add notifications for shared access granted/revoked/login

locales/index.d.ts

@@ -10434,6 +10434,18 @@ export interface Locale extends ILocale {
          * Import of {x} has been completed
          */
         "importOfXCompleted": ParameterizedString<"x">;
+        /**
+         * Shared access granted
+         */
+        "sharedAccessGranted": string;
+        /**
+         * Shared access revoked
+         */
+        "sharedAccessRevoked": string;
+        /**
+         * Shared access login
+         */
+        "sharedAccessLogin": string;
     };
     "_deck": {
         /**
@@ -13536,7 +13548,39 @@ export interface Locale extends ILocale {
          * User
          */
         "user": string;
+        /**
+         * default
+         */
+        "default": string;
     };
+    /**
+     * Permissions: {num}
+     */
+    "permissionsLabel": ParameterizedString<"num">;
+    /**
+     * You have been granted shared access to {target} with {rank} rank and {perms} permissions.
+     */
+    "sharedAccessGranted": ParameterizedString<"target" | "rank" | "perms">;
+    /**
+     * Shared access to {target} has been revoked.
+     */
+    "sharedAccessRevoked": ParameterizedString<"target">;
+    /**
+     * {target} logged in via shared access.
+     */
+    "sharedAccessLogin": ParameterizedString<"target">;
+    /**
+     * Unique name to record the purpose of this access token
+     */
+    "accessTokenNameDescription": string;
+    /**
+     * Are you sure you want to revoke this token?
+     */
+    "confirmRevokeToken": string;
+    /**
+     * Are you sure you want to revoke this token? {num} shared other users will lose shared access.
+     */
+    "confirmRevokeSharedToken": ParameterizedString<"num">;
 }
 declare const locales: {
     [lang: string]: Locale;

packages/backend/src/core/entities/NotificationEntityService.ts

@@ -7,7 +7,7 @@ import { Inject, Injectable } from '@nestjs/common';
 import { ModuleRef } from '@nestjs/core';
 import { In, EntityNotFoundError } from 'typeorm';
 import { DI } from '@/di-symbols.js';
-import type { FollowRequestsRepository, NotesRepository, MiUser, UsersRepository, MiAccessToken } from '@/models/_.js';
+import type { FollowRequestsRepository, NotesRepository, MiUser, UsersRepository, MiAccessToken, AccessTokensRepository } from '@/models/_.js';
 import { awaitAll } from '@/misc/prelude/await-all.js';
 import type { MiGroupedNotification, MiNotification } from '@/models/Notification.js';
 import type { MiNote } from '@/models/Note.js';
@@ -21,7 +21,7 @@ import type { OnModuleInit } from '@nestjs/common';
 import type { UserEntityService } from './UserEntityService.js';
 import type { NoteEntityService } from './NoteEntityService.js';
 
-const NOTE_REQUIRED_NOTIFICATION_TYPES = new Set(['note', 'mention', 'reply', 'renote', 'renote:grouped', 'quote', 'reaction', 'reaction:grouped', 'pollEnded', 'edited', 'scheduledNotePosted'] as (typeof groupedNotificationTypes[number])[]);
+const NOTE_REQUIRED_NOTIFICATION_TYPES = new Set(['note', 'mention', 'reply', 'renote', 'renote:grouped', 'quote', 'reaction', 'reaction:grouped', 'pollEnded', 'edited', 'scheduledNotePosted']);
 
 function undefOnMissing<T>(packPromise: Promise<T>): Promise<T | undefined> {
 	return packPromise.catch(err => {
@@ -49,6 +49,9 @@ export class NotificationEntityService implements OnModuleInit {
 		@Inject(DI.followRequestsRepository)
 		private followRequestsRepository: FollowRequestsRepository,
 
+		@Inject(DI.accessTokensRepository)
+		private readonly accessTokensRepository: AccessTokensRepository,
+
 		private cacheService: CacheService,
 	) {
 	}
@@ -162,6 +165,9 @@ export class NotificationEntityService implements OnModuleInit {
 			return null;
 		}
 
+		const needsAccessToken = notification.type === 'sharedAccessGranted';
+		const accessToken = (needsAccessToken && notification.tokenId) ? await this.accessTokensRepository.findOneBy({ id: notification.tokenId }) : null;
+
 		return await awaitAll({
 			id: notification.id,
 			createdAt: new Date(notification.createdAt).toISOString(),
@@ -200,6 +206,14 @@ export class NotificationEntityService implements OnModuleInit {
 				header: notification.customHeader,
 				icon: notification.customIcon,
 			} : {}),
+			...(notification.type === 'sharedAccessGranted' ? {
+				tokenId: notification.tokenId,
+				token: accessToken ? {
+					id: accessToken.id,
+					permission: accessToken.permission,
+					rank: accessToken.rank,
+				} : null,
+			} : {}),
 		});
 	}
 

packages/backend/src/models/Notification.ts

@@ -152,6 +152,22 @@ export type MiNotification = {
 	id: string;
 	createdAt: string;
 	noteId: MiNote['id'];
+} | {
+	type: 'sharedAccessGranted';
+	id: string;
+	createdAt: string;
+	notifierId: MiUser['id'];
+	tokenId: MiAccessToken['id'];
+} | {
+	type: 'sharedAccessRevoked';
+	id: string;
+	createdAt: string;
+	notifierId: MiUser['id'];
+} | {
+	type: 'sharedAccessLogin';
+	id: string;
+	createdAt: string;
+	notifierId: MiUser['id'];
 };
 
 export type MiGroupedNotification = MiNotification | {

packages/backend/src/models/json-schema/notification.ts

@@ -460,6 +460,88 @@ export const packedNotificationSchema = {
 				optional: false, nullable: false,
 			},
 		},
+	}, {
+		type: 'object',
+		properties: {
+			...baseSchema.properties,
+			type: {
+				type: 'string',
+				optional: false, nullable: false,
+				enum: ['sharedAccessGranted'],
+			},
+			user: {
+				type: 'object',
+				ref: 'UserLite',
+				optional: false, nullable: false,
+			},
+			userId: {
+				type: 'string',
+				optional: false, nullable: false,
+				format: 'id',
+			},
+			token: {
+				type: 'object',
+				optional: false, nullable: true,
+				properties: {
+					id: {
+						type: 'string',
+						optional: false, nullable: false,
+					},
+					permission: {
+						type: 'array',
+						optional: false, nullable: false,
+						items: {
+							type: 'string',
+						},
+					},
+					rank: {
+						type: 'string',
+						enum: ['admin', 'mod', 'user'],
+						optional: false, nullable: true,
+					},
+				},
+			},
+		},
+	}, {
+		type: 'object',
+		properties: {
+			...baseSchema.properties,
+			type: {
+				type: 'string',
+				optional: false, nullable: false,
+				enum: ['sharedAccessRevoked'],
+			},
+			user: {
+				type: 'object',
+				ref: 'UserLite',
+				optional: false, nullable: false,
+			},
+			userId: {
+				type: 'string',
+				optional: false, nullable: false,
+				format: 'id',
+			},
+		},
+	}, {
+		type: 'object',
+		properties: {
+			...baseSchema.properties,
+			type: {
+				type: 'string',
+				optional: false, nullable: false,
+				enum: ['sharedAccessLogin'],
+			},
+			user: {
+				type: 'object',
+				ref: 'UserLite',
+				optional: false, nullable: false,
+			},
+			userId: {
+				type: 'string',
+				optional: false, nullable: false,
+				format: 'id',
+			},
+		},
 	}, {
 		type: 'object',
 		properties: {

packages/backend/src/server/api/endpoints/i/revoke-token.ts

@@ -7,6 +7,7 @@ import { Inject, Injectable } from '@nestjs/common';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { AccessTokensRepository } from '@/models/_.js';
 import { DI } from '@/di-symbols.js';
+import { NotificationService } from '@/core/NotificationService.js';
 
 export const meta = {
 	requireCredential: true,
@@ -37,29 +38,37 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 	constructor(
 		@Inject(DI.accessTokensRepository)
 		private accessTokensRepository: AccessTokensRepository,
+
+		private readonly notificationService: NotificationService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
 			if (ps.tokenId) {
-				const tokenExist = await this.accessTokensRepository.exists({ where: { id: ps.tokenId } });
+				const tokenExist = await this.accessTokensRepository.findOne({ where: { id: ps.tokenId } });
 
 				if (tokenExist) {
+					for (const granteeId of tokenExist.granteeIds) {
+						this.notificationService.createNotification(granteeId, 'sharedAccessRevoked', {}, me.id);
+					}
+
 					await this.accessTokensRepository.delete({
 						id: ps.tokenId,
 						userId: me.id,
 					});
 				}
 			} else if (ps.token) {
-				const tokenExist = await this.accessTokensRepository.exists({ where: { token: ps.token } });
+				const tokenExist = await this.accessTokensRepository.findOne({ where: { token: ps.token } });
 
 				if (tokenExist) {
+					for (const granteeId of tokenExist.granteeIds) {
+						this.notificationService.createNotification(granteeId, 'sharedAccessRevoked', {}, me.id);
+					}
+
 					await this.accessTokensRepository.delete({
 						token: ps.token,
 						userId: me.id,
 					});
 				}
 			}
-
-			// TODO notify of access revoked
 		});
 	}
 }

packages/backend/src/server/api/endpoints/i/shared-access/login.ts

@@ -8,6 +8,7 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
 import { DI } from '@/di-symbols.js';
 import type { AccessTokensRepository } from '@/models/_.js';
 import { ApiError } from '@/server/api/error.js';
+import { NotificationService } from '@/core/NotificationService.js';
 
 export const meta = {
 	requireCredential: true,
@@ -57,6 +58,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 	constructor(
 		@Inject(DI.accessTokensRepository)
 		private readonly accessTokensRepository: AccessTokensRepository,
+
+		private readonly notificationService: NotificationService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
 			const token = await this.accessTokensRepository.findOneBy({ id: ps.grantId });
@@ -69,7 +72,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				throw new ApiError(meta.errors.noSuchAccess);
 			}
 
-			// TODO notify of login
+			this.notificationService.createNotification(token.userId, 'sharedAccessLogin', {}, me.id);
 
 			return {
 				token: token.token,

packages/backend/src/server/api/endpoints/miauth/gen-token.ts

@@ -117,7 +117,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 				granteeIds: ps.grantees,
 			});
 
-			// TODO notify of access granted
+			if (ps.grantees) {
+				for (const granteeId of ps.grantees) {
+					this.notificationService.createNotification(granteeId, 'sharedAccessGranted', { tokenId: accessTokenId }, me.id);
+				}
+			}
 
 			// アクセストークンが生成されたことを通知
 			this.notificationService.createNotification(me.id, 'createToken', {});

packages/frontend/src/components/MkNotification.vue

@@ -6,7 +6,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 <template>
 <div :class="$style.root">
 	<div :class="$style.head">
-		<MkAvatar v-if="['pollEnded', 'note', 'edited', 'scheduledNotePosted'].includes(notification.type) && 'note' in notification" :class="$style.icon" :user="notification.note.user" link preview/>
+		<MkAvatar v-if="['pollEnded', 'note', 'edited', 'scheduledNotePosted', 'sharedAccessGranted', 'sharedAccessRevoked', 'sharedAccessLogin'].includes(notification.type) && 'note' in notification" :class="$style.icon" :user="notification.note.user" link preview/>
 		<MkAvatar v-else-if="['roleAssigned', 'achievementEarned', 'exportCompleted', 'importCompleted', 'login', 'createToken', 'scheduledNoteFailed'].includes(notification.type)" :class="$style.icon" :user="$i" link preview/>
 		<div v-else-if="notification.type === 'reaction:grouped' && notification.note.reactionAcceptance === 'likeOnly'" :class="[$style.icon, $style.icon_reactionGroupHeart]"><i class="ph-smiley ph-bold ph-lg" style="line-height: 1;"></i></div>
 		<div v-else-if="notification.type === 'reaction:grouped'" :class="[$style.icon, $style.icon_reactionGroup]"><i class="ph-smiley ph-bold ph-lg" style="line-height: 1;"></i></div>
@@ -26,7 +26,7 @@ SPDX-License-Identifier: AGPL-3.0-only
 				[$style.t_achievementEarned]: notification.type === 'achievementEarned',
 				[$style.t_exportCompleted]: notification.type === 'exportCompleted',
 				[$style.t_importCompleted]: notification.type === 'importCompleted',
-				[$style.t_login]: notification.type === 'login',
+				[$style.t_login]: ['login', 'sharedAccessGranted', 'sharedAccessRevoked', 'sharedAccessLogin'].includes(notification.type),
 				[$style.t_createToken]: notification.type === 'createToken',
 				[$style.t_chatRoomInvitationReceived]: notification.type === 'chatRoomInvitationReceived',
 				[$style.t_roleAssigned]: notification.type === 'roleAssigned' && notification.role.iconUrl == null,
@@ -34,7 +34,8 @@ SPDX-License-Identifier: AGPL-3.0-only
 				[$style.t_roleAssigned]: notification.type === 'scheduledNoteFailed',
 				[$style.t_pollEnded]: notification.type === 'scheduledNotePosted',
 			}]"
-		> <!-- we re-use t_pollEnded for "edited" instead of making an identical style -->
+		>
+			<!-- we re-use t_pollEnded for "edited" instead of making an identical style -->
 			<i v-if="notification.type === 'follow'" class="ti ti-plus"></i>
 			<i v-else-if="notification.type === 'receiveFollowRequest'" class="ti ti-clock"></i>
 			<i v-else-if="notification.type === 'followRequestAccepted'" class="ti ti-check"></i>
@@ -56,6 +57,9 @@ SPDX-License-Identifier: AGPL-3.0-only
 			<i v-else-if="notification.type === 'edited'" class="ph-pencil ph-bold ph-lg"></i>
 			<i v-else-if="notification.type === 'scheduledNoteFailed'" class="ti ti-calendar-event"></i>
 			<i v-else-if="notification.type === 'scheduledNotePosted'" class="ti ti-calendar-event"></i>
+			<i v-else-if="notification.type === 'sharedAccessGranted'" class="ph-door-open ph-bold pg-lg"></i>
+			<i v-else-if="notification.type === 'sharedAccessRevoked'" class="ph-lock ph-bold pg-lg"></i>
+			<i v-else-if="notification.type === 'sharedAccessLogin'" class="ph-sign-in ph-bold pg-lg"></i>
 			<!-- notification.reaction が null になることはまずないが、ここでoptional chaining使うと一部ブラウザで刺さるので念の為 -->
 			<MkReactionIcon
 				v-else-if="notification.type === 'reaction'"
@@ -86,6 +90,9 @@ SPDX-License-Identifier: AGPL-3.0-only
 			<span v-else-if="notification.type === 'edited'">{{ i18n.ts._notification.edited }}</span>
 			<span v-else-if="notification.type === 'scheduledNoteFailed'">{{ i18n.ts._notification.scheduledNoteFailed }}</span>
 			<span v-else-if="notification.type === 'scheduledNotePosted'">{{ i18n.ts._notification.scheduledNotePosted }}</span>
+			<span v-else-if="notification.type === 'sharedAccessGranted'">{{ i18n.ts._notification.sharedAccessGranted }}</span>
+			<span v-else-if="notification.type === 'sharedAccessRevoked'">{{ i18n.ts._notification.sharedAccessRevoked }}</span>
+			<span v-else-if="notification.type === 'sharedAccessLogin'">{{ i18n.ts._notification.sharedAccessLogin }}</span>
 			<MkTime v-if="withTime" :time="notification.createdAt" :class="$style.headerTime"/>
 		</header>
 		<div>
@@ -191,6 +198,28 @@ SPDX-License-Identifier: AGPL-3.0-only
 				<Mfm :text="getNoteSummary(notification.note)" :isBlock="true" :plain="true" :nowrap="true" :author="notification.note.user"/>
 				<i class="ph-quotes ph-bold ph-lg" :class="$style.quote"></i>
 			</MkA>
+
+			<div v-else-if="notification.type === 'sharedAccessGranted'">
+				<MkA :to="userPage(notification.user)">
+					<I18n :src="i18n.ts.sharedAccessGranted" tag="span">
+						<template #target><MkAcct :user="notification.user"/></template>
+						<template #rank>{{ i18n.ts._ranks[notification.token?.rank ?? 'default'] }}</template>
+						<template #perms>{{ notification.token?.permission.length ?? 0 }}</template>
+					</I18n>
+				</MkA>
+			</div>
+
+			<MkA v-else-if="notification.type === 'sharedAccessRevoked'" :to="userPage(notification.user)">
+				<I18n :src="i18n.ts.sharedAccessRevoked" tag="span">
+					<template #target><MkAcct :user="notification.user"/></template>
+				</I18n>
+			</MkA>
+
+			<MkA v-else-if="notification.type === 'sharedAccessLogin'" :to="userPage(notification.user)">
+				<I18n :src="i18n.ts.sharedAccessLogin" tag="span">
+					<template #target><MkAcct :user="notification.user"/></template>
+				</I18n>
+			</MkA>
 		</div>
 	</div>
 </div>
@@ -432,8 +461,8 @@ function getActualReactedUsersCount(notification: Misskey.entities.Notification)
 .headerName {
 	text-overflow: ellipsis;
 	white-space: nowrap;
-	min-width: 0;
 	overflow: hidden;
+	min-width: 0;
 }
 
 .headerTime {

packages/misskey-js/src/autogen/types.ts

@@ -5022,6 +5022,42 @@ export type components = {
       /** Format: id */
       userId: string;
       note: components['schemas']['Note'];
+    } | ({
+      /** Format: id */
+      id: string;
+      /** Format: date-time */
+      createdAt: string;
+      /** @enum {string} */
+      type: 'sharedAccessGranted';
+      user: components['schemas']['UserLite'];
+      /** Format: id */
+      userId: string;
+      token: ({
+        id: string;
+        permission: string[];
+        /** @enum {string|null} */
+        rank: 'admin' | 'mod' | 'user';
+      }) | null;
+    }) | {
+      /** Format: id */
+      id: string;
+      /** Format: date-time */
+      createdAt: string;
+      /** @enum {string} */
+      type: 'sharedAccessRevoked';
+      user: components['schemas']['UserLite'];
+      /** Format: id */
+      userId: string;
+    } | {
+      /** Format: id */
+      id: string;
+      /** Format: date-time */
+      createdAt: string;
+      /** @enum {string} */
+      type: 'sharedAccessLogin';
+      user: components['schemas']['UserLite'];
+      /** Format: id */
+      userId: string;
     } | {
       /** Format: id */
       id: string;

sharkey-locales/en-US.yml

@@ -329,6 +329,9 @@ _notification:
   scheduledNoteFailed: "Posting scheduled note failed"
   scheduledNotePosted: "Scheduled Note was posted"
   importOfXCompleted: "Import of {x} has been completed"
+  sharedAccessGranted: "Shared access granted"
+  sharedAccessRevoked: "Shared access revoked"
+  sharedAccessLogin: "Shared access login"
   _types:
     renote: "Boosts"
     edited: "Edits"
@@ -699,3 +702,11 @@ _ranks:
   admin: "Admin"
   mod: "Moderator"
   user: "User"
+  default: "default"
+permissionsLabel: "Permissions: {num}"
+sharedAccessGranted: "You have been granted shared access to {target} with {rank} rank and {perms} permissions."
+sharedAccessRevoked: "Shared access to {target} has been revoked."
+sharedAccessLogin: "{target} logged in via shared access."
+accessTokenNameDescription: "Unique name to record the purpose of this access token"
+confirmRevokeToken: "Are you sure you want to revoke this token?"
+confirmRevokeSharedToken: "Are you sure you want to revoke this token? {num} shared other users will lose shared access."