1
0
forked from mirror/misskey

feat: Removing stack trace info in production env (#11657)

* feat: Hiding stack traces in production env

* sytle

* style

* style

* add SPDX

* move ./error.js to ./misc/error.js

* revert: remove frontend changes

* feat: Hiding stack traces in production env

* feat: Hiding stack traces in production env

* revert

* revert

* revert

* change and fix

* revert

* fix queue endpoint test

---------

Co-authored-by: tamaina <tamaina@hotmail.co.jp>
Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
This commit is contained in:
MomentQYC 2023-08-21 16:21:57 +08:00 committed by GitHub
parent 50ec129b87
commit 388448f298
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 7 deletions

View File

@ -148,18 +148,18 @@ export class ClientServerService {
if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) {
const token = request.cookies.token;
if (token == null) {
reply.code(401);
throw new Error('login required');
reply.code(401).send('Login required');
return;
}
const user = await this.usersRepository.findOneBy({ token });
if (user == null) {
reply.code(403);
throw new Error('no such user');
reply.code(403).send('No such user');
return;
}
const isAdministrator = await this.roleService.isAdministrator(user);
if (!isAdministrator) {
reply.code(403);
throw new Error('access denied');
reply.code(403).send('Access denied');
return;
}
}
});

View File

@ -34,6 +34,8 @@ describe('Webリソース', () => {
let aliceGalleryPost: any;
let aliceChannel: any;
let bob: misskey.entities.MeSignup;
type Request = {
path: string,
accept?: string,
@ -90,6 +92,8 @@ describe('Webリソース', () => {
fileIds: [aliceUploadedFile.body.id],
});
aliceChannel = await channel(alice, {});
bob = await signup({ username: 'alice' });
}, 1000 * 60 * 2);
afterAll(async () => {
@ -163,9 +167,15 @@ describe('Webリソース', () => {
});
describe.each([{ path: '/queue' }])('$path', ({ path }) => {
test('はログインしないとGETできない。', async () => await notOk({
path,
status: 401,
}));
test('はadminでなければGETできない。', async () => await notOk({
path,
status: 500, // FIXME? 403ではない。
cookie: cookie(bob),
status: 403,
}));
test('はadminならGETできる。', async () => await ok({