do not fetch if :limit_to_local_content is :all or :unauthenticated

beerriot commented

2023-07-07 17:38:04 +00:00

First-time contributor

If limit_to_local_content is set to unauthenticated, an unauthenticated search for keywords only returns posts that were made locally, but searching for a post URL will cause the fetcher to go grab that post from whatever server and display it in search results (as long as it's not blocked for another reason). This seemed wrong to me - kind of a loophole - so I changed the maybe_fetch function to check on limit_to_local_content first, and not fetch if it is set to unauthenticated (or to all).

I haven't added a test. It seems like it will require either simulating/mocking the fetcher, or an external server to respond to the fetcher. If there's another test demonstrating how to do that easily, please feel free to point me toward it.

If `limit_to_local_content` is set to `unauthenticated`, an unauthenticated search for keywords only returns posts that were made locally, but searching for a post URL will cause the fetcher to go grab that post from whatever server and display it in search results (as long as it's not blocked for another reason). This seemed wrong to me - kind of a loophole - so I changed the `maybe_fetch` function to check on `limit_to_local_content` first, and not fetch if it is set to `unauthenticated` (or to `all`). I haven't added a test. It seems like it will require either simulating/mocking the fetcher, or an external server to respond to the fetcher. If there's another test demonstrating how to do that easily, please feel free to point me toward it.

beerriot added 1 commit 2023-07-07 17:38:05 +00:00

ci/woodpecker/pr/woodpecker Pipeline is pending Details

97037c0b53 do not fetch if limit_to_local_content is enabled

Prior to this change, anyone, authenticated or not, could submit a search
query for an activity by URL, and cause the fetcher to go fetch it. That
shouldn't happen if `limit_to_local_content` is set to `:all` or if it's
set to `:unauthenticated` and the query came from an unauthenticated
source.

floatingghost commented

2023-07-17 16:31:52 +00:00

Owner

hm, this would worry me a little - i get what you're going for, but that search bar is about the only way you have of asking the system to fetch a remote post; it might become extremely difficult to bootstrap new instances that turn this one

beerriot commented

2023-07-17 16:39:46 +00:00

Author

First-time contributor

Thanks for having a look, @floatingghost. I guess the only thing I'd say is that this patch does not change anything for logged-in users on an instance using the default config (limit_to_local_content = :unauthenticated), as far as I can tell. I think that means that the users on a new instance shouldn't have trouble bootstrapping it, because they can fetch all the remote posts via search that they like. But I'm also pretty new to Akkoma, so maybe I've missed another bootstrapping process?

Thanks for having a look, @floatingghost. I guess the only thing I'd say is that this patch does not change anything for logged-in users on an instance using the default config (`limit_to_local_content = :unauthenticated`), as far as I can tell. I think that means that the users on a new instance shouldn't have trouble bootstrapping it, because they can fetch all the remote posts via search that they like. But I'm also pretty new to Akkoma, so maybe I've missed another bootstrapping process?

ci/woodpecker/pr/woodpecker Pipeline is pending

Details

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

do not fetch if :limit_to_local_content is :all or :unauthenticated #582