near/computersandblues.looptober
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Make sure tokens don't leak

Browse source 
Before the cache wasn't isolated, and if somebody requested an
instance's playlist with a token it could be retrieved without a token
later on.
This commit is contained in:
arne 2023-10-04 12:03:48 +02:00
commit 0a253575ea
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
looptober.clj
View file

@ -11,7 +11,7 @@
(first (filter #(when (pred %) (reduced %)) xs)))
;; the nested map looks like this:
;; {"instance.url" [timestamp-in-ms [status ...]]}
;; {["instance.url" token] [timestamp-in-ms [status ...]]}
(defonce response-cache (atom {}))
(def update-interval (* 1000 60 30)) ;; 30 min
@ -37,11 +37,12 @@
([instance-url token]
;; cache update logic
(let [now (System/currentTimeMillis)
[last-fetch statuses] (get @response-cache instance-url)
cache-key [instance-url token]
[last-fetch statuses] (get @response-cache cache-key)
max-status (first statuses)]
(if (or (nil? last-fetch)
(> (- now last-fetch) update-interval))
(let [updated (swap! response-cache assoc instance-url
(let [updated (swap! response-cache assoc cache-key
[now
(let [new-statuses (paginate (format "%s/api/v1/timelines/tag/looptober" instance-url)
token
@ -50,7 +51,7 @@
(neg? (compare (:created_at max-status "2023-10-01T00:00:00.000Z") (:created_at status)))))
(:id max-status))]
(concat (filterv audio-attachment new-statuses) statuses))])
[_ statuses] (get updated instance-url)]
[_ statuses] (get updated cache-key)]
statuses)
statuses))))