From cb58d62bcc1a730e00c72a6cbc2cc12c3a7455c9 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Fri, 19 Jul 2019 09:40:51 +0100 Subject: [PATCH] Only show a limited subset of follows/followers to unauthorized viewers --- daemon.py | 6 ++++-- follow.py | 20 +++++++++++++++----- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/daemon.py b/daemon.py index 9daca029..542ea53c 100644 --- a/daemon.py +++ b/daemon.py @@ -584,9 +584,11 @@ class PubServer(BaseHTTPRequestHandler): self.wfile.write(json.dumps(outboxFeed).encode('utf-8')) self.server.GETbusy=False return + authorized=self._isAuthorized() following=getFollowingFeed(self.server.baseDir,self.server.domain, \ self.server.port,self.path, \ - self.server.httpPrefix,followsPerPage) + self.server.httpPrefix, + authorized,followsPerPage) if following: self._set_headers('application/json') self.wfile.write(json.dumps(following).encode('utf-8')) @@ -595,7 +597,7 @@ class PubServer(BaseHTTPRequestHandler): followers=getFollowingFeed(self.server.baseDir,self.server.domain, \ self.server.port,self.path, \ self.server.httpPrefix, \ - followsPerPage,'followers') + authorized,followsPerPage,'followers') if followers: self._set_headers('application/json') self.wfile.write(json.dumps(followers).encode('utf-8')) diff --git a/follow.py b/follow.py index 125fa5b8..850cff0c 100644 --- a/follow.py +++ b/follow.py @@ -118,9 +118,14 @@ def clearFollowers(baseDir: str,nickname: str,domain: str) -> None: clearFollows(baseDir,nickname, domain,'followers.txt') def getNoOfFollows(baseDir: str,nickname: str,domain: str, \ + authenticated: bool, \ followFile='following.txt') -> int: """Returns the number of follows or followers """ + # only show number of followers to authenticated + # account holders + if not authenticated: + return 9999 handle=nickname.lower()+'@'+domain.lower() filename=baseDir+'/accounts/'+handle+'/'+followFile if not os.path.isfile(filename): @@ -136,16 +141,21 @@ def getNoOfFollows(baseDir: str,nickname: str,domain: str, \ ctr += 1 return ctr -def getNoOfFollowers(baseDir: str,nickname: str,domain: str) -> int: +def getNoOfFollowers(baseDir: str,nickname: str,domain: str,authenticated: bool) -> int: """Returns the number of followers of the given person """ - return getNoOfFollows(baseDir,nickname,domain,'followers.txt') + return getNoOfFollows(baseDir,nickname,domain,authenticated,'followers.txt') def getFollowingFeed(baseDir: str,domain: str,port: int,path: str, \ - httpPrefix: str, followsPerPage=12, \ + httpPrefix: str, authenticated: bool, + followsPerPage=12, \ followFile='following') -> {}: """Returns the following and followers feeds from GET requests """ + # Show a small number of follows to non-authenticated viewers + if not authenticated: + followsPerPage=6 + if '/'+followFile not in path: return None # handle page numbers @@ -153,7 +163,7 @@ def getFollowingFeed(baseDir: str,domain: str,port: int,path: str, \ pageNumber=None if '?page=' in path: pageNumber=path.split('?page=')[1] - if pageNumber=='true': + if pageNumber=='true' or not authenticated: pageNumber=1 else: try: @@ -183,7 +193,7 @@ def getFollowingFeed(baseDir: str,domain: str,port: int,path: str, \ '@context': 'https://www.w3.org/ns/activitystreams', 'first': httpPrefix+'://'+domain+'/users/'+nickname+'/'+followFile+'?page=1', 'id': httpPrefix+'://'+domain+'/users/'+nickname+'/'+followFile, - 'totalItems': getNoOfFollows(baseDir,nickname,domain), + 'totalItems': getNoOfFollows(baseDir,nickname,domain,authenticated), 'type': 'OrderedCollection'} return following