indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Don't show likes to unauthorized viewers

master
Bob Mottram 2019-07-12 12:20:59 +01:00
parent 0d96aaacb7
commit 29a4af00dd
3 changed files with 27 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
daemon.py
View File

@ -227,8 +227,13 @@ class PubServer(BaseHTTPRequestHandler):
postJson={} postJson={}
with open(postFilename, 'r') as fp: with open(postFilename, 'r') as fp:
postJson=commentjson.load(fp) postJson=commentjson.load(fp)
self._set_headers('application/json') # Only authorized viewers get to see likes on posts
self.wfile.write(json.dumps(postJson).encode('utf-8')) # Otherwize marketers could gain more social graph info
if not self._isAuthorized():
if postJson.get('likes'):
postJson['likes']={}
self._set_headers('application/json')
self.wfile.write(json.dumps(postJson).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
else: else:
@ -254,8 +259,13 @@ class PubServer(BaseHTTPRequestHandler):
postJson={} postJson={}
with open(postFilename, 'r') as fp: with open(postFilename, 'r') as fp:
postJson=commentjson.load(fp) postJson=commentjson.load(fp)
self._set_headers('application/json') # Only authorized viewers get to see likes on posts
self.wfile.write(json.dumps(postJson).encode('utf-8')) # Otherwize marketers could gain more social graph info
if not self._isAuthorized():
if postJson.get('likes'):
postJson['likes']={}
self._set_headers('application/json')
self.wfile.write(json.dumps(postJson).encode('utf-8'))
self.server.GETbusy=False self.server.GETbusy=False
return return
else: else:
@ -292,7 +302,8 @@ class PubServer(BaseHTTPRequestHandler):
outboxFeed=personBoxJson(self.server.baseDir,self.server.domain, \ outboxFeed=personBoxJson(self.server.baseDir,self.server.domain, \
self.server.port,self.path, \ self.server.port,self.path, \
self.server.httpPrefix, \ self.server.httpPrefix, \
maxPostsInFeed, 'outbox') maxPostsInFeed, 'outbox', \
self._isAuthorized())
if outboxFeed: if outboxFeed:
self._set_headers('application/json') self._set_headers('application/json')
self.wfile.write(json.dumps(outboxFeed).encode('utf-8')) self.wfile.write(json.dumps(outboxFeed).encode('utf-8'))

5
person.py
View File

@ -185,7 +185,8 @@ def personLookup(domain: str,path: str,baseDir: str) -> {}:
return personJson return personJson
def personBoxJson(baseDir: str,domain: str,port: int,path: str, \ def personBoxJson(baseDir: str,domain: str,port: int,path: str, \
httpPrefix: str,noOfItems: int,boxname: str) -> []: httpPrefix: str,noOfItems: int,boxname: str, \
authorized: bool) -> []:
"""Obtain the inbox/outbox feed for the given person """Obtain the inbox/outbox feed for the given person
""" """
if boxname!='inbox' and boxname!='outbox': if boxname!='inbox' and boxname!='outbox':
@ -226,7 +227,7 @@ def personBoxJson(baseDir: str,domain: str,port: int,path: str, \
return createInbox(baseDir,nickname,domain,port,httpPrefix, \ return createInbox(baseDir,nickname,domain,port,httpPrefix, \
noOfItems,headerOnly,pageNumber) noOfItems,headerOnly,pageNumber)
return createOutbox(baseDir,nickname,domain,port,httpPrefix, \ return createOutbox(baseDir,nickname,domain,port,httpPrefix, \
noOfItems,headerOnly,pageNumber) noOfItems,headerOnly,authorized,pageNumber)
def personInboxJson(baseDir: str,domain: str,port: int,path: str, \ def personInboxJson(baseDir: str,domain: str,port: int,path: str, \
httpPrefix: str,noOfItems: int) -> []: httpPrefix: str,noOfItems: int) -> []:

12
posts.py
View File

@ -760,15 +760,15 @@ def sendToFollowers(session,baseDir: str,
def createInbox(baseDir: str,nickname: str,domain: str,port: int,httpPrefix: str, \ def createInbox(baseDir: str,nickname: str,domain: str,port: int,httpPrefix: str, \
itemsPerPage: int,headerOnly: bool,pageNumber=None) -> {}: itemsPerPage: int,headerOnly: bool,pageNumber=None) -> {}:
return createBoxBase(baseDir,'inbox',nickname,domain,port,httpPrefix, \ return createBoxBase(baseDir,'inbox',nickname,domain,port,httpPrefix, \
itemsPerPage,headerOnly,pageNumber) itemsPerPage,headerOnly,True,pageNumber)
def createOutbox(baseDir: str,nickname: str,domain: str,port: int,httpPrefix: str, \ def createOutbox(baseDir: str,nickname: str,domain: str,port: int,httpPrefix: str, \
itemsPerPage: int,headerOnly: bool,pageNumber=None) -> {}: itemsPerPage: int,headerOnly: bool,authorized: bool,pageNumber=None) -> {}:
return createBoxBase(baseDir,'outbox',nickname,domain,port,httpPrefix, \ return createBoxBase(baseDir,'outbox',nickname,domain,port,httpPrefix, \
itemsPerPage,headerOnly,pageNumber) itemsPerPage,headerOnly,authorized,pageNumber)
def createBoxBase(baseDir: str,boxname: str, \ def createBoxBase(baseDir: str,boxname: str, \
nickname: str,domain: str,port: int,httpPrefix: str, \ nickname: str,domain: str,port: int,httpPrefix: str, \
itemsPerPage: int,headerOnly: bool,pageNumber=None) -> {}: itemsPerPage: int,headerOnly: bool,authorized :bool,pageNumber=None) -> {}:
"""Constructs the box feed """Constructs the box feed
""" """
if boxname!='inbox' and boxname!='outbox': if boxname!='inbox' and boxname!='outbox':
@ -849,6 +849,10 @@ def createBoxBase(baseDir: str,boxname: str, \
# get the post as json # get the post as json
with open(filePath, 'r') as fp: with open(filePath, 'r') as fp:
p=commentjson.load(fp) p=commentjson.load(fp)
# Don't show likes to unauthorized viewers
if not authorized:
if p.get('likes'):
p['likes']={}
# insert it into the box feed # insert it into the box feed
if postsOnPageCtr < itemsPerPage: if postsOnPageCtr < itemsPerPage:
if not headerOnly: if not headerOnly: