about summary refs log tree commit diff
path: root/app/controllers/accounts_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/accounts_controller.rb')
-rw-r--r--app/controllers/accounts_controller.rb37
1 files changed, 15 insertions, 22 deletions
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index ead63d2ee..352f84ea7 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -7,6 +7,7 @@ class AccountsController < ApplicationController
   include AccountControllerConcern
   include SignatureAuthentication
 
+  before_action :require_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
   before_action :set_cache_headers
   before_action :set_body_classes
 
@@ -56,7 +57,7 @@ class AccountsController < ApplicationController
 
       format.json do
         expires_in 3.minutes, public: !current_account?
-        render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter, fields: restrict_fields_to
+        render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter
       end
     end
   end
@@ -161,15 +162,6 @@ class AccountsController < ApplicationController
     request.path.split('.').first.ends_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
   end
 
-  def cached_filtered_status_page
-    cache_collection_paginated_by_id(
-      filtered_statuses,
-      Status,
-      PAGE_SIZE,
-      params_slice(:max_id, :min_id, :since_id)
-    )
-  end
-
   def reblogs_requested?
     request.path.split('.').first.ends_with?('/reblogs') && !tag_requested?
   end
@@ -178,18 +170,6 @@ class AccountsController < ApplicationController
     request.path.split('.').first.ends_with?('/mentions') && !tag_requested?
   end
 
-  def params_slice(*keys)
-    params.slice(*keys).permit(*keys)
-  end
-
-  def restrict_fields_to
-    if current_account&.id == @account.id || (signed_request_account.present? && !blocked?)
-      # Return all fields
-    else
-      %i(id type preferred_username inbox public_key endpoints)
-    end
-  end
-
   def blocked?
     @blocked ||= current_account && @account.blocking?(current_account)
   end
@@ -201,4 +181,17 @@ class AccountsController < ApplicationController
   def rss_disabled?
     @account.user&.setting_rss_disabled
   end
+
+  def cached_filtered_status_page
+    cache_collection_paginated_by_id(
+      filtered_statuses,
+      Status,
+      PAGE_SIZE,
+      params_slice(:max_id, :min_id, :since_id)
+    )
+  end
+
+  def params_slice(*keys)
+    params.slice(*keys).permit(*keys)
+  end
 end
generated by cgit-pink (git 2.37.1) at 2024-09-30 10:06:15 +0000