From 054e15e4f03eecb174374466581b9662a6b38e24 Mon Sep 17 00:00:00 2001
From: Fire Demon <firedemon@creature.cafe>
Date: Tue, 28 Jul 2020 20:40:25 -0500
Subject: [Privacy] Add options for private accounts

---
 app/controllers/accounts_controller.rb | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

(limited to 'app/controllers/accounts_controller.rb')

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 651da89ad..ebc472087 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -10,6 +10,8 @@ class AccountsController < ApplicationController
   before_action :set_cache_headers
   before_action :set_body_classes
 
+  before_action :require_authenticated!, if: -> { @account.require_auth? || @account.private? }
+
   skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format&.to_sym) }
   skip_before_action :require_functional! #, unless: :whitelist_mode?
 
@@ -20,10 +22,10 @@ class AccountsController < ApplicationController
         expires_in 0, public: true unless user_signed_in? || signed_request_account.present?
 
         @pinned_statuses   = []
-        @endorsed_accounts = @account.endorsed_accounts.to_a.sample(4)
-        @featured_hashtags = @account.featured_tags.order(statuses_count: :desc)
+        @endorsed_accounts = unauthorized? ? [] : @account.endorsed_accounts.to_a.sample(4)
+        @featured_hashtags = unauthorized? ? [] : @account.featured_tags.order(statuses_count: :desc)
 
-        if current_account && @account.blocking?(current_account)
+        if unauthorized?
           @statuses = []
           return
         end
@@ -40,7 +42,9 @@ class AccountsController < ApplicationController
       end
 
       format.rss do
-        expires_in 1.minute, public: !(user_signed_in? || signed_request_account.present?)
+        return forbidden if unauthorized?
+
+        expires_in 1.minute, public: !current_account?
 
         limit     = params[:limit].present? ? [params[:limit].to_i, PAGE_SIZE_MAX].min : PAGE_SIZE
         @statuses = filtered_statuses.without_reblogs.limit(limit)
@@ -49,7 +53,7 @@ class AccountsController < ApplicationController
       end
 
       format.json do
-        expires_in 3.minutes, public: !(authorized_fetch_mode? && signed_request_account.present?)
+        expires_in 3.minutes, public: !current_account?
         render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter, fields: restrict_fields_to
       end
     end
@@ -152,10 +156,18 @@ class AccountsController < ApplicationController
   end
 
   def restrict_fields_to
-    if signed_request_account.present? || public_fetch_mode?
+    if signed_request_account.present? && !blocked?
       # Return all fields
     else
       %i(id type preferred_username inbox public_key endpoints)
     end
   end
+
+  def blocked?
+    @blocked ||= current_account && @account.blocking?(current_account)
+  end
+
+  def unauthorized?
+    @unauthorized ||= blocked? || (@account.private? && !following?(@account))
+  end
 end
-- 
cgit