diff --git a/app/chats/service.py b/app/chats/service.py index 4d5bb49..6519cef 100644 --- a/app/chats/service.py +++ b/app/chats/service.py @@ -27,7 +27,25 @@ from app.messages.repository import ( list_chat_message_ids, ) from app.realtime.presence import get_users_online_map -from app.users.repository import get_user_by_id, has_block_relation_between_users +from app.users.repository import get_user_by_id, has_block_relation_between_users, is_user_in_contacts + + +async def _can_view_last_seen(*, db: AsyncSession, target_user, viewer_user_id: int) -> bool: + if target_user.id == viewer_user_id: + return True + if target_user.privacy_last_seen == "everyone": + return True + if target_user.privacy_last_seen == "nobody": + return False + return await is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=viewer_user_id) + + +async def _can_invite_to_group(*, db: AsyncSession, target_user, actor_user_id: int) -> bool: + if target_user.id == actor_user_id: + return False + if target_user.privacy_group_invites == "everyone": + return True + return await is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=actor_user_id) async def serialize_chat_for_user( @@ -61,9 +79,12 @@ async def serialize_chat_for_user( display_title = counterpart.name or counterpart.username counterpart_name = counterpart.name counterpart_username = counterpart.username - counterpart_last_seen_at = counterpart.last_seen_at + presence_allowed = await _can_view_last_seen(db=db, target_user=counterpart, viewer_user_id=user_id) + counterpart_last_seen_at = counterpart.last_seen_at if presence_allowed else None presence = await get_users_online_map([counterpart_id]) - counterpart_is_online = presence.get(counterpart_id, False) + if counterpart: + presence_allowed = await _can_view_last_seen(db=db, target_user=counterpart, viewer_user_id=user_id) + counterpart_is_online = presence.get(counterpart_id, False) if presence_allowed else None else: member_ids = await repository.list_chat_member_user_ids(db, chat_id=chat.id) members_count = len(member_ids) @@ -175,6 +196,13 @@ async def create_chat_for_user(db: AsyncSession, *, creator_id: int, payload: Ch user = await get_user_by_id(db, member_id) if not user: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"User {member_id} not found") + if payload.type in {ChatType.GROUP, ChatType.CHANNEL}: + can_invite = await _can_invite_to_group(db=db, target_user=user, actor_user_id=creator_id) + if not can_invite: + raise HTTPException( + status_code=status.HTTP_403_FORBIDDEN, + detail=f"User {member_id} does not allow group invites from you", + ) chat = await repository.create_chat_with_meta( db, @@ -287,6 +315,8 @@ async def add_chat_member_for_user( target_user = await get_user_by_id(db, target_user_id) if not target_user: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found") + if not await _can_invite_to_group(db=db, target_user=target_user, actor_user_id=actor_user_id): + raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User does not allow group invites from you") existing = await repository.get_chat_member(db, chat_id=chat_id, user_id=target_user_id) if existing: return existing diff --git a/app/users/repository.py b/app/users/repository.py index ee9c076..be0e255 100644 --- a/app/users/repository.py +++ b/app/users/repository.py @@ -140,6 +140,16 @@ async def get_contact_relation(db: AsyncSession, *, user_id: int, contact_user_i return result.scalar_one_or_none() +async def is_user_in_contacts(db: AsyncSession, *, owner_user_id: int, candidate_user_id: int) -> bool: + result = await db.execute( + select(UserContact.id).where( + UserContact.user_id == owner_user_id, + UserContact.contact_user_id == candidate_user_id, + ).limit(1) + ) + return result.scalar_one_or_none() is not None + + async def list_contacts(db: AsyncSession, *, user_id: int) -> list[User]: stmt = ( select(User) diff --git a/app/users/router.py b/app/users/router.py index 7dcfb37..f7bd6a3 100644 --- a/app/users/router.py +++ b/app/users/router.py @@ -16,6 +16,8 @@ from app.users.service import ( has_block_relation_between_users, remove_contact, search_users_by_username, + serialize_user_for_viewer, + serialize_user_search_for_viewer, unblock_user, update_user_profile, ) @@ -43,7 +45,7 @@ async def search_users( limit=limit, exclude_user_id=current_user.id, ) - return users + return [await serialize_user_search_for_viewer(db, target_user=user, viewer_user_id=current_user.id) for user in users] @router.put("/profile", response_model=UserRead) @@ -69,7 +71,7 @@ async def update_profile( privacy_avatar=payload.privacy_avatar, privacy_group_invites=payload.privacy_group_invites, ) - return updated + return await serialize_user_for_viewer(db, target_user=updated, viewer_user_id=current_user.id) @router.get("/blocked", response_model=list[UserSearchRead]) @@ -77,7 +79,8 @@ async def read_blocked_users( db: AsyncSession = Depends(get_db), current_user: User = Depends(get_current_user), ) -> list[UserSearchRead]: - return await list_blocked_users(db, user_id=current_user.id) + users = await list_blocked_users(db, user_id=current_user.id) + return [await serialize_user_search_for_viewer(db, target_user=user, viewer_user_id=current_user.id) for user in users] @router.get("/contacts", response_model=list[UserSearchRead]) @@ -85,7 +88,8 @@ async def read_contacts( db: AsyncSession = Depends(get_db), current_user: User = Depends(get_current_user), ) -> list[UserSearchRead]: - return await list_contacts(db, user_id=current_user.id) + users = await list_contacts(db, user_id=current_user.id) + return [await serialize_user_search_for_viewer(db, target_user=user, viewer_user_id=current_user.id) for user in users] @router.post("/{user_id}/contacts", status_code=status.HTTP_204_NO_CONTENT) @@ -163,4 +167,4 @@ async def read_user(user_id: int, db: AsyncSession = Depends(get_db), _current_u user = await get_user_by_id(db, user_id) if not user: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found") - return user + return await serialize_user_for_viewer(db, target_user=user, viewer_user_id=_current_user.id) diff --git a/app/users/service.py b/app/users/service.py index aacce1a..3bd7520 100644 --- a/app/users/service.py +++ b/app/users/service.py @@ -2,6 +2,7 @@ from sqlalchemy.ext.asyncio import AsyncSession from app.users import repository from app.users.models import User +from app.users.schemas import UserRead, UserSearchRead async def get_user_by_id(db: AsyncSession, user_id: int) -> User | None: @@ -96,3 +97,51 @@ async def remove_contact(db: AsyncSession, *, user_id: int, contact_user_id: int async def list_contacts(db: AsyncSession, *, user_id: int) -> list[User]: return await repository.list_contacts(db, user_id=user_id) + + +async def can_view_user_avatar(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> bool: + if target_user.id == viewer_user_id: + return True + if target_user.privacy_avatar == "everyone": + return True + if target_user.privacy_avatar == "nobody": + return False + return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=viewer_user_id) + + +async def can_view_user_last_seen(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> bool: + if target_user.id == viewer_user_id: + return True + if target_user.privacy_last_seen == "everyone": + return True + if target_user.privacy_last_seen == "nobody": + return False + return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=viewer_user_id) + + +async def can_invite_user_to_groups(db: AsyncSession, *, target_user: User, actor_user_id: int) -> bool: + if target_user.id == actor_user_id: + return False + if target_user.privacy_group_invites == "everyone": + return True + return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=actor_user_id) + + +async def serialize_user_for_viewer(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> UserRead: + payload = UserRead.model_validate(target_user).model_dump() + if not await can_view_user_avatar(db, target_user=target_user, viewer_user_id=viewer_user_id): + payload["avatar_url"] = None + if target_user.id != viewer_user_id: + payload["allow_private_messages"] = True + payload["privacy_last_seen"] = "everyone" + payload["privacy_avatar"] = "everyone" + payload["privacy_group_invites"] = "everyone" + payload["twofa_enabled"] = False + return UserRead.model_validate(payload) + + +async def serialize_user_search_for_viewer(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> UserSearchRead: + payload = UserSearchRead.model_validate(target_user).model_dump() + if not await can_view_user_avatar(db, target_user=target_user, viewer_user_id=viewer_user_id): + payload["avatar_url"] = None + return UserSearchRead.model_validate(payload) diff --git a/docs/api-reference.md b/docs/api-reference.md index 101244c..7b6ef5a 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -755,6 +755,18 @@ Response: `200` + `ChatNotificationSettingsRead` Note: mentions (`@username`) are delivered even when chat is muted. +## 3.7 Privacy enforcement notes + +- User profile privacy is enforced server-side: + - `privacy_avatar` controls whether other users receive `avatar_url`. + - `privacy_last_seen` controls whether private-chat counterpart presence fields are visible: + - `counterpart_is_online` + - `counterpart_last_seen_at` +- For `contacts` mode, visibility is granted only when the viewer is in target user's contacts. +- Group/channel invite restrictions are enforced by `privacy_group_invites`: + - Users with `contacts` can be added only by users present in their contacts list. + - Applies to group/channel creation with initial members and admin add-member action. + ### POST `/api/v1/chats/{chat_id}/archive` Auth required.