From a5c28c83c7c933d93ca3cf6324301d72d1ca2482 Mon Sep 17 00:00:00 2001 From: alemi Date: Tue, 25 Jun 2024 04:38:08 +0200 Subject: [PATCH] fix: oops dont leak private posts on local tl this too should get filtered depending on auth --- upub/routes/src/activitypub/outbox.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/upub/routes/src/activitypub/outbox.rs b/upub/routes/src/activitypub/outbox.rs index 95dda804..2df92c6d 100644 --- a/upub/routes/src/activitypub/outbox.rs +++ b/upub/routes/src/activitypub/outbox.rs @@ -1,5 +1,5 @@ use axum::{extract::{Query, State}, http::StatusCode, Json}; -use sea_orm::{sea_query::IntoCondition, ColumnTrait}; +use sea_orm::{ColumnTrait, Condition}; use upub::Context; use crate::{activitypub::{CreationResult, Pagination}, AuthIdentity, builders::JsonLD}; @@ -15,7 +15,9 @@ pub async fn page( ) -> crate::ApiResult> { crate::builders::paginate_activities( upub::url!(ctx, "/outbox/page"), - upub::model::actor::Column::Domain.eq(ctx.domain().to_string()).into_condition(), + Condition::all() + .add(auth.filter_activities()) + .add(upub::model::actor::Column::Domain.eq(ctx.domain().to_string())), ctx.db(), page, auth.my_id(),