pass access token through API to enforce rank

2025-06-21 12:40:37 -04:00 · 2025-06-21 12:40:37 -04:00 · 186c615e3f
commit 186c615e3f
parent fae87e03c0
166 changed files with 473 additions and 380 deletions
--- a/packages/backend/src/server/api/endpoints/flash/create.ts
+++ b/packages/backend/src/server/api/endpoints/flash/create.ts
@ -58,7 +58,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private flashEntityService: FlashEntityService,
 		private idService: IdService,
 	) {
-		super(meta, paramDef, async (ps, me) => {
+		super(meta, paramDef, async (ps, me, token) => {
 			const flash = await this.flashsRepository.insertOne({
 				id: this.idService.gen(),
 				userId: me.id,
@ -70,7 +70,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				visibility: ps.visibility,
 			});

-			return await this.flashEntityService.pack(flash);
+			return await this.flashEntityService.pack(flash, me, token);
 		});
 	}
 }
--- a/packages/backend/src/server/api/endpoints/flash/delete.ts
+++ b/packages/backend/src/server/api/endpoints/flash/delete.ts
@ -59,14 +59,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private moderationLogService: ModerationLogService,
 		private roleService: RoleService,
 	) {
-		super(meta, paramDef, async (ps, me) => {
+		super(meta, paramDef, async (ps, me, token) => {
 			const flash = await this.flashsRepository.findOneBy({ id: ps.flashId });

 			if (flash == null) {
 				throw new ApiError(meta.errors.noSuchFlash);
 			}

-			if (!await this.roleService.isModerator(me) && flash.userId !== me.id) {
+			if (!await this.roleService.isModerator(me, token) && flash.userId !== me.id) {
 				throw new ApiError(meta.errors.accessDenied);
 			}

--- a/packages/backend/src/server/api/endpoints/flash/featured.ts
+++ b/packages/backend/src/server/api/endpoints/flash/featured.ts
@ -47,12 +47,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private flashService: FlashService,
 		private flashEntityService: FlashEntityService,
 	) {
-		super(meta, paramDef, async (ps, me) => {
+		super(meta, paramDef, async (ps, me, token) => {
 			const result = await this.flashService.featured({
 				offset: ps.offset,
 				limit: ps.limit,
 			});
-			return await this.flashEntityService.packMany(result, me);
+			return await this.flashEntityService.packMany(result, me, token);
 		});
 	}
 }
--- a/packages/backend/src/server/api/endpoints/flash/my-likes.ts
+++ b/packages/backend/src/server/api/endpoints/flash/my-likes.ts
@ -63,7 +63,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private flashLikeEntityService: FlashLikeEntityService,
 		private queryService: QueryService,
 	) {
-		super(meta, paramDef, async (ps, me) => {
+		super(meta, paramDef, async (ps, me, token) => {
 			const query = this.queryService.makePaginationQuery(this.flashLikesRepository.createQueryBuilder('like'), ps.sinceId, ps.untilId)
 				.andWhere('like.userId = :meId', { meId: me.id })
 				.leftJoinAndSelect('like.flash', 'flash');
@ -72,7 +72,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				.limit(ps.limit)
 				.getMany();

-			return this.flashLikeEntityService.packMany(likes, me);
+			return this.flashLikeEntityService.packMany(likes, me, token);
 		});
 	}
 }
--- a/packages/backend/src/server/api/endpoints/flash/my.ts
+++ b/packages/backend/src/server/api/endpoints/flash/my.ts
@ -53,7 +53,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		private flashEntityService: FlashEntityService,
 		private queryService: QueryService,
 	) {
-		super(meta, paramDef, async (ps, me) => {
+		super(meta, paramDef, async (ps, me, token) => {
 			const query = this.queryService.makePaginationQuery(this.flashsRepository.createQueryBuilder('flash'), ps.sinceId, ps.untilId)
 				.andWhere('flash.userId = :meId', { meId: me.id });

@ -61,7 +61,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				.limit(ps.limit)
 				.getMany();

-			return await this.flashEntityService.packMany(flashs);
+			return await this.flashEntityService.packMany(flashs, me, token);
 		});
 	}
 }
--- a/packages/backend/src/server/api/endpoints/flash/show.ts
+++ b/packages/backend/src/server/api/endpoints/flash/show.ts
@ -52,14 +52,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-

 		private flashEntityService: FlashEntityService,
 	) {
-		super(meta, paramDef, async (ps, me) => {
+		super(meta, paramDef, async (ps, me, token) => {
 			const flash = await this.flashsRepository.findOneBy({ id: ps.flashId });

 			if (flash == null) {
 				throw new ApiError(meta.errors.noSuchFlash);
 			}

-			return await this.flashEntityService.pack(flash, me);
+			return await this.flashEntityService.pack(flash, me, token);
 		});
 	}
 }