aecdaf5a8c
* Do not serve account actors at all in limited federation mode When an account is fetched without a signature from an allowed instance, return an error. This isn't really an improvement in security, as the only information that was previously returned was required protocol-level info, and the only personal bit was the existence of the account. The existence of the account can still be checked by issuing a webfinger query, as those are accepted without signatures. However, this change makes it so that unallowed instances won't create account records on their end when they find a reference to an unknown account. The previous behavior of rendering a limited list of fields, instead of not rendering the actor at all, was in order to prevent situations in which two instances in Authorized Fetch mode or Limited Federation mode would fail to reach each other because resolving an account would require a signed query… from an account which can only be fetched with a signed query itself. However, this should now be fine as fetching accounts is done by signing on behalf of the special instance actor, which does not require any kind of valid signature to be fetched. * Fix tests
153 lines
4.3 KiB
Ruby
153 lines
4.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class AccountsController < ApplicationController
|
|
PAGE_SIZE = 20
|
|
PAGE_SIZE_MAX = 200
|
|
|
|
include AccountControllerConcern
|
|
include SignatureAuthentication
|
|
|
|
before_action :require_signature!, if: -> { request.format == :json && authorized_fetch_mode? }
|
|
before_action :set_cache_headers
|
|
before_action :set_body_classes
|
|
|
|
skip_around_action :set_locale, if: -> { [:json, :rss].include?(request.format&.to_sym) }
|
|
skip_before_action :require_functional!, unless: :whitelist_mode?
|
|
|
|
def show
|
|
respond_to do |format|
|
|
format.html do
|
|
expires_in 0, public: true unless user_signed_in?
|
|
|
|
@pinned_statuses = []
|
|
@endorsed_accounts = @account.endorsed_accounts.to_a.sample(4)
|
|
@featured_hashtags = @account.featured_tags.order(statuses_count: :desc)
|
|
|
|
if current_account && @account.blocking?(current_account)
|
|
@statuses = []
|
|
return
|
|
end
|
|
|
|
@pinned_statuses = cache_collection(@account.pinned_statuses, Status) if show_pinned_statuses?
|
|
@statuses = filtered_status_page
|
|
@statuses = cache_collection(@statuses, Status)
|
|
@rss_url = rss_url
|
|
|
|
unless @statuses.empty?
|
|
@older_url = older_url if @statuses.last.id > filtered_statuses.last.id
|
|
@newer_url = newer_url if @statuses.first.id < filtered_statuses.first.id
|
|
end
|
|
end
|
|
|
|
format.rss do
|
|
expires_in 1.minute, public: true
|
|
|
|
limit = params[:limit].present? ? [params[:limit].to_i, PAGE_SIZE_MAX].min : PAGE_SIZE
|
|
@statuses = filtered_statuses.without_reblogs.limit(limit)
|
|
@statuses = cache_collection(@statuses, Status)
|
|
render xml: RSS::AccountSerializer.render(@account, @statuses, params[:tag])
|
|
end
|
|
|
|
format.json do
|
|
expires_in 3.minutes, public: !(authorized_fetch_mode? && signed_request_account.present?)
|
|
render_with_cache json: @account, content_type: 'application/activity+json', serializer: ActivityPub::ActorSerializer, adapter: ActivityPub::Adapter
|
|
end
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def set_body_classes
|
|
@body_classes = 'with-modals'
|
|
end
|
|
|
|
def show_pinned_statuses?
|
|
[replies_requested?, media_requested?, tag_requested?, params[:max_id].present?, params[:min_id].present?].none?
|
|
end
|
|
|
|
def filtered_statuses
|
|
default_statuses.tap do |statuses|
|
|
statuses.merge!(hashtag_scope) if tag_requested?
|
|
statuses.merge!(only_media_scope) if media_requested?
|
|
statuses.merge!(no_replies_scope) unless replies_requested?
|
|
end
|
|
end
|
|
|
|
def default_statuses
|
|
@account.statuses.where(visibility: [:public, :unlisted])
|
|
end
|
|
|
|
def only_media_scope
|
|
Status.where(id: account_media_status_ids)
|
|
end
|
|
|
|
def account_media_status_ids
|
|
@account.media_attachments.attached.reorder(nil).select(:status_id).distinct
|
|
end
|
|
|
|
def no_replies_scope
|
|
Status.without_replies
|
|
end
|
|
|
|
def hashtag_scope
|
|
tag = Tag.find_normalized(params[:tag])
|
|
|
|
if tag
|
|
Status.tagged_with(tag.id)
|
|
else
|
|
Status.none
|
|
end
|
|
end
|
|
|
|
def username_param
|
|
params[:username]
|
|
end
|
|
|
|
def rss_url
|
|
if tag_requested?
|
|
short_account_tag_url(@account, params[:tag], format: 'rss')
|
|
else
|
|
short_account_url(@account, format: 'rss')
|
|
end
|
|
end
|
|
|
|
def older_url
|
|
pagination_url(max_id: @statuses.last.id)
|
|
end
|
|
|
|
def newer_url
|
|
pagination_url(min_id: @statuses.first.id)
|
|
end
|
|
|
|
def pagination_url(max_id: nil, min_id: nil)
|
|
if tag_requested?
|
|
short_account_tag_url(@account, params[:tag], max_id: max_id, min_id: min_id)
|
|
elsif media_requested?
|
|
short_account_media_url(@account, max_id: max_id, min_id: min_id)
|
|
elsif replies_requested?
|
|
short_account_with_replies_url(@account, max_id: max_id, min_id: min_id)
|
|
else
|
|
short_account_url(@account, max_id: max_id, min_id: min_id)
|
|
end
|
|
end
|
|
|
|
def media_requested?
|
|
request.path.split('.').first.ends_with?('/media') && !tag_requested?
|
|
end
|
|
|
|
def replies_requested?
|
|
request.path.split('.').first.ends_with?('/with_replies') && !tag_requested?
|
|
end
|
|
|
|
def tag_requested?
|
|
request.path.split('.').first.ends_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
|
|
end
|
|
|
|
def filtered_status_page
|
|
filtered_statuses.paginate_by_id(PAGE_SIZE, params_slice(:max_id, :min_id, :since_id))
|
|
end
|
|
|
|
def params_slice(*keys)
|
|
params.slice(*keys).permit(*keys)
|
|
end
|
|
end
|