From 87136f77d726a650c4f02feafe4283aa78eaf27a Mon Sep 17 00:00:00 2001
From: multiple creatures <dev@multiple-creature.party>
Date: Sat, 17 Aug 2019 03:24:58 -0500
Subject: privacy - require authentication on all timeline endpoints to make
 life difficult for fediverse archivers

---
 app/controllers/api/v1/timelines/public_controller.rb | 1 +
 streaming/index.js                                    | 7 -------
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/app/controllers/api/v1/timelines/public_controller.rb b/app/controllers/api/v1/timelines/public_controller.rb
index aabe24324..9c3f6c0a8 100644
--- a/app/controllers/api/v1/timelines/public_controller.rb
+++ b/app/controllers/api/v1/timelines/public_controller.rb
@@ -13,6 +13,7 @@ class Api::V1::Timelines::PublicController < Api::BaseController
   private
 
   def load_statuses
+    return [] unless user_signed_in?
     cached_public_statuses
   end
 
diff --git a/streaming/index.js b/streaming/index.js
index eccf5219f..ff375a894 100644
--- a/streaming/index.js
+++ b/streaming/index.js
@@ -250,10 +250,6 @@ const startWorker = (workerId) => {
   };
 
   const PUBLIC_STREAMS = [
-    'public',
-    'public:media',
-    'public:local',
-    'public:local:media',
     'hashtag',
     'hashtag:local',
   ];
@@ -273,10 +269,7 @@ const startWorker = (workerId) => {
   };
 
   const PUBLIC_ENDPOINTS = [
-    '/api/v1/streaming/public',
-    '/api/v1/streaming/public/local',
     '/api/v1/streaming/hashtag',
-    '/api/v1/streaming/hashtag/local',
   ];
 
   const authenticationMiddleware = (req, res, next) => {
-- 
cgit