From 54cbeeac3a2778738c2416054c5ecfee884b774e Mon Sep 17 00:00:00 2001
From: Alishan Ladhani <8869764+aladh@users.noreply.github.com>
Date: Sat, 2 Sep 2023 12:14:54 -0400
Subject: [PATCH 1/3] Prevent unauthorized access to feeds with a single
 subscriber

Fixes https://github.com/samuelclay/NewsBlur/issues/1793
---
 apps/reader/views.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/reader/views.py b/apps/reader/views.py
index 557c9e27d..030a5e3da 100644
--- a/apps/reader/views.py
+++ b/apps/reader/views.py
@@ -671,6 +671,10 @@ def load_single_feed(request, feed_id):
     if feed.is_newsletter and not usersub:
         # User must be subscribed to a newsletter in order to read it
         raise Http404
+
+    if feed.num_subscribers = 1 and not usersub:
+        # This feed could be private so user must be subscribed in order to read it
+        raise Http404
     
     if page > 400:
         logging.user(request, "~BR~FK~SBOver page 400 on single feed: %s" % page)

From ed1a2c40eb56b5cd72d4b95d05d32e08ec3c9cf6 Mon Sep 17 00:00:00 2001
From: Samuel Clay <samuel@ofbrooklyn.com>
Date: Tue, 7 Nov 2023 20:39:57 -0500
Subject: [PATCH 2/3] Fixing logic error in PR #1817

---
 apps/reader/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/reader/views.py b/apps/reader/views.py
index 030a5e3da..d7b0b3c94 100644
--- a/apps/reader/views.py
+++ b/apps/reader/views.py
@@ -672,7 +672,7 @@ def load_single_feed(request, feed_id):
         # User must be subscribed to a newsletter in order to read it
         raise Http404
 
-    if feed.num_subscribers = 1 and not usersub:
+    if feed.num_subscribers == 1 and not usersub and not user.is_staff:
         # This feed could be private so user must be subscribed in order to read it
         raise Http404
     

From 1f74f1a09f4777fbd9e7b48b4b42c11c58d5b8ee Mon Sep 17 00:00:00 2001
From: Samuel Clay <samuel@ofbrooklyn.com>
Date: Fri, 10 Nov 2023 17:14:09 -0500
Subject: [PATCH 3/3] Moving favicon servers in haproxy

---
 docker/haproxy/haproxy.consul.cfg.j2 | 5 ++++-
 docker/newsblur_deploy.Dockerfile    | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/docker/haproxy/haproxy.consul.cfg.j2 b/docker/haproxy/haproxy.consul.cfg.j2
index c7d3148c6..f3898af0d 100644
--- a/docker/haproxy/haproxy.consul.cfg.j2
+++ b/docker/haproxy/haproxy.consul.cfg.j2
@@ -178,7 +178,10 @@ backend node_favicons
     http-check expect rstatus 200|503
     option httpchk GET /rss_feeds/icon/1
     balance roundrobin
-    server-template node-favicons 1 _node-favicons._tcp.service.nyc1.consul:8008 check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
+    default-server check inter 2000ms resolvers consul resolve-prefer ipv4 resolve-opts allow-dup-ip init-addr none
+    {% for host in groups.node_favicons %}
+        server {{host}} {{host}}.node.nyc1.consul:8008
+    {% endfor %}
 
 backend node_text
     http-check expect rstatus 200|503
diff --git a/docker/newsblur_deploy.Dockerfile b/docker/newsblur_deploy.Dockerfile
index e1b943508..903e7a877 100644
--- a/docker/newsblur_deploy.Dockerfile
+++ b/docker/newsblur_deploy.Dockerfile
@@ -6,7 +6,7 @@ RUN apt install -y curl
 
 # Install Java
 # Install OpenJDK-11
-RUN apt install -y openjdk-11-jre-headless
+RUN apt install -y default-jre
 ENV JAVA_HOME /usr/lib/jvm/java-11-openjdk-amd64/
 RUN export JAVA_HOME
 WORKDIR /tmp