mirror of
https://github.com/misskey-dev/misskey.git
synced 2025-01-07 00:19:20 +09:00
c96bc36fed
* fix: fix improper authorization when accessing with third-party application
* refactor: refactor type definitions
* fix: get rid of unnecessary access limitation
* enhance: サードパーティアプリケーションがWebsocket APIを使えるように
* fix: add missing parentheses
* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"
This reverts commit 5150053275
.
* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする
* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加
* enhance(test): Websocket APIに対するテストも追加
* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合
* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正
* enhance(backend): Websocketの接続に最低限必要な権限を変更
* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように
* fix(backend): エンドポイントにアクセスするために必要な権限を変更
* fix(frontend/locale): Add missing type declaration
* chore: update `misskey-js/src/autogen`
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
105 lines
2.7 KiB
Vue
105 lines
2.7 KiB
Vue
<!--
|
|
SPDX-FileCopyrightText: syuilo and other misskey contributors
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
-->
|
|
|
|
<template>
|
|
<MkModalWindow
|
|
ref="dialog"
|
|
:width="400"
|
|
:height="450"
|
|
:withOkButton="true"
|
|
:okButtonDisabled="false"
|
|
:canClose="false"
|
|
@close="dialog.close()"
|
|
@closed="$emit('closed')"
|
|
@ok="ok()"
|
|
>
|
|
<template #header>{{ title || i18n.ts.generateAccessToken }}</template>
|
|
|
|
<MkSpacer :marginMin="20" :marginMax="28">
|
|
<div class="_gaps_m">
|
|
<div v-if="information">
|
|
<MkInfo warn>{{ information }}</MkInfo>
|
|
</div>
|
|
<div>
|
|
<MkInput v-model="name">
|
|
<template #label>{{ i18n.ts.name }}</template>
|
|
</MkInput>
|
|
</div>
|
|
<div><b>{{ i18n.ts.permission }}</b></div>
|
|
<div class="_buttons">
|
|
<MkButton inline @click="disableAll">{{ i18n.ts.disableAll }}</MkButton>
|
|
<MkButton inline @click="enableAll">{{ i18n.ts.enableAll }}</MkButton>
|
|
</div>
|
|
<div class="_gaps_s">
|
|
<MkSwitch v-for="kind in Object.keys(permissions)" :key="kind" v-model="permissions[kind]">{{ i18n.t(`_permissions.${kind}`) }}</MkSwitch>
|
|
</div>
|
|
</div>
|
|
</MkSpacer>
|
|
</MkModalWindow>
|
|
</template>
|
|
|
|
<script lang="ts" setup>
|
|
import { shallowRef, ref } from 'vue';
|
|
import * as Misskey from 'misskey-js';
|
|
import MkInput from './MkInput.vue';
|
|
import MkSwitch from './MkSwitch.vue';
|
|
import MkButton from './MkButton.vue';
|
|
import MkInfo from './MkInfo.vue';
|
|
import MkModalWindow from '@/components/MkModalWindow.vue';
|
|
import { i18n } from '@/i18n.js';
|
|
|
|
const props = withDefaults(defineProps<{
|
|
title?: string | null;
|
|
information?: string | null;
|
|
initialName?: string | null;
|
|
initialPermissions?: (typeof Misskey.permissions)[number][] | null;
|
|
}>(), {
|
|
title: null,
|
|
information: null,
|
|
initialName: null,
|
|
initialPermissions: null,
|
|
});
|
|
|
|
const emit = defineEmits<{
|
|
(ev: 'closed'): void;
|
|
(ev: 'done', result: { name: string | null, permissions: string[] }): void;
|
|
}>();
|
|
|
|
const defaultPermissions = Misskey.permissions.filter(p => !p.startsWith('read:admin') && !p.startsWith('write:admin'));
|
|
const dialog = shallowRef<InstanceType<typeof MkModalWindow>>();
|
|
const name = ref(props.initialName);
|
|
const permissions = ref(<Record<(typeof Misskey.permissions)[number], boolean>>{});
|
|
|
|
if (props.initialPermissions) {
|
|
for (const kind of props.initialPermissions) {
|
|
permissions.value[kind] = true;
|
|
}
|
|
} else {
|
|
for (const kind of defaultPermissions) {
|
|
permissions.value[kind] = false;
|
|
}
|
|
}
|
|
|
|
function ok(): void {
|
|
emit('done', {
|
|
name: name.value,
|
|
permissions: Object.keys(permissions.value).filter(p => permissions.value[p]),
|
|
});
|
|
dialog.value.close();
|
|
}
|
|
|
|
function disableAll(): void {
|
|
for (const p in permissions.value) {
|
|
permissions.value[p] = false;
|
|
}
|
|
}
|
|
|
|
function enableAll(): void {
|
|
for (const p in permissions.value) {
|
|
permissions.value[p] = true;
|
|
}
|
|
}
|
|
</script>
|