1 files changed, 31 insertions, 0 deletions
diff --git a/html.c b/html.c
index 175a214..c5e76fc 100644
--- a/html.c
+++ b/html.c
@@ -1567,6 +1567,25 @@ xs_str *html_timeline(snac *user, const xs_list *list, int local, int skip, int
        if (!valid_status(status))
            continue;
+        /* if it's an instance page, discard private users */
+        if (user == NULL) {
+            const char *atto = xs_dict_get(msg, "attributedTo");
+            xs *l = xs_split(atto, "/");
+            const char *uid = xs_list_get(l, -1);
+            snac user;
+            int skip = 1;
+            if (uid && user_open(&user, uid)) {
+                if (xs_type(xs_dict_get(user.config, "private")) != XSTYPE_TRUE)
+                    skip = 0;
+                user_free(&user);
+            }
+            if (skip)
+                continue;
+        }
        s = html_entry(user, s, msg, local, 0, v, user ? 0 : 1);
    }
@@ -1940,6 +1959,9 @@ int html_get_handler(const xs_dict *req, const char *q_path,
        show = atoi(v), cache = 0, save = 0;
    if (p_path == NULL) { /** public timeline **/
+        if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE)
+            return 403;
        xs *h = xs_str_localtime(0, "%Y-%m.html");
        if (cache && history_mtime(&snac, h) > timeline_mtime(&snac)) {
@@ -2022,6 +2044,9 @@ int html_get_handler(const xs_dict *req, const char *q_path,
    }
    else
    if (xs_startswith(p_path, "p/")) { /** a timeline with just one entry **/
+        if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE)
+            return 403;
        xs *id  = xs_fmt("%s/%s", snac.actor, p_path);
        xs *msg = NULL;
@@ -2054,6 +2079,9 @@ int html_get_handler(const xs_dict *req, const char *q_path,
    }
    else
    if (xs_startswith(p_path, "h/")) { /** an entry from the history **/
+        if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE)
+            return 403;
        xs *l    = xs_split(p_path, "/");
        char *id = xs_list_get(l, 1);
@@ -2070,6 +2098,9 @@ int html_get_handler(const xs_dict *req, const char *q_path,
    }
    else
    if (strcmp(p_path, ".rss") == 0) { /** public timeline in RSS format **/
+        if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE)
+            return 403;
        xs_str *rss;
        xs *elems = timeline_simple_list(&snac, "public", 0, 20);
        xs *bio   = not_really_markdown(xs_dict_get(snac.config, "bio"), NULL);

diff --git a/html.c b/html.c index 175a214..c5e76fc 100644 --- a/html.c +++ b/html.c
@@ -1567,6 +1567,25 @@ xs_str html_timeline(snac user, const xs_list *list, int local, int skip, int
1567	if (!valid_status(status))	1567	if (!valid_status(status))
1568	continue;	1568	continue;
1569		1569
		1570	/* if it's an instance page, discard private users */
		1571	if (user == NULL) {
		1572	const char *atto = xs_dict_get(msg, "attributedTo");
		1573	xs *l = xs_split(atto, "/");
		1574	const char *uid = xs_list_get(l, -1);
		1575	snac user;
		1576	int skip = 1;
		1577
		1578	if (uid && user_open(&user, uid)) {
		1579	if (xs_type(xs_dict_get(user.config, "private")) != XSTYPE_TRUE)
		1580	skip = 0;
		1581
		1582	user_free(&user);
		1583	}
		1584
		1585	if (skip)
		1586	continue;
		1587	}
		1588
1570	s = html_entry(user, s, msg, local, 0, v, user ? 0 : 1);	1589	s = html_entry(user, s, msg, local, 0, v, user ? 0 : 1);
1571	}	1590	}
1572		1591
@@ -1940,6 +1959,9 @@ int html_get_handler(const xs_dict req, const char q_path,
1940	show = atoi(v), cache = 0, save = 0;	1959	show = atoi(v), cache = 0, save = 0;
1941		1960
1942	if (p_path == NULL) { / public timeline /	1961	if (p_path == NULL) { / public timeline /
		1962	if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE)
		1963	return 403;
		1964
1943	xs *h = xs_str_localtime(0, "%Y-%m.html");	1965	xs *h = xs_str_localtime(0, "%Y-%m.html");
1944		1966
1945	if (cache && history_mtime(&snac, h) > timeline_mtime(&snac)) {	1967	if (cache && history_mtime(&snac, h) > timeline_mtime(&snac)) {
@@ -2022,6 +2044,9 @@ int html_get_handler(const xs_dict req, const char q_path,
2022	}	2044	}
2023	else	2045	else
2024	if (xs_startswith(p_path, "p/")) { / a timeline with just one entry /	2046	if (xs_startswith(p_path, "p/")) { / a timeline with just one entry /
		2047	if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE)
		2048	return 403;
		2049
2025	xs *id = xs_fmt("%s/%s", snac.actor, p_path);	2050	xs *id = xs_fmt("%s/%s", snac.actor, p_path);
2026	xs *msg = NULL;	2051	xs *msg = NULL;
2027		2052
@@ -2054,6 +2079,9 @@ int html_get_handler(const xs_dict req, const char q_path,
2054	}	2079	}
2055	else	2080	else
2056	if (xs_startswith(p_path, "h/")) { / an entry from the history /	2081	if (xs_startswith(p_path, "h/")) { / an entry from the history /
		2082	if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE)
		2083	return 403;
		2084
2057	xs *l = xs_split(p_path, "/");	2085	xs *l = xs_split(p_path, "/");
2058	char *id = xs_list_get(l, 1);	2086	char *id = xs_list_get(l, 1);
2059		2087
@@ -2070,6 +2098,9 @@ int html_get_handler(const xs_dict req, const char q_path,
2070	}	2098	}
2071	else	2099	else
2072	if (strcmp(p_path, ".rss") == 0) { / public timeline in RSS format /	2100	if (strcmp(p_path, ".rss") == 0) { / public timeline in RSS format /
		2101	if (xs_type(xs_dict_get(snac.config, "private")) == XSTYPE_TRUE)
		2102	return 403;
		2103
2073	xs_str *rss;	2104	xs_str *rss;
2074	xs *elems = timeline_simple_list(&snac, "public", 0, 20);	2105	xs *elems = timeline_simple_list(&snac, "public", 0, 20);
2075	xs *bio = not_really_markdown(xs_dict_get(snac.config, "bio"), NULL);	2106	xs *bio = not_really_markdown(xs_dict_get(snac.config, "bio"), NULL);