認証の修正 (#1427)

* 凍結ユーザーがサインイン出来てしまうのを修正 * 凍結ユーザーはストリーミング接続出来ないように * トークン等が無効になったらストリーミングを切断するように * signinでsuspendは別のエラーにする * トークン再生成後のストリーミング切断は少し待つように
mei23 · Jul 17, 2021 · de95b6e · de95b6e
1 parent 130201b
commit de95b6e
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 0 deletions.
diff --git a/src/server/api/endpoints/admin/suspend-user.ts b/src/server/api/endpoints/admin/suspend-user.ts
@@ -6,6 +6,7 @@ import { Users, Followings, Notifications } from '../../../../models';
 import { User } from '../../../../models/entities/user';
 import { insertModerationLog } from '../../../../services/insert-moderation-log';
 import { doPostSuspend } from '../../../../services/suspend-user';
+import { publishTerminate } from '../../../../services/server-event';
 
 export const meta = {
 	desc: {
@@ -52,6 +53,10 @@ export default define(meta, async (ps, me) => {
 		targetId: user.id,
 	});
 
+	if (Users.isLocalUser(user)) {
+		publishTerminate(user.id);
+	}
+
 	(async () => {
 		await doPostSuspend(user).catch(e => {});
 		await unFollowAll(user).catch(e => {});

diff --git a/src/server/api/endpoints/i/delete-account.ts b/src/server/api/endpoints/i/delete-account.ts
@@ -4,6 +4,7 @@ import define from '../../define';
 import { Users, UserProfiles } from '../../../../models';
 import { ensure } from '../../../../prelude/ensure';
 import { doPostSuspend } from '../../../../services/suspend-user';
+import { publishTerminate } from '../../../../services/server-event';
 
 export const meta = {
 	requireCredential: true,
@@ -31,4 +32,7 @@ export default define(meta, async (ps, user) => {
 	await doPostSuspend(user).catch(e => {});
 
 	await Users.delete(user.id);
+
+	// Terminate streaming
+	publishTerminate(user.id);
 });
diff --git a/src/server/api/endpoints/i/regenerate-token.ts b/src/server/api/endpoints/i/regenerate-token.ts
@@ -5,6 +5,7 @@ import generateUserToken from '../../common/generate-native-user-token';
 import define from '../../define';
 import { Users, UserProfiles } from '../../../../models';
 import { ensure } from '../../../../prelude/ensure';
+import { publishTerminate } from '../../../../services/server-event';
 
 export const meta = {
 	requireCredential: true,
@@ -37,4 +38,9 @@ export default define(meta, async (ps, user) => {
 
 	// Publish event
 	publishMainStream(user.id, 'myTokenRegenerated');
+
+	// Terminate streaming
+	setTimeout(() => {
+		publishTerminate(user.id);
+	}, 5000);
 });
diff --git a/src/server/api/private/signin.ts b/src/server/api/private/signin.ts
@@ -47,6 +47,13 @@ export default async (ctx: Koa.Context) => {
 		return;
 	}
 
+	if (user.isSuspended) {
+		ctx.throw(403, {
+			error: 'user is suspended'
+		});
+		return;
+	}
+
 	const profile = await UserProfiles.findOne(user.id).then(ensure);
 
 	// Compare password

diff --git a/src/server/api/stream/index.ts b/src/server/api/stream/index.ts
@@ -224,6 +224,11 @@ export default class Connection {
 		if (data.type === 'mutingChanged') {
 			this.updateMuting();
 		}
+
+		if (data.type === 'terminate') {
+			this.wsConnection.close();
+			this.dispose();
+		}
 	}
 
 	@autobind

diff --git a/src/server/api/streaming.ts b/src/server/api/streaming.ts
@@ -18,6 +18,11 @@ module.exports = (server: http.Server) => {
 		const q = request.resourceURL.query as ParsedUrlQuery;
 		const [user, app] = await authenticate(q.i as string);
 
+		if (user?.isSuspended) {
+			request.reject(400);
+			return;
+		}
+
 		const connection = request.accept();
 
 		let ev: EventEmitter;