diff options
| author |  tobi <tobi.smethurst@protonmail.com> | 2025-07-09 16:50:25 +0200 |
|---|---|---|
| committer |  kim <gruf@noreply.codeberg.org> | 2025-07-09 16:50:25 +0200 |
| commit | dcfc9b7885e7ed4f7886a35ccb3e007c293d3521 (patch) | |
| tree | 3bef2a25b9c8178bdfbece05a5165c94a5a7ae03 /internal/filter | |
| parent | [performance] use our own typed value context types for Value() key checking ... (diff) | |
| download | gotosocial-dcfc9b7885e7ed4f7886a35ccb3e007c293d3521.tar.xz | |
[feature] Use `hidesToPublicFromUnauthedWeb` and `hidesCcPublicFromUnauthedWeb` properties for web visibility of statuses (#4315)
This pull request implements two new properties on ActivityPub actors: `hidesToPublicFromUnauthedWeb` and `hidesCcPublicFromUnauthedWeb`.
As documented, these properties allow actors to signal their preference for whether or not their posts should be hidden from unauthenticated web views (ie., web pages like the GtS frontend, web apps like the Mastodon frontend, web APIs like the Mastodon public timeline API, etc). This allows remote accounts to *opt in* to having their unlisted visibility posts shown in (for example) the replies section of the web view of a GtS thread. In future, we can also use these properties to determine whether we should show boosts of a remote actor's post on a GtS profile, and that sort of thing.
In keeping with our stance around privacy by default, GtS assumes `true` for `hidesCcPublicFromUnauthedWeb` if the property is not set on a remote actor, ie., hide unlisted/unlocked posts by default. `hidesToPublicFromUnauthedWeb` is assumed to be `false` if the property is not set on a remote actor, ie., show public posts by default.
~~WIP as I still want to work on the documentation for this a bit.~~
New props are already in the namespace document: https://gotosocial.org/ns
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4315
Reviewed-by: kim <gruf@noreply.codeberg.org>
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Co-committed-by: tobi <tobi.smethurst@protonmail.com>
Diffstat (limited to 'internal/filter')
| -rw-r--r-- | internal/filter/visibility/status.go | 56 |
1 files changed, 13 insertions, 43 deletions
diff --git a/internal/filter/visibility/status.go b/internal/filter/visibility/status.go index 24fa6f2e6..c46fd369c 100644 --- a/internal/filter/visibility/status.go +++ b/internal/filter/visibility/status.go @@ -115,9 +115,7 @@ func (f *Filter) isStatusVisible( if requester == nil { // Use a different visibility // heuristic for unauthed requests. - return f.isStatusVisibleUnauthed( - ctx, status, - ) + return f.isStatusVisibleUnauthed(status), nil } /* @@ -245,57 +243,29 @@ func isPendingStatusVisible(requester *gtsmodel.Account, status *gtsmodel.Status return false } -// isStatusVisibleUnauthed returns whether status is visible without any unauthenticated account. -func (f *Filter) isStatusVisibleUnauthed(ctx context.Context, status *gtsmodel.Status) (bool, error) { - - // For remote accounts, only show - // Public statuses via the web. - if status.Account.IsRemote() { - return status.Visibility == gtsmodel.VisibilityPublic, nil - } +// isStatusVisibleUnauthed returns whether status is visible without authentication. +func (f *Filter) isStatusVisibleUnauthed(status *gtsmodel.Status) bool { // If status is local only, - // never show via the web. + // never show without auth. if status.IsLocalOnly() { - return false, nil - } - - // Check account's settings to see - // what they expose. Populate these - // from the DB if necessary. - if status.Account.Settings == nil { - var err error - status.Account.Settings, err = f.state.DB.GetAccountSettings(ctx, status.Account.ID) - if err != nil { - return false, gtserror.Newf( - "error getting settings for account %s: %w", - status.Account.ID, err, - ) - } + return false } - switch webvis := status.Account.Settings.WebVisibility; webvis { + switch status.Visibility { - // public_only: status must be Public. case gtsmodel.VisibilityPublic: - return status.Visibility == gtsmodel.VisibilityPublic, nil + // Visible if account doesn't hide Public statuses. + return !*status.Account.HidesToPublicFromUnauthedWeb - // unlisted: status must be Public or Unlocked. case gtsmodel.VisibilityUnlocked: - visible := status.Visibility == gtsmodel.VisibilityPublic || - status.Visibility == gtsmodel.VisibilityUnlocked - return visible, nil + // Visible if account doesn't hide Unlocked statuses. + return !*status.Account.HidesCcPublicFromUnauthedWeb - // none: never show via the web. - case gtsmodel.VisibilityNone: - return false, nil - - // Huh? default: - return false, gtserror.Newf( - "unrecognized web visibility for account %s: %s", - status.Account.ID, webvis, - ) + // For all other visibilities, + // never show without auth. + return false } } |