Compare commits
No commits in common. "d518cdf7391cab701de41eee30004bb7b02c1f64" and "36cb1d20432f754036b4bfd765e807a7983c99ae" have entirely different histories.
d518cdf739
...
36cb1d2043
11 changed files with 23 additions and 52 deletions
|
@ -44,7 +44,7 @@ public class FediverseAuthController(
|
|||
[ProducesResponseType<SingleUrlResponse>(statusCode: StatusCodes.Status200OK)]
|
||||
public async Task<IActionResult> GetFediverseUrlAsync(
|
||||
[FromQuery] string instance,
|
||||
[FromQuery(Name = "force-refresh")] bool forceRefresh = false
|
||||
[FromQuery] bool forceRefresh = false
|
||||
)
|
||||
{
|
||||
if (instance.Any(c => c is '@' or ':' or '/') || !instance.Contains('.'))
|
||||
|
@ -139,7 +139,7 @@ public class FediverseAuthController(
|
|||
[Authorize("*")]
|
||||
public async Task<IActionResult> AddFediverseAccountAsync(
|
||||
[FromQuery] string instance,
|
||||
[FromQuery(Name = "force-refresh")] bool forceRefresh = false
|
||||
[FromQuery] bool forceRefresh = false
|
||||
)
|
||||
{
|
||||
if (instance.Any(c => c is '@' or ':' or '/') || !instance.Contains('.'))
|
||||
|
|
|
@ -173,9 +173,6 @@ public class ReportsController(
|
|||
public async Task<IActionResult> GetReportsAsync(
|
||||
[FromQuery] int? limit = null,
|
||||
[FromQuery] Snowflake? before = null,
|
||||
[FromQuery] Snowflake? after = null,
|
||||
[FromQuery(Name = "by-reporter")] Snowflake? byReporter = null,
|
||||
[FromQuery(Name = "by-target")] Snowflake? byTarget = null,
|
||||
[FromQuery(Name = "include-closed")] bool includeClosed = false
|
||||
)
|
||||
{
|
||||
|
@ -190,21 +187,11 @@ public class ReportsController(
|
|||
IQueryable<Report> query = db
|
||||
.Reports.Include(r => r.Reporter)
|
||||
.Include(r => r.TargetUser)
|
||||
.Include(r => r.TargetMember);
|
||||
|
||||
if (byTarget != null && await db.Users.AnyAsync(u => u.Id == byTarget.Value))
|
||||
query = query.Where(r => r.TargetUserId == byTarget.Value);
|
||||
|
||||
if (byReporter != null && await db.Users.AnyAsync(u => u.Id == byReporter.Value))
|
||||
query = query.Where(r => r.ReporterId == byReporter.Value);
|
||||
.Include(r => r.TargetMember)
|
||||
.OrderByDescending(r => r.Id);
|
||||
|
||||
if (before != null)
|
||||
query = query.Where(r => r.Id < before.Value).OrderByDescending(r => r.Id);
|
||||
else if (after != null)
|
||||
query = query.Where(r => r.Id > after.Value).OrderBy(r => r.Id);
|
||||
else
|
||||
query = query.OrderByDescending(r => r.Id);
|
||||
|
||||
query = query.Where(r => r.Id < before.Value);
|
||||
if (!includeClosed)
|
||||
query = query.Where(r => r.Status == ReportStatus.Open);
|
||||
|
||||
|
|
|
@ -48,7 +48,6 @@ public record UserResponse(
|
|||
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] Instant? LastActive,
|
||||
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] Instant? LastSidReroll,
|
||||
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] string? Timezone,
|
||||
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] bool? Suspended,
|
||||
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] bool? Deleted
|
||||
);
|
||||
|
||||
|
|
|
@ -23,29 +23,25 @@ public class LimitMiddleware : IMiddleware
|
|||
Endpoint? endpoint = ctx.GetEndpoint();
|
||||
LimitAttribute? attribute = endpoint?.Metadata.GetMetadata<LimitAttribute>();
|
||||
|
||||
Token? token = ctx.GetToken();
|
||||
|
||||
if (attribute == null)
|
||||
{
|
||||
// Check for authorize attribute
|
||||
// If it exists, and the user is deleted, throw an error.
|
||||
await next(ctx);
|
||||
return;
|
||||
}
|
||||
|
||||
Token? token = ctx.GetToken();
|
||||
if (
|
||||
endpoint?.Metadata.GetMetadata<AuthorizeAttribute>() != null
|
||||
&& token?.User.Deleted == true
|
||||
token?.User.Deleted == true
|
||||
&& (!attribute.UsableBySuspendedUsers || token.User.DeletedBy == null)
|
||||
)
|
||||
{
|
||||
throw new ApiError.Forbidden("Deleted users cannot access this endpoint.");
|
||||
}
|
||||
|
||||
await next(ctx);
|
||||
return;
|
||||
}
|
||||
|
||||
if (token?.User.Deleted == true && !attribute.UsableBySuspendedUsers)
|
||||
throw new ApiError.Forbidden("Deleted users cannot access this endpoint.");
|
||||
|
||||
if (attribute.RequireAdmin && token?.User.Role != UserRole.Admin)
|
||||
{
|
||||
throw new ApiError.Forbidden("This endpoint can only be used by admins.");
|
||||
}
|
||||
|
||||
if (
|
||||
attribute.RequireModerator
|
||||
|
|
|
@ -21,6 +21,7 @@ using Newtonsoft.Json.Linq;
|
|||
namespace Foxnouns.Backend.Services;
|
||||
|
||||
public class ModerationRendererService(
|
||||
DatabaseContext db,
|
||||
UserRendererService userRenderer,
|
||||
MemberRendererService memberRenderer
|
||||
)
|
||||
|
|
|
@ -115,7 +115,6 @@ public class UserRendererService(
|
|||
tokenHidden ? user.LastActive : null,
|
||||
tokenHidden ? user.LastSidReroll : null,
|
||||
tokenHidden ? user.Timezone ?? "<none>" : null,
|
||||
tokenHidden ? user is { Deleted: true, DeletedBy: not null } : null,
|
||||
tokenHidden ? user.Deleted : null
|
||||
);
|
||||
}
|
||||
|
|
|
@ -26,7 +26,6 @@ export type MeUser = UserWithMembers & {
|
|||
last_active: string;
|
||||
last_sid_reroll: string;
|
||||
timezone: string;
|
||||
suspended: boolean;
|
||||
deleted: boolean;
|
||||
};
|
||||
|
||||
|
|
|
@ -21,17 +21,10 @@
|
|||
</script>
|
||||
|
||||
{#if user && user.deleted}
|
||||
<div class="deleted-alert text-center py-3 mb-2 px-2">
|
||||
{#if user.suspended}
|
||||
<div class="suspended-alert text-center py-3 mb-2 px-2">
|
||||
<strong>{$t("nav.suspended-account-hint")}</strong>
|
||||
<br />
|
||||
<a href="/contact">{$t("nav.appeal-suspension-link")}</a>
|
||||
{:else}
|
||||
<strong>{$t("nav.deleted-account-hint")}</strong>
|
||||
<br />
|
||||
<a href="/settings/reactivate">{$t("nav.reactivate-account-link")}</a> •
|
||||
<a href="/contact">{$t("nav.delete-permanently-link")}</a>
|
||||
{/if}
|
||||
</div>
|
||||
{/if}
|
||||
|
||||
|
@ -73,7 +66,7 @@
|
|||
</Navbar>
|
||||
|
||||
<style>
|
||||
.deleted-alert {
|
||||
.suspended-alert {
|
||||
color: var(--bs-danger-text-emphasis);
|
||||
background-color: var(--bs-danger-bg-subtle);
|
||||
}
|
||||
|
|
|
@ -4,10 +4,7 @@
|
|||
"log-in": "Log in or sign up",
|
||||
"settings": "Settings",
|
||||
"suspended-account-hint": "Your account has been suspended. Your profile has been hidden and you will not be able to change any settings.",
|
||||
"appeal-suspension-link": "I want to appeal",
|
||||
"deleted-account-hint": "You have requested deletion of your account. If you want to reactivate it, click the link below.",
|
||||
"reactivate-account-link": "Reactivate account",
|
||||
"delete-permanently-link": "I want my account deleted permanently"
|
||||
"appeal-suspension-link": "I want to appeal"
|
||||
},
|
||||
"avatar-tooltip": "Avatar for {{name}}",
|
||||
"profile": {
|
||||
|
|
|
@ -65,7 +65,7 @@ export const actions = {
|
|||
try {
|
||||
const resp = await apiRequest<{ url: string }>(
|
||||
"GET",
|
||||
`/auth/fediverse?instance=${encodeURIComponent(instance)}&force-refresh=true`,
|
||||
`/auth/fediverse?instance=${encodeURIComponent(instance)}&forceRefresh=true`,
|
||||
{ fetch, isInternal: true },
|
||||
);
|
||||
redirect(303, resp.url);
|
||||
|
|
|
@ -24,7 +24,7 @@ export const actions = {
|
|||
|
||||
const { url } = await apiRequest<{ url: string }>(
|
||||
"GET",
|
||||
`/auth/fediverse/add-account?instance=${encodeURIComponent(instance)}&force-refresh=true`,
|
||||
`/auth/fediverse/add-account?instance=${encodeURIComponent(instance)}&forceRefresh=true`,
|
||||
{
|
||||
isInternal: true,
|
||||
fetch,
|
||||
|
|
Loading…
Reference in a new issue