add privacy option to limit lifespan of public access to post & object urls beyond local followers, default to 90 days

9 files changed, 33 insertions, 10 deletions

diff --git a/app/controllers/settings/preferences_controller.rb b/app/controllers/settings/preferences_controller.rb
index 2e364bbc8..8573624f2 100644
--- a/app/controllers/settings/preferences_controller.rb
+++ b/app/controllers/settings/preferences_controller.rb
@@ -83,6 +83,7 @@ class Settings::PreferencesController < Settings::BaseController
       :setting_hide_public_profile,
       :setting_hide_public_outbox,
       :setting_max_public_history,
+      :setting_max_public_access,
       :setting_roar_lifespan,
       :setting_delayed_roars,
       :setting_delayed_for,
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 7219f6761..2edd19064 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -186,8 +186,6 @@ class StatusesController < ApplicationController
 
     if @status.sharekey.present? && @sharekey == @status.sharekey.key
       skip_authorization
-    elsif @account.block_anon && !user_signed_in?
-      raise ActiveRecord::RecordNotFound
     else
       authorize @status, :show?
     end
diff --git a/app/lib/user_settings_decorator.rb b/app/lib/user_settings_decorator.rb
index 6445e8a91..5f800adc6 100644
--- a/app/lib/user_settings_decorator.rb
+++ b/app/lib/user_settings_decorator.rb
@@ -40,6 +40,7 @@ class UserSettingsDecorator
     user.settings['hide_public_outbox']  = hide_public_outbox_preference if change?('setting_hide_public_outbox')
     user.settings['larger_emoji']        = larger_emoji_preference if change?('setting_larger_emoji')
     user.settings['max_public_history']  = max_public_history_preference if change?('setting_max_public_history')
+    user.settings['max_public_access']   = max_public_access_preference if change?('setting_max_public_access')
     user.settings['roar_lifespan']       = roar_lifespan_preference if change?('setting_roar_lifespan')
     user.settings['delayed_roars']       = delayed_roars_preference if change?('setting_delayed_roars')
     user.settings['delayed_for']         = delayed_for_preference if change?('setting_delayed_for')
@@ -151,6 +152,10 @@ class UserSettingsDecorator
     settings['setting_max_public_history']
   end
 
+  def max_public_access_preference
+    settings['setting_max_public_access']
+  end
+
   def roar_lifespan_preference
     settings['setting_roar_lifespan']
   end
diff --git a/app/models/account.rb b/app/models/account.rb
index e43db63bd..59685a13b 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -133,6 +133,7 @@ class Account < ApplicationRecord
            :defaults_to_local_only?,
            :always_local_only?,
            :max_public_history,
+           :max_public_access,
            :roar_lifespan,
            :delayed_roars?,
 
diff --git a/app/models/user.rb b/app/models/user.rb
index 635025965..6c18898e9 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -146,6 +146,7 @@ class User < ApplicationRecord
     :hide_public_profile,
     :hide_public_outbox,
     :max_public_history,
+    :max_public_access,
     :roar_lifespan,
     :delayed_roars,
     :delayed_for,
@@ -331,6 +332,10 @@ class User < ApplicationRecord
     @_max_public_history ||= [1, (settings.max_public_history || 6).to_i].max
   end
 
+  def max_public_access
+    @_max_public_access ||= [1, (settings.max_public_access || 90).to_i].max
+  end
+
   def roar_lifespan
     @_roar_lifespan ||= [0, (settings.roar_lifespan || 0).to_i].max
   end
diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index 0961ec3e2..f23d089d4 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -13,13 +13,12 @@ class StatusPolicy < ApplicationPolicy
 
   def show?
     return false if local_only? && (current_account.nil? || !current_account.local?)
+    return true if owned? || mention_exists?
 
-    if direct?
-      owned? || mention_exists?
-    elsif private?
-      owned? || following_author? || mention_exists?
+    if private?
+      following_author? && still_accessible?
     else
-      current_account.nil? || !author_blocking?
+      author_allows_anon? && still_accessible? && !author_blocking? && (author_not_invisible? || following_author?)
     end
   end
 
@@ -90,4 +89,16 @@ class StatusPolicy < ApplicationPolicy
   def local_only?
     record.local_only?
   end
+
+  def still_accessible?
+    record.created_at > record.account.user.max_public_access.to_i.days.ago
+  end
+
+  def author_allows_anon?
+    (!current_account.nil? && user_signed_in?) || !record.account.block_anon
+  end
+
+  def author_not_invisible?
+    !record.account.hidden?
+  end
 end
diff --git a/app/views/settings/preferences/show.html.haml b/app/views/settings/preferences/show.html.haml
index babc57470..cf9529ac3 100644
--- a/app/views/settings/preferences/show.html.haml
+++ b/app/views/settings/preferences/show.html.haml
@@ -18,6 +18,7 @@
 
   .fields-group
     = f.input :setting_max_public_history, collection: [1, 3, 6, 7, 14, 30, 60, 90, 180, 365, 730, 1095, 2190], wrapper: :with_label, include_blank: false, label_method: lambda { |item| safe_join([t("simple_form.labels.lifespan.#{item}")]) }, selected: current_user.max_public_history
+    = f.input :setting_max_public_access, collection: [1, 3, 6, 7, 14, 30, 60, 90, 180, 365, 730, 1095, 2190], wrapper: :with_label, include_blank: false, label_method: lambda { |item| safe_join([t("simple_form.labels.lifespan.#{item}")]) }, selected: current_user.max_public_access
     = f.input :setting_roar_lifespan, collection: [0, 1, 3, 6, 7, 14, 30, 60, 90, 180, 365, 730, 1095, 2190], wrapper: :with_label, include_blank: false, label_method: lambda { |item| safe_join([t("simple_form.labels.lifespan.#{item}")]) }, selected: current_user.roar_lifespan
 
   .fields-group
diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml
index eadf0e516..aee7ca276 100644
--- a/config/locales/simple_form.en.yml
+++ b/config/locales/simple_form.en.yml
@@ -176,6 +176,7 @@ en:
         setting_hide_public_profile: Hide your public profile from anonymous viewers
         setting_hide_public_outbox: Hide your public ActivityPub outbox (affects discoverability)
         setting_max_public_history: Limit history of roars on public profile to
+        setting_max_public_access: Limit public access to roar URLs without a sharekey to
         setting_noindex: Opt-out of search engine indexing
         setting_reduce_motion: Reduce motion in animations
         setting_show_application: Disclose application used to send roars
diff --git a/streaming/index.js b/streaming/index.js
index 015546658..cedf3bd2e 100644
--- a/streaming/index.js
+++ b/streaming/index.js
@@ -403,15 +403,15 @@ const startWorker = (workerId) => {
         return;
       }
 
-      if (req.hideBoosts && (unpackedPayload.in_reply_to !== undefined || unpackedPayload.in_reply_to !== null)) {
+      if (req.hideBoosts && unpackedPayload.in_reply_to) {
         return;
       }
 
-      if (req.mediaOnly && (!unpackedPayload.media_attachments || unpackedPayload.media_attachments.length === 0)) {
+      if (req.mediaOnly && !unpackedPayload.media_attachments) {
         return;
       }
 
-      if (req.filterUndescribed && unpackedPayload.media_attachments && unpackedPayload.media_attachments.every(m => !m.description || m.description.length === 0)) {
+      if (req.filterUndescribed && Array.isArray(unpackedPayload.media_attachments) && unpackedPayload.media_attachments.every(m => !m.description)) {
         return;
       }