forked from alemi/upub
fix: include audience in outbox
this allows lemmy groups to work in current upub frontend without changes, and it kind of makes sense as group broadcast everything they do. however just doing it like this is unsafe: anyone could send me stuff with audience "my_id" and have it be on my outbox, broadcasted by me
This commit is contained in:
parent
1605557329
commit
32929f0909
4 changed files with 5 additions and 4 deletions
|
@ -3,7 +3,7 @@ use sea_orm::{Condition, ColumnTrait};
|
||||||
|
|
||||||
use upub::Context;
|
use upub::Context;
|
||||||
|
|
||||||
use crate::{activitypub::Pagination, builders::JsonLD, AuthIdentity, Identity};
|
use crate::{activitypub::Pagination, builders::JsonLD, AuthIdentity};
|
||||||
|
|
||||||
pub async fn get(
|
pub async fn get(
|
||||||
State(ctx): State<Context>,
|
State(ctx): State<Context>,
|
||||||
|
|
|
@ -2,7 +2,7 @@ pub mod inbox;
|
||||||
pub mod outbox;
|
pub mod outbox;
|
||||||
pub mod following;
|
pub mod following;
|
||||||
pub mod notifications;
|
pub mod notifications;
|
||||||
pub mod audience;
|
// pub mod audience;
|
||||||
|
|
||||||
use axum::extract::{Path, Query, State};
|
use axum::extract::{Path, Query, State};
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,7 @@ pub async fn page(
|
||||||
Condition::any()
|
Condition::any()
|
||||||
.add(model::activity::Column::Actor.eq(&uid))
|
.add(model::activity::Column::Actor.eq(&uid))
|
||||||
.add(model::object::Column::AttributedTo.eq(&uid))
|
.add(model::object::Column::AttributedTo.eq(&uid))
|
||||||
|
.add(model::object::Column::Audience.eq(&uid))
|
||||||
);
|
);
|
||||||
if !auth.is(&uid) {
|
if !auth.is(&uid) {
|
||||||
filter = filter.add(auth.filter());
|
filter = filter.add(auth.filter());
|
||||||
|
|
|
@ -55,8 +55,8 @@ impl ActivityPubRouter for Router<upub::Context> {
|
||||||
.route("/actors/:id/followers/page", get(ap::actor::following::page::<false>))
|
.route("/actors/:id/followers/page", get(ap::actor::following::page::<false>))
|
||||||
.route("/actors/:id/following", get(ap::actor::following::get::<true>))
|
.route("/actors/:id/following", get(ap::actor::following::get::<true>))
|
||||||
.route("/actors/:id/following/page", get(ap::actor::following::page::<true>))
|
.route("/actors/:id/following/page", get(ap::actor::following::page::<true>))
|
||||||
.route("/actors/:id/audience", get(ap::actor::audience::get))
|
// .route("/actors/:id/audience", get(ap::actor::audience::get))
|
||||||
.route("/actors/:id/audience/page", get(ap::actor::audience::page))
|
// .route("/actors/:id/audience/page", get(ap::actor::audience::page))
|
||||||
// activities
|
// activities
|
||||||
.route("/activities/:id", get(ap::activity::view))
|
.route("/activities/:id", get(ap::activity::view))
|
||||||
// specific object routes
|
// specific object routes
|
||||||
|
|
Loading…
Reference in a new issue