do not fetch if :limit_to_local_content is :all or :unauthenticated #582

Open
beerriot wants to merge 1 commit from beerriot/akkoma:develop-no-fetch-with-local-limit into develop
First-time contributor

If limit_to_local_content is set to unauthenticated, an unauthenticated search for keywords only returns posts that were made locally, but searching for a post URL will cause the fetcher to go grab that post from whatever server and display it in search results (as long as it's not blocked for another reason). This seemed wrong to me - kind of a loophole - so I changed the maybe_fetch function to check on limit_to_local_content first, and not fetch if it is set to unauthenticated (or to all).

I haven't added a test. It seems like it will require either simulating/mocking the fetcher, or an external server to respond to the fetcher. If there's another test demonstrating how to do that easily, please feel free to point me toward it.

If `limit_to_local_content` is set to `unauthenticated`, an unauthenticated search for keywords only returns posts that were made locally, but searching for a post URL will cause the fetcher to go grab that post from whatever server and display it in search results (as long as it's not blocked for another reason). This seemed wrong to me - kind of a loophole - so I changed the `maybe_fetch` function to check on `limit_to_local_content` first, and not fetch if it is set to `unauthenticated` (or to `all`). I haven't added a test. It seems like it will require either simulating/mocking the fetcher, or an external server to respond to the fetcher. If there's another test demonstrating how to do that easily, please feel free to point me toward it.
beerriot added 1 commit 2023-07-07 17:38:05 +00:00
do not fetch if limit_to_local_content is enabled
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
97037c0b53
Prior to this change, anyone, authenticated or not, could submit a search
query for an activity by URL, and cause the fetcher to go fetch it. That
shouldn't happen if `limit_to_local_content` is set to `:all` or if it's
set to `:unauthenticated` and the query came from an unauthenticated
source.

hm, this would worry me a little - i get what you're going for, but that search bar is about the only way you have of asking the system to fetch a remote post; it might become extremely difficult to bootstrap new instances that turn this one

hm, this would worry me a little - i get what you're going for, but that search bar is about the only way you have of asking the system to fetch a remote post; it might become extremely difficult to bootstrap new instances that turn this one
Author
First-time contributor

Thanks for having a look, @floatingghost. I guess the only thing I'd say is that this patch does not change anything for logged-in users on an instance using the default config (limit_to_local_content = :unauthenticated), as far as I can tell. I think that means that the users on a new instance shouldn't have trouble bootstrapping it, because they can fetch all the remote posts via search that they like. But I'm also pretty new to Akkoma, so maybe I've missed another bootstrapping process?

Thanks for having a look, @floatingghost. I guess the only thing I'd say is that this patch does not change anything for logged-in users on an instance using the default config (`limit_to_local_content = :unauthenticated`), as far as I can tell. I think that means that the users on a new instance shouldn't have trouble bootstrapping it, because they can fetch all the remote posts via search that they like. But I'm also pretty new to Akkoma, so maybe I've missed another bootstrapping process?
Some checks are pending
ci/woodpecker/pr/woodpecker Pipeline is pending
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u develop-no-fetch-with-local-limit:beerriot-develop-no-fetch-with-local-limit
git checkout beerriot-develop-no-fetch-with-local-limit
Sign in to join this conversation.
No description provided.