Add ActivityPub secure mode (#11269)

* Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method
author: Eugen Rochko <eugen@zeonfederated.com> 2019-07-11 20:11:09 +0200
committer: GitHub <noreply@github.com> 2019-07-11 20:11:09 +0200
commit: 5bf67ca91350e40e6f329271d3ca2bdcba87ab64 (patch)
tree: e6a124c0c3913900a6d55c163b0ef308bfae64c7 /app/controllers/tags_controller.rb
parent: 4e1260feaa09bfa7305887e34cb129b37bee6c52 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb
index 2ecce0ca2..d08e5a61a 100644
--- a/app/controllers/tags_controller.rb
+++ b/app/controllers/tags_controller.rb
@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
 class TagsController < ApplicationController
+  include SignatureVerification
+
   PAGE_SIZE = 20
 
   layout 'public'
 
+  before_action :require_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
   before_action :set_tag
   before_action :set_body_classes
   before_action :set_instance_presenter
@@ -30,7 +33,7 @@ class TagsController < ApplicationController
       end
 
       format.json do
-        expires_in 3.minutes, public: true
+        expires_in 3.minutes, public: public_fetch_mode?
 
         @statuses = HashtagQueryService.new.call(@tag, params.slice(:any, :all, :none), current_account, params[:local]).paginate_by_max_id(PAGE_SIZE, params[:max_id])
         @statuses = cache_collection(@statuses, Status)
author	Eugen Rochko <eugen@zeonfederated.com>	2019-07-11 20:11:09 +0200
committer	GitHub <noreply@github.com>	2019-07-11 20:11:09 +0200
commit	5bf67ca91350e40e6f329271d3ca2bdcba87ab64 (patch)
tree	e6a124c0c3913900a6d55c163b0ef308bfae64c7 /app/controllers/tags_controller.rb
parent	4e1260feaa09bfa7305887e34cb129b37bee6c52 (diff)