summary refs log tree commit diff
path: root/index.js
diff options
context:
space:
mode:
authorThe Fox in the Shell <KellerFuchs@hashbang.sh>2017-04-15 04:09:28 +0000
committerMykola Bilokonsky <mbilokonsky@gmail.com>2017-04-15 06:09:28 +0200
commitedc506770093fb5745ab7db3c17379f1b8d5596a (patch)
treed7a2da5f57d2fa7e39fa1d48c63228af0bb3209f /index.js
parentca9c013cdf700617199e1c97ac8ec9cb08486da4 (diff)
Avoid unrestricted access to the Mastodon DB (#5)
* Use a limited, read-only view of public toots

This is less scary than unrestricted access to the production database...

* README: Update install process

* README: Update SQL query

* README: Update paragraph on direct DB access
Diffstat (limited to 'index.js')
-rw-r--r--index.js10
1 files changed, 4 insertions, 6 deletions
diff --git a/index.js b/index.js
index 62f0ed9..8657372 100644
--- a/index.js
+++ b/index.js
@@ -2,20 +2,18 @@ var mastodon = require('mastodon');
 var pg = require('pg');
 
 var query = `SELECT id 
-FROM statuses 
+FROM public_toots
 WHERE favourites_count > (
   SELECT avg(favourites_count) 
-  FROM statuses 
+  FROM public_toots
   WHERE 
     favourites_count > 1
     AND created_at > NOW() - INTERVAL '30 days'
-    AND visibility = 0
 )
-AND created_at > NOW() - INTERVAL '5 days'
-AND visibility = 0;`
+AND created_at > NOW() - INTERVAL '5 days';`
 
 var config = {
-  user: process.env.DB_USER || 'mastodon',
+  user: process.env.DB_USER || 'ambassador',
   database: process.env.DB_NAME || 'mastodon_production',
   password: process.env.DB_PASSWORD || '',
   host: process.env.DB_HOST || '/var/run/postgresql',