only allow access to one's own inbox and outbox
Ted Unangst tedu@tedunangst.com
Sun, 10 Mar 2024 00:32:30 -0500
1 files changed,
16 insertions(+),
4 deletions(-)
jump to
M
web.go
→
web.go
@@ -415,12 +415,18 @@ if err != nil {
http.NotFound(w, r) return } + u := login.GetUserInfo(r) + if user.ID != UserID(u.UserID) { + http.Error(w, "that's not you!", http.StatusForbidden) + return + } + honks := gethonksforuser(user.ID, 0) - if len(honks) > 20 { - honks = honks[0:20] + if len(honks) > 60 { + honks = honks[0:60] } - jonks := make([]junk.Junk, 0, 256) + jonks := make([]junk.Junk, 0, len(honks)) for _, h := range honks { j, _ := jonkjonk(user, h) jonks = append(jonks, j)@@ -750,7 +756,7 @@ if len(honks) > 20 {
honks = honks[0:20] } - jonks := make([]junk.Junk, 0, 256) + jonks := make([]junk.Junk, 0, len(honks)) for _, h := range honks { j, _ := jonkjonk(user, h) jonks = append(jonks, j)@@ -794,6 +800,12 @@ if err != nil {
http.NotFound(w, r) return } + u := login.GetUserInfo(r) + if user.ID != UserID(u.UserID) { + http.Error(w, "that's not you!", http.StatusForbidden) + return + } + limiter := io.LimitReader(r.Body, 1*1024*1024) j, err := junk.Read(limiter) if err != nil {