UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-11-13 01:54:30 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #4395 from pixelfed/staging

Browse source 
Staging
This commit is contained in:
daniel 2023-05-19 03:43:05 -06:00 committed by GitHub
commit eaf94cab0c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 71 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -40,6 +40,9 @@
- Update StatusEntityLexer, stop saving entities ([a91a5e48](https://github.com/pixelfed/pixelfed/commit/a91a5e48)) - Update StatusEntityLexer, stop saving entities ([a91a5e48](https://github.com/pixelfed/pixelfed/commit/a91a5e48))
- Update UserCreate command, fix is_admin flag ([ad25ed67](https://github.com/pixelfed/pixelfed/commit/ad25ed67)) - Update UserCreate command, fix is_admin flag ([ad25ed67](https://github.com/pixelfed/pixelfed/commit/ad25ed67))
- Update Bouncer, adjust advanced Autospam logic ([18cddd43](https://github.com/pixelfed/pixelfed/commit/18cddd43)) - Update Bouncer, adjust advanced Autospam logic ([18cddd43](https://github.com/pixelfed/pixelfed/commit/18cddd43))
- Update atom view, fix atom feed bug ([63b72c42](https://github.com/pixelfed/pixelfed/commit/63b72c42))
- Update StatusController, disable post embeds from spam accounts ([c167af43](https://github.com/pixelfed/pixelfed/commit/c167af43))
- Update ProfileController, require login to view spam accounts, and disable profile embeds and atom feeds for spam accounts ([dd2f5bb9](https://github.com/pixelfed/pixelfed/commit/dd2f5bb9))
- ([](https://github.com/pixelfed/pixelfed/commit/)) - ([](https://github.com/pixelfed/pixelfed/commit/))
## [v0.11.6 (2023-05-03)](https://github.com/pixelfed/pixelfed/compare/v0.11.5...v0.11.6) ## [v0.11.6 (2023-05-03)](https://github.com/pixelfed/pixelfed/compare/v0.11.5...v0.11.6)

46
app/Http/Controllers/ProfileController.php
View file

@ -7,6 +7,7 @@ use Auth;
use Cache; use Cache;
use DB; use DB;
use View; use View;
use App\AccountInterstitial;
use App\Follower; use App\Follower;
use App\FollowRequest; use App\FollowRequest;
use App\Profile; use App\Profile;
@ -42,9 +43,22 @@ class ProfileController extends Controller
->whereUsername($username) ->whereUsername($username)
->firstOrFail(); ->firstOrFail();
if($request->wantsJson() && config_cache('federation.activitypub.enabled')) { if($request->wantsJson() && config_cache('federation.activitypub.enabled')) {
return $this->showActivityPub($request, $user); return $this->showActivityPub($request, $user);
} }
$aiCheck = Cache::remember('profile:ai-check:spam-login:' . $user->id, 86400, function() use($user) {
$exists = AccountInterstitial::whereUserId($user->user_id)->where('is_spam', 1)->count();
if($exists) {
return true;
}
return false;
});
if($aiCheck) {
return redirect('/login');
}
return $this->buildProfile($request, $user); return $this->buildProfile($request, $user);
} }
@ -207,7 +221,22 @@ class ProfileController extends Controller
abort_if(!$profile || $profile['locked'] || !$profile['local'], 404); abort_if(!$profile || $profile['locked'] || !$profile['local'], 404);
$data = Cache::remember('pf:atom:user-feed:by-id:' . $profile['id'], 43200, function() use($pid, $profile) { $aiCheck = Cache::remember('profile:ai-check:spam-login:' . $profile['id'], 86400, function() use($profile) {
$uid = User::whereProfileId($profile['id'])->first();
if(!$uid) {
return true;
}
$exists = AccountInterstitial::whereUserId($uid->id)->where('is_spam', 1)->count();
if($exists) {
return true;
}
return false;
});
abort_if($aiCheck, 404);
$data = Cache::remember('pf:atom:user-feed:by-id:' . $profile['id'], 900, function() use($pid, $profile) {
$items = DB::table('statuses') $items = DB::table('statuses')
->whereProfileId($pid) ->whereProfileId($pid)
->whereVisibility('public') ->whereVisibility('public')
@ -234,7 +263,7 @@ class ProfileController extends Controller
return compact('items', 'permalink', 'headers'); return compact('items', 'permalink', 'headers');
}); });
abort_if(!$data, 404); abort_if(!$data || !isset($data['items']) || !isset($data['permalink']), 404);
return response() return response()
->view('atom.user', ->view('atom.user',
[ [
@ -274,6 +303,19 @@ class ProfileController extends Controller
return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']); return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
} }
$aiCheck = Cache::remember('profile:ai-check:spam-login:' . $profile->id, 86400, function() use($profile) {
$exists = AccountInterstitial::whereUserId($profile->user_id)->where('is_spam', 1)->count();
if($exists) {
return true;
}
return false;
});
if($aiCheck) {
return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
}
if(AccountService::canEmbed($profile->user_id) == false) { if(AccountService::canEmbed($profile->user_id) == false) {
return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']); return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
} }

15
app/Http/Controllers/StatusController.php
View file

@ -115,10 +115,25 @@ class StatusController extends Controller
->whereIsPrivate(false) ->whereIsPrivate(false)
->whereUsername($username) ->whereUsername($username)
->first(); ->first();
if(!$profile) { if(!$profile) {
$content = view('status.embed-removed'); $content = view('status.embed-removed');
return response($content)->header('X-Frame-Options', 'ALLOWALL'); return response($content)->header('X-Frame-Options', 'ALLOWALL');
} }
$aiCheck = Cache::remember('profile:ai-check:spam-login:' . $profile->id, 86400, function() use($profile) {
$exists = AccountInterstitial::whereUserId($profile->user_id)->where('is_spam', 1)->count();
if($exists) {
return true;
}
return false;
});
if($aiCheck) {
$res = view('status.embed-removed');
return response($res)->withHeaders(['X-Frame-Options' => 'ALLOWALL']);
}
$status = Status::whereProfileId($profile->id) $status = Status::whereProfileId($profile->id)
->whereNull('uri') ->whereNull('uri')
->whereScope('public') ->whereScope('public')

10
resources/views/atom/user.blade.php
View file

@ -6,13 +6,18 @@
<id>{{$permalink}}</id> <id>{{$permalink}}</id>
<title>{{$profile['username']}} on Pixelfed</title> <title>{{$profile['username']}} on Pixelfed</title>
<subtitle type="html">{{$profile['note']}}</subtitle> <subtitle type="html">{{$profile['note']}}</subtitle>
<updated>{{$items[0]['created_at']}}</updated> @if($items && count($items))
<updated>{{$items[0]['created_at']}}</updated>
@endif
<author> <author>
<name>{{$profile['username']}}</name> <name>{{$profile['username']}}</name>
<uri>{{$profile['url']}}</uri> <uri>{{$profile['url']}}</uri>
</author> </author>
<link rel="alternate" type="text/html" href="{{$profile['url']}}" /> <link rel="alternate" type="text/html" href="{{$profile['url']}}" />
<link rel="self" type="application/atom+xml" href="{{$permalink}}" /> <link rel="self" type="application/atom+xml" href="{{$permalink}}" />
@if($items && count($items))
@foreach($items as $item) @foreach($items as $item)
<entry> <entry>
<id>{{ $item['url'] }}</id> <id>{{ $item['url'] }}</id>
@ -35,4 +40,7 @@
<media:content url="{{ $item['media_attachments'][0]['url'] }}" type="{{ $item['media_attachments'][0]['mime'] }}" medium="image" /> <media:content url="{{ $item['media_attachments'][0]['url'] }}" type="{{ $item['media_attachments'][0]['mime'] }}" medium="image" />
</entry> </entry>
@endforeach @endforeach
@endif
</feed> </feed>