Don't show likes to unauthorized viewers

master
Bob Mottram 2019-07-12 12:20:59 +01:00
parent 0d96aaacb7
commit 29a4af00dd
3 changed files with 27 additions and 11 deletions

View File

@ -227,6 +227,11 @@ class PubServer(BaseHTTPRequestHandler):
postJson={}
with open(postFilename, 'r') as fp:
postJson=commentjson.load(fp)
# Only authorized viewers get to see likes on posts
# Otherwize marketers could gain more social graph info
if not self._isAuthorized():
if postJson.get('likes'):
postJson['likes']={}
self._set_headers('application/json')
self.wfile.write(json.dumps(postJson).encode('utf-8'))
self.server.GETbusy=False
@ -254,6 +259,11 @@ class PubServer(BaseHTTPRequestHandler):
postJson={}
with open(postFilename, 'r') as fp:
postJson=commentjson.load(fp)
# Only authorized viewers get to see likes on posts
# Otherwize marketers could gain more social graph info
if not self._isAuthorized():
if postJson.get('likes'):
postJson['likes']={}
self._set_headers('application/json')
self.wfile.write(json.dumps(postJson).encode('utf-8'))
self.server.GETbusy=False
@ -292,7 +302,8 @@ class PubServer(BaseHTTPRequestHandler):
outboxFeed=personBoxJson(self.server.baseDir,self.server.domain, \
self.server.port,self.path, \
self.server.httpPrefix, \
maxPostsInFeed, 'outbox')
maxPostsInFeed, 'outbox', \
self._isAuthorized())
if outboxFeed:
self._set_headers('application/json')
self.wfile.write(json.dumps(outboxFeed).encode('utf-8'))

View File

@ -185,7 +185,8 @@ def personLookup(domain: str,path: str,baseDir: str) -> {}:
return personJson
def personBoxJson(baseDir: str,domain: str,port: int,path: str, \
httpPrefix: str,noOfItems: int,boxname: str) -> []:
httpPrefix: str,noOfItems: int,boxname: str, \
authorized: bool) -> []:
"""Obtain the inbox/outbox feed for the given person
"""
if boxname!='inbox' and boxname!='outbox':
@ -226,7 +227,7 @@ def personBoxJson(baseDir: str,domain: str,port: int,path: str, \
return createInbox(baseDir,nickname,domain,port,httpPrefix, \
noOfItems,headerOnly,pageNumber)
return createOutbox(baseDir,nickname,domain,port,httpPrefix, \
noOfItems,headerOnly,pageNumber)
noOfItems,headerOnly,authorized,pageNumber)
def personInboxJson(baseDir: str,domain: str,port: int,path: str, \
httpPrefix: str,noOfItems: int) -> []:

View File

@ -760,15 +760,15 @@ def sendToFollowers(session,baseDir: str,
def createInbox(baseDir: str,nickname: str,domain: str,port: int,httpPrefix: str, \
itemsPerPage: int,headerOnly: bool,pageNumber=None) -> {}:
return createBoxBase(baseDir,'inbox',nickname,domain,port,httpPrefix, \
itemsPerPage,headerOnly,pageNumber)
itemsPerPage,headerOnly,True,pageNumber)
def createOutbox(baseDir: str,nickname: str,domain: str,port: int,httpPrefix: str, \
itemsPerPage: int,headerOnly: bool,pageNumber=None) -> {}:
itemsPerPage: int,headerOnly: bool,authorized: bool,pageNumber=None) -> {}:
return createBoxBase(baseDir,'outbox',nickname,domain,port,httpPrefix, \
itemsPerPage,headerOnly,pageNumber)
itemsPerPage,headerOnly,authorized,pageNumber)
def createBoxBase(baseDir: str,boxname: str, \
nickname: str,domain: str,port: int,httpPrefix: str, \
itemsPerPage: int,headerOnly: bool,pageNumber=None) -> {}:
itemsPerPage: int,headerOnly: bool,authorized :bool,pageNumber=None) -> {}:
"""Constructs the box feed
"""
if boxname!='inbox' and boxname!='outbox':
@ -849,6 +849,10 @@ def createBoxBase(baseDir: str,boxname: str, \
# get the post as json
with open(filePath, 'r') as fp:
p=commentjson.load(fp)
# Don't show likes to unauthorized viewers
if not authorized:
if p.get('likes'):
p['likes']={}
# insert it into the box feed
if postsOnPageCtr < itemsPerPage:
if not headerOnly: