diff options
| author | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2017-04-15 04:09:28 +0000 |
|---|---|---|
| committer | Mykola Bilokonsky <mbilokonsky@gmail.com> | 2017-04-15 06:09:28 +0200 |
| commit | edc506770093fb5745ab7db3c17379f1b8d5596a (patch) | |
| tree | d7a2da5f57d2fa7e39fa1d48c63228af0bb3209f /index.js | |
| parent | ca9c013cdf700617199e1c97ac8ec9cb08486da4 (diff) | |
Avoid unrestricted access to the Mastodon DB (#5)
* Use a limited, read-only view of public toots This is less scary than unrestricted access to the production database... * README: Update install process * README: Update SQL query * README: Update paragraph on direct DB access
Diffstat (limited to 'index.js')
| -rw-r--r-- | index.js | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/index.js b/index.js index 62f0ed9..8657372 100644 --- a/index.js +++ b/index.js @@ -2,20 +2,18 @@ var mastodon = require('mastodon'); var pg = require('pg'); var query = `SELECT id -FROM statuses +FROM public_toots WHERE favourites_count > ( SELECT avg(favourites_count) - FROM statuses + FROM public_toots WHERE favourites_count > 1 AND created_at > NOW() - INTERVAL '30 days' - AND visibility = 0 ) -AND created_at > NOW() - INTERVAL '5 days' -AND visibility = 0;` +AND created_at > NOW() - INTERVAL '5 days';` var config = { - user: process.env.DB_USER || 'mastodon', + user: process.env.DB_USER || 'ambassador', database: process.env.DB_NAME || 'mastodon_production', password: process.env.DB_PASSWORD || '', host: process.env.DB_HOST || '/var/run/postgresql', |