e2net/iceshrimp
3
0
Fork 0
forked from mirrors/iceshrimp
Code Pull requests Activity

[backend] Require users to be followed before adding them to lists

Browse source
This commit is contained in:
Laura Hausmann 2023-10-18 23:58:56 +02:00
parent 7ad6bbd32c
commit 11b3d4fa0a
Signed by: zotan
GPG key ID: D044E84C5BE01605
4 changed files with 44 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
packages/backend/src/queue/processors/db/import-user-lists.ts
View file

@ -10,7 +10,7 @@ import {
DriveFiles,
Users,
UserLists,
UserListJoinings,
UserListJoinings, Blockings, Followings,
} from "@/models/index.js";
import { genId } from "@/misc/gen-id.js";
import type { DbUserImportJobData } from "@/queue/types.js";
@ -77,6 +77,21 @@ export async function importUserLists(
target = await resolveUser(username, host);
}
const isBlocked = await Blockings.exist({
where: {
blockerId: target.id,
blockeeId: user.id,
},
});
const isFollowed = await Followings.exist({
where: {
followerId: user.id,
followeeId: target.id,
},
});
if (isBlocked || !isFollowed) continue;
if (
(await UserListJoinings.findOneBy({
userListId: list!.id,

20
packages/backend/src/server/api/endpoints/users/lists/push.ts
View file

@ -1,5 +1,5 @@
import { pushUserToUserList } from "@/services/user-list/push.js";
import { UserLists, UserListJoinings, Blockings } from "@/models/index.js";
import { UserLists, UserListJoinings, Blockings, Followings } from "@/models/index.js";
import define from "../../../define.js";
import { ApiError } from "../../../error.js";
import { getUser } from "../../../common/getters.js";
@ -38,6 +38,13 @@ export const meta = {
code: "YOU_HAVE_BEEN_BLOCKED",
id: "990232c5-3f9d-4d83-9f3f-ef27b6332a4b",
},
notFollowing: {
message:
"You cannot push this user because you are not following this user.",
code: "NOT_FOLLOWING",
id: "0a2e4d73-fe61-41fb-822c-d365ec81ba2a",
},
},
} as const;
@ -68,7 +75,7 @@ export default define(meta, paramDef, async (ps, me) => {
throw e;
});
// Check blocking
// Check blocking and following status
if (user.id !== me.id) {
const isBlocked = await Blockings.exist({
where: {
@ -76,9 +83,18 @@ export default define(meta, paramDef, async (ps, me) => {
blockeeId: me.id,
},
});
const isFollowed = await Followings.exist({
where: {
followerId: me.id,
followeeId: user.id,
},
});
if (isBlocked) {
throw new ApiError(meta.errors.youHaveBeenBlocked);
}
if (!isFollowed) {
throw new ApiError(meta.errors.notFollowing);
}
}
const exist = await UserListJoinings.exist({

9
packages/backend/src/server/api/mastodon/helpers/list.ts
View file

@ -1,5 +1,5 @@
import { ILocalUser, User } from "@/models/entities/user.js";
import { Blockings, UserListJoinings, UserLists, Users } from "@/models/index.js";
import { Blockings, Followings, UserListJoinings, UserLists, Users } from "@/models/index.js";
import { PaginationHelpers } from "@/server/api/mastodon/helpers/pagination.js";
import { UserList } from "@/models/entities/user-list.js";
import { pushUserToUserList } from "@/services/user-list/push.js";
@ -76,7 +76,14 @@ export class ListHelpers {
blockeeId: localUser.id,
},
});
const isFollowed = await Followings.exist({
where: {
followeeId: user.id,
followerId: localUser.id,
},
});
if (isBlocked) throw Error("Can't add users you've been blocked by to list");
if (!isFollowed) throw Error("Can't add users you're not following to list");
}
const exist = await UserListJoinings.exist({

3
packages/backend/src/services/user-list/push.ts
View file

@ -1,9 +1,10 @@
import { publishUserListStream } from "@/services/stream.js";
import type { User } from "@/models/entities/user.js";
import type { UserList } from "@/models/entities/user-list.js";
import { UserListJoinings, Users } from "@/models/index.js";
import { Followings, UserListJoinings, Users } from "@/models/index.js";
import type { UserListJoining } from "@/models/entities/user-list-joining.js";
import { genId } from "@/misc/gen-id.js";
import { ApiError } from "@/server/api/error.js";
export async function pushUserToUserList(target: User, list: UserList) {
await UserListJoinings.insert({