From fbbf4ab62cf0cf3ec54cedb4848c4bcdecdf677b Mon Sep 17 00:00:00 2001
From: Fire Demon <firedemon@creature.cafe>
Date: Sun, 28 Jun 2020 18:08:33 -0500
Subject: [Privacy] Do not disclose private allow list domains to nodeinfo and
 instance endpoints

---
 app/serializers/nodeinfo/serializer.rb      | 2 +-
 app/serializers/rest/instance_serializer.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/serializers')

diff --git a/app/serializers/nodeinfo/serializer.rb b/app/serializers/nodeinfo/serializer.rb
index 071e1abd2..2bd2c772f 100644
--- a/app/serializers/nodeinfo/serializer.rb
+++ b/app/serializers/nodeinfo/serializer.rb
@@ -39,7 +39,7 @@ class NodeInfo::Serializer < ActiveModel::Serializer
 
   def metadata
     {
-      domain_allows: display_allows? ? DomainAllow.all.map { |a| a.slice(:domain) } : [],
+      domain_allows: display_allows? ? DomainAllow.where(hidden: false).map { |a| a.slice(:domain) } : [],
       domain_blocks: display_blocks? ? DomainBlock.all.map { |b| b.slice(:domain, :severity, :reject_media, :reject_reports, :public_comment) } : [],
     }
   end
diff --git a/app/serializers/rest/instance_serializer.rb b/app/serializers/rest/instance_serializer.rb
index 0a13ad9c2..f20d9ef2b 100644
--- a/app/serializers/rest/instance_serializer.rb
+++ b/app/serializers/rest/instance_serializer.rb
@@ -83,7 +83,7 @@ class REST::InstanceSerializer < ActiveModel::Serializer
 
   def federation
     {
-      domain_allows: display_allows? ? DomainAllow.all.map { |a| a.slice(:domain) } : [],
+      domain_allows: display_allows? ? DomainAllow.where(hidden: false).map { |a| a.slice(:domain) } : [],
       domain_blocks: display_blocks? ? DomainBlock.all.map { |b| b.slice(:domain, :severity, :reject_media, :reject_reports, :public_comment) } : [],
     }
   end
-- 
cgit