[#2046] Defaulted pleroma/restrict_unauthenticated basing on instance privacy setting (i.e. restrict on private instances only by default).

2020-08-14 20:55:45 +03:00 · 2020-08-14 20:55:45 +03:00 · 95529ab709
commit 95529ab709
parent 33e508d7c6
7 changed files with 31 additions and 37 deletions
--- a/config/config.exs
+++ b/config/config.exs
@ -725,10 +725,12 @@
    timeout: 300_000
  ]

+private_instance? = :if_instance_is_private
+
 config :pleroma, :restrict_unauthenticated,
-  timelines: %{local: false, federated: false},
-  profiles: %{local: false, remote: false},
-  activities: %{local: false, remote: false}
+  timelines: %{local: private_instance?, federated: private_instance?},
+  profiles: %{local: private_instance?, remote: private_instance?},
+  activities: %{local: private_instance?, remote: private_instance?}

 config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false

--- a/lib/pleroma/config.ex
+++ b/lib/pleroma/config.ex
@ -81,6 +81,16 @@ def delete(key) do
    Application.delete_env(:pleroma, key)
  end

+  def restrict_unauthenticated_access?(resource, kind) do
+    setting = get([:restrict_unauthenticated, resource, kind])
+
+    if setting in [nil, :if_instance_is_private] do
+      !get!([:instance, :public])
+    else
+      setting
+    end
+  end
+
  def oauth_consumer_strategies, do: get([:auth, :oauth_consumer_strategies], [])

  def oauth_consumer_enabled?, do: oauth_consumer_strategies() != []
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -311,10 +311,12 @@ def visible_for(%User{} = user, for_user) do

  def visible_for(_, _), do: :invisible

-  defp restrict_unauthenticated?(%User{local: local}) do
-    config_key = if local, do: :local, else: :remote
+  defp restrict_unauthenticated?(%User{local: true}) do
+    Config.restrict_unauthenticated_access?(:profiles, :local)
+  end

-    Config.get([:restrict_unauthenticated, :profiles, config_key], false)
+  defp restrict_unauthenticated?(%User{local: _}) do
+    Config.restrict_unauthenticated_access?(:profiles, :remote)
  end

  defp visible_account_status(user) do
--- a/lib/pleroma/web/activity_pub/visibility.ex
+++ b/lib/pleroma/web/activity_pub/visibility.ex
@ -59,12 +59,9 @@ def visible_for_user?(%{data: %{"listMessage" => list_ap_id}} = activity, %User{
  end

  def visible_for_user?(%{local: local} = activity, nil) do
-    cfg_key =
-      if local,
-        do: :local,
-        else: :remote
+    cfg_key = if local, do: :local, else: :remote

-    if Pleroma.Config.get([:restrict_unauthenticated, :activities, cfg_key]),
+    if Pleroma.Config.restrict_unauthenticated_access?(:activities, cfg_key),
      do: false,
      else: is_public?(activity)
  end
--- a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
@ -8,6 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
  import Pleroma.Web.ControllerHelper,
    only: [add_link_headers: 2, add_link_headers: 3]

+  alias Pleroma.Config
  alias Pleroma.Pagination
  alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
  alias Pleroma.Plugs.OAuthScopesPlug
@ -89,11 +90,11 @@ def direct(%{assigns: %{user: user}} = conn, params) do
  end

  defp restrict_unauthenticated?(true = _local_only) do
-    Pleroma.Config.get([:restrict_unauthenticated, :timelines, :local])
+    Config.restrict_unauthenticated_access?(:timelines, :local)
  end

  defp restrict_unauthenticated?(_) do
-    Pleroma.Config.get([:restrict_unauthenticated, :timelines, :federated])
+    Config.restrict_unauthenticated_access?(:timelines, :federated)
  end

  # GET /api/v1/timelines/public
--- a/lib/pleroma/web/preload/timelines.ex
+++ b/lib/pleroma/web/preload/timelines.ex
@ -16,7 +16,7 @@ def generate_terms(params) do
  end

  def build_public_tag(acc, params) do
-    if Pleroma.Config.get([:restrict_unauthenticated, :timelines, :federated], true) do
+    if Pleroma.Config.restrict_unauthenticated_access?(:timelines, :federated) do
      acc
    else
      Map.put(acc, @public_url, public_timeline(params))
--- a/test/web/preload/timeline_test.exs
+++ b/test/web/preload/timeline_test.exs
@ -12,16 +12,8 @@ defmodule Pleroma.Web.Preload.Providers.TimelineTest do
  @public_url "/api/v1/timelines/public"

  describe "unauthenticated timeliness when restricted" do
-    setup do
-      svd_config = Pleroma.Config.get([:restrict_unauthenticated, :timelines])
-      Pleroma.Config.put([:restrict_unauthenticated, :timelines], %{local: true, federated: true})
-
-      on_exit(fn ->
-        Pleroma.Config.put([:restrict_unauthenticated, :timelines], svd_config)
-      end)
-
-      :ok
-    end
+    setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true)
+    setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)

    test "return nothing" do
      tl_data = Timelines.generate_terms(%{})
@ -31,20 +23,10 @@ test "return nothing" do
  end

  describe "unauthenticated timeliness when unrestricted" do
-    setup do
-      svd_config = Pleroma.Config.get([:restrict_unauthenticated, :timelines])
+    setup do: clear_config([:restrict_unauthenticated, :timelines, :local], false)
+    setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], false)

-      Pleroma.Config.put([:restrict_unauthenticated, :timelines], %{
-        local: false,
-        federated: false
-      })
-
-      on_exit(fn ->
-        Pleroma.Config.put([:restrict_unauthenticated, :timelines], svd_config)
-      end)
-
-      {:ok, user: insert(:user)}
-    end
+    setup do: {:ok, user: insert(:user)}

    test "returns the timeline when not restricted" do
      assert Timelines.generate_terms(%{})