liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add system and member privacy support

Browse Source
This commit is contained in:
Ske
2020-01-11 16:49:20 +01:00
parent f0cc5c5961
commit 98613c4287
17 changed files with 317 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
PluralKit.API/Controllers/AccountController.cs
View File

@@ -11,10 +11,12 @@ namespace PluralKit.API.Controllers
public class AccountController: ControllerBase
{
private IDataStore _data;
private TokenAuthService _auth;
public AccountController(IDataStore data)
public AccountController(IDataStore data, TokenAuthService auth)
{
_data = data;
_auth = auth;
}
[HttpGet("{aid}")]
@@ -23,7 +25,7 @@ namespace PluralKit.API.Controllers
var system = await _data.GetSystemByAccount(aid);
if (system == null) return NotFound("Account not found.");
return Ok(system.ToJson());
return Ok(system.ToJson(_auth.ContextFor(system)));
}
}
}

8
PluralKit.API/Controllers/MemberController.cs
View File

@@ -28,7 +28,7 @@ namespace PluralKit.API.Controllers
var member = await _data.GetMemberByHid(hid);
if (member == null) return NotFound("Member not found.");
return Ok(member.ToJson());
return Ok(member.ToJson(_auth.ContextFor(member)));
}
[HttpPost]
@@ -41,7 +41,7 @@ namespace PluralKit.API.Controllers
return BadRequest("Member name must be specified.");
// Enforce per-system member limit
var memberCount = await _data.GetSystemMemberCount(system);
var memberCount = await _data.GetSystemMemberCount(system, true);
if (memberCount >= Limits.MaxMemberCount)
return BadRequest($"Member limit reached ({memberCount} / {Limits.MaxMemberCount}).");
@@ -56,7 +56,7 @@ namespace PluralKit.API.Controllers
}
await _data.SaveMember(member);
return Ok(member.ToJson());
return Ok(member.ToJson(_auth.ContextFor(member)));
}
[HttpPatch("{hid}")]
@@ -78,7 +78,7 @@ namespace PluralKit.API.Controllers
}
await _data.SaveMember(member);
return Ok(member.ToJson());
return Ok(member.ToJson(_auth.ContextFor(member)));
}
[HttpDelete("{hid}")]

8
PluralKit.API/Controllers/MessageController.cs
View File

@@ -25,10 +25,12 @@ namespace PluralKit.API.Controllers
public class MessageController: ControllerBase
{
private IDataStore _data;
private TokenAuthService _auth;
public MessageController(IDataStore _data)
public MessageController(IDataStore _data, TokenAuthService auth)
{
this._data = _data;
_auth = auth;
}
[HttpGet("{mid}")]
@@ -43,8 +45,8 @@ namespace PluralKit.API.Controllers
Id = msg.Message.Mid.ToString(),
Channel = msg.Message.Channel.ToString(),
Sender = msg.Message.Sender.ToString(),
Member = msg.Member.ToJson(),
System = msg.System.ToJson(),
Member = msg.Member.ToJson(_auth.ContextFor(msg.System)),
System = msg.System.ToJson(_auth.ContextFor(msg.System)),
Original = msg.Message.OriginalMid?.ToString()
};
}

23
PluralKit.API/Controllers/SystemController.cs
View File

@@ -2,6 +2,8 @@ using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Dapper;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
@@ -48,7 +50,7 @@ namespace PluralKit.API.Controllers
[RequiresSystem]
public Task<ActionResult<JObject>> GetOwnSystem()
{
return Task.FromResult<ActionResult<JObject>>(Ok(_auth.CurrentSystem.ToJson()));
return Task.FromResult<ActionResult<JObject>>(Ok(_auth.CurrentSystem.ToJson(_auth.ContextFor(_auth.CurrentSystem))));
}
[HttpGet("{hid}")]
@@ -56,7 +58,7 @@ namespace PluralKit.API.Controllers
{
var system = await _data.GetSystemByHid(hid);
if (system == null) return NotFound("System not found.");
return Ok(system.ToJson());
return Ok(system.ToJson(_auth.ContextFor(system)));
}
[HttpGet("{hid}/members")]
@@ -65,8 +67,13 @@ namespace PluralKit.API.Controllers
var system = await _data.GetSystemByHid(hid);
if (system == null) return NotFound("System not found.");
if (!system.MemberListPrivacy.CanAccess(_auth.ContextFor(system)))
return StatusCode(StatusCodes.Status403Forbidden, "Unauthorized to view member list.");
var members = await _data.GetSystemMembers(system);
return Ok(members.Select(m => m.ToJson()));
return Ok(members
.Where(m => m.MemberPrivacy.CanAccess(_auth.ContextFor(system)))
.Select(m => m.ToJson(_auth.ContextFor(system))));
}
[HttpGet("{hid}/switches")]
@@ -76,6 +83,9 @@ namespace PluralKit.API.Controllers
var system = await _data.GetSystemByHid(hid);
if (system == null) return NotFound("System not found.");
if (!system.FrontHistoryPrivacy.CanAccess(_auth.ContextFor(system)))
return StatusCode(StatusCodes.Status403Forbidden, "Unauthorized to view front history.");
using (var conn = await _conn.Obtain())
{
@@ -97,6 +107,9 @@ namespace PluralKit.API.Controllers
var system = await _data.GetSystemByHid(hid);
if (system == null) return NotFound("System not found.");
if (!system.FrontPrivacy.CanAccess(_auth.ContextFor(system)))
return StatusCode(StatusCodes.Status403Forbidden, "Unauthorized to view fronter.");
var sw = await _data.GetLatestSwitch(system);
if (sw == null) return NotFound("System has no registered switches.");
@@ -104,7 +117,7 @@ namespace PluralKit.API.Controllers
return Ok(new FrontersReturn
{
Timestamp = sw.Timestamp,
Members = members.Select(m => m.ToJson())
Members = members.Select(m => m.ToJson(_auth.ContextFor(system)))
});
}
@@ -124,7 +137,7 @@ namespace PluralKit.API.Controllers
}
await _data.SaveSystem(system);
return Ok(system.ToJson());
return Ok(system.ToJson(_auth.ContextFor(system)));
}
[HttpPost("switches")]