Don't create embeds of profiles/posts from users who ask not to be sh… (#2189)

* Don't create embeds of profiles/posts from users who ask not to be shown in public views

* Formatting cleanup

* Bump workflow file to build an image for this branch

.github/workflows/build-and-push-bskyweb-aws.yaml

@@ -4,6 +4,7 @@ on:
     branches:
       - main
       - traffic-reduction
+      - respect-optout-for-embeds
 env:
   REGISTRY: ${{ secrets.AWS_ECR_REGISTRY_USEAST2_PACKAGES_REGISTRY }}
   USERNAME: ${{ secrets.AWS_ECR_REGISTRY_USEAST2_PACKAGES_USERNAME }}

bskyweb/cmd/bskyweb/server.go

@@ -296,6 +296,14 @@ func (srv *Server) WebPost(c echo.Context) error {
 		if err != nil {
 			log.Warnf("failed to fetch handle: %s\t%v", handle, err)
 		} else {
+			unauthedViewingOkay := true
+			for _, label := range pv.Labels {
+				if label.Src == pv.Did && label.Val == "!no-unauthenticated" {
+					unauthedViewingOkay = false
+				}
+			}
+
+			if unauthedViewingOkay {
 				did := pv.Did
 				data["did"] = did
 
@@ -314,6 +322,7 @@ func (srv *Server) WebPost(c echo.Context) error {
 					}
 				}
 			}
+		}
 
 	}
 	return c.Render(http.StatusOK, "post.html", data)
@@ -329,11 +338,19 @@ func (srv *Server) WebProfile(c echo.Context) error {
 		if err != nil {
 			log.Warnf("failed to fetch handle: %s\t%v", handle, err)
 		} else {
+			unauthedViewingOkay := true
+			for _, label := range pv.Labels {
+				if label.Src == pv.Did && label.Val == "!no-unauthenticated" {
+					unauthedViewingOkay = false
+				}
+			}
+			if unauthedViewingOkay {
 				req := c.Request()
 				data["profileView"] = pv
 				data["requestURI"] = fmt.Sprintf("https://%s%s", req.Host, req.URL.Path)
 			}
 		}
+	}
 
 	return c.Render(http.StatusOK, "profile.html", data)
 }