From d87fecda7f8c281fd8c53e756e3f946f29f24a9a Mon Sep 17 00:00:00 2001 From: syuilo Date: Wed, 27 Dec 2023 14:21:34 +0900 Subject: [PATCH 01/14] chore(frontend): update team members --- packages/frontend/src/pages/about-misskey.vue | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/frontend/src/pages/about-misskey.vue b/packages/frontend/src/pages/about-misskey.vue index 7cf3aeb951..f8eced8d72 100644 --- a/packages/frontend/src/pages/about-misskey.vue +++ b/packages/frontend/src/pages/about-misskey.vue @@ -69,6 +69,14 @@ SPDX-License-Identifier: AGPL-3.0-only @tai-cha + + + @samunohito + + + + @anatawa12 + From c96bc36fedc804dc840ea791a9355d7df0748e64 Mon Sep 17 00:00:00 2001 From: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com> Date: Wed, 27 Dec 2023 15:08:59 +0900 Subject: [PATCH 02/14] Merge pull request from GHSA-7pxq-6xx9-xpgm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: fix improper authorization when accessing with third-party application * refactor: refactor type definitions * fix: get rid of unnecessary access limitation * enhance: サードパーティアプリケーションがWebsocket APIを使えるように * fix: add missing parentheses * Revert "fix(backend): add missing kind definition for admin endpoints to improve security" This reverts commit 5150053275594278e9eb23e72d98b16593c4c230. * frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする * enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加 * enhance(test): Websocket APIに対するテストも追加 * enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合 * fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正 * enhance(backend): Websocketの接続に最低限必要な権限を変更 * fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように * fix(backend): エンドポイントにアクセスするために必要な権限を変更 * fix(frontend/locale): Add missing type declaration * chore: update `misskey-js/src/autogen` --------- Co-authored-by: tamaina --- CHANGELOG.md | 1 - locales/index.d.ts | 49 ++ locales/ja-JP.yml | 49 ++ packages/backend/src/misc/api-permissions.ts | 40 -- .../backend/src/server/api/ApiCallService.ts | 3 +- .../server/api/StreamingApiServerService.ts | 4 + packages/backend/src/server/api/endpoints.ts | 20 +- .../api/endpoints/admin/abuse-user-reports.ts | 3 +- .../api/endpoints/admin/accounts/create.ts | 2 +- .../api/endpoints/admin/accounts/delete.ts | 3 +- .../endpoints/admin/accounts/find-by-email.ts | 3 +- .../server/api/endpoints/admin/ad/create.ts | 3 +- .../server/api/endpoints/admin/ad/delete.ts | 3 +- .../src/server/api/endpoints/admin/ad/list.ts | 3 +- .../server/api/endpoints/admin/ad/update.ts | 3 +- .../endpoints/admin/announcements/create.ts | 3 +- .../endpoints/admin/announcements/delete.ts | 3 +- .../api/endpoints/admin/announcements/list.ts | 3 +- .../endpoints/admin/announcements/update.ts | 3 +- .../admin/avatar-decorations/create.ts | 3 +- .../admin/avatar-decorations/delete.ts | 3 +- .../admin/avatar-decorations/list.ts | 3 +- .../admin/avatar-decorations/update.ts | 3 +- .../api/endpoints/admin/delete-account.ts | 3 +- .../admin/delete-all-files-of-a-user.ts | 3 +- .../admin/drive/clean-remote-files.ts | 3 +- .../api/endpoints/admin/drive/cleanup.ts | 3 +- .../server/api/endpoints/admin/drive/files.ts | 3 +- .../api/endpoints/admin/drive/show-file.ts | 3 +- .../endpoints/admin/emoji/add-aliases-bulk.ts | 3 +- .../server/api/endpoints/admin/emoji/add.ts | 3 +- .../server/api/endpoints/admin/emoji/copy.ts | 3 +- .../api/endpoints/admin/emoji/delete-bulk.ts | 3 +- .../api/endpoints/admin/emoji/delete.ts | 3 +- .../api/endpoints/admin/emoji/import-zip.ts | 2 +- .../api/endpoints/admin/emoji/list-remote.ts | 3 +- .../server/api/endpoints/admin/emoji/list.ts | 3 +- .../admin/emoji/remove-aliases-bulk.ts | 3 +- .../endpoints/admin/emoji/set-aliases-bulk.ts | 3 +- .../admin/emoji/set-category-bulk.ts | 3 +- .../endpoints/admin/emoji/set-license-bulk.ts | 3 +- .../api/endpoints/admin/emoji/update.ts | 3 +- .../admin/federation/delete-all-files.ts | 3 +- .../refresh-remote-instance-metadata.ts | 3 +- .../admin/federation/remove-all-following.ts | 3 +- .../admin/federation/update-instance.ts | 3 +- .../api/endpoints/admin/get-index-stats.ts | 3 +- .../api/endpoints/admin/get-table-stats.ts | 3 +- .../api/endpoints/admin/get-user-ips.ts | 5 +- .../api/endpoints/admin/invite/create.ts | 3 +- .../server/api/endpoints/admin/invite/list.ts | 3 +- .../src/server/api/endpoints/admin/meta.ts | 3 +- .../api/endpoints/admin/promo/create.ts | 3 +- .../server/api/endpoints/admin/queue/clear.ts | 3 +- .../endpoints/admin/queue/deliver-delayed.ts | 3 +- .../endpoints/admin/queue/inbox-delayed.ts | 3 +- .../api/endpoints/admin/queue/promote.ts | 3 +- .../server/api/endpoints/admin/queue/stats.ts | 3 +- .../server/api/endpoints/admin/relays/add.ts | 3 +- .../server/api/endpoints/admin/relays/list.ts | 3 +- .../api/endpoints/admin/relays/remove.ts | 3 +- .../api/endpoints/admin/reset-password.ts | 3 +- .../admin/resolve-abuse-user-report.ts | 3 +- .../api/endpoints/admin/roles/assign.ts | 3 +- .../api/endpoints/admin/roles/create.ts | 3 +- .../api/endpoints/admin/roles/delete.ts | 3 +- .../server/api/endpoints/admin/roles/list.ts | 3 +- .../server/api/endpoints/admin/roles/show.ts | 3 +- .../api/endpoints/admin/roles/unassign.ts | 3 +- .../admin/roles/update-default-policies.ts | 3 +- .../api/endpoints/admin/roles/update.ts | 3 +- .../server/api/endpoints/admin/roles/users.ts | 3 +- .../server/api/endpoints/admin/send-email.ts | 3 +- .../server/api/endpoints/admin/server-info.ts | 3 +- .../endpoints/admin/show-moderation-logs.ts | 3 +- .../server/api/endpoints/admin/show-user.ts | 3 +- .../server/api/endpoints/admin/show-users.ts | 3 +- .../api/endpoints/admin/suspend-user.ts | 3 +- .../api/endpoints/admin/unset-user-avatar.ts | 3 +- .../api/endpoints/admin/unset-user-banner.ts | 3 +- .../api/endpoints/admin/unsuspend-user.ts | 3 +- .../server/api/endpoints/admin/update-meta.ts | 3 +- .../api/endpoints/admin/update-user-note.ts | 3 +- .../src/server/api/endpoints/ap/get.ts | 1 + .../src/server/api/endpoints/ap/show.ts | 1 + .../federation/update-remote-user.ts | 2 +- .../api/endpoints/fetch-external-resources.ts | 1 + .../backend/src/server/api/endpoints/i.ts | 1 + .../api/endpoints/i/claim-achievement.ts | 1 + .../api/endpoints/i/registry/get-all.ts | 1 + .../api/endpoints/i/registry/get-detail.ts | 1 + .../server/api/endpoints/i/registry/get.ts | 1 + .../endpoints/i/registry/keys-with-type.ts | 1 + .../server/api/endpoints/i/registry/keys.ts | 1 + .../server/api/endpoints/i/registry/remove.ts | 1 + .../server/api/endpoints/i/registry/set.ts | 1 + .../src/server/api/endpoints/invite/create.ts | 1 + .../src/server/api/endpoints/invite/delete.ts | 1 + .../src/server/api/endpoints/invite/limit.ts | 1 + .../src/server/api/endpoints/invite/list.ts | 1 + .../src/server/api/endpoints/my/apps.ts | 1 + .../api/endpoints/notes/hybrid-timeline.ts | 1 + .../server/api/endpoints/notes/mentions.ts | 1 + .../endpoints/notes/polls/recommendation.ts | 1 + .../src/server/api/endpoints/notes/state.ts | 1 + .../server/api/endpoints/notes/timeline.ts | 1 + .../server/api/endpoints/notes/translate.ts | 1 + .../api/endpoints/notes/user-list-timeline.ts | 1 + .../src/server/api/endpoints/promo/read.ts | 1 + .../src/server/api/endpoints/roles/list.ts | 1 + .../src/server/api/endpoints/roles/notes.ts | 1 + .../src/server/api/endpoints/sw/register.ts | 1 + .../api/endpoints/sw/show-registration.ts | 1 + .../api/endpoints/sw/update-registration.ts | 1 + .../api/endpoints/users/achievements.ts | 4 +- .../users/lists/create-from-public.ts | 1 + .../api/endpoints/users/lists/favorite.ts | 1 + .../api/endpoints/users/lists/unfavorite.ts | 1 + .../server/api/endpoints/users/relation.ts | 1 + .../api/endpoints/users/report-abuse.ts | 1 + .../src/server/api/stream/ChannelsService.ts | 3 +- .../src/server/api/stream/Connection.ts | 5 + .../backend/src/server/api/stream/channel.ts | 8 + .../src/server/api/stream/channels/admin.ts | 8 +- .../src/server/api/stream/channels/antenna.ts | 8 +- .../src/server/api/stream/channels/channel.ts | 7 +- .../src/server/api/stream/channels/drive.ts | 8 +- .../api/stream/channels/global-timeline.ts | 7 +- .../src/server/api/stream/channels/hashtag.ts | 7 +- .../api/stream/channels/home-timeline.ts | 8 +- .../api/stream/channels/hybrid-timeline.ts | 8 +- .../api/stream/channels/local-timeline.ts | 7 +- .../src/server/api/stream/channels/main.ts | 8 +- .../server/api/stream/channels/queue-stats.ts | 7 +- .../api/stream/channels/role-timeline.ts | 7 +- .../api/stream/channels/server-stats.ts | 7 +- .../server/api/stream/channels/user-list.ts | 7 +- .../src/server/oauth/OAuth2ProviderService.ts | 4 +- packages/backend/test/e2e/api.ts | 43 +- packages/backend/test/e2e/streaming.ts | 25 +- packages/backend/test/utils.ts | 10 + .../src/components/MkTokenGenerateWindow.vue | 9 +- .../misskey-js/src/autogen/apiClientJSDoc.ts | 226 ++++----- packages/misskey-js/src/autogen/endpoint.ts | 2 +- packages/misskey-js/src/autogen/entities.ts | 2 +- packages/misskey-js/src/autogen/models.ts | 2 +- packages/misskey-js/src/autogen/types.ts | 450 +++++++++--------- packages/misskey-js/src/consts.ts | 50 +- 148 files changed, 797 insertions(+), 581 deletions(-) delete mode 100644 packages/backend/src/misc/api-permissions.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 52f5c07ab3..8b71f6540d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -132,7 +132,6 @@ - Fix: モデレーションログがモデレーターは閲覧できないように修正 - Fix: ハッシュタグのトレンド除外設定が即時に効果を持つように修正 - Fix: HTTP Digestヘッダのアルゴリズム部分に大文字の"SHA-256"しか使えない -- Fix: 管理者用APIのアクセス権限が適切に設定されていない問題を修正 ## 2023.11.1 diff --git a/locales/index.d.ts b/locales/index.d.ts index b3589082e1..89bdddbdcf 100644 --- a/locales/index.d.ts +++ b/locales/index.d.ts @@ -2066,6 +2066,55 @@ export interface Locale { "write:flash": string; "read:flash-likes": string; "write:flash-likes": string; + "read:admin:abuse-user-reports": string; + "write:admin:delete-account": string; + "write:admin:delete-all-files-of-a-user": string; + "read:admin:index-stats": string; + "read:admin:table-stats": string; + "read:admin:user-ips": string; + "read:admin:meta": string; + "write:admin:reset-password": string; + "write:admin:resolve-abuse-user-report": string; + "write:admin:send-email": string; + "read:admin:server-info": string; + "read:admin:show-moderation-log": string; + "read:admin:show-user": string; + "read:admin:show-users": string; + "write:admin:suspend-user": string; + "write:admin:unset-user-avatar": string; + "write:admin:unset-user-banner": string; + "write:admin:unsuspend-user": string; + "write:admin:meta": string; + "write:admin:user-note": string; + "write:admin:roles": string; + "read:admin:roles": string; + "write:admin:relays": string; + "read:admin:relays": string; + "write:admin:invite-codes": string; + "read:admin:invite-codes": string; + "write:admin:announcements": string; + "read:admin:announcements": string; + "write:admin:avatar-decorations": string; + "read:admin:avatar-decorations": string; + "write:admin:federation": string; + "write:admin:account": string; + "read:admin:account": string; + "write:admin:emoji": string; + "read:admin:emoji": string; + "write:admin:queue": string; + "read:admin:queue": string; + "write:admin:promo": string; + "write:admin:drive": string; + "read:admin:drive": string; + "read:admin:stream": string; + "write:admin:ad": string; + "read:admin:ad": string; + "write:invite-codes": string; + "read:invite-codes": string; + "write:clip-favorite": string; + "read:clip-favorite": string; + "read:federation": string; + "write:report-abuse": string; }; "_auth": { "shareAccessTitle": string; diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml index b59fb6e749..7bc5889297 100644 --- a/locales/ja-JP.yml +++ b/locales/ja-JP.yml @@ -1971,6 +1971,55 @@ _permissions: "write:flash": "Playを操作する" "read:flash-likes": "Playのいいねを見る" "write:flash-likes": "Playのいいねを操作する" + "read:admin:abuse-user-reports": "ユーザーからの通報を見る" + "write:admin:delete-account": "ユーザーアカウントを削除する" + "write:admin:delete-all-files-of-a-user": "ユーザーのすべてのファイルを削除する" + "read:admin:index-stats": "データベースインデックスに関する情報を見る" + "read:admin:table-stats": "データベーステーブルに関する情報を見る" + "read:admin:user-ips": "ユーザーのIPアドレスを見る" + "read:admin:meta": "インスタンスのメタデータを見る" + "write:admin:reset-password": "ユーザーのパスワードをリセットする" + "write:admin:resolve-abuse-user-report": "ユーザーからの通報を解決する" + "write:admin:send-email": "メールを送る" + "read:admin:server-info": "サーバーの情報を見る" + "read:admin:show-moderation-log": "モデレーションログを見る" + "read:admin:show-user": "ユーザーのプライベートな情報を見る" + "read:admin:show-users": "ユーザーのプライベートな情報を見る" + "write:admin:suspend-user": "ユーザーを凍結する" + "write:admin:unset-user-avatar": "ユーザーのアバターを削除する" + "write:admin:unset-user-banner": "ユーザーのバーナーを削除する" + "write:admin:unsuspend-user": "ユーザーの凍結を解除する" + "write:admin:meta": "インスタンスのメタデータを操作する" + "write:admin:user-note": "モデレーションノートを操作する" + "write:admin:roles": "ロールを操作する" + "read:admin:roles": "ロールを見る" + "write:admin:relays": "リレーを操作する" + "read:admin:relays": "リレーを見る" + "write:admin:invite-codes": "招待コードを操作する" + "read:admin:invite-codes": "招待コードを見る" + "write:admin:announcements": "お知らせを操作する" + "read:admin:announcements": "お知らせを見る" + "write:admin:avatar-decorations": "アバターデコレーションを操作する" + "read:admin:avatar-decorations": "アバターデコレーションを見る" + "write:admin:federation": "連合に関する情報を操作する" + "write:admin:account": "ユーザーアカウントを操作する" + "read:admin:account": "ユーザーに関する情報を見る" + "write:admin:emoji": "絵文字を操作する" + "read:admin:emoji": "絵文字を見る" + "write:admin:queue": "ジョブキューを操作する" + "read:admin:queue": "ジョブキューに関する情報を見る" + "write:admin:promo": "プロモーションノートを操作する" + "write:admin:drive": "ユーザーのドライブを操作する" + "read:admin:drive": "ユーザーのドライブの関する情報を見る" + "read:admin:stream": "管理者用のWebsocket APIを使う" + "write:admin:ad": "広告を操作する" + "read:admin:ad": "広告を見る" + "write:invite-codes": "招待コードを作成する" + "read:invite-codes": "招待コードを取得する" + "write:clip-favorite": "クリップのいいねを操作する" + "read:clip-favorite": "クリップのいいねを見る" + "read:federation": "連合に関する情報を取得する" + "write:report-abuse": "違反を報告する" _auth: shareAccessTitle: "アプリへのアクセス許可" diff --git a/packages/backend/src/misc/api-permissions.ts b/packages/backend/src/misc/api-permissions.ts deleted file mode 100644 index 57c9308844..0000000000 --- a/packages/backend/src/misc/api-permissions.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * SPDX-FileCopyrightText: syuilo and other misskey contributors - * SPDX-License-Identifier: AGPL-3.0-only - */ - -export const kinds = [ - 'read:account', - 'write:account', - 'read:blocks', - 'write:blocks', - 'read:drive', - 'write:drive', - 'read:favorites', - 'write:favorites', - 'read:following', - 'write:following', - 'read:messaging', - 'write:messaging', - 'read:mutes', - 'write:mutes', - 'write:notes', - 'read:notifications', - 'write:notifications', - 'read:reactions', - 'write:reactions', - 'write:votes', - 'read:pages', - 'write:pages', - 'write:page-likes', - 'read:page-likes', - 'read:user-groups', - 'write:user-groups', - 'read:channels', - 'write:channels', - 'read:gallery', - 'write:gallery', - 'read:gallery-likes', - 'write:gallery-likes', -]; -// IF YOU ADD KINDS(PERMISSIONS), YOU MUST ADD TRANSLATIONS (under _permissions). diff --git a/packages/backend/src/server/api/ApiCallService.ts b/packages/backend/src/server/api/ApiCallService.ts index 66f171a5d8..56f804dee8 100644 --- a/packages/backend/src/server/api/ApiCallService.ts +++ b/packages/backend/src/server/api/ApiCallService.ts @@ -330,7 +330,8 @@ export class ApiCallService implements OnApplicationShutdown { } } - if (token && ep.meta.kind && !token.permission.some(p => p === ep.meta.kind)) { + if (token && ((ep.meta.kind && !token.permission.some(p => p === ep.meta.kind)) + || (!ep.meta.kind && (ep.meta.requireCredential || ep.meta.requireModerator || ep.meta.requireAdmin)))) { throw new ApiError({ message: 'Your app does not have the necessary permissions to use this endpoint.', code: 'PERMISSION_DENIED', diff --git a/packages/backend/src/server/api/StreamingApiServerService.ts b/packages/backend/src/server/api/StreamingApiServerService.ts index dc3a00617c..3b387d92ca 100644 --- a/packages/backend/src/server/api/StreamingApiServerService.ts +++ b/packages/backend/src/server/api/StreamingApiServerService.ts @@ -71,6 +71,10 @@ export class StreamingApiServerService { try { [user, app] = await this.authenticateService.authenticate(token); + + if (app !== null && !app.permission.some(p => p === 'read:account')) { + throw new AuthenticationError('Your app does not have necessary permissions to use websocket API.'); + } } catch (e) { if (e instanceof AuthenticationError) { socket.write([ diff --git a/packages/backend/src/server/api/endpoints.ts b/packages/backend/src/server/api/endpoints.ts index e458d720ab..41232091c6 100644 --- a/packages/backend/src/server/api/endpoints.ts +++ b/packages/backend/src/server/api/endpoints.ts @@ -4,6 +4,7 @@ */ import type { Schema } from '@/misc/json-schema.js'; +import { permissions } from 'misskey-js'; import { RolePolicies } from '@/core/RoleService.js'; import * as ep___admin_meta from './endpoints/admin/meta.js'; @@ -724,7 +725,7 @@ const eps = [ ['retention', ep___retention], ]; -export interface IEndpointMeta { +interface IEndpointMetaBase { readonly stability?: 'deprecated' | 'experimental' | 'stable'; readonly tags?: ReadonlyArray; @@ -823,6 +824,23 @@ export interface IEndpointMeta { readonly cacheSec?: number; } +export type IEndpointMeta = (Omit & { + requireCredential?: false, + requireAdmin?: false, + requireModerator?: false, +}) | (Omit & { + secure: true, +}) | (Omit & { + requireCredential: true, + kind: (typeof permissions)[number], +}) | (Omit & { + requireModerator: true, + kind: (typeof permissions)[number], +}) | (Omit & { + requireAdmin: true, + kind: (typeof permissions)[number], +}) + export interface IEndpoint { name: string; meta: IEndpointMeta; diff --git a/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts b/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts index 484118cd46..3484d6707a 100644 --- a/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts +++ b/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts @@ -13,10 +13,9 @@ import { AbuseUserReportEntityService } from '@/core/entities/AbuseUserReportEnt export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:abuse-user-reports', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts index 07f24d2995..a2f9bf6945 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts @@ -15,7 +15,7 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', + secure: true, res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts index 86f4b0709b..52d8c8ce18 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts @@ -14,10 +14,9 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:account', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts b/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts index bc292fd53a..93673453d6 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts @@ -13,10 +13,9 @@ import { ApiError } from '@/server/api/error.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireAdmin: true, + kind: 'read:admin:account', errors: { userNotFound: { diff --git a/packages/backend/src/server/api/endpoints/admin/ad/create.ts b/packages/backend/src/server/api/endpoints/admin/ad/create.ts index 087ae4befc..041b10f9f7 100644 --- a/packages/backend/src/server/api/endpoints/admin/ad/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/ad/create.ts @@ -13,10 +13,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:ad', res: { type: 'object', optional: false, diff --git a/packages/backend/src/server/api/endpoints/admin/ad/delete.ts b/packages/backend/src/server/api/endpoints/admin/ad/delete.ts index ba655a6aa3..5b18b347d3 100644 --- a/packages/backend/src/server/api/endpoints/admin/ad/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/ad/delete.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:ad', errors: { noSuchAd: { diff --git a/packages/backend/src/server/api/endpoints/admin/ad/list.ts b/packages/backend/src/server/api/endpoints/admin/ad/list.ts index 12528917dc..586c1f44db 100644 --- a/packages/backend/src/server/api/endpoints/admin/ad/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/ad/list.ts @@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:ad', res: { type: 'array', optional: false, diff --git a/packages/backend/src/server/api/endpoints/admin/ad/update.ts b/packages/backend/src/server/api/endpoints/admin/ad/update.ts index b83c163004..bf96e44b0c 100644 --- a/packages/backend/src/server/api/endpoints/admin/ad/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/ad/update.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:ad', errors: { noSuchAd: { diff --git a/packages/backend/src/server/api/endpoints/admin/announcements/create.ts b/packages/backend/src/server/api/endpoints/admin/announcements/create.ts index fb432336e4..c9df70c76b 100644 --- a/packages/backend/src/server/api/endpoints/admin/announcements/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/announcements/create.ts @@ -10,10 +10,9 @@ import { AnnouncementService } from '@/core/AnnouncementService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:announcements', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts b/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts index e84e63c666..939333345e 100644 --- a/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:announcements', errors: { noSuchAnnouncement: { diff --git a/packages/backend/src/server/api/endpoints/admin/announcements/list.ts b/packages/backend/src/server/api/endpoints/admin/announcements/list.ts index e98ef0b169..429b138599 100644 --- a/packages/backend/src/server/api/endpoints/admin/announcements/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/announcements/list.ts @@ -14,10 +14,9 @@ import { IdService } from '@/core/IdService.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:announcements', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/announcements/update.ts b/packages/backend/src/server/api/endpoints/admin/announcements/update.ts index e2ec344899..db6db8356d 100644 --- a/packages/backend/src/server/api/endpoints/admin/announcements/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/announcements/update.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:announcements', errors: { noSuchAnnouncement: { diff --git a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts index 158435ed21..4ac74253cc 100644 --- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts @@ -10,10 +10,9 @@ import { AvatarDecorationService } from '@/core/AvatarDecorationService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageAvatarDecorations', + kind: 'write:admin:avatar-decorations', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts index 06083cc180..88977f801a 100644 --- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts @@ -12,10 +12,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageAvatarDecorations', + kind: 'write:admin:avatar-decorations', errors: { }, } as const; diff --git a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts index 49a8718bce..33122c3eef 100644 --- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts @@ -15,10 +15,9 @@ import { AvatarDecorationService } from '@/core/AvatarDecorationService.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireRolePolicy: 'canManageAvatarDecorations', + kind: 'read:admin:avatar-decorations', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts index 3d8f3d63de..6211345f96 100644 --- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts @@ -12,10 +12,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageAvatarDecorations', + kind: 'write:admin:avatar-decorations', errors: { }, diff --git a/packages/backend/src/server/api/endpoints/admin/delete-account.ts b/packages/backend/src/server/api/endpoints/admin/delete-account.ts index adc446d14b..2c82c2879d 100644 --- a/packages/backend/src/server/api/endpoints/admin/delete-account.ts +++ b/packages/backend/src/server/api/endpoints/admin/delete-account.ts @@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:delete-account', res: { }, diff --git a/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts b/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts index 1fdbbfb12e..7d33065f2e 100644 --- a/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts +++ b/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts @@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:delete-all-files-of-a-user', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts b/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts index 3f23319a5f..af2bb6b1ca 100644 --- a/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts +++ b/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts @@ -10,10 +10,9 @@ import { QueueService } from '@/core/QueueService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:drive', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts b/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts index fd8fa46a47..a3b221284b 100644 --- a/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts +++ b/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts @@ -13,10 +13,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:drive', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/drive/files.ts b/packages/backend/src/server/api/endpoints/admin/drive/files.ts index 816bbfbc45..37fa439bcf 100644 --- a/packages/backend/src/server/api/endpoints/admin/drive/files.ts +++ b/packages/backend/src/server/api/endpoints/admin/drive/files.ts @@ -13,10 +13,9 @@ import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.j export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:drive', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts b/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts index 61cb843558..3aeb3e45e3 100644 --- a/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts +++ b/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts @@ -14,10 +14,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:drive', errors: { noSuchFile: { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts index 5333adb624..1cd8125c52 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/add.ts b/packages/backend/src/server/api/endpoints/admin/emoji/add.ts index 76ff1c6b94..4a9418d051 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/add.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/add.ts @@ -14,10 +14,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', errors: { noSuchFile: { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts b/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts index 87260faa43..476780b23f 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts @@ -16,10 +16,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', errors: { noSuchEmoji: { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts index c483794a40..450695984a 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts b/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts index e15af7717b..e1e6e7c2c4 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', errors: { noSuchEmoji: { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts b/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts index b75616f3cc..208616c0ac 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts @@ -8,7 +8,7 @@ import { Endpoint } from '@/server/api/endpoint-base.js'; import { QueueService } from '@/core/QueueService.js'; export const meta = { - kind: 'write:admin', + secure: true, requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', } as const; diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts b/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts index a383e09338..f3e0c1ef1f 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts @@ -15,10 +15,9 @@ import { sqlLikeEscape } from '@/misc/sql-like-escape.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'read:admin:emoji', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/list.ts b/packages/backend/src/server/api/endpoints/admin/emoji/list.ts index 210b3639c3..59e87253f6 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/list.ts @@ -15,10 +15,9 @@ import { EmojiEntityService } from '@/core/entities/EmojiEntityService.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'read:admin:emoji', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts index 8e92db1daf..26dd43e926 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts index 5a06b5b32f..18961976f9 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts index b3e9c6df13..c680f2e2d4 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts b/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts index c59d13ad16..47c692b613 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts @@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/emoji/update.ts b/packages/backend/src/server/api/endpoints/admin/emoji/update.ts index 61d857b7b0..550bb0052b 100644 --- a/packages/backend/src/server/api/endpoints/admin/emoji/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/emoji/update.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireRolePolicy: 'canManageCustomEmojis', + kind: 'write:admin:emoji', errors: { noSuchEmoji: { diff --git a/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts b/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts index b81297413c..57612850b4 100644 --- a/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts +++ b/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts @@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:federation', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts b/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts index 6cc4e3087f..0d061c685f 100644 --- a/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts +++ b/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts @@ -13,10 +13,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:federation', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts b/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts index 18884dfca6..c15fb83454 100644 --- a/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts +++ b/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts @@ -12,10 +12,9 @@ import { QueueService } from '@/core/QueueService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:federation', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts b/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts index 4232d42ba5..f429949e16 100644 --- a/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts +++ b/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts @@ -14,10 +14,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:federation', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts b/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts index b81d9857d7..0b50212119 100644 --- a/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts +++ b/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts @@ -11,8 +11,7 @@ import { DI } from '@/di-symbols.js'; export const meta = { requireCredential: true, requireAdmin: true, - - kind: 'read:admin', + kind: 'read:admin:index-stats', tags: ['admin'], res: { diff --git a/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts b/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts index c104f653ef..0d44b288cb 100644 --- a/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts +++ b/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts @@ -11,8 +11,7 @@ import { DI } from '@/di-symbols.js'; export const meta = { requireCredential: true, requireAdmin: true, - - kind: 'read:admin', + kind: 'read:admin:table-stats', tags: ['admin'], diff --git a/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts b/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts index 76c32f2a9f..1b437f718b 100644 --- a/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts +++ b/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts @@ -12,10 +12,9 @@ import { IdService } from '@/core/IdService.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:user-ips', res: { type: 'array', optional: false, @@ -34,7 +33,7 @@ export const meta = { }, }, }, - } + }, } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/invite/create.ts b/packages/backend/src/server/api/endpoints/admin/invite/create.ts index 96de772edc..396b84623f 100644 --- a/packages/backend/src/server/api/endpoints/admin/invite/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/invite/create.ts @@ -16,10 +16,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:invite-codes', errors: { invalidDateTime: { diff --git a/packages/backend/src/server/api/endpoints/admin/invite/list.ts b/packages/backend/src/server/api/endpoints/admin/invite/list.ts index 3b7dc72e11..d293dcadc6 100644 --- a/packages/backend/src/server/api/endpoints/admin/invite/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/invite/list.ts @@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:invite-codes', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/meta.ts b/packages/backend/src/server/api/endpoints/admin/meta.ts index eef27b9721..febc4ab1b1 100644 --- a/packages/backend/src/server/api/endpoints/admin/meta.ts +++ b/packages/backend/src/server/api/endpoints/admin/meta.ts @@ -13,10 +13,9 @@ import { DEFAULT_POLICIES } from '@/core/RoleService.js'; export const meta = { tags: ['meta'], - kind: 'read:admin', - requireCredential: true, requireAdmin: true, + kind: 'read:admin:meta', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/promo/create.ts b/packages/backend/src/server/api/endpoints/admin/promo/create.ts index e2befec50f..ab69dfba96 100644 --- a/packages/backend/src/server/api/endpoints/admin/promo/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/promo/create.ts @@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:promo', errors: { noSuchNote: { diff --git a/packages/backend/src/server/api/endpoints/admin/queue/clear.ts b/packages/backend/src/server/api/endpoints/admin/queue/clear.ts index 1d565e8f24..9912043c8b 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/clear.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/clear.ts @@ -11,10 +11,9 @@ import { QueueService } from '@/core/QueueService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:queue', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts b/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts index 30005fc666..8473909103 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts @@ -11,10 +11,9 @@ import type { DeliverQueue } from '@/core/QueueModule.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:queue', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts b/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts index aa8b6edee5..19f7cb85c0 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts @@ -11,10 +11,9 @@ import type { InboxQueue } from '@/core/QueueModule.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:queue', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/queue/promote.ts b/packages/backend/src/server/api/endpoints/admin/queue/promote.ts index 8f46cd6375..d06780e044 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/promote.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/promote.ts @@ -11,10 +11,9 @@ import { QueueService } from '@/core/QueueService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:queue', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/queue/stats.ts b/packages/backend/src/server/api/endpoints/admin/queue/stats.ts index 1d92e2bf86..189690b703 100644 --- a/packages/backend/src/server/api/endpoints/admin/queue/stats.ts +++ b/packages/backend/src/server/api/endpoints/admin/queue/stats.ts @@ -10,10 +10,9 @@ import type { DbQueue, DeliverQueue, EndedPollNotificationQueue, InboxQueue, Obj export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:emoji', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/relays/add.ts b/packages/backend/src/server/api/endpoints/admin/relays/add.ts index 53b83560cf..d55dff7b0c 100644 --- a/packages/backend/src/server/api/endpoints/admin/relays/add.ts +++ b/packages/backend/src/server/api/endpoints/admin/relays/add.ts @@ -12,10 +12,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:relays', errors: { invalidUrl: { diff --git a/packages/backend/src/server/api/endpoints/admin/relays/list.ts b/packages/backend/src/server/api/endpoints/admin/relays/list.ts index 35c8e05487..61ea287bff 100644 --- a/packages/backend/src/server/api/endpoints/admin/relays/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/relays/list.ts @@ -10,10 +10,9 @@ import { RelayService } from '@/core/RelayService.js'; export const meta = { tags: ['admin'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:relays', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/relays/remove.ts b/packages/backend/src/server/api/endpoints/admin/relays/remove.ts index fdc53cb708..8a6dd4e152 100644 --- a/packages/backend/src/server/api/endpoints/admin/relays/remove.ts +++ b/packages/backend/src/server/api/endpoints/admin/relays/remove.ts @@ -10,10 +10,9 @@ import { RelayService } from '@/core/RelayService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:relays', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/reset-password.ts b/packages/backend/src/server/api/endpoints/admin/reset-password.ts index 73bbd1f091..1a402b4a4a 100644 --- a/packages/backend/src/server/api/endpoints/admin/reset-password.ts +++ b/packages/backend/src/server/api/endpoints/admin/reset-password.ts @@ -14,10 +14,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:reset-password', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts b/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts index fb26c82a9d..26c4038b98 100644 --- a/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts +++ b/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts @@ -15,10 +15,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:resolve-abuse-user-report', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/assign.ts b/packages/backend/src/server/api/endpoints/admin/roles/assign.ts index bbd4cfabbe..8eb3d2bf59 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/assign.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/assign.ts @@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/create.ts b/packages/backend/src/server/api/endpoints/admin/roles/create.ts index ac6085d921..de23d2fb11 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/create.ts @@ -11,10 +11,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/roles/delete.ts b/packages/backend/src/server/api/endpoints/admin/roles/delete.ts index f60d6754a5..9e2968e317 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/delete.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/delete.ts @@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/list.ts b/packages/backend/src/server/api/endpoints/admin/roles/list.ts index 30917ce984..d3d1a10a69 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/list.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/list.ts @@ -12,10 +12,9 @@ import { RoleEntityService } from '@/core/entities/RoleEntityService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:roles', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/roles/show.ts b/packages/backend/src/server/api/endpoints/admin/roles/show.ts index 91e32d95be..ad4345e5a5 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/show.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/show.ts @@ -13,10 +13,9 @@ import { RoleEntityService } from '@/core/entities/RoleEntityService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'read:admin', - requireCredential: true, requireModerator: true, + kind: 'read:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts b/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts index 701fea1ed5..c11265252c 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts @@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts b/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts index 066fc73234..203f749a6e 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts @@ -11,10 +11,9 @@ import { MetaService } from '@/core/MetaService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/update.ts b/packages/backend/src/server/api/endpoints/admin/roles/update.ts index 6cfcd8ca4a..74d5aae5d8 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/update.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/update.ts @@ -14,10 +14,9 @@ import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin', 'role'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/roles/users.ts b/packages/backend/src/server/api/endpoints/admin/roles/users.ts index 6a0f7f9987..66f4d9d26b 100644 --- a/packages/backend/src/server/api/endpoints/admin/roles/users.ts +++ b/packages/backend/src/server/api/endpoints/admin/roles/users.ts @@ -16,10 +16,9 @@ import { ApiError } from '../../../error.js'; export const meta = { tags: ['admin', 'role', 'users'], - kind: 'read:admin', - requireCredential: false, requireAdmin: true, + kind: 'read:admin:roles', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/admin/send-email.ts b/packages/backend/src/server/api/endpoints/admin/send-email.ts index d22066909e..d20aee656c 100644 --- a/packages/backend/src/server/api/endpoints/admin/send-email.ts +++ b/packages/backend/src/server/api/endpoints/admin/send-email.ts @@ -10,10 +10,9 @@ import { EmailService } from '@/core/EmailService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:send-email', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/server-info.ts b/packages/backend/src/server/api/endpoints/admin/server-info.ts index d3c3bebff6..374712f57d 100644 --- a/packages/backend/src/server/api/endpoints/admin/server-info.ts +++ b/packages/backend/src/server/api/endpoints/admin/server-info.ts @@ -14,11 +14,10 @@ import { DI } from '@/di-symbols.js'; export const meta = { requireCredential: true, requireModerator: true, + kind: 'read:admin:server-info', tags: ['admin', 'meta'], - kind: 'read:admin', - res: { type: 'object', optional: false, nullable: false, diff --git a/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts b/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts index c82532ed67..f3601be9bb 100644 --- a/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts +++ b/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts @@ -15,8 +15,7 @@ export const meta = { requireCredential: true, requireAdmin: true, - - kind: 'read:admin', + kind: 'read:admin:show-moderation-log', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/show-user.ts b/packages/backend/src/server/api/endpoints/admin/show-user.ts index f1e7b75a32..2b50354cef 100644 --- a/packages/backend/src/server/api/endpoints/admin/show-user.ts +++ b/packages/backend/src/server/api/endpoints/admin/show-user.ts @@ -16,8 +16,7 @@ export const meta = { requireCredential: true, requireModerator: true, - - kind: 'read:admin', + kind: 'read:admin:show-user', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/admin/show-users.ts b/packages/backend/src/server/api/endpoints/admin/show-users.ts index 5081383687..1d31e5e80f 100644 --- a/packages/backend/src/server/api/endpoints/admin/show-users.ts +++ b/packages/backend/src/server/api/endpoints/admin/show-users.ts @@ -16,8 +16,7 @@ export const meta = { requireCredential: true, requireModerator: true, - - kind: 'read:admin', + kind: 'read:admin:show-users', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/admin/suspend-user.ts b/packages/backend/src/server/api/endpoints/admin/suspend-user.ts index 35c3f37481..a26fa81c13 100644 --- a/packages/backend/src/server/api/endpoints/admin/suspend-user.ts +++ b/packages/backend/src/server/api/endpoints/admin/suspend-user.ts @@ -19,10 +19,9 @@ import { QueueService } from '@/core/QueueService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:suspend-user', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts b/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts index 2309493937..8b22fad1d4 100644 --- a/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts +++ b/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts @@ -12,10 +12,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:unset-user-avatar', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts b/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts index 468c634e5b..5ec359c0ef 100644 --- a/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts +++ b/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts @@ -12,10 +12,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:unset-user-banner', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts b/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts index 8cdd317eae..9c896f0e64 100644 --- a/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts +++ b/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts @@ -13,10 +13,9 @@ import { DI } from '@/di-symbols.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:unsuspend-user', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/update-meta.ts b/packages/backend/src/server/api/endpoints/admin/update-meta.ts index 5f9de0523e..5a215696fb 100644 --- a/packages/backend/src/server/api/endpoints/admin/update-meta.ts +++ b/packages/backend/src/server/api/endpoints/admin/update-meta.ts @@ -12,10 +12,9 @@ import { MetaService } from '@/core/MetaService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireAdmin: true, + kind: 'write:admin:meta', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/admin/update-user-note.ts b/packages/backend/src/server/api/endpoints/admin/update-user-note.ts index dd0b777373..e582147e72 100644 --- a/packages/backend/src/server/api/endpoints/admin/update-user-note.ts +++ b/packages/backend/src/server/api/endpoints/admin/update-user-note.ts @@ -12,10 +12,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js'; export const meta = { tags: ['admin'], - kind: 'write:admin', - requireCredential: true, requireModerator: true, + kind: 'write:admin:user-note', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/ap/get.ts b/packages/backend/src/server/api/endpoints/ap/get.ts index a4a7fd2037..e0ef5d413a 100644 --- a/packages/backend/src/server/api/endpoints/ap/get.ts +++ b/packages/backend/src/server/api/endpoints/ap/get.ts @@ -12,6 +12,7 @@ export const meta = { tags: ['federation'], requireCredential: true, + kind: 'read:federation', limit: { duration: ms('1hour'), diff --git a/packages/backend/src/server/api/endpoints/ap/show.ts b/packages/backend/src/server/api/endpoints/ap/show.ts index f442fbdd2f..7e5c7a917c 100644 --- a/packages/backend/src/server/api/endpoints/ap/show.ts +++ b/packages/backend/src/server/api/endpoints/ap/show.ts @@ -25,6 +25,7 @@ export const meta = { tags: ['federation'], requireCredential: true, + kind: 'read:account', limit: { duration: ms('1hour'), diff --git a/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts b/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts index c0aa882088..e6198ff601 100644 --- a/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts +++ b/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts @@ -11,7 +11,7 @@ import { GetterService } from '@/server/api/GetterService.js'; export const meta = { tags: ['federation'], - requireCredential: true, + requireCredential: false, } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/fetch-external-resources.ts b/packages/backend/src/server/api/endpoints/fetch-external-resources.ts index 6391a2f580..cbe579eb6b 100644 --- a/packages/backend/src/server/api/endpoints/fetch-external-resources.ts +++ b/packages/backend/src/server/api/endpoints/fetch-external-resources.ts @@ -14,6 +14,7 @@ export const meta = { tags: ['meta'], requireCredential: true, + secure: true, limit: { duration: ms('1hour'), diff --git a/packages/backend/src/server/api/endpoints/i.ts b/packages/backend/src/server/api/endpoints/i.ts index c0530bf392..c24e049180 100644 --- a/packages/backend/src/server/api/endpoints/i.ts +++ b/packages/backend/src/server/api/endpoints/i.ts @@ -14,6 +14,7 @@ export const meta = { tags: ['account'], requireCredential: true, + kind: "read:account", res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/i/claim-achievement.ts b/packages/backend/src/server/api/endpoints/i/claim-achievement.ts index b24b3438dc..57f680bd7e 100644 --- a/packages/backend/src/server/api/endpoints/i/claim-achievement.ts +++ b/packages/backend/src/server/api/endpoints/i/claim-achievement.ts @@ -10,6 +10,7 @@ import { AchievementService, ACHIEVEMENT_TYPES } from '@/core/AchievementService export const meta = { requireCredential: true, prohibitMoved: true, + kind: 'write:account', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/i/registry/get-all.ts b/packages/backend/src/server/api/endpoints/i/registry/get-all.ts index bd6e85a074..79a81cb73f 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/get-all.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/get-all.ts @@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js'; export const meta = { requireCredential: true, + kind: 'read:account', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts b/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts index 2352beb130..d9b26cab2c 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts @@ -10,6 +10,7 @@ import { ApiError } from '../../../error.js'; export const meta = { requireCredential: true, + kind: 'read:account', errors: { noSuchKey: { diff --git a/packages/backend/src/server/api/endpoints/i/registry/get.ts b/packages/backend/src/server/api/endpoints/i/registry/get.ts index 4155a43e0d..c373410256 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/get.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/get.ts @@ -10,6 +10,7 @@ import { ApiError } from '../../../error.js'; export const meta = { requireCredential: true, + kind: 'read:account', errors: { noSuchKey: { diff --git a/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts b/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts index b411cdd3d9..a91dcd9543 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts @@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js'; export const meta = { requireCredential: true, + kind: 'read:account', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/i/registry/keys.ts b/packages/backend/src/server/api/endpoints/i/registry/keys.ts index 04e120d752..ad203d5203 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/keys.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/keys.ts @@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js'; export const meta = { requireCredential: true, + kind: 'read:account', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/i/registry/remove.ts b/packages/backend/src/server/api/endpoints/i/registry/remove.ts index ba8100b547..9cbe271b91 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/remove.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/remove.ts @@ -12,6 +12,7 @@ import { ApiError } from '../../../error.js'; export const meta = { requireCredential: true, + kind: 'write:account', errors: { noSuchKey: { diff --git a/packages/backend/src/server/api/endpoints/i/registry/set.ts b/packages/backend/src/server/api/endpoints/i/registry/set.ts index 58bb450bce..c61d5b8727 100644 --- a/packages/backend/src/server/api/endpoints/i/registry/set.ts +++ b/packages/backend/src/server/api/endpoints/i/registry/set.ts @@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js'; export const meta = { requireCredential: true, + kind: 'write:account', } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/invite/create.ts b/packages/backend/src/server/api/endpoints/invite/create.ts index d82fa50e4f..4f37f2f4bb 100644 --- a/packages/backend/src/server/api/endpoints/invite/create.ts +++ b/packages/backend/src/server/api/endpoints/invite/create.ts @@ -19,6 +19,7 @@ export const meta = { requireCredential: true, requireRolePolicy: 'canInvite', + kind: 'write:invite-codes', errors: { exceededCreateLimit: { diff --git a/packages/backend/src/server/api/endpoints/invite/delete.ts b/packages/backend/src/server/api/endpoints/invite/delete.ts index 3b57775739..d84430a49f 100644 --- a/packages/backend/src/server/api/endpoints/invite/delete.ts +++ b/packages/backend/src/server/api/endpoints/invite/delete.ts @@ -15,6 +15,7 @@ export const meta = { requireCredential: true, requireRolePolicy: 'canInvite', + kind: 'write:invite-codes', errors: { noSuchCode: { diff --git a/packages/backend/src/server/api/endpoints/invite/limit.ts b/packages/backend/src/server/api/endpoints/invite/limit.ts index 1f4190c948..fc3bb9bdc2 100644 --- a/packages/backend/src/server/api/endpoints/invite/limit.ts +++ b/packages/backend/src/server/api/endpoints/invite/limit.ts @@ -16,6 +16,7 @@ export const meta = { requireCredential: true, requireRolePolicy: 'canInvite', + kind: 'read:invite-codes', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/invite/list.ts b/packages/backend/src/server/api/endpoints/invite/list.ts index 2107516ce4..6734f27e14 100644 --- a/packages/backend/src/server/api/endpoints/invite/list.ts +++ b/packages/backend/src/server/api/endpoints/invite/list.ts @@ -15,6 +15,7 @@ export const meta = { requireCredential: true, requireRolePolicy: 'canInvite', + kind: 'read:invite-codes', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/my/apps.ts b/packages/backend/src/server/api/endpoints/my/apps.ts index 98c317346f..1b70b85b07 100644 --- a/packages/backend/src/server/api/endpoints/my/apps.ts +++ b/packages/backend/src/server/api/endpoints/my/apps.ts @@ -13,6 +13,7 @@ export const meta = { tags: ['account', 'app'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts b/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts index effcbaf2ee..01adfec7d3 100644 --- a/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts +++ b/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts @@ -25,6 +25,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/notes/mentions.ts b/packages/backend/src/server/api/endpoints/notes/mentions.ts index 6fab024d17..2317f8f7b2 100644 --- a/packages/backend/src/server/api/endpoints/notes/mentions.ts +++ b/packages/backend/src/server/api/endpoints/notes/mentions.ts @@ -16,6 +16,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts b/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts index af7ff8bdcd..90af29a695 100644 --- a/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts +++ b/packages/backend/src/server/api/endpoints/notes/polls/recommendation.ts @@ -14,6 +14,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/notes/state.ts b/packages/backend/src/server/api/endpoints/notes/state.ts index b5fd47723c..20faea566d 100644 --- a/packages/backend/src/server/api/endpoints/notes/state.ts +++ b/packages/backend/src/server/api/endpoints/notes/state.ts @@ -12,6 +12,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/notes/timeline.ts b/packages/backend/src/server/api/endpoints/notes/timeline.ts index 790bcbe151..e90d6ec198 100644 --- a/packages/backend/src/server/api/endpoints/notes/timeline.ts +++ b/packages/backend/src/server/api/endpoints/notes/timeline.ts @@ -22,6 +22,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/notes/translate.ts b/packages/backend/src/server/api/endpoints/notes/translate.ts index d46bd69795..698c37b616 100644 --- a/packages/backend/src/server/api/endpoints/notes/translate.ts +++ b/packages/backend/src/server/api/endpoints/notes/translate.ts @@ -17,6 +17,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'read:account', res: { type: 'object', diff --git a/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts b/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts index 10d3a7a697..71c2b8054e 100644 --- a/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts +++ b/packages/backend/src/server/api/endpoints/notes/user-list-timeline.ts @@ -22,6 +22,7 @@ export const meta = { tags: ['notes', 'lists'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/promo/read.ts b/packages/backend/src/server/api/endpoints/promo/read.ts index 7d07c92178..f427939a7a 100644 --- a/packages/backend/src/server/api/endpoints/promo/read.ts +++ b/packages/backend/src/server/api/endpoints/promo/read.ts @@ -15,6 +15,7 @@ export const meta = { tags: ['notes'], requireCredential: true, + kind: 'write:account', errors: { noSuchNote: { diff --git a/packages/backend/src/server/api/endpoints/roles/list.ts b/packages/backend/src/server/api/endpoints/roles/list.ts index dc2be8e11d..d40e937d4e 100644 --- a/packages/backend/src/server/api/endpoints/roles/list.ts +++ b/packages/backend/src/server/api/endpoints/roles/list.ts @@ -13,6 +13,7 @@ export const meta = { tags: ['role'], requireCredential: true, + kind: 'read:account', res: { type: 'array', diff --git a/packages/backend/src/server/api/endpoints/roles/notes.ts b/packages/backend/src/server/api/endpoints/roles/notes.ts index 7010df22c9..4ce3fc8908 100644 --- a/packages/backend/src/server/api/endpoints/roles/notes.ts +++ b/packages/backend/src/server/api/endpoints/roles/notes.ts @@ -18,6 +18,7 @@ export const meta = { tags: ['role', 'notes'], requireCredential: true, + kind: 'read:account', errors: { noSuchRole: { diff --git a/packages/backend/src/server/api/endpoints/sw/register.ts b/packages/backend/src/server/api/endpoints/sw/register.ts index 9ab062326d..bb50048d94 100644 --- a/packages/backend/src/server/api/endpoints/sw/register.ts +++ b/packages/backend/src/server/api/endpoints/sw/register.ts @@ -14,6 +14,7 @@ export const meta = { tags: ['account'], requireCredential: true, + secure: true, description: 'Register to receive push notifications.', diff --git a/packages/backend/src/server/api/endpoints/sw/show-registration.ts b/packages/backend/src/server/api/endpoints/sw/show-registration.ts index 126299e3f7..15d3df8587 100644 --- a/packages/backend/src/server/api/endpoints/sw/show-registration.ts +++ b/packages/backend/src/server/api/endpoints/sw/show-registration.ts @@ -12,6 +12,7 @@ export const meta = { tags: ['account'], requireCredential: true, + secure: true, description: 'Check push notification registration exists.', diff --git a/packages/backend/src/server/api/endpoints/sw/update-registration.ts b/packages/backend/src/server/api/endpoints/sw/update-registration.ts index a1a97df0be..7bf59784a2 100644 --- a/packages/backend/src/server/api/endpoints/sw/update-registration.ts +++ b/packages/backend/src/server/api/endpoints/sw/update-registration.ts @@ -13,6 +13,7 @@ export const meta = { tags: ['account'], requireCredential: true, + secure: true, description: 'Update push notification registration.', diff --git a/packages/backend/src/server/api/endpoints/users/achievements.ts b/packages/backend/src/server/api/endpoints/users/achievements.ts index d6ad718dfa..3a584a819a 100644 --- a/packages/backend/src/server/api/endpoints/users/achievements.ts +++ b/packages/backend/src/server/api/endpoints/users/achievements.ts @@ -9,7 +9,7 @@ import type { UserProfilesRepository } from '@/models/_.js'; import { DI } from '@/di-symbols.js'; export const meta = { - requireCredential: true, + requireCredential: false, res: { type: 'array', @@ -24,7 +24,7 @@ export const meta = { }, }, }, - } + }, } as const; export const paramDef = { diff --git a/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts b/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts index 4eb37c3e43..fa2e3338b8 100644 --- a/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts +++ b/packages/backend/src/server/api/endpoints/users/lists/create-from-public.ts @@ -18,6 +18,7 @@ import { UserListService } from '@/core/UserListService.js'; export const meta = { requireCredential: true, prohibitMoved: true, + kind: 'write:account', res: { type: 'object', optional: false, nullable: false, diff --git a/packages/backend/src/server/api/endpoints/users/lists/favorite.ts b/packages/backend/src/server/api/endpoints/users/lists/favorite.ts index 2ecf0a1256..864cdc2ee0 100644 --- a/packages/backend/src/server/api/endpoints/users/lists/favorite.ts +++ b/packages/backend/src/server/api/endpoints/users/lists/favorite.ts @@ -12,6 +12,7 @@ import { DI } from '@/di-symbols.js'; export const meta = { requireCredential: true, + kind: 'write:account', errors: { noSuchList: { message: 'No such user list.', diff --git a/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts b/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts index 23611ab8c4..d51d57343e 100644 --- a/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts +++ b/packages/backend/src/server/api/endpoints/users/lists/unfavorite.ts @@ -11,6 +11,7 @@ import { DI } from '@/di-symbols.js'; export const meta = { requireCredential: true, + kind: 'write:account', errors: { noSuchList: { message: 'No such user list.', diff --git a/packages/backend/src/server/api/endpoints/users/relation.ts b/packages/backend/src/server/api/endpoints/users/relation.ts index 326042ed3d..26b61c9fb2 100644 --- a/packages/backend/src/server/api/endpoints/users/relation.ts +++ b/packages/backend/src/server/api/endpoints/users/relation.ts @@ -11,6 +11,7 @@ export const meta = { tags: ['users'], requireCredential: true, + kind: 'read:account', description: 'Show the different kinds of relations between the authenticated user and the specified user(s).', diff --git a/packages/backend/src/server/api/endpoints/users/report-abuse.ts b/packages/backend/src/server/api/endpoints/users/report-abuse.ts index 3bcf44cc42..508497ccfb 100644 --- a/packages/backend/src/server/api/endpoints/users/report-abuse.ts +++ b/packages/backend/src/server/api/endpoints/users/report-abuse.ts @@ -20,6 +20,7 @@ export const meta = { tags: ['users'], requireCredential: true, + kind: 'write:report-abuse', description: 'File a report.', diff --git a/packages/backend/src/server/api/stream/ChannelsService.ts b/packages/backend/src/server/api/stream/ChannelsService.ts index 8fd106c10c..3bc5380132 100644 --- a/packages/backend/src/server/api/stream/ChannelsService.ts +++ b/packages/backend/src/server/api/stream/ChannelsService.ts @@ -19,6 +19,7 @@ import { AntennaChannelService } from './channels/antenna.js'; import { DriveChannelService } from './channels/drive.js'; import { HashtagChannelService } from './channels/hashtag.js'; import { RoleTimelineChannelService } from './channels/role-timeline.js'; +import { type MiChannelService } from './channel.js'; @Injectable() export class ChannelsService { @@ -41,7 +42,7 @@ export class ChannelsService { } @bindThis - public getChannelService(name: string) { + public getChannelService(name: string): MiChannelService { switch (name) { case 'main': return this.mainChannelService; case 'homeTimeline': return this.homeTimelineChannelService; diff --git a/packages/backend/src/server/api/stream/Connection.ts b/packages/backend/src/server/api/stream/Connection.ts index 4180ccc56a..a89fbcc5e5 100644 --- a/packages/backend/src/server/api/stream/Connection.ts +++ b/packages/backend/src/server/api/stream/Connection.ts @@ -248,6 +248,11 @@ export default class Connection { return; } + if (this.token && ((channelService.kind && !this.token.permission.some(p => p === channelService.kind)) + || (!channelService.kind && channelService.requireCredential))) { + return; + } + // 共有可能チャンネルに接続しようとしていて、かつそのチャンネルに既に接続していたら無意味なので無視 if (channelService.shouldShare && this.channels.some(c => c.chName === channel)) { return; diff --git a/packages/backend/src/server/api/stream/channel.ts b/packages/backend/src/server/api/stream/channel.ts index 46b0709773..80df3803eb 100644 --- a/packages/backend/src/server/api/stream/channel.ts +++ b/packages/backend/src/server/api/stream/channel.ts @@ -16,6 +16,7 @@ export default abstract class Channel { public abstract readonly chName: string; public static readonly shouldShare: boolean; public static readonly requireCredential: boolean; + public static readonly kind?: string | null; protected get user() { return this.connection.user; @@ -76,3 +77,10 @@ export default abstract class Channel { public onMessage?(type: string, body: any): void; } + +export type MiChannelService = { + shouldShare: boolean; + requireCredential: T; + kind: T extends true ? string : string | null | undefined; + create: (id: string, connection: Connection) => Channel; +} diff --git a/packages/backend/src/server/api/stream/channels/admin.ts b/packages/backend/src/server/api/stream/channels/admin.ts index bfb36d9cb8..b8f369ce84 100644 --- a/packages/backend/src/server/api/stream/channels/admin.ts +++ b/packages/backend/src/server/api/stream/channels/admin.ts @@ -5,12 +5,13 @@ import { Injectable } from '@nestjs/common'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class AdminChannel extends Channel { public readonly chName = 'admin'; public static shouldShare = true; - public static requireCredential = true; + public static requireCredential = true as const; + public static kind = 'read:admin:stream'; @bindThis public async init(params: any) { @@ -22,9 +23,10 @@ class AdminChannel extends Channel { } @Injectable() -export class AdminChannelService { +export class AdminChannelService implements MiChannelService { public readonly shouldShare = AdminChannel.shouldShare; public readonly requireCredential = AdminChannel.requireCredential; + public readonly kind = AdminChannel.kind; constructor( ) { diff --git a/packages/backend/src/server/api/stream/channels/antenna.ts b/packages/backend/src/server/api/stream/channels/antenna.ts index a48e6ba5c6..200db8eb0e 100644 --- a/packages/backend/src/server/api/stream/channels/antenna.ts +++ b/packages/backend/src/server/api/stream/channels/antenna.ts @@ -8,12 +8,13 @@ import { isUserRelated } from '@/misc/is-user-related.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; import type { GlobalEvents } from '@/core/GlobalEventService.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class AntennaChannel extends Channel { public readonly chName = 'antenna'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = true as const; + public static kind = 'read:account'; private antennaId: string; constructor( @@ -62,9 +63,10 @@ class AntennaChannel extends Channel { } @Injectable() -export class AntennaChannelService { +export class AntennaChannelService implements MiChannelService { public readonly shouldShare = AntennaChannel.shouldShare; public readonly requireCredential = AntennaChannel.requireCredential; + public readonly kind = AntennaChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/channel.ts b/packages/backend/src/server/api/stream/channels/channel.ts index 57034231a3..20275249b8 100644 --- a/packages/backend/src/server/api/stream/channels/channel.ts +++ b/packages/backend/src/server/api/stream/channels/channel.ts @@ -8,12 +8,12 @@ import { isUserRelated } from '@/misc/is-user-related.js'; import type { Packed } from '@/misc/json-schema.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class ChannelChannel extends Channel { public readonly chName = 'channel'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private channelId: string; constructor( @@ -65,9 +65,10 @@ class ChannelChannel extends Channel { } @Injectable() -export class ChannelChannelService { +export class ChannelChannelService implements MiChannelService { public readonly shouldShare = ChannelChannel.shouldShare; public readonly requireCredential = ChannelChannel.requireCredential; + public readonly kind = ChannelChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/drive.ts b/packages/backend/src/server/api/stream/channels/drive.ts index 83f53c1836..4bf34a72c9 100644 --- a/packages/backend/src/server/api/stream/channels/drive.ts +++ b/packages/backend/src/server/api/stream/channels/drive.ts @@ -5,12 +5,13 @@ import { Injectable } from '@nestjs/common'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class DriveChannel extends Channel { public readonly chName = 'drive'; public static shouldShare = true; - public static requireCredential = true; + public static requireCredential = true as const; + public static kind = 'read:account'; @bindThis public async init(params: any) { @@ -22,9 +23,10 @@ class DriveChannel extends Channel { } @Injectable() -export class DriveChannelService { +export class DriveChannelService implements MiChannelService { public readonly shouldShare = DriveChannel.shouldShare; public readonly requireCredential = DriveChannel.requireCredential; + public readonly kind = DriveChannel.kind; constructor( ) { diff --git a/packages/backend/src/server/api/stream/channels/global-timeline.ts b/packages/backend/src/server/api/stream/channels/global-timeline.ts index 553c44071f..8df13da8a9 100644 --- a/packages/backend/src/server/api/stream/channels/global-timeline.ts +++ b/packages/backend/src/server/api/stream/channels/global-timeline.ts @@ -12,12 +12,12 @@ import { MetaService } from '@/core/MetaService.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; import { RoleService } from '@/core/RoleService.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class GlobalTimelineChannel extends Channel { public readonly chName = 'globalTimeline'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private withRenotes: boolean; private withFiles: boolean; @@ -91,9 +91,10 @@ class GlobalTimelineChannel extends Channel { } @Injectable() -export class GlobalTimelineChannelService { +export class GlobalTimelineChannelService implements MiChannelService { public readonly shouldShare = GlobalTimelineChannel.shouldShare; public readonly requireCredential = GlobalTimelineChannel.requireCredential; + public readonly kind = GlobalTimelineChannel.kind; constructor( private metaService: MetaService, diff --git a/packages/backend/src/server/api/stream/channels/hashtag.ts b/packages/backend/src/server/api/stream/channels/hashtag.ts index f30b29cfd6..3d4f2fc528 100644 --- a/packages/backend/src/server/api/stream/channels/hashtag.ts +++ b/packages/backend/src/server/api/stream/channels/hashtag.ts @@ -9,12 +9,12 @@ import { isUserRelated } from '@/misc/is-user-related.js'; import type { Packed } from '@/misc/json-schema.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class HashtagChannel extends Channel { public readonly chName = 'hashtag'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private q: string[][]; constructor( @@ -70,9 +70,10 @@ class HashtagChannel extends Channel { } @Injectable() -export class HashtagChannelService { +export class HashtagChannelService implements MiChannelService { public readonly shouldShare = HashtagChannel.shouldShare; public readonly requireCredential = HashtagChannel.requireCredential; + public readonly kind = HashtagChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/home-timeline.ts b/packages/backend/src/server/api/stream/channels/home-timeline.ts index 80054d0881..6c9f52ba70 100644 --- a/packages/backend/src/server/api/stream/channels/home-timeline.ts +++ b/packages/backend/src/server/api/stream/channels/home-timeline.ts @@ -10,12 +10,13 @@ import { isInstanceMuted } from '@/misc/is-instance-muted.js'; import type { Packed } from '@/misc/json-schema.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class HomeTimelineChannel extends Channel { public readonly chName = 'homeTimeline'; public static shouldShare = false; - public static requireCredential = true; + public static requireCredential = true as const; + public static kind = 'read:account'; private withRenotes: boolean; private withFiles: boolean; @@ -99,9 +100,10 @@ class HomeTimelineChannel extends Channel { } @Injectable() -export class HomeTimelineChannelService { +export class HomeTimelineChannelService implements MiChannelService { public readonly shouldShare = HomeTimelineChannel.shouldShare; public readonly requireCredential = HomeTimelineChannel.requireCredential; + public readonly kind = HomeTimelineChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/hybrid-timeline.ts b/packages/backend/src/server/api/stream/channels/hybrid-timeline.ts index 78645982bf..957d8b6d41 100644 --- a/packages/backend/src/server/api/stream/channels/hybrid-timeline.ts +++ b/packages/backend/src/server/api/stream/channels/hybrid-timeline.ts @@ -12,12 +12,13 @@ import { MetaService } from '@/core/MetaService.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; import { RoleService } from '@/core/RoleService.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class HybridTimelineChannel extends Channel { public readonly chName = 'hybridTimeline'; public static shouldShare = false; - public static requireCredential = true; + public static requireCredential = true as const; + public static kind = 'read:account'; private withRenotes: boolean; private withReplies: boolean; private withFiles: boolean; @@ -114,9 +115,10 @@ class HybridTimelineChannel extends Channel { } @Injectable() -export class HybridTimelineChannelService { +export class HybridTimelineChannelService implements MiChannelService { public readonly shouldShare = HybridTimelineChannel.shouldShare; public readonly requireCredential = HybridTimelineChannel.requireCredential; + public readonly kind = HybridTimelineChannel.kind; constructor( private metaService: MetaService, diff --git a/packages/backend/src/server/api/stream/channels/local-timeline.ts b/packages/backend/src/server/api/stream/channels/local-timeline.ts index 1388f186ff..888d268d56 100644 --- a/packages/backend/src/server/api/stream/channels/local-timeline.ts +++ b/packages/backend/src/server/api/stream/channels/local-timeline.ts @@ -11,12 +11,12 @@ import { MetaService } from '@/core/MetaService.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; import { RoleService } from '@/core/RoleService.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class LocalTimelineChannel extends Channel { public readonly chName = 'localTimeline'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private withRenotes: boolean; private withReplies: boolean; private withFiles: boolean; @@ -90,9 +90,10 @@ class LocalTimelineChannel extends Channel { } @Injectable() -export class LocalTimelineChannelService { +export class LocalTimelineChannelService implements MiChannelService { public readonly shouldShare = LocalTimelineChannel.shouldShare; public readonly requireCredential = LocalTimelineChannel.requireCredential; + public readonly kind = LocalTimelineChannel.kind; constructor( private metaService: MetaService, diff --git a/packages/backend/src/server/api/stream/channels/main.ts b/packages/backend/src/server/api/stream/channels/main.ts index f969d02337..ab605e3ec5 100644 --- a/packages/backend/src/server/api/stream/channels/main.ts +++ b/packages/backend/src/server/api/stream/channels/main.ts @@ -7,12 +7,13 @@ import { Injectable } from '@nestjs/common'; import { isInstanceMuted, isUserFromMutedInstance } from '@/misc/is-instance-muted.js'; import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class MainChannel extends Channel { public readonly chName = 'main'; public static shouldShare = true; - public static requireCredential = true; + public static requireCredential = true as const; + public static kind = 'read:account'; constructor( private noteEntityService: NoteEntityService, @@ -63,9 +64,10 @@ class MainChannel extends Channel { } @Injectable() -export class MainChannelService { +export class MainChannelService implements MiChannelService { public readonly shouldShare = MainChannel.shouldShare; public readonly requireCredential = MainChannel.requireCredential; + public readonly kind = MainChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/queue-stats.ts b/packages/backend/src/server/api/stream/channels/queue-stats.ts index f0dc472303..5ceb2c3bbc 100644 --- a/packages/backend/src/server/api/stream/channels/queue-stats.ts +++ b/packages/backend/src/server/api/stream/channels/queue-stats.ts @@ -6,14 +6,14 @@ import Xev from 'xev'; import { Injectable } from '@nestjs/common'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; const ev = new Xev(); class QueueStatsChannel extends Channel { public readonly chName = 'queueStats'; public static shouldShare = true; - public static requireCredential = false; + public static requireCredential = false as const; constructor(id: string, connection: Channel['connection']) { super(id, connection); @@ -53,9 +53,10 @@ class QueueStatsChannel extends Channel { } @Injectable() -export class QueueStatsChannelService { +export class QueueStatsChannelService implements MiChannelService { public readonly shouldShare = QueueStatsChannel.shouldShare; public readonly requireCredential = QueueStatsChannel.requireCredential; + public readonly kind = QueueStatsChannel.kind; constructor( ) { diff --git a/packages/backend/src/server/api/stream/channels/role-timeline.ts b/packages/backend/src/server/api/stream/channels/role-timeline.ts index 38d3604cc5..b3bbb77dbf 100644 --- a/packages/backend/src/server/api/stream/channels/role-timeline.ts +++ b/packages/backend/src/server/api/stream/channels/role-timeline.ts @@ -10,12 +10,12 @@ import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { bindThis } from '@/decorators.js'; import { RoleService } from '@/core/RoleService.js'; import type { GlobalEvents } from '@/core/GlobalEventService.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class RoleTimelineChannel extends Channel { public readonly chName = 'roleTimeline'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private roleId: string; constructor( @@ -67,9 +67,10 @@ class RoleTimelineChannel extends Channel { } @Injectable() -export class RoleTimelineChannelService { +export class RoleTimelineChannelService implements MiChannelService { public readonly shouldShare = RoleTimelineChannel.shouldShare; public readonly requireCredential = RoleTimelineChannel.requireCredential; + public readonly kind = RoleTimelineChannel.kind; constructor( private noteEntityService: NoteEntityService, diff --git a/packages/backend/src/server/api/stream/channels/server-stats.ts b/packages/backend/src/server/api/stream/channels/server-stats.ts index cacae275a8..615b6946cc 100644 --- a/packages/backend/src/server/api/stream/channels/server-stats.ts +++ b/packages/backend/src/server/api/stream/channels/server-stats.ts @@ -6,14 +6,14 @@ import Xev from 'xev'; import { Injectable } from '@nestjs/common'; import { bindThis } from '@/decorators.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; const ev = new Xev(); class ServerStatsChannel extends Channel { public readonly chName = 'serverStats'; public static shouldShare = true; - public static requireCredential = false; + public static requireCredential = false as const; constructor(id: string, connection: Channel['connection']) { super(id, connection); @@ -53,9 +53,10 @@ class ServerStatsChannel extends Channel { } @Injectable() -export class ServerStatsChannelService { +export class ServerStatsChannelService implements MiChannelService { public readonly shouldShare = ServerStatsChannel.shouldShare; public readonly requireCredential = ServerStatsChannel.requireCredential; + public readonly kind = ServerStatsChannel.kind; constructor( ) { diff --git a/packages/backend/src/server/api/stream/channels/user-list.ts b/packages/backend/src/server/api/stream/channels/user-list.ts index fe293e2b4d..909b5a5e03 100644 --- a/packages/backend/src/server/api/stream/channels/user-list.ts +++ b/packages/backend/src/server/api/stream/channels/user-list.ts @@ -11,12 +11,12 @@ import { NoteEntityService } from '@/core/entities/NoteEntityService.js'; import { DI } from '@/di-symbols.js'; import { bindThis } from '@/decorators.js'; import { isInstanceMuted } from '@/misc/is-instance-muted.js'; -import Channel from '../channel.js'; +import Channel, { type MiChannelService } from '../channel.js'; class UserListChannel extends Channel { public readonly chName = 'userList'; public static shouldShare = false; - public static requireCredential = false; + public static requireCredential = false as const; private listId: string; private membershipsMap: Record | undefined> = {}; private listUsersClock: NodeJS.Timeout; @@ -137,9 +137,10 @@ class UserListChannel extends Channel { } @Injectable() -export class UserListChannelService { +export class UserListChannelService implements MiChannelService { public readonly shouldShare = UserListChannel.shouldShare; public readonly requireCredential = UserListChannel.requireCredential; + public readonly kind = UserListChannel.kind; constructor( @Inject(DI.userListsRepository) diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts index 4fa7b800e8..5c18f452ce 100644 --- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts +++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts @@ -17,9 +17,9 @@ import bodyParser from 'body-parser'; import fastifyExpress from '@fastify/express'; import { verifyChallenge } from 'pkce-challenge'; import { mf2 } from 'microformats-parser'; +import { permissions as kinds } from 'misskey-js'; import { secureRndstr } from '@/misc/secure-rndstr.js'; import { HttpRequestService } from '@/core/HttpRequestService.js'; -import { kinds } from '@/misc/api-permissions.js'; import type { Config } from '@/config.js'; import { DI } from '@/di-symbols.js'; import { bindThis } from '@/decorators.js'; @@ -426,7 +426,7 @@ export class OAuth2ProviderService { } try { - const scopes = [...new Set(scope)].filter(s => kinds.includes(s)); + const scopes = [...new Set(scope)].filter(s => (kinds).includes(s)); if (!scopes.length) { throw new AuthorizationError('`scope` parameter has no known scope', 'invalid_scope'); } diff --git a/packages/backend/test/e2e/api.ts b/packages/backend/test/e2e/api.ts index 15da74931d..cf24228b83 100644 --- a/packages/backend/test/e2e/api.ts +++ b/packages/backend/test/e2e/api.ts @@ -7,7 +7,7 @@ process.env.NODE_ENV = 'test'; import * as assert from 'assert'; import { IncomingMessage } from 'http'; -import { signup, api, startServer, successfulApiCall, failedApiCall, uploadFile, waitFire, connectStream, relativeFetch } from '../utils.js'; +import { signup, api, startServer, successfulApiCall, failedApiCall, uploadFile, waitFire, connectStream, relativeFetch, createAppToken } from '../utils.js'; import type { INestApplicationContext } from '@nestjs/common'; import type * as misskey from 'misskey-js'; @@ -89,6 +89,11 @@ describe('API', () => { }); test('管理者専用のAPIのアクセス制限', async () => { + const application = await createAppToken(alice, ['read:account']); + const application2 = await createAppToken(alice, ['read:admin:index-stats']); + const application3 = await createAppToken(bob, []); + const application4 = await createAppToken(bob, ['read:admin:index-stats']); + // aliceは管理者、APIを使える await successfulApiCall({ endpoint: '/admin/get-index-stats', @@ -128,6 +133,42 @@ describe('API', () => { code: 'AUTHENTICATION_FAILED', id: 'b0a7f5f8-dc2f-4171-b91f-de88ad238e14', }); + + await successfulApiCall({ + endpoint: '/admin/get-index-stats', + parameters: {}, + user: { token: application2 }, + }); + + await failedApiCall({ + endpoint: '/admin/get-index-stats', + parameters: {}, + user: { token: application }, + }, { + status: 403, + code: 'PERMISSION_DENIED', + id: '1370e5b7-d4eb-4566-bb1d-7748ee6a1838', + }); + + await failedApiCall({ + endpoint: '/admin/get-index-stats', + parameters: {}, + user: { token: application3 }, + }, { + status: 403, + code: 'ROLE_PERMISSION_DENIED', + id: 'c3d38592-54c0-429d-be96-5636b0431a61', + }); + + await failedApiCall({ + endpoint: '/admin/get-index-stats', + parameters: {}, + user: { token: application4 }, + }, { + status: 403, + code: 'ROLE_PERMISSION_DENIED', + id: 'c3d38592-54c0-429d-be96-5636b0431a61', + }); }); describe('Authentication header', () => { diff --git a/packages/backend/test/e2e/streaming.ts b/packages/backend/test/e2e/streaming.ts index c4824f50ce..288c54bdbc 100644 --- a/packages/backend/test/e2e/streaming.ts +++ b/packages/backend/test/e2e/streaming.ts @@ -6,8 +6,9 @@ process.env.NODE_ENV = 'test'; import * as assert from 'assert'; +import { WebSocket } from 'ws'; import { MiFollowing } from '@/models/Following.js'; -import { signup, api, post, startServer, initTestDb, waitFire } from '../utils.js'; +import { signup, api, post, startServer, initTestDb, waitFire, createAppToken, port } from '../utils.js'; import type { INestApplicationContext } from '@nestjs/common'; import type * as misskey from 'misskey-js'; @@ -560,6 +561,28 @@ describe('Streaming', () => { }); }); + test('Authentication', async () => { + const application = await createAppToken(ayano, []); + const application2 = await createAppToken(ayano, ['read:account']); + const socket = new WebSocket(`ws://127.0.0.1:${port}/streaming?i=${application}`); + const established = await new Promise((resolve, reject) => { + socket.on('error', () => resolve(false)); + socket.on('unexpected-response', () => resolve(false)); + setTimeout(() => resolve(true), 3000); + }); + + socket.close(); + assert.strictEqual(established, false); + + const fired = await waitFire( + { token: application2 }, 'hybridTimeline', + () => api('notes/create', { text: 'Hello, world!' }, ayano), + msg => msg.type === 'note' && msg.body.userId === ayano.id, + ); + + assert.strictEqual(fired, true); + }); + // XXX: QueryFailedError: duplicate key value violates unique constraint "IDX_347fec870eafea7b26c8a73bac" /* describe('Hashtag Timeline', () => { diff --git a/packages/backend/test/utils.ts b/packages/backend/test/utils.ts index 97118d73c0..db7629d2c4 100644 --- a/packages/backend/test/utils.ts +++ b/packages/backend/test/utils.ts @@ -6,6 +6,7 @@ import * as assert from 'node:assert'; import { readFile } from 'node:fs/promises'; import { isAbsolute, basename } from 'node:path'; +import { randomUUID } from 'node:crypto'; import { inspect } from 'node:util'; import WebSocket, { ClientOptions } from 'ws'; import fetch, { File, RequestInit } from 'node-fetch'; @@ -126,6 +127,15 @@ export const post = async (user: UserToken, params?: misskey.Endpoints['notes/cr return res.body ? res.body.createdNote : null; }; +export const createAppToken = async (user: UserToken, permissions: (typeof misskey.permissions)[number][]) => { + const res = await api('miauth/gen-token', { + session: randomUUID(), + permission: permissions, + }, user); + + return (res.body as misskey.entities.MiauthGenTokenResponse).token; +}; + // 非公開ノートをAPI越しに見たときのノート NoteEntityService.ts export const hiddenNote = (note: any): any => { const temp = { diff --git a/packages/frontend/src/components/MkTokenGenerateWindow.vue b/packages/frontend/src/components/MkTokenGenerateWindow.vue index f5fa86a908..8e8e26ed5f 100644 --- a/packages/frontend/src/components/MkTokenGenerateWindow.vue +++ b/packages/frontend/src/components/MkTokenGenerateWindow.vue @@ -33,7 +33,7 @@ SPDX-License-Identifier: AGPL-3.0-only {{ i18n.ts.enableAll }}
- {{ i18n.t(`_permissions.${kind}`) }} + {{ i18n.t(`_permissions.${kind}`) }}
@@ -54,7 +54,7 @@ const props = withDefaults(defineProps<{ title?: string | null; information?: string | null; initialName?: string | null; - initialPermissions?: string[] | null; + initialPermissions?: (typeof Misskey.permissions)[number][] | null; }>(), { title: null, information: null, @@ -67,16 +67,17 @@ const emit = defineEmits<{ (ev: 'done', result: { name: string | null, permissions: string[] }): void; }>(); +const defaultPermissions = Misskey.permissions.filter(p => !p.startsWith('read:admin') && !p.startsWith('write:admin')); const dialog = shallowRef>(); const name = ref(props.initialName); -const permissions = ref({}); +const permissions = ref(>{}); if (props.initialPermissions) { for (const kind of props.initialPermissions) { permissions.value[kind] = true; } } else { - for (const kind of Misskey.permissions) { + for (const kind of defaultPermissions) { permissions.value[kind] = false; } } diff --git a/packages/misskey-js/src/autogen/apiClientJSDoc.ts b/packages/misskey-js/src/autogen/apiClientJSDoc.ts index 7f4094845a..758beaf3a0 100644 --- a/packages/misskey-js/src/autogen/apiClientJSDoc.ts +++ b/packages/misskey-js/src/autogen/apiClientJSDoc.ts @@ -1,6 +1,6 @@ /* * version: 2023.12.0 - * generatedAt: 2023-12-25T03:48:32.008Z + * generatedAt: 2023-12-26T23:35:09.494Z */ import type { SwitchCaseResponseType } from '../api.js'; @@ -11,7 +11,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:meta* */ request( endpoint: E, @@ -22,7 +22,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:abuse-user-reports* */ request( endpoint: E, @@ -33,7 +33,8 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *No* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *No* */ request( endpoint: E, @@ -44,7 +45,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:account* */ request( endpoint: E, @@ -55,7 +56,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:account* */ request( endpoint: E, @@ -66,7 +67,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ request( endpoint: E, @@ -77,7 +78,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ request( endpoint: E, @@ -88,7 +89,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:ad* */ request( endpoint: E, @@ -99,7 +100,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ request( endpoint: E, @@ -110,7 +111,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ request( endpoint: E, @@ -121,7 +122,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ request( endpoint: E, @@ -132,7 +133,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:announcements* */ request( endpoint: E, @@ -143,7 +144,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ request( endpoint: E, @@ -154,7 +155,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ request( endpoint: E, @@ -165,7 +166,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ request( endpoint: E, @@ -176,7 +177,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:avatar-decorations* */ request( endpoint: E, @@ -187,7 +188,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ request( endpoint: E, @@ -198,7 +199,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-all-files-of-a-user* */ request( endpoint: E, @@ -209,7 +210,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-avatar* */ request( endpoint: E, @@ -220,7 +221,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-banner* */ request( endpoint: E, @@ -231,7 +232,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ request( endpoint: E, @@ -242,7 +243,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ request( endpoint: E, @@ -253,7 +254,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ request( endpoint: E, @@ -264,7 +265,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ request( endpoint: E, @@ -275,7 +276,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -286,7 +287,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -297,7 +298,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -308,7 +309,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -319,7 +320,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -330,7 +331,8 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *Yes* */ request( endpoint: E, @@ -341,7 +343,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ request( endpoint: E, @@ -352,7 +354,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ request( endpoint: E, @@ -363,7 +365,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -374,7 +376,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -385,7 +387,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -396,7 +398,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -407,7 +409,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ request( endpoint: E, @@ -418,7 +420,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ request( endpoint: E, @@ -429,7 +431,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ request( endpoint: E, @@ -440,7 +442,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ request( endpoint: E, @@ -451,7 +453,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ request( endpoint: E, @@ -462,7 +464,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:index-stats* */ request( endpoint: E, @@ -473,7 +475,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:table-stats* */ request( endpoint: E, @@ -484,7 +486,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:user-ips* */ request( endpoint: E, @@ -495,7 +497,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:invite-codes* */ request( endpoint: E, @@ -506,7 +508,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:invite-codes* */ request( endpoint: E, @@ -517,7 +519,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:promo* */ request( endpoint: E, @@ -528,7 +530,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ request( endpoint: E, @@ -539,7 +541,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ request( endpoint: E, @@ -550,7 +552,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ request( endpoint: E, @@ -561,7 +563,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ request( endpoint: E, @@ -572,7 +574,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ request( endpoint: E, @@ -583,7 +585,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ request( endpoint: E, @@ -594,7 +596,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:relays* */ request( endpoint: E, @@ -605,7 +607,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ request( endpoint: E, @@ -616,7 +618,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:reset-password* */ request( endpoint: E, @@ -627,7 +629,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:resolve-abuse-user-report* */ request( endpoint: E, @@ -638,7 +640,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:send-email* */ request( endpoint: E, @@ -649,7 +651,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:server-info* */ request( endpoint: E, @@ -660,7 +662,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-moderation-log* */ request( endpoint: E, @@ -671,7 +673,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-user* */ request( endpoint: E, @@ -682,7 +684,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-users* */ request( endpoint: E, @@ -693,7 +695,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:suspend-user* */ request( endpoint: E, @@ -704,7 +706,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unsuspend-user* */ request( endpoint: E, @@ -715,7 +717,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:meta* */ request( endpoint: E, @@ -726,7 +728,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-account* */ request( endpoint: E, @@ -737,7 +739,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:user-note* */ request( endpoint: E, @@ -748,7 +750,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -759,7 +761,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -770,7 +772,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ request( endpoint: E, @@ -781,7 +783,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ request( endpoint: E, @@ -792,7 +794,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -803,7 +805,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -814,7 +816,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -825,7 +827,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ request( endpoint: E, @@ -836,7 +838,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *No* / **Permission**: *read:admin* + * **Credential required**: *No* / **Permission**: *read:admin:roles* */ request( endpoint: E, @@ -924,7 +926,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:federation* */ request( endpoint: E, @@ -935,7 +937,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -1729,7 +1731,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ request( endpoint: E, @@ -2037,7 +2039,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2168,7 +2170,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -2469,7 +2471,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2480,7 +2482,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2491,7 +2493,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2502,7 +2504,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2513,7 +2515,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2524,7 +2526,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -2547,7 +2549,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -2683,7 +2685,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ request( endpoint: E, @@ -2694,7 +2696,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ request( endpoint: E, @@ -2705,7 +2707,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ request( endpoint: E, @@ -2716,7 +2718,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ request( endpoint: E, @@ -2838,7 +2840,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2959,7 +2961,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2981,7 +2983,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -2992,7 +2994,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3102,7 +3104,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3135,7 +3137,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3146,7 +3148,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3168,7 +3170,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3422,7 +3424,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -3433,7 +3435,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3466,7 +3468,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3532,6 +3534,7 @@ declare module '../api.js' { /** * Check push notification registration exists. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ request( @@ -3543,6 +3546,7 @@ declare module '../api.js' { /** * Update push notification registration. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ request( @@ -3554,6 +3558,7 @@ declare module '../api.js' { /** * Register to receive push notifications. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ request( @@ -3741,7 +3746,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -3752,7 +3757,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -3774,7 +3779,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ request( endpoint: E, @@ -3862,7 +3867,7 @@ declare module '../api.js' { /** * Show the different kinds of relations between the authenticated user and the specified user(s). * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ request( endpoint: E, @@ -3873,7 +3878,7 @@ declare module '../api.js' { /** * File a report. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:report-abuse* */ request( endpoint: E, @@ -3917,7 +3922,7 @@ declare module '../api.js' { /** * No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ request( endpoint: E, @@ -3950,6 +3955,7 @@ declare module '../api.js' { /** * No description provided. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ request( diff --git a/packages/misskey-js/src/autogen/endpoint.ts b/packages/misskey-js/src/autogen/endpoint.ts index 5e05759047..2ed76a22f9 100644 --- a/packages/misskey-js/src/autogen/endpoint.ts +++ b/packages/misskey-js/src/autogen/endpoint.ts @@ -1,6 +1,6 @@ /* * version: 2023.12.0 - * generatedAt: 2023-12-25T03:48:32.001Z + * generatedAt: 2023-12-26T23:35:09.491Z */ import type { diff --git a/packages/misskey-js/src/autogen/entities.ts b/packages/misskey-js/src/autogen/entities.ts index ceb2f242ac..c857e8e370 100644 --- a/packages/misskey-js/src/autogen/entities.ts +++ b/packages/misskey-js/src/autogen/entities.ts @@ -1,6 +1,6 @@ /* * version: 2023.12.0 - * generatedAt: 2023-12-25T03:48:31.996Z + * generatedAt: 2023-12-26T23:35:09.489Z */ import { operations } from './types.js'; diff --git a/packages/misskey-js/src/autogen/models.ts b/packages/misskey-js/src/autogen/models.ts index a7fde6c1a3..c5b81a6b41 100644 --- a/packages/misskey-js/src/autogen/models.ts +++ b/packages/misskey-js/src/autogen/models.ts @@ -1,6 +1,6 @@ /* * version: 2023.12.0 - * generatedAt: 2023-12-25T03:48:31.993Z + * generatedAt: 2023-12-26T23:35:09.485Z */ import { components } from './types.js'; diff --git a/packages/misskey-js/src/autogen/types.ts b/packages/misskey-js/src/autogen/types.ts index 28fe5654e6..94bb263980 100644 --- a/packages/misskey-js/src/autogen/types.ts +++ b/packages/misskey-js/src/autogen/types.ts @@ -3,7 +3,7 @@ /* * version: 2023.12.0 - * generatedAt: 2023-12-25T03:48:31.850Z + * generatedAt: 2023-12-26T23:35:09.389Z */ /** @@ -22,7 +22,7 @@ export type paths = { * admin/meta * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:meta* */ post: operations['admin/meta']; }; @@ -31,7 +31,7 @@ export type paths = { * admin/abuse-user-reports * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:abuse-user-reports* */ post: operations['admin/abuse-user-reports']; }; @@ -40,7 +40,8 @@ export type paths = { * admin/accounts/create * @description No description provided. * - * **Credential required**: *No* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *No* */ post: operations['admin/accounts/create']; }; @@ -49,7 +50,7 @@ export type paths = { * admin/accounts/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:account* */ post: operations['admin/accounts/delete']; }; @@ -58,7 +59,7 @@ export type paths = { * admin/accounts/find-by-email * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:account* */ post: operations['admin/accounts/find-by-email']; }; @@ -67,7 +68,7 @@ export type paths = { * admin/ad/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ post: operations['admin/ad/create']; }; @@ -76,7 +77,7 @@ export type paths = { * admin/ad/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ post: operations['admin/ad/delete']; }; @@ -85,7 +86,7 @@ export type paths = { * admin/ad/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:ad* */ post: operations['admin/ad/list']; }; @@ -94,7 +95,7 @@ export type paths = { * admin/ad/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ post: operations['admin/ad/update']; }; @@ -103,7 +104,7 @@ export type paths = { * admin/announcements/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ post: operations['admin/announcements/create']; }; @@ -112,7 +113,7 @@ export type paths = { * admin/announcements/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ post: operations['admin/announcements/delete']; }; @@ -121,7 +122,7 @@ export type paths = { * admin/announcements/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:announcements* */ post: operations['admin/announcements/list']; }; @@ -130,7 +131,7 @@ export type paths = { * admin/announcements/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ post: operations['admin/announcements/update']; }; @@ -139,7 +140,7 @@ export type paths = { * admin/avatar-decorations/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ post: operations['admin/avatar-decorations/create']; }; @@ -148,7 +149,7 @@ export type paths = { * admin/avatar-decorations/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ post: operations['admin/avatar-decorations/delete']; }; @@ -157,7 +158,7 @@ export type paths = { * admin/avatar-decorations/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:avatar-decorations* */ post: operations['admin/avatar-decorations/list']; }; @@ -166,7 +167,7 @@ export type paths = { * admin/avatar-decorations/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ post: operations['admin/avatar-decorations/update']; }; @@ -175,7 +176,7 @@ export type paths = { * admin/delete-all-files-of-a-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-all-files-of-a-user* */ post: operations['admin/delete-all-files-of-a-user']; }; @@ -184,7 +185,7 @@ export type paths = { * admin/unset-user-avatar * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-avatar* */ post: operations['admin/unset-user-avatar']; }; @@ -193,7 +194,7 @@ export type paths = { * admin/unset-user-banner * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-banner* */ post: operations['admin/unset-user-banner']; }; @@ -202,7 +203,7 @@ export type paths = { * admin/drive/clean-remote-files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ post: operations['admin/drive/clean-remote-files']; }; @@ -211,7 +212,7 @@ export type paths = { * admin/drive/cleanup * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ post: operations['admin/drive/cleanup']; }; @@ -220,7 +221,7 @@ export type paths = { * admin/drive/files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ post: operations['admin/drive/files']; }; @@ -229,7 +230,7 @@ export type paths = { * admin/drive/show-file * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ post: operations['admin/drive/show-file']; }; @@ -238,7 +239,7 @@ export type paths = { * admin/emoji/add-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/add-aliases-bulk']; }; @@ -247,7 +248,7 @@ export type paths = { * admin/emoji/add * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/add']; }; @@ -256,7 +257,7 @@ export type paths = { * admin/emoji/copy * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/copy']; }; @@ -265,7 +266,7 @@ export type paths = { * admin/emoji/delete-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/delete-bulk']; }; @@ -274,7 +275,7 @@ export type paths = { * admin/emoji/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/delete']; }; @@ -283,7 +284,8 @@ export type paths = { * admin/emoji/import-zip * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *Yes* */ post: operations['admin/emoji/import-zip']; }; @@ -292,7 +294,7 @@ export type paths = { * admin/emoji/list-remote * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ post: operations['admin/emoji/list-remote']; }; @@ -301,7 +303,7 @@ export type paths = { * admin/emoji/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ post: operations['admin/emoji/list']; }; @@ -310,7 +312,7 @@ export type paths = { * admin/emoji/remove-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/remove-aliases-bulk']; }; @@ -319,7 +321,7 @@ export type paths = { * admin/emoji/set-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/set-aliases-bulk']; }; @@ -328,7 +330,7 @@ export type paths = { * admin/emoji/set-category-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/set-category-bulk']; }; @@ -337,7 +339,7 @@ export type paths = { * admin/emoji/set-license-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/set-license-bulk']; }; @@ -346,7 +348,7 @@ export type paths = { * admin/emoji/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ post: operations['admin/emoji/update']; }; @@ -355,7 +357,7 @@ export type paths = { * admin/federation/delete-all-files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ post: operations['admin/federation/delete-all-files']; }; @@ -364,7 +366,7 @@ export type paths = { * admin/federation/refresh-remote-instance-metadata * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ post: operations['admin/federation/refresh-remote-instance-metadata']; }; @@ -373,7 +375,7 @@ export type paths = { * admin/federation/remove-all-following * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ post: operations['admin/federation/remove-all-following']; }; @@ -382,7 +384,7 @@ export type paths = { * admin/federation/update-instance * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ post: operations['admin/federation/update-instance']; }; @@ -391,7 +393,7 @@ export type paths = { * admin/get-index-stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:index-stats* */ post: operations['admin/get-index-stats']; }; @@ -400,7 +402,7 @@ export type paths = { * admin/get-table-stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:table-stats* */ post: operations['admin/get-table-stats']; }; @@ -409,7 +411,7 @@ export type paths = { * admin/get-user-ips * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:user-ips* */ post: operations['admin/get-user-ips']; }; @@ -418,7 +420,7 @@ export type paths = { * admin/invite/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:invite-codes* */ post: operations['admin/invite/create']; }; @@ -427,7 +429,7 @@ export type paths = { * admin/invite/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:invite-codes* */ post: operations['admin/invite/list']; }; @@ -436,7 +438,7 @@ export type paths = { * admin/promo/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:promo* */ post: operations['admin/promo/create']; }; @@ -445,7 +447,7 @@ export type paths = { * admin/queue/clear * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ post: operations['admin/queue/clear']; }; @@ -454,7 +456,7 @@ export type paths = { * admin/queue/deliver-delayed * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ post: operations['admin/queue/deliver-delayed']; }; @@ -463,7 +465,7 @@ export type paths = { * admin/queue/inbox-delayed * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ post: operations['admin/queue/inbox-delayed']; }; @@ -472,7 +474,7 @@ export type paths = { * admin/queue/promote * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ post: operations['admin/queue/promote']; }; @@ -481,7 +483,7 @@ export type paths = { * admin/queue/stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ post: operations['admin/queue/stats']; }; @@ -490,7 +492,7 @@ export type paths = { * admin/relays/add * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ post: operations['admin/relays/add']; }; @@ -499,7 +501,7 @@ export type paths = { * admin/relays/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:relays* */ post: operations['admin/relays/list']; }; @@ -508,7 +510,7 @@ export type paths = { * admin/relays/remove * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ post: operations['admin/relays/remove']; }; @@ -517,7 +519,7 @@ export type paths = { * admin/reset-password * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:reset-password* */ post: operations['admin/reset-password']; }; @@ -526,7 +528,7 @@ export type paths = { * admin/resolve-abuse-user-report * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:resolve-abuse-user-report* */ post: operations['admin/resolve-abuse-user-report']; }; @@ -535,7 +537,7 @@ export type paths = { * admin/send-email * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:send-email* */ post: operations['admin/send-email']; }; @@ -544,7 +546,7 @@ export type paths = { * admin/server-info * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:server-info* */ post: operations['admin/server-info']; }; @@ -553,7 +555,7 @@ export type paths = { * admin/show-moderation-logs * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-moderation-log* */ post: operations['admin/show-moderation-logs']; }; @@ -562,7 +564,7 @@ export type paths = { * admin/show-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-user* */ post: operations['admin/show-user']; }; @@ -571,7 +573,7 @@ export type paths = { * admin/show-users * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-users* */ post: operations['admin/show-users']; }; @@ -580,7 +582,7 @@ export type paths = { * admin/suspend-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:suspend-user* */ post: operations['admin/suspend-user']; }; @@ -589,7 +591,7 @@ export type paths = { * admin/unsuspend-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unsuspend-user* */ post: operations['admin/unsuspend-user']; }; @@ -598,7 +600,7 @@ export type paths = { * admin/update-meta * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:meta* */ post: operations['admin/update-meta']; }; @@ -607,7 +609,7 @@ export type paths = { * admin/delete-account * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-account* */ post: operations['admin/delete-account']; }; @@ -616,7 +618,7 @@ export type paths = { * admin/update-user-note * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:user-note* */ post: operations['admin/update-user-note']; }; @@ -625,7 +627,7 @@ export type paths = { * admin/roles/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/create']; }; @@ -634,7 +636,7 @@ export type paths = { * admin/roles/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/delete']; }; @@ -643,7 +645,7 @@ export type paths = { * admin/roles/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ post: operations['admin/roles/list']; }; @@ -652,7 +654,7 @@ export type paths = { * admin/roles/show * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ post: operations['admin/roles/show']; }; @@ -661,7 +663,7 @@ export type paths = { * admin/roles/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/update']; }; @@ -670,7 +672,7 @@ export type paths = { * admin/roles/assign * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/assign']; }; @@ -679,7 +681,7 @@ export type paths = { * admin/roles/unassign * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/unassign']; }; @@ -688,7 +690,7 @@ export type paths = { * admin/roles/update-default-policies * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ post: operations['admin/roles/update-default-policies']; }; @@ -697,7 +699,7 @@ export type paths = { * admin/roles/users * @description No description provided. * - * **Credential required**: *No* / **Permission**: *read:admin* + * **Credential required**: *No* / **Permission**: *read:admin:roles* */ post: operations['admin/roles/users']; }; @@ -769,7 +771,7 @@ export type paths = { * ap/get * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:federation* */ post: operations['ap/get']; }; @@ -778,7 +780,7 @@ export type paths = { * ap/show * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['ap/show']; }; @@ -1519,7 +1521,7 @@ export type paths = { * federation/update-remote-user * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ post: operations['federation/update-remote-user']; }; @@ -1792,7 +1794,7 @@ export type paths = { * i * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i']; }; @@ -1901,7 +1903,7 @@ export type paths = { * i/claim-achievement * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['i/claim-achievement']; }; @@ -2150,7 +2152,7 @@ export type paths = { * i/registry/get-all * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i/registry/get-all']; }; @@ -2159,7 +2161,7 @@ export type paths = { * i/registry/get-detail * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i/registry/get-detail']; }; @@ -2168,7 +2170,7 @@ export type paths = { * i/registry/get * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i/registry/get']; }; @@ -2177,7 +2179,7 @@ export type paths = { * i/registry/keys-with-type * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i/registry/keys-with-type']; }; @@ -2186,7 +2188,7 @@ export type paths = { * i/registry/keys * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['i/registry/keys']; }; @@ -2195,7 +2197,7 @@ export type paths = { * i/registry/remove * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['i/registry/remove']; }; @@ -2214,7 +2216,7 @@ export type paths = { * i/registry/set * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['i/registry/set']; }; @@ -2326,7 +2328,7 @@ export type paths = { * invite/create * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ post: operations['invite/create']; }; @@ -2335,7 +2337,7 @@ export type paths = { * invite/delete * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ post: operations['invite/delete']; }; @@ -2344,7 +2346,7 @@ export type paths = { * invite/list * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ post: operations['invite/list']; }; @@ -2353,7 +2355,7 @@ export type paths = { * invite/limit * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ post: operations['invite/limit']; }; @@ -2467,7 +2469,7 @@ export type paths = { * my/apps * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['my/apps']; }; @@ -2573,7 +2575,7 @@ export type paths = { * notes/hybrid-timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/hybrid-timeline']; }; @@ -2591,7 +2593,7 @@ export type paths = { * notes/mentions * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/mentions']; }; @@ -2600,7 +2602,7 @@ export type paths = { * notes/polls/recommendation * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/polls/recommendation']; }; @@ -2697,7 +2699,7 @@ export type paths = { * notes/state * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/state']; }; @@ -2724,7 +2726,7 @@ export type paths = { * notes/timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/timeline']; }; @@ -2733,7 +2735,7 @@ export type paths = { * notes/translate * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/translate']; }; @@ -2751,7 +2753,7 @@ export type paths = { * notes/user-list-timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['notes/user-list-timeline']; }; @@ -2959,7 +2961,7 @@ export type paths = { * promo/read * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['promo/read']; }; @@ -2968,7 +2970,7 @@ export type paths = { * roles/list * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['roles/list']; }; @@ -2995,7 +2997,7 @@ export type paths = { * roles/notes * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['roles/notes']; }; @@ -3056,6 +3058,7 @@ export type paths = { * sw/show-registration * @description Check push notification registration exists. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ post: operations['sw/show-registration']; @@ -3065,6 +3068,7 @@ export type paths = { * sw/update-registration * @description Update push notification registration. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ post: operations['sw/update-registration']; @@ -3074,6 +3078,7 @@ export type paths = { * sw/register * @description Register to receive push notifications. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ post: operations['sw/register']; @@ -3234,7 +3239,7 @@ export type paths = { * users/lists/favorite * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['users/lists/favorite']; }; @@ -3243,7 +3248,7 @@ export type paths = { * users/lists/unfavorite * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['users/lists/unfavorite']; }; @@ -3261,7 +3266,7 @@ export type paths = { * users/lists/create-from-public * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ post: operations['users/lists/create-from-public']; }; @@ -3333,7 +3338,7 @@ export type paths = { * users/relation * @description Show the different kinds of relations between the authenticated user and the specified user(s). * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ post: operations['users/relation']; }; @@ -3342,7 +3347,7 @@ export type paths = { * users/report-abuse * @description File a report. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:report-abuse* */ post: operations['users/report-abuse']; }; @@ -3378,7 +3383,7 @@ export type paths = { * users/achievements * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ post: operations['users/achievements']; }; @@ -3412,6 +3417,7 @@ export type paths = { * fetch-external-resources * @description No description provided. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ post: operations['fetch-external-resources']; @@ -4381,7 +4387,7 @@ export type operations = { * admin/meta * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:meta* */ 'admin/meta': { responses: { @@ -4522,7 +4528,7 @@ export type operations = { * admin/abuse-user-reports * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:abuse-user-reports* */ 'admin/abuse-user-reports': { requestBody: { @@ -4614,7 +4620,8 @@ export type operations = { * admin/accounts/create * @description No description provided. * - * **Credential required**: *No* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *No* */ 'admin/accounts/create': { requestBody: { @@ -4668,7 +4675,7 @@ export type operations = { * admin/accounts/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:account* */ 'admin/accounts/delete': { requestBody: { @@ -4720,7 +4727,7 @@ export type operations = { * admin/accounts/find-by-email * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:account* */ 'admin/accounts/find-by-email': { requestBody: { @@ -4773,7 +4780,7 @@ export type operations = { * admin/ad/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ 'admin/ad/create': { requestBody: { @@ -4834,7 +4841,7 @@ export type operations = { * admin/ad/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ 'admin/ad/delete': { requestBody: { @@ -4886,7 +4893,7 @@ export type operations = { * admin/ad/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:ad* */ 'admin/ad/list': { requestBody: { @@ -4946,7 +4953,7 @@ export type operations = { * admin/ad/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:ad* */ 'admin/ad/update': { requestBody: { @@ -5007,7 +5014,7 @@ export type operations = { * admin/announcements/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ 'admin/announcements/create': { requestBody: { @@ -5096,7 +5103,7 @@ export type operations = { * admin/announcements/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ 'admin/announcements/delete': { requestBody: { @@ -5148,7 +5155,7 @@ export type operations = { * admin/announcements/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:announcements* */ 'admin/announcements/list': { requestBody: { @@ -5222,7 +5229,7 @@ export type operations = { * admin/announcements/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:announcements* */ 'admin/announcements/update': { requestBody: { @@ -5285,7 +5292,7 @@ export type operations = { * admin/avatar-decorations/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ 'admin/avatar-decorations/create': { requestBody: { @@ -5339,7 +5346,7 @@ export type operations = { * admin/avatar-decorations/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ 'admin/avatar-decorations/delete': { requestBody: { @@ -5391,7 +5398,7 @@ export type operations = { * admin/avatar-decorations/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:avatar-decorations* */ 'admin/avatar-decorations/list': { requestBody: { @@ -5465,7 +5472,7 @@ export type operations = { * admin/avatar-decorations/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:avatar-decorations* */ 'admin/avatar-decorations/update': { requestBody: { @@ -5521,7 +5528,7 @@ export type operations = { * admin/delete-all-files-of-a-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-all-files-of-a-user* */ 'admin/delete-all-files-of-a-user': { requestBody: { @@ -5573,7 +5580,7 @@ export type operations = { * admin/unset-user-avatar * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-avatar* */ 'admin/unset-user-avatar': { requestBody: { @@ -5625,7 +5632,7 @@ export type operations = { * admin/unset-user-banner * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unset-user-banner* */ 'admin/unset-user-banner': { requestBody: { @@ -5677,7 +5684,7 @@ export type operations = { * admin/drive/clean-remote-files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ 'admin/drive/clean-remote-files': { responses: { @@ -5721,7 +5728,7 @@ export type operations = { * admin/drive/cleanup * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:drive* */ 'admin/drive/cleanup': { responses: { @@ -5765,7 +5772,7 @@ export type operations = { * admin/drive/files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ 'admin/drive/files': { requestBody: { @@ -5836,7 +5843,7 @@ export type operations = { * admin/drive/show-file * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:drive* */ 'admin/drive/show-file': { requestBody: { @@ -5940,7 +5947,7 @@ export type operations = { * admin/emoji/add-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/add-aliases-bulk': { requestBody: { @@ -5992,7 +5999,7 @@ export type operations = { * admin/emoji/add * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/add': { requestBody: { @@ -6052,7 +6059,7 @@ export type operations = { * admin/emoji/copy * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/copy': { requestBody: { @@ -6109,7 +6116,7 @@ export type operations = { * admin/emoji/delete-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/delete-bulk': { requestBody: { @@ -6160,7 +6167,7 @@ export type operations = { * admin/emoji/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/delete': { requestBody: { @@ -6212,7 +6219,8 @@ export type operations = { * admin/emoji/import-zip * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. + * **Credential required**: *Yes* */ 'admin/emoji/import-zip': { requestBody: { @@ -6264,7 +6272,7 @@ export type operations = { * admin/emoji/list-remote * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ 'admin/emoji/list-remote': { requestBody: { @@ -6338,7 +6346,7 @@ export type operations = { * admin/emoji/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ 'admin/emoji/list': { requestBody: { @@ -6407,7 +6415,7 @@ export type operations = { * admin/emoji/remove-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/remove-aliases-bulk': { requestBody: { @@ -6459,7 +6467,7 @@ export type operations = { * admin/emoji/set-aliases-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/set-aliases-bulk': { requestBody: { @@ -6511,7 +6519,7 @@ export type operations = { * admin/emoji/set-category-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/set-category-bulk': { requestBody: { @@ -6564,7 +6572,7 @@ export type operations = { * admin/emoji/set-license-bulk * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/set-license-bulk': { requestBody: { @@ -6617,7 +6625,7 @@ export type operations = { * admin/emoji/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:emoji* */ 'admin/emoji/update': { requestBody: { @@ -6679,7 +6687,7 @@ export type operations = { * admin/federation/delete-all-files * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ 'admin/federation/delete-all-files': { requestBody: { @@ -6730,7 +6738,7 @@ export type operations = { * admin/federation/refresh-remote-instance-metadata * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ 'admin/federation/refresh-remote-instance-metadata': { requestBody: { @@ -6781,7 +6789,7 @@ export type operations = { * admin/federation/remove-all-following * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ 'admin/federation/remove-all-following': { requestBody: { @@ -6832,7 +6840,7 @@ export type operations = { * admin/federation/update-instance * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:federation* */ 'admin/federation/update-instance': { requestBody: { @@ -6884,7 +6892,7 @@ export type operations = { * admin/get-index-stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:index-stats* */ 'admin/get-index-stats': { responses: { @@ -6933,7 +6941,7 @@ export type operations = { * admin/get-table-stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:table-stats* */ 'admin/get-table-stats': { responses: { @@ -6979,7 +6987,7 @@ export type operations = { * admin/get-user-ips * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:user-ips* */ 'admin/get-user-ips': { requestBody: { @@ -7037,7 +7045,7 @@ export type operations = { * admin/invite/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:invite-codes* */ 'admin/invite/create': { requestBody: { @@ -7092,7 +7100,7 @@ export type operations = { * admin/invite/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:invite-codes* */ 'admin/invite/list': { requestBody: { @@ -7155,7 +7163,7 @@ export type operations = { * admin/promo/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:promo* */ 'admin/promo/create': { requestBody: { @@ -7208,7 +7216,7 @@ export type operations = { * admin/queue/clear * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ 'admin/queue/clear': { responses: { @@ -7252,7 +7260,7 @@ export type operations = { * admin/queue/deliver-delayed * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ 'admin/queue/deliver-delayed': { responses: { @@ -7298,7 +7306,7 @@ export type operations = { * admin/queue/inbox-delayed * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:queue* */ 'admin/queue/inbox-delayed': { responses: { @@ -7344,7 +7352,7 @@ export type operations = { * admin/queue/promote * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:queue* */ 'admin/queue/promote': { requestBody: { @@ -7396,7 +7404,7 @@ export type operations = { * admin/queue/stats * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:emoji* */ 'admin/queue/stats': { responses: { @@ -7447,7 +7455,7 @@ export type operations = { * admin/relays/add * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ 'admin/relays/add': { requestBody: { @@ -7510,7 +7518,7 @@ export type operations = { * admin/relays/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:relays* */ 'admin/relays/list': { responses: { @@ -7566,7 +7574,7 @@ export type operations = { * admin/relays/remove * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:relays* */ 'admin/relays/remove': { requestBody: { @@ -7617,7 +7625,7 @@ export type operations = { * admin/reset-password * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:reset-password* */ 'admin/reset-password': { requestBody: { @@ -7673,7 +7681,7 @@ export type operations = { * admin/resolve-abuse-user-report * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:resolve-abuse-user-report* */ 'admin/resolve-abuse-user-report': { requestBody: { @@ -7727,7 +7735,7 @@ export type operations = { * admin/send-email * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:send-email* */ 'admin/send-email': { requestBody: { @@ -7780,7 +7788,7 @@ export type operations = { * admin/server-info * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:server-info* */ 'admin/server-info': { responses: { @@ -7850,7 +7858,7 @@ export type operations = { * admin/show-moderation-logs * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-moderation-log* */ 'admin/show-moderation-logs': { requestBody: { @@ -7921,7 +7929,7 @@ export type operations = { * admin/show-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-user* */ 'admin/show-user': { requestBody: { @@ -7975,7 +7983,7 @@ export type operations = { * admin/show-users * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:show-users* */ 'admin/show-users': { requestBody: { @@ -8050,7 +8058,7 @@ export type operations = { * admin/suspend-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:suspend-user* */ 'admin/suspend-user': { requestBody: { @@ -8102,7 +8110,7 @@ export type operations = { * admin/unsuspend-user * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:unsuspend-user* */ 'admin/unsuspend-user': { requestBody: { @@ -8154,7 +8162,7 @@ export type operations = { * admin/update-meta * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:meta* */ 'admin/update-meta': { requestBody: { @@ -8299,7 +8307,7 @@ export type operations = { * admin/delete-account * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:delete-account* */ 'admin/delete-account': { requestBody: { @@ -8353,7 +8361,7 @@ export type operations = { * admin/update-user-note * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:user-note* */ 'admin/update-user-note': { requestBody: { @@ -8406,7 +8414,7 @@ export type operations = { * admin/roles/create * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/create': { requestBody: { @@ -8474,7 +8482,7 @@ export type operations = { * admin/roles/delete * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/delete': { requestBody: { @@ -8526,7 +8534,7 @@ export type operations = { * admin/roles/list * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ 'admin/roles/list': { responses: { @@ -8572,7 +8580,7 @@ export type operations = { * admin/roles/show * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *read:admin* + * **Credential required**: *Yes* / **Permission**: *read:admin:roles* */ 'admin/roles/show': { requestBody: { @@ -8626,7 +8634,7 @@ export type operations = { * admin/roles/update * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/update': { requestBody: { @@ -8693,7 +8701,7 @@ export type operations = { * admin/roles/assign * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/assign': { requestBody: { @@ -8748,7 +8756,7 @@ export type operations = { * admin/roles/unassign * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/unassign': { requestBody: { @@ -8802,7 +8810,7 @@ export type operations = { * admin/roles/update-default-policies * @description No description provided. * - * **Credential required**: *Yes* / **Permission**: *write:admin* + * **Credential required**: *Yes* / **Permission**: *write:admin:roles* */ 'admin/roles/update-default-policies': { requestBody: { @@ -8853,7 +8861,7 @@ export type operations = { * admin/roles/users * @description No description provided. * - * **Credential required**: *No* / **Permission**: *read:admin* + * **Credential required**: *No* / **Permission**: *read:admin:roles* */ 'admin/roles/users': { requestBody: { @@ -9327,7 +9335,7 @@ export type operations = { * ap/get * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:federation* */ 'ap/get': { requestBody: { @@ -9386,7 +9394,7 @@ export type operations = { * ap/show * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'ap/show': { requestBody: { @@ -13615,7 +13623,7 @@ export type operations = { * federation/update-remote-user * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ 'federation/update-remote-user': { requestBody: { @@ -15200,7 +15208,7 @@ export type operations = { * i * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ i: { responses: { @@ -15853,7 +15861,7 @@ export type operations = { * i/claim-achievement * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'i/claim-achievement': { requestBody: { @@ -17311,7 +17319,7 @@ export type operations = { * i/registry/get-all * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'i/registry/get-all': { requestBody: { @@ -17366,7 +17374,7 @@ export type operations = { * i/registry/get-detail * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'i/registry/get-detail': { requestBody: { @@ -17422,7 +17430,7 @@ export type operations = { * i/registry/get * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'i/registry/get': { requestBody: { @@ -17478,7 +17486,7 @@ export type operations = { * i/registry/keys-with-type * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'i/registry/keys-with-type': { requestBody: { @@ -17533,7 +17541,7 @@ export type operations = { * i/registry/keys * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'i/registry/keys': { requestBody: { @@ -17586,7 +17594,7 @@ export type operations = { * i/registry/remove * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'i/registry/remove': { requestBody: { @@ -17690,7 +17698,7 @@ export type operations = { * i/registry/set * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'i/registry/set': { requestBody: { @@ -18446,7 +18454,7 @@ export type operations = { * invite/create * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ 'invite/create': { responses: { @@ -18492,7 +18500,7 @@ export type operations = { * invite/delete * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:invite-codes* */ 'invite/delete': { requestBody: { @@ -18544,7 +18552,7 @@ export type operations = { * invite/list * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ 'invite/list': { requestBody: { @@ -18602,7 +18610,7 @@ export type operations = { * invite/limit * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:invite-codes* */ 'invite/limit': { responses: { @@ -19282,7 +19290,7 @@ export type operations = { * my/apps * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'my/apps': { requestBody: { @@ -19959,7 +19967,7 @@ export type operations = { * notes/hybrid-timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/hybrid-timeline': { requestBody: { @@ -20101,7 +20109,7 @@ export type operations = { * notes/mentions * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/mentions': { requestBody: { @@ -20162,7 +20170,7 @@ export type operations = { * notes/polls/recommendation * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/polls/recommendation': { requestBody: { @@ -20762,7 +20770,7 @@ export type operations = { * notes/state * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/state': { requestBody: { @@ -20929,7 +20937,7 @@ export type operations = { * notes/timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/timeline': { requestBody: { @@ -21001,7 +21009,7 @@ export type operations = { * notes/translate * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/translate': { requestBody: { @@ -21117,7 +21125,7 @@ export type operations = { * notes/user-list-timeline * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'notes/user-list-timeline': { requestBody: { @@ -22409,7 +22417,7 @@ export type operations = { * promo/read * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'promo/read': { requestBody: { @@ -22461,7 +22469,7 @@ export type operations = { * roles/list * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'roles/list': { responses: { @@ -22625,7 +22633,7 @@ export type operations = { * roles/notes * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'roles/notes': { requestBody: { @@ -22954,6 +22962,7 @@ export type operations = { * sw/show-registration * @description Check push notification registration exists. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ 'sw/show-registration': { @@ -23015,6 +23024,7 @@ export type operations = { * sw/update-registration * @description Update push notification registration. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ 'sw/update-registration': { @@ -23073,6 +23083,7 @@ export type operations = { * sw/register * @description Register to receive push notifications. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ 'sw/register': { @@ -24077,7 +24088,7 @@ export type operations = { * users/lists/favorite * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'users/lists/favorite': { requestBody: { @@ -24129,7 +24140,7 @@ export type operations = { * users/lists/unfavorite * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'users/lists/unfavorite': { requestBody: { @@ -24237,7 +24248,7 @@ export type operations = { * users/lists/create-from-public * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:account* */ 'users/lists/create-from-public': { requestBody: { @@ -24728,7 +24739,7 @@ export type operations = { * users/relation * @description Show the different kinds of relations between the authenticated user and the specified user(s). * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *read:account* */ 'users/relation': { requestBody: { @@ -24803,7 +24814,7 @@ export type operations = { * users/report-abuse * @description File a report. * - * **Credential required**: *Yes* + * **Credential required**: *Yes* / **Permission**: *write:report-abuse* */ 'users/report-abuse': { requestBody: { @@ -25036,7 +25047,7 @@ export type operations = { * users/achievements * @description No description provided. * - * **Credential required**: *Yes* + * **Credential required**: *No* */ 'users/achievements': { requestBody: { @@ -25202,6 +25213,7 @@ export type operations = { * fetch-external-resources * @description No description provided. * + * **Internal Endpoint**: This endpoint is an API for the misskey mainframe and is not intended for use by third parties. * **Credential required**: *Yes* */ 'fetch-external-resources': { diff --git a/packages/misskey-js/src/consts.ts b/packages/misskey-js/src/consts.ts index e769bb9e6d..0e446c1215 100644 --- a/packages/misskey-js/src/consts.ts +++ b/packages/misskey-js/src/consts.ts @@ -45,7 +45,55 @@ export const permissions = [ 'write:flash', 'read:flash-likes', 'write:flash-likes', -]; + 'read:admin:abuse-user-reports', + 'write:admin:delete-account', + 'write:admin:delete-all-files-of-a-user', + 'read:admin:index-stats', + 'read:admin:table-stats', + 'read:admin:user-ips', + 'read:admin:meta', + 'write:admin:reset-password', + 'write:admin:resolve-abuse-user-report', + 'write:admin:send-email', + 'read:admin:server-info', + 'read:admin:show-moderation-log', + 'read:admin:show-user', + 'read:admin:show-users', + 'write:admin:suspend-user', + 'write:admin:unset-user-avatar', + 'write:admin:unset-user-banner', + 'write:admin:unsuspend-user', + 'write:admin:meta', + 'write:admin:user-note', + 'write:admin:roles', + 'read:admin:roles', + 'write:admin:relays', + 'read:admin:relays', + 'write:admin:invite-codes', + 'read:admin:invite-codes', + 'write:admin:announcements', + 'read:admin:announcements', + 'write:admin:avatar-decorations', + 'read:admin:avatar-decorations', + 'write:admin:federation', + 'write:admin:account', + 'read:admin:account', + 'write:admin:emoji', + 'read:admin:emoji', + 'write:admin:queue', + 'read:admin:queue', + 'write:admin:promo', + 'write:admin:drive', + 'read:admin:drive', + 'write:admin:ad', + 'read:admin:ad', + 'write:invite-codes', + 'read:invite-codes', + 'write:clip-favorite', + 'read:clip-favorite', + 'read:federation', + 'write:report-abuse', +] as const; export const moderationLogTypes = [ 'updateServerSettings', From ad346b6f368f1da2874c9c575884107630f6e5c8 Mon Sep 17 00:00:00 2001 From: Kagami Sascha Rosylight Date: Wed, 27 Dec 2023 07:10:24 +0100 Subject: [PATCH 03/14] feat(backend/oauth): allow CORS for token endpoint (#12814) * feat(backend/oauth): allow CORS for token endpoint * no need to explicitly set origin to `*` * Update CHANGELOG.md --- CHANGELOG.md | 11 ++ packages/backend/package.json | 2 +- packages/backend/src/server/ServerService.ts | 3 +- .../src/server/WellKnownServerService.ts | 6 + .../src/server/oauth/OAuth2ProviderService.ts | 71 ++++++----- packages/backend/test/e2e/nodeinfo.ts | 40 +++++++ packages/backend/test/e2e/oauth.ts | 20 ++++ packages/backend/test/e2e/well-known.ts | 111 ++++++++++++++++++ packages/backend/test/utils.ts | 2 + pnpm-lock.yaml | 24 ++-- 10 files changed, 242 insertions(+), 48 deletions(-) create mode 100644 packages/backend/test/e2e/nodeinfo.ts create mode 100644 packages/backend/test/e2e/well-known.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b71f6540d..53931b44d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,17 @@ --> +## 2023.x.x (unreleased) + +### General +- + +### Client +- + +### Server +- Enhance: `oauth/token`エンドポイントのCORS対応 + ## 2023.12.1 ### General diff --git a/packages/backend/package.json b/packages/backend/package.json index 6848d88e03..4d1e9936aa 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -68,7 +68,7 @@ "@discordapp/twemoji": "15.0.2", "@fastify/accepts": "4.3.0", "@fastify/cookie": "9.2.0", - "@fastify/cors": "8.4.2", + "@fastify/cors": "8.5.0", "@fastify/express": "2.3.0", "@fastify/http-proxy": "9.3.0", "@fastify/multipart": "8.0.0", diff --git a/packages/backend/src/server/ServerService.ts b/packages/backend/src/server/ServerService.ts index bb41ab0e42..632a7692cd 100644 --- a/packages/backend/src/server/ServerService.ts +++ b/packages/backend/src/server/ServerService.ts @@ -107,7 +107,8 @@ export class ServerService implements OnApplicationShutdown { fastify.register(this.activityPubServerService.createServer); fastify.register(this.nodeinfoServerService.createServer); fastify.register(this.wellKnownServerService.createServer); - fastify.register(this.oauth2ProviderService.createServer); + fastify.register(this.oauth2ProviderService.createServer, { prefix: '/oauth' }); + fastify.register(this.oauth2ProviderService.createTokenServer, { prefix: '/oauth/token' }); fastify.get<{ Params: { path: string }; Querystring: { static?: any; badge?: any; }; }>('/emoji/:path(.*)', async (request, reply) => { const path = request.params.path; diff --git a/packages/backend/src/server/WellKnownServerService.ts b/packages/backend/src/server/WellKnownServerService.ts index 8fc3c96de6..c3eaf53a14 100644 --- a/packages/backend/src/server/WellKnownServerService.ts +++ b/packages/backend/src/server/WellKnownServerService.ts @@ -16,6 +16,7 @@ import * as Acct from '@/misc/acct.js'; import { UserEntityService } from '@/core/entities/UserEntityService.js'; import { bindThis } from '@/decorators.js'; import { NodeinfoServerService } from './NodeinfoServerService.js'; +import { OAuth2ProviderService } from './oauth/OAuth2ProviderService.js'; import type { FindOptionsWhere } from 'typeorm'; import type { FastifyInstance, FastifyPluginOptions } from 'fastify'; @@ -30,6 +31,7 @@ export class WellKnownServerService { private nodeinfoServerService: NodeinfoServerService, private userEntityService: UserEntityService, + private oauth2ProviderService: OAuth2ProviderService, ) { //this.createServer = this.createServer.bind(this); } @@ -87,6 +89,10 @@ export class WellKnownServerService { return { links: this.nodeinfoServerService.getLinks() }; }); + fastify.get('/.well-known/oauth-authorization-server', async () => { + return this.oauth2ProviderService.generateRFC8414(); + }); + /* TODO fastify.get('/.well-known/change-password', async (request, reply) => { }); diff --git a/packages/backend/src/server/oauth/OAuth2ProviderService.ts b/packages/backend/src/server/oauth/OAuth2ProviderService.ts index 5c18f452ce..2253078582 100644 --- a/packages/backend/src/server/oauth/OAuth2ProviderService.ts +++ b/packages/backend/src/server/oauth/OAuth2ProviderService.ts @@ -11,6 +11,7 @@ import httpLinkHeader from 'http-link-header'; import ipaddr from 'ipaddr.js'; import oauth2orize, { type OAuth2, AuthorizationError, ValidateFunctionArity2, OAuth2Req, MiddlewareRequest } from 'oauth2orize'; import oauth2Pkce from 'oauth2orize-pkce'; +import fastifyCors from '@fastify/cors'; import fastifyView from '@fastify/view'; import pug from 'pug'; import bodyParser from 'body-parser'; @@ -348,25 +349,25 @@ export class OAuth2ProviderService { })); } + // https://datatracker.ietf.org/doc/html/rfc8414.html + // https://indieauth.spec.indieweb.org/#indieauth-server-metadata + public generateRFC8414() { + return { + issuer: this.config.url, + authorization_endpoint: new URL('/oauth/authorize', this.config.url), + token_endpoint: new URL('/oauth/token', this.config.url), + scopes_supported: kinds, + response_types_supported: ['code'], + grant_types_supported: ['authorization_code'], + service_documentation: 'https://misskey-hub.net', + code_challenge_methods_supported: ['S256'], + authorization_response_iss_parameter_supported: true, + }; + } + @bindThis public async createServer(fastify: FastifyInstance): Promise { - // https://datatracker.ietf.org/doc/html/rfc8414.html - // https://indieauth.spec.indieweb.org/#indieauth-server-metadata - fastify.get('/.well-known/oauth-authorization-server', async (_request, reply) => { - reply.send({ - issuer: this.config.url, - authorization_endpoint: new URL('/oauth/authorize', this.config.url), - token_endpoint: new URL('/oauth/token', this.config.url), - scopes_supported: kinds, - response_types_supported: ['code'], - grant_types_supported: ['authorization_code'], - service_documentation: 'https://misskey-hub.net', - code_challenge_methods_supported: ['S256'], - authorization_response_iss_parameter_supported: true, - }); - }); - - fastify.get('/oauth/authorize', async (request, reply) => { + fastify.get('/authorize', async (request, reply) => { const oauth2 = (request.raw as MiddlewareRequest).oauth2; if (!oauth2) { throw new Error('Unexpected lack of authorization information'); @@ -381,8 +382,7 @@ export class OAuth2ProviderService { scope: oauth2.req.scope.join(' '), }); }); - fastify.post('/oauth/decision', async () => { }); - fastify.post('/oauth/token', async () => { }); + fastify.post('/decision', async () => { }); fastify.register(fastifyView, { root: fileURLToPath(new URL('../web/views', import.meta.url)), @@ -394,7 +394,7 @@ export class OAuth2ProviderService { }); await fastify.register(fastifyExpress); - fastify.use('/oauth/authorize', this.#server.authorize(((areq, done) => { + fastify.use('/authorize', this.#server.authorize(((areq, done) => { (async (): Promise> => { // This should return client/redirectURI AND the error, or // the handler can't send error to the redirection URI @@ -448,30 +448,24 @@ export class OAuth2ProviderService { return [null, clientInfo, redirectURI]; })().then(args => done(...args), err => done(err)); }) as ValidateFunctionArity2)); - fastify.use('/oauth/authorize', this.#server.errorHandler({ + fastify.use('/authorize', this.#server.errorHandler({ mode: 'indirect', modes: getQueryMode(this.config.url), })); - fastify.use('/oauth/authorize', this.#server.errorHandler()); + fastify.use('/authorize', this.#server.errorHandler()); - fastify.use('/oauth/decision', bodyParser.urlencoded({ extended: false })); - fastify.use('/oauth/decision', this.#server.decision((req, done) => { + fastify.use('/decision', bodyParser.urlencoded({ extended: false })); + fastify.use('/decision', this.#server.decision((req, done) => { const { body } = req as OAuth2DecisionRequest; this.#logger.info(`Received the decision. Cancel: ${!!body.cancel}`); req.user = body.login_token; done(null, undefined); })); - fastify.use('/oauth/decision', this.#server.errorHandler()); - - // Clients may use JSON or urlencoded - fastify.use('/oauth/token', bodyParser.urlencoded({ extended: false })); - fastify.use('/oauth/token', bodyParser.json({ strict: true })); - fastify.use('/oauth/token', this.#server.token()); - fastify.use('/oauth/token', this.#server.errorHandler()); + fastify.use('/decision', this.#server.errorHandler()); // Return 404 for any unknown paths under /oauth so that clients can know // whether a certain endpoint is supported or not. - fastify.all('/oauth/*', async (_request, reply) => { + fastify.all('/*', async (_request, reply) => { reply.code(404); reply.send({ error: { @@ -483,4 +477,17 @@ export class OAuth2ProviderService { }); }); } + + @bindThis + public async createTokenServer(fastify: FastifyInstance): Promise { + fastify.register(fastifyCors); + fastify.post('', async () => { }); + + await fastify.register(fastifyExpress); + // Clients may use JSON or urlencoded + fastify.use('', bodyParser.urlencoded({ extended: false })); + fastify.use('', bodyParser.json({ strict: true })); + fastify.use('', this.#server.token()); + fastify.use('', this.#server.errorHandler()); + } } diff --git a/packages/backend/test/e2e/nodeinfo.ts b/packages/backend/test/e2e/nodeinfo.ts new file mode 100644 index 0000000000..7eed39c5ed --- /dev/null +++ b/packages/backend/test/e2e/nodeinfo.ts @@ -0,0 +1,40 @@ +/* + * SPDX-FileCopyrightText: syuilo and other misskey contributors + * SPDX-License-Identifier: AGPL-3.0-only + */ + +process.env.NODE_ENV = 'test'; + +import * as assert from 'assert'; +import { relativeFetch, startServer } from '../utils.js'; +import type { INestApplicationContext } from '@nestjs/common'; + +describe('nodeinfo', () => { + let app: INestApplicationContext; + + beforeAll(async () => { + app = await startServer(); + }, 1000 * 60 * 2); + + afterAll(async () => { + await app.close(); + }); + + test('nodeinfo 2.1', async () => { + const res = await relativeFetch('nodeinfo/2.1'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + + const nodeInfo = await res.json() as any; + assert.strictEqual(nodeInfo.software.name, 'misskey'); + }); + + test('nodeinfo 2.0', async () => { + const res = await relativeFetch('nodeinfo/2.0'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + + const nodeInfo = await res.json() as any; + assert.strictEqual(nodeInfo.software.name, 'misskey'); + }); +}); diff --git a/packages/backend/test/e2e/oauth.ts b/packages/backend/test/e2e/oauth.ts index a029a0d4be..3a5e4ebdae 100644 --- a/packages/backend/test/e2e/oauth.ts +++ b/packages/backend/test/e2e/oauth.ts @@ -941,4 +941,24 @@ describe('OAuth', () => { const response = await fetch(new URL('/oauth/foo', host)); assert.strictEqual(response.status, 404); }); + + describe('CORS', () => { + test('Token endpoint should support CORS', async () => { + const response = await fetch(new URL('/oauth/token', host), { method: 'POST' }); + assert.ok(!response.ok); + assert.strictEqual(response.headers.get('Access-Control-Allow-Origin'), '*'); + }); + + test('Authorize endpoint should not support CORS', async () => { + const response = await fetch(new URL('/oauth/authorize', host), { method: 'GET' }); + assert.ok(!response.ok); + assert.ok(!response.headers.has('Access-Control-Allow-Origin')); + }); + + test('Decision endpoint should not support CORS', async () => { + const response = await fetch(new URL('/oauth/decision', host), { method: 'POST' }); + assert.ok(!response.ok); + assert.ok(!response.headers.has('Access-Control-Allow-Origin')); + }); + }); }); diff --git a/packages/backend/test/e2e/well-known.ts b/packages/backend/test/e2e/well-known.ts new file mode 100644 index 0000000000..14e32e1627 --- /dev/null +++ b/packages/backend/test/e2e/well-known.ts @@ -0,0 +1,111 @@ +/* + * SPDX-FileCopyrightText: syuilo and other misskey contributors + * SPDX-License-Identifier: AGPL-3.0-only + */ + +process.env.NODE_ENV = 'test'; + +import * as assert from 'assert'; +import { host, origin, relativeFetch, signup, startServer } from '../utils.js'; +import type { INestApplicationContext } from '@nestjs/common'; +import type * as misskey from 'misskey-js'; + +describe('.well-known', () => { + let app: INestApplicationContext; + let alice: misskey.entities.User; + + beforeAll(async () => { + app = await startServer(); + + alice = await signup({ username: 'alice' }); + }, 1000 * 60 * 2); + + afterAll(async () => { + await app.close(); + }); + + test('nodeinfo', async () => { + const res = await relativeFetch('.well-known/nodeinfo'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + + const nodeInfo = await res.json(); + assert.deepStrictEqual(nodeInfo, { + links: [{ + rel: 'http://nodeinfo.diaspora.software/ns/schema/2.1', + href: `${origin}/nodeinfo/2.1`, + }, { + rel: 'http://nodeinfo.diaspora.software/ns/schema/2.0', + href: `${origin}/nodeinfo/2.0`, + }], + }); + }); + + test('webfinger', async () => { + const preflight = await relativeFetch(`.well-known/webfinger?resource=acct:alice@${host}`, { + method: 'options', + headers: { + 'Access-Control-Request-Method': 'GET', + Origin: 'http://example.com', + }, + }); + assert.ok(preflight.ok); + assert.strictEqual(preflight.headers.get('Access-Control-Allow-Headers'), 'Accept'); + + const res = await relativeFetch(`.well-known/webfinger?resource=acct:alice@${host}`); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + assert.strictEqual(res.headers.get('Access-Control-Expose-Headers'), 'Vary'); + assert.strictEqual(res.headers.get('Vary'), 'Accept'); + + const webfinger = await res.json(); + + assert.deepStrictEqual(webfinger, { + subject: `acct:alice@${host}`, + links: [{ + rel: 'self', + type: 'application/activity+json', + href: `${origin}/users/${alice.id}`, + }, { + rel: 'http://webfinger.net/rel/profile-page', + type: 'text/html', + href: `${origin}/@alice`, + }, { + rel: 'http://ostatus.org/schema/1.0/subscribe', + template: `${origin}/authorize-follow?acct={uri}`, + }], + }); + }); + + test('host-meta', async () => { + const res = await relativeFetch('.well-known/host-meta'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + }); + + test('host-meta.json', async () => { + const res = await relativeFetch('.well-known/host-meta.json'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + + const hostMeta = await res.json(); + assert.deepStrictEqual(hostMeta, { + links: [{ + rel: 'lrdd', + type: 'application/jrd+json', + template: `${origin}/.well-known/webfinger?resource={uri}`, + }], + }); + }); + + test('oauth-authorization-server', async () => { + const res = await relativeFetch('.well-known/oauth-authorization-server'); + assert.ok(res.ok); + assert.strictEqual(res.headers.get('Access-Control-Allow-Origin'), '*'); + + const serverInfo = await res.json() as any; + assert.strictEqual(serverInfo.issuer, origin); + assert.strictEqual(serverInfo.authorization_endpoint, `${origin}/oauth/authorize`); + assert.strictEqual(serverInfo.token_endpoint, `${origin}/oauth/token`); + }); +}); diff --git a/packages/backend/test/utils.ts b/packages/backend/test/utils.ts index db7629d2c4..46b8ea9cdd 100644 --- a/packages/backend/test/utils.ts +++ b/packages/backend/test/utils.ts @@ -26,6 +26,8 @@ interface UserToken { const config = loadConfig(); export const port = config.port; +export const origin = config.url; +export const host = new URL(config.url).host; export const cookie = (me: UserToken): string => { return `token=${me.token};`; diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 278109f12d..b46dcd0e7f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -84,8 +84,8 @@ importers: specifier: 9.2.0 version: 9.2.0 '@fastify/cors': - specifier: 8.4.2 - version: 8.4.2 + specifier: 8.5.0 + version: 8.5.0 '@fastify/express': specifier: 2.3.0 version: 2.3.0 @@ -4303,11 +4303,11 @@ packages: fastify-plugin: 4.5.0 dev: false - /@fastify/cors@8.4.2: - resolution: {integrity: sha512-IVynbcPG9eWiJ0P/A1B+KynmiU/yTYbu3ooBUSIeHfca/N1XLb9nIJVCws+YTr2q63MA8Y6QLeXQczEv4npM9g==} + /@fastify/cors@8.5.0: + resolution: {integrity: sha512-/oZ1QSb02XjP0IK1U0IXktEsw/dUBTxJOW7IpIeO8c/tNalw/KjoNSJv1Sf6eqoBPO+TDGkifq6ynFK3v68HFQ==} dependencies: fastify-plugin: 4.5.0 - mnemonist: 0.39.5 + mnemonist: 0.39.6 dev: false /@fastify/deepmerge@1.3.0: @@ -7281,7 +7281,7 @@ packages: ts-dedent: 2.2.0 type-fest: 2.19.0 vue: 3.3.12(typescript@5.3.3) - vue-component-type-helpers: 1.8.25 + vue-component-type-helpers: 1.8.27 transitivePeerDependencies: - encoding - supports-color @@ -15209,8 +15209,8 @@ packages: ufo: 1.1.2 dev: true - /mnemonist@0.39.5: - resolution: {integrity: sha512-FPUtkhtJ0efmEFGpU14x7jGbTB+s18LrzRL2KgoWz9YvcY3cPomz8tih01GbHwnGk/OmkOKfqd/RAQoc8Lm7DQ==} + /mnemonist@0.39.6: + resolution: {integrity: sha512-A/0v5Z59y63US00cRSLiloEIw3t5G+MiKz4BhX21FI+YBJXBOGW0ohFxTxO08dsOYlzxo87T7vGfZKYp2bcAWA==} dependencies: obliterator: 2.0.4 dev: false @@ -19087,10 +19087,6 @@ packages: /tweetnacl@0.14.5: resolution: {integrity: sha512-KXXFFdAbFXY4geFIwoyNK+f5Z1b7swfXABfL7HXCmoIWMKU3dmS26672A4EeQtDzLKy7SXmfBu51JolvEKwtGA==} - /twemoji-parser@14.0.0: - resolution: {integrity: sha512-9DUOTGLOWs0pFWnh1p6NF+C3CkQ96PWmEFwhOVmT3WbecRC+68AIqpsnJXygfkFcp4aXbOp8Dwbhh/HQgvoRxA==} - dev: false - /type-check@0.4.0: resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==} engines: {node: '>= 0.8.0'} @@ -19755,8 +19751,8 @@ packages: resolution: {integrity: sha512-AFbieoL7a5LMqcnOF04ji+rpXadgOXnZsxQr//r83kLPr7biP7am3g9zbaZIaBGwBRWeSvoMD4mgPdX3e4NWBg==} dev: false - /vue-component-type-helpers@1.8.25: - resolution: {integrity: sha512-NCA6sekiJIMnMs4DdORxATXD+/NRkQpS32UC+I1KQJUasx+Z7MZUb3Y+MsKsFmX+PgyTYSteb73JW77AibaCCw==} + /vue-component-type-helpers@1.8.27: + resolution: {integrity: sha512-0vOfAtI67UjeO1G6UiX5Kd76CqaQ67wrRZiOe7UAb9Jm6GzlUr/fC7CV90XfwapJRjpCMaZFhv1V0ajWRmE9Dg==} dev: true /vue-component-type-helpers@1.8.4: From 9410bc046b8191080d2d1840b632e94ac19c8fda Mon Sep 17 00:00:00 2001 From: syuilo Date: Wed, 27 Dec 2023 15:12:43 +0900 Subject: [PATCH 04/14] Update CHANGELOG.md --- CHANGELOG.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 53931b44d0..b7f37d747d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,17 +12,6 @@ --> -## 2023.x.x (unreleased) - -### General -- - -### Client -- - -### Server -- Enhance: `oauth/token`エンドポイントのCORS対応 - ## 2023.12.1 ### General @@ -35,6 +24,7 @@ ### Server - Enhance: センシティブワードの設定がハッシュタグトレンドにも適用されるようになりました +- Enhance: `oauth/token`エンドポイントのCORS対応 - Fix: 1702718871541-ffVisibility.jsのdownが壊れている - Fix:「非センシティブのみ(リモートはいいねのみ)」を設定していても、センシティブに設定されたカスタム絵文字をリアクションできる問題を修正 - Fix: ロールアサイン時の通知で,ロールアイコンが縮小されずに表示される問題を修正 From 8904e0a12b0dba776db0144f0644b94e7e81bbbf Mon Sep 17 00:00:00 2001 From: syuilo Date: Wed, 27 Dec 2023 15:15:08 +0900 Subject: [PATCH 05/14] :art: --- .../frontend/src/components/MkReactionsViewer.reaction.vue | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/frontend/src/components/MkReactionsViewer.reaction.vue b/packages/frontend/src/components/MkReactionsViewer.reaction.vue index 8de226802d..250b7b96d5 100644 --- a/packages/frontend/src/components/MkReactionsViewer.reaction.vue +++ b/packages/frontend/src/components/MkReactionsViewer.reaction.vue @@ -198,7 +198,8 @@ if (!mock) { } .limitWidth { - max-width: 150px; + max-width: 70px; + object-fit: contain; } .count { From 6439c7b64b31dc9fbc6c968ef020787f34ee8331 Mon Sep 17 00:00:00 2001 From: GrapeApple0 <84321396+GrapeApple0@users.noreply.github.com> Date: Wed, 27 Dec 2023 15:55:09 +0900 Subject: [PATCH 06/14] =?UTF-8?q?Revert=20"refactor:=20pagination=E3=81=AE?= =?UTF-8?q?=E5=9E=8B=E3=82=92=E6=98=8E=E7=A4=BA=E3=81=99=E3=82=8B=20(#1280?= =?UTF-8?q?9)"=20(#12810)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 6855079811401be883167476726644e5730ea792. --- .../frontend/src/components/MkFileListForAdmin.vue | 4 ++-- packages/frontend/src/components/MkNoteDetailed.vue | 6 +++--- .../src/components/MkUserSetupDialog.Follow.vue | 6 +++--- packages/frontend/src/pages/about.federation.vue | 2 +- packages/frontend/src/pages/admin-user.vue | 4 ++-- packages/frontend/src/pages/admin/abuses.vue | 4 ++-- packages/frontend/src/pages/admin/federation.vue | 4 ++-- packages/frontend/src/pages/admin/invites.vue | 8 ++++---- packages/frontend/src/pages/admin/modlog.vue | 4 ++-- packages/frontend/src/pages/admin/roles.role.vue | 4 ++-- packages/frontend/src/pages/admin/users.vue | 4 ++-- packages/frontend/src/pages/announcements.vue | 6 +++--- packages/frontend/src/pages/channels.vue | 10 +++++----- .../frontend/src/pages/custom-emojis-manager.vue | 6 +++--- packages/frontend/src/pages/favorites.vue | 4 ++-- packages/frontend/src/pages/flash/flash-index.vue | 8 ++++---- packages/frontend/src/pages/follow-requests.vue | 4 ++-- packages/frontend/src/pages/gallery/index.vue | 12 ++++++------ packages/frontend/src/pages/gallery/post.vue | 4 ++-- packages/frontend/src/pages/instance-info.vue | 4 ++-- packages/frontend/src/pages/invite.vue | 4 ++-- packages/frontend/src/pages/my-clips/index.vue | 4 ++-- packages/frontend/src/pages/my-lists/list.vue | 4 ++-- packages/frontend/src/pages/page.vue | 4 ++-- packages/frontend/src/pages/pages.vue | 8 ++++---- packages/frontend/src/pages/settings/apps.vue | 4 ++-- .../frontend/src/pages/settings/drive-cleaner.vue | 4 ++-- packages/frontend/src/pages/settings/mute-block.vue | 8 ++++---- packages/frontend/src/pages/settings/security.vue | 4 ++-- packages/frontend/src/pages/settings/webhook.vue | 4 ++-- packages/frontend/src/pages/user/clips.vue | 4 ++-- packages/frontend/src/pages/user/flashs.vue | 4 ++-- packages/frontend/src/pages/user/follow-list.vue | 6 +++--- packages/frontend/src/pages/user/gallery.vue | 4 ++-- packages/frontend/src/pages/user/lists.vue | 4 ++-- packages/frontend/src/pages/user/pages.vue | 4 ++-- packages/frontend/src/pages/user/reactions.vue | 4 ++-- 37 files changed, 93 insertions(+), 93 deletions(-) diff --git a/packages/frontend/src/components/MkFileListForAdmin.vue b/packages/frontend/src/components/MkFileListForAdmin.vue index b0ff06bd33..3edd30bc37 100644 --- a/packages/frontend/src/components/MkFileListForAdmin.vue +++ b/packages/frontend/src/components/MkFileListForAdmin.vue @@ -38,14 +38,14 @@ SPDX-License-Identifier: AGPL-3.0-only diff --git a/packages/frontend/src/components/MkNoteDetailed.vue b/packages/frontend/src/components/MkNoteDetailed.vue index f1bcdec7fb..33a6786d03 100644 --- a/packages/frontend/src/components/MkNoteDetailed.vue +++ b/packages/frontend/src/components/MkNoteDetailed.vue @@ -224,7 +224,7 @@ import { claimAchievement } from '@/scripts/achievements.js'; import MkRippleEffect from '@/components/MkRippleEffect.vue'; import { showMovedDialog } from '@/scripts/show-moved-dialog.js'; import MkUserCardMini from '@/components/MkUserCardMini.vue'; -import MkPagination, { Paging } from '@/components/MkPagination.vue'; +import MkPagination from '@/components/MkPagination.vue'; import MkReactionIcon from '@/components/MkReactionIcon.vue'; import MkButton from '@/components/MkButton.vue'; @@ -307,7 +307,7 @@ const renotesPagination = computed(() => ({ params: { noteId: appearNote.value.id, }, -} satisfies Paging)); +})); const reactionsPagination = computed(() => ({ endpoint: 'notes/reactions', @@ -316,7 +316,7 @@ const reactionsPagination = computed(() => ({ noteId: appearNote.value.id, type: reactionTabType.value, }, -} satisfies Paging)); +})); useNoteCapture({ rootEl: el, diff --git a/packages/frontend/src/components/MkUserSetupDialog.Follow.vue b/packages/frontend/src/components/MkUserSetupDialog.Follow.vue index d924a54ffb..5f3f5b81dd 100644 --- a/packages/frontend/src/components/MkUserSetupDialog.Follow.vue +++ b/packages/frontend/src/components/MkUserSetupDialog.Follow.vue @@ -37,15 +37,15 @@ SPDX-License-Identifier: AGPL-3.0-only import { i18n } from '@/i18n.js'; import MkFolder from '@/components/MkFolder.vue'; import XUser from '@/components/MkUserSetupDialog.User.vue'; -import MkPagination, { Paging } from '@/components/MkPagination.vue'; +import MkPagination from '@/components/MkPagination.vue'; -const pinnedUsers = { endpoint: 'pinned-users', noPaging: true } satisfies Paging; +const pinnedUsers = { endpoint: 'pinned-users', noPaging: true }; const popularUsers = { endpoint: 'users', limit: 10, noPaging: true, params: { state: 'alive', origin: 'local', sort: '+follower', -} } satisfies Paging; +} };