Make sure tokens don't leak

Before the cache wasn't isolated, and if somebody requested an instance's playlist with a token it could be retrieved without a token later on.
2023-10-04 12:03:48 +02:00 · 2023-10-04 12:03:48 +02:00 · 0a253575ea
commit 0a253575ea
parent eadb7ba0e0
1 changed files with 5 additions and 4 deletions
--- a/looptober.clj
+++ b/looptober.clj
@ -11,7 +11,7 @@
  (first (filter #(when (pred %) (reduced %)) xs)))
 ;; the nested map looks like this:
-;; {"instance.url" [timestamp-in-ms [status ...]]}
+;; {["instance.url" token] [timestamp-in-ms [status ...]]}
 (defonce response-cache (atom {}))
 (def update-interval (* 1000 60 30)) ;; 30 min
@ -37,11 +37,12 @@
  ([instance-url token]
   ;; cache update logic
   (let [now (System/currentTimeMillis)
-         [last-fetch statuses] (get @response-cache instance-url)
+         cache-key [instance-url token]
         [last-fetch statuses] (get @response-cache cache-key)
         max-status (first statuses)]
     (if (or (nil? last-fetch)
             (> (- now last-fetch) update-interval))
-       (let [updated (swap! response-cache assoc instance-url
+       (let [updated (swap! response-cache assoc cache-key
                            [now
                             (let [new-statuses (paginate (format "%s/api/v1/timelines/tag/looptober" instance-url)
                                                           token
@ -50,7 +51,7 @@
                                                                  (neg? (compare (:created_at max-status "2023-10-01T00:00:00.000Z") (:created_at status)))))
                                                           (:id max-status))]
                               (concat (filterv audio-attachment new-statuses) statuses))])
-             [_ statuses] (get updated instance-url)]
+             [_ statuses] (get updated cache-key)]
         statuses)
       statuses))))