allow resigned content from trusted honkers. but keep a log of their deceptions.
Ted Unangst tedu@tedunangst.com
Tue, 23 Apr 2019 11:02:43 -0400
M
fun.go
→
fun.go
@@ -328,6 +328,21 @@ }
return true } -func keymatch(keyname string, actor string) bool { - return strings.HasPrefix(keyname, actor) +func keymatch(keyname string, actor string, userid int64) bool { + hash := strings.IndexByte(keyname, '#') + if hash == -1 { + hash = len(keyname) + } + owner := keyname[0:hash] + if owner == actor { + return true + } + row := stmtHasHonker.QueryRow(owner, userid) + var id int64 + err := row.Scan(&id) + if err == nil { + log.Printf("allowing resigned content by %s", keyname) + return true + } + return false }
M
honk.go
→
honk.go
@@ -320,7 +320,7 @@ if what == "Like" {
return } who, _ := jsongetstring(j, "actor") - if !keymatch(keyname, who) { + if !keymatch(keyname, who, user.ID) { log.Printf("keyname actor mismatch: %s <> %s", keyname, who) return }@@ -1158,7 +1158,7 @@ var stmtHonksForUser, stmtHonksForMe, stmtDeleteHonk, stmtSaveDub *sql.Stmt
var stmtHonksByHonker, stmtSaveHonk, stmtFileData, stmtWhatAbout *sql.Stmt var stmtFindXonk, stmtSaveDonk, stmtFindFile, stmtSaveFile *sql.Stmt var stmtAddDoover, stmtGetDoovers, stmtLoadDoover, stmtZapDoover *sql.Stmt -var stmtThumbBiter, stmtZonkIt *sql.Stmt +var stmtHasHonker, stmtThumbBiter, stmtZonkIt *sql.Stmt func preparetodie(db *sql.DB, s string) *sql.Stmt { stmt, err := db.Prepare(s)@@ -1172,6 +1172,7 @@ func prepareStatements(db *sql.DB) {
stmtHonkers = preparetodie(db, "select honkerid, userid, name, xid, flavor, combos from honkers where userid = ? and flavor = 'sub' or flavor = 'peep'") stmtSaveHonker = preparetodie(db, "insert into honkers (userid, name, xid, flavor, combos) values (?, ?, ?, ?, ?)") stmtUpdateHonker = preparetodie(db, "update honkers set combos = ? where honkerid = ? and userid = ?") + stmtHasHonker = preparetodie(db, "select honkerid from honkers where xid = ? and userid = ?") stmtDubbers = preparetodie(db, "select honkerid, userid, name, xid, flavor from honkers where userid = ? and flavor = 'dub'") stmtOneXonk = preparetodie(db, "select honkid, honks.userid, users.username, what, honker, xid, rid, dt, url, audience, noise, convoy from honks join users on honks.userid = users.userid where xid = ?") stmtHonks = preparetodie(db, "select honkid, honks.userid, users.username, what, honker, xid, rid, dt, url, audience, noise, convoy from honks join users on honks.userid = users.userid where honker = '' order by honkid desc limit 50")