Compare commits

..

No commits in common. "d518cdf7391cab701de41eee30004bb7b02c1f64" and "36cb1d20432f754036b4bfd765e807a7983c99ae" have entirely different histories.

11 changed files with 23 additions and 52 deletions

View file

@ -44,7 +44,7 @@ public class FediverseAuthController(
[ProducesResponseType<SingleUrlResponse>(statusCode: StatusCodes.Status200OK)]
public async Task<IActionResult> GetFediverseUrlAsync(
[FromQuery] string instance,
[FromQuery(Name = "force-refresh")] bool forceRefresh = false
[FromQuery] bool forceRefresh = false
)
{
if (instance.Any(c => c is '@' or ':' or '/') || !instance.Contains('.'))
@ -139,7 +139,7 @@ public class FediverseAuthController(
[Authorize("*")]
public async Task<IActionResult> AddFediverseAccountAsync(
[FromQuery] string instance,
[FromQuery(Name = "force-refresh")] bool forceRefresh = false
[FromQuery] bool forceRefresh = false
)
{
if (instance.Any(c => c is '@' or ':' or '/') || !instance.Contains('.'))

View file

@ -173,9 +173,6 @@ public class ReportsController(
public async Task<IActionResult> GetReportsAsync(
[FromQuery] int? limit = null,
[FromQuery] Snowflake? before = null,
[FromQuery] Snowflake? after = null,
[FromQuery(Name = "by-reporter")] Snowflake? byReporter = null,
[FromQuery(Name = "by-target")] Snowflake? byTarget = null,
[FromQuery(Name = "include-closed")] bool includeClosed = false
)
{
@ -190,21 +187,11 @@ public class ReportsController(
IQueryable<Report> query = db
.Reports.Include(r => r.Reporter)
.Include(r => r.TargetUser)
.Include(r => r.TargetMember);
if (byTarget != null && await db.Users.AnyAsync(u => u.Id == byTarget.Value))
query = query.Where(r => r.TargetUserId == byTarget.Value);
if (byReporter != null && await db.Users.AnyAsync(u => u.Id == byReporter.Value))
query = query.Where(r => r.ReporterId == byReporter.Value);
.Include(r => r.TargetMember)
.OrderByDescending(r => r.Id);
if (before != null)
query = query.Where(r => r.Id < before.Value).OrderByDescending(r => r.Id);
else if (after != null)
query = query.Where(r => r.Id > after.Value).OrderBy(r => r.Id);
else
query = query.OrderByDescending(r => r.Id);
query = query.Where(r => r.Id < before.Value);
if (!includeClosed)
query = query.Where(r => r.Status == ReportStatus.Open);

View file

@ -48,7 +48,6 @@ public record UserResponse(
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] Instant? LastActive,
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] Instant? LastSidReroll,
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] string? Timezone,
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] bool? Suspended,
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] bool? Deleted
);

View file

@ -23,29 +23,25 @@ public class LimitMiddleware : IMiddleware
Endpoint? endpoint = ctx.GetEndpoint();
LimitAttribute? attribute = endpoint?.Metadata.GetMetadata<LimitAttribute>();
Token? token = ctx.GetToken();
if (attribute == null)
{
// Check for authorize attribute
// If it exists, and the user is deleted, throw an error.
await next(ctx);
return;
}
Token? token = ctx.GetToken();
if (
endpoint?.Metadata.GetMetadata<AuthorizeAttribute>() != null
&& token?.User.Deleted == true
token?.User.Deleted == true
&& (!attribute.UsableBySuspendedUsers || token.User.DeletedBy == null)
)
{
throw new ApiError.Forbidden("Deleted users cannot access this endpoint.");
}
await next(ctx);
return;
}
if (token?.User.Deleted == true && !attribute.UsableBySuspendedUsers)
throw new ApiError.Forbidden("Deleted users cannot access this endpoint.");
if (attribute.RequireAdmin && token?.User.Role != UserRole.Admin)
{
throw new ApiError.Forbidden("This endpoint can only be used by admins.");
}
if (
attribute.RequireModerator

View file

@ -21,6 +21,7 @@ using Newtonsoft.Json.Linq;
namespace Foxnouns.Backend.Services;
public class ModerationRendererService(
DatabaseContext db,
UserRendererService userRenderer,
MemberRendererService memberRenderer
)

View file

@ -115,7 +115,6 @@ public class UserRendererService(
tokenHidden ? user.LastActive : null,
tokenHidden ? user.LastSidReroll : null,
tokenHidden ? user.Timezone ?? "<none>" : null,
tokenHidden ? user is { Deleted: true, DeletedBy: not null } : null,
tokenHidden ? user.Deleted : null
);
}

View file

@ -26,7 +26,6 @@ export type MeUser = UserWithMembers & {
last_active: string;
last_sid_reroll: string;
timezone: string;
suspended: boolean;
deleted: boolean;
};

View file

@ -21,17 +21,10 @@
</script>
{#if user && user.deleted}
<div class="deleted-alert text-center py-3 mb-2 px-2">
{#if user.suspended}
<div class="suspended-alert text-center py-3 mb-2 px-2">
<strong>{$t("nav.suspended-account-hint")}</strong>
<br />
<a href="/contact">{$t("nav.appeal-suspension-link")}</a>
{:else}
<strong>{$t("nav.deleted-account-hint")}</strong>
<br />
<a href="/settings/reactivate">{$t("nav.reactivate-account-link")}</a>
<a href="/contact">{$t("nav.delete-permanently-link")}</a>
{/if}
</div>
{/if}
@ -73,7 +66,7 @@
</Navbar>
<style>
.deleted-alert {
.suspended-alert {
color: var(--bs-danger-text-emphasis);
background-color: var(--bs-danger-bg-subtle);
}

View file

@ -4,10 +4,7 @@
"log-in": "Log in or sign up",
"settings": "Settings",
"suspended-account-hint": "Your account has been suspended. Your profile has been hidden and you will not be able to change any settings.",
"appeal-suspension-link": "I want to appeal",
"deleted-account-hint": "You have requested deletion of your account. If you want to reactivate it, click the link below.",
"reactivate-account-link": "Reactivate account",
"delete-permanently-link": "I want my account deleted permanently"
"appeal-suspension-link": "I want to appeal"
},
"avatar-tooltip": "Avatar for {{name}}",
"profile": {

View file

@ -65,7 +65,7 @@ export const actions = {
try {
const resp = await apiRequest<{ url: string }>(
"GET",
`/auth/fediverse?instance=${encodeURIComponent(instance)}&force-refresh=true`,
`/auth/fediverse?instance=${encodeURIComponent(instance)}&forceRefresh=true`,
{ fetch, isInternal: true },
);
redirect(303, resp.url);

View file

@ -24,7 +24,7 @@ export const actions = {
const { url } = await apiRequest<{ url: string }>(
"GET",
`/auth/fediverse/add-account?instance=${encodeURIComponent(instance)}&force-refresh=true`,
`/auth/fediverse/add-account?instance=${encodeURIComponent(instance)}&forceRefresh=true`,
{
isInternal: true,
fetch,