forked from fedi/mastodon
Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225)
This commit is contained in:
parent
04fef7b888
commit
8e4cf6282b
|
@ -1,10 +1,12 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class ActivityPub::OutboxesController < Api::BaseController
|
||||
include SignatureVerification
|
||||
|
||||
before_action :set_account
|
||||
|
||||
def show
|
||||
@statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
|
||||
@statuses = @account.statuses.permitted_for(@account, signed_request_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
|
||||
@statuses = cache_collection(@statuses, Status)
|
||||
|
||||
render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'
|
||||
|
|
11
app/controllers/concerns/signature_authentication.rb
Normal file
11
app/controllers/concerns/signature_authentication.rb
Normal file
|
@ -0,0 +1,11 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module SignatureAuthentication
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
include SignatureVerification
|
||||
|
||||
def current_account
|
||||
super || signed_request_account
|
||||
end
|
||||
end
|
|
@ -1,6 +1,7 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class StatusesController < ApplicationController
|
||||
include SignatureAuthentication
|
||||
include Authorization
|
||||
|
||||
layout 'public'
|
||||
|
|
Loading…
Reference in a new issue