フォローリクエストがなくてもフォロー承認が出来てしまうのを修正 (#7013)

* フォローリクエストがなくてもフォロー承認が出来てしまうのを修正

* プロキシアカウントがDB処理をせずにフォローを飛ばしているのを修正
This commit is contained in:
MeiMei 2020-12-26 15:31:28 +09:00 committed by GitHub
parent c6cfc3f908
commit c5bdee086d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 7 deletions

View file

@ -33,6 +33,11 @@ export const meta = {
code: 'NO_SUCH_USER', code: 'NO_SUCH_USER',
id: '66ce1645-d66c-46bb-8b79-96739af885bd' id: '66ce1645-d66c-46bb-8b79-96739af885bd'
}, },
noFollowRequest: {
message: 'No follow request.',
code: 'NO_FOLLOW_REQUEST',
id: 'bcde4f8b-0913-4614-8881-614e522fb041'
},
} }
}; };
@ -43,7 +48,10 @@ export default define(meta, async (ps, user) => {
throw e; throw e;
}); });
await acceptFollowRequest(user, follower); await acceptFollowRequest(user, follower).catch(e => {
if (e.id === '8884c2dd-5795-4ac9-b27e-6a01d38190f9') throw new ApiError(meta.errors.noFollowRequest);
throw e;
});
return; return;
}); });

View file

@ -6,6 +6,7 @@ import { publishMainStream } from '../../stream';
import { insertFollowingDoc } from '../create'; import { insertFollowingDoc } from '../create';
import { User, ILocalUser } from '../../../models/entities/user'; import { User, ILocalUser } from '../../../models/entities/user';
import { FollowRequests, Users } from '../../../models'; import { FollowRequests, Users } from '../../../models';
import { IdentifiableError } from '../../../misc/identifiable-error';
export default async function(followee: User, follower: User) { export default async function(followee: User, follower: User) {
const request = await FollowRequests.findOne({ const request = await FollowRequests.findOne({
@ -13,9 +14,13 @@ export default async function(followee: User, follower: User) {
followerId: follower.id followerId: follower.id
}); });
if (request == null) {
throw new IdentifiableError('8884c2dd-5795-4ac9-b27e-6a01d38190f9', 'No follow request.');
}
await insertFollowingDoc(followee, follower); await insertFollowingDoc(followee, follower);
if (Users.isRemoteUser(follower) && request) { if (Users.isRemoteUser(follower)) {
const content = renderActivity(renderAccept(renderFollow(follower, followee, request.requestId!), followee as ILocalUser)); const content = renderActivity(renderAccept(renderFollow(follower, followee, request.requestId!), followee as ILocalUser));
deliver(followee as ILocalUser, content, follower.inbox); deliver(followee as ILocalUser, content, follower.inbox);
} }

View file

@ -1,6 +1,3 @@
import { renderActivity } from '../../remote/activitypub/renderer';
import { deliver } from '../../queue';
import renderFollow from '../../remote/activitypub/renderer/follow';
import { publishUserListStream } from '../stream'; import { publishUserListStream } from '../stream';
import { User } from '../../models/entities/user'; import { User } from '../../models/entities/user';
import { UserList } from '../../models/entities/user-list'; import { UserList } from '../../models/entities/user-list';
@ -8,6 +5,7 @@ import { UserListJoinings, Users } from '../../models';
import { UserListJoining } from '../../models/entities/user-list-joining'; import { UserListJoining } from '../../models/entities/user-list-joining';
import { genId } from '../../misc/gen-id'; import { genId } from '../../misc/gen-id';
import { fetchProxyAccount } from '../../misc/fetch-proxy-account'; import { fetchProxyAccount } from '../../misc/fetch-proxy-account';
import createFollowing from '../following/create';
export async function pushUserToUserList(target: User, list: UserList) { export async function pushUserToUserList(target: User, list: UserList) {
await UserListJoinings.save({ await UserListJoinings.save({
@ -23,8 +21,7 @@ export async function pushUserToUserList(target: User, list: UserList) {
if (Users.isRemoteUser(target)) { if (Users.isRemoteUser(target)) {
const proxy = await fetchProxyAccount(); const proxy = await fetchProxyAccount();
if (proxy) { if (proxy) {
const content = renderActivity(renderFollow(proxy, target)); createFollowing(proxy, target);
deliver(proxy, content, target.inbox);
} }
} }
} }