mirror of
https://git.joinsharkey.org/Sharkey/Sharkey.git
synced 2024-12-24 15:13:09 +02:00
feat: Removing stack trace info in production env (#11657)
* feat: Hiding stack traces in production env * sytle * style * style * add SPDX * move ./error.js to ./misc/error.js * revert: remove frontend changes * feat: Hiding stack traces in production env * feat: Hiding stack traces in production env * revert * revert * revert * change and fix * revert * fix queue endpoint test --------- Co-authored-by: tamaina <tamaina@hotmail.co.jp> Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
This commit is contained in:
parent
50ec129b87
commit
388448f298
2 changed files with 17 additions and 7 deletions
|
@ -148,18 +148,18 @@ export class ClientServerService {
|
||||||
if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) {
|
if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) {
|
||||||
const token = request.cookies.token;
|
const token = request.cookies.token;
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
reply.code(401);
|
reply.code(401).send('Login required');
|
||||||
throw new Error('login required');
|
return;
|
||||||
}
|
}
|
||||||
const user = await this.usersRepository.findOneBy({ token });
|
const user = await this.usersRepository.findOneBy({ token });
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
reply.code(403);
|
reply.code(403).send('No such user');
|
||||||
throw new Error('no such user');
|
return;
|
||||||
}
|
}
|
||||||
const isAdministrator = await this.roleService.isAdministrator(user);
|
const isAdministrator = await this.roleService.isAdministrator(user);
|
||||||
if (!isAdministrator) {
|
if (!isAdministrator) {
|
||||||
reply.code(403);
|
reply.code(403).send('Access denied');
|
||||||
throw new Error('access denied');
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
|
@ -34,6 +34,8 @@ describe('Webリソース', () => {
|
||||||
let aliceGalleryPost: any;
|
let aliceGalleryPost: any;
|
||||||
let aliceChannel: any;
|
let aliceChannel: any;
|
||||||
|
|
||||||
|
let bob: misskey.entities.MeSignup;
|
||||||
|
|
||||||
type Request = {
|
type Request = {
|
||||||
path: string,
|
path: string,
|
||||||
accept?: string,
|
accept?: string,
|
||||||
|
@ -90,6 +92,8 @@ describe('Webリソース', () => {
|
||||||
fileIds: [aliceUploadedFile.body.id],
|
fileIds: [aliceUploadedFile.body.id],
|
||||||
});
|
});
|
||||||
aliceChannel = await channel(alice, {});
|
aliceChannel = await channel(alice, {});
|
||||||
|
|
||||||
|
bob = await signup({ username: 'alice' });
|
||||||
}, 1000 * 60 * 2);
|
}, 1000 * 60 * 2);
|
||||||
|
|
||||||
afterAll(async () => {
|
afterAll(async () => {
|
||||||
|
@ -163,9 +167,15 @@ describe('Webリソース', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
describe.each([{ path: '/queue' }])('$path', ({ path }) => {
|
describe.each([{ path: '/queue' }])('$path', ({ path }) => {
|
||||||
|
test('はログインしないとGETできない。', async () => await notOk({
|
||||||
|
path,
|
||||||
|
status: 401,
|
||||||
|
}));
|
||||||
|
|
||||||
test('はadminでなければGETできない。', async () => await notOk({
|
test('はadminでなければGETできない。', async () => await notOk({
|
||||||
path,
|
path,
|
||||||
status: 500, // FIXME? 403ではない。
|
cookie: cookie(bob),
|
||||||
|
status: 403,
|
||||||
}));
|
}));
|
||||||
|
|
||||||
test('はadminならGETできる。', async () => await ok({
|
test('はadminならGETできる。', async () => await ok({
|
||||||
|
|
Loading…
Reference in a new issue