From 8524ace23f1ebec07fd4d51171e121b1f1e75007 Mon Sep 17 00:00:00 2001 From: default Date: Sun, 8 Oct 2023 00:06:37 +0200 Subject: [PATCH] Hide posts from the public web for accounts with 'private' == true. --- html.c | 31 +++++++++++++++++++++++++++++++ httpd.c | 3 +++ mastoapi.c | 19 +++++++++++++++++++ 3 files changed, 53 insertions(+) diff --git a/html.c b/html.c index 175a214..c5e76fc 100644 --- a/html.c +++ b/html.c @@ -1567,6 +1567,25 @@ xs_str *html_timeline(snac *user, const xs_list *list, int local, int skip, int if (!valid_status(status)) continue; + /* if it's an instance page, discard private users */ + if (user == NULL) { + const char *atto = xs_dict_get(msg, "attributedTo"); + xs *l = xs_split(atto, "/"); + const char *uid = xs_list_get(l, -1); + snac user; + int skip = 1; + + if (uid && user_open(&user, uid)) { + if (xs_type(xs_dict_get(user.config, "private")) != XSTYPE_TRUE) + skip = 0; + + user_free(&user); + } + + if (skip) + continue; + } + s = html_entry(user, s, msg, local, 0, v, user ? 0 : 1); } @@ -1940,6 +1959,9 @@ int html_get_handler(const xs_dict *req, const char *q_path, show = atoi(v), cache = 0, save = 0; if (p_path == NULL) { /** public timeline **/ + if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE) + return 403; + xs *h = xs_str_localtime(0, "%Y-%m.html"); if (cache && history_mtime(&snac, h) > timeline_mtime(&snac)) { @@ -2022,6 +2044,9 @@ int html_get_handler(const xs_dict *req, const char *q_path, } else if (xs_startswith(p_path, "p/")) { /** a timeline with just one entry **/ + if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE) + return 403; + xs *id = xs_fmt("%s/%s", snac.actor, p_path); xs *msg = NULL; @@ -2054,6 +2079,9 @@ int html_get_handler(const xs_dict *req, const char *q_path, } else if (xs_startswith(p_path, "h/")) { /** an entry from the history **/ + if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE) + return 403; + xs *l = xs_split(p_path, "/"); char *id = xs_list_get(l, 1); @@ -2070,6 +2098,9 @@ int html_get_handler(const xs_dict *req, const char *q_path, } else if (strcmp(p_path, ".rss") == 0) { /** public timeline in RSS format **/ + if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE) + return 403; + xs_str *rss; xs *elems = timeline_simple_list(&snac, "public", 0, 20); xs *bio = not_really_markdown(xs_dict_get(snac.config, "bio"), NULL); diff --git a/httpd.c b/httpd.c index e2cfbb0..20d87bd 100644 --- a/httpd.c +++ b/httpd.c @@ -284,6 +284,9 @@ void httpd_connection(FILE *f) status = 404; } + if (status == 403) + body = xs_str_new("

403 Forbidden

"); + if (status == 404) body = xs_str_new("

404 Not Found

"); diff --git a/mastoapi.c b/mastoapi.c index 40ad12b..273807b 100644 --- a/mastoapi.c +++ b/mastoapi.c @@ -1377,6 +1377,25 @@ int mastoapi_get_handler(const xs_dict *req, const char *q_path, if (strcmp(type, "Note") != 0 && strcmp(type, "Question") != 0) continue; + /* discard private users */ + { + const char *atto = xs_dict_get(msg, "attributedTo"); + xs *l = xs_split(atto, "/"); + const char *uid = xs_list_get(l, -1); + snac p_user; + int skip = 1; + + if (uid && user_open(&p_user, uid)) { + if (xs_type(xs_dict_get(p_user.config, "private")) != XSTYPE_TRUE) + skip = 0; + + user_free(&p_user); + } + + if (skip) + continue; + } + /* convert the Note into a Mastodon status */ xs *st = mastoapi_status(user, msg);