commit: 8e4cf6282b8a3bcb100506b27ecaed3e88832681
parent: 04fef7b8886bb78f3473e143894a521ca578f1db
Author: puckipedia <puck@puckipedia.com>
Date: Fri, 2 Feb 2018 10:19:59 +0100
Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225)
Diffstat:
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/app/controllers/activitypub/outboxes_controller.rb b/app/controllers/activitypub/outboxes_controller.rb
@@ -1,10 +1,12 @@
# frozen_string_literal: true
class ActivityPub::OutboxesController < Api::BaseController
+ include SignatureVerification
+
before_action :set_account
def show
- @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
+ @statuses = @account.statuses.permitted_for(@account, signed_request_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
@statuses = cache_collection(@statuses, Status)
render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
diff --git a/app/controllers/concerns/signature_authentication.rb b/app/controllers/concerns/signature_authentication.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module SignatureAuthentication
+ extend ActiveSupport::Concern
+
+ include SignatureVerification
+
+ def current_account
+ super || signed_request_account
+ end
+end
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb
@@ -1,6 +1,7 @@
# frozen_string_literal: true
class StatusesController < ApplicationController
+ include SignatureAuthentication
include Authorization
layout 'public'
