..3a584a819 100644 --- a/packages/backend/src/server/api/endpoints/users/achievements.ts +++ b/packages/backend/src/server/api/endpoints/users/achievements.ts @@ -9,7 +9,7 @@ import type { UserProfilesRepository } from '@/models/_.js'; import { DI } from '@/di-symbols.js'; export const meta = { - requireCredential: true, + requireCredential: false, res: { type: 'array', @@ -24,7 +24,7 @@ export const meta = { }, }, }, - } + }, } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts b/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts index 4eb37c3e4..fa2e3338b 100644 --- a/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts +++ b/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts @@ -18,6 +18,7 @@ import { UserListService } from '@/core/UserListService.js'; export const meta = { requireCredential: true, prohibitMoved: true, + kind: 'write:account', res: { type: 'object', optional: false, nullable: false, diff --git a/packages/backend/src/server/api/endpoints/users/lists/favorite.ts b/packages/backend/src/server/api/endpoints/users/lists/favorite.ts index 2ecf0a125..864cdc2ee 100644 --- a/packages/backend/src/server/api/endpoints/users/lists/favorite.ts +++ b/packages/backend/src/server/api/endpoints/users/lists/favorite.ts @@ -12,6 +12,7 @@ import { DI } from '@/di-symbols.js'; export const meta = { requireCredential: true, + kind: 'write:account', errors: { noSuchList: { message: 'No such user list.', diff --git a/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts b/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts index 23611ab8c..d51d57343 100644 --- a/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts +++ b/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts @@ -11,6 +11,7 @@ import { DI } from '@/di-symbols.js'; export const meta = { requireCredential: true, + kind: 'write:account', errors: { noSuchList: { message: 'No such user list.', diff --git a/packages/backend/src/server/api/endpoints/users/relation.ts b/packages/backend/src/server/api/endpoints/users/relation.ts index 326042ed3..26b61c9fb 100644 --- a/packages/backend/src/server/api/endpoints/users/relation.ts +++ b/packages/backend/src/server/api/endpoints/users/relation.ts @@ -11,6 +11,7 @@ export const meta = { tags: ['users'], requireCredential: true, + kind: 'read:account', description: 'Show the different kinds of relations between the authenticated user and the specified user(s).', diff --git a/packages/backend/src/server/api/endpoints/users/report-abuse.ts b/packages/backend/src/server/api/endpoints/users/report-abuse.ts index 3bcf44cc4..508497ccf 100644 --- a/packages/backend/src/server/api/endpoints/users/report-abuse.ts +++ b/packages/backend/src/server/api/endpoints/users/report-abuse.ts @@ -20,6 +20,7 @@ export const meta = { tags: ['users'], requireCredential: true, + kind: 'write:report-abuse', description: 'File a report.', diff --git a/packages/backend/src/server/api/stream/ChannelsService.ts b/packages/backend/src/server/api/stream/ChannelsService.ts index 8fd106c10..3bc538013 100644 --- a/packages/backend/src/server/api/stream/ChannelsService.ts +++ b/packages/backend/src/server/api/stream/ChannelsService.ts @@ -19,6 +19,7 @@ import { AntennaChannelService } from './channels/antenna.js'; import { DriveChannelService } from './channels/drive.js'; import { HashtagChannelService } from './channels/hashtag.js'; import { RoleTimelineChannelService } from './channels/role-timeline.js'; +import { type MiChannelService } from './channel.js'; @Injectable() export class ChannelsService { @@ -41,7 +42,7 @@ export class ChannelsService { } @bindThis - public getChannelService(name: string) { + public getChannelService(name: string): MiChannelService { switch (name) { case 'main': return this.mainChannelService; case 'homeTimeline': return this.homeTimelineChannelService; diff --git a/packages/backend/src/server/api/stream/Connection.ts b/packages/backend/src/server/api/stream/Connection.ts index 4180ccc56..a89fbcc5e 100644 --- a/packages/backend/src/server/api/stream/Connection.ts +++ b/packages/backend/src/server/api/stream/Connection.ts @@ -248,6 +248,11 @@ export default class Connection { return; } + if (this.token && ((channelService.kind && !this.token.permission.some(p => p === channelService.kind)) + || (!channelService.kind && channelService.requireCredential))) { + return; + } + // 共有可能チャンネルに接続しようとしていて、かつそのチャンネルに既に接続していたら無意味なので無視 if (channelService.shouldShare && this.channels.some(c => c.chName === channel)) { return; diff --git a/packages/backend/src/server/api/stream/channel.ts b/packages/backend/src/server/api/stream/channel.ts index 46b070977..80df3803e 100644 --- a/packages/backend/src/server/api/stream/channel.ts +++ b/packages/backend/src/server/api/stream/channel.ts @@ -16,6 +16,7 @@ export default abstract class Channel { public abstract readonly chName: string; public static readonly shouldShare: boolean; public static readonly requireCredential: boolean; + public static readonly kind?: string | null; protected get user() { return this.connection.user; @@ -76,3 +77,10 @@ export default abstract class Channel { public onMessage?(type: string, body: any): void; } + +export type MiChannelService = { + shouldShare: boolean; + requireCredential: T; + kind: T extends true ? string : string | null | undefined; + create: (id: string, connection: Connection) => Channel; +} diff --git a/packages/backend/src/server/api/stream/channels/admin.ts b/packages/backend/src/server/api/stream/channels/admin.ts index bfb36d9cb..b8f369ce8 100644 --- a/packages/backend/src/server/api/stream/channels/admin.ts +++ b/packages/backend/src/server/api/stream/channels/admin.ts @@ -5,12 +5,13 @@ import { Injectable } from '@nestjs/common'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class AdminChannel extends Channel { public readonly chName = 'admin'; public static shouldShare = true; - public static requireCredential = true; + public static requireCredential = true as const; + public static kind = 'read:admin:stream'; @bindThis public async init(params: any) { @@ -22,9 +23,10 @@ class AdminChannel extends Channel { } @Injectable() -export class AdminChannelService { +export class AdminChannelService implements MiChannelService { public readonly shouldShare = AdminChannel.shouldShare; public readonly requireCredential = AdminChannel.requireCredential; + public readonly kind = AdminChannel.kind; constructor( ) { diff --git a/packages/backend/src/server/api/stream/channels/antenna.ts b/packages/backend/src/server/api/stream/channels/antenna.ts index a48e6ba5c..200db8eb0 100644 --- a/packages/backend/src/server/api/stream/channels/antenna.ts +++ b/packages/backend/src/server/api/stream/channels/antenna.ts @@ -8,12 +8,13 @@ import { isUserRelated } from '@/misc/is-user-related.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; import type { GlobalEvents } from '@/core/GlobalEventService.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class AntennaChannel extends Channel { public readonly chName = 'antenna'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = true as const; + public static kind = 'read:account'; private antennaId: string; constructor( @@ -62,9 +63,10 @@ class AntennaChannel extends Channel { } @Injectable() -export class AntennaChannelService { +export class AntennaChannelService implements MiChannelService { public readonly shouldShare = AntennaChannel.shouldShare; public readonly requireCredential = AntennaChannel.requireCredential; + public readonly kind = AntennaChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/channel.ts b/packages/backend/src/server/api/stream/channels/channel.ts index 57034231a..20275249b 100644 --- a/packages/backend/src/server/api/stream/channels/channel.ts +++ b/packages/backend/src/server/api/stream/channels/channel.ts @@ -8,12 +8,12 @@ import { isUserRelated } from '@/misc/is-user-related.js'; import type { Packed } from '@/misc/json-schema.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class ChannelChannel extends Channel { public readonly chName = 'channel'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private channelId: string; constructor( @@ -65,9 +65,10 @@ class ChannelChannel extends Channel { } @Injectable() -export class ChannelChannelService { +export class ChannelChannelService implements MiChannelService { public readonly shouldShare = ChannelChannel.shouldShare; public readonly requireCredential = ChannelChannel.requireCredential; + public readonly kind = ChannelChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/drive.ts b/packages/backend/src/server/api/stream/channels/drive.ts index 83f53c183..4bf34a72c 100644 --- a/packages/backend/src/server/api/stream/channels/drive.ts +++ b/packages/backend/src/server/api/stream/channels/drive.ts @@ -5,12 +5,13 @@ import { Injectable } from '@nestjs/common'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class DriveChannel extends Channel { public readonly chName = 'drive'; public static shouldShare = true; - public static requireCredential = true; + public static requireCredential = true as const; + public static kind = 'read:account'; @bindThis public async init(params: any) { @@ -22,9 +23,10 @@ class DriveChannel extends Channel { } @Injectable() -export class DriveChannelService { +export class DriveChannelService implements MiChannelService { public readonly shouldShare = DriveChannel.shouldShare; public readonly requireCredential = DriveChannel.requireCredential; + public readonly kind = DriveChannel.kind; constructor( ) { diff --git a/packages/backend/src/server/api/stream/channels/global-timeline.ts b/packages/backend/src/server/api/stream/channels/global-timeline.ts index 553c44071..8df13da8a 100644 --- a/packages/backend/src/server/api/stream/channels/global-timeline.ts +++ b/packages/backend/src/server/api/stream/channels/global-timeline.ts @@ -12,12 +12,12 @@ import { MetaService } from '@/core/MetaService.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; import { RoleService } from '@/core/RoleService.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class GlobalTimelineChannel extends Channel { public readonly chName = 'globalTimeline'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private withRenotes: boolean; private withFiles: boolean; @@ -91,9 +91,10 @@ class GlobalTimelineChannel extends Channel { } @Injectable() -export class GlobalTimelineChannelService { +export class GlobalTimelineChannelService implements MiChannelService { public readonly shouldShare = GlobalTimelineChannel.shouldShare; public readonly requireCredential = GlobalTimelineChannel.requireCredential; + public readonly kind = GlobalTimelineChannel.kind; constructor( private metaService: MetaService, diff --git a/packages/backend/src/server/api/stream/channels/hashtag.ts b/packages/backend/src/server/api/stream/channels/hashtag.ts index f30b29cfd..3d4f2fc52 100644 --- a/packages/backend/src/server/api/stream/channels/hashtag.ts +++ b/packages/backend/src/server/api/stream/channels/hashtag.ts @@ -9,12 +9,12 @@ import { isUserRelated } from '@/misc/is-user-related.js'; import type { Packed } from '@/misc/json-schema.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class HashtagChannel extends Channel { public readonly chName = 'hashtag'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private q: string[][]; constructor( @@ -70,9 +70,10 @@ class HashtagChannel extends Channel { } @Injectable() -export class HashtagChannelService { +export class HashtagChannelService implements MiChannelService { public readonly shouldShare = HashtagChannel.shouldShare; public readonly requireCredential = HashtagChannel.requireCredential; + public readonly kind = HashtagChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/home-timeline.ts b/packages/backend/src/server/api/stream/channels/home-timeline.ts index 80054d088..6c9f52ba7 100644 --- a/packages/backend/src/server/api/stream/channels/home-timeline.ts +++ b/packages/backend/src/server/api/stream/channels/home-timeline.ts @@ -10,12 +10,13 @@ import { isInstanceMuted } from '@/misc/is-instance-muted.js'; import type { Packed } from '@/misc/json-schema.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class HomeTimelineChannel extends Channel { public readonly chName = 'homeTimeline'; public static shouldShare = false; - public static requireCredential = true; + public static requireCredential = true as const; + public static kind = 'read:account'; private withRenotes: boolean; private withFiles: boolean; @@ -99,9 +100,10 @@ class HomeTimelineChannel extends Channel { } @Injectable() -export class HomeTimelineChannelService { +export class HomeTimelineChannelService implements MiChannelService { public readonly shouldShare = HomeTimelineChannel.shouldShare; public readonly requireCredential = HomeTimelineChannel.requireCredential; + public readonly kind = HomeTimelineChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/hybrid-timeline.ts b/packages/backend/src/server/api/stream/channels/hybrid-timeline.ts index 78645982b..957d8b6d4 100644 --- a/packages/backend/src/server/api/stream/channels/hybrid-timeline.ts +++ b/packages/backend/src/server/api/stream/channels/hybrid-timeline.ts @@ -12,12 +12,13 @@ import { MetaService } from '@/core/MetaService.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; import { RoleService } from '@/core/RoleService.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class HybridTimelineChannel extends Channel { public readonly chName = 'hybridTimeline'; public static shouldShare = false; - public static requireCredential = true; + public static requireCredential = true as const; + public static kind = 'read:account'; private withRenotes: boolean; private withReplies: boolean; private withFiles: boolean; @@ -114,9 +115,10 @@ class HybridTimelineChannel extends Channel { } @Injectable() -export class HybridTimelineChannelService { +export class HybridTimelineChannelService implements MiChannelService { public readonly shouldShare = HybridTimelineChannel.shouldShare; public readonly requireCredential = HybridTimelineChannel.requireCredential; + public readonly kind = HybridTimelineChannel.kind; constructor( private metaService: MetaService, diff --git a/packages/backend/src/server/api/stream/channels/local-timeline.ts b/packages/backend/src/server/api/stream/channels/local-timeline.ts index 1388f186f..888d268d5 100644 --- a/packages/backend/src/server/api/stream/channels/local-timeline.ts +++ b/packages/backend/src/server/api/stream/channels/local-timeline.ts @@ -11,12 +11,12 @@ import { MetaService } from '@/core/MetaService.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; import { RoleService } from '@/core/RoleService.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class LocalTimelineChannel extends Channel { public readonly chName = 'localTimeline'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private withRenotes: boolean; private withReplies: boolean; private withFiles: boolean; @@ -90,9 +90,10 @@ class LocalTimelineChannel extends Channel { } @Injectable() -export class LocalTimelineChannelService { +export class LocalTimelineChannelService implements MiChannelService { public readonly shouldShare = LocalTimelineChannel.shouldShare; public readonly requireCredential = LocalTimelineChannel.requireCredential; + public readonly kind = LocalTimelineChannel.kind; constructor( private metaService: MetaService, diff --git a/packages/backend/src/server/api/stream/channels/main.ts b/packages/backend/src/server/api/stream/channels/main.ts index f969d0233..ab605e3ec 100644 --- a/packages/backend/src/server/api/stream/channels/main.ts +++ b/packages/backend/src/server/api/stream/channels/main.ts @@ -7,12 +7,13 @@ import { Injectable } from '@nestjs/common'; import { isInstanceMuted, isUserFromMutedInstance } from '@/misc/is-instance-muted.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class MainChannel extends Channel { public readonly chName = 'main'; public static shouldShare = true; - public static requireCredential = true; + public static requireCredential = true as const; + public static kind = 'read:account'; constructor( private noteEntityService: NoteEntityService, @@ -63,9 +64,10 @@ class MainChannel extends Channel { } @Injectable() -export class MainChannelService { +export class MainChannelService implements MiChannelService { public readonly shouldShare = MainChannel.shouldShare; public readonly requireCredential = MainChannel.requireCredential; + public readonly kind = MainChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/queue-stats.ts b/packages/backend/src/server/api/stream/channels/queue-stats.ts index f0dc47230..5ceb2c3bb 100644 --- a/packages/backend/src/server/api/stream/channels/queue-stats.ts +++ b/packages/backend/src/server/api/stream/channels/queue-stats.ts @@ -6,14 +6,14 @@ import Xev from 'xev'; import { Injectable } from '@nestjs/common'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; const ev = new Xev(); class QueueStatsChannel extends Channel { public readonly chName = 'queueStats'; public static shouldShare = true; - public static requireCredential = false; + public static requireCredential = false as const; constructor(id: string, connection: Channel['connection']) { super(id, connection); @@ -53,9 +53,10 @@ class QueueStatsChannel extends Channel { } @Injectable() -export class QueueStatsChannelService { +export class QueueStatsChannelService implements MiChannelService { public readonly shouldShare = QueueStatsChannel.shouldShare; public readonly requireCredential = QueueStatsChannel.requireCredential; + public readonly kind = QueueStatsChannel.kind; constructor( ) { diff --git a/packages/backend/src/server/api/stream/channels/role-timeline.ts b/packages/backend/src/server/api/stream/channels/role-timeline.ts index 38d3604cc..b3bbb77db 100644 --- a/packages/backend/src/server/api/stream/channels/role-timeline.ts +++ b/packages/backend/src/server/api/stream/channels/role-timeline.ts @@ -10,12 +10,12 @@ import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; import { RoleService } from '@/core/RoleService.js'; import type { GlobalEvents } from '@/core/GlobalEventService.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class RoleTimelineChannel extends Channel { public readonly chName = 'roleTimeline'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private roleId: string; constructor( @@ -67,9 +67,10 @@ class RoleTimelineChannel extends Channel { } @Injectable() -export class RoleTimelineChannelService { +export class RoleTimelineChannelService implements MiChannelService { public readonly shouldShare = RoleTimelineChannel.shouldShare; public readonly requireCredential = RoleTimelineChannel.requireCredential; + public readonly kind = RoleTimelineChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/server-stats.ts b/packages/backend/src/server/api/stream/channels/server-stats.ts index cacae275a..615b6946c 100644 --- a/packages/backend/src/server/api/stream/channels/server-stats.ts +++ b/packages/backend/src/server/api/stream/channels/server-stats.ts @@ -6,14 +6,14 @@ import Xev from 'xev'; import { Injectable } from '@nestjs/common'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; const ev = new Xev(); class ServerStatsChannel extends Channel { public readonly chName = 'serverStats'; public static shouldShare = true; - public static requireCredential = false; + public static requireCredential = false as const; constructor(id: string, connection: Channel['connection']) { super(id, connection); @@ -53,9 +53,10 @@ class ServerStatsChannel extends Channel { } @Injectable() -export class ServerStatsChannelService { +export class ServerStatsChannelService implements MiChannelService { public readonly shouldShare = ServerStatsChannel.shouldShare; public readonly requireCredential = ServerStatsChannel.requireCredential; + public readonly kind = ServerStatsChannel.kind; constructor( ) { diff --git a/packages/backend/src/server/api/stream/channels/user-list.ts b/packages/backend/src/server/api/stream/channels/user-list.ts index fe293e2b4..909b5a5e0 100644 --- a/packages/backend/src/server/api/stream/channels/user-list.ts +++ b/packages/backend/src/server/api/stream/channels/user-list.ts @@ -11,12 +11,12 @@ import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { DI } from '@/di-symbols.js'; import { bindThis } from '@/decorators.js'; import { isInstanceMuted } from '@/misc/is-instance-muted.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class UserListChannel extends Channel { public readonly chName = 'userList'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private listId: string; private membershipsMap: Record | undefined> = {}; private listUsersClock: NodeJS.Timeout; @@ -137,9 +137,10 @@ class UserListChannel extends Channel { } @Injectable() -export class UserListChannelService { +export class UserListChannelService implements MiChannelService { public readonly shouldShare = UserListChannel.shouldShare; public readonly requireCredential = UserListChannel.requireCredential; + public readonly kind = UserListChannel.kind; constructor( @Inject(DI.userListsRepository) diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts index 4fa7b800e..5c18f452c 100644 --- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts +++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts @@ -17,9 +17,9 @@ import bodyParser from 'body-parser'; import fastifyExpress from '@fastify/express'; import { verifyChallenge } from 'pkce-challenge'; import { mf2 } from 'microformats-parser'; +import { permissions as kinds } from 'misskey-js'; import { secureRndstr } from '@/misc/secure-rndstr.js'; import { HttpRequestService } from '@/core/HttpRequestService.js'; -import { kinds } from '@/misc/api-permissions.js'; import type { Config } from '@/config.js'; import { DI } from '@/di-symbols.js'; import { bindThis } from '@/decorators.js'; @@ -426,7 +426,7 @@ export class OAuth2ProviderService { } try { - const scopes = [...new Set(scope)].filter(s => kinds.includes(s)); + const scopes = [...new Set(scope)].filter(s => (kinds).includes(s)); if (!scopes.length) { throw new AuthorizationError('`scope` parameter has no known scope', 'invalid_scope'); } diff --git a/packages/backend/test/e2e/api.ts b/packages/backend/test/e2e/api.ts index 15da74931..cf24228b8 100644 --- a/packages/backend/test/e2e/api.ts +++ b/packages/backend/test/e2e/api.ts @@ -7,7 +7,7 @@ process.env.NODE_ENV = 'test'; import * as assert from 'assert'; import { IncomingMessage } from 'http'; -import { signup, api, startServer, successfulApiCall, failedApiCall, uploadFile, waitFire, connectStream, relativeFetch } from '../utils.js'; +import { signup, api, startServer, successfulApiCall, failedApiCall, uploadFile, waitFire, connectStream, relativeFetch, createAppToken } from '../utils.js'; import type { INestApplicationContext } from '@nestjs/common'; import type * as misskey from 'misskey-js'; @@ -89,6 +89,11 @@ describe('API', () => { }); test('管理者専用のAPIのアクセス制限', async () => { + const application = await createAppToken(alice, ['read:account']); + const application2 = await createAppToken(alice, ['read:admin:index-stats']); + const application3 = await createAppToken(bob, []); + const application4 = await createAppToken(bob, ['read:admin:index-stats']); + // aliceは管理者、APIを使える await successfulApiCall({ endpoint: '/admin/get-index-stats', @@ -128,6 +133,42 @@ describe('API', () => { code: 'AUTHENTICATION_FAILED', id: 'b0a7f5f8-dc2f-4171-b91f-de88ad238e14', }); + + await successfulApiCall({ + endpoint: '/admin/get-index-stats', + parameters: {}, + user: { token: application2 }, + }); + + await failedApiCall({ + endpoint: '/admin/get-index-stats', + parameters: {}, + user: { token: application }, + }, { + status: 403, + code: 'PERMISSION_DENIED', + id: '1370e5b7-d4eb-4566-bb1d-7748ee6a1838', + }); + + await failedApiCall({ + endpoint: '/admin/get-index-stats', + parameters: {}, + user: { token: application3 }, + }, { + status: 403, + code: 'ROLE_PERMISSION_DENIED', + id: 'c3d38592-54c0-429d-be96-5636b0431a61', + }); + + await failedApiCall({ + endpoint: '/admin/get-index-stats', + parameters: {}, + user: { token: application4 }, + }, { + status: 403, + code: 'ROLE_PERMISSION_DENIED', + id: 'c3d38592-54c0-429d-be96-5636b0431a61', + }); }); describe('Authentication header', () => { diff --git a/packages/backend/test/e2e/streaming.ts b/packages/backend/test/e2e/streaming.ts index c4824f50c..288c54bdb 100644 --- a/packages/backend/test/e2e/streaming.ts +++ b/packages/backend/test/e2e/streaming.ts @@ -6,8 +6,9 @@ process.env.NODE_ENV = 'test'; import * as assert from 'assert'; +import { WebSocket } from 'ws'; import { MiFollowing } from '@/models/Following.js'; -import { signup, api, post, startServer, initTestDb, waitFire } from '../utils.js'; +import { signup, api, post, startServer, initTestDb, waitFire, createAppToken, port } from '../utils.js'; import type { INestApplicationContext } from '@nestjs/common'; import type * as misskey from 'misskey-js'; @@ -560,6 +561,28 @@ describe('Streaming', () => { }); }); + test('Authentication', async () => { + const application = await createAppToken(ayano, []); + const application2 = await createAppToken(ayano, ['read:account']); + const socket = new WebSocket(`ws://127.0.0.1:${port}/streaming?i=${application}`); + const established = await new Promise((resolve, reject) => { + socket.on('error', () => resolve(false)); + socket.on('unexpected-response', () => resolve(false)); + setTimeout(() => resolve(true), 3000); + }); + + socket.close(); + assert.strictEqual(established, false); + + const fired = await waitFire( + { token: application2 }, 'hybridTimeline', + () => api('notes/create', { text: 'Hello, world!' }, ayano), + msg => msg.type === 'note' && msg.body.userId === ayano.id, + ); + + assert.strictEqual(fired, true); + }); + // XXX: QueryFailedError: duplicate key value violates unique constraint "IDX_347fec870eafea7b26c8a73bac" /* describe('Hashtag Timeline', () => { diff --git a/packages/backend/test/utils.ts b/packages/backend/test/utils.ts index 97118d73c..db7629d2c 100644 --- a/packages/backend/test/utils.ts +++ b/packages/backend/test/utils.ts @@ -6,6 +6,7 @@ import * as assert from 'node:assert'; import { readFile } from 'node:fs/promises'; import { isAbsolute, basename } from 'node:path'; +import { randomUUID } from 'node:crypto'; import { inspect } from 'node:util'; import WebSocket, { ClientOptions } from 'ws'; import fetch, { File, RequestInit } from 'node-fetch'; @@ -126,6 +127,15 @@ export const post = async (user: UserToken, params?: misskey.Endpoints['notes/cr return res.body ? res.body.createdNote : null; }; +export const createAppToken = async (user: UserToken, permissions: (typeof misskey.permissions)[number][]) => { + const res = await api('miauth/gen-token', { + session: randomUUID(), + permission: permissions, + }, user); + + return (res.body as misskey.entities.MiauthGenTokenResponse).token; +}; + // 非公開ノートをAPI越しに見たときのノート NoteEntityService.ts export const hiddenNote = (note: any): any => { const temp = { diff --git a/packages/frontend/src/components/MkTokenGenerateWindow.vue b/packages/frontend/src/components/MkTokenGenerateWindow.vue index f5fa86a90..8e8e26ed5 100644 --- a/packages/frontend/src/components/MkTokenGenerateWindow.vue +++ b/packages/frontend/src/components/MkTokenGenerateWindow.vue @@ -33,7 +33,7 @@ SPDX-License-Identifier: AGPL-3.0-only {{ i18n.ts.enableAll }}
- {{ i18n.t(`_permissions.${kind}`) }} + {{ i18n.t(`_permissions.${kind}`) }}
@@ -54,7 +54,7 @@ const props = withDefaults(defineProps<{ title?: string | null; information?: string | null; initialName?: string | null; - initialPermissions?: string[] | null; + initialPermissions?: (typeof Misskey.permissions)[number][] | null; }>(), { title: null, information: null, @@ -67,16 +67,17 @@ const emit = defineEmits<{ (ev: 'done', result: { name: string | null, permissions: string[] }): void; }>(); +const defaultPermissions = Misskey.permissions.filter(p => !p.startsWith('read:admin') && !p.startsWith('write:admin')); const dialog = shallowRef>(); const name = ref(props.initialName); -const permissions = ref({}); +const permissions = ref(>{}); if (props.initialPermissions) { for (const kind of props.initialPermissions) { permissions.value[kind] = true; } } else { - for (const kind of Misskey.permissions) { + for (const kind of defaultPermissions) { permissions.value[kind] = false; } } diff --git a/packages/misskey-js/src/autogen/apiClientJSDoc.ts b/packages/misskey-js/src/autogen/apiClientJSDoc.ts index 7f4094845..758beaf3a 100644 --- a/packages/misskey-js/src/autogen/apiClientJSDoc.ts +++ b/packages/misskey-js/src/autogen/apiClientJSDoc.ts @@ -1,6 +1,6 @@ /* * version: 2023.12.0 - * generatedAt: 2023-12-25T03:48:32.008Z + * generatedAt: 2023-12-26T23:35:09.494Z */ import type { SwitchCaseResponseType } from '../api.js'; @@ -11,7 +11,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:meta* */ request( endpoint: E, @@ -22,7 +22,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:abuse-user-reports* */ request( endpoint: E, @@ -33,7 +33,8 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *No* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *No* */ request( endpoint: E, @@ -44,7 +45,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:account* */ request( endpoint: E, @@ -55,7 +56,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:account* */ request( endpoint: E, @@ -66,7 +67,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ request( endpoint: E, @@ -77,7 +78,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ request( endpoint: E, @@ -88,7 +89,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:ad* */ request( endpoint: E, @@ -99,7 +100,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ request( endpoint: E, @@ -110,7 +111,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ request( endpoint: E, @@ -121,7 +122,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ request( endpoint: E, @@ -132,7 +133,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:announcements* */ request( endpoint: E, @@ -143,7 +144,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ request( endpoint: E, @@ -154,7 +155,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ request( endpoint: E, @@ -165,7 +166,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ request( endpoint: E, @@ -176,7 +177,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:avatar-decorations* */ request( endpoint: E, @@ -187,7 +188,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ request( endpoint: E, @@ -198,7 +199,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-all-files-of-a-user* */ request( endpoint: E, @@ -209,7 +210,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-avatar* */ request( endpoint: E, @@ -220,7 +221,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-banner* */ request( endpoint: E, @@ -231,7 +232,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ request( endpoint: E, @@ -242,7 +243,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ request( endpoint: E, @@ -253,7 +254,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ request( endpoint: E, @@ -264,7 +265,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ request( endpoint: E, @@ -275,7 +276,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -286,7 +287,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -297,7 +298,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -308,7 +309,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -319,7 +320,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -330,7 +331,8 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *Yes* */ request( endpoint: E, @@ -341,7 +343,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ request( endpoint: E, @@ -352,7 +354,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ request( endpoint: E, @@ -363,7 +365,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -374,7 +376,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -385,7 +387,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -396,7 +398,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -407,7 +409,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -418,7 +420,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ request( endpoint: E, @@ -429,7 +431,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ request( endpoint: E, @@ -440,7 +442,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ request( endpoint: E, @@ -451,7 +453,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ request( endpoint: E, @@ -462,7 +464,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:index-stats* */ request( endpoint: E, @@ -473,7 +475,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:table-stats* */ request( endpoint: E, @@ -484,7 +486,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:user-ips* */ request( endpoint: E, @@ -495,7 +497,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:invite-codes* */ request( endpoint: E, @@ -506,7 +508,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:invite-codes* */ request( endpoint: E, @@ -517,7 +519,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:promo* */ request( endpoint: E, @@ -528,7 +530,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ request( endpoint: E, @@ -539,7 +541,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ request( endpoint: E, @@ -550,7 +552,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ request( endpoint: E, @@ -561,7 +563,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ request( endpoint: E, @@ -572,7 +574,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ request( endpoint: E, @@ -583,7 +585,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ request( endpoint: E, @@ -594,7 +596,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:relays* */ request( endpoint: E, @@ -605,7 +607,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ request( endpoint: E, @@ -616,7 +618,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:reset-password* */ request( endpoint: E, @@ -627,7 +629,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:resolve-abuse-user-report* */ request( endpoint: E, @@ -638,7 +640,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:send-email* */ request( endpoint: E, @@ -649,7 +651,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:server-info* */ request( endpoint: E, @@ -660,7 +662,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-moderation-log* */ request( endpoint: E, @@ -671,7 +673,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-user* */ request( endpoint: E, @@ -682,7 +684,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-users* */ request( endpoint: E, @@ -693,7 +695,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:suspend-user* */ request( endpoint: E, @@ -704,7 +706,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unsuspend-user* */ request( endpoint: E, @@ -715,7 +717,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:meta* */ request( endpoint: E, @@ -726,7 +728,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-account* */ request( endpoint: E, @@ -737,7 +739,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:user-note* */ request( endpoint: E, @@ -748,7 +750,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -759,7 +761,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -770,7 +772,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ request( endpoint: E, @@ -781,7 +783,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ request( endpoint: E, @@ -792,7 +794,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -803,7 +805,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -814,7 +816,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -825,7 +827,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -836,7 +838,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *No* / **Permission**: *read:admin* + * **Credential required**: *No* / **Permission**: *read:admin:roles* */ request( endpoint: E, @@ -924,7 +926,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:federation* */ request( endpoint: E, @@ -935,7 +937,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -1729,7 +1731,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ request( endpoint: E, @@ -2037,7 +2039,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2168,7 +2170,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -2469,7 +2471,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2480,7 +2482,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2491,7 +2493,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2502,7 +2504,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2513,7 +2515,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2524,7 +2526,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -2547,7 +2549,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -2683,7 +2685,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ request( endpoint: E, @@ -2694,7 +2696,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ request( endpoint: E, @@ -2705,7 +2707,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ request( endpoint: E, @@ -2716,7 +2718,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ request( endpoint: E, @@ -2838,7 +2840,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2959,7 +2961,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2981,7 +2983,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2992,7 +2994,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3102,7 +3104,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3135,7 +3137,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3146,7 +3148,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3168,7 +3170,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3422,7 +3424,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -3433,7 +3435,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3466,7 +3468,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3532,6 +3534,7 @@ declare module '../api.js' { /** * Check push notification registration exists. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ request( @@ -3543,6 +3546,7 @@ declare module '../api.js' { /** * Update push notification registration. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ request( @@ -3554,6 +3558,7 @@ declare module '../api.js' { /** * Register to receive push notifications. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ request( @@ -3741,7 +3746,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -3752,7 +3757,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -3774,7 +3779,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -3862,7 +3867,7 @@ declare module '../api.js' { /** * Show the different kinds of relations between the authenticated user and the specified user(s). * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3873,7 +3878,7 @@ declare module '../api.js' { /** * File a report. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:report-abuse* */ request( endpoint: E, @@ -3917,7 +3922,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ request( endpoint: E, @@ -3950,6 +3955,7 @@ declare module '../api.js' { /** * No description provided. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ request( diff --git a/packages/misskey-js/src/autogen/endpoint.ts b/packages/misskey-js/src/autogen/endpoint.ts index 5e0575904..2ed76a22f 100644 --- a/packages/misskey-js/src/autogen/endpoint.ts +++ b/packages/misskey-js/src/autogen/endpoint.ts @@ -1,6 +1,6 @@ /* * version: 2023.12.0 - * generatedAt: 2023-12-25T03:48:32.001Z + * generatedAt: 2023-12-26T23:35:09.491Z */ import type { diff --git a/packages/misskey-js/src/autogen/entities.ts b/packages/misskey-js/src/autogen/entities.ts index ceb2f242a..c857e8e37 100644 --- a/packages/misskey-js/src/autogen/entities.ts +++ b/packages/misskey-js/src/autogen/entities.ts @@ -1,6 +1,6 @@ /* * version: 2023.12.0 - * generatedAt: 2023-12-25T03:48:31.996Z + * generatedAt: 2023-12-26T23:35:09.489Z */ import { operations } from './types.js'; diff --git a/packages/misskey-js/src/autogen/models.ts b/packages/misskey-js/src/autogen/models.ts index a7fde6c1a..c5b81a6b4 100644 --- a/packages/misskey-js/src/autogen/models.ts +++ b/packages/misskey-js/src/autogen/models.ts @@ -1,6 +1,6 @@ /* * version: 2023.12.0 - * generatedAt: 2023-12-25T03:48:31.993Z + * generatedAt: 2023-12-26T23:35:09.485Z */ import { components } from './types.js'; diff --git a/packages/misskey-js/src/autogen/types.ts b/packages/misskey-js/src/autogen/types.ts index 28fe5654e..94bb26398 100644 --- a/packages/misskey-js/src/autogen/types.ts +++ b/packages/misskey-js/src/autogen/types.ts @@ -3,7 +3,7 @@ /* * version: 2023.12.0 - * generatedAt: 2023-12-25T03:48:31.850Z + * generatedAt: 2023-12-26T23:35:09.389Z */ /** @@ -22,7 +22,7 @@ export type paths = { * admin/meta * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:meta* */ post: operations['admin/meta']; }; @@ -31,7 +31,7 @@ export type paths = { * admin/abuse-user-reports * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:abuse-user-reports* */ post: operations['admin/abuse-user-reports']; }; @@ -40,7 +40,8 @@ export type paths = { * admin/accounts/create * @description No description provided. * - * **Credential required**: *No* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *No* */ post: operations['admin/accounts/create']; }; @@ -49,7 +50,7 @@ export type paths = { * admin/accounts/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:account* */ post: operations['admin/accounts/delete']; }; @@ -58,7 +59,7 @@ export type paths = { * admin/accounts/find-by-email * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:account* */ post: operations['admin/accounts/find-by-email']; }; @@ -67,7 +68,7 @@ export type paths = { * admin/ad/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ post: operations['admin/ad/create']; }; @@ -76,7 +77,7 @@ export type paths = { * admin/ad/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ post: operations['admin/ad/delete']; }; @@ -85,7 +86,7 @@ export type paths = { * admin/ad/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:ad* */ post: operations['admin/ad/list']; }; @@ -94,7 +95,7 @@ export type paths = { * admin/ad/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ post: operations['admin/ad/update']; }; @@ -103,7 +104,7 @@ export type paths = { * admin/announcements/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ post: operations['admin/announcements/create']; }; @@ -112,7 +113,7 @@ export type paths = { * admin/announcements/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ post: operations['admin/announcements/delete']; }; @@ -121,7 +122,7 @@ export type paths = { * admin/announcements/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:announcements* */ post: operations['admin/announcements/list']; }; @@ -130,7 +131,7 @@ export type paths = { * admin/announcements/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ post: operations['admin/announcements/update']; }; @@ -139,7 +140,7 @@ export type paths = { * admin/avatar-decorations/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ post: operations['admin/avatar-decorations/create']; }; @@ -148,7 +149,7 @@ export type paths = { * admin/avatar-decorations/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ post: operations['admin/avatar-decorations/delete']; }; @@ -157,7 +158,7 @@ export type paths = { * admin/avatar-decorations/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:avatar-decorations* */ post: operations['admin/avatar-decorations/list']; }; @@ -166,7 +167,7 @@ export type paths = { * admin/avatar-decorations/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ post: operations['admin/avatar-decorations/update']; }; @@ -175,7 +176,7 @@ export type paths = { * admin/delete-all-files-of-a-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-all-files-of-a-user* */ post: operations['admin/delete-all-files-of-a-user']; }; @@ -184,7 +185,7 @@ export type paths = { * admin/unset-user-avatar * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-avatar* */ post: operations['admin/unset-user-avatar']; }; @@ -193,7 +194,7 @@ export type paths = { * admin/unset-user-banner * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-banner* */ post: operations['admin/unset-user-banner']; }; @@ -202,7 +203,7 @@ export type paths = { * admin/drive/clean-remote-files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ post: operations['admin/drive/clean-remote-files']; }; @@ -211,7 +212,7 @@ export type paths = { * admin/drive/cleanup * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ post: operations['admin/drive/cleanup']; }; @@ -220,7 +221,7 @@ export type paths = { * admin/drive/files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ post: operations['admin/drive/files']; }; @@ -229,7 +230,7 @@ export type paths = { * admin/drive/show-file * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ post: operations['admin/drive/show-file']; }; @@ -238,7 +239,7 @@ export type paths = { * admin/emoji/add-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/add-aliases-bulk']; }; @@ -247,7 +248,7 @@ export type paths = { * admin/emoji/add * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/add']; }; @@ -256,7 +257,7 @@ export type paths = { * admin/emoji/copy * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/copy']; }; @@ -265,7 +266,7 @@ export type paths = { * admin/emoji/delete-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/delete-bulk']; }; @@ -274,7 +275,7 @@ export type paths = { * admin/emoji/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/delete']; }; @@ -283,7 +284,8 @@ export type paths = { * admin/emoji/import-zip * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *Yes* */ post: operations['admin/emoji/import-zip']; }; @@ -292,7 +294,7 @@ export type paths = { * admin/emoji/list-remote * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ post: operations['admin/emoji/list-remote']; }; @@ -301,7 +303,7 @@ export type paths = { * admin/emoji/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ post: operations['admin/emoji/list']; }; @@ -310,7 +312,7 @@ export type paths = { * admin/emoji/remove-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/remove-aliases-bulk']; }; @@ -319,7 +321,7 @@ export type paths = { * admin/emoji/set-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/set-aliases-bulk']; }; @@ -328,7 +330,7 @@ export type paths = { * admin/emoji/set-category-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/set-category-bulk']; }; @@ -337,7 +339,7 @@ export type paths = { * admin/emoji/set-license-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/set-license-bulk']; }; @@ -346,7 +348,7 @@ export type paths = { * admin/emoji/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/update']; }; @@ -355,7 +357,7 @@ export type paths = { * admin/federation/delete-all-files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ post: operations['admin/federation/delete-all-files']; }; @@ -364,7 +366,7 @@ export type paths = { * admin/federation/refresh-remote-instance-metadata * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ post: operations['admin/federation/refresh-remote-instance-metadata']; }; @@ -373,7 +375,7 @@ export type paths = { * admin/federation/remove-all-following * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ post: operations['admin/federation/remove-all-following']; }; @@ -382,7 +384,7 @@ export type paths = { * admin/federation/update-instance * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ post: operations['admin/federation/update-instance']; }; @@ -391,7 +393,7 @@ export type paths = { * admin/get-index-stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:index-stats* */ post: operations['admin/get-index-stats']; }; @@ -400,7 +402,7 @@ export type paths = { * admin/get-table-stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:table-stats* */ post: operations['admin/get-table-stats']; }; @@ -409,7 +411,7 @@ export type paths = { * admin/get-user-ips * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:user-ips* */ post: operations['admin/get-user-ips']; }; @@ -418,7 +420,7 @@ export type paths = { * admin/invite/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:invite-codes* */ post: operations['admin/invite/create']; }; @@ -427,7 +429,7 @@ export type paths = { * admin/invite/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:invite-codes* */ post: operations['admin/invite/list']; }; @@ -436,7 +438,7 @@ export type paths = { * admin/promo/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:promo* */ post: operations['admin/promo/create']; }; @@ -445,7 +447,7 @@ export type paths = { * admin/queue/clear * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ post: operations['admin/queue/clear']; }; @@ -454,7 +456,7 @@ export type paths = { * admin/queue/deliver-delayed * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ post: operations['admin/queue/deliver-delayed']; }; @@ -463,7 +465,7 @@ export type paths = { * admin/queue/inbox-delayed * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ post: operations['admin/queue/inbox-delayed']; }; @@ -472,7 +474,7 @@ export type paths = { * admin/queue/promote * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ post: operations['admin/queue/promote']; }; @@ -481,7 +483,7 @@ export type paths = { * admin/queue/stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ post: operations['admin/queue/stats']; }; @@ -490,7 +492,7 @@ export type paths = { * admin/relays/add * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ post: operations['admin/relays/add']; }; @@ -499,7 +501,7 @@ export type paths = { * admin/relays/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:relays* */ post: operations['admin/relays/list']; }; @@ -508,7 +510,7 @@ export type paths = { * admin/relays/remove * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ post: operations['admin/relays/remove']; }; @@ -517,7 +519,7 @@ export type paths = { * admin/reset-password * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:reset-password* */ post: operations['admin/reset-password']; }; @@ -526,7 +528,7 @@ export type paths = { * admin/resolve-abuse-user-report * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:resolve-abuse-user-report* */ post: operations['admin/resolve-abuse-user-report']; }; @@ -535,7 +537,7 @@ export type paths = { * admin/send-email * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:send-email* */ post: operations['admin/send-email']; }; @@ -544,7 +546,7 @@ export type paths = { * admin/server-info * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:server-info* */ post: operations['admin/server-info']; }; @@ -553,7 +555,7 @@ export type paths = { * admin/show-moderation-logs * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-moderation-log* */ post: operations['admin/show-moderation-logs']; }; @@ -562,7 +564,7 @@ export type paths = { * admin/show-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-user* */ post: operations['admin/show-user']; }; @@ -571,7 +573,7 @@ export type paths = { * admin/show-users * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-users* */ post: operations['admin/show-users']; }; @@ -580,7 +582,7 @@ export type paths = { * admin/suspend-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:suspend-user* */ post: operations['admin/suspend-user']; }; @@ -589,7 +591,7 @@ export type paths = { * admin/unsuspend-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unsuspend-user* */ post: operations['admin/unsuspend-user']; }; @@ -598,7 +600,7 @@ export type paths = { * admin/update-meta * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:meta* */ post: operations['admin/update-meta']; }; @@ -607,7 +609,7 @@ export type paths = { * admin/delete-account * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-account* */ post: operations['admin/delete-account']; }; @@ -616,7 +618,7 @@ export type paths = { * admin/update-user-note * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:user-note* */ post: operations['admin/update-user-note']; }; @@ -625,7 +627,7 @@ export type paths = { * admin/roles/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/create']; }; @@ -634,7 +636,7 @@ export type paths = { * admin/roles/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/delete']; }; @@ -643,7 +645,7 @@ export type paths = { * admin/roles/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ post: operations['admin/roles/list']; }; @@ -652,7 +654,7 @@ export type paths = { * admin/roles/show * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ post: operations['admin/roles/show']; }; @@ -661,7 +663,7 @@ export type paths = { * admin/roles/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/update']; }; @@ -670,7 +672,7 @@ export type paths = { * admin/roles/assign * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/assign']; }; @@ -679,7 +681,7 @@ export type paths = { * admin/roles/unassign * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/unassign']; }; @@ -688,7 +690,7 @@ export type paths = { * admin/roles/update-default-policies * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/update-default-policies']; }; @@ -697,7 +699,7 @@ export type paths = { * admin/roles/users * @description No description provided. * - * **Credential required**: *No* / **Permission**: *read:admin* + * **Credential required**: *No* / **Permission**: *read:admin:roles* */ post: operations['admin/roles/users']; }; @@ -769,7 +771,7 @@ export type paths = { * ap/get * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:federation* */ post: operations['ap/get']; }; @@ -778,7 +780,7 @@ export type paths = { * ap/show * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['ap/show']; }; @@ -1519,7 +1521,7 @@ export type paths = { * federation/update-remote-user * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ post: operations['federation/update-remote-user']; }; @@ -1792,7 +1794,7 @@ export type paths = { * i * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i']; }; @@ -1901,7 +1903,7 @@ export type paths = { * i/claim-achievement * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['i/claim-achievement']; }; @@ -2150,7 +2152,7 @@ export type paths = { * i/registry/get-all * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i/registry/get-all']; }; @@ -2159,7 +2161,7 @@ export type paths = { * i/registry/get-detail * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i/registry/get-detail']; }; @@ -2168,7 +2170,7 @@ export type paths = { * i/registry/get * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i/registry/get']; }; @@ -2177,7 +2179,7 @@ export type paths = { * i/registry/keys-with-type * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i/registry/keys-with-type']; }; @@ -2186,7 +2188,7 @@ export type paths = { * i/registry/keys * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i/registry/keys']; }; @@ -2195,7 +2197,7 @@ export type paths = { * i/registry/remove * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['i/registry/remove']; }; @@ -2214,7 +2216,7 @@ export type paths = { * i/registry/set * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['i/registry/set']; }; @@ -2326,7 +2328,7 @@ export type paths = { * invite/create * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ post: operations['invite/create']; }; @@ -2335,7 +2337,7 @@ export type paths = { * invite/delete * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ post: operations['invite/delete']; }; @@ -2344,7 +2346,7 @@ export type paths = { * invite/list * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ post: operations['invite/list']; }; @@ -2353,7 +2355,7 @@ export type paths = { * invite/limit * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ post: operations['invite/limit']; }; @@ -2467,7 +2469,7 @@ export type paths = { * my/apps * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['my/apps']; }; @@ -2573,7 +2575,7 @@ export type paths = { * notes/hybrid-timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/hybrid-timeline']; }; @@ -2591,7 +2593,7 @@ export type paths = { * notes/mentions * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/mentions']; }; @@ -2600,7 +2602,7 @@ export type paths = { * notes/polls/recommendation * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/polls/recommendation']; }; @@ -2697,7 +2699,7 @@ export type paths = { * notes/state * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/state']; }; @@ -2724,7 +2726,7 @@ export type paths = { * notes/timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/timeline']; }; @@ -2733,7 +2735,7 @@ export type paths = { * notes/translate * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/translate']; }; @@ -2751,7 +2753,7 @@ export type paths = { * notes/user-list-timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/user-list-timeline']; }; @@ -2959,7 +2961,7 @@ export type paths = { * promo/read * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['promo/read']; }; @@ -2968,7 +2970,7 @@ export type paths = { * roles/list * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['roles/list']; }; @@ -2995,7 +2997,7 @@ export type paths = { * roles/notes * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['roles/notes']; }; @@ -3056,6 +3058,7 @@ export type paths = { * sw/show-registration * @description Check push notification registration exists. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ post: operations['sw/show-registration']; @@ -3065,6 +3068,7 @@ export type paths = { * sw/update-registration * @description Update push notification registration. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ post: operations['sw/update-registration']; @@ -3074,6 +3078,7 @@ export type paths = { * sw/register * @description Register to receive push notifications. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ post: operations['sw/register']; @@ -3234,7 +3239,7 @@ export type paths = { * users/lists/favorite * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['users/lists/favorite']; }; @@ -3243,7 +3248,7 @@ export type paths = { * users/lists/unfavorite * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['users/lists/unfavorite']; }; @@ -3261,7 +3266,7 @@ export type paths = { * users/lists/create-from-public * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['users/lists/create-from-public']; }; @@ -3333,7 +3338,7 @@ export type paths = { * users/relation * @description Show the different kinds of relations between the authenticated user and the specified user(s). * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['users/relation']; }; @@ -3342,7 +3347,7 @@ export type paths = { * users/report-abuse * @description File a report. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:report-abuse* */ post: operations['users/report-abuse']; }; @@ -3378,7 +3383,7 @@ export type paths = { * users/achievements * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ post: operations['users/achievements']; }; @@ -3412,6 +3417,7 @@ export type paths = { * fetch-external-resources * @description No description provided. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ post: operations['fetch-external-resources']; @@ -4381,7 +4387,7 @@ export type operations = { * admin/meta * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:meta* */ 'admin/meta': { responses: { @@ -4522,7 +4528,7 @@ export type operations = { * admin/abuse-user-reports * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:abuse-user-reports* */ 'admin/abuse-user-reports': { requestBody: { @@ -4614,7 +4620,8 @@ export type operations = { * admin/accounts/create * @description No description provided. * - * **Credential required**: *No* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *No* */ 'admin/accounts/create': { requestBody: { @@ -4668,7 +4675,7 @@ export type operations = { * admin/accounts/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:account* */ 'admin/accounts/delete': { requestBody: { @@ -4720,7 +4727,7 @@ export type operations = { * admin/accounts/find-by-email * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:account* */ 'admin/accounts/find-by-email': { requestBody: { @@ -4773,7 +4780,7 @@ export type operations = { * admin/ad/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ 'admin/ad/create': { requestBody: { @@ -4834,7 +4841,7 @@ export type operations = { * admin/ad/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ 'admin/ad/delete': { requestBody: { @@ -4886,7 +4893,7 @@ export type operations = { * admin/ad/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:ad* */ 'admin/ad/list': { requestBody: { @@ -4946,7 +4953,7 @@ export type operations = { * admin/ad/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ 'admin/ad/update': { requestBody: { @@ -5007,7 +5014,7 @@ export type operations = { * admin/announcements/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ 'admin/announcements/create': { requestBody: { @@ -5096,7 +5103,7 @@ export type operations = { * admin/announcements/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ 'admin/announcements/delete': { requestBody: { @@ -5148,7 +5155,7 @@ export type operations = { * admin/announcements/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:announcements* */ 'admin/announcements/list': { requestBody: { @@ -5222,7 +5229,7 @@ export type operations = { * admin/announcements/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ 'admin/announcements/update': { requestBody: { @@ -5285,7 +5292,7 @@ export type operations = { * admin/avatar-decorations/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ 'admin/avatar-decorations/create': { requestBody: { @@ -5339,7 +5346,7 @@ export type operations = { * admin/avatar-decorations/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ 'admin/avatar-decorations/delete': { requestBody: { @@ -5391,7 +5398,7 @@ export type operations = { * admin/avatar-decorations/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:avatar-decorations* */ 'admin/avatar-decorations/list': { requestBody: { @@ -5465,7 +5472,7 @@ export type operations = { * admin/avatar-decorations/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ 'admin/avatar-decorations/update': { requestBody: { @@ -5521,7 +5528,7 @@ export type operations = { * admin/delete-all-files-of-a-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-all-files-of-a-user* */ 'admin/delete-all-files-of-a-user': { requestBody: { @@ -5573,7 +5580,7 @@ export type operations = { * admin/unset-user-avatar * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-avatar* */ 'admin/unset-user-avatar': { requestBody: { @@ -5625,7 +5632,7 @@ export type operations = { * admin/unset-user-banner * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-banner* */ 'admin/unset-user-banner': { requestBody: { @@ -5677,7 +5684,7 @@ export type operations = { * admin/drive/clean-remote-files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ 'admin/drive/clean-remote-files': { responses: { @@ -5721,7 +5728,7 @@ export type operations = { * admin/drive/cleanup * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ 'admin/drive/cleanup': { responses: { @@ -5765,7 +5772,7 @@ export type operations = { * admin/drive/files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ 'admin/drive/files': { requestBody: { @@ -5836,7 +5843,7 @@ export type operations = { * admin/drive/show-file * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ 'admin/drive/show-file': { requestBody: { @@ -5940,7 +5947,7 @@ export type operations = { * admin/emoji/add-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/add-aliases-bulk': { requestBody: { @@ -5992,7 +5999,7 @@ export type operations = { * admin/emoji/add * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/add': { requestBody: { @@ -6052,7 +6059,7 @@ export type operations = { * admin/emoji/copy * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/copy': { requestBody: { @@ -6109,7 +6116,7 @@ export type operations = { * admin/emoji/delete-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/delete-bulk': { requestBody: { @@ -6160,7 +6167,7 @@ export type operations = { * admin/emoji/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/delete': { requestBody: { @@ -6212,7 +6219,8 @@ export type operations = { * admin/emoji/import-zip * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *Yes* */ 'admin/emoji/import-zip': { requestBody: { @@ -6264,7 +6272,7 @@ export type operations = { * admin/emoji/list-remote * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ 'admin/emoji/list-remote': { requestBody: { @@ -6338,7 +6346,7 @@ export type operations = { * admin/emoji/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ 'admin/emoji/list': { requestBody: { @@ -6407,7 +6415,7 @@ export type operations = { * admin/emoji/remove-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/remove-aliases-bulk': { requestBody: { @@ -6459,7 +6467,7 @@ export type operations = { * admin/emoji/set-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/set-aliases-bulk': { requestBody: { @@ -6511,7 +6519,7 @@ export type operations = { * admin/emoji/set-category-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/set-category-bulk': { requestBody: { @@ -6564,7 +6572,7 @@ export type operations = { * admin/emoji/set-license-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/set-license-bulk': { requestBody: { @@ -6617,7 +6625,7 @@ export type operations = { * admin/emoji/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/update': { requestBody: { @@ -6679,7 +6687,7 @@ export type operations = { * admin/federation/delete-all-files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ 'admin/federation/delete-all-files': { requestBody: { @@ -6730,7 +6738,7 @@ export type operations = { * admin/federation/refresh-remote-instance-metadata * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ 'admin/federation/refresh-remote-instance-metadata': { requestBody: { @@ -6781,7 +6789,7 @@ export type operations = { * admin/federation/remove-all-following * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ 'admin/federation/remove-all-following': { requestBody: { @@ -6832,7 +6840,7 @@ export type operations = { * admin/federation/update-instance * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ 'admin/federation/update-instance': { requestBody: { @@ -6884,7 +6892,7 @@ export type operations = { * admin/get-index-stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:index-stats* */ 'admin/get-index-stats': { responses: { @@ -6933,7 +6941,7 @@ export type operations = { * admin/get-table-stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:table-stats* */ 'admin/get-table-stats': { responses: { @@ -6979,7 +6987,7 @@ export type operations = { * admin/get-user-ips * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:user-ips* */ 'admin/get-user-ips': { requestBody: { @@ -7037,7 +7045,7 @@ export type operations = { * admin/invite/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:invite-codes* */ 'admin/invite/create': { requestBody: { @@ -7092,7 +7100,7 @@ export type operations = { * admin/invite/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:invite-codes* */ 'admin/invite/list': { requestBody: { @@ -7155,7 +7163,7 @@ export type operations = { * admin/promo/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:promo* */ 'admin/promo/create': { requestBody: { @@ -7208,7 +7216,7 @@ export type operations = { * admin/queue/clear * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ 'admin/queue/clear': { responses: { @@ -7252,7 +7260,7 @@ export type operations = { * admin/queue/deliver-delayed * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ 'admin/queue/deliver-delayed': { responses: { @@ -7298,7 +7306,7 @@ export type operations = { * admin/queue/inbox-delayed * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ 'admin/queue/inbox-delayed': { responses: { @@ -7344,7 +7352,7 @@ export type operations = { * admin/queue/promote * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ 'admin/queue/promote': { requestBody: { @@ -7396,7 +7404,7 @@ export type operations = { * admin/queue/stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ 'admin/queue/stats': { responses: { @@ -7447,7 +7455,7 @@ export type operations = { * admin/relays/add * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ 'admin/relays/add': { requestBody: { @@ -7510,7 +7518,7 @@ export type operations = { * admin/relays/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:relays* */ 'admin/relays/list': { responses: { @@ -7566,7 +7574,7 @@ export type operations = { * admin/relays/remove * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ 'admin/relays/remove': { requestBody: { @@ -7617,7 +7625,7 @@ export type operations = { * admin/reset-password * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:reset-password* */ 'admin/reset-password': { requestBody: { @@ -7673,7 +7681,7 @@ export type operations = { * admin/resolve-abuse-user-report * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:resolve-abuse-user-report* */ 'admin/resolve-abuse-user-report': { requestBody: { @@ -7727,7 +7735,7 @@ export type operations = { * admin/send-email * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:send-email* */ 'admin/send-email': { requestBody: { @@ -7780,7 +7788,7 @@ export type operations = { * admin/server-info * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:server-info* */ 'admin/server-info': { responses: { @@ -7850,7 +7858,7 @@ export type operations = { * admin/show-moderation-logs * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-moderation-log* */ 'admin/show-moderation-logs': { requestBody: { @@ -7921,7 +7929,7 @@ export type operations = { * admin/show-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-user* */ 'admin/show-user': { requestBody: { @@ -7975,7 +7983,7 @@ export type operations = { * admin/show-users * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-users* */ 'admin/show-users': { requestBody: { @@ -8050,7 +8058,7 @@ export type operations = { * admin/suspend-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:suspend-user* */ 'admin/suspend-user': { requestBody: { @@ -8102,7 +8110,7 @@ export type operations = { * admin/unsuspend-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unsuspend-user* */ 'admin/unsuspend-user': { requestBody: { @@ -8154,7 +8162,7 @@ export type operations = { * admin/update-meta * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:meta* */ 'admin/update-meta': { requestBody: { @@ -8299,7 +8307,7 @@ export type operations = { * admin/delete-account * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-account* */ 'admin/delete-account': { requestBody: { @@ -8353,7 +8361,7 @@ export type operations = { * admin/update-user-note * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:user-note* */ 'admin/update-user-note': { requestBody: { @@ -8406,7 +8414,7 @@ export type operations = { * admin/roles/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/create': { requestBody: { @@ -8474,7 +8482,7 @@ export type operations = { * admin/roles/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/delete': { requestBody: { @@ -8526,7 +8534,7 @@ export type operations = { * admin/roles/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ 'admin/roles/list': { responses: { @@ -8572,7 +8580,7 @@ export type operations = { * admin/roles/show * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ 'admin/roles/show': { requestBody: { @@ -8626,7 +8634,7 @@ export type operations = { * admin/roles/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/update': { requestBody: { @@ -8693,7 +8701,7 @@ export type operations = { * admin/roles/assign * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/assign': { requestBody: { @@ -8748,7 +8756,7 @@ export type operations = { * admin/roles/unassign * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/unassign': { requestBody: { @@ -8802,7 +8810,7 @@ export type operations = { * admin/roles/update-default-policies * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/update-default-policies': { requestBody: { @@ -8853,7 +8861,7 @@ export type operations = { * admin/roles/users * @description No description provided. * - * **Credential required**: *No* / **Permission**: *read:admin* + * **Credential required**: *No* / **Permission**: *read:admin:roles* */ 'admin/roles/users': { requestBody: { @@ -9327,7 +9335,7 @@ export type operations = { * ap/get * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:federation* */ 'ap/get': { requestBody: { @@ -9386,7 +9394,7 @@ export type operations = { * ap/show * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'ap/show': { requestBody: { @@ -13615,7 +13623,7 @@ export type operations = { * federation/update-remote-user * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ 'federation/update-remote-user': { requestBody: { @@ -15200,7 +15208,7 @@ export type operations = { * i * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ i: { responses: { @@ -15853,7 +15861,7 @@ export type operations = { * i/claim-achievement * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'i/claim-achievement': { requestBody: { @@ -17311,7 +17319,7 @@ export type operations = { * i/registry/get-all * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'i/registry/get-all': { requestBody: { @@ -17366,7 +17374,7 @@ export type operations = { * i/registry/get-detail * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'i/registry/get-detail': { requestBody: { @@ -17422,7 +17430,7 @@ export type operations = { * i/registry/get * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'i/registry/get': { requestBody: { @@ -17478,7 +17486,7 @@ export type operations = { * i/registry/keys-with-type * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'i/registry/keys-with-type': { requestBody: { @@ -17533,7 +17541,7 @@ export type operations = { * i/registry/keys * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'i/registry/keys': { requestBody: { @@ -17586,7 +17594,7 @@ export type operations = { * i/registry/remove * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'i/registry/remove': { requestBody: { @@ -17690,7 +17698,7 @@ export type operations = { * i/registry/set * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'i/registry/set': { requestBody: { @@ -18446,7 +18454,7 @@ export type operations = { * invite/create * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ 'invite/create': { responses: { @@ -18492,7 +18500,7 @@ export type operations = { * invite/delete * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ 'invite/delete': { requestBody: { @@ -18544,7 +18552,7 @@ export type operations = { * invite/list * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ 'invite/list': { requestBody: { @@ -18602,7 +18610,7 @@ export type operations = { * invite/limit * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ 'invite/limit': { responses: { @@ -19282,7 +19290,7 @@ export type operations = { * my/apps * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'my/apps': { requestBody: { @@ -19959,7 +19967,7 @@ export type operations = { * notes/hybrid-timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/hybrid-timeline': { requestBody: { @@ -20101,7 +20109,7 @@ export type operations = { * notes/mentions * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/mentions': { requestBody: { @@ -20162,7 +20170,7 @@ export type operations = { * notes/polls/recommendation * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/polls/recommendation': { requestBody: { @@ -20762,7 +20770,7 @@ export type operations = { * notes/state * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/state': { requestBody: { @@ -20929,7 +20937,7 @@ export type operations = { * notes/timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/timeline': { requestBody: { @@ -21001,7 +21009,7 @@ export type operations = { * notes/translate * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/translate': { requestBody: { @@ -21117,7 +21125,7 @@ export type operations = { * notes/user-list-timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/user-list-timeline': { requestBody: { @@ -22409,7 +22417,7 @@ export type operations = { * promo/read * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'promo/read': { requestBody: { @@ -22461,7 +22469,7 @@ export type operations = { * roles/list * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'roles/list': { responses: { @@ -22625,7 +22633,7 @@ export type operations = { * roles/notes * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'roles/notes': { requestBody: { @@ -22954,6 +22962,7 @@ export type operations = { * sw/show-registration * @description Check push notification registration exists. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ 'sw/show-registration': { @@ -23015,6 +23024,7 @@ export type operations = { * sw/update-registration * @description Update push notification registration. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ 'sw/update-registration': { @@ -23073,6 +23083,7 @@ export type operations = { * sw/register * @description Register to receive push notifications. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ 'sw/register': { @@ -24077,7 +24088,7 @@ export type operations = { * users/lists/favorite * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'users/lists/favorite': { requestBody: { @@ -24129,7 +24140,7 @@ export type operations = { * users/lists/unfavorite * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'users/lists/unfavorite': { requestBody: { @@ -24237,7 +24248,7 @@ export type operations = { * users/lists/create-from-public * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'users/lists/create-from-public': { requestBody: { @@ -24728,7 +24739,7 @@ export type operations = { * users/relation * @description Show the different kinds of relations between the authenticated user and the specified user(s). * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'users/relation': { requestBody: { @@ -24803,7 +24814,7 @@ export type operations = { * users/report-abuse * @description File a report. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:report-abuse* */ 'users/report-abuse': { requestBody: { @@ -25036,7 +25047,7 @@ export type operations = { * users/achievements * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ 'users/achievements': { requestBody: { @@ -25202,6 +25213,7 @@ export type operations = { * fetch-external-resources * @description No description provided. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ 'fetch-external-resources': { diff --git a/packages/misskey-js/src/consts.ts b/packages/misskey-js/src/consts.ts index e769bb9e6..0e446c121 100644 --- a/packages/misskey-js/src/consts.ts +++ b/packages/misskey-js/src/consts.ts @@ -45,7 +45,55 @@ export const permissions = [ 'write:flash', 'read:flash-likes', 'write:flash-likes', -]; + 'read:admin:abuse-user-reports', + 'write:admin:delete-account', + 'write:admin:delete-all-files-of-a-user', + 'read:admin:index-stats', + 'read:admin:table-stats', + 'read:admin:user-ips', + 'read:admin:meta', + 'write:admin:reset-password', + 'write:admin:resolve-abuse-user-report', + 'write:admin:send-email', + 'read:admin:server-info', + 'read:admin:show-moderation-log', + 'read:admin:show-user', + 'read:admin:show-users', + 'write:admin:suspend-user', + 'write:admin:unset-user-avatar', + 'write:admin:unset-user-banner', + 'write:admin:unsuspend-user', + 'write:admin:meta', + 'write:admin:user-note', + 'write:admin:roles', + 'read:admin:roles', + 'write:admin:relays', + 'read:admin:relays', + 'write:admin:invite-codes', + 'read:admin:invite-codes', + 'write:admin:announcements', + 'read:admin:announcements', + 'write:admin:avatar-decorations', + 'read:admin:avatar-decorations', + 'write:admin:federation', + 'write:admin:account', + 'read:admin:account', + 'write:admin:emoji', + 'read:admin:emoji', + 'write:admin:queue', + 'read:admin:queue', + 'write:admin:promo', + 'write:admin:drive', + 'read:admin:drive', + 'write:admin:ad', + 'read:admin:ad', + 'write:invite-codes', + 'read:invite-codes', + 'write:clip-favorite', + 'read:clip-favorite', + 'read:federation', + 'write:report-abuse', +] as const; export const moderationLogTypes = [ 'updateServerSettings', From ad346b6f368f1da2874c9c575884107630f6e5c8 Mon Sep 17 00:00:00 2001 From: Kagami Sascha Rosylight Date: Wed, 27 Dec 2023 07:10:24 +0100 Subject: [PATCH 03/19] feat(backend/oauth): allow CORS for token endpoint (#12814) * feat(backend/oauth): allow CORS for token endpoint * no need to explicitly set origin to `*` * Update CHANGELOG.md --- CHANGELOG.md | 11 ++ packages/backend/package.json | 2 +- packages/backend/src/server/ServerService.ts | 3 +- .../src/server/WellKnownServerService.ts | 6 + .../src/server/oauth/OAuth2ProviderService.ts | 71 ++++++----- packages/backend/test/e2e/nodeinfo.ts | 40 +++++++ packages/backend/test/e2e/oauth.ts | 20 ++++ packages/backend/test/e2e/well-known.ts | 111 ++++++++++++++++++ packages/backend/test/utils.ts | 2 + pnpm-lock.yaml | 24 ++-- 10 files changed, 242 insertions(+), 48 deletions(-) create mode 100644 packages/backend/test/e2e/nodeinfo.ts create mode 100644 packages/backend/test/e2e/well-known.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b71f6540..53931b44d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,17 @@ --> +## 2023.x.x (unreleased) + +### General +- + +### Client +- + +### Server +- Enhance: `oauth/token`エンドポイントのCORS対応 + ## 2023.12.1 ### General diff --git a/packages/backend/package.json b/packages/backend/package.json index 6848d88e0..4d1e9936a 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -68,7 +68,7 @@ "@discordapp/twemoji": "15.0.2", "@fastify/accepts": "4.3.0", "@fastify/cookie": "9.2.0", - "@fastify/cors": "8.4.2", + "@fastify/cors": "8.5.0", "@fastify/express": "2.3.0", "@fastify/http-proxy": "9.3.0", "@fastify/multipart": "8.0.0", diff --git a/packages/backend/src/server/ServerService.ts b/packages/backend/src/server/ServerService.ts index bb41ab0e4..632a7692c 100644 --- a/packages/backend/src/server/ServerService.ts +++ b/packages/backend/src/server/ServerService.ts @@ -107,7 +107,8 @@ export class ServerService implements OnApplicationShutdown { fastify.register(this.activityPubServerService.createServer); fastify.register(this.nodeinfoServerService.createServer); fastify.register(this.wellKnownServerService.createServer); - fastify.register(this.oauth2ProviderService.createServer); + fastify.register(this.oauth2ProviderService.createServer, { prefix: '/oauth' }); + fastify.register(this.oauth2ProviderService.createTokenServer, { prefix: '/oauth/token' }); fastify.get<{ Params: { path: string }; Querystring: { static?: any; badge?: any; }; }>('/emoji/:path(.*)', async (request, reply) => { const path = request.params.path; diff --git a/packages/backend/src/server/WellKnownServerService.ts b/packages/backend/src/server/WellKnownServerService.ts index 8fc3c96de..c3eaf53a1 100644 --- a/packages/backend/src/server/WellKnownServerService.ts +++ b/packages/backend/src/server/WellKnownServerService.ts @@ -16,6 +16,7 @@ import * as Acct from '@/misc/acct.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { bindThis } from '@/decorators.js'; import { NodeinfoServerService } from './NodeinfoServerService.js'; +import { OAuth2ProviderService } from './oauth/OAuth2ProviderService.js'; import type { FindOptionsWhere } from 'typeorm'; import type { FastifyInstance, FastifyPluginOptions } from 'fastify'; @@ -30,6 +31,7 @@ export class WellKnownServerService { private nodeinfoServerService: NodeinfoServerService, private userEntityService: UserEntityService, + private oauth2ProviderService: OAuth2ProviderService, ) { //this.createServer = this.createServer.bind(this); } @@ -87,6 +89,10 @@ export class WellKnownServerService { return { links: this.nodeinfoServerService.getLinks() }; }); + fastify.get('/.well-known/oauth-authorization-server', async () => { + return this.oauth2ProviderService.generateRFC8414(); + }); + /* TODO fastify.get('/.well-known/change-password', async (request, reply) => { }); diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts index 5c18f452c..225307858 100644 --- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts +++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts @@ -11,6 +11,7 @@ import httpLinkHeader from 'http-link-header'; import ipaddr from 'ipaddr.js'; import oauth2orize, { type OAuth2, AuthorizationError, ValidateFunctionArity2, OAuth2Req, MiddlewareRequest } from 'oauth2orize'; import oauth2Pkce from 'oauth2orize-pkce'; +import fastifyCors from '@fastify/cors'; import fastifyView from '@fastify/view'; import pug from 'pug'; import bodyParser from 'body-parser'; @@ -348,25 +349,25 @@ export class OAuth2ProviderService { })); } + // https://datatracker.ietf.org/doc/html/rfc8414.html + // https://indieauth.spec.indieweb.org/#indieauth-server-metadata + public generateRFC8414() { + return { + issuer: this.config.url, + authorization_endpoint: new URL('/oauth/authorize', this.config.url), + token_endpoint: new URL('/oauth/token', this.config.url), + scopes_supported: kinds, + response_types_supported: ['code'], + grant_types_supported: ['authorization_code'], + service_documentation: 'https://misskey-hub.net', + code_challenge_methods_supported: ['S256'], + authorization_response_iss_parameter_supported: true, + }; + } + @bindThis public async createServer(fastify: FastifyInstance): Promise { - // https://datatracker.ietf.org/doc/html/rfc8414.html - // https://indieauth.spec.indieweb.org/#indieauth-server-metadata - fastify.get('/.well-known/oauth-authorization-server', async (_request, reply) => { - reply.send({ - issuer: this.config.url, - authorization_endpoint: new URL('/oauth/authorize', this.config.url), - token_endpoint: new URL('/oauth/token', this.config.url), - scopes_supported: kinds, - response_types_supported: ['code'], - grant_types_supported: ['authorization_code'], - service_documentation: 'https://misskey-hub.net', - code_challenge_methods_supported: ['S256'], - authorization_response_iss_parameter_supported: true, - }); - }); - - fastify.get('/oauth/authorize', async (request, reply) => { + fastify.get('/authorize', async (request, reply) => { const oauth2 = (request.raw as MiddlewareRequest).oauth2; if (!oauth2) { throw new Error('Unexpected lack of authorization information'); @@ -381,8 +382,7 @@ export class OAuth2ProviderService { scope: oauth2.req.scope.join(' '), }); }); - fastify.post('/oauth/decision', async () => { }); - fastify.post('/oauth/token', async () => { }); + fastify.post('/decision', async () => { }); fastify.register(fastifyView, { root: fileURLToPath(new URL('../web/views', import.meta.url)), @@ -394,7 +394,7 @@ export class OAuth2ProviderService { }); await fastify.register(fastifyExpress); - fastify.use('/oauth/authorize', this.#server.authorize(((areq, done) => { + fastify.use('/authorize', this.#server.authorize(((areq, done) => { (async (): Promise> => { // This should return client/redirectURI AND the error, or // the handler can't send error to the redirection URI @@ -448,30 +448,24 @@ export class OAuth2ProviderService { return [null, clientInfo, redirectURI]; })().then(args => done(...args), err => done(err)); }) as ValidateFunctionArity2)); - fastify.use('/oauth/authorize', this.#server.errorHandler({ + fastify.use('/authorize', this.#server.errorHandler({ mode: 'indirect', modes: getQueryMode(this.config.url), })); - fastify.use('/oauth/authorize', this.#server.errorHandler()); + fastify.use('/authorize', this.#server.errorHandler()); - fastify.use('/oauth/decision', bodyParser.urlencoded({ extended: false })); - fastify.use('/oauth/decision', this.#server.decision((req, done) => { + fastify.use('/decision', bodyParser.urlencoded({ extended: false })); + fastify.use('/decision', this.#server.decision((req, done) => { const { body } = req as OAuth2DecisionRequest; this.#logger.info(`Received the decision. Cancel: ${!!body.cancel}`); req.user = body.login_token; done(null, undefined); })); - fastify.use('/oauth/decision', this.#server.errorHandler()); - - // Clients may use JSON or urlencoded - fastify.use('/oauth/token', bodyParser.urlencoded({ extended: false })); - fastify.use('/oauth/token', bodyParser.json({ strict: true })); - fastify.use('/oauth/token', this.#server.token()); - fastify.use('/oauth/token', this.#server.errorHandler()); + fastify.use('/decision', this.#server.errorHandler()); // Return 404 for any unknown paths under /oauth so that clients can know // whether a certain endpoint is supported or not. - fastify.all('/oauth/*', async (_request, reply) => { + fastify.all('/*', async (_request, reply) => { reply.code(404); reply.send({ error: { @@ -483,4 +477,17 @@ export class OAuth2ProviderService { }); }); } + + @bindThis + public async createTokenServer(fastify: FastifyInstance): Promise { + fastify.register(fastifyCors); + fastify.post('', async () => { }); + + await fastify.register(fastifyExpress); + // Clients may use JSON or urlencoded + fastify.use('', bodyParser.urlencoded({ extended: false })); + fastify.use('', bodyParser.json({ strict: true })); + fastify.use('', this.#server.token()); + fastify.use('', this.#server.errorHandler()); + } } diff --git a/packages/backend/test/e2e/nodeinfo.ts b/packages/backend/test/e2e/nodeinfo.ts new file mode 100644 index 000000000..7eed39c5e --- /dev/null +++ b/packages/backend/test/e2e/nodeinfo.ts @@ -0,0 +1,40 @@ +/* + * SPDX-FileCopyrightText: syuilo and other misskey contributors + * SPDX-License-Identifier: AGPL-3.0-only + */ + +process.env.NODE_ENV = 'test'; + +import * as assert from 'assert'; +import { relativeFetch, startServer } from '../utils.js'; +import type { INestApplicationContext } from '@nestjs/common'; + +describe('nodeinfo', () => { + let app: INestApplicationContext; + + beforeAll(async () => { + app = await startServer(); + }, 1000 * 60 * 2); + + afterAll(async () => { + await app.close(); + }); + + test('nodeinfo 2.1', async () => { + const res = await relativeFetch('nodeinfo/2.1'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + + const nodeInfo = await res.json() as any; + assert.strictEqual(nodeInfo.software.name, 'misskey'); + }); + + test('nodeinfo 2.0', async () => { + const res = await relativeFetch('nodeinfo/2.0'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + + const nodeInfo = await res.json() as any; + assert.strictEqual(nodeInfo.software.name, 'misskey'); + }); +}); diff --git a/packages/backend/test/e2e/oauth.ts b/packages/backend/test/e2e/oauth.ts index a029a0d4b..3a5e4ebda 100644 --- a/packages/backend/test/e2e/oauth.ts +++ b/packages/backend/test/e2e/oauth.ts @@ -941,4 +941,24 @@ describe('OAuth', () => { const response = await fetch(new URL('/oauth/foo', host)); assert.strictEqual(response.status, 404); }); + + describe('CORS', () => { + test('Token endpoint should support CORS', async () => { + const response = await fetch(new URL('/oauth/token', host), { method: 'POST' }); + assert.ok(!response.ok); + assert.strictEqual(response.headers.get('Access-Control-Allow-Origin'), '*'); + }); + + test('Authorize endpoint should not support CORS', async () => { + const response = await fetch(new URL('/oauth/authorize', host), { method: 'GET' }); + assert.ok(!response.ok); + assert.ok(!response.headers.has('Access-Control-Allow-Origin')); + }); + + test('Decision endpoint should not support CORS', async () => { + const response = await fetch(new URL('/oauth/decision', host), { method: 'POST' }); + assert.ok(!response.ok); + assert.ok(!response.headers.has('Access-Control-Allow-Origin')); + }); + }); }); diff --git a/packages/backend/test/e2e/well-known.ts b/packages/backend/test/e2e/well-known.ts new file mode 100644 index 000000000..14e32e162 --- /dev/null +++ b/packages/backend/test/e2e/well-known.ts @@ -0,0 +1,111 @@ +/* + * SPDX-FileCopyrightText: syuilo and other misskey contributors + * SPDX-License-Identifier: AGPL-3.0-only + */ + +process.env.NODE_ENV = 'test'; + +import * as assert from 'assert'; +import { host, origin, relativeFetch, signup, startServer } from '../utils.js'; +import type { INestApplicationContext } from '@nestjs/common'; +import type * as misskey from 'misskey-js'; + +describe('.well-known', () => { + let app: INestApplicationContext; + let alice: misskey.entities.User; + + beforeAll(async () => { + app = await startServer(); + + alice = await signup({ username: 'alice' }); + }, 1000 * 60 * 2); + + afterAll(async () => { + await app.close(); + }); + + test('nodeinfo', async () => { + const res = await relativeFetch('.well-known/nodeinfo'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + + const nodeInfo = await res.json(); + assert.deepStrictEqual(nodeInfo, { + links: [{ + rel: 'http://nodeinfo.diaspora.software/ns/schema/2.1', + href: `${origin}/nodeinfo/2.1`, + }, { + rel: 'http://nodeinfo.diaspora.software/ns/schema/2.0', + href: `${origin}/nodeinfo/2.0`, + }], + }); + }); + + test('webfinger', async () => { + const preflight = await relativeFetch(`.well-known/webfinger?resource=acct:alice@${host}`, { + method: 'options', + headers: { + 'Access-Control-Request-Method': 'GET', + Origin: 'http://example.com', + }, + }); + assert.ok(preflight.ok); + assert.strictEqual(preflight.headers.get('Access-Control-Allow-Headers'), 'Accept'); + + const res = await relativeFetch(`.well-known/webfinger?resource=acct:alice@${host}`); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + assert.strictEqual(res.headers.get('Access-Control-Expose-Headers'), 'Vary'); + assert.strictEqual(res.headers.get('Vary'), 'Accept'); + + const webfinger = await res.json(); + + assert.deepStrictEqual(webfinger, { + subject: `acct:alice@${host}`, + links: [{ + rel: 'self', + type: 'application/activity+json', + href: `${origin}/users/${alice.id}`, + }, { + rel: 'http://webfinger.net/rel/profile-page', + type: 'text/html', + href: `${origin}/@alice`, + }, { + rel: 'http://ostatus.org/schema/1.0/subscribe', + template: `${origin}/authorize-follow?acct={uri}`, + }], + }); + }); + + test('host-meta', async () => { + const res = await relativeFetch('.well-known/host-meta'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + }); + + test('host-meta.json', async () => { + const res = await relativeFetch('.well-known/host-meta.json'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + + const hostMeta = await res.json(); + assert.deepStrictEqual(hostMeta, { + links: [{ + rel: 'lrdd', + type: 'application/jrd+json', + template: `${origin}/.well-known/webfinger?resource={uri}`, + }], + }); + }); + + test('oauth-authorization-server', async () => { + const res = await relativeFetch('.well-known/oauth-authorization-server'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + + const serverInfo = await res.json() as any; + assert.strictEqual(serverInfo.issuer, origin); + assert.strictEqual(serverInfo.authorization_endpoint, `${origin}/oauth/authorize`); + assert.strictEqual(serverInfo.token_endpoint, `${origin}/oauth/token`); + }); +}); diff --git a/packages/backend/test/utils.ts b/packages/backend/test/utils.ts index db7629d2c..46b8ea9cd 100644 --- a/packages/backend/test/utils.ts +++ b/packages/backend/test/utils.ts @@ -26,6 +26,8 @@ interface UserToken { const config = loadConfig(); export const port = config.port; +export const origin = config.url; +export const host = new URL(config.url).host; export const cookie = (me: UserToken): string => { return `token=${me.token};`; diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 278109f12..b46dcd0e7 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -84,8 +84,8 @@ importers: specifier: 9.2.0 version: 9.2.0 '@fastify/cors': - specifier: 8.4.2 - version: 8.4.2 + specifier: 8.5.0 + version: 8.5.0 '@fastify/express': specifier: 2.3.0 version: 2.3.0 @@ -4303,11 +4303,11 @@ packages: fastify-plugin: 4.5.0 dev: false - /@fastify/cors@8.4.2: - resolution: {integrity: sha512-IVynbcPG9eWiJ0P/A1B+KynmiU/yTYbu3ooBUSIeHfca/N1XLb9nIJVCws+YTr2q63MA8Y6QLeXQczEv4npM9g==} + /@fastify/cors@8.5.0: + resolution: {integrity: sha512-/oZ1QSb02XjP0IK1U0IXktEsw/dUBTxJOW7IpIeO8c/tNalw/KjoNSJv1Sf6eqoBPO+TDGkifq6ynFK3v68HFQ==} dependencies: fastify-plugin: 4.5.0 - mnemonist: 0.39.5 + mnemonist: 0.39.6 dev: false /@fastify/deepmerge@1.3.0: @@ -7281,7 +7281,7 @@ packages: ts-dedent: 2.2.0 type-fest: 2.19.0 vue: 3.3.12(typescript@5.3.3) - vue-component-type-helpers: 1.8.25 + vue-component-type-helpers: 1.8.27 transitivePeerDependencies: - encoding - supports-color @@ -15209,8 +15209,8 @@ packages: ufo: 1.1.2 dev: true - /mnemonist@0.39.5: - resolution: {integrity: sha512-FPUtkhtJ0efmEFGpU14x7jGbTB+s18LrzRL2KgoWz9YvcY3cPomz8tih01GbHwnGk/OmkOKfqd/RAQoc8Lm7DQ==} + /mnemonist@0.39.6: + resolution: {integrity: sha512-A/0v5Z59y63US00cRSLiloEIw3t5G+MiKz4BhX21FI+YBJXBOGW0ohFxTxO08dsOYlzxo87T7vGfZKYp2bcAWA==} dependencies: obliterator: 2.0.4 dev: false @@ -19087,10 +19087,6 @@ packages: /tweetnacl@0.14.5: resolution: {integrity: sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA==} - /twemoji-parser@14.0.0: - resolution: {integrity: sha512-9DUOTGLOWs0pFWnh1p6NF+C3CkQ96PWmEFwhOVmT3WbecRC+68AIqpsnJXygfkFcp4aXbOp8Dwbhh/HQgvoRxA==} - dev: false - /type-check@0.4.0: resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==} engines: {node: '>= 0.8.0'} @@ -19755,8 +19751,8 @@ packages: resolution: {integrity: sha512-AFbieoL7a5LMqcnOF04ji+rpXadgOXnZsxQr//r83kLPr7biP7am3g9zbaZIaBGwBRWeSvoMD4mgPdX3e4NWBg==} dev: false - /vue-component-type-helpers@1.8.25: - resolution: {integrity: sha512-NCA6sekiJIMnMs4DdORxATXD+/NRkQpS32UC+I1KQJUasx+Z7MZUb3Y+MsKsFmX+PgyTYSteb73JW77AibaCCw==} + /vue-component-type-helpers@1.8.27: + resolution: {integrity: sha512-0vOfAtI67UjeO1G6UiX5Kd76CqaQ67wrRZiOe7UAb9Jm6GzlUr/fC7CV90XfwapJRjpCMaZFhv1V0ajWRmE9Dg==} dev: true /vue-component-type-helpers@1.8.4: From 9410bc046b8191080d2d1840b632e94ac19c8fda Mon Sep 17 00:00:00 2001 From: syuilo Date: Wed, 27 Dec 2023 15:12:43 +0900 Subject: [PATCH 04/19] Update CHANGELOG.md --- CHANGELOG.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 53931b44d..b7f37d747 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,17 +12,6 @@ --> -## 2023.x.x (unreleased) - -### General -- - -### Client -- - -### Server -- Enhance: `oauth/token`エンドポイントのCORS対応 - ## 2023.12.1 ### General @@ -35,6 +24,7 @@ ### Server - Enhance: センシティブワードの設定がハッシュタグトレンドにも適用されるようになりました +- Enhance: `oauth/token`エンドポイントのCORS対応 - Fix: 1702718871541-ffVisibility.jsのdownが壊れている - Fix:「非センシティブのみ(リモートはいいねのみ)」を設定していても、センシティブに設定されたカスタム絵文字をリアクションできる問題を修正 - Fix: ロールアサイン時の通知で,ロールアイコンが縮小されずに表示される問題を修正 From 8904e0a12b0dba776db0144f0644b94e7e81bbbf Mon Sep 17 00:00:00 2001 From: syuilo Date: Wed, 27 Dec 2023 15:15:08 +0900 Subject: [PATCH 05/19] :art: --- .../frontend/src/components/MkReactionsViewer.reaction.vue | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/frontend/src/components/MkReactionsViewer.reaction.vue b/packages/frontend/src/components/MkReactionsViewer.reaction.vue index 8de226802..250b7b96d 100644 --- a/packages/frontend/src/components/MkReactionsViewer.reaction.vue +++ b/packages/frontend/src/components/MkReactionsViewer.reaction.vue @@ -198,7 +198,8 @@ if (!mock) { } .limitWidth { - max-width: 150px; + max-width: 70px; + object-fit: contain; } .count { From 6439c7b64b31dc9fbc6c968ef020787f34ee8331 Mon Sep 17 00:00:00 2001 From: GrapeApple0 <84321396+GrapeApple0@users.noreply.github.com> Date: Wed, 27 Dec 2023 15:55:09 +0900 Subject: [PATCH 06/19] =?UTF-8?q?Revert=20"refactor:=20pagination=E3=81=AE?= =?UTF-8?q?=E5=9E=8B=E3=82=92=E6=98=8E=E7=A4=BA=E3=81=99=E3=82=8B=20(#1280?= =?UTF-8?q?9)"=20(#12810)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 6855079811401be883167476726644e5730ea792. --- .../frontend/src/components/MkFileListForAdmin.vue | 4 ++-- packages/frontend/src/components/MkNoteDetailed.vue | 6 +++--- .../src/components/MkUserSetupDialog.Follow.vue | 6 +++--- packages/frontend/src/pages/about.federation.vue | 2 +- packages/frontend/src/pages/admin-user.vue | 4 ++-- packages/frontend/src/pages/admin/abuses.vue | 4 ++-- packages/frontend/src/pages/admin/federation.vue | 4 ++-- packages/frontend/src/pages/admin/invites.vue | 8 ++++---- packages/frontend/src/pages/admin/modlog.vue | 4 ++-- packages/frontend/src/pages/admin/roles.role.vue | 4 ++-- packages/frontend/src/pages/admin/users.vue | 4 ++-- packages/frontend/src/pages/announcements.vue | 6 +++--- packages/frontend/src/pages/channels.vue | 10 +++++----- .../frontend/src/pages/custom-emojis-manager.vue | 6 +++--- packages/frontend/src/pages/favorites.vue | 4 ++-- packages/frontend/src/pages/flash/flash-index.vue | 8 ++++---- packages/frontend/src/pages/follow-requests.vue | 4 ++-- packages/frontend/src/pages/gallery/index.vue | 12 ++++++------ packages/frontend/src/pages/gallery/post.vue | 4 ++-- packages/frontend/src/pages/instance-info.vue | 4 ++-- packages/frontend/src/pages/invite.vue | 4 ++-- packages/frontend/src/pages/my-clips/index.vue | 4 ++-- packages/frontend/src/pages/my-lists/list.vue | 4 ++-- packages/frontend/src/pages/page.vue | 4 ++-- packages/frontend/src/pages/pages.vue | 8 ++++---- packages/frontend/src/pages/settings/apps.vue | 4 ++-- .../frontend/src/pages/settings/drive-cleaner.vue | 4 ++-- packages/frontend/src/pages/settings/mute-block.vue | 8 ++++---- packages/frontend/src/pages/settings/security.vue | 4 ++-- packages/frontend/src/pages/settings/webhook.vue | 4 ++-- packages/frontend/src/pages/user/clips.vue | 4 ++-- packages/frontend/src/pages/user/flashs.vue | 4 ++-- packages/frontend/src/pages/user/follow-list.vue | 6 +++--- packages/frontend/src/pages/user/gallery.vue | 4 ++-- packages/frontend/src/pages/user/lists.vue | 4 ++-- packages/frontend/src/pages/user/pages.vue | 4 ++-- packages/frontend/src/pages/user/reactions.vue | 4 ++-- 37 files changed, 93 insertions(+), 93 deletions(-) diff --git a/packages/frontend/src/components/MkFileListForAdmin.vue b/packages/frontend/src/components/MkFileListForAdmin.vue index b0ff06bd3..3edd30bc3 100644 --- a/packages/frontend/src/components/MkFileListForAdmin.vue +++ b/packages/frontend/src/components/MkFileListForAdmin.vue @@ -38,14 +38,14 @@ SPDX-License-Identifier: AGPL-3.0-only diff --git a/packages/frontend/src/components/MkNoteDetailed.vue b/packages/frontend/src/components/MkNoteDetailed.vue index f1bcdec7f..33a6786d0 100644 --- a/packages/frontend/src/components/MkNoteDetailed.vue +++ b/packages/frontend/src/components/MkNoteDetailed.vue @@ -224,7 +224,7 @@ import { claimAchievement } from '@/scripts/achievements.js'; import MkRippleEffect from '@/components/MkRippleEffect.vue'; import { showMovedDialog } from '@/scripts/show-moved-dialog.js'; import MkUserCardMini from '@/components/MkUserCardMini.vue'; -import MkPagination, { Paging } from '@/components/MkPagination.vue'; +import MkPagination from '@/components/MkPagination.vue'; import MkReactionIcon from '@/components/MkReactionIcon.vue'; import MkButton from '@/components/MkButton.vue'; @@ -307,7 +307,7 @@ const renotesPagination = computed(() => ({ params: { noteId: appearNote.value.id, }, -} satisfies Paging)); +})); const reactionsPagination = computed(() => ({ endpoint: 'notes/reactions', @@ -316,7 +316,7 @@ const reactionsPagination = computed(() => ({ noteId: appearNote.value.id, type: reactionTabType.value, }, -} satisfies Paging)); +})); useNoteCapture({ rootEl: el, diff --git a/packages/frontend/src/components/MkUserSetupDialog.Follow.vue b/packages/frontend/src/components/MkUserSetupDialog.Follow.vue index d924a54ff..5f3f5b81d 100644 --- a/packages/frontend/src/components/MkUserSetupDialog.Follow.vue +++ b/packages/frontend/src/components/MkUserSetupDialog.Follow.vue @@ -37,15 +37,15 @@ SPDX-License-Identifier: AGPL-3.0-only import { i18n } from '@/i18n.js'; import MkFolder from '@/components/MkFolder.vue'; import XUser from '@/components/MkUserSetupDialog.User.vue'; -import MkPagination, { Paging } from '@/components/MkPagination.vue'; +import MkPagination from '@/components/MkPagination.vue'; -const pinnedUsers = { endpoint: 'pinned-users', noPaging: true } satisfies Paging; +const pinnedUsers = { endpoint: 'pinned-users', noPaging: true }; const popularUsers = { endpoint: 'users', limit: 10, noPaging: true, params: { state: 'alive', origin: 'local', sort: '+follower', -} } satisfies Paging; +} };