fix(backend): add missing kind definition for admin endpoints to improve security

2023-12-18 12:32:26 +09:00 · 2023-12-18 12:32:26 +09:00 · 5150053275
commit 5150053275
parent 776eea736a
77 changed files with 153 additions and 2 deletions
--- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
@ -15,6 +15,8 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	tags: ['admin'],

+	kind: 'write:admin',
+
 	res: {
 		type: 'object',
 		optional: false, nullable: false,
--- a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
@ -14,6 +14,8 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
 export const meta = {
 	tags: ['admin'],

+	kind: 'write:admin',
+
 	requireCredential: true,
 	requireAdmin: true,
 } as const;
--- a/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts
@ -13,6 +13,8 @@ import { ApiError } from '@/server/api/error.js';
 export const meta = {
 	tags: ['admin'],

+	kind: 'read:admin',
+
 	requireCredential: true,
 	requireAdmin: true,