feat: Removing stack trace info in production env (#11657)
* feat: Hiding stack traces in production env * sytle * style * style * add SPDX * move ./error.js to ./misc/error.js * revert: remove frontend changes * feat: Hiding stack traces in production env * feat: Hiding stack traces in production env * revert * revert * revert * change and fix * revert * fix queue endpoint test --------- Co-authored-by: tamaina <tamaina@hotmail.co.jp> Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
This commit is contained in:
parent
50ec129b87
commit
388448f298
|
@ -148,18 +148,18 @@ export class ClientServerService {
|
|||
if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) {
|
||||
const token = request.cookies.token;
|
||||
if (token == null) {
|
||||
reply.code(401);
|
||||
throw new Error('login required');
|
||||
reply.code(401).send('Login required');
|
||||
return;
|
||||
}
|
||||
const user = await this.usersRepository.findOneBy({ token });
|
||||
if (user == null) {
|
||||
reply.code(403);
|
||||
throw new Error('no such user');
|
||||
reply.code(403).send('No such user');
|
||||
return;
|
||||
}
|
||||
const isAdministrator = await this.roleService.isAdministrator(user);
|
||||
if (!isAdministrator) {
|
||||
reply.code(403);
|
||||
throw new Error('access denied');
|
||||
reply.code(403).send('Access denied');
|
||||
return;
|
||||
}
|
||||
}
|
||||
});
|
||||
|
|
|
@ -34,6 +34,8 @@ describe('Webリソース', () => {
|
|||
let aliceGalleryPost: any;
|
||||
let aliceChannel: any;
|
||||
|
||||
let bob: misskey.entities.MeSignup;
|
||||
|
||||
type Request = {
|
||||
path: string,
|
||||
accept?: string,
|
||||
|
@ -90,6 +92,8 @@ describe('Webリソース', () => {
|
|||
fileIds: [aliceUploadedFile.body.id],
|
||||
});
|
||||
aliceChannel = await channel(alice, {});
|
||||
|
||||
bob = await signup({ username: 'alice' });
|
||||
}, 1000 * 60 * 2);
|
||||
|
||||
afterAll(async () => {
|
||||
|
@ -163,9 +167,15 @@ describe('Webリソース', () => {
|
|||
});
|
||||
|
||||
describe.each([{ path: '/queue' }])('$path', ({ path }) => {
|
||||
test('はログインしないとGETできない。', async () => await notOk({
|
||||
path,
|
||||
status: 401,
|
||||
}));
|
||||
|
||||
test('はadminでなければGETできない。', async () => await notOk({
|
||||
path,
|
||||
status: 500, // FIXME? 403ではない。
|
||||
cookie: cookie(bob),
|
||||
status: 403,
|
||||
}));
|
||||
|
||||
test('はadminならGETできる。', async () => await ok({
|
||||
|
|
Loading…
Reference in New Issue