diff options
author | puckipedia <puck@puckipedia.com> | 2018-02-02 10:19:59 +0100 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2018-02-02 10:19:59 +0100 |
commit | 8e4cf6282b8a3bcb100506b27ecaed3e88832681 (patch) | |
tree | c07fb21c861fe62d42435fcc0f145361c883e57d /app | |
parent | 04fef7b8886bb78f3473e143894a521ca578f1db (diff) |
Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225)
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/activitypub/outboxes_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/concerns/signature_authentication.rb | 11 | ||||
-rw-r--r-- | app/controllers/statuses_controller.rb | 1 |
3 files changed, 15 insertions, 1 deletions
diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb index 9f97ff622..a431e3557 100644 --- a/app/controllers/activitypub/outboxes_controller.rb +++ b/app/controllers/activitypub/outboxes_controller.rb @@ -1,10 +1,12 @@ # frozen_string_literal: true class ActivityPub::OutboxesController < Api::BaseController + include SignatureVerification + before_action :set_account def show - @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id]) + @statuses = @account.statuses.permitted_for(@account, signed_request_account).paginate_by_max_id(20, params[:max_id], params[:since_id]) @statuses = cache_collection(@statuses, Status) render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json' diff --git a/app/controllers/concerns/signature_authentication.rb b/app/controllers/concerns/signature_authentication.rb new file mode 100644 index 000000000..beec93223 --- /dev/null +++ b/app/controllers/concerns/signature_authentication.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +module SignatureAuthentication + extend ActiveSupport::Concern + + include SignatureVerification + + def current_account + super || signed_request_account + end +end diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 367ea34e7..45226c8d2 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class StatusesController < ApplicationController + include SignatureAuthentication include Authorization layout 'public' |