Merge remote-tracking branch 'origin/develop' into fork
This commit is contained in:
commit
34293e1780
9 changed files with 52 additions and 4 deletions
|
@ -1,7 +1,8 @@
|
||||||
|
# https://hub.docker.com/r/hexpm/elixir/tags
|
||||||
ARG ELIXIR_IMG=hexpm/elixir
|
ARG ELIXIR_IMG=hexpm/elixir
|
||||||
ARG ELIXIR_VER=1.13.4
|
ARG ELIXIR_VER=1.14.5
|
||||||
ARG ERLANG_VER=24.3.4.15
|
ARG ERLANG_VER=25.3.2.14
|
||||||
ARG ALPINE_VER=3.17.5
|
ARG ALPINE_VER=3.17.9
|
||||||
|
|
||||||
FROM ${ELIXIR_IMG}:${ELIXIR_VER}-erlang-${ERLANG_VER}-alpine-${ALPINE_VER} as build
|
FROM ${ELIXIR_IMG}:${ELIXIR_VER}-erlang-${ERLANG_VER}-alpine-${ALPINE_VER} as build
|
||||||
|
|
||||||
|
|
0
changelog.d/elixir-1.14-docker.skip
Normal file
0
changelog.d/elixir-1.14-docker.skip
Normal file
1
changelog.d/mrf-id_filter.add
Normal file
1
changelog.d/mrf-id_filter.add
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add `id_filter` to MRF to filter URLs and their domain prior to fetching
|
|
@ -145,6 +145,7 @@ def fetch_and_contain_remote_object_from_id(id) when is_binary(id) do
|
||||||
Logger.debug("Fetching object #{id} via AP")
|
Logger.debug("Fetching object #{id} via AP")
|
||||||
|
|
||||||
with {:scheme, true} <- {:scheme, String.starts_with?(id, "http")},
|
with {:scheme, true} <- {:scheme, String.starts_with?(id, "http")},
|
||||||
|
{_, true} <- {:mrf, MRF.id_filter(id)},
|
||||||
{:ok, body} <- get_object(id),
|
{:ok, body} <- get_object(id),
|
||||||
{:ok, data} <- safe_json_decode(body),
|
{:ok, data} <- safe_json_decode(body),
|
||||||
:ok <- Containment.contain_origin_from_id(id, data) do
|
:ok <- Containment.contain_origin_from_id(id, data) do
|
||||||
|
@ -160,6 +161,9 @@ def fetch_and_contain_remote_object_from_id(id) when is_binary(id) do
|
||||||
{:error, e} ->
|
{:error, e} ->
|
||||||
{:error, e}
|
{:error, e}
|
||||||
|
|
||||||
|
{:mrf, false} ->
|
||||||
|
{:error, {:reject, "Filtered by id"}}
|
||||||
|
|
||||||
e ->
|
e ->
|
||||||
{:error, e}
|
{:error, e}
|
||||||
end
|
end
|
||||||
|
|
|
@ -109,6 +109,14 @@ def filter(policies, %{} = message) do
|
||||||
|
|
||||||
def filter(%{} = object), do: get_policies() |> filter(object)
|
def filter(%{} = object), do: get_policies() |> filter(object)
|
||||||
|
|
||||||
|
def id_filter(policies, id) when is_binary(id) do
|
||||||
|
policies
|
||||||
|
|> Enum.filter(&function_exported?(&1, :id_filter, 1))
|
||||||
|
|> Enum.all?(& &1.id_filter(id))
|
||||||
|
end
|
||||||
|
|
||||||
|
def id_filter(id) when is_binary(id), do: get_policies() |> id_filter(id)
|
||||||
|
|
||||||
@impl true
|
@impl true
|
||||||
def pipeline_filter(%{} = message, meta) do
|
def pipeline_filter(%{} = message, meta) do
|
||||||
object = meta[:object_data]
|
object = meta[:object_data]
|
||||||
|
|
|
@ -13,6 +13,12 @@ def filter(activity) do
|
||||||
{:reject, activity}
|
{:reject, activity}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@impl true
|
||||||
|
def id_filter(id) do
|
||||||
|
Logger.debug("REJECTING #{id}")
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
@impl true
|
@impl true
|
||||||
def describe, do: {:ok, %{}}
|
def describe, do: {:ok, %{}}
|
||||||
end
|
end
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
|
|
||||||
defmodule Pleroma.Web.ActivityPub.MRF.Policy do
|
defmodule Pleroma.Web.ActivityPub.MRF.Policy do
|
||||||
@callback filter(Pleroma.Activity.t()) :: {:ok | :reject, Pleroma.Activity.t()}
|
@callback filter(Pleroma.Activity.t()) :: {:ok | :reject, Pleroma.Activity.t()}
|
||||||
|
@callback id_filter(String.t()) :: boolean()
|
||||||
@callback describe() :: {:ok | :error, map()}
|
@callback describe() :: {:ok | :error, map()}
|
||||||
@callback config_description() :: %{
|
@callback config_description() :: %{
|
||||||
optional(:children) => [map()],
|
optional(:children) => [map()],
|
||||||
|
@ -13,5 +14,5 @@ defmodule Pleroma.Web.ActivityPub.MRF.Policy do
|
||||||
description: String.t()
|
description: String.t()
|
||||||
}
|
}
|
||||||
@callback history_awareness() :: :auto | :manual
|
@callback history_awareness() :: :auto | :manual
|
||||||
@optional_callbacks config_description: 0, history_awareness: 0
|
@optional_callbacks config_description: 0, history_awareness: 0, id_filter: 1
|
||||||
end
|
end
|
||||||
|
|
|
@ -191,6 +191,18 @@ defp instance_list(config_key) do
|
||||||
|> MRF.instance_list_from_tuples()
|
|> MRF.instance_list_from_tuples()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@impl true
|
||||||
|
def id_filter(id) do
|
||||||
|
host_info = URI.parse(id)
|
||||||
|
|
||||||
|
with {:ok, _} <- check_accept(host_info, %{}),
|
||||||
|
{:ok, _} <- check_reject(host_info, %{}) do
|
||||||
|
true
|
||||||
|
else
|
||||||
|
_ -> false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
@impl true
|
@impl true
|
||||||
def filter(%{"type" => "Delete", "actor" => actor} = activity) do
|
def filter(%{"type" => "Delete", "actor" => actor} = activity) do
|
||||||
%{host: actor_host} = URI.parse(actor)
|
%{host: actor_host} = URI.parse(actor)
|
||||||
|
|
|
@ -252,6 +252,7 @@ test "is empty" do
|
||||||
remote_message = build_remote_message()
|
remote_message = build_remote_message()
|
||||||
|
|
||||||
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
||||||
|
assert SimplePolicy.id_filter(remote_message["actor"])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "activity has a matching host" do
|
test "activity has a matching host" do
|
||||||
|
@ -260,6 +261,7 @@ test "activity has a matching host" do
|
||||||
remote_message = build_remote_message()
|
remote_message = build_remote_message()
|
||||||
|
|
||||||
assert {:reject, _} = SimplePolicy.filter(remote_message)
|
assert {:reject, _} = SimplePolicy.filter(remote_message)
|
||||||
|
refute SimplePolicy.id_filter(remote_message["actor"])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "activity matches with wildcard domain" do
|
test "activity matches with wildcard domain" do
|
||||||
|
@ -268,6 +270,7 @@ test "activity matches with wildcard domain" do
|
||||||
remote_message = build_remote_message()
|
remote_message = build_remote_message()
|
||||||
|
|
||||||
assert {:reject, _} = SimplePolicy.filter(remote_message)
|
assert {:reject, _} = SimplePolicy.filter(remote_message)
|
||||||
|
refute SimplePolicy.id_filter(remote_message["actor"])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "actor has a matching host" do
|
test "actor has a matching host" do
|
||||||
|
@ -276,6 +279,7 @@ test "actor has a matching host" do
|
||||||
remote_user = build_remote_user()
|
remote_user = build_remote_user()
|
||||||
|
|
||||||
assert {:reject, _} = SimplePolicy.filter(remote_user)
|
assert {:reject, _} = SimplePolicy.filter(remote_user)
|
||||||
|
refute SimplePolicy.id_filter(remote_user["id"])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "reject Announce when object would be rejected" do
|
test "reject Announce when object would be rejected" do
|
||||||
|
@ -288,6 +292,7 @@ test "reject Announce when object would be rejected" do
|
||||||
}
|
}
|
||||||
|
|
||||||
assert {:reject, _} = SimplePolicy.filter(announce)
|
assert {:reject, _} = SimplePolicy.filter(announce)
|
||||||
|
# Note: Non-Applicable for id_filter/1
|
||||||
end
|
end
|
||||||
|
|
||||||
test "reject by URI object" do
|
test "reject by URI object" do
|
||||||
|
@ -300,6 +305,7 @@ test "reject by URI object" do
|
||||||
}
|
}
|
||||||
|
|
||||||
assert {:reject, _} = SimplePolicy.filter(announce)
|
assert {:reject, _} = SimplePolicy.filter(announce)
|
||||||
|
# Note: Non-Applicable for id_filter/1
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -370,6 +376,8 @@ test "is empty" do
|
||||||
|
|
||||||
assert SimplePolicy.filter(local_message) == {:ok, local_message}
|
assert SimplePolicy.filter(local_message) == {:ok, local_message}
|
||||||
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
||||||
|
assert SimplePolicy.id_filter(local_message["actor"])
|
||||||
|
assert SimplePolicy.id_filter(remote_message["actor"])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "is not empty but activity doesn't have a matching host" do
|
test "is not empty but activity doesn't have a matching host" do
|
||||||
|
@ -380,6 +388,8 @@ test "is not empty but activity doesn't have a matching host" do
|
||||||
|
|
||||||
assert SimplePolicy.filter(local_message) == {:ok, local_message}
|
assert SimplePolicy.filter(local_message) == {:ok, local_message}
|
||||||
assert {:reject, _} = SimplePolicy.filter(remote_message)
|
assert {:reject, _} = SimplePolicy.filter(remote_message)
|
||||||
|
assert SimplePolicy.id_filter(local_message["actor"])
|
||||||
|
refute SimplePolicy.id_filter(remote_message["actor"])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "activity has a matching host" do
|
test "activity has a matching host" do
|
||||||
|
@ -390,6 +400,8 @@ test "activity has a matching host" do
|
||||||
|
|
||||||
assert SimplePolicy.filter(local_message) == {:ok, local_message}
|
assert SimplePolicy.filter(local_message) == {:ok, local_message}
|
||||||
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
||||||
|
assert SimplePolicy.id_filter(local_message["actor"])
|
||||||
|
assert SimplePolicy.id_filter(remote_message["actor"])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "activity matches with wildcard domain" do
|
test "activity matches with wildcard domain" do
|
||||||
|
@ -400,6 +412,8 @@ test "activity matches with wildcard domain" do
|
||||||
|
|
||||||
assert SimplePolicy.filter(local_message) == {:ok, local_message}
|
assert SimplePolicy.filter(local_message) == {:ok, local_message}
|
||||||
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
|
||||||
|
assert SimplePolicy.id_filter(local_message["actor"])
|
||||||
|
assert SimplePolicy.id_filter(remote_message["actor"])
|
||||||
end
|
end
|
||||||
|
|
||||||
test "actor has a matching host" do
|
test "actor has a matching host" do
|
||||||
|
@ -408,6 +422,7 @@ test "actor has a matching host" do
|
||||||
remote_user = build_remote_user()
|
remote_user = build_remote_user()
|
||||||
|
|
||||||
assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
|
assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
|
||||||
|
assert SimplePolicy.id_filter(remote_user["id"])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue