From 401ef08af34e765a9abe0a6e58f92dd898628a27 Mon Sep 17 00:00:00 2001 From: alemi Date: Mon, 13 May 2024 18:53:03 +0200 Subject: [PATCH] fix: shared inbox MUST NOT contain private stuff --- src/routes/activitypub/inbox.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/routes/activitypub/inbox.rs b/src/routes/activitypub/inbox.rs index ac5cabd8..1aec2344 100644 --- a/src/routes/activitypub/inbox.rs +++ b/src/routes/activitypub/inbox.rs @@ -1,5 +1,6 @@ use apb::{server::Inbox, Activity, ActivityType}; use axum::{extract::{Query, State}, http::StatusCode, Json}; +use sea_orm::{sea_query::IntoCondition, ColumnTrait}; use crate::{errors::UpubError, server::{auth::{AuthIdentity, Identity}, Context}, url}; @@ -19,7 +20,8 @@ pub async fn page( ) -> crate::Result> { crate::server::builders::paginate( url!(ctx, "/inbox/page"), - auth.filter_condition(), + crate::model::addressing::Column::Actor.eq(apb::target::PUBLIC) + .into_condition(), ctx.db(), page, auth.my_id(),