mirror/iceshrimp
1
0
Fork 0
mirror of https://iceshrimp.dev/iceshrimp/iceshrimp synced 2024-11-23 14:46:07 +09:00
Code Issues Actions Packages Projects Releases Wiki Activity

[backend] Enforce blocks in NoteRepository.isVisibleForMe

Browse Source 
This commit addresses disclosed primitive 20
This commit is contained in:
Laura Hausmann 2024-10-29 17:36:18 +01:00
parent aa73a8905d
commit dc3c2d1ad4
No known key found for this signature in database
GPG Key ID: D044E84C5BE01605
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
packages/backend/src/models/repositories/note.ts
View File

@ -10,7 +10,7 @@ import {
Followings,
Polls,
Channels,
Notes, UserProfiles,
Notes, UserProfiles, Blockings,
} from "../index.js";
import type { Packed } from "@/misc/schema.js";
import { nyaize } from "@/misc/nyaize.js";
@ -113,6 +113,20 @@ async function populateIsRenoted(
export const NoteRepository = db.getRepository(Note).extend({
async isVisibleForMe(note: Note, meId: User["id"] | null): Promise<boolean> {
if (meId != null && meId !== note.userId) {
const blocked = await Blockings.count({
where: {
blockeeId: meId,
blockerId: note.userId
},
take: 1
});
if (blocked !== 0) {
return false;
}
}
// This code must always be synchronized with the checks in generateVisibilityQuery.
// visibility が specified かつ自分が指定されていなかったら非表示
if (note.visibility === "specified") {