alemi/upub
alemi/upub
1
0
Fork 1
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

fix: shared inbox MUST NOT contain private stuff

Browse source
This commit is contained in:
əlemi 2024-05-13 18:53:03 +02:00
parent d2f0ce0391
commit 401ef08af3
Signed by: alemi
GPG key ID: A4895B84D311642C
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/routes/activitypub/inbox.rs
View file

@ -1,5 +1,6 @@
use apb::{server::Inbox, Activity, ActivityType}; use apb::{server::Inbox, Activity, ActivityType};
use axum::{extract::{Query, State}, http::StatusCode, Json}; use axum::{extract::{Query, State}, http::StatusCode, Json};
use sea_orm::{sea_query::IntoCondition, ColumnTrait};
use crate::{errors::UpubError, server::{auth::{AuthIdentity, Identity}, Context}, url}; use crate::{errors::UpubError, server::{auth::{AuthIdentity, Identity}, Context}, url};
@ -19,7 +20,8 @@ pub async fn page(
) -> crate::Result<JsonLD<serde_json::Value>> { ) -> crate::Result<JsonLD<serde_json::Value>> {
crate::server::builders::paginate( crate::server::builders::paginate(
url!(ctx, "/inbox/page"), url!(ctx, "/inbox/page"),
auth.filter_condition(), crate::model::addressing::Column::Actor.eq(apb::target::PUBLIC)
.into_condition(),
ctx.db(), ctx.db(),
page, page,
auth.my_id(), auth.my_id(),