Merge tag '2023.12.1' into merge-upstream

2023-12-28 03:58:07 +09:00 · 2023-12-28 03:58:07 +09:00 · 018ff4cbda
commit 018ff4cbda
parent 90e8b942a3 53898c5006
336 changed files with 1938 additions and 1116 deletions
--- a/packages/backend/src/server/api/ApiCallService.ts
+++ b/packages/backend/src/server/api/ApiCallService.ts
@ -331,7 +331,8 @@ export class ApiCallService implements OnApplicationShutdown {
 			}
 		}

-		if (token && ep.meta.kind && !token.permission.some(p => p === ep.meta.kind)) {
+		if (token && ((ep.meta.kind && !token.permission.some(p => p === ep.meta.kind))
+			|| (!ep.meta.kind && (ep.meta.requireCredential || ep.meta.requireModerator || ep.meta.requireAdmin)))) {
 			throw new ApiError({
 				message: 'Your app does not have the necessary permissions to use this endpoint.',
 				code: 'PERMISSION_DENIED',
--- a/packages/backend/src/server/api/StreamingApiServerService.ts
+++ b/packages/backend/src/server/api/StreamingApiServerService.ts
@ -71,6 +71,10 @@ export class StreamingApiServerService {

 			try {
 				[user, app] = await this.authenticateService.authenticate(token);
+
+				if (app !== null && !app.permission.some(p => p === 'read:account')) {
+					throw new AuthenticationError('Your app does not have necessary permissions to use websocket API.');
+				}
 			} catch (e) {
 				if (e instanceof AuthenticationError) {
 					socket.write([
--- a/packages/backend/src/server/api/endpoints.ts
+++ b/packages/backend/src/server/api/endpoints.ts
@ -4,6 +4,7 @@
 */

 import type { Schema } from '@/misc/json-schema.js';
+import { permissions } from 'misskey-js';
 import { RolePolicies } from '@/core/RoleService.js';

 import * as ep___admin_meta from './endpoints/admin/meta.js';
@ -734,7 +735,7 @@ const eps = [
 	['retention', ep___retention],
 ];

-export interface IEndpointMeta {
+interface IEndpointMetaBase {
 	readonly stability?: 'deprecated' | 'experimental' | 'stable';

 	readonly tags?: ReadonlyArray<string>;
@ -833,6 +834,23 @@ export interface IEndpointMeta {
 	readonly cacheSec?: number;
 }

+export type IEndpointMeta = (Omit<IEndpointMetaBase, 'requireCrential' | 'requireModerator' | 'requireAdmin'> & {
+	requireCredential?: false,
+	requireAdmin?: false,
+	requireModerator?: false,
+}) | (Omit<IEndpointMetaBase, 'secure'> & {
+	secure: true,
+}) | (Omit<IEndpointMetaBase, 'requireCredential' | 'kind'> & {
+	requireCredential: true,
+	kind: (typeof permissions)[number],
+}) | (Omit<IEndpointMetaBase, 'requireModerator' | 'kind'> & {
+	requireModerator: true,
+	kind: (typeof permissions)[number],
+}) | (Omit<IEndpointMetaBase, 'requireAdmin' | 'kind'> & {
+	requireAdmin: true,
+	kind: (typeof permissions)[number],
+})
+
 export interface IEndpoint {
 	name: string;
 	meta: IEndpointMeta;
--- a/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts
+++ b/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts
@ -13,10 +13,9 @@ import { AbuseUserReportEntityService } from '@/core/entities/AbuseUserReportEnt
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:abuse-user-reports',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
@ -15,8 +15,6 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	res: {
 		type: 'object',
 		optional: false, nullable: false,
@ -48,12 +46,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private userEntityService: UserEntityService,
 		private signupService: SignupService,
 	) {
-		super(meta, paramDef, async (ps, _me) => {
+		super(meta, paramDef, async (ps, _me, token) => {
 			const me = _me ? await this.usersRepository.findOneByOrFail({ id: _me.id }) : null;
 			const noUsers = (await this.usersRepository.countBy({
 				host: IsNull(),
 			})) === 0;
-			if (!noUsers && !me?.isRoot) throw new Error('access denied');
+			if ((!noUsers && !me?.isRoot) || token !== null) throw new Error('access denied');

 			const { account, secret } = await this.signupService.signup({
 				username: ps.username,
--- a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
@ -14,10 +14,9 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:account',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts
@ -13,10 +13,9 @@ import { ApiError } from '@/server/api/error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'read:admin:account',

 	errors: {
 		userNotFound: {
--- a/packages/backend/src/server/api/endpoints/admin/ad/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/ad/create.ts
@ -13,10 +13,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:ad',
 	res: {
 		type: 'object',
 		optional: false,
--- a/packages/backend/src/server/api/endpoints/admin/ad/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/ad/delete.ts
@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:ad',

 	errors: {
 		noSuchAd: {
--- a/packages/backend/src/server/api/endpoints/admin/ad/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/ad/list.ts
@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:ad',
 	res: {
 		type: 'array',
 		optional: false,
--- a/packages/backend/src/server/api/endpoints/admin/ad/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/ad/update.ts
@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:ad',

 	errors: {
 		noSuchAd: {
--- a/packages/backend/src/server/api/endpoints/admin/announcements/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/announcements/create.ts
@ -10,10 +10,9 @@ import { AnnouncementService } from '@/core/AnnouncementService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:announcements',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts
@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:announcements',

 	errors: {
 		noSuchAnnouncement: {
--- a/packages/backend/src/server/api/endpoints/admin/announcements/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/announcements/list.ts
@ -13,10 +13,9 @@ import { IdService } from '@/core/IdService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:announcements',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/announcements/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/announcements/update.ts
@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:announcements',

 	errors: {
 		noSuchAnnouncement: {
--- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts
@ -10,10 +10,9 @@ import { AvatarDecorationService } from '@/core/AvatarDecorationService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageAvatarDecorations',
+	kind: 'write:admin:avatar-decorations',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts
@ -12,10 +12,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageAvatarDecorations',
+	kind: 'write:admin:avatar-decorations',
 	errors: {
 	},
 } as const;
--- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts
@ -15,10 +15,9 @@ import { AvatarDecorationService } from '@/core/AvatarDecorationService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageAvatarDecorations',
+	kind: 'read:admin:avatar-decorations',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts
@ -12,10 +12,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageAvatarDecorations',
+	kind: 'write:admin:avatar-decorations',

 	errors: {
 	},
--- a/packages/backend/src/server/api/endpoints/admin/delete-account.ts
+++ b/packages/backend/src/server/api/endpoints/admin/delete-account.ts
@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:delete-account',

 	res: {
 	},
--- a/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts
+++ b/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts
@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:delete-all-files-of-a-user',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts
+++ b/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts
@ -10,10 +10,9 @@ import { QueueService } from '@/core/QueueService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:drive',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts
+++ b/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts
@ -13,10 +13,9 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:drive',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/drive/files.ts
+++ b/packages/backend/src/server/api/endpoints/admin/drive/files.ts
@ -13,10 +13,9 @@ import { DriveFileEntityService } from '@/core/entities/DriveFileEntityService.j
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:drive',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts
+++ b/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts
@ -14,10 +14,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:drive',

 	errors: {
 		noSuchFile: {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts
@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
@ -14,10 +14,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',

 	errors: {
 		noSuchFile: {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts
@ -16,10 +16,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',

 	errors: {
 		noSuchEmoji: {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts
@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts
@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',

 	errors: {
 		noSuchEmoji: {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts
@ -8,7 +8,7 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
 import { QueueService } from '@/core/QueueService.js';

 export const meta = {
-	kind: 'write:admin',
+	secure: true,
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
 } as const;
--- a/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts
@ -15,10 +15,9 @@ import { sqlLikeEscape } from '@/misc/sql-like-escape.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'read:admin:emoji',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/emoji/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/list.ts
@ -15,10 +15,9 @@ import { EmojiEntityService } from '@/core/entities/EmojiEntityService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'read:admin:emoji',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts
@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts
@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts
@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts
@ -10,10 +10,9 @@ import { CustomEmojiService } from '@/core/CustomEmojiService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/update.ts
@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',

 	errors: {
 		noSuchEmoji: {
--- a/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts
+++ b/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts
@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:federation',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts
+++ b/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts
@ -13,10 +13,9 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:federation',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts
+++ b/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts
@ -12,10 +12,9 @@ import { QueueService } from '@/core/QueueService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:federation',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts
+++ b/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts
@ -14,10 +14,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:federation',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts
+++ b/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts
@ -11,8 +11,7 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	requireCredential: true,
 	requireAdmin: true,
-
-	kind: 'read:admin',
+	kind: 'read:admin:index-stats',

 	tags: ['admin'],
 	res: {
--- a/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts
+++ b/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts
@ -11,8 +11,7 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	requireCredential: true,
 	requireAdmin: true,
-
-	kind: 'read:admin',
+	kind: 'read:admin:table-stats',

 	tags: ['admin'],

--- a/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts
+++ b/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts
@ -12,10 +12,9 @@ import { IdService } from '@/core/IdService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:user-ips',
 	res: {
 		type: 'array',
 		optional: false,
@ -34,7 +33,7 @@ export const meta = {
 				},
 			},
 		},
-	}
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/invite/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/invite/create.ts
@ -16,10 +16,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:invite-codes',

 	errors: {
 		invalidDateTime: {
--- a/packages/backend/src/server/api/endpoints/admin/invite/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/invite/list.ts
@ -12,10 +12,9 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:invite-codes',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/meta.ts
+++ b/packages/backend/src/server/api/endpoints/admin/meta.ts
@ -13,10 +13,9 @@ import { DEFAULT_POLICIES } from '@/core/RoleService.js';
 export const meta = {
 	tags: ['meta'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'read:admin:meta',

 	res: {
 		type: 'object',
@ -389,6 +388,10 @@ export const meta = {
 				type: 'string',
 				optional: false, nullable: true,
 			},
+			shortName: {
+				type: 'string',
+				optional: false, nullable: true,
+			},
 			objectStorageS3ForcePathStyle: {
 				type: 'boolean',
 				optional: false, nullable: false,
--- a/packages/backend/src/server/api/endpoints/admin/promo/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/promo/create.ts
@ -13,10 +13,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:promo',

 	errors: {
 		noSuchNote: {
--- a/packages/backend/src/server/api/endpoints/admin/queue/clear.ts
+++ b/packages/backend/src/server/api/endpoints/admin/queue/clear.ts
@ -11,10 +11,9 @@ import { QueueService } from '@/core/QueueService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:queue',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts
+++ b/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts
@ -12,10 +12,9 @@ import { ApiLoggerService } from '@/server/api/ApiLoggerService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:queue',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts
+++ b/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts
@ -12,10 +12,9 @@ import { ApiLoggerService } from '@/server/api/ApiLoggerService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:queue',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/queue/promote.ts
+++ b/packages/backend/src/server/api/endpoints/admin/queue/promote.ts
@ -11,10 +11,9 @@ import { QueueService } from '@/core/QueueService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:queue',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/queue/stats.ts
+++ b/packages/backend/src/server/api/endpoints/admin/queue/stats.ts
@ -10,10 +10,9 @@ import type { DbQueue, DeliverQueue, EndedPollNotificationQueue, InboxQueue, Obj
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:emoji',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/admin/relays/add.ts
+++ b/packages/backend/src/server/api/endpoints/admin/relays/add.ts
@ -12,10 +12,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:relays',

 	errors: {
 		invalidUrl: {
--- a/packages/backend/src/server/api/endpoints/admin/relays/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/relays/list.ts
@ -10,10 +10,9 @@ import { RelayService } from '@/core/RelayService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:relays',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/relays/remove.ts
+++ b/packages/backend/src/server/api/endpoints/admin/relays/remove.ts
@ -10,10 +10,9 @@ import { RelayService } from '@/core/RelayService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:relays',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/reset-password.ts
+++ b/packages/backend/src/server/api/endpoints/admin/reset-password.ts
@ -14,10 +14,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:reset-password',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts
+++ b/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts
@ -15,10 +15,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:resolve-abuse-user-report',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/roles/assign.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/assign.ts
@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js';
 export const meta = {
 	tags: ['admin', 'role'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/roles/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/create.ts
@ -11,10 +11,9 @@ import { RoleService } from '@/core/RoleService.js';
 export const meta = {
 	tags: ['admin', 'role'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:roles',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/admin/roles/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/delete.ts
@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js';
 export const meta = {
 	tags: ['admin', 'role'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/roles/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/list.ts
@ -12,10 +12,9 @@ import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
 export const meta = {
 	tags: ['admin', 'role'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:roles',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/roles/show.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/show.ts
@ -13,10 +13,9 @@ import { RoleEntityService } from '@/core/entities/RoleEntityService.js';
 export const meta = {
 	tags: ['admin', 'role'],

-	kind: 'read:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts
@ -13,10 +13,9 @@ import { RoleService } from '@/core/RoleService.js';
 export const meta = {
 	tags: ['admin', 'role'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts
@ -11,10 +11,9 @@ import { MetaService } from '@/core/MetaService.js';
 export const meta = {
 	tags: ['admin', 'role'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:roles',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/roles/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/update.ts
@ -14,10 +14,9 @@ import { RoleService } from '@/core/RoleService.js';
 export const meta = {
 	tags: ['admin', 'role'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/roles/users.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/users.ts
@ -16,10 +16,9 @@ import { ApiError } from '../../../error.js';
 export const meta = {
 	tags: ['admin', 'role', 'users'],

-	kind: 'read:admin',
-
 	requireCredential: false,
 	requireAdmin: true,
+	kind: 'read:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/send-email.ts
+++ b/packages/backend/src/server/api/endpoints/admin/send-email.ts
@ -10,10 +10,9 @@ import { EmailService } from '@/core/EmailService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:send-email',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/server-info.ts
+++ b/packages/backend/src/server/api/endpoints/admin/server-info.ts
@ -14,11 +14,10 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:server-info',

 	tags: ['admin', 'meta'],

-	kind: 'read:admin',
-
 	res: {
 		type: 'object',
 		optional: false, nullable: false,
--- a/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts
+++ b/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts
@ -15,8 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
-
-	kind: 'read:admin',
+	kind: 'read:admin:show-moderation-log',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/show-user.ts
+++ b/packages/backend/src/server/api/endpoints/admin/show-user.ts
@ -16,8 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
-
-	kind: 'read:admin',
+	kind: 'read:admin:show-user',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/admin/show-users.ts
+++ b/packages/backend/src/server/api/endpoints/admin/show-users.ts
@ -16,8 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
-
-	kind: 'read:admin',
+	kind: 'read:admin:show-users',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/suspend-user.ts
+++ b/packages/backend/src/server/api/endpoints/admin/suspend-user.ts
@ -19,10 +19,9 @@ import { QueueService } from '@/core/QueueService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:suspend-user',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts
+++ b/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts
@ -12,10 +12,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:unset-user-avatar',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts
+++ b/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts
@ -12,10 +12,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:unset-user-banner',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts
+++ b/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts
@ -13,10 +13,9 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:unsuspend-user',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/update-meta.ts
+++ b/packages/backend/src/server/api/endpoints/admin/update-meta.ts
@ -12,10 +12,9 @@ import { MetaService } from '@/core/MetaService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:meta',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/update-user-note.ts
+++ b/packages/backend/src/server/api/endpoints/admin/update-user-note.ts
@ -12,10 +12,9 @@ import { ModerationLogService } from '@/core/ModerationLogService.js';
 export const meta = {
 	tags: ['admin'],

-	kind: 'write:admin',
-
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:user-note',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/ap/get.ts
+++ b/packages/backend/src/server/api/endpoints/ap/get.ts
@ -12,6 +12,7 @@ export const meta = {
 	tags: ['federation'],

 	requireCredential: true,
+	kind: 'read:federation',

 	limit: {
 		duration: ms('1hour'),
--- a/packages/backend/src/server/api/endpoints/ap/show.ts
+++ b/packages/backend/src/server/api/endpoints/ap/show.ts
@ -25,6 +25,7 @@ export const meta = {
 	tags: ['federation'],

 	requireCredential: true,
+	kind: 'read:account',

 	limit: {
 		duration: ms('1hour'),
--- a/packages/backend/src/server/api/endpoints/federation/stats.ts
+++ b/packages/backend/src/server/api/endpoints/federation/stats.ts
@ -29,37 +29,10 @@ export const meta = {
 				optional: false,
 				nullable: false,
 				items: {
-					properties: {
-						id: { type: 'string' },
-						firstRetrievedAt: { type: 'string' },
-						host: { type: 'string' },
-						usersCount: { type: 'number' },
-						notesCount: { type: 'number' },
-						followingCount: { type: 'number' },
-						followersCount: { type: 'number' },
-						isNotResponding: { type: 'boolean' },
-						isSuspended: { type: 'boolean' },
-						isBlocked: { type: 'boolean' },
-						softwareName: { type: 'string' },
-						softwareVersion: { type: 'string' },
-						openRegistrations: { type: 'boolean' },
-						name: { type: 'string' },
-						description: { type: 'string' },
-						maintainerName: { type: 'string' },
-						maintainerEmail: { type: 'string' },
-						isSilenced: { type: 'boolean' },
-						iconUrl: { type: 'string' },
-						faviconUrl: { type: 'string' },
-						themeColor: { type: 'string' },
-						infoUpdatedAt: {
-							type: 'string',
-							nullable: true,
-						},
-						latestRequestReceivedAt: {
-							type: 'string',
-							nullable: true,
-						},
-					}
+					type: 'object',
+					optional: false,
+					nullable: false,
+					ref: 'FederationInstance',
 				},
 			},
 			otherFollowersCount: { type: 'number' },
@ -68,42 +41,15 @@ export const meta = {
 				optional: false,
 				nullable: false,
 				items: {
-					properties: {
-						id: { type: 'string' },
-						firstRetrievedAt: { type: 'string' },
-						host: { type: 'string' },
-						usersCount: { type: 'number' },
-						notesCount: { type: 'number' },
-						followingCount: { type: 'number' },
-						followersCount: { type: 'number' },
-						isNotResponding: { type: 'boolean' },
-						isSuspended: { type: 'boolean' },
-						isBlocked: { type: 'boolean' },
-						softwareName: { type: 'string' },
-						softwareVersion: { type: 'string' },
-						openRegistrations: { type: 'boolean' },
-						name: { type: 'string' },
-						description: { type: 'string' },
-						maintainerName: { type: 'string' },
-						maintainerEmail: { type: 'string' },
-						isSilenced: { type: 'boolean' },
-						iconUrl: { type: 'string' },
-						faviconUrl: { type: 'string' },
-						themeColor: { type: 'string' },
-						infoUpdatedAt: {
-							type: 'string',
-							nullable: true,
-						},
-						latestRequestReceivedAt: {
-							type: 'string',
-							nullable: true,
-						},
-					}
+					type: 'object',
+					optional: false,
+					nullable: false,
+					ref: 'FederationInstance',
 				},
 			},
 			otherFollowingCount: { type: 'number' },
 		},
-	}
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts
+++ b/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts
@ -11,7 +11,7 @@ import { GetterService } from '@/server/api/GetterService.js';
 export const meta = {
 	tags: ['federation'],

-	requireCredential: true,
+	requireCredential: false,
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/fetch-external-resources.ts
+++ b/packages/backend/src/server/api/endpoints/fetch-external-resources.ts
@ -14,6 +14,7 @@ export const meta = {
 	tags: ['meta'],

 	requireCredential: true,
+	secure: true,

 	limit: {
 		duration: ms('1hour'),
--- a/packages/backend/src/server/api/endpoints/i.ts
+++ b/packages/backend/src/server/api/endpoints/i.ts
@ -14,6 +14,7 @@ export const meta = {
 	tags: ['account'],

 	requireCredential: true,
+	kind: "read:account",

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/i/claim-achievement.ts
+++ b/packages/backend/src/server/api/endpoints/i/claim-achievement.ts
@ -10,6 +10,7 @@ import { AchievementService, ACHIEVEMENT_TYPES } from '@/core/AchievementService
 export const meta = {
 	requireCredential: true,
 	prohibitMoved: true,
+	kind: 'write:account',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/i/registry/get-all.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/get-all.ts
@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js';

 export const meta = {
 	requireCredential: true,
+	kind: 'read:account',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/get-detail.ts
@ -10,6 +10,7 @@ import { ApiError } from '../../../error.js';

 export const meta = {
 	requireCredential: true,
+	kind: 'read:account',

 	errors: {
 		noSuchKey: {
--- a/packages/backend/src/server/api/endpoints/i/registry/get.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/get.ts
@ -10,6 +10,7 @@ import { ApiError } from '../../../error.js';

 export const meta = {
 	requireCredential: true,
+	kind: 'read:account',

 	errors: {
 		noSuchKey: {
--- a/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/keys-with-type.ts
@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js';

 export const meta = {
 	requireCredential: true,
+	kind: 'read:account',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/i/registry/keys.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/keys.ts
@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js';

 export const meta = {
 	requireCredential: true,
+	kind: 'read:account',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/i/registry/remove.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/remove.ts
@ -12,6 +12,7 @@ import { ApiError } from '../../../error.js';

 export const meta = {
 	requireCredential: true,
+	kind: 'write:account',

 	errors: {
 		noSuchKey: {
--- a/packages/backend/src/server/api/endpoints/i/registry/set.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/set.ts
@ -9,6 +9,7 @@ import { RegistryApiService } from '@/core/RegistryApiService.js';

 export const meta = {
 	requireCredential: true,
+	kind: 'write:account',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/invite/create.ts
+++ b/packages/backend/src/server/api/endpoints/invite/create.ts
@ -19,6 +19,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canInvite',
+	kind: 'write:invite-codes',

 	errors: {
 		exceededCreateLimit: {
--- a/packages/backend/src/server/api/endpoints/invite/delete.ts
+++ b/packages/backend/src/server/api/endpoints/invite/delete.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canInvite',
+	kind: 'write:invite-codes',

 	errors: {
 		noSuchCode: {
--- a/packages/backend/src/server/api/endpoints/invite/limit.ts
+++ b/packages/backend/src/server/api/endpoints/invite/limit.ts
@ -16,6 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canInvite',
+	kind: 'read:invite-codes',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/invite/list.ts
+++ b/packages/backend/src/server/api/endpoints/invite/list.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canInvite',
+	kind: 'read:invite-codes',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/meta.ts
+++ b/packages/backend/src/server/api/endpoints/meta.ts
@ -164,20 +164,34 @@ export const meta = {
 					type: 'object',
 					optional: false, nullable: false,
 					properties: {
-						place: {
+						id: {
 							type: 'string',
 							optional: false, nullable: false,
+							format: 'id',
+							example: 'xxxxxxxxxx',
 						},
 						url: {
 							type: 'string',
 							optional: false, nullable: false,
 							format: 'url',
 						},
+						place: {
+							type: 'string',
+							optional: false, nullable: false,
+						},
+						ratio: {
+							type: 'number',
+							optional: false, nullable: false,
+						},
 						imageUrl: {
 							type: 'string',
 							optional: false, nullable: false,
 							format: 'url',
 						},
+						dayOfWeek: {
+							type: 'integer',
+							optional: false, nullable: false,
+						},
 					},
 				},
 			},
--- a/packages/backend/src/server/api/endpoints/my/apps.ts
+++ b/packages/backend/src/server/api/endpoints/my/apps.ts
@ -13,6 +13,7 @@ export const meta = {
 	tags: ['account', 'app'],

 	requireCredential: true,
+	kind: 'read:account',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts
+++ b/packages/backend/src/server/api/endpoints/notes/hybrid-timeline.ts
@ -25,6 +25,7 @@ export const meta = {
 	tags: ['notes'],

 	requireCredential: true,
+	kind: 'read:account',

 	res: {
 		type: 'array',
--- a/Show more
+++ b/Show more