about summary refs log tree commit diff
path: root/app/controllers/accounts_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/accounts_controller.rb')
-rw-r--r--app/controllers/accounts_controller.rb23
1 files changed, 17 insertions, 6 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 245263607..3937e9e8a 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -4,8 +4,10 @@ class AccountsController < ApplicationController
   PAGE_SIZE = 20
 
   include AccountControllerConcern
+  include SignatureAuthentication
 
   before_action :set_cache_headers
+  before_action :set_body_classes
 
   def show
     respond_to do |format|
@@ -17,9 +19,8 @@ class AccountsController < ApplicationController
             not_found unless current_account && current_account.following?(@account)
           end
         end
-        mark_cacheable! unless user_signed_in?
+        expires_in 0, public: true unless user_signed_in?
 
-        @body_classes      = 'with-modals'
         @pinned_statuses   = []
         @endorsed_accounts = @account.endorsed_accounts.to_a.sample(4)
 
@@ -40,10 +41,8 @@ class AccountsController < ApplicationController
       end
 
       format.json do
-        # TODO: Remember to add authorized_fetch_mode, restrict_fields_to when ported
-#        expires_in 3.minutes, public: !(signed_request_account.present?)
-        expires_in 3.minutes, public: true
-        render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter
+        expires_in 3.minutes, public: !(authorized_fetch_mode? && signed_request_account.present?)
+        render json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter, fields: restrict_fields_to
       end
     end
   end
@@ -58,6 +57,10 @@ class AccountsController < ApplicationController
     end
   end
 
+  def set_body_classes
+    @body_classes = 'with-modals'
+  end
+
   def show_pinned_statuses?
     [reblogs_requested?, replies_requested?, media_requested?, tag_requested?, params[:max_id].present?, params[:min_id].present?].none?
   end
@@ -148,4 +151,12 @@ class AccountsController < ApplicationController
       filtered_statuses.paginate_by_max_id(PAGE_SIZE, params[:max_id], params[:since_id]).to_a
     end
   end
+
+  def restrict_fields_to
+    if signed_request_account.present? || public_fetch_mode?
+      # Return all fields
+    else
+      %i(id type preferred_username inbox public_key endpoints)
+    end
+  end
 end
generated by cgit-pink (git 2.37.1) at 2024-07-06 07:30:33 +0000