Do not serve RSS/Atom feeds when instance is private

2020-08-31 15:58:21 -05:00 · 2020-08-31 15:58:21 -05:00 · a85ed6defb
commit a85ed6defb
parent 44ced17634
5 changed files with 59 additions and 10 deletions
--- a/lib/pleroma/web/feed/tag_controller.ex
+++ b/lib/pleroma/web/feed/tag_controller.ex
@ -9,7 +9,15 @@ defmodule Pleroma.Web.Feed.TagController do
  alias Pleroma.Web.ActivityPub.ActivityPub
  alias Pleroma.Web.Feed.FeedView
-  def feed(conn, %{"tag" => raw_tag} = params) do
+  def feed(conn, params) do
    if Pleroma.Config.get!([:instance, :public]) do
      render_feed(conn, params)
    else
      render_error(conn, :not_found, "Not found")
    end
  end
  def render_feed(conn, %{"tag" => raw_tag} = params) do
    {format, tag} = parse_tag(raw_tag)
    activities =
--- a/lib/pleroma/web/feed/user_controller.ex
+++ b/lib/pleroma/web/feed/user_controller.ex
@ -37,7 +37,15 @@ def feed_redirect(conn, %{"nickname" => nickname}) do
    end
  end
-  def feed(conn, %{"nickname" => nickname} = params) do
+  def feed(conn, params) do
    if Pleroma.Config.get!([:instance, :public]) do
      render_feed(conn, params)
    else
      errors(conn, {:error, :not_found})
    end
  end
  def render_feed(conn, %{"nickname" => nickname} = params) do
    format = get_format(conn)
    format =
--- a/lib/pleroma/web/metadata/feed.ex
+++ b/lib/pleroma/web/metadata/feed.ex
@ -11,13 +11,17 @@ defmodule Pleroma.Web.Metadata.Providers.Feed do
  @impl Provider
  def build_tags(%{user: user}) do
-    [
+    if Pleroma.Config.get!([:instance, :public]) do
-      {:link,
+      [
-       [
+        {:link,
-         rel: "alternate",
+         [
-         type: "application/atom+xml",
+           rel: "alternate",
-         href: Helpers.user_feed_path(Endpoint, :feed, user.nickname) <> ".atom"
+           type: "application/atom+xml",
-       ], []}
+           href: Helpers.user_feed_path(Endpoint, :feed, user.nickname) <> ".atom"
-    ]
+         ], []}
      ]
    else
      []
    end
  end
 end
--- a/test/web/feed/tag_controller_test.exs
+++ b/test/web/feed/tag_controller_test.exs
@ -181,4 +181,17 @@ test "gets a feed (RSS)", %{conn: conn} do
             'yeah #PleromaArt'
           ]
  end
  describe "private instance" do
    setup do: clear_config([:instance, :public])
    test "returns 404 for tags feed", %{conn: conn} do
      Config.put([:instance, :public], false)
      conn
      |> put_req_header("accept", "application/rss+xml")
      |> get(tag_feed_path(conn, :feed, "pleromaart"))
      |> response(404)
    end
  end
 end
--- a/test/web/feed/user_controller_test.exs
+++ b/test/web/feed/user_controller_test.exs
@ -246,4 +246,20 @@ test "with non-html / non-json format, it returns error when user is not found",
      assert response == ~S({"error":"Not found"})
    end
  end
  describe "private instance" do
    setup do: clear_config([:instance, :public])
    test "returns 404 for user feed", %{conn: conn} do
      Config.put([:instance, :public], false)
      user = insert(:user)
      {:ok, _} = CommonAPI.post(user, %{status: "test"})
      assert conn
             |> put_req_header("accept", "application/atom+xml")
             |> get(user_feed_path(conn, :feed, user.nickname))
             |> response(404)
    end
  end
 end