From e35a6b12e1972b24f457d592b1be21b20ad43f4b Mon Sep 17 00:00:00 2001 From: heikkari Date: Mon, 16 Aug 2021 00:40:33 +0300 Subject: [PATCH 1/3] Fix: User's invisibility status is exposed --- src/routes/users/fetch_user.rs | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/routes/users/fetch_user.rs b/src/routes/users/fetch_user.rs index 831735f3..387c0cf7 100644 --- a/src/routes/users/fetch_user.rs +++ b/src/routes/users/fetch_user.rs @@ -5,7 +5,7 @@ use rocket::serde::json::Value; #[get("/")] pub async fn req(user: User, target: Ref) -> Result { - let target = target.fetch_user().await?; + let mut target = target.fetch_user().await?; let perm = permissions::PermissionCalculator::new(&user) .with_user(&target) @@ -16,5 +16,15 @@ pub async fn req(user: User, target: Ref) -> Result { Err(Error::MissingPermission)? } + // If the user's status is `Presence::Invisible`, return it as `Presence::Offline` + if let Some(mut status) = target.status { + if let Some(presence) = status.presence { + if presence == Presence::Invisible { + status.presence = Some(Presence::Offline); + target.status = Some(status); + } + } + } + Ok(json!(target.from(&user).with(perm))) } From 3b5bebab7893d4d2d68ff6de4a43a542d3b91be2 Mon Sep 17 00:00:00 2001 From: heikkari Date: Mon, 16 Aug 2021 01:05:54 +0300 Subject: [PATCH 2/3] Fix: User's invisibility status is exposed --- src/notifications/websocket.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/notifications/websocket.rs b/src/notifications/websocket.rs index 65429239..64373cee 100644 --- a/src/notifications/websocket.rs +++ b/src/notifications/websocket.rs @@ -116,7 +116,13 @@ async fn accept(stream: TcpStream) { } } { if let Ok(user) = (Ref { id: id.clone() }).fetch_user().await { + let is_invisible = if let Some(status) = user.status { + if let Some(presence) = status.presence { + presence == Presence::Invisible + } + }; let was_online = is_online(&id); + { match USERS.write() { Ok(mut map) => { @@ -152,7 +158,7 @@ async fn accept(stream: TcpStream) { Ok(payload) => { send(payload); - if !was_online { + if !was_online && !is_invisible { ClientboundNotification::UserUpdate { id: id.clone(), data: json!({ From 7e84d2671a2bb0e9b0289339f544f88028d2aec4 Mon Sep 17 00:00:00 2001 From: heikkari Date: Mon, 16 Aug 2021 01:26:05 +0300 Subject: [PATCH 3/3] Move code to database/entities/user.rs --- src/database/entities/user.rs | 11 +++++++++++ src/routes/users/fetch_user.rs | 10 ---------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/src/database/entities/user.rs b/src/database/entities/user.rs index ade3cb84..91001567 100644 --- a/src/database/entities/user.rs +++ b/src/database/entities/user.rs @@ -152,6 +152,17 @@ impl User { user.status = None; } + // If the user's status is `Presence::Invisible`, return it as `Presence::Offline` + if let Some(mut status) = user.status { + if let Some(presence) = status.presence { + if presence == Presence::Invisible { + status.presence = Some(Presence::Offline); + user.status = Some(status); + user.online = Some(False); + } + } + } + user.profile = None; user } diff --git a/src/routes/users/fetch_user.rs b/src/routes/users/fetch_user.rs index 387c0cf7..0876aeb4 100644 --- a/src/routes/users/fetch_user.rs +++ b/src/routes/users/fetch_user.rs @@ -16,15 +16,5 @@ pub async fn req(user: User, target: Ref) -> Result { Err(Error::MissingPermission)? } - // If the user's status is `Presence::Invisible`, return it as `Presence::Offline` - if let Some(mut status) = target.status { - if let Some(presence) = status.presence { - if presence == Presence::Invisible { - status.presence = Some(Presence::Offline); - target.status = Some(status); - } - } - } - Ok(json!(target.from(&user).with(perm))) }