about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authorpuckipedia <puck@puckipedia.com>2018-02-02 10:19:59 +0100
committerEugen Rochko <eugen@zeonfederated.com>2018-02-02 10:19:59 +0100
commit8e4cf6282b8a3bcb100506b27ecaed3e88832681 (patch)
treec07fb21c861fe62d42435fcc0f145361c883e57d /app
parent04fef7b8886bb78f3473e143894a521ca578f1db (diff)
Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225)
Diffstat (limited to 'app')
-rw-r--r--app/controllers/activitypub/outboxes_controller.rb4
-rw-r--r--app/controllers/concerns/signature_authentication.rb11
-rw-r--r--app/controllers/statuses_controller.rb1
3 files changed, 15 insertions, 1 deletions
diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb
index 9f97ff622..a431e3557 100644
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
 class ActivityPub::OutboxesController < Api::BaseController
+  include SignatureVerification
+
   before_action :set_account
 
   def show
-    @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
+    @statuses = @account.statuses.permitted_for(@account, signed_request_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
     @statuses = cache_collection(@statuses, Status)
 
     render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
diff --git a/app/controllers/concerns/signature_authentication.rb b/app/controllers/concerns/signature_authentication.rb
new file mode 100644
index 000000000..beec93223
--- /dev/null
+++ b/app/controllers/concerns/signature_authentication.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module SignatureAuthentication
+  extend ActiveSupport::Concern
+
+  include SignatureVerification
+
+  def current_account
+    super || signed_request_account
+  end
+end
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
index 367ea34e7..45226c8d2 100644
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 class StatusesController < ApplicationController
+  include SignatureAuthentication
   include Authorization
 
   layout 'public'