X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Factivity_pub%2Fmrf%2Fsimple_policy.ex;h=62024c58c90929f9073ef72f00db9e2d0953ac5b;hb=d7c805b0bb59f57f336e610a7e362f6d17c42474;hp=b77b8c7b49eb2254d9fe3612d61d616f819bd214;hpb=992deaa09bea1ed30f5a0e8bc357e27e4fd45be4;p=akkoma
diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
index b77b8c7b4..415c5d2dd 100644
--- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
@@ -1,12 +1,13 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors
+# Copyright © 2017-2021 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
@moduledoc "Filter activities depending on their origin instance"
- @behaviour Pleroma.Web.ActivityPub.MRF
+ @behaviour Pleroma.Web.ActivityPub.MRF.Policy
alias Pleroma.Config
+ alias Pleroma.FollowingRelationship
alias Pleroma.User
alias Pleroma.Web.ActivityPub.MRF
@@ -14,7 +15,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
defp check_accept(%{host: actor_host} = _actor_info, object) do
accepts =
- Config.get([:mrf_simple, :accept])
+ instance_list(:accept)
|> MRF.subdomains_regex()
cond do
@@ -27,7 +28,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
defp check_reject(%{host: actor_host} = _actor_info, object) do
rejects =
- Config.get([:mrf_simple, :reject])
+ instance_list(:reject)
|> MRF.subdomains_regex()
if MRF.subdomain_match?(rejects, actor_host) do
@@ -43,7 +44,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
)
when length(child_attachment) > 0 do
media_removal =
- Config.get([:mrf_simple, :media_removal])
+ instance_list(:media_removal)
|> MRF.subdomains_regex()
object =
@@ -63,19 +64,16 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
%{host: actor_host} = _actor_info,
%{
"type" => "Create",
- "object" => child_object
+ "object" => %{} = _child_object
} = object
) do
media_nsfw =
- Config.get([:mrf_simple, :media_nsfw])
+ instance_list(:media_nsfw)
|> MRF.subdomains_regex()
object =
if MRF.subdomain_match?(media_nsfw, actor_host) do
- tags = (child_object["tag"] || []) ++ ["nsfw"]
- child_object = Map.put(child_object, "tag", tags)
- child_object = Map.put(child_object, "sensitive", true)
- Map.put(object, "object", child_object)
+ Kernel.put_in(object, ["object", "sensitive"], true)
else
object
end
@@ -87,7 +85,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
defp check_ftl_removal(%{host: actor_host} = _actor_info, object) do
timeline_removal =
- Config.get([:mrf_simple, :federated_timeline_removal])
+ instance_list(:federated_timeline_removal)
|> MRF.subdomains_regex()
object =
@@ -108,9 +106,38 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
{:ok, object}
end
+ defp intersection(list1, list2) do
+ list1 -- list1 -- list2
+ end
+
+ defp check_followers_only(%{host: actor_host} = _actor_info, object) do
+ followers_only =
+ instance_list(:followers_only)
+ |> MRF.subdomains_regex()
+
+ object =
+ with true <- MRF.subdomain_match?(followers_only, actor_host),
+ user <- User.get_cached_by_ap_id(object["actor"]) do
+ # Don't use Map.get/3 intentionally, these must not be nil
+ fixed_to = object["to"] || []
+ fixed_cc = object["cc"] || []
+
+ to = FollowingRelationship.followers_ap_ids(user, fixed_to)
+ cc = FollowingRelationship.followers_ap_ids(user, fixed_cc)
+
+ object
+ |> Map.put("to", intersection([user.follower_address | to], fixed_to))
+ |> Map.put("cc", intersection([user.follower_address | cc], fixed_cc))
+ else
+ _ -> object
+ end
+
+ {:ok, object}
+ end
+
defp check_report_removal(%{host: actor_host} = _actor_info, %{"type" => "Flag"} = object) do
report_removal =
- Config.get([:mrf_simple, :report_removal])
+ instance_list(:report_removal)
|> MRF.subdomains_regex()
if MRF.subdomain_match?(report_removal, actor_host) do
@@ -124,7 +151,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
defp check_avatar_removal(%{host: actor_host} = _actor_info, %{"icon" => _icon} = object) do
avatar_removal =
- Config.get([:mrf_simple, :avatar_removal])
+ instance_list(:avatar_removal)
|> MRF.subdomains_regex()
if MRF.subdomain_match?(avatar_removal, actor_host) do
@@ -138,7 +165,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
defp check_banner_removal(%{host: actor_host} = _actor_info, %{"image" => _image} = object) do
banner_removal =
- Config.get([:mrf_simple, :banner_removal])
+ instance_list(:banner_removal)
|> MRF.subdomains_regex()
if MRF.subdomain_match?(banner_removal, actor_host) do
@@ -150,12 +177,25 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
defp check_banner_removal(_actor_info, object), do: {:ok, object}
+ defp check_object(%{"object" => object} = activity) do
+ with {:ok, _object} <- filter(object) do
+ {:ok, activity}
+ end
+ end
+
+ defp check_object(object), do: {:ok, object}
+
+ defp instance_list(config_key) do
+ Config.get([:mrf_simple, config_key])
+ |> MRF.instance_list_from_tuples()
+ end
+
@impl true
def filter(%{"type" => "Delete", "actor" => actor} = object) do
%{host: actor_host} = URI.parse(actor)
reject_deletes =
- Config.get([:mrf_simple, :reject_deletes])
+ instance_list(:reject_deletes)
|> MRF.subdomains_regex()
if MRF.subdomain_match?(reject_deletes, actor_host) do
@@ -174,7 +214,9 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
{:ok, object} <- check_media_removal(actor_info, object),
{:ok, object} <- check_media_nsfw(actor_info, object),
{:ok, object} <- check_ftl_removal(actor_info, object),
- {:ok, object} <- check_report_removal(actor_info, object) do
+ {:ok, object} <- check_followers_only(actor_info, object),
+ {:ok, object} <- check_report_removal(actor_info, object),
+ {:ok, object} <- check_object(object) do
{:ok, object}
else
{:reject, nil} -> {:reject, "[SimplePolicy]"}
@@ -199,17 +241,156 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
end
end
+ def filter(object) when is_binary(object) do
+ uri = URI.parse(object)
+
+ with {:ok, object} <- check_accept(uri, object),
+ {:ok, object} <- check_reject(uri, object) do
+ {:ok, object}
+ else
+ {:reject, nil} -> {:reject, "[SimplePolicy]"}
+ {:reject, _} = e -> e
+ _ -> {:reject, "[SimplePolicy]"}
+ end
+ end
+
def filter(object), do: {:ok, object}
+ defp obfuscate(string) when is_binary(string) do
+ string
+ |> to_charlist()
+ |> Enum.with_index()
+ |> Enum.map(fn
+ {?., _index} ->
+ ?.
+
+ {char, index} ->
+ if 3 <= index && index < String.length(string) - 3, do: ?*, else: char
+ end)
+ |> to_string()
+ end
+
+ defp maybe_obfuscate(host, obfuscations) do
+ if MRF.subdomain_match?(obfuscations, host) do
+ obfuscate(host)
+ else
+ host
+ end
+ end
+
@impl true
def describe do
- exclusions = Config.get([:mrf, :transparency_exclusions])
+ exclusions = Config.get([:mrf, :transparency_exclusions]) |> MRF.instance_list_from_tuples()
- mrf_simple =
+ obfuscations =
+ Config.get([:mrf, :transparency_obfuscate_domains], []) |> MRF.subdomains_regex()
+
+ mrf_simple_excluded =
Config.get(:mrf_simple)
- |> Enum.map(fn {k, v} -> {k, Enum.reject(v, fn v -> v in exclusions end)} end)
- |> Enum.into(%{})
+ |> Enum.map(fn {rule, instances} ->
+ {rule, Enum.reject(instances, fn {host, _} -> host in exclusions end)}
+ end)
- {:ok, %{mrf_simple: mrf_simple}}
+ mrf_simple =
+ mrf_simple_excluded
+ |> Enum.map(fn {rule, instances} ->
+ {rule, Enum.map(instances, fn {host, _} -> maybe_obfuscate(host, obfuscations) end)}
+ end)
+ |> Map.new()
+
+ # This is for backwards compatibility. We originally didn't sent
+ # extra info like a reason why an instance was rejected/quarantined/etc.
+ # Because we didn't want to break backwards compatibility it was decided
+ # to add an extra "info" key.
+ mrf_simple_info =
+ mrf_simple_excluded
+ |> Enum.map(fn {rule, instances} ->
+ {rule, Enum.reject(instances, fn {_, reason} -> reason == "" end)}
+ end)
+ |> Enum.reject(fn {_, instances} -> instances == [] end)
+ |> Enum.map(fn {rule, instances} ->
+ instances =
+ instances
+ |> Enum.map(fn {host, reason} ->
+ {maybe_obfuscate(host, obfuscations), %{"reason" => reason}}
+ end)
+ |> Map.new()
+
+ {rule, instances}
+ end)
+ |> Map.new()
+
+ {:ok, %{mrf_simple: mrf_simple, mrf_simple_info: mrf_simple_info}}
+ end
+
+ @impl true
+ def config_description do
+ %{
+ key: :mrf_simple,
+ related_policy: "Pleroma.Web.ActivityPub.MRF.SimplePolicy",
+ label: "MRF Simple",
+ description: "Simple ingress policies",
+ children:
+ [
+ %{
+ key: :media_removal,
+ description:
+ "List of instances to strip media attachments from and the reason for doing so"
+ },
+ %{
+ key: :media_nsfw,
+ label: "Media NSFW",
+ description:
+ "List of instances to tag all media as NSFW (sensitive) from and the reason for doing so"
+ },
+ %{
+ key: :federated_timeline_removal,
+ description:
+ "List of instances to remove from the Federated (aka The Whole Known Network) Timeline and the reason for doing so"
+ },
+ %{
+ key: :reject,
+ description:
+ "List of instances to reject activities from (except deletes) and the reason for doing so"
+ },
+ %{
+ key: :accept,
+ description:
+ "List of instances to only accept activities from (except deletes) and the reason for doing so"
+ },
+ %{
+ key: :followers_only,
+ description:
+ "Force posts from the given instances to be visible by followers only and the reason for doing so"
+ },
+ %{
+ key: :report_removal,
+ description: "List of instances to reject reports from and the reason for doing so"
+ },
+ %{
+ key: :avatar_removal,
+ description: "List of instances to strip avatars from and the reason for doing so"
+ },
+ %{
+ key: :banner_removal,
+ description: "List of instances to strip banners from and the reason for doing so"
+ },
+ %{
+ key: :reject_deletes,
+ description: "List of instances to reject deletions from and the reason for doing so"
+ }
+ ]
+ |> Enum.map(fn setting ->
+ Map.merge(
+ setting,
+ %{
+ type: {:list, :tuple},
+ key_placeholder: "instance",
+ value_placeholder: "reason",
+ suggestions: [{"example.com", "Some reason"}, {"*.example.com", "Another reason"}]
+ }
+ )
+ end)
+ }
end
end