diff --git a/locales/en-US.yml b/locales/en-US.yml index ecb64e024..0503d5b58 100644 --- a/locales/en-US.yml +++ b/locales/en-US.yml @@ -43,6 +43,7 @@ alreadyFavorited: "Already added to favorites." cantFavorite: "Couldn't add to favorites." pin: "Pin to profile" unpin: "Unpin from profile" +approvals: "Approvals" copyContent: "Copy contents" copyLink: "Copy link" copyLinkRenote: "Copy renote link" @@ -148,6 +149,7 @@ unsuspend: "Unsuspend" blockConfirm: "Are you sure that you want to block this account?" unblockConfirm: "Are you sure that you want to unblock this account?" suspendConfirm: "Are you sure that you want to suspend this account?" +approveConfirm: "Are you sure that you want to approve this account?" unsuspendConfirm: "Are you sure that you want to unsuspend this account?" selectList: "Select a list" editList: "Edit list" @@ -906,6 +908,7 @@ itsOff: "Disabled" on: "On" off: "Off" emailRequiredForSignup: "Require email address for sign-up" +approvalRequiredForSignup: "Require approval for new users" unread: "Unread" filter: "Filter" controlPanel: "Control Panel" @@ -966,6 +969,12 @@ requireAdminForView: "You must log in with an administrator account to view this isSystemAccount: "An account created and automatically operated by the system." typeToConfirm: "Please enter {x} to confirm" deleteAccount: "Delete account" +pendingUserApprovals: "There are users awaiting approval." +approveAccount: "Approve" +denyAccount: "Deny & Delete" +approved: "Approved" +notApproved: "Not Approved" +approvalStatus: "Approval Status" document: "Documentation" numberOfPageCache: "Number of cached pages" numberOfPageCacheDescription: "Increasing this number will improve convenience for but cause more load as more memory usage on the user's device." @@ -1061,6 +1070,7 @@ disableFederationConfirm: "Really disable federation?" disableFederationConfirmWarn: "Even if defederated, posts will continue to be public unless set otherwise. You usually do not need to do this." disableFederationOk: "Disable" invitationRequiredToRegister: "This instance is invite-only. You must enter a valid invite code sign up." +approvalRequiredToRegister: "This instance is only accepting users who specify a reason for registration." emailNotSupported: "This instance does not support sending emails" postToTheChannel: "Post to channel" cannotBeChangedLater: "This cannot be changed later." @@ -1869,6 +1879,8 @@ _signup: almostThere: "Almost there" emailAddressInfo: "Please enter your email address. It will not be made public." emailSent: "A confirmation email has been sent to your email address ({email}). Please click the included link to complete account creation." + approvalPending: "Your account has been created and is awaiting approval." + reasonInfo: "Please enter a reason as to why you want to join the instance." _accountDelete: accountDelete: "Delete account" mayTakeTime: "As account deletion is a resource-heavy process, it may take some time to complete depending on how much content you have created and how many files you have uploaded." diff --git a/locales/index.d.ts b/locales/index.d.ts index bd9c350b6..dc56ba98a 100644 --- a/locales/index.d.ts +++ b/locales/index.d.ts @@ -620,6 +620,10 @@ export interface Locale extends ILocale { * 凍結しますか? */ "suspendConfirm": string; + /** + * このアカウントを承認してもよろしいですか? + */ + "approveConfirm": string; /** * 解凍しますか? */ @@ -3644,6 +3648,10 @@ export interface Locale extends ILocale { * アカウント登録にメールアドレスを必須にする */ "emailRequiredForSignup": string; + /** + * 新規ユーザーの承認が必要 + */ + "approvalRequiredForSignup": string; /** * 未読 */ @@ -3887,6 +3895,30 @@ export interface Locale extends ILocale { * アカウント削除 */ "deleteAccount": string; + /** + * 承認待ちのユーザーがいます。 + */ + "pendingUserApprovals": string; + /** + * 承認する + */ + "approveAccount": string; + /** + * 拒否と削除 + */ + "denyAccount": string; + /** + * 承認済み + */ + "approved": string; + /** + * 承認されていない + */ + "notApproved": string; + /** + * 承認状況 + */ + "approvalStatus": string; /** * ドキュメント */ @@ -4267,6 +4299,10 @@ export interface Locale extends ILocale { * 現在このサーバーは招待制です。招待コードをお持ちの方のみ登録できます。 */ "invitationRequiredToRegister": string; + /** + * このインスタンスは、登録理由を指定したユーザーのみを受け入れています。 + */ + "approvalRequiredToRegister": string; /** * このサーバーではメール配信はサポートされていません */ @@ -7306,6 +7342,14 @@ export interface Locale extends ILocale { * 入力されたメールアドレス({email})宛に確認のメールが送信されました。メールに記載されたリンクにアクセスすると、アカウントの作成が完了します。メールに記載されているリンクの有効期限は30分です。 */ "emailSent": ParameterizedString<"email">; + /** + * アカウントが作成され、承認待ちの状態です。 + */ + "approvalPending": string; + /** + * インスタンスに参加したい理由を入力してください。 + */ + "reasonInfo": string; }; "_accountDelete": { /** diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml index 9fa66a8f1..4af35892b 100644 --- a/locales/ja-JP.yml +++ b/locales/ja-JP.yml @@ -151,6 +151,7 @@ unsuspend: "解凍" blockConfirm: "ブロックしますか?" unblockConfirm: "ブロック解除しますか?" suspendConfirm: "凍結しますか?" +approveConfirm: "このアカウントを承認してもよろしいですか?" unsuspendConfirm: "解凍しますか?" selectList: "リストを選択" editList: "リストを編集" @@ -907,6 +908,7 @@ itsOff: "オフになっています" on: "オン" off: "オフ" emailRequiredForSignup: "アカウント登録にメールアドレスを必須にする" +approvalRequiredForSignup: "新規ユーザーの承認が必要" unread: "未読" filter: "フィルタ" controlPanel: "コントロールパネル" @@ -967,6 +969,12 @@ requireAdminForView: "閲覧するには管理者アカウントでログイン isSystemAccount: "システムにより自動で作成・管理されているアカウントです。" typeToConfirm: "この操作を行うには {x} と入力してください" deleteAccount: "アカウント削除" +pendingUserApprovals: "承認待ちのユーザーがいます。" +approveAccount: "承認する" +denyAccount: "拒否と削除" +approved: "承認済み" +notApproved: "承認されていない" +approvalStatus: "承認状況" document: "ドキュメント" numberOfPageCache: "ページキャッシュ数" numberOfPageCacheDescription: "多くすると利便性が向上しますが、負荷とメモリ使用量が増えます。" @@ -1062,6 +1070,7 @@ disableFederationConfirm: "連合なしにしますか?" disableFederationConfirmWarn: "連合なしにしても投稿は非公開になりません。ほとんどの場合、連合なしにする必要はありません。" disableFederationOk: "連合なしにする" invitationRequiredToRegister: "現在このサーバーは招待制です。招待コードをお持ちの方のみ登録できます。" +approvalRequiredToRegister: "このインスタンスは、登録理由を指定したユーザーのみを受け入れています。" emailNotSupported: "このサーバーではメール配信はサポートされていません" postToTheChannel: "チャンネルに投稿" cannotBeChangedLater: "後から変更できません。" @@ -1886,6 +1895,8 @@ _signup: almostThere: "ほとんど完了です" emailAddressInfo: "あなたが使っているメールアドレスを入力してください。メールアドレスが公開されることはありません。" emailSent: "入力されたメールアドレス({email})宛に確認のメールが送信されました。メールに記載されたリンクにアクセスすると、アカウントの作成が完了します。メールに記載されているリンクの有効期限は30分です。" + approvalPending: "アカウントが作成され、承認待ちの状態です。" + reasonInfo: "インスタンスに参加したい理由を入力してください。" _accountDelete: accountDelete: "アカウントの削除" diff --git a/packages/backend/migration/1736372582304-approval.js b/packages/backend/migration/1736372582304-approval.js new file mode 100644 index 000000000..82c025211 --- /dev/null +++ b/packages/backend/migration/1736372582304-approval.js @@ -0,0 +1,22 @@ +/* + * SPDX-FileCopyrightText: syuilo and other misskey contributors + * SPDX-License-Identifier: AGPL-3.0-only + */ + +export class ApprovalSignup1697580470000 { + name = 'ApprovalSignup1697580470000' + + async up(queryRunner) { + await queryRunner.query(`ALTER TABLE "meta" ADD "approvalRequiredForSignup" boolean DEFAULT false NOT NULL`); + await queryRunner.query(`ALTER TABLE "user" ADD "approved" boolean DEFAULT true NOT NULL`); + await queryRunner.query(`ALTER TABLE "user" ADD "signupReason" character varying(1000) NULL`); + await queryRunner.query(`ALTER TABLE "user_pending" ADD "reason" character varying(1000) NULL`); + } + + async down(queryRunner) { + await queryRunner.query(`ALTER TABLE "meta" DROP COLUMN "approvalRequiredForSignup"`); + await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "approved"`); + await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "signupReason"`); + await queryRunner.query(`ALTER TABLE "user_pending" DROP COLUMN "reason"`); + } +} diff --git a/packages/backend/src/core/CreateSystemUserService.ts b/packages/backend/src/core/CreateSystemUserService.ts index 11212bc12..d6add4119 100644 --- a/packages/backend/src/core/CreateSystemUserService.ts +++ b/packages/backend/src/core/CreateSystemUserService.ts @@ -61,6 +61,7 @@ export class CreateSystemUserService { isLocked: true, isExplorable: false, isBot: true, + approved: true, }).then(x => transactionalEntityManager.findOneByOrFail(MiUser, x.identifiers[0])); await transactionalEntityManager.insert(MiUserKeypair, { diff --git a/packages/backend/src/core/SignupService.ts b/packages/backend/src/core/SignupService.ts index 514b0d2b2..3e99beeb7 100644 --- a/packages/backend/src/core/SignupService.ts +++ b/packages/backend/src/core/SignupService.ts @@ -58,9 +58,10 @@ export class SignupService { password?: string | null; passwordHash?: MiUserProfile['password'] | null; host?: string | null; + reason?: string | null; ignorePreservedUsernames?: boolean; }) { - const { username, password, passwordHash, host } = opts; + const { username, password, passwordHash, host, reason } = opts; let hash = passwordHash; // Validate username @@ -93,9 +94,9 @@ export class SignupService { } const isTheFirstUser = !await this.instanceActorService.realLocalUsersPresent(); + const instance = await this.metaService.fetch(true); if (!opts.ignorePreservedUsernames && !isTheFirstUser) { - const instance = await this.metaService.fetch(true); const isPreserved = instance.preservedUsernames.map(x => x.toLowerCase()).includes(username.toLowerCase()); if (isPreserved) { throw new Error('USED_USERNAME'); @@ -128,6 +129,10 @@ export class SignupService { try { let account!: MiUser; + let defaultApproval = false; + + if (!instance.approvalRequiredForSignup) defaultApproval = true; + // Start transaction await this.db.transaction(async transactionalEntityManager => { const exist = await transactionalEntityManager.findOneBy(MiUser, { @@ -144,6 +149,8 @@ export class SignupService { host: host ? this.utilityService.normalizeHost(host) : null, token: secret, isRoot: isTheFirstUser, + approved: defaultApproval, + signupReason: reason, })); await transactionalEntityManager.save(new MiUserKeypair({ diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts index 7016dfa03..a4d0ef60d 100644 --- a/packages/backend/src/core/activitypub/models/ApPersonService.ts +++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts @@ -328,8 +328,8 @@ export class ApPersonService implements OnModuleInit { this.logger.error('error occurred while fetching following/followers collection', { error: err }); } return 'private'; - }) - ) + }), + ), ); const bday = person['vcard:bday']?.match(/^\d{4}-\d{2}-\d{2}/); @@ -378,6 +378,7 @@ export class ApPersonService implements OnModuleInit { alsoKnownAs: person.alsoKnownAs, isExplorable: person.discoverable, username: person.preferredUsername, + approved: true, usernameLower: person.preferredUsername?.toLowerCase(), host, inbox: person.inbox, @@ -526,8 +527,8 @@ export class ApPersonService implements OnModuleInit { return undefined; } return 'private'; - }) - ) + }), + ), ); const bday = person['vcard:bday']?.match(/^\d{4}-\d{2}-\d{2}/); diff --git a/packages/backend/src/core/entities/MetaEntityService.ts b/packages/backend/src/core/entities/MetaEntityService.ts index 28780b8d4..1a77e279f 100644 --- a/packages/backend/src/core/entities/MetaEntityService.ts +++ b/packages/backend/src/core/entities/MetaEntityService.ts @@ -68,6 +68,7 @@ export class MetaEntityService { privacyPolicyUrl: instance.privacyPolicyUrl, disableRegistration: instance.disableRegistration, emailRequiredForSignup: instance.emailRequiredForSignup, + approvalRequiredForSignup: instance.approvalRequiredForSignup, enableHcaptcha: instance.enableHcaptcha, hcaptchaSiteKey: instance.hcaptchaSiteKey, enableMcaptcha: instance.enableMcaptcha, @@ -140,6 +141,7 @@ export class MetaEntityService { globalTimeline: instance.policies.gtlAvailable, registration: !instance.disableRegistration, emailRequiredForSignup: instance.emailRequiredForSignup, + approvalRequiredForSignup: instance.approvalRequiredForSignup, hCaptcha: instance.enableHcaptcha, hcaptcha: instance.enableHcaptcha, mCaptcha: instance.enableMcaptcha, diff --git a/packages/backend/src/core/entities/UserEntityService.ts b/packages/backend/src/core/entities/UserEntityService.ts index e9bf5a397..e366a86b4 100644 --- a/packages/backend/src/core/entities/UserEntityService.ts +++ b/packages/backend/src/core/entities/UserEntityService.ts @@ -614,6 +614,8 @@ export class UserEntityService implements OnModuleInit { ...(opts.includeSecrets ? { email: profile!.email, emailVerified: profile!.emailVerified, + approved: user!.approved, + signupReason: user!.signupReason, securityKeysList: profile!.twoFactorEnabled ? this.userSecurityKeysRepository.find({ where: { diff --git a/packages/backend/src/models/Meta.ts b/packages/backend/src/models/Meta.ts index 649b2c2f9..e639312e6 100644 --- a/packages/backend/src/models/Meta.ts +++ b/packages/backend/src/models/Meta.ts @@ -184,6 +184,11 @@ export class MiMeta { }) public emailRequiredForSignup: boolean; + @Column('boolean', { + default: false, + }) + public approvalRequiredForSignup: boolean; + @Column('boolean', { default: false, }) diff --git a/packages/backend/src/models/User.ts b/packages/backend/src/models/User.ts index 4a16d0397..7db66f1f8 100644 --- a/packages/backend/src/models/User.ts +++ b/packages/backend/src/models/User.ts @@ -261,6 +261,16 @@ export class MiUser { }) public token: string | null; + @Column('boolean', { + default: false, + }) + public approved: boolean; + + @Column('varchar', { + length: 1000, nullable: true, + }) + public signupReason: string | null; + constructor(data: Partial) { if (data == null) return; diff --git a/packages/backend/src/models/UserPending.ts b/packages/backend/src/models/UserPending.ts index 86c671caf..8f0be4625 100644 --- a/packages/backend/src/models/UserPending.ts +++ b/packages/backend/src/models/UserPending.ts @@ -38,4 +38,9 @@ export class MiUserPending { length: 128, }) public password: string; + + @Column('varchar', { + length: 1000, + }) + public reason: string; } diff --git a/packages/backend/src/models/json-schema/meta.ts b/packages/backend/src/models/json-schema/meta.ts index 7314a224d..91dd6fd8b 100644 --- a/packages/backend/src/models/json-schema/meta.ts +++ b/packages/backend/src/models/json-schema/meta.ts @@ -75,6 +75,10 @@ export const packedMetaLiteSchema = { type: 'boolean', optional: false, nullable: false, }, + approvalRequiredForSignup: { + type: 'boolean', + optional: false, nullable: false, + }, enableHcaptcha: { type: 'boolean', optional: false, nullable: false, @@ -275,6 +279,10 @@ export const packedMetaDetailedOnlySchema = { type: 'boolean', optional: false, nullable: false, }, + approvalRequiredForSignup: { + type: 'boolean', + optional: false, nullable: false, + }, localTimeline: { type: 'boolean', optional: false, nullable: false, diff --git a/packages/backend/src/queue/processors/ImportFollowingProcessorService.ts b/packages/backend/src/queue/processors/ImportFollowingProcessorService.ts index 7129bb40d..8346565f6 100644 --- a/packages/backend/src/queue/processors/ImportFollowingProcessorService.ts +++ b/packages/backend/src/queue/processors/ImportFollowingProcessorService.ts @@ -93,6 +93,9 @@ export class ImportFollowingProcessorService { // skip myself if (target.id === job.data.user.id) return; + // skip follows to not approved accounts + if (!target.approved) return; + this.logger.info(`Follow ${target.id} ${job.data.withReplies ? 'with replies' : 'without replies'} ...`); this.queueService.createFollowJob([{ from: user, to: { id: target.id }, silent: true, withReplies: job.data.withReplies }]); diff --git a/packages/backend/src/server/ActivityPubServerService.ts b/packages/backend/src/server/ActivityPubServerService.ts index 276cfcd64..87d0e07e2 100644 --- a/packages/backend/src/server/ActivityPubServerService.ts +++ b/packages/backend/src/server/ActivityPubServerService.ts @@ -684,6 +684,7 @@ export class ActivityPubServerService { usernameLower: request.params.user.toLowerCase(), host: IsNull(), isSuspended: false, + approved: true, }); return await this.userInfo(request, reply, user); diff --git a/packages/backend/src/server/api/EndpointsModule.ts b/packages/backend/src/server/api/EndpointsModule.ts index 924eac7a1..46c4920cc 100644 --- a/packages/backend/src/server/api/EndpointsModule.ts +++ b/packages/backend/src/server/api/EndpointsModule.ts @@ -82,6 +82,8 @@ import * as ep___admin_showUserAccountMoveLogs from './endpoints/admin/show-user import * as ep___admin_showUser from './endpoints/admin/show-user.js'; import * as ep___admin_showUsers from './endpoints/admin/show-users.js'; import * as ep___admin_suspendUser from './endpoints/admin/suspend-user.js'; +import * as ep___admin_approveUser from './endpoints/admin/approve-user.js'; +import * as ep___admin_declineUser from "./endpoints/admin/decline-user.js"; import * as ep___admin_unsuspendUser from './endpoints/admin/unsuspend-user.js'; import * as ep___admin_updateMeta from './endpoints/admin/update-meta.js'; import * as ep___admin_updateUserName from './endpoints/admin/update-user-name.js'; @@ -477,6 +479,8 @@ const $admin_showUserAccountMoveLogs: Provider = { provide: 'ep:admin/show-user- const $admin_showUser: Provider = { provide: 'ep:admin/show-user', useClass: ep___admin_showUser.default }; const $admin_showUsers: Provider = { provide: 'ep:admin/show-users', useClass: ep___admin_showUsers.default }; const $admin_suspendUser: Provider = { provide: 'ep:admin/suspend-user', useClass: ep___admin_suspendUser.default }; +const $admin_approveUser: Provider = { provide: 'ep:admin/approve-user', useClass: ep___admin_approveUser.default }; +const $admin_declineUser: Provider = { provide: 'ep:admin/decline-user', useClass: ep___admin_declineUser.default }; const $admin_unsuspendUser: Provider = { provide: 'ep:admin/unsuspend-user', useClass: ep___admin_unsuspendUser.default }; const $admin_updateMeta: Provider = { provide: 'ep:admin/update-meta', useClass: ep___admin_updateMeta.default }; const $admin_updateUserName: Provider = { provide: 'ep:admin/update-user-name', useClass: ep___admin_updateUserName.default }; @@ -876,6 +880,8 @@ const $reversi_verify: Provider = { provide: 'ep:reversi/verify', useClass: ep__ $admin_showUser, $admin_showUsers, $admin_suspendUser, + $admin_approveUser, + $admin_declineUser, $admin_unsuspendUser, $admin_updateMeta, $admin_updateUserName, @@ -1269,6 +1275,7 @@ const $reversi_verify: Provider = { provide: 'ep:reversi/verify', useClass: ep__ $admin_showUser, $admin_showUsers, $admin_suspendUser, + $admin_approveUser, $admin_unsuspendUser, $admin_updateMeta, $admin_updateUserName, diff --git a/packages/backend/src/server/api/SigninApiService.ts b/packages/backend/src/server/api/SigninApiService.ts index a56a2d85b..4c945bd4d 100644 --- a/packages/backend/src/server/api/SigninApiService.ts +++ b/packages/backend/src/server/api/SigninApiService.ts @@ -79,6 +79,8 @@ export class SigninApiService { reply.header('Access-Control-Allow-Origin', this.config.url); reply.header('Access-Control-Allow-Credentials', 'true'); + const instance = await this.metaService.fetch(true); + const body = request.body; const username = body['username']; const password = body['password']; @@ -132,13 +134,13 @@ export class SigninApiService { emailVerified: true, user: { host: IsNull(), - } + }, } : { user: { usernameLower: username.toLowerCase(), host: IsNull(), - } - } + }, + }, }); const user = (profile?.user as MiLocalUser) ?? null; @@ -163,6 +165,17 @@ export class SigninApiService { }); } + if (!user.approved && instance.approvalRequiredForSignup) { + reply.code(403); + return { + error: { + message: 'The account has not been approved by an admin yet. Try again later.', + code: 'NOT_APPROVED', + id: '22d05606-fbcf-421a-a2db-b32241faft1b', + }, + }; + } + // Compare password const same = await bcrypt.compare(password, profile.password!); @@ -207,6 +220,7 @@ export class SigninApiService { } if (same) { + if (!instance.approvalRequiredForSignup && !user.approved) this.usersRepository.update(user.id, { approved: true }); logger.info('Successfully signed in with password.'); return this.signinService.signin(request, reply, user); } else { @@ -234,6 +248,7 @@ export class SigninApiService { }); } + if (!instance.approvalRequiredForSignup && !user.approved) this.usersRepository.update(user.id, { approved: true }); logger.info('Successfully signed in with password and two-factor token.'); return this.signinService.signin(request, reply, user); } else if (body.credential) { @@ -247,6 +262,7 @@ export class SigninApiService { const authorized = await this.webAuthnService.verifyAuthentication(user.id, body.credential); if (authorized) { + if (!instance.approvalRequiredForSignup && !user.approved) this.usersRepository.update(user.id, { approved: true }); logger.info('Successfully signed in with WebAuthn authentication.'); return this.signinService.signin(request, reply, user); } else { diff --git a/packages/backend/src/server/api/SignupApiService.ts b/packages/backend/src/server/api/SignupApiService.ts index a0f909d93..252920e58 100644 --- a/packages/backend/src/server/api/SignupApiService.ts +++ b/packages/backend/src/server/api/SignupApiService.ts @@ -3,6 +3,7 @@ * SPDX-License-Identifier: AGPL-3.0-only */ +import { randomUUID } from 'node:crypto'; import { Inject, Injectable } from '@nestjs/common'; import bcrypt from 'bcryptjs'; import { IsNull } from 'typeorm'; @@ -21,8 +22,8 @@ import { bindThis } from '@/decorators.js'; import { L_CHARS, secureRndstr } from '@/misc/secure-rndstr.js'; import { LoggerService } from '@/core/LoggerService.js'; import { SigninService } from './SigninService.js'; +import instance from './endpoints/charts/instance.js'; import type { FastifyRequest, FastifyReply } from 'fastify'; -import { randomUUID } from 'node:crypto'; @Injectable() export class SignupApiService { @@ -65,6 +66,7 @@ export class SignupApiService { host?: string; invitationCode?: string; emailAddress?: string; + reason?: string; 'hcaptcha-response'?: string; 'g-recaptcha-response'?: string; 'turnstile-response'?: string; @@ -117,6 +119,7 @@ export class SignupApiService { const password = body['password']; const host: string | null = process.env.NODE_ENV === 'test' ? (body['host'] ?? null) : null; const invitationCode = body['invitationCode']; + const reason = body['reason']; const emailAddress = body['emailAddress']; if (instance.emailRequiredForSignup) { @@ -134,6 +137,13 @@ export class SignupApiService { } } + if (instance.approvalRequiredForSignup) { + if (reason == null || typeof reason !== 'string') { + reply.code(400); + return; + } + } + let ticket: MiRegistrationTicket | null = null; if (instance.disableRegistration) { @@ -211,6 +221,7 @@ export class SignupApiService { email: emailAddress!, username: username, password: hash, + reason: reason, }).then(x => this.userPendingsRepository.findOneByOrFail(x.identifiers[0])); const link = `${this.config.url}/signup-complete/${code}`; @@ -233,9 +244,17 @@ export class SignupApiService { } else { try { const { account, secret } = await this.signupService.signup({ - username, password, host, + username, password, host, reason }); + if (instance.approvalRequiredForSignup) { + if (emailAddress) { + this.emailService.sendEmail(emailAddress, 'Approval pending', + 'Congratulations! Your account is now pending approval. You will get notified when you have been accepted.', + 'Congratulations! Your account is now pending approval. You will get notified when you have been accepted.'); + } + } + const res = await this.userEntityService.pack(account, account, { schema: 'MeDetailed', includeSecrets: true, @@ -272,6 +291,8 @@ export class SignupApiService { const code = body['code']; + const instance = await this.metaService.fetch(true); + try { const pendingUser = await this.userPendingsRepository.findOneByOrFail({ code }); @@ -283,6 +304,7 @@ export class SignupApiService { const { account, secret } = await this.signupService.signup({ username: pendingUser.username, passwordHash: pendingUser.password, + reason: pendingUser.reason, }); this.userPendingsRepository.delete({ @@ -306,6 +328,15 @@ export class SignupApiService { }); } + if (instance.approvalRequiredForSignup) { + if (pendingUser.email) { + this.emailService.sendEmail(pendingUser.email, 'Approval pending', + 'Congratulations! Your account is now pending approval. You will get notified when you have been accepted.', + 'Congratulations! Your account is now pending approval. You will get notified when you have been accepted.'); + } + return { pendingApproval: true }; + } + logger.info('Successfully created user.', { userId: account.id }); return this.signinService.signin(request, reply, account as MiLocalUser); } catch (err) { diff --git a/packages/backend/src/server/api/endpoints.ts b/packages/backend/src/server/api/endpoints.ts index 987228be6..4a7f73329 100644 --- a/packages/backend/src/server/api/endpoints.ts +++ b/packages/backend/src/server/api/endpoints.ts @@ -82,6 +82,8 @@ import * as ep___admin_showUserAccountMoveLogs from './endpoints/admin/show-user import * as ep___admin_showUser from './endpoints/admin/show-user.js'; import * as ep___admin_showUsers from './endpoints/admin/show-users.js'; import * as ep___admin_suspendUser from './endpoints/admin/suspend-user.js'; +import * as ep___admin_approveUser from './endpoints/admin/approve-user.js'; +import * as ep___admin_declineUser from './endpoints/admin/decline-user.js'; import * as ep___admin_unsuspendUser from './endpoints/admin/unsuspend-user.js'; import * as ep___admin_updateMeta from './endpoints/admin/update-meta.js'; import * as ep___admin_updateUserName from './endpoints/admin/update-user-name.js'; @@ -475,6 +477,8 @@ const eps = [ ['admin/show-user', ep___admin_showUser], ['admin/show-users', ep___admin_showUsers], ['admin/suspend-user', ep___admin_suspendUser], + ['admin/approve-user', ep___admin_approveUser], + ['admin/decline-user', ep___admin_declineUser], ['admin/unsuspend-user', ep___admin_unsuspendUser], ['admin/update-meta', ep___admin_updateMeta], ['admin/update-user-name', ep___admin_updateUserName], diff --git a/packages/backend/src/server/api/endpoints/admin/approve-user.ts b/packages/backend/src/server/api/endpoints/admin/approve-user.ts new file mode 100644 index 000000000..53002a71f --- /dev/null +++ b/packages/backend/src/server/api/endpoints/admin/approve-user.ts @@ -0,0 +1,62 @@ +import { Inject, Injectable } from '@nestjs/common'; +import { Endpoint } from '@/server/api/endpoint-base.js'; +import type { UserProfilesRepository, UsersRepository } from '@/models/_.js'; +import { ModerationLogService } from '@/core/ModerationLogService.js'; +import { DI } from '@/di-symbols.js'; +import { EmailService } from '@/core/EmailService.js'; + +export const meta = { + tags: ['admin'], + + requireCredential: true, + requireModerator: true, + kind: 'write:admin:approve-user', +} as const; + +export const paramDef = { + type: 'object', + properties: { + userId: { type: 'string', format: 'misskey:id' }, + }, + required: ['userId'], +} as const; + +@Injectable() +export default class extends Endpoint { // eslint-disable-line import/no-default-export + constructor( + @Inject(DI.usersRepository) + private usersRepository: UsersRepository, + + @Inject(DI.userProfilesRepository) + private userProfilesRepository: UserProfilesRepository, + + private moderationLogService: ModerationLogService, + private emailService: EmailService, + ) { + super(meta, paramDef, async (ps, me) => { + const user = await this.usersRepository.findOneBy({ id: ps.userId }); + + if (user == null) { + throw new Error('user not found'); + } + + const profile = await this.userProfilesRepository.findOneBy({ userId: ps.userId }); + + await this.usersRepository.update(user.id, { + approved: true, + }); + + if (profile?.email) { + this.emailService.sendEmail(profile.email, 'Account Approved', + 'Your Account has been approved have fun socializing!', + 'Your Account has been approved have fun socializing!'); + } + + this.moderationLogService.log(me, 'approve', { + userId: user.id, + userUsername: user.username, + userHost: user.host, + }); + }); + } +} diff --git a/packages/backend/src/server/api/endpoints/admin/decline-user.ts b/packages/backend/src/server/api/endpoints/admin/decline-user.ts new file mode 100644 index 000000000..4c8ccb98b --- /dev/null +++ b/packages/backend/src/server/api/endpoints/admin/decline-user.ts @@ -0,0 +1,79 @@ +import { Inject, Injectable } from '@nestjs/common'; +import { Endpoint } from '@/server/api/endpoint-base.js'; +import type { UsedUsernamesRepository, UserProfilesRepository, UsersRepository } from '@/models/_.js'; +import { ModerationLogService } from '@/core/ModerationLogService.js'; +import { DI } from '@/di-symbols.js'; +import { EmailService } from '@/core/EmailService.js'; +import { DeleteAccountService } from '@/core/DeleteAccountService.js'; + +export const meta = { + tags: ['admin'], + + requireCredential: true, + requireModerator: true, + kind: 'write:admin:decline-user', +} as const; + +export const paramDef = { + type: 'object', + properties: { + userId: { type: 'string', format: 'misskey:id' }, + }, + required: ['userId'], +} as const; + +@Injectable() +export default class extends Endpoint { // eslint-disable-line import/no-default-export + constructor( + @Inject(DI.usersRepository) + private usersRepository: UsersRepository, + + @Inject(DI.userProfilesRepository) + private userProfilesRepository: UserProfilesRepository, + + @Inject(DI.usedUsernamesRepository) + private usedUsernamesRepository: UsedUsernamesRepository, + + private moderationLogService: ModerationLogService, + private emailService: EmailService, + private deleteAccountService: DeleteAccountService, + ) { + super(meta, paramDef, async (ps, me) => { + const user = await this.usersRepository.findOneBy({ id: ps.userId }); + + if (user == null || user.isDeleted) { + throw new Error('user not found or already deleted'); + } + + if (user.approved) { + throw new Error('user is already approved'); + } + + if (user.host) { + throw new Error('user is not local'); + } + + const profile = await this.userProfilesRepository.findOneBy({ userId: ps.userId }); + + if (profile?.email) { + this.emailService.sendEmail(profile.email, 'Account Declined', + 'Your Account has been declined!', + 'Your Account has been declined!'); + } + + await this.usedUsernamesRepository.delete({ username: user.username }); + + + //Actually delete it since the last function doesnt actually delete the account + //Note: Before approval these accounts wont federate so this is totally fine. + await this.usersRepository.delete(user.id); + + + this.moderationLogService.log(me, 'decline', { + userId: user.id, + userUsername: user.username, + userHost: user.host, + }); + }); + } +} diff --git a/packages/backend/src/server/api/endpoints/admin/meta.ts b/packages/backend/src/server/api/endpoints/admin/meta.ts index 2b9f5c6e3..8c7709796 100644 --- a/packages/backend/src/server/api/endpoints/admin/meta.ts +++ b/packages/backend/src/server/api/endpoints/admin/meta.ts @@ -33,6 +33,10 @@ export const meta = { type: 'boolean', optional: false, nullable: false, }, + approvalRequiredForSignup: { + type: 'boolean', + optional: false, nullable: false, + }, enableHcaptcha: { type: 'boolean', optional: false, nullable: false, @@ -552,6 +556,7 @@ export default class extends Endpoint { // eslint- privacyPolicyUrl: instance.privacyPolicyUrl, disableRegistration: instance.disableRegistration, emailRequiredForSignup: instance.emailRequiredForSignup, + approvalRequiredForSignup: instance.approvalRequiredForSignup, enableHcaptcha: instance.enableHcaptcha, hcaptchaSiteKey: instance.hcaptchaSiteKey, enableMcaptcha: instance.enableMcaptcha, diff --git a/packages/backend/src/server/api/endpoints/admin/show-user.ts b/packages/backend/src/server/api/endpoints/admin/show-user.ts index f2c40541f..930bccef4 100644 --- a/packages/backend/src/server/api/endpoints/admin/show-user.ts +++ b/packages/backend/src/server/api/endpoints/admin/show-user.ts @@ -180,7 +180,7 @@ export const meta = { memo: { type: 'string', optional: false, nullable: true, - } + }, }, }, }, @@ -240,6 +240,8 @@ export default class extends Endpoint { // eslint- return { email: profile.email, emailVerified: profile.emailVerified, + approved: user.approved, + signupReason: user.signupReason, autoAcceptFollowed: profile.autoAcceptFollowed, noCrawle: profile.noCrawle, preventAiLearning: profile.preventAiLearning, diff --git a/packages/backend/src/server/api/endpoints/admin/show-users.ts b/packages/backend/src/server/api/endpoints/admin/show-users.ts index 424212ba2..685da928e 100644 --- a/packages/backend/src/server/api/endpoints/admin/show-users.ts +++ b/packages/backend/src/server/api/endpoints/admin/show-users.ts @@ -35,7 +35,7 @@ export const paramDef = { limit: { type: 'integer', minimum: 1, maximum: 100, default: 10 }, offset: { type: 'integer', default: 0 }, sort: { type: 'string', enum: ['+follower', '-follower', '+createdAt', '-createdAt', '+updatedAt', '-updatedAt', '+lastActiveDate', '-lastActiveDate'] }, - state: { type: 'string', enum: ['all', 'alive', 'available', 'admin', 'moderator', 'adminOrModerator', 'suspended'], default: 'all' }, + state: { type: 'string', enum: ['all', 'alive', 'available', 'admin', 'moderator', 'adminOrModerator', 'suspended', 'approved'], default: 'all' }, origin: { type: 'string', enum: ['combined', 'local', 'remote'], default: 'combined' }, username: { type: 'string', nullable: true, default: null }, hostname: { @@ -64,6 +64,7 @@ export default class extends Endpoint { // eslint- case 'available': query.where('user.isSuspended = FALSE'); break; case 'alive': query.where('user.updatedAt > :date', { date: new Date(Date.now() - 1000 * 60 * 60 * 24 * 5) }); break; case 'suspended': query.where('user.isSuspended = TRUE'); break; + case 'approved': query.where('user.approved = FALSE'); break; case 'admin': { const adminIds = await this.roleService.getAdministratorIds(); if (adminIds.length === 0) return []; diff --git a/packages/backend/src/server/api/endpoints/admin/update-meta.ts b/packages/backend/src/server/api/endpoints/admin/update-meta.ts index 73b20bf42..6b4cb8521 100644 --- a/packages/backend/src/server/api/endpoints/admin/update-meta.ts +++ b/packages/backend/src/server/api/endpoints/admin/update-meta.ts @@ -65,6 +65,7 @@ export const paramDef = { cacheRemoteFiles: { type: 'boolean' }, cacheRemoteSensitiveFiles: { type: 'boolean' }, emailRequiredForSignup: { type: 'boolean' }, + approvalRequiredForSignup: { type: 'boolean' }, enableHcaptcha: { type: 'boolean' }, hcaptchaSiteKey: { type: 'string', nullable: true }, hcaptchaSecretKey: { type: 'string', nullable: true }, @@ -323,6 +324,10 @@ export default class extends Endpoint { // eslint- set.emailRequiredForSignup = ps.emailRequiredForSignup; } + if (ps.approvalRequiredForSignup !== undefined) { + set.approvalRequiredForSignup = ps.approvalRequiredForSignup; + } + if (ps.enableHcaptcha !== undefined) { set.enableHcaptcha = ps.enableHcaptcha; } diff --git a/packages/backend/src/server/api/endpoints/following/create.ts b/packages/backend/src/server/api/endpoints/following/create.ts index 3c27af604..5340901d3 100644 --- a/packages/backend/src/server/api/endpoints/following/create.ts +++ b/packages/backend/src/server/api/endpoints/following/create.ts @@ -35,6 +35,12 @@ export const meta = { id: 'fcd2eef9-a9b2-4c4f-8624-038099e90aa5', }, + unapprovedUser: { + message: 'The user has not been approved yet.', + code: 'UNAPPROVED_USER', + id: '8d66f136-b3e1-48fd-92c4-30ecfd7fdb7a', + }, + followeeIsYourself: { message: 'Followee is yourself.', code: 'FOLLOWEE_IS_YOURSELF', @@ -101,15 +107,25 @@ export default class extends Endpoint { // eslint- } // Get followee - const followee = await this.getterService.getUser(ps.userId).catch(err => { - if (err.id === '15348ddd-432d-49c2-8a5a-8069753becff') throw new ApiError(meta.errors.noSuchUser); + let followee; + try { + followee = await this.getterService.getUser(ps.userId); + } catch (err: any) { + if (err.id === '15348ddd-432d-49c2-8a5a-8069753becff') { + throw new ApiError(meta.errors.noSuchUser); + } throw err; - }); + } if ( me.isBot && followee.isBot ) { throw new ApiError(meta.errors.followingAnotherBot); } + const isLocalUser = followee.uri == null; + if (!followee.approved && isLocalUser) { + throw new ApiError(meta.errors.unapprovedUser); + } + try { await this.userFollowingService.follow(follower, followee, { withReplies: ps.withReplies }); } catch (e) { diff --git a/packages/backend/src/types.ts b/packages/backend/src/types.ts index e125b074f..2cea3da7a 100644 --- a/packages/backend/src/types.ts +++ b/packages/backend/src/types.ts @@ -54,6 +54,8 @@ export const followersVisibilities = ['public', 'followers', 'private'] as const export const moderationLogTypes = [ 'updateServerSettings', 'suspend', + 'approve', + 'decline', 'unsuspend', 'updateUserName', 'updateUserNote', @@ -111,6 +113,16 @@ export type ModerationLogPayloads = { userUsername: string; userHost: string | null; }; + approve: { + userId: string; + userUsername: string; + userHost: string | null; + }; + decline: { + userId: string; + userUsername: string; + userHost: string | null; + } unsuspend: { userId: string; userUsername: string; diff --git a/packages/frontend/src/components/MkSignupDialog.form.vue b/packages/frontend/src/components/MkSignupDialog.form.vue index 3dbbb5e87..f72b0a332 100644 --- a/packages/frontend/src/components/MkSignupDialog.form.vue +++ b/packages/frontend/src/components/MkSignupDialog.form.vue @@ -45,6 +45,10 @@ SPDX-License-Identifier: AGPL-3.0-only {{ i18n.ts.error }} + + + + @@ -85,6 +89,7 @@ const props = withDefaults(defineProps<{ const emit = defineEmits<{ (ev: 'signup', user: Misskey.entities.SigninResponse): void; (ev: 'signupEmailPending'): void; + (ev: 'approvalPending'): void; }>(); const host = toUnicode(config.host); @@ -97,6 +102,7 @@ const turnstile = ref(); const username = ref(''); const password = shallowRef | null>(null); const invitationCode = ref(''); +let reason = ref(''); const email = ref(''); const usernameState = ref(null); const emailState = ref(null); @@ -195,6 +201,7 @@ async function onSubmit(): Promise { password: password.value.password, emailAddress: email.value, invitationCode: invitationCode.value, + reason: reason.value, 'hcaptcha-response': hCaptchaResponse.value, 'm-captcha-response': mCaptchaResponse.value, 'g-recaptcha-response': reCaptchaResponse.value, @@ -207,6 +214,13 @@ async function onSubmit(): Promise { text: i18n.tsx._signup.emailSent({ email: email.value }), }); emit('signupEmailPending'); + } else if (instance.approvalRequiredForSignup) { + os.alert({ + type: 'success', + title: i18n.ts._signup.almostThere, + text: i18n.ts._signup.approvalPending, + }); + emit('approvalPending'); } else { emit('signup', { id: res.id, i: res.token }); diff --git a/packages/frontend/src/components/MkSignupDialog.vue b/packages/frontend/src/components/MkSignupDialog.vue index 4f75a36fb..3ebf0a67f 100644 --- a/packages/frontend/src/components/MkSignupDialog.vue +++ b/packages/frontend/src/components/MkSignupDialog.vue @@ -25,7 +25,7 @@ SPDX-License-Identifier: AGPL-3.0-only @@ -69,6 +69,10 @@ function onSignup(res: Misskey.entities.SignupResponse) { function onSignupEmailPending() { dialog.value?.close(); } + +function onApprovalPending() { + dialog.value?.close(); +} diff --git a/packages/frontend/src/components/MkVisitorDashboard.vue b/packages/frontend/src/components/MkVisitorDashboard.vue index 534b21c83..fb97a6ea0 100644 --- a/packages/frontend/src/components/MkVisitorDashboard.vue +++ b/packages/frontend/src/components/MkVisitorDashboard.vue @@ -21,6 +21,9 @@ SPDX-License-Identifier: AGPL-3.0-only
{{ i18n.ts.invitationRequiredToRegister }}
+
+ {{ i18n.ts.approvalRequiredToRegister }} +
{{ i18n.ts.joinThisServer }} {{ i18n.ts.exploreOtherServers }} diff --git a/packages/frontend/src/components/SkApprovalUser.vue b/packages/frontend/src/components/SkApprovalUser.vue new file mode 100644 index 000000000..f2303c2da --- /dev/null +++ b/packages/frontend/src/components/SkApprovalUser.vue @@ -0,0 +1,110 @@ + + + + + + + diff --git a/packages/frontend/src/pages/admin-user.vue b/packages/frontend/src/pages/admin-user.vue index 90172191b..49f6531c0 100644 --- a/packages/frontend/src/pages/admin-user.vue +++ b/packages/frontend/src/pages/admin-user.vue @@ -15,6 +15,8 @@ SPDX-License-Identifier: AGPL-3.0-only @{{ acct(user) }} + {{ i18n.ts.notApproved }} + {{ i18n.ts.approved }} Admin Moderator Silenced @@ -219,6 +221,20 @@ SPDX-License-Identifier: AGPL-3.0-only
+ +
+ + + + + + + + + + {{ i18n.ts.approveAccount }} + {{ i18n.ts.denyAccount }} +
@@ -267,10 +283,13 @@ const ap = ref(null); const admin = ref(false); const moderator = ref(false); const silenced = ref(false); +const approved = ref(false); const limited = ref(false); const suspended = ref(false); const deleted = ref(false); const moderationNote = ref(''); +const signupReason = ref(''); + const filesPagination = { endpoint: 'admin/drive/files' as const, limit: 10, @@ -303,10 +322,12 @@ function createFetcher() { admin.value = info.value.isAdmin; moderator.value = info.value.isModerator; silenced.value = info.value.isSilenced; + approved.value = info.value.approved; limited.value = info.value.isLimited; suspended.value = info.value.isSuspended; deleted.value = info.value.isDeleted; moderationNote.value = info.value.moderationNote; + signupReason.value = info.value.signupReason; watch(moderationNote, async () => { await misskeyApi('admin/update-user-note', { @@ -470,6 +491,21 @@ async function deleteAccount(soft: boolean) { } } +async function approveAccount() { + const confirm = await os.confirm({ + type: 'warning', + text: i18n.ts.approveConfirm, + }); + if (confirm.canceled) return; + + await os.apiWithDialog('admin/approve-user', { + type: 'warning', + text: i18n.ts.approveConfirm, + userId: user.value.id, + }); + await refreshUser(); +} + async function assignRole() { const roles = await misskeyApi('admin/roles/list'); @@ -573,35 +609,79 @@ watch(user, () => { const headerActions = computed(() => []); -const headerTabs = computed(() => [{ - key: 'overview', - title: i18n.ts.overview, - icon: 'ti ti-info-circle', -}, { - key: 'roles', - title: i18n.ts.roles, - icon: 'ti ti-badges', -}, { - key: 'announcements', - title: i18n.ts.announcements, - icon: 'ti ti-speakerphone', -}, { - key: 'drive', - title: i18n.ts.drive, - icon: 'ti ti-cloud', -}, { - key: 'chart', - title: i18n.ts.charts, - icon: 'ti ti-chart-line', -}, { - key: 'activitypub', - title: 'ActivityPub', - icon: 'ti ti-share', -}, { - key: 'raw', - title: 'Raw', - icon: 'ti ti-code', -}]); +const headerTabs = computed(() => iAmAdmin && !approved.value ? + [ + { + key: 'overview', + title: i18n.ts.overview, + icon: 'ti ti-info-circle', + }, + { + key: 'roles', + title: i18n.ts.roles, + icon: 'ti ti-badges', + }, + { + key: 'announcements', + title: i18n.ts.announcements, + icon: 'ti ti-speakerphone', + }, + { + key: 'drive', + title: i18n.ts.drive, + icon: 'ti ti-cloud', + }, + { + key: 'chart', + title: i18n.ts.charts, + icon: 'ti ti-chart-line', + }, + { + key: 'activitypub', + title: 'ActivityPub', + icon: 'ti ti-share', + }, + { + key: 'raw', + title: 'Raw', + icon: 'ti ti-code', + }, + { + key: 'approval', + title: 'Approval', + icon: 'ti ti-scan-eye', + } + ] : [ + { + key: 'overview', + title: i18n.ts.overview, + icon: 'ti ti-info-circle', + }, { + key: 'roles', + title: i18n.ts.roles, + icon: 'ti ti-badges', + }, { + key: 'announcements', + title: i18n.ts.announcements, + icon: 'ti ti-speakerphone', + }, { + key: 'drive', + title: i18n.ts.drive, + icon: 'ti ti-cloud', + }, { + key: 'chart', + title: i18n.ts.charts, + icon: 'ti ti-chart-line', + }, { + key: 'activitypub', + title: 'ActivityPub', + icon: 'ti ti-share', + }, { + key: 'raw', + title: 'Raw', + icon: 'ti ti-code', + }, + ]); definePageMetadata(() => ({ title: user.value ? acct(user.value) : i18n.ts.userInfo, @@ -769,4 +849,16 @@ definePageMetadata(() => ({ border-bottom: none; } } + +.casdwq { + .silenced { + color: var(--warn); + border-color: var(--warn); + } + + .moderator { + color: var(--success); + border-color: var(--success); + } +} diff --git a/packages/frontend/src/pages/admin/approvals.vue b/packages/frontend/src/pages/admin/approvals.vue new file mode 100644 index 000000000..ad76a988c --- /dev/null +++ b/packages/frontend/src/pages/admin/approvals.vue @@ -0,0 +1,74 @@ + + + + + + + diff --git a/packages/frontend/src/pages/admin/index.vue b/packages/frontend/src/pages/admin/index.vue index 8bee42d4f..5b4fbcb69 100644 --- a/packages/frontend/src/pages/admin/index.vue +++ b/packages/frontend/src/pages/admin/index.vue @@ -16,6 +16,7 @@ SPDX-License-Identifier: AGPL-3.0-only {{ i18n.ts.noMaintainerInformationWarning }} {{ i18n.ts.configure }} {{ i18n.ts.noBotProtectionWarning }} {{ i18n.ts.configure }} {{ i18n.ts.noEmailServerWarning }} {{ i18n.ts.configure }} + {{ i18n.ts.pendingUserApprovals }} {{ i18n.ts.check }} @@ -61,6 +62,7 @@ let noMaintainerInformation = isEmpty(instance.maintainerName) || isEmpty(instan let noBotProtection = !instance.disableRegistration && !instance.enableHcaptcha && !instance.enableRecaptcha && !instance.enableTurnstile; let noEmailServer = !instance.enableEmail; const thereIsUnresolvedAbuseReport = ref(false); +const pendingUserApprovals = ref(false); const currentPage = computed(() => router.currentRef.value.child); misskeyApi('admin/abuse-user-reports', { @@ -70,6 +72,14 @@ misskeyApi('admin/abuse-user-reports', { if (reports.length > 0) thereIsUnresolvedAbuseReport.value = true; }); +misskeyApi('admin/show-users', { + state: 'approved', + origin: 'local', + limit: 1, +}).then(approvals => { + if (approvals.length > 0) pendingUserApprovals.value = true; +}); + const NARROW_THRESHOLD = 600; const ro = new ResizeObserver((entries, observer) => { if (entries.length === 0) return; @@ -107,6 +117,11 @@ const menuDef = computed(() => [{ to: '/admin/invites', active: currentPage.value?.route.name === 'invites', }, { + icon: 'ti ti-user-scan', + text: i18n.ts.approvals, + to: '/admin/approvals', + active: currentPage.value?.route.name === 'approvals', + }, { icon: 'ti ti-badges', text: i18n.ts.roles, to: '/admin/roles', diff --git a/packages/frontend/src/pages/admin/moderation.vue b/packages/frontend/src/pages/admin/moderation.vue index e156d1253..6d691c365 100644 --- a/packages/frontend/src/pages/admin/moderation.vue +++ b/packages/frontend/src/pages/admin/moderation.vue @@ -18,6 +18,10 @@ SPDX-License-Identifier: AGPL-3.0-only + + + + {{ i18n.ts.serverRules }} @@ -90,6 +94,7 @@ import FormLink from '@/components/form/link.vue'; const enableRegistration = ref(false); const emailRequiredForSignup = ref(false); +const approvalRequiredForSignup: boolean = ref(false); const sensitiveWords = ref(''); const prohibitedWords = ref(''); const hiddenTags = ref(''); @@ -103,6 +108,7 @@ async function init() { const meta = await misskeyApi('admin/meta'); enableRegistration.value = !meta.disableRegistration; emailRequiredForSignup.value = meta.emailRequiredForSignup; + approvalRequiredForSignup.value = meta.approvalRequiredForSignup; sensitiveWords.value = meta.sensitiveWords.join('\n'); prohibitedWords.value = meta.prohibitedWords.join('\n'); hiddenTags.value = meta.hiddenTags.join('\n'); @@ -117,6 +123,7 @@ function save() { os.apiWithDialog('admin/update-meta', { disableRegistration: !enableRegistration.value, emailRequiredForSignup: emailRequiredForSignup.value, + approvalRequiredForSignup: approvalRequiredForSignup.value, tosUrl: tosUrl.value, privacyPolicyUrl: privacyPolicyUrl.value, sensitiveWords: sensitiveWords.value.split('\n'), diff --git a/packages/frontend/src/pages/admin/modlog.ModLog.vue b/packages/frontend/src/pages/admin/modlog.ModLog.vue index 849bbc6e7..d520e9b77 100644 --- a/packages/frontend/src/pages/admin/modlog.ModLog.vue +++ b/packages/frontend/src/pages/admin/modlog.ModLog.vue @@ -10,7 +10,7 @@ SPDX-License-Identifier: AGPL-3.0-only :class="{ [$style.logGreen]: ['createRole', 'addCustomEmoji', 'createGlobalAnnouncement', 'createUserAnnouncement', 'createAd', 'createInvitation', 'createAvatarDecoration'].includes(log.type), [$style.logYellow]: ['markSensitiveDriveFile', 'resetPassword', 'regenerateUserToken', 'updateUserName', 'unsetUserAvatar', 'unsetUserBanner', 'unsetUserMutualLink'].includes(log.type), - [$style.logRed]: ['suspend', 'deleteRole', 'suspendRemoteInstance', 'deleteGlobalAnnouncement', 'deleteUserAnnouncement', 'deleteCustomEmoji', 'deleteNote', 'deleteDriveFile', 'deleteAd', 'deleteAvatarDecoration'].includes(log.type) + [$style.logRed]: ['suspend', 'approve', 'deleteRole', 'suspendRemoteInstance', 'deleteGlobalAnnouncement', 'deleteUserAnnouncement', 'deleteCustomEmoji', 'deleteNote', 'deleteDriveFile', 'deleteAd', 'deleteAvatarDecoration'].includes(log.type) }" >{{ i18n.ts._moderationLogTypes[log.type] }} : @{{ log.info.userUsername }}{{ log.info.userHost ? '@' + log.info.userHost : '' }} @@ -19,6 +19,7 @@ SPDX-License-Identifier: AGPL-3.0-only : @{{ log.info.userUsername }}{{ log.info.userHost ? '@' + log.info.userHost : '' }} : @{{ log.info.userUsername }}{{ log.info.userHost ? '@' + log.info.userHost : '' }} : @{{ log.info.userUsername }}{{ log.info.userHost ? '@' + log.info.userHost : '' }} + : @{{ log.info.userUsername }}{{ log.info.userHost ? '@' + log.info.userHost : '' }} : @{{ log.info.userUsername }}{{ log.info.userHost ? '@' + log.info.userHost : '' }} : @{{ log.info.userUsername }}{{ log.info.userHost ? '@' + log.info.userHost : '' }} : @{{ log.info.userUsername }}{{ log.info.userHost ? '@' + log.info.userHost : '' }} @@ -79,6 +80,9 @@ SPDX-License-Identifier: AGPL-3.0-only + diff --git a/packages/frontend/src/pages/signup-complete.vue b/packages/frontend/src/pages/signup-complete.vue index 8c2f7042c..226f08bf8 100644 --- a/packages/frontend/src/pages/signup-complete.vue +++ b/packages/frontend/src/pages/signup-complete.vue @@ -46,6 +46,13 @@ function submit() { misskeyApi('signup-pending', { code: props.code, }).then(res => { + if (res.pendingApproval) { + return os.alert({ + type: 'success', + title: i18n.ts._signup.almostThere, + text: i18n.ts._signup.approvalPending, + }); + } return login(res.i, '/'); }).catch(() => { submitting.value = false; diff --git a/packages/frontend/src/router/definition.ts b/packages/frontend/src/router/definition.ts index 456baaf78..3a3f646e8 100644 --- a/packages/frontend/src/router/definition.ts +++ b/packages/frontend/src/router/definition.ts @@ -483,10 +483,14 @@ const routes: RouteDef[] = [{ name: 'invites', component: page(() => import('@/pages/admin/invites.vue')), }, { + path: '/approvals', + name: 'approvals', + component: page(() => import('@/pages/admin/approvals.vue')), + }, { path: '/', component: page(() => import('@/pages/_empty_.vue')), }], -}, { +},{ path: '/my/notifications', component: page(() => import('@/pages/notifications.vue')), loginRequired: true, diff --git a/packages/misskey-js/etc/misskey-js.api.md b/packages/misskey-js/etc/misskey-js.api.md index 9f3e57a47..abb76efd2 100644 --- a/packages/misskey-js/etc/misskey-js.api.md +++ b/packages/misskey-js/etc/misskey-js.api.md @@ -116,6 +116,9 @@ type AdminAnnouncementsListResponse = operations['admin___announcements___list'] // @public (undocumented) type AdminAnnouncementsUpdateRequest = operations['admin___announcements___update']['requestBody']['content']['application/json']; +// @public (undocumented) +type AdminApproveUserRequest = operations['admin___approve-user']['requestBody']['content']['application/json']; + // @public (undocumented) type AdminAvatarDecorationsCreateRequest = operations['admin___avatar-decorations___create']['requestBody']['content']['application/json']; @@ -134,6 +137,9 @@ type AdminAvatarDecorationsListResponse = operations['admin___avatar-decorations // @public (undocumented) type AdminAvatarDecorationsUpdateRequest = operations['admin___avatar-decorations___update']['requestBody']['content']['application/json']; +// @public (undocumented) +type AdminDeclineUserRequest = operations['admin___decline-user']['requestBody']['content']['application/json']; + // @public (undocumented) type AdminDriveDeleteAllFilesOfAUserRequest = operations['admin___drive___delete-all-files-of-a-user']['requestBody']['content']['application/json']; @@ -1325,6 +1331,8 @@ declare namespace entities { AdminShowUsersRequest, AdminShowUsersResponse, AdminSuspendUserRequest, + AdminApproveUserRequest, + AdminDeclineUserRequest, AdminUnsuspendUserRequest, AdminUpdateMetaRequest, AdminUpdateUserNameRequest, @@ -2544,7 +2552,7 @@ type ModerationLog = { }); // @public (undocumented) -export const moderationLogTypes: readonly ["updateServerSettings", "suspend", "unsuspend", "updateUserName", "updateUserNote", "addCustomEmoji", "updateCustomEmoji", "deleteCustomEmoji", "assignRole", "unassignRole", "createRole", "updateRole", "deleteRole", "clearQueue", "promoteQueue", "deleteDriveFile", "deleteNote", "createGlobalAnnouncement", "createUserAnnouncement", "updateGlobalAnnouncement", "updateUserAnnouncement", "deleteGlobalAnnouncement", "deleteUserAnnouncement", "resetPassword", "regenerateUserToken", "suspendRemoteInstance", "unsuspendRemoteInstance", "updateRemoteInstanceNote", "markSensitiveDriveFile", "unmarkSensitiveDriveFile", "resolveAbuseReport", "createInvitation", "createAd", "updateAd", "deleteAd", "createIndieAuthClient", "updateIndieAuthClient", "deleteIndieAuthClient", "createSSOServiceProvider", "updateSSOServiceProvider", "deleteSSOServiceProvider", "createAvatarDecoration", "updateAvatarDecoration", "deleteAvatarDecoration", "unsetUserAvatar", "unsetUserBanner", "unsetUserMutualBanner"]; +export const moderationLogTypes: readonly ["updateServerSettings", "suspend", "approve", "decline", "unsuspend", "updateUserName", "updateUserNote", "addCustomEmoji", "updateCustomEmoji", "deleteCustomEmoji", "assignRole", "unassignRole", "createRole", "updateRole", "deleteRole", "clearQueue", "promoteQueue", "deleteDriveFile", "deleteNote", "createGlobalAnnouncement", "createUserAnnouncement", "updateGlobalAnnouncement", "updateUserAnnouncement", "deleteGlobalAnnouncement", "deleteUserAnnouncement", "resetPassword", "regenerateUserToken", "suspendRemoteInstance", "unsuspendRemoteInstance", "updateRemoteInstanceNote", "markSensitiveDriveFile", "unmarkSensitiveDriveFile", "resolveAbuseReport", "createInvitation", "createAd", "updateAd", "deleteAd", "createIndieAuthClient", "updateIndieAuthClient", "deleteIndieAuthClient", "createSSOServiceProvider", "updateSSOServiceProvider", "deleteSSOServiceProvider", "createAvatarDecoration", "updateAvatarDecoration", "deleteAvatarDecoration", "unsetUserAvatar", "unsetUserBanner", "unsetUserMutualBanner"]; // @public (undocumented) type MuteCreateRequest = operations['mute___create']['requestBody']['content']['application/json']; @@ -2796,7 +2804,7 @@ type PagesUpdateRequest = operations['pages___update']['requestBody']['content'] function parse(acct: string): Acct; // @public (undocumented) -export const permissions: readonly ["read:account", "write:account", "read:blocks", "write:blocks", "read:drive", "write:drive", "read:favorites", "write:favorites", "read:following", "write:following", "read:messaging", "write:messaging", "read:mutes", "write:mutes", "write:notes", "read:notifications", "write:notifications", "read:reactions", "write:reactions", "write:votes", "read:pages", "write:pages", "write:page-likes", "read:page-likes", "read:user-groups", "write:user-groups", "read:channels", "write:channels", "read:gallery", "write:gallery", "read:gallery-likes", "write:gallery-likes", "read:flash", "write:flash", "read:flash-likes", "write:flash-likes", "read:admin:abuse-user-reports", "read:admin:abuse-report-resolvers", "write:admin:abuse-report-resolvers", "read:admin:index-stats", "read:admin:table-stats", "read:admin:user-ips", "read:admin:meta", "write:admin:reset-password", "write:admin:regenerate-user-token", "write:admin:resolve-abuse-user-report", "write:admin:send-email", "read:admin:server-info", "read:admin:show-moderation-log", "read:admin:show-account-move-log", "read:admin:show-user", "read:admin:show-users", "write:admin:suspend-user", "write:admin:unsuspend-user", "write:admin:meta", "write:admin:user-name", "write:admin:user-note", "write:admin:user-avatar", "write:admin:user-banner", "write:admin:user-mutual-link", "write:admin:roles", "read:admin:roles", "write:admin:relays", "read:admin:relays", "write:admin:invite-codes", "read:admin:invite-codes", "write:admin:announcements", "read:admin:announcements", "write:admin:avatar-decorations", "read:admin:avatar-decorations", "write:admin:federation", "write:admin:indie-auth", "read:admin:indie-auth", "write:admin:account", "read:admin:account", "write:admin:emoji", "read:admin:emoji", "write:admin:queue", "read:admin:queue", "write:admin:promo", "write:admin:drive", "read:admin:drive", "write:admin:sso", "read:admin:sso", "write:admin:ad", "read:admin:ad", "write:invite-codes", "read:invite-codes", "write:clip-favorite", "read:clip-favorite", "read:federation", "write:report-abuse"]; +export const permissions: readonly ["read:account", "write:account", "read:blocks", "write:blocks", "read:drive", "write:drive", "read:favorites", "write:favorites", "read:following", "write:following", "read:messaging", "write:messaging", "read:mutes", "write:mutes", "write:notes", "read:notifications", "write:notifications", "read:reactions", "write:reactions", "write:votes", "read:pages", "write:pages", "write:page-likes", "read:page-likes", "read:user-groups", "write:user-groups", "read:channels", "write:channels", "read:gallery", "write:gallery", "read:gallery-likes", "write:gallery-likes", "read:flash", "write:flash", "read:flash-likes", "write:flash-likes", "read:admin:abuse-user-reports", "read:admin:abuse-report-resolvers", "write:admin:abuse-report-resolvers", "read:admin:index-stats", "read:admin:table-stats", "read:admin:user-ips", "read:admin:meta", "write:admin:reset-password", "write:admin:regenerate-user-token", "write:admin:resolve-abuse-user-report", "write:admin:send-email", "read:admin:server-info", "read:admin:show-moderation-log", "read:admin:show-account-move-log", "read:admin:show-user", "read:admin:show-users", "write:admin:suspend-user", "write:admin:approve-user", "write:admin:decline-user", "write:admin:unsuspend-user", "write:admin:meta", "write:admin:user-name", "write:admin:user-note", "write:admin:user-avatar", "write:admin:user-banner", "write:admin:user-mutual-link", "write:admin:roles", "read:admin:roles", "write:admin:relays", "read:admin:relays", "write:admin:invite-codes", "read:admin:invite-codes", "write:admin:announcements", "read:admin:announcements", "write:admin:avatar-decorations", "read:admin:avatar-decorations", "write:admin:federation", "write:admin:indie-auth", "read:admin:indie-auth", "write:admin:account", "read:admin:account", "write:admin:emoji", "read:admin:emoji", "write:admin:queue", "read:admin:queue", "write:admin:promo", "write:admin:drive", "read:admin:drive", "write:admin:sso", "read:admin:sso", "write:admin:ad", "read:admin:ad", "write:invite-codes", "read:invite-codes", "write:clip-favorite", "read:clip-favorite", "read:federation", "write:report-abuse"]; // @public (undocumented) type PingResponse = operations['ping']['responses']['200']['content']['application/json']; diff --git a/packages/misskey-js/src/autogen/apiClientJSDoc.ts b/packages/misskey-js/src/autogen/apiClientJSDoc.ts index 0b8ee2473..a94e09048 100644 --- a/packages/misskey-js/src/autogen/apiClientJSDoc.ts +++ b/packages/misskey-js/src/autogen/apiClientJSDoc.ts @@ -840,6 +840,28 @@ declare module '../api.js' { credential?: string | null, ): Promise>; + /** + * No description provided. + * + * **Credential required**: *Yes* / **Permission**: *write:admin:approve-user* + */ + request( + endpoint: E, + params: P, + credential?: string | null, + ): Promise>; + + /** + * No description provided. + * + * **Credential required**: *Yes* / **Permission**: *write:admin:decline-user* + */ + request( + endpoint: E, + params: P, + credential?: string | null, + ): Promise>; + /** * No description provided. * diff --git a/packages/misskey-js/src/autogen/endpoint.ts b/packages/misskey-js/src/autogen/endpoint.ts index 246d2c99b..f4988ad39 100644 --- a/packages/misskey-js/src/autogen/endpoint.ts +++ b/packages/misskey-js/src/autogen/endpoint.ts @@ -103,6 +103,8 @@ import type { AdminShowUsersRequest, AdminShowUsersResponse, AdminSuspendUserRequest, + AdminApproveUserRequest, + AdminDeclineUserRequest, AdminUnsuspendUserRequest, AdminUpdateMetaRequest, AdminUpdateUserNameRequest, @@ -667,6 +669,8 @@ export type Endpoints = { 'admin/show-user': { req: AdminShowUserRequest; res: AdminShowUserResponse }; 'admin/show-users': { req: AdminShowUsersRequest; res: AdminShowUsersResponse }; 'admin/suspend-user': { req: AdminSuspendUserRequest; res: EmptyResponse }; + 'admin/approve-user': { req: AdminApproveUserRequest; res: EmptyResponse }; + 'admin/decline-user': { req: AdminDeclineUserRequest; res: EmptyResponse }; 'admin/unsuspend-user': { req: AdminUnsuspendUserRequest; res: EmptyResponse }; 'admin/update-meta': { req: AdminUpdateMetaRequest; res: EmptyResponse }; 'admin/update-user-name': { req: AdminUpdateUserNameRequest; res: EmptyResponse }; diff --git a/packages/misskey-js/src/autogen/entities.ts b/packages/misskey-js/src/autogen/entities.ts index b26acb1fa..3f060c12d 100644 --- a/packages/misskey-js/src/autogen/entities.ts +++ b/packages/misskey-js/src/autogen/entities.ts @@ -106,6 +106,8 @@ export type AdminShowUserResponse = operations['admin___show-user']['responses'] export type AdminShowUsersRequest = operations['admin___show-users']['requestBody']['content']['application/json']; export type AdminShowUsersResponse = operations['admin___show-users']['responses']['200']['content']['application/json']; export type AdminSuspendUserRequest = operations['admin___suspend-user']['requestBody']['content']['application/json']; +export type AdminApproveUserRequest = operations['admin___approve-user']['requestBody']['content']['application/json']; +export type AdminDeclineUserRequest = operations['admin___decline-user']['requestBody']['content']['application/json']; export type AdminUnsuspendUserRequest = operations['admin___unsuspend-user']['requestBody']['content']['application/json']; export type AdminUpdateMetaRequest = operations['admin___update-meta']['requestBody']['content']['application/json']; export type AdminUpdateUserNameRequest = operations['admin___update-user-name']['requestBody']['content']['application/json']; diff --git a/packages/misskey-js/src/autogen/types.ts b/packages/misskey-js/src/autogen/types.ts index 8a5d1829a..4f234263d 100644 --- a/packages/misskey-js/src/autogen/types.ts +++ b/packages/misskey-js/src/autogen/types.ts @@ -697,6 +697,24 @@ export type paths = { */ post: operations['admin___suspend-user']; }; + '/admin/approve-user': { + /** + * admin/approve-user + * @description No description provided. + * + * **Credential required**: *Yes* / **Permission**: *write:admin:approve-user* + */ + post: operations['admin___approve-user']; + }; + '/admin/decline-user': { + /** + * admin/decline-user + * @description No description provided. + * + * **Credential required**: *Yes* / **Permission**: *write:admin:decline-user* + */ + post: operations['admin___decline-user']; + }; '/admin/unsuspend-user': { /** * admin/unsuspend-user @@ -5111,6 +5129,7 @@ export type components = { defaultLightTheme: string | null; disableRegistration: boolean; emailRequiredForSignup: boolean; + approvalRequiredForSignup: boolean; enableHcaptcha: boolean; hcaptchaSiteKey: string | null; enableMcaptcha: boolean; @@ -5166,6 +5185,7 @@ export type components = { features?: { registration: boolean; emailRequiredForSignup: boolean; + approvalRequiredForSignup: boolean; localTimeline: boolean; globalTimeline: boolean; hCaptcha: boolean; @@ -5258,6 +5278,7 @@ export type operations = { cacheRemoteFiles: boolean; cacheRemoteSensitiveFiles: boolean; emailRequiredForSignup: boolean; + approvalRequiredForSignup: boolean; enableHcaptcha: boolean; hcaptchaSiteKey: string | null; enableMcaptcha: boolean; @@ -9887,7 +9908,7 @@ export type operations = { * @default all * @enum {string} */ - state?: 'all' | 'alive' | 'available' | 'admin' | 'moderator' | 'adminOrModerator' | 'suspended'; + state?: 'all' | 'alive' | 'available' | 'admin' | 'moderator' | 'adminOrModerator' | 'suspended' | 'approved'; /** * @default combined * @enum {string} @@ -9994,6 +10015,110 @@ export type operations = { }; }; }; + /** + * admin/approve-user + * @description No description provided. + * + * **Credential required**: *Yes* / **Permission**: *write:admin:approve-user* + */ + 'admin___approve-user': { + requestBody: { + content: { + 'application/json': { + /** Format: misskey:id */ + userId: string; + }; + }; + }; + responses: { + /** @description OK (without any results) */ + 204: { + content: never; + }; + /** @description Client error */ + 400: { + content: { + 'application/json': components['schemas']['Error']; + }; + }; + /** @description Authentication error */ + 401: { + content: { + 'application/json': components['schemas']['Error']; + }; + }; + /** @description Forbidden error */ + 403: { + content: { + 'application/json': components['schemas']['Error']; + }; + }; + /** @description I'm Ai */ + 418: { + content: { + 'application/json': components['schemas']['Error']; + }; + }; + /** @description Internal server error */ + 500: { + content: { + 'application/json': components['schemas']['Error']; + }; + }; + }; + }; + /** + * admin/decline-user + * @description No description provided. + * + * **Credential required**: *Yes* / **Permission**: *write:admin:decline-user* + */ + 'admin___decline-user': { + requestBody: { + content: { + 'application/json': { + /** Format: misskey:id */ + userId: string; + }; + }; + }; + responses: { + /** @description OK (without any results) */ + 204: { + content: never; + }; + /** @description Client error */ + 400: { + content: { + 'application/json': components['schemas']['Error']; + }; + }; + /** @description Authentication error */ + 401: { + content: { + 'application/json': components['schemas']['Error']; + }; + }; + /** @description Forbidden error */ + 403: { + content: { + 'application/json': components['schemas']['Error']; + }; + }; + /** @description I'm Ai */ + 418: { + content: { + 'application/json': components['schemas']['Error']; + }; + }; + /** @description Internal server error */ + 500: { + content: { + 'application/json': components['schemas']['Error']; + }; + }; + }; + }; /** * admin/unsuspend-user * @description No description provided. @@ -10081,6 +10206,7 @@ export type operations = { cacheRemoteFiles?: boolean; cacheRemoteSensitiveFiles?: boolean; emailRequiredForSignup?: boolean; + approvalRequiredForSignup?: boolean; enableHcaptcha?: boolean; hcaptchaSiteKey?: string | null; hcaptchaSecretKey?: string | null; diff --git a/packages/misskey-js/src/consts.ts b/packages/misskey-js/src/consts.ts index d915224a9..2917affaf 100644 --- a/packages/misskey-js/src/consts.ts +++ b/packages/misskey-js/src/consts.ts @@ -62,6 +62,8 @@ export const permissions = [ 'read:admin:show-user', 'read:admin:show-users', 'write:admin:suspend-user', + 'write:admin:approve-user', + 'write:admin:decline-user', 'write:admin:unsuspend-user', 'write:admin:meta', 'write:admin:user-name', @@ -106,6 +108,8 @@ export const permissions = [ export const moderationLogTypes = [ 'updateServerSettings', 'suspend', + 'approve', + 'decline', 'unsuspend', 'updateUserName', 'updateUserNote', @@ -163,6 +167,11 @@ export type ModerationLogPayloads = { userUsername: string; userHost: string | null; }; + approve: { + userId: string; + userUsername: string; + userHost: string | null; + }; unsuspend: { userId: string; userUsername: string;