diff options
Diffstat (limited to 'app/controllers/activitypub')
4 files changed, 38 insertions, 8 deletions
diff --git a/app/controllers/activitypub/claims_controller.rb b/app/controllers/activitypub/claims_controller.rb index 08ad952df..5009a9f05 100644 --- a/app/controllers/activitypub/claims_controller.rb +++ b/app/controllers/activitypub/claims_controller.rb @@ -4,7 +4,7 @@ class ActivityPub::ClaimsController < ActivityPub::BaseController include SignatureVerification include AccountOwnedConcern - skip_before_action :authenticate_user! + #skip_before_action :authenticate_user! before_action :require_signature! before_action :set_claim_result diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb index 0a561e7f0..3e67f3909 100644 --- a/app/controllers/activitypub/inboxes_controller.rb +++ b/app/controllers/activitypub/inboxes_controller.rb @@ -7,7 +7,7 @@ class ActivityPub::InboxesController < ActivityPub::BaseController before_action :skip_unknown_actor_delete before_action :require_signature! - skip_before_action :authenticate_user! + #skip_before_action :authenticate_user! def create upgrade_account diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb index e066860bf..51945656f 100644 --- a/app/controllers/activitypub/outboxes_controller.rb +++ b/app/controllers/activitypub/outboxes_controller.rb @@ -10,9 +10,12 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController before_action :set_statuses before_action :set_cache_headers + before_action :require_authenticated!, if: -> { @account.require_auth? } + before_action -> { require_following!(@account) }, if: -> { @account.private? } + def show - expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(signed_request_account.present? && page_requested?)) - render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json' + expires_in(page_requested? ? 0 : 3.minutes, public: public_fetch_mode? && !(current_account.present? && page_requested?)) + render json: outbox_presenter, serializer: ActivityPub::OutboxSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', target_domain: current_account&.domain end private @@ -31,7 +34,6 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController ActivityPub::CollectionPresenter.new( id: account_outbox_url(@account), type: :ordered, - size: @account.statuses_count, first: outbox_url(page: true), last: outbox_url(page: true, min_id: 0) ) @@ -54,12 +56,39 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController account_outbox_url(@account, page: true, min_id: @statuses.first.id) unless @statuses.empty? end + def permitted_account_statuses + @account.statuses.permitted_for( + @account, + current_account, + include_replies: true, + include_reblogs: true, + public: !(owner? || follower?), + include_semiprivate: owner? || mutual_follower?, + exclude_local_only: true + ) + end + + def owner? + return @owner if defined?(@owner) + + @owner = @account.id == current_account&.id + @owner ||= @account.moved_to_account_id == current_account&.id if @account.moved_to_account_id.present? + @owner + end + + def follower? + @following ||= current_account&.following?(@account) + end + + def mutual_follower? + follower? && @account.following?(current_account) + end + def set_statuses return unless page_requested? - @statuses = @account.statuses.permitted_for(@account, signed_request_account) @statuses = cache_collection_paginated_by_id( - @statuses, + permitted_account_statuses, Status, LIMIT, params_slice(:max_id, :min_id, :since_id) diff --git a/app/controllers/activitypub/replies_controller.rb b/app/controllers/activitypub/replies_controller.rb index 43bf4e657..4d553fc07 100644 --- a/app/controllers/activitypub/replies_controller.rb +++ b/app/controllers/activitypub/replies_controller.rb @@ -14,7 +14,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController def index expires_in 0, public: public_fetch_mode? - render json: replies_collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', skip_activities: true + render json: replies_collection_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json', skip_activities: true, target_domain: current_account&.domain end private @@ -33,6 +33,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController def set_replies @replies = only_other_accounts? ? Status.where.not(account_id: @account.id) : @account.statuses @replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted]) + @replies = @replies.without_semiprivate unless authenticated_or_following?(@account) @replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id]) end |