links: api: fix leaking of org follow/unfollow requests v1 APPLIED

Peter Sanchez: 1
 api: fix leaking of org follow/unfollow requests

 1 files changed, 5 insertions(+), 1 deletions(-)

[PATCH links] api: fix leaking of org follow/unfollow requests Export this patch

when a user (un)follows an organization there is an audit log recorded
of this action for the user. However because of a filtering issue those
(un)follow logs can also be viewed by the organizations owner. This can
expose the origin users IP address. This filter adjustment will resolve
this issue.

Changelog-fixed: api fix to stop leaking of (un)follow auditlogs
Changelog-updated: api version to 0.11.1
---
 api/graph/schema.resolvers.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/graph/schema.resolvers.go b/api/graph/schema.resolvers.go
index 6146a0e..55e5c5a 100644
--- a/api/graph/schema.resolvers.go
+++ b/api/graph/schema.resolvers.go
@@ -5127,7 +5127,7 @@ func (r *queryResolver) Version(ctx context.Context) (*model.Version, error) {
 	return &model.Version{
 		Major:           0,
 		Minor:           11,
-		Patch:           0,
+		Patch:           1,
 		DeprecationDate: nil,
 	}, nil
 }
@@ -7046,6 +7046,10 @@ func (r *queryResolver) GetAuditLogs(ctx context.Context, input *model.AuditLogI
 		opts.Filter = sq.And{
 			opts.Filter,
 			sq.Eq{"(al.metadata->>'org_id')": org.ID},
+			sq.NotEq{"al.event_type": []string{
+				models.LOG_ORG_FOLLOW,
+				models.LOG_ORG_UNFOLLOW,
+			}},
 		}
 	}
 
-- 
2.52.0

Peter Sanchez <peter@netlandish.com>

7 hours ago

Applied.

To git@git.code.netlandish.com:~netlandish/links
   35b62fa..1bc342d  master -> master