zaaarf/upub
1
0
Fork 0
forked from alemi/upub
Code Pull requests Activity

fix: oops dont leak private posts on local tl

Browse source 
this too should get filtered depending on auth
This commit is contained in:
əlemi 2024-06-25 04:38:08 +02:00
parent 9fce61ea78
commit a5c28c83c7
Signed by: alemi
GPG key ID: A4895B84D311642C
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
upub/routes/src/activitypub/outbox.rs
View file

@ -1,5 +1,5 @@
use axum::{extract::{Query, State}, http::StatusCode, Json}; use axum::{extract::{Query, State}, http::StatusCode, Json};
use sea_orm::{sea_query::IntoCondition, ColumnTrait}; use sea_orm::{ColumnTrait, Condition};
use upub::Context; use upub::Context;
use crate::{activitypub::{CreationResult, Pagination}, AuthIdentity, builders::JsonLD}; use crate::{activitypub::{CreationResult, Pagination}, AuthIdentity, builders::JsonLD};
@ -15,7 +15,9 @@ pub async fn page(
) -> crate::ApiResult<JsonLD<serde_json::Value>> { ) -> crate::ApiResult<JsonLD<serde_json::Value>> {
crate::builders::paginate_activities( crate::builders::paginate_activities(
upub::url!(ctx, "/outbox/page"), upub::url!(ctx, "/outbox/page"),
upub::model::actor::Column::Domain.eq(ctx.domain().to_string()).into_condition(), Condition::all()
.add(auth.filter_activities())
.add(upub::model::actor::Column::Domain.eq(ctx.domain().to_string())),
ctx.db(), ctx.db(),
page, page,
auth.my_id(), auth.my_id(),