Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225)

remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
puckipedia 2018-02-02 10:19:59 +01:00 committed by Eugen Rochko
parent 04fef7b888
commit 8e4cf6282b
3 changed files with 15 additions and 1 deletions

View File

@ -1,10 +1,12 @@
# frozen_string_literal: true # frozen_string_literal: true
class ActivityPub::OutboxesController < Api::BaseController class ActivityPub::OutboxesController < Api::BaseController
include SignatureVerification
before_action :set_account before_action :set_account
def show def show
@statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id]) @statuses = @account.statuses.permitted_for(@account, signed_request_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
@statuses = cache_collection(@statuses, Status) @statuses = cache_collection(@statuses, Status)
render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json' render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'

View File

@ -0,0 +1,11 @@
# frozen_string_literal: true
module SignatureAuthentication
extend ActiveSupport::Concern
include SignatureVerification
def current_account
super || signed_request_account
end
end

View File

@ -1,6 +1,7 @@
# frozen_string_literal: true # frozen_string_literal: true
class StatusesController < ApplicationController class StatusesController < ApplicationController
include SignatureAuthentication
include Authorization include Authorization
layout 'public' layout 'public'