fa3f78e4bf
While OAuth tokens were immediately revoked, accessing the home controller immediately generated new OAuth tokens and "revived" the session due to a combination of using remember_me tokens and overwriting the `authenticate_user!` method
57 lines
1.4 KiB
Ruby
57 lines
1.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class HomeController < ApplicationController
|
|
before_action :redirect_unauthenticated_to_permalinks!
|
|
before_action :authenticate_user!
|
|
before_action :set_referrer_policy_header
|
|
|
|
def index
|
|
@body_classes = 'app-body'
|
|
end
|
|
|
|
private
|
|
|
|
def redirect_unauthenticated_to_permalinks!
|
|
return if user_signed_in?
|
|
|
|
matches = request.path.match(/\A\/web\/(statuses|accounts)\/([\d]+)\z/)
|
|
|
|
if matches
|
|
case matches[1]
|
|
when 'statuses'
|
|
status = Status.find_by(id: matches[2])
|
|
|
|
if status&.distributable?
|
|
redirect_to(ActivityPub::TagManager.instance.url_for(status))
|
|
return
|
|
end
|
|
when 'accounts'
|
|
account = Account.find_by(id: matches[2])
|
|
|
|
if account
|
|
redirect_to(ActivityPub::TagManager.instance.url_for(account))
|
|
return
|
|
end
|
|
end
|
|
end
|
|
|
|
matches = request.path.match(%r{\A/web/timelines/tag/(?<tag>.+)\z})
|
|
|
|
redirect_to(matches ? tag_path(CGI.unescape(matches[:tag])) : default_redirect_path)
|
|
end
|
|
|
|
def default_redirect_path
|
|
if request.path.start_with?('/web') || whitelist_mode?
|
|
new_user_session_path
|
|
elsif single_user_mode?
|
|
short_account_path(Account.local.without_suspended.where('id > 0').first)
|
|
else
|
|
about_path
|
|
end
|
|
end
|
|
|
|
def set_referrer_policy_header
|
|
response.headers['Referrer-Policy'] = 'origin'
|
|
end
|
|
end
|