1
0
Fork 0
forked from alemi/upub

fix: oops didnt actually fix the comparison

This commit is contained in:
əlemi 2024-06-10 04:07:58 +02:00
parent 3781d38f95
commit ec910693d9
Signed by: alemi
GPG key ID: A4895B84D311642C

View file

@ -62,30 +62,28 @@ pub async fn page<const OUTGOING: bool>(
let limit = page.batch.unwrap_or(20).min(50); let limit = page.batch.unwrap_or(20).min(50);
let offset = page.offset.unwrap_or(0); let offset = page.offset.unwrap_or(0);
let mut filter = Condition::all() let (user, config) = model::actor::Entity::find_by_ap_id(&ctx.uid(&id))
.add(if OUTGOING { Follower } else { Following }.eq(ctx.uid(&id))); .find_also_related(model::config::Entity)
.one(ctx.db())
.await?
.ok_or_else(ApiError::not_found)?;
let hidden = { let hidden = match config {
// TODO i could avoid this query if ctx.uid(id) == Identity::Local { id } // assume all remote users have private followers
match model::actor::Entity::find_by_ap_id(&ctx.uid(&id)) // this because we get to see some of their "private" followers if they follow local users,
.find_also_related(model::config::Entity) // and there is no mechanism to broadcast privacy on/off, so we could be leaking followers. to
.one(ctx.db()) // mitigate this, just assume them all private: local users can only see themselves and remote
.await? // fetchers can only see relations from their instance (meaning likely zero because we only
.ok_or_else(ApiError::not_found)? // store relations for which at least one end is on local instance)
{ None => true,
// assume all remote users have private followers Some(config) => {
// this because we get to see some of their "private" followers if they follow local users, if OUTGOING { !config.show_followers } else { !config.show_following }
// and there is no mechanism to broadcast privacy on/off, so we could be leaking followers. to
// mitigate this, just assume them all private: local users can only see themselves and remote
// fetchers can only see relations from their instance (meaning likely zero because we only
// store relations for which at least one end is on local instance)
(_, None) => true,
(_, Some(config)) => {
if OUTGOING { !config.show_followers } else { !config.show_following }
},
} }
}; };
let mut filter = Condition::all()
.add(if OUTGOING { Follower } else { Following }.eq(user.internal));
if hidden { if hidden {
match auth { match auth {
Identity::Anonymous => return Err(ApiError::unauthorized()), Identity::Anonymous => return Err(ApiError::unauthorized()),