Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225)

8e4cf628 · puckipedia · Eugen Rochko · 04fef7b8 · 8e4cf628 · 8e4cf628
Commit 8e4cf628 authored 7 years ago by puckipedia Committed by Eugen Rochko 7 years ago
--- a/app/controllers/activitypub/outboxes_controller.rb
+++ b/app/controllers/activitypub/outboxes_controller.rb
 # frozen_string_literal: true

 class ActivityPub::OutboxesController < Api::BaseController
+  include SignatureVerification
+
  before_action :set_account

  def show
-    @statuses = @account.statuses.permitted_for(@account, current_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
+    @statuses = @account.statuses.permitted_for(@account, signed_request_account).paginate_by_max_id(20, params[:max_id], params[:since_id])
    @statuses = cache_collection(@statuses, Status)

    render json: outbox_presenter, serializer: ActivityPub::CollectionSerializer, adapter: ActivityPub::Adapter, content_type: 'application/activity+json'

--- a/app/controllers/concerns/signature_authentication.rb
+++ b/app/controllers/concerns/signature_authentication.rb
+# frozen_string_literal: true
+
+module SignatureAuthentication
+  extend ActiveSupport::Concern
+
+  include SignatureVerification
+
+  def current_account
+    super || signed_request_account
+  end
+end
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
 # frozen_string_literal: true

 class StatusesController < ApplicationController
+  include SignatureAuthentication
  include Authorization

  layout 'public'