Merge remote-tracking branch 'mi-dev/master' into report

2023-12-28 04:16:03 +09:00 · 2023-12-28 04:16:03 +09:00 · cb1586658e
commit cb1586658e
parent 6849d510ac 53898c5006
567 changed files with 10281 additions and 3996 deletions
--- a/packages/backend/src/server/ActivityPubServerService.ts
+++ b/packages/backend/src/server/ActivityPubServerService.ts
@ -138,7 +138,7 @@ export class ActivityPubServerService {
 				return;
 			}

-			const algo = match[1];
+			const algo = match[1].toUpperCase();
 			const digestValue = match[2];

 			if (algo !== 'SHA-256') {
@ -195,11 +195,11 @@ export class ActivityPubServerService {
 		//#region Check ff visibility
 		const profile = await this.userProfilesRepository.findOneByOrFail({ userId: user.id });

-		if (profile.ffVisibility === 'private') {
+		if (profile.followersVisibility === 'private') {
 			reply.code(403);
 			reply.header('Cache-Control', 'public, max-age=30');
 			return;
-		} else if (profile.ffVisibility === 'followers') {
+		} else if (profile.followersVisibility === 'followers') {
 			reply.code(403);
 			reply.header('Cache-Control', 'public, max-age=30');
 			return;
@ -287,11 +287,11 @@ export class ActivityPubServerService {
 		//#region Check ff visibility
 		const profile = await this.userProfilesRepository.findOneByOrFail({ userId: user.id });

-		if (profile.ffVisibility === 'private') {
+		if (profile.followingVisibility === 'private') {
 			reply.code(403);
 			reply.header('Cache-Control', 'public, max-age=30');
 			return;
-		} else if (profile.ffVisibility === 'followers') {
+		} else if (profile.followingVisibility === 'followers') {
 			reply.code(403);
 			reply.header('Cache-Control', 'public, max-age=30');
 			return;
@ -493,8 +493,7 @@ export class ActivityPubServerService {

 	@bindThis
 	public createServer(fastify: FastifyInstance, options: FastifyPluginOptions, done: (err?: Error) => void) {
-		// addConstraintStrategy の型定義がおかしいため
-		(fastify.addConstraintStrategy as any)({
+		fastify.addConstraintStrategy({
 			name: 'apOrHtml',
 			storage() {
 				const store = {} as any;
--- a/packages/backend/src/server/FileServerService.ts
+++ b/packages/backend/src/server/FileServerService.ts
@ -61,6 +61,9 @@ export class FileServerService {
 	public createServer(fastify: FastifyInstance, options: FastifyPluginOptions, done: (err?: Error) => void) {
 		fastify.addHook('onRequest', (request, reply, done) => {
 			reply.header('Content-Security-Policy', 'default-src \'none\'; img-src \'self\'; media-src \'self\'; style-src \'unsafe-inline\'');
+			if (process.env.NODE_ENV === 'development') {
+				reply.header('Access-Control-Allow-Origin', '*');
+			}
 			done();
 		});

--- a/packages/backend/src/server/ServerService.ts
+++ b/packages/backend/src/server/ServerService.ts
@ -107,7 +107,8 @@ export class ServerService implements OnApplicationShutdown {
 		fastify.register(this.activityPubServerService.createServer);
 		fastify.register(this.nodeinfoServerService.createServer);
 		fastify.register(this.wellKnownServerService.createServer);
-		fastify.register(this.oauth2ProviderService.createServer);
+		fastify.register(this.oauth2ProviderService.createServer, { prefix: '/oauth' });
+		fastify.register(this.oauth2ProviderService.createTokenServer, { prefix: '/oauth/token' });

 		fastify.get<{ Params: { path: string }; Querystring: { static?: any; badge?: any; }; }>('/emoji/:path(.*)', async (request, reply) => {
 			const path = request.params.path;
--- a/packages/backend/src/server/WellKnownServerService.ts
+++ b/packages/backend/src/server/WellKnownServerService.ts
@ -16,6 +16,7 @@ import * as Acct from '@/misc/acct.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { bindThis } from '@/decorators.js';
 import { NodeinfoServerService } from './NodeinfoServerService.js';
+import { OAuth2ProviderService } from './oauth/OAuth2ProviderService.js';
 import type { FindOptionsWhere } from 'typeorm';
 import type { FastifyInstance, FastifyPluginOptions } from 'fastify';

@ -30,6 +31,7 @@ export class WellKnownServerService {

 		private nodeinfoServerService: NodeinfoServerService,
 		private userEntityService: UserEntityService,
+		private oauth2ProviderService: OAuth2ProviderService,
 	) {
 		//this.createServer = this.createServer.bind(this);
 	}
@ -87,6 +89,10 @@ export class WellKnownServerService {
 			return { links: this.nodeinfoServerService.getLinks() };
 		});

+		fastify.get('/.well-known/oauth-authorization-server', async () => {
+			return this.oauth2ProviderService.generateRFC8414();
+		});
+
 		/* TODO
 fastify.get('/.well-known/change-password', async (request, reply) => {
 });
--- a/packages/backend/src/server/api/ApiCallService.ts
+++ b/packages/backend/src/server/api/ApiCallService.ts
@ -330,7 +330,8 @@ export class ApiCallService implements OnApplicationShutdown {
 			}
 		}

-		if (token && ep.meta.kind && !token.permission.some(p => p === ep.meta.kind)) {
+		if (token && ((ep.meta.kind && !token.permission.some(p => p === ep.meta.kind))
+			|| (!ep.meta.kind && (ep.meta.requireCredential || ep.meta.requireModerator || ep.meta.requireAdmin)))) {
 			throw new ApiError({
 				message: 'Your app does not have the necessary permissions to use this endpoint.',
 				code: 'PERMISSION_DENIED',
--- a/packages/backend/src/server/api/StreamingApiServerService.ts
+++ b/packages/backend/src/server/api/StreamingApiServerService.ts
@ -71,6 +71,10 @@ export class StreamingApiServerService {

 			try {
 				[user, app] = await this.authenticateService.authenticate(token);
+
+				if (app !== null && !app.permission.some(p => p === 'read:account')) {
+					throw new AuthenticationError('Your app does not have necessary permissions to use websocket API.');
+				}
 			} catch (e) {
 				if (e instanceof AuthenticationError) {
 					socket.write([
--- a/packages/backend/src/server/api/endpoints.ts
+++ b/packages/backend/src/server/api/endpoints.ts
@ -4,6 +4,7 @@
 */

 import type { Schema } from '@/misc/json-schema.js';
+import { permissions } from 'misskey-js';
 import { RolePolicies } from '@/core/RoleService.js';

 import * as ep___admin_meta from './endpoints/admin/meta.js';
@ -724,7 +725,7 @@ const eps = [
 	['retention', ep___retention],
 ];

-export interface IEndpointMeta {
+interface IEndpointMetaBase {
 	readonly stability?: 'deprecated' | 'experimental' | 'stable';

 	readonly tags?: ReadonlyArray<string>;
@ -823,6 +824,23 @@ export interface IEndpointMeta {
 	readonly cacheSec?: number;
 }

+export type IEndpointMeta = (Omit<IEndpointMetaBase, 'requireCrential' | 'requireModerator' | 'requireAdmin'> & {
+	requireCredential?: false,
+	requireAdmin?: false,
+	requireModerator?: false,
+}) | (Omit<IEndpointMetaBase, 'secure'> & {
+	secure: true,
+}) | (Omit<IEndpointMetaBase, 'requireCredential' | 'kind'> & {
+	requireCredential: true,
+	kind: (typeof permissions)[number],
+}) | (Omit<IEndpointMetaBase, 'requireModerator' | 'kind'> & {
+	requireModerator: true,
+	kind: (typeof permissions)[number],
+}) | (Omit<IEndpointMetaBase, 'requireAdmin' | 'kind'> & {
+	requireAdmin: true,
+	kind: (typeof permissions)[number],
+})
+
 export interface IEndpoint {
 	name: string;
 	meta: IEndpointMeta;
--- a/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts
+++ b/packages/backend/src/server/api/endpoints/admin/abuse-user-reports.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:abuse-user-reports',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
@ -46,12 +46,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private userEntityService: UserEntityService,
 		private signupService: SignupService,
 	) {
-		super(meta, paramDef, async (ps, _me) => {
+		super(meta, paramDef, async (ps, _me, token) => {
 			const me = _me ? await this.usersRepository.findOneByOrFail({ id: _me.id }) : null;
 			const noUsers = (await this.usersRepository.countBy({
 				host: IsNull(),
 			})) === 0;
-			if (!noUsers && !me?.isRoot) throw new Error('access denied');
+			if ((!noUsers && !me?.isRoot) || token !== null) throw new Error('access denied');

 			const { account, secret } = await this.signupService.signup({
 				username: ps.username,
--- a/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/delete.ts
@ -16,6 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:account',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/find-by-email.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'read:admin:account',

 	errors: {
 		userNotFound: {
@ -23,6 +24,11 @@ export const meta = {
 			id: 'cb865949-8af5-4062-a88c-ef55e8786d1d',
 		},
 	},
+	res: {
+		type: 'object',
+		optional: false, nullable: false,
+		ref: 'User',
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/ad/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/ad/create.ts
@ -15,6 +15,13 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:ad',
+	res: {
+		type: 'object',
+		optional: false,
+		nullable: false,
+		ref: 'Ad',
+	},
 } as const;

 export const paramDef = {
@ -61,7 +68,18 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				ad: ad,
 			});

-			return ad;
+			return {
+				id: ad.id,
+				expiresAt: ad.expiresAt.toISOString(),
+				startsAt: ad.startsAt.toISOString(),
+				dayOfWeek: ad.dayOfWeek,
+				url: ad.url,
+				imageUrl: ad.imageUrl,
+				priority: ad.priority,
+				ratio: ad.ratio,
+				place: ad.place,
+				memo: ad.memo,
+			};
 		});
 	}
 }
--- a/packages/backend/src/server/api/endpoints/admin/ad/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/ad/delete.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:ad',

 	errors: {
 		noSuchAd: {
--- a/packages/backend/src/server/api/endpoints/admin/ad/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/ad/list.ts
@ -14,6 +14,18 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:ad',
+	res: {
+		type: 'array',
+		optional: false,
+		nullable: false,
+		items: {
+			type: 'object',
+			optional: false,
+			nullable: false,
+			ref: 'Ad',
+		},
+	},
 } as const;

 export const paramDef = {
@ -44,7 +56,18 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			}
 			const ads = await query.limit(ps.limit).getMany();

-			return ads;
+			return ads.map(ad => ({
+				id: ad.id,
+				expiresAt: ad.expiresAt.toISOString(),
+				startsAt: ad.startsAt.toISOString(),
+				dayOfWeek: ad.dayOfWeek,
+				url: ad.url,
+				imageUrl: ad.imageUrl,
+				memo: ad.memo,
+				place: ad.place,
+				priority: ad.priority,
+				ratio: ad.ratio,
+			}));
 		});
 	}
 }
--- a/packages/backend/src/server/api/endpoints/admin/ad/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/ad/update.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:ad',

 	errors: {
 		noSuchAd: {
--- a/packages/backend/src/server/api/endpoints/admin/announcements/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/announcements/create.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:announcements',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/announcements/delete.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:announcements',

 	errors: {
 		noSuchAnnouncement: {
--- a/packages/backend/src/server/api/endpoints/admin/announcements/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/announcements/list.ts
@ -16,6 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:announcements',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/announcements/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/announcements/update.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:announcements',

 	errors: {
 		noSuchAnnouncement: {
--- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/create.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageAvatarDecorations',
+	kind: 'write:admin:avatar-decorations',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/delete.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageAvatarDecorations',
+	kind: 'write:admin:avatar-decorations',
 	errors: {
 	},
 } as const;
--- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/list.ts
@ -17,6 +17,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageAvatarDecorations',
+	kind: 'read:admin:avatar-decorations',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/avatar-decorations/update.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageAvatarDecorations',
+	kind: 'write:admin:avatar-decorations',

 	errors: {
 	},
--- a/packages/backend/src/server/api/endpoints/admin/delete-account.ts
+++ b/packages/backend/src/server/api/endpoints/admin/delete-account.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:delete-account',

 	res: {
 	},
--- a/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts
+++ b/packages/backend/src/server/api/endpoints/admin/delete-all-files-of-a-user.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:delete-all-files-of-a-user',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts
+++ b/packages/backend/src/server/api/endpoints/admin/drive/clean-remote-files.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:drive',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts
+++ b/packages/backend/src/server/api/endpoints/admin/drive/cleanup.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:drive',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/drive/files.ts
+++ b/packages/backend/src/server/api/endpoints/admin/drive/files.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:drive',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts
+++ b/packages/backend/src/server/api/endpoints/admin/drive/show-file.ts
@ -16,6 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:drive',

 	errors: {
 		noSuchFile: {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
@ -16,6 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',

 	errors: {
 		noSuchFile: {
@ -29,6 +30,8 @@ export const meta = {
 			id: 'f7a3462c-4e6e-4069-8421-b9bd4f4c3975',
 		},
 	},
+
+	ref: 'EmojiDetailed',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts
@ -18,6 +18,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',

 	errors: {
 		noSuchEmoji: {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',

 	errors: {
 		noSuchEmoji: {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts
@ -17,6 +17,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'read:admin:emoji',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/emoji/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/list.ts
@ -17,6 +17,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'read:admin:emoji',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-license-bulk.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/update.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireRolePolicy: 'canManageCustomEmojis',
+	kind: 'write:admin:emoji',

 	errors: {
 		noSuchEmoji: {
--- a/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts
+++ b/packages/backend/src/server/api/endpoints/admin/federation/delete-all-files.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:federation',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts
+++ b/packages/backend/src/server/api/endpoints/admin/federation/refresh-remote-instance-metadata.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:federation',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts
+++ b/packages/backend/src/server/api/endpoints/admin/federation/remove-all-following.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:federation',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts
+++ b/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts
@ -16,6 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:federation',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts
+++ b/packages/backend/src/server/api/endpoints/admin/get-index-stats.ts
@ -11,8 +11,19 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'read:admin:index-stats',

 	tags: ['admin'],
+	res: {
+		type: 'array',
+		items: {
+			type: 'object',
+			properties: {
+				tablename: { type: 'string' },
+				indexname: { type: 'string' },
+			},
+		},
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts
+++ b/packages/backend/src/server/api/endpoints/admin/get-table-stats.ts
@ -11,6 +11,7 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'read:admin:table-stats',

 	tags: ['admin'],

--- a/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts
+++ b/packages/backend/src/server/api/endpoints/admin/get-user-ips.ts
@ -14,6 +14,26 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:user-ips',
+	res: {
+		type: 'array',
+		optional: false,
+		nullable: false,
+		items: {
+			type: 'object',
+			optional: false,
+			nullable: false,
+			properties: {
+				ip: { type: 'string' },
+				createdAt: {
+					type: 'string',
+					optional: false,
+					nullable: false,
+					format: 'date-time',
+				},
+			},
+		},
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/invite/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/invite/create.ts
@ -18,6 +18,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:invite-codes',

 	errors: {
 		invalidDateTime: {
--- a/packages/backend/src/server/api/endpoints/admin/invite/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/invite/list.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:invite-codes',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/meta.ts
+++ b/packages/backend/src/server/api/endpoints/admin/meta.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'read:admin:meta',

 	res: {
 		type: 'object',
@ -143,6 +144,14 @@ export const meta = {
 					type: 'string',
 				},
 			},
+			bannedEmailDomains: {
+				type: 'array',
+				optional: true, nullable: false,
+				items: {
+					type: 'string',
+					optional: false, nullable: false,
+				},
+			},
 			preservedUsernames: {
 				type: 'array',
 				optional: false, nullable: false,
@ -371,6 +380,10 @@ export const meta = {
 				type: 'string',
 				optional: false, nullable: true,
 			},
+			shortName: {
+				type: 'string',
+				optional: false, nullable: true,
+			},
 			objectStorageS3ForcePathStyle: {
 				type: 'boolean',
 				optional: false, nullable: false,
@ -511,6 +524,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				enableChartsForFederatedInstances: instance.enableChartsForFederatedInstances,
 				enableServerMachineStats: instance.enableServerMachineStats,
 				enableIdenticonGeneration: instance.enableIdenticonGeneration,
+				bannedEmailDomains: instance.bannedEmailDomains,
 				policies: { ...DEFAULT_POLICIES, ...instance.policies },
 				manifestJsonOverride: instance.manifestJsonOverride,
 				enableFanoutTimeline: instance.enableFanoutTimeline,
--- a/packages/backend/src/server/api/endpoints/admin/promo/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/promo/create.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:promo',

 	errors: {
 		noSuchNote: {
--- a/packages/backend/src/server/api/endpoints/admin/queue/clear.ts
+++ b/packages/backend/src/server/api/endpoints/admin/queue/clear.ts
@ -13,6 +13,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:queue',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts
+++ b/packages/backend/src/server/api/endpoints/admin/queue/deliver-delayed.ts
@ -13,6 +13,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:queue',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts
+++ b/packages/backend/src/server/api/endpoints/admin/queue/inbox-delayed.ts
@ -13,6 +13,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:queue',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/queue/promote.ts
+++ b/packages/backend/src/server/api/endpoints/admin/queue/promote.ts
@ -13,6 +13,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:queue',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/queue/stats.ts
+++ b/packages/backend/src/server/api/endpoints/admin/queue/stats.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:emoji',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/admin/relays/add.ts
+++ b/packages/backend/src/server/api/endpoints/admin/relays/add.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:relays',

 	errors: {
 		invalidUrl: {
--- a/packages/backend/src/server/api/endpoints/admin/relays/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/relays/list.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:relays',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/relays/remove.ts
+++ b/packages/backend/src/server/api/endpoints/admin/relays/remove.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:relays',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/reset-password.ts
+++ b/packages/backend/src/server/api/endpoints/admin/reset-password.ts
@ -16,6 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:reset-password',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts
+++ b/packages/backend/src/server/api/endpoints/admin/resolve-abuse-user-report.ts
@ -17,6 +17,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:resolve-abuse-user-report',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/roles/assign.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/assign.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/roles/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/create.ts
@ -13,6 +13,7 @@ export const meta = {

 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:roles',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/admin/roles/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/delete.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/roles/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/list.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:roles',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/roles/show.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/show.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/update-default-policies.ts
@ -13,6 +13,7 @@ export const meta = {

 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:roles',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/roles/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/update.ts
@ -16,6 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:roles',

 	errors: {
 		noSuchRole: {
--- a/packages/backend/src/server/api/endpoints/admin/roles/users.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/users.ts
@ -18,6 +18,7 @@ export const meta = {

 	requireCredential: false,
 	requireAdmin: true,
+	kind: 'read:admin:roles',

 	errors: {
 		noSuchRole: {
@ -26,6 +27,20 @@ export const meta = {
 			id: '224eff5e-2488-4b18-b3e7-f50d94421648',
 		},
 	},
+
+	res: {
+		type: 'array',
+		items: {
+			type: 'object',
+			properties: {
+				id: { type: 'string', format: 'misskey:id' },
+				createdAt: { type: 'string', format: 'date-time' },
+				user: { ref: 'UserDetailed' },
+				expiresAt: { type: 'string', format: 'date-time', nullable: true },
+			},
+			required: ['id', 'createdAt', 'user'],
+		},
+	}
 } as const;

 export const paramDef = {
@ -78,7 +93,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				id: assign.id,
 				createdAt: this.idService.parse(assign.id).date.toISOString(),
 				user: await this.userEntityService.pack(assign.user!, me, { detail: true }),
-				expiresAt: assign.expiresAt,
+				expiresAt: assign.expiresAt?.toISOString() ?? null,
 			})));
 		});
 	}
--- a/packages/backend/src/server/api/endpoints/admin/send-email.ts
+++ b/packages/backend/src/server/api/endpoints/admin/send-email.ts
@ -12,6 +12,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:send-email',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/server-info.ts
+++ b/packages/backend/src/server/api/endpoints/admin/server-info.ts
@ -14,6 +14,7 @@ import { DI } from '@/di-symbols.js';
 export const meta = {
 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:server-info',

 	tags: ['admin', 'meta'],

--- a/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts
+++ b/packages/backend/src/server/api/endpoints/admin/show-moderation-logs.ts
@ -14,7 +14,8 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireModerator: true,
+	requireAdmin: true,
+	kind: 'read:admin:show-moderation-log',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/show-user.ts
+++ b/packages/backend/src/server/api/endpoints/admin/show-user.ts
@ -16,6 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:show-user',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/admin/show-users.ts
+++ b/packages/backend/src/server/api/endpoints/admin/show-users.ts
@ -16,6 +16,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'read:admin:show-users',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/suspend-user.ts
+++ b/packages/backend/src/server/api/endpoints/admin/suspend-user.ts
@ -21,6 +21,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:suspend-user',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts
+++ b/packages/backend/src/server/api/endpoints/admin/unset-user-avatar.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:unset-user-avatar',
 } as const;

 export const paramDef = {
@ -39,7 +40,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 			if (user == null) {
 				throw new Error('user not found');
 			}
-	
+
 			if (user.avatarId == null) return;

 			await this.usersRepository.update(user.id, {
--- a/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts
+++ b/packages/backend/src/server/api/endpoints/admin/unset-user-banner.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:unset-user-banner',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts
+++ b/packages/backend/src/server/api/endpoints/admin/unsuspend-user.ts
@ -15,6 +15,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:unsuspend-user',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/update-meta.ts
+++ b/packages/backend/src/server/api/endpoints/admin/update-meta.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireAdmin: true,
+	kind: 'write:admin:meta',
 } as const;

 export const paramDef = {
@ -120,6 +121,7 @@ export const paramDef = {
 		enableServerMachineStats: { type: 'boolean' },
 		enableIdenticonGeneration: { type: 'boolean' },
 		serverRules: { type: 'array', items: { type: 'string' } },
+		bannedEmailDomains: { type: 'array', items: { type: 'string' } },
 		preservedUsernames: { type: 'array', items: { type: 'string' } },
 		manifestJsonOverride: { type: 'string' },
 		enableFanoutTimeline: { type: 'boolean' },
@ -524,6 +526,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				set.notesPerOneAd = ps.notesPerOneAd;
 			}

+			if (ps.bannedEmailDomains !== undefined) {
+				set.bannedEmailDomains = ps.bannedEmailDomains;
+			}
+
 			const before = await this.metaService.fetch(true);

 			await this.metaService.update(set);
--- a/packages/backend/src/server/api/endpoints/admin/update-user-note.ts
+++ b/packages/backend/src/server/api/endpoints/admin/update-user-note.ts
@ -14,6 +14,7 @@ export const meta = {

 	requireCredential: true,
 	requireModerator: true,
+	kind: 'write:admin:user-note',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/ap/get.ts
+++ b/packages/backend/src/server/api/endpoints/ap/get.ts
@ -12,6 +12,7 @@ export const meta = {
 	tags: ['federation'],

 	requireCredential: true,
+	kind: 'read:federation',

 	limit: {
 		duration: ms('1hour'),
--- a/packages/backend/src/server/api/endpoints/ap/show.ts
+++ b/packages/backend/src/server/api/endpoints/ap/show.ts
@ -25,6 +25,7 @@ export const meta = {
 	tags: ['federation'],

 	requireCredential: true,
+	kind: 'read:account',

 	limit: {
 		duration: ms('1hour'),
--- a/packages/backend/src/server/api/endpoints/endpoint.ts
+++ b/packages/backend/src/server/api/endpoints/endpoint.ts
@ -11,6 +11,23 @@ export const meta = {
 	requireCredential: false,

 	tags: ['meta'],
+
+	res: {
+		type: 'object',
+		nullable: true,
+		properties: {
+			params: {
+				type: 'array',
+				items: {
+					type: 'object',
+					properties: {
+						name: { type: 'string' },
+						type: { type: 'string' },
+					},
+				},
+			},
+		},
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/federation/stats.ts
+++ b/packages/backend/src/server/api/endpoints/federation/stats.ts
@ -18,6 +18,38 @@ export const meta = {

 	allowGet: true,
 	cacheSec: 60 * 60,
+
+	res: {
+		type: 'object',
+		optional: false,
+		nullable: false,
+		properties: {
+			topSubInstances: {
+				type: 'array',
+				optional: false,
+				nullable: false,
+				items: {
+					type: 'object',
+					optional: false,
+					nullable: false,
+					ref: 'FederationInstance',
+				},
+			},
+			otherFollowersCount: { type: 'number' },
+			topPubInstances: {
+				type: 'array',
+				optional: false,
+				nullable: false,
+				items: {
+					type: 'object',
+					optional: false,
+					nullable: false,
+					ref: 'FederationInstance',
+				},
+			},
+			otherFollowingCount: { type: 'number' },
+		},
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts
+++ b/packages/backend/src/server/api/endpoints/federation/update-remote-user.ts
@ -11,7 +11,7 @@ import { GetterService } from '@/server/api/GetterService.js';
 export const meta = {
 	tags: ['federation'],

-	requireCredential: true,
+	requireCredential: false,
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/fetch-external-resources.ts
+++ b/packages/backend/src/server/api/endpoints/fetch-external-resources.ts
@ -14,6 +14,7 @@ export const meta = {
 	tags: ['meta'],

 	requireCredential: true,
+	secure: true,

 	limit: {
 		duration: ms('1hour'),
@ -32,6 +33,18 @@ export const meta = {
 			id: '693ba8ba-b486-40df-a174-72f8279b56a4',
 		},
 	},
+
+	res: {
+		type: 'object',
+		properties: {
+			type: {
+				type: 'string',
+			},
+			data: {
+				type: 'string',
+			},
+		},
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/fetch-rss.ts
+++ b/packages/backend/src/server/api/endpoints/fetch-rss.ts
@ -16,6 +16,18 @@ export const meta = {
 	requireCredential: false,
 	allowGet: true,
 	cacheSec: 60 * 3,
+
+	res: {
+		type: 'object',
+		properties: {
+			items: {
+				type: 'array',
+				items: {
+					type: 'object',
+				},
+			}
+		}
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/flash/create.ts
+++ b/packages/backend/src/server/api/endpoints/flash/create.ts
@ -27,6 +27,12 @@ export const meta = {

 	errors: {
 	},
+
+	res: {
+		type: 'object',
+		optional: false, nullable: false,
+		ref: 'Flash',
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/get-online-users-count.ts
+++ b/packages/backend/src/server/api/endpoints/get-online-users-count.ts
@ -16,6 +16,16 @@ export const meta = {
 	requireCredential: false,
 	allowGet: true,
 	cacheSec: 60 * 1,
+	res: {
+		type: 'object',
+		optional: false, nullable: false,
+		properties: {
+			count: {
+				type: 'number',
+				nullable: false,
+			},
+		},
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/i.ts
+++ b/packages/backend/src/server/api/endpoints/i.ts
@ -14,6 +14,7 @@ export const meta = {
 	tags: ['account'],

 	requireCredential: true,
+	kind: "read:account",

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/i/2fa/key-done.ts
+++ b/packages/backend/src/server/api/endpoints/i/2fa/key-done.ts
@ -32,6 +32,16 @@ export const meta = {
 			id: '798d6847-b1ed-4f9c-b1f9-163c42655995',
 		},
 	},
+
+	res: {
+		type: 'object',
+		nullable: false,
+		optional: false,
+		properties: {
+			id: { type: 'string' },
+			name: { type: 'string' },
+		},
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts
+++ b/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts
@ -36,6 +36,140 @@ export const meta = {
 			id: 'bf32b864-449b-47b8-974e-f9a5468546f1',
 		},
 	},
+
+	res: {
+		type: 'object',
+		nullable: false,
+		optional: false,
+		properties: {
+			rp: {
+				type: 'object',
+				properties: {
+					id: {
+						type: 'string',
+						nullable: true,
+					},
+				},
+			},
+			user: {
+				type: 'object',
+				properties: {
+					id: {
+						type: 'string',
+					},
+					name: {
+						type: 'string',
+					},
+					displayName: {
+						type: 'string',
+					},
+				},
+			},
+			challenge: {
+				type: 'string',
+			},
+			pubKeyCredParams: {
+				type: 'array',
+				items: {
+					type: 'object',
+					properties: {
+						type: {
+							type: 'string',
+						},
+						alg: {
+							type: 'number',
+						},
+					},
+				},
+			},
+			timeout: {
+				type: 'number',
+				nullable: true,
+			},
+			excludeCredentials: {
+				type: 'array',
+				nullable: true,
+				items: {
+					type: 'object',
+					properties: {
+						id: {
+							type: 'string',
+						},
+						type: {
+							type: 'string',
+						},
+						transports: {
+							type: 'array',
+							items: {
+								type: 'string',
+								enum: [
+									"ble",
+									"cable",
+									"hybrid",
+									"internal",
+									"nfc",
+									"smart-card",
+									"usb",
+								],
+							},
+						},
+					},
+				},
+			},
+			authenticatorSelection: {
+				type: 'object',
+				nullable: true,
+				properties: {
+					authenticatorAttachment: {
+						type: 'string',
+						enum: [
+							"cross-platform",
+							"platform",
+						],
+					},
+					requireResidentKey: {
+						type: 'boolean',
+					},
+					userVerification: {
+						type: 'string',
+						enum: [
+							"discouraged",
+							"preferred",
+							"required",
+						],
+					},
+				},
+			},
+			attestation: {
+				type: 'string',
+				nullable: true,
+				enum: [
+					"direct",
+					"enterprise",
+					"indirect",
+					"none",
+				],
+			},
+			extensions: {
+				type: 'object',
+				nullable: true,
+				properties: {
+					appid: {
+						type: 'string',
+						nullable: true,
+					},
+					credProps: {
+						type: 'boolean',
+						nullable: true,
+					},
+					hmacCreateSecret: {
+						type: 'boolean',
+						nullable: true,
+					},
+				},
+			},
+		},
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/i/2fa/register.ts
+++ b/packages/backend/src/server/api/endpoints/i/2fa/register.ts
@ -26,6 +26,19 @@ export const meta = {
 			id: '78d6c839-20c9-4c66-b90a-fc0542168b48',
 		},
 	},
+
+	res: {
+		type: 'object',
+		nullable: false,
+		optional: false,
+		properties: {
+			qr: { type: 'string' },
+			url: { type: 'string' },
+			secret: { type: 'string' },
+			label: { type: 'string' },
+			issuer: { type: 'string' },
+		},
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/i/apps.ts
+++ b/packages/backend/src/server/api/endpoints/i/apps.ts
@ -13,6 +13,37 @@ export const meta = {
 	requireCredential: true,

 	secure: true,
+
+	res: {
+		type: 'array',
+		items: {
+			type: 'object',
+			properties: {
+				id: {
+					type: 'string',
+					format: 'misskey:id',
+				},
+				name: {
+					type: 'string',
+				},
+				createdAt: {
+					type: 'string',
+					format: 'date-time',
+				},
+				lastUsedAt: {
+					type: 'string',
+					format: 'date-time',
+				},
+				permission: {
+					type: 'array',
+					uniqueItems: true,
+					items: {
+						type: 'string'
+					},
+				}
+			},
+		},
+	},
 } as const;

 export const paramDef = {
@ -50,7 +81,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				id: token.id,
 				name: token.name ?? token.app?.name,
 				createdAt: this.idService.parse(token.id).date.toISOString(),
-				lastUsedAt: token.lastUsedAt,
+				lastUsedAt: token.lastUsedAt?.toISOString(),
 				permission: token.permission,
 			})));
 		});
--- a/packages/backend/src/server/api/endpoints/i/authorized-apps.ts
+++ b/packages/backend/src/server/api/endpoints/i/authorized-apps.ts
@ -14,6 +14,36 @@ export const meta = {
 	requireCredential: true,

 	secure: true,
+
+	res: {
+		type: 'array',
+		items: {
+			type: 'object',
+			properties: {
+				id: {
+					type: 'string',
+					format: 'misskey:id',
+				},
+				name: {
+					type: 'string',
+				},
+				callbackUrl: {
+					type: 'string',
+					nullable: true,
+				},
+				permission: {
+					type: 'array',
+					uniqueItems: true,
+					items: {
+						type: 'string'
+					},
+				},
+				isAuthorized: {
+					type: 'boolean',
+				},
+			},
+		},
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/i/claim-achievement.ts
+++ b/packages/backend/src/server/api/endpoints/i/claim-achievement.ts
@ -10,6 +10,7 @@ import { AchievementService, ACHIEVEMENT_TYPES } from '@/core/AchievementService
 export const meta = {
 	requireCredential: true,
 	prohibitMoved: true,
+	kind: 'write:account',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/i/move.ts
+++ b/packages/backend/src/server/api/endpoints/i/move.ts
@ -64,6 +64,10 @@ export const meta = {
 			id: 'b234a14e-9ebe-4581-8000-074b3c215962',
 		},
 	},
+
+	res: {
+		type: 'object',
+	},
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/i/registry/get-all.ts
+++ b/packages/backend/src/server/api/endpoints/i/registry/get-all.ts
@ -9,6 +9,11 @@ import { RegistryApiService } from '@/core/RegistryApiService.js';

 export const meta = {
 	requireCredential: true,
+	kind: 'read:account',
+
+	res: {
+		type: 'object',
+	},
 } as const;

 export const paramDef = {
--- a/Show more
+++ b/Show more