indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Reject non-followers more quickly when getting private pinned posts

main
Bob Mottram 2021-11-09 18:23:42 +00:00
parent 98d09c48a8
commit 8cbbefea9d
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
daemon.py
View File

@ -12994,13 +12994,10 @@ class PubServer(BaseHTTPRequestHandler):
nickname, self.server.domain,
self.server.domainFull,
self.server.systemLanguage):
if not self._secureMode(True):
# GET request signature failed
followerActor = self._secureModeActor()
if not followerActor:
showPinned = False
else:
# the GET signature passes, but is this someone
# that follows us?
followerActor = self._secureModeActor()
followerNickname = getNicknameFromActor(followerActor)
followerDomain, followerPort = \
getDomainFromActor(followerActor)
@ -13011,6 +13008,11 @@ class PubServer(BaseHTTPRequestHandler):
followerNickname,
followerDomainFull):
showPinned = False
else:
# does their GET signature verify?
if not self._secureMode(True):
# GET request signature failed
showPinned = False
if not showPinned:
# follower check failed, so just return an empty collection
postContext = getIndividualPostContext()