ltlapy/iceshrimp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend] Require admin scope for AP get endpoint

Browse source 
This commit addresses disclosed primitive 18
This commit is contained in:
Laura Hausmann 2024-10-28 14:34:17 +01:00
parent 7542310e3e
commit aa73a8905d
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
2 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
packages/backend/src/server/api/endpoints/ap/get.ts
View file

@ -6,6 +6,7 @@ export const meta = {
tags: ["federation"], tags: ["federation"],
requireCredential: true, requireCredential: true,
requireAdmin: true,
limit: { limit: {
duration: HOUR, duration: HOUR,

4
packages/client/src/pages/user-info.vue
View file

@ -169,7 +169,7 @@
{{ i18n.ts.updateRemoteUser }}</FormButton {{ i18n.ts.updateRemoteUser }}</FormButton
> >
<FormFolder class="_formBlock"> <FormFolder class="_formBlock" v-if="iAmAdmin">
<template #label>Raw</template> <template #label>Raw</template>
<MkObjectView v-if="ap" tall :value="ap"> <MkObjectView v-if="ap" tall :value="ap">
@ -577,6 +577,7 @@ watch(
}, },
); );
if (iAmAdmin) {
watch($$(user), () => { watch($$(user), () => {
os.api("ap/get", { os.api("ap/get", {
uri: user.uri ?? `${url}/users/${user.id}`, uri: user.uri ?? `${url}/users/${user.id}`,
@ -584,6 +585,7 @@ watch($$(user), () => {
ap = res; ap = res;
}); });
}); });
}
const headerActions = $computed(() => []); const headerActions = $computed(() => []);