commit: a85ed6defbd2cec71d9a5594ef1de18d5333c7c7
parent: 44ced17634a9c89b9ff4a47c64805356f7f6401c
Author: Mark Felder <feld@FreeBSD.org>
Date: Mon, 31 Aug 2020 15:58:21 -0500
Do not serve RSS/Atom feeds when instance is private
Diffstat:
5 files changed, 59 insertions(+), 10 deletions(-)
diff --git a/lib/pleroma/web/feed/tag_controller.ex b/lib/pleroma/web/feed/tag_controller.ex
@@ -9,7 +9,15 @@ defmodule Pleroma.Web.Feed.TagController do
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.Feed.FeedView
- def feed(conn, %{"tag" => raw_tag} = params) do
+ def feed(conn, params) do
+ if Pleroma.Config.get!([:instance, :public]) do
+ render_feed(conn, params)
+ else
+ render_error(conn, :not_found, "Not found")
+ end
+ end
+
+ def render_feed(conn, %{"tag" => raw_tag} = params) do
{format, tag} = parse_tag(raw_tag)
activities =
diff --git a/lib/pleroma/web/feed/user_controller.ex b/lib/pleroma/web/feed/user_controller.ex
@@ -37,7 +37,15 @@ defmodule Pleroma.Web.Feed.UserController do
end
end
- def feed(conn, %{"nickname" => nickname} = params) do
+ def feed(conn, params) do
+ if Pleroma.Config.get!([:instance, :public]) do
+ render_feed(conn, params)
+ else
+ errors(conn, {:error, :not_found})
+ end
+ end
+
+ def render_feed(conn, %{"nickname" => nickname} = params) do
format = get_format(conn)
format =
diff --git a/lib/pleroma/web/metadata/feed.ex b/lib/pleroma/web/metadata/feed.ex
@@ -11,13 +11,17 @@ defmodule Pleroma.Web.Metadata.Providers.Feed do
@impl Provider
def build_tags(%{user: user}) do
- [
- {:link,
- [
- rel: "alternate",
- type: "application/atom+xml",
- href: Helpers.user_feed_path(Endpoint, :feed, user.nickname) <> ".atom"
- ], []}
- ]
+ if Pleroma.Config.get!([:instance, :public]) do
+ [
+ {:link,
+ [
+ rel: "alternate",
+ type: "application/atom+xml",
+ href: Helpers.user_feed_path(Endpoint, :feed, user.nickname) <> ".atom"
+ ], []}
+ ]
+ else
+ []
+ end
end
end
diff --git a/test/web/feed/tag_controller_test.exs b/test/web/feed/tag_controller_test.exs
@@ -181,4 +181,17 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
'yeah #PleromaArt'
]
end
+
+ describe "private instance" do
+ setup do: clear_config([:instance, :public])
+
+ test "returns 404 for tags feed", %{conn: conn} do
+ Config.put([:instance, :public], false)
+
+ conn
+ |> put_req_header("accept", "application/rss+xml")
+ |> get(tag_feed_path(conn, :feed, "pleromaart"))
+ |> response(404)
+ end
+ end
end
diff --git a/test/web/feed/user_controller_test.exs b/test/web/feed/user_controller_test.exs
@@ -246,4 +246,20 @@ defmodule Pleroma.Web.Feed.UserControllerTest do
assert response == ~S({"error":"Not found"})
end
end
+
+ describe "private instance" do
+ setup do: clear_config([:instance, :public])
+
+ test "returns 404 for user feed", %{conn: conn} do
+ Config.put([:instance, :public], false)
+ user = insert(:user)
+
+ {:ok, _} = CommonAPI.post(user, %{status: "test"})
+
+ assert conn
+ |> put_req_header("accept", "application/atom+xml")
+ |> get(user_feed_path(conn, :feed, user.nickname))
+ |> response(404)
+ end
+ end
end