mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-26 23:41:52 +00:00
1618b68bfa
* Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
59 lines
1.7 KiB
Ruby
59 lines
1.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class StreamEntriesController < ApplicationController
|
|
include Authorization
|
|
include SignatureVerification
|
|
|
|
layout 'public'
|
|
|
|
before_action :set_account
|
|
before_action :set_stream_entry
|
|
before_action :set_link_headers
|
|
before_action :check_account_suspension
|
|
|
|
def show
|
|
respond_to do |format|
|
|
format.html do
|
|
@ancestors = @stream_entry.activity.reply? ? cache_collection(@stream_entry.activity.ancestors(current_account), Status) : []
|
|
@descendants = cache_collection(@stream_entry.activity.descendants(current_account), Status)
|
|
end
|
|
|
|
format.atom do
|
|
render xml: AtomSerializer.render(AtomSerializer.new.entry(@stream_entry, true))
|
|
end
|
|
end
|
|
end
|
|
|
|
def embed
|
|
response.headers['X-Frame-Options'] = 'ALLOWALL'
|
|
return gone if @stream_entry.activity.nil?
|
|
|
|
render layout: 'embedded'
|
|
end
|
|
|
|
private
|
|
|
|
def set_account
|
|
@account = Account.find_local!(params[:account_username])
|
|
end
|
|
|
|
def set_link_headers
|
|
response.headers['Link'] = LinkHeader.new([[account_stream_entry_url(@account, @stream_entry, format: 'atom'), [%w(rel alternate), %w(type application/atom+xml)]]])
|
|
end
|
|
|
|
def set_stream_entry
|
|
@stream_entry = @account.stream_entries.where(activity_type: 'Status').find(params[:id])
|
|
@type = @stream_entry.activity_type.downcase
|
|
|
|
raise ActiveRecord::RecordNotFound if @stream_entry.activity.nil?
|
|
authorize @stream_entry.activity, :show? if @stream_entry.hidden?
|
|
rescue Mastodon::NotPermittedError
|
|
# Reraise in order to get a 404
|
|
raise ActiveRecord::RecordNotFound
|
|
end
|
|
|
|
def check_account_suspension
|
|
gone if @account.suspended?
|
|
end
|
|
end
|