diff --git a/src/config.rs b/src/config.rs index 076015db..5ca8ecb0 100644 --- a/src/config.rs +++ b/src/config.rs @@ -64,6 +64,9 @@ pub struct DatasourceConfig { pub struct SecurityConfig { #[serde(default)] pub allow_registration: bool, + + #[serde(default)] + pub allow_public_debugger: bool, } diff --git a/src/routes/activitypub/application.rs b/src/routes/activitypub/application.rs index d5242602..d4660500 100644 --- a/src/routes/activitypub/application.rs +++ b/src/routes/activitypub/application.rs @@ -50,7 +50,7 @@ pub async fn debug( AuthIdentity(auth): AuthIdentity, ) -> crate::Result> { // only local users can request debug fetches - if !matches!(auth, Identity::Local(_)) { + if !ctx.cfg().security.allow_public_debugger && !matches!(auth, Identity::Local(_)) { return Err(UpubError::unauthorized()); } Ok(Json(