benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(privacy): enforce avatar/presence visibility and invite restrictions

Browse Source
This commit is contained in:
Alex
2026-03-08 13:32:20 +03:00
parent eb0852e64d
commit c214cc8fd8
5 changed files with 113 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
app/chats/service.py
View File

@@ -27,7 +27,25 @@ from app.messages.repository import (
list_chat_message_ids,
)
from app.realtime.presence import get_users_online_map
from app.users.repository import get_user_by_id, has_block_relation_between_users
from app.users.repository import get_user_by_id, has_block_relation_between_users, is_user_in_contacts
async def _can_view_last_seen(*, db: AsyncSession, target_user, viewer_user_id: int) -> bool:
if target_user.id == viewer_user_id:
return True
if target_user.privacy_last_seen == "everyone":
return True
if target_user.privacy_last_seen == "nobody":
return False
return await is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=viewer_user_id)
async def _can_invite_to_group(*, db: AsyncSession, target_user, actor_user_id: int) -> bool:
if target_user.id == actor_user_id:
return False
if target_user.privacy_group_invites == "everyone":
return True
return await is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=actor_user_id)
async def serialize_chat_for_user(
@@ -61,9 +79,12 @@ async def serialize_chat_for_user(
display_title = counterpart.name or counterpart.username
counterpart_name = counterpart.name
counterpart_username = counterpart.username
counterpart_last_seen_at = counterpart.last_seen_at
presence_allowed = await _can_view_last_seen(db=db, target_user=counterpart, viewer_user_id=user_id)
counterpart_last_seen_at = counterpart.last_seen_at if presence_allowed else None
presence = await get_users_online_map([counterpart_id])
counterpart_is_online = presence.get(counterpart_id, False)
if counterpart:
presence_allowed = await _can_view_last_seen(db=db, target_user=counterpart, viewer_user_id=user_id)
counterpart_is_online = presence.get(counterpart_id, False) if presence_allowed else None
else:
member_ids = await repository.list_chat_member_user_ids(db, chat_id=chat.id)
members_count = len(member_ids)
@@ -175,6 +196,13 @@ async def create_chat_for_user(db: AsyncSession, *, creator_id: int, payload: Ch
user = await get_user_by_id(db, member_id)
if not user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"User {member_id} not found")
if payload.type in {ChatType.GROUP, ChatType.CHANNEL}:
can_invite = await _can_invite_to_group(db=db, target_user=user, actor_user_id=creator_id)
if not can_invite:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=f"User {member_id} does not allow group invites from you",
)
chat = await repository.create_chat_with_meta(
db,
@@ -287,6 +315,8 @@ async def add_chat_member_for_user(
target_user = await get_user_by_id(db, target_user_id)
if not target_user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
if not await _can_invite_to_group(db=db, target_user=target_user, actor_user_id=actor_user_id):
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User does not allow group invites from you")
existing = await repository.get_chat_member(db, chat_id=chat_id, user_id=target_user_id)
if existing:
return existing

10
app/users/repository.py
View File

@@ -140,6 +140,16 @@ async def get_contact_relation(db: AsyncSession, *, user_id: int, contact_user_i
return result.scalar_one_or_none()
async def is_user_in_contacts(db: AsyncSession, *, owner_user_id: int, candidate_user_id: int) -> bool:
result = await db.execute(
select(UserContact.id).where(
UserContact.user_id == owner_user_id,
UserContact.contact_user_id == candidate_user_id,
).limit(1)
)
return result.scalar_one_or_none() is not None
async def list_contacts(db: AsyncSession, *, user_id: int) -> list[User]:
stmt = (
select(User)

14
app/users/router.py
View File

@@ -16,6 +16,8 @@ from app.users.service import (
has_block_relation_between_users,
remove_contact,
search_users_by_username,
serialize_user_for_viewer,
serialize_user_search_for_viewer,
unblock_user,
update_user_profile,
)
@@ -43,7 +45,7 @@ async def search_users(
limit=limit,
exclude_user_id=current_user.id,
)
return users
return [await serialize_user_search_for_viewer(db, target_user=user, viewer_user_id=current_user.id) for user in users]
@router.put("/profile", response_model=UserRead)
@@ -69,7 +71,7 @@ async def update_profile(
privacy_avatar=payload.privacy_avatar,
privacy_group_invites=payload.privacy_group_invites,
)
return updated
return await serialize_user_for_viewer(db, target_user=updated, viewer_user_id=current_user.id)
@router.get("/blocked", response_model=list[UserSearchRead])
@@ -77,7 +79,8 @@ async def read_blocked_users(
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_user),
) -> list[UserSearchRead]:
return await list_blocked_users(db, user_id=current_user.id)
users = await list_blocked_users(db, user_id=current_user.id)
return [await serialize_user_search_for_viewer(db, target_user=user, viewer_user_id=current_user.id) for user in users]
@router.get("/contacts", response_model=list[UserSearchRead])
@@ -85,7 +88,8 @@ async def read_contacts(
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_user),
) -> list[UserSearchRead]:
return await list_contacts(db, user_id=current_user.id)
users = await list_contacts(db, user_id=current_user.id)
return [await serialize_user_search_for_viewer(db, target_user=user, viewer_user_id=current_user.id) for user in users]
@router.post("/{user_id}/contacts", status_code=status.HTTP_204_NO_CONTENT)
@@ -163,4 +167,4 @@ async def read_user(user_id: int, db: AsyncSession = Depends(get_db), _current_u
user = await get_user_by_id(db, user_id)
if not user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
return user
return await serialize_user_for_viewer(db, target_user=user, viewer_user_id=_current_user.id)

49
app/users/service.py
View File

@@ -2,6 +2,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
from app.users import repository
from app.users.models import User
from app.users.schemas import UserRead, UserSearchRead
async def get_user_by_id(db: AsyncSession, user_id: int) -> User | None:
@@ -96,3 +97,51 @@ async def remove_contact(db: AsyncSession, *, user_id: int, contact_user_id: int
async def list_contacts(db: AsyncSession, *, user_id: int) -> list[User]:
return await repository.list_contacts(db, user_id=user_id)
async def can_view_user_avatar(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> bool:
if target_user.id == viewer_user_id:
return True
if target_user.privacy_avatar == "everyone":
return True
if target_user.privacy_avatar == "nobody":
return False
return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=viewer_user_id)
async def can_view_user_last_seen(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> bool:
if target_user.id == viewer_user_id:
return True
if target_user.privacy_last_seen == "everyone":
return True
if target_user.privacy_last_seen == "nobody":
return False
return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=viewer_user_id)
async def can_invite_user_to_groups(db: AsyncSession, *, target_user: User, actor_user_id: int) -> bool:
if target_user.id == actor_user_id:
return False
if target_user.privacy_group_invites == "everyone":
return True
return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=actor_user_id)
async def serialize_user_for_viewer(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> UserRead:
payload = UserRead.model_validate(target_user).model_dump()
if not await can_view_user_avatar(db, target_user=target_user, viewer_user_id=viewer_user_id):
payload["avatar_url"] = None
if target_user.id != viewer_user_id:
payload["allow_private_messages"] = True
payload["privacy_last_seen"] = "everyone"
payload["privacy_avatar"] = "everyone"
payload["privacy_group_invites"] = "everyone"
payload["twofa_enabled"] = False
return UserRead.model_validate(payload)
async def serialize_user_search_for_viewer(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> UserSearchRead:
payload = UserSearchRead.model_validate(target_user).model_dump()
if not await can_view_user_avatar(db, target_user=target_user, viewer_user_id=viewer_user_id):
payload["avatar_url"] = None
return UserSearchRead.model_validate(payload)

12
docs/api-reference.md
View File

@@ -755,6 +755,18 @@ Response: `200` + `ChatNotificationSettingsRead`
Note: mentions (`@username`) are delivered even when chat is muted.
## 3.7 Privacy enforcement notes
- User profile privacy is enforced server-side:
- `privacy_avatar` controls whether other users receive `avatar_url`.
- `privacy_last_seen` controls whether private-chat counterpart presence fields are visible:
- `counterpart_is_online`
- `counterpart_last_seen_at`
- For `contacts` mode, visibility is granted only when the viewer is in target user's contacts.
- Group/channel invite restrictions are enforced by `privacy_group_invites`:
- Users with `contacts` can be added only by users present in their contacts list.
- Applies to group/channel creation with initial members and admin add-member action.
### POST `/api/v1/chats/{chat_id}/archive`
Auth required.