c96bc36fed
* fix: fix improper authorization when accessing with third-party application
* refactor: refactor type definitions
* fix: get rid of unnecessary access limitation
* enhance: サードパーティアプリケーションがWebsocket APIを使えるように
* fix: add missing parentheses
* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"
This reverts commit 5150053275.
* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする
* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加
* enhance(test): Websocket APIに対するテストも追加
* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合
* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正
* enhance(backend): Websocketの接続に最低限必要な権限を変更
* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように
* fix(backend): エンドポイントにアクセスするために必要な権限を変更
* fix(frontend/locale): Add missing type declaration
* chore: update `misskey-js/src/autogen`
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
120 lines
3.3 KiB
TypeScript
120 lines
3.3 KiB
TypeScript
/*
|
|
* SPDX-FileCopyrightText: syuilo and other misskey contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
import { URLSearchParams } from 'node:url';
|
|
import { Injectable } from '@nestjs/common';
|
|
import { Endpoint } from '@/server/api/endpoint-base.js';
|
|
import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
|
|
import { MetaService } from '@/core/MetaService.js';
|
|
import { HttpRequestService } from '@/core/HttpRequestService.js';
|
|
import { GetterService } from '@/server/api/GetterService.js';
|
|
import { RoleService } from '@/core/RoleService.js';
|
|
import { ApiError } from '../../error.js';
|
|
|
|
export const meta = {
|
|
tags: ['notes'],
|
|
|
|
requireCredential: true,
|
|
kind: 'read:account',
|
|
|
|
res: {
|
|
type: 'object',
|
|
optional: false, nullable: false,
|
|
properties: {
|
|
sourceLang: { type: 'string' },
|
|
text: { type: 'string' },
|
|
},
|
|
},
|
|
|
|
errors: {
|
|
unavailable: {
|
|
message: 'Translate of notes unavailable.',
|
|
code: 'UNAVAILABLE',
|
|
id: '50a70314-2d8a-431b-b433-efa5cc56444c',
|
|
},
|
|
noSuchNote: {
|
|
message: 'No such note.',
|
|
code: 'NO_SUCH_NOTE',
|
|
id: 'bea9b03f-36e0-49c5-a4db-627a029f8971',
|
|
},
|
|
},
|
|
} as const;
|
|
|
|
export const paramDef = {
|
|
type: 'object',
|
|
properties: {
|
|
noteId: { type: 'string', format: 'misskey:id' },
|
|
targetLang: { type: 'string' },
|
|
},
|
|
required: ['noteId', 'targetLang'],
|
|
} as const;
|
|
|
|
@Injectable()
|
|
export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-disable-line import/no-default-export
|
|
constructor(
|
|
private noteEntityService: NoteEntityService,
|
|
private getterService: GetterService,
|
|
private metaService: MetaService,
|
|
private httpRequestService: HttpRequestService,
|
|
private roleService: RoleService,
|
|
) {
|
|
super(meta, paramDef, async (ps, me) => {
|
|
const policies = await this.roleService.getUserPolicies(me.id);
|
|
if (!policies.canUseTranslator) {
|
|
throw new ApiError(meta.errors.unavailable);
|
|
}
|
|
|
|
const note = await this.getterService.getNote(ps.noteId).catch(err => {
|
|
if (err.id === '9725d0ce-ba28-4dde-95a7-2cbb2c15de24') throw new ApiError(meta.errors.noSuchNote);
|
|
throw err;
|
|
});
|
|
|
|
if (!(await this.noteEntityService.isVisibleForMe(note, me.id))) {
|
|
return 204; // TODO: 良い感じのエラー返す
|
|
}
|
|
|
|
if (note.text == null) {
|
|
return 204;
|
|
}
|
|
|
|
const instance = await this.metaService.fetch();
|
|
|
|
if (instance.deeplAuthKey == null) {
|
|
return 204; // TODO: 良い感じのエラー返す
|
|
}
|
|
|
|
let targetLang = ps.targetLang;
|
|
if (targetLang.includes('-')) targetLang = targetLang.split('-')[0];
|
|
|
|
const params = new URLSearchParams();
|
|
params.append('auth_key', instance.deeplAuthKey);
|
|
params.append('text', note.text);
|
|
params.append('target_lang', targetLang);
|
|
|
|
const endpoint = instance.deeplIsPro ? 'https://api.deepl.com/v2/translate' : 'https://api-free.deepl.com/v2/translate';
|
|
|
|
const res = await this.httpRequestService.send(endpoint, {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/x-www-form-urlencoded',
|
|
Accept: 'application/json, */*',
|
|
},
|
|
body: params.toString(),
|
|
});
|
|
|
|
const json = (await res.json()) as {
|
|
translations: {
|
|
detected_source_language: string;
|
|
text: string;
|
|
}[];
|
|
};
|
|
|
|
return {
|
|
sourceLang: json.translations[0].detected_source_language,
|
|
text: json.translations[0].text,
|
|
};
|
|
});
|
|
}
|
|
}
|