Do not serve RSS/Atom feeds when instance is private

lib/pleroma/web/feed/tag_controller.ex

@@ -9,7 +9,15 @@ defmodule Pleroma.Web.Feed.TagController do
   alias Pleroma.Web.ActivityPub.ActivityPub
   alias Pleroma.Web.Feed.FeedView
 
-  def feed(conn, %{"tag" => raw_tag} = params) do
+  def feed(conn, params) do
+    if Pleroma.Config.get!([:instance, :public]) do
+      render_feed(conn, params)
+    else
+      render_error(conn, :not_found, "Not found")
+    end
+  end
+
+  def render_feed(conn, %{"tag" => raw_tag} = params) do
     {format, tag} = parse_tag(raw_tag)
 
     activities =

lib/pleroma/web/feed/user_controller.ex

@@ -37,7 +37,15 @@ defmodule Pleroma.Web.Feed.UserController do
     end
   end
 
-  def feed(conn, %{"nickname" => nickname} = params) do
+  def feed(conn, params) do
+    if Pleroma.Config.get!([:instance, :public]) do
+      render_feed(conn, params)
+    else
+      errors(conn, {:error, :not_found})
+    end
+  end
+
+  def render_feed(conn, %{"nickname" => nickname} = params) do
     format = get_format(conn)
 
     format =

lib/pleroma/web/metadata/feed.ex

@@ -11,13 +11,17 @@ defmodule Pleroma.Web.Metadata.Providers.Feed do
 
   @impl Provider
   def build_tags(%{user: user}) do
-    [
-      {:link,
-       [
-         rel: "alternate",
-         type: "application/atom+xml",
-         href: Helpers.user_feed_path(Endpoint, :feed, user.nickname) <> ".atom"
-       ], []}
-    ]
+    if Pleroma.Config.get!([:instance, :public]) do
+      [
+        {:link,
+         [
+           rel: "alternate",
+           type: "application/atom+xml",
+           href: Helpers.user_feed_path(Endpoint, :feed, user.nickname) <> ".atom"
+         ], []}
+      ]
+    else
+      []
+    end
   end
 end

test/web/feed/tag_controller_test.exs

@@ -181,4 +181,17 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
              'yeah #PleromaArt'
            ]
   end
+
+  describe "private instance" do
+    setup do: clear_config([:instance, :public])
+
+    test "returns 404 for tags feed", %{conn: conn} do
+      Config.put([:instance, :public], false)
+
+      conn
+      |> put_req_header("accept", "application/rss+xml")
+      |> get(tag_feed_path(conn, :feed, "pleromaart"))
+      |> response(404)
+    end
+  end
 end

test/web/feed/user_controller_test.exs

@@ -246,4 +246,20 @@ defmodule Pleroma.Web.Feed.UserControllerTest do
       assert response == ~S({"error":"Not found"})
     end
   end
+
+  describe "private instance" do
+    setup do: clear_config([:instance, :public])
+
+    test "returns 404 for user feed", %{conn: conn} do
+      Config.put([:instance, :public], false)
+      user = insert(:user)
+
+      {:ok, _} = CommonAPI.post(user, %{status: "test"})
+
+      assert conn
+             |> put_req_header("accept", "application/atom+xml")
+             |> get(user_feed_path(conn, :feed, user.nickname))
+             |> response(404)
+    end
+  end
 end