git.squeep.com Git - akkoma/blob - lib/pleroma/web/activity_pub/mrf/simple_policy.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
   6   @moduledoc "Filter activities depending on their origin instance"
   7   @behaviour Pleroma.Web.ActivityPub.MRF.Policy
   8
   9   alias Pleroma.Config
  10   alias Pleroma.FollowingRelationship
  11   alias Pleroma.User
  12   alias Pleroma.Web.ActivityPub.MRF
  13
  14   require Pleroma.Constants
  15
  16   defp check_accept(%{host: actor_host} = _actor_info, object) do
  17     accepts =
  18       instance_list(:accept)
  19       |> MRF.subdomains_regex()
  20
  21     cond do
  22       accepts == [] -> {:ok, object}
  23       actor_host == Config.get([Pleroma.Web.Endpoint, :url, :host]) -> {:ok, object}
  24       MRF.subdomain_match?(accepts, actor_host) -> {:ok, object}
  25       true -> {:reject, "[SimplePolicy] host not in accept list"}
  26     end
  27   end
  28
  29   defp check_reject(%{host: actor_host} = _actor_info, object) do
  30     rejects =
  31       instance_list(:reject)
  32       |> MRF.subdomains_regex()
  33
  34     if MRF.subdomain_match?(rejects, actor_host) do
  35       {:reject, "[SimplePolicy] host in reject list"}
  36     else
  37       {:ok, object}
  38     end
  39   end
  40
  41   defp check_media_removal(
  42          %{host: actor_host} = _actor_info,
  43          %{"type" => "Create", "object" => %{"attachment" => child_attachment}} = object
  44        )
  45        when length(child_attachment) > 0 do
  46     media_removal =
  47       instance_list(:media_removal)
  48       |> MRF.subdomains_regex()
  49
  50     object =
  51       if MRF.subdomain_match?(media_removal, actor_host) do
  52         child_object = Map.delete(object["object"], "attachment")
  53         Map.put(object, "object", child_object)
  54       else
  55         object
  56       end
  57
  58     {:ok, object}
  59   end
  60
  61   defp check_media_removal(_actor_info, object), do: {:ok, object}
  62
  63   defp check_media_nsfw(
  64          %{host: actor_host} = _actor_info,
  65          %{
  66            "type" => "Create",
  67            "object" => %{} = _child_object
  68          } = object
  69        ) do
  70     media_nsfw =
  71       instance_list(:media_nsfw)
  72       |> MRF.subdomains_regex()
  73
  74     object =
  75       if MRF.subdomain_match?(media_nsfw, actor_host) do
  76         Kernel.put_in(object, ["object", "sensitive"], true)
  77       else
  78         object
  79       end
  80
  81     {:ok, object}
  82   end
  83
  84   defp check_media_nsfw(_actor_info, object), do: {:ok, object}
  85
  86   defp check_ftl_removal(%{host: actor_host} = _actor_info, object) do
  87     timeline_removal =
  88       instance_list(:federated_timeline_removal)
  89       |> MRF.subdomains_regex()
  90
  91     object =
  92       with true <- MRF.subdomain_match?(timeline_removal, actor_host),
  93            user <- User.get_cached_by_ap_id(object["actor"]),
  94            true <- Pleroma.Constants.as_public() in object["to"] do
  95         to = List.delete(object["to"], Pleroma.Constants.as_public()) ++ [user.follower_address]
  96
  97         cc = List.delete(object["cc"], user.follower_address) ++ [Pleroma.Constants.as_public()]
  98
  99         object
 100         |> Map.put("to", to)
 101         |> Map.put("cc", cc)
 102       else
 103         _ -> object
 104       end
 105
 106     {:ok, object}
 107   end
 108
 109   defp intersection(list1, list2) do
 110     list1 -- list1 -- list2
 111   end
 112
 113   defp check_followers_only(%{host: actor_host} = _actor_info, object) do
 114     followers_only =
 115       instance_list(:followers_only)
 116       |> MRF.subdomains_regex()
 117
 118     object =
 119       with true <- MRF.subdomain_match?(followers_only, actor_host),
 120            user <- User.get_cached_by_ap_id(object["actor"]) do
 121         # Don't use Map.get/3 intentionally, these must not be nil
 122         fixed_to = object["to"] || []
 123         fixed_cc = object["cc"] || []
 124
 125         to = FollowingRelationship.followers_ap_ids(user, fixed_to)
 126         cc = FollowingRelationship.followers_ap_ids(user, fixed_cc)
 127
 128         object
 129         |> Map.put("to", intersection([user.follower_address | to], fixed_to))
 130         |> Map.put("cc", intersection([user.follower_address | cc], fixed_cc))
 131       else
 132         _ -> object
 133       end
 134
 135     {:ok, object}
 136   end
 137
 138   defp check_report_removal(%{host: actor_host} = _actor_info, %{"type" => "Flag"} = object) do
 139     report_removal =
 140       instance_list(:report_removal)
 141       |> MRF.subdomains_regex()
 142
 143     if MRF.subdomain_match?(report_removal, actor_host) do
 144       {:reject, "[SimplePolicy] host in report_removal list"}
 145     else
 146       {:ok, object}
 147     end
 148   end
 149
 150   defp check_report_removal(_actor_info, object), do: {:ok, object}
 151
 152   defp check_avatar_removal(%{host: actor_host} = _actor_info, %{"icon" => _icon} = object) do
 153     avatar_removal =
 154       instance_list(:avatar_removal)
 155       |> MRF.subdomains_regex()
 156
 157     if MRF.subdomain_match?(avatar_removal, actor_host) do
 158       {:ok, Map.delete(object, "icon")}
 159     else
 160       {:ok, object}
 161     end
 162   end
 163
 164   defp check_avatar_removal(_actor_info, object), do: {:ok, object}
 165
 166   defp check_banner_removal(%{host: actor_host} = _actor_info, %{"image" => _image} = object) do
 167     banner_removal =
 168       instance_list(:banner_removal)
 169       |> MRF.subdomains_regex()
 170
 171     if MRF.subdomain_match?(banner_removal, actor_host) do
 172       {:ok, Map.delete(object, "image")}
 173     else
 174       {:ok, object}
 175     end
 176   end
 177
 178   defp check_banner_removal(_actor_info, object), do: {:ok, object}
 179
 180   defp check_object(%{"object" => object} = activity) do
 181     with {:ok, _object} <- filter(object) do
 182       {:ok, activity}
 183     end
 184   end
 185
 186   defp check_object(object), do: {:ok, object}
 187
 188   defp instance_list(config_key) do
 189     Config.get([:mrf_simple, config_key])
 190     |> MRF.instance_list_from_tuples()
 191   end
 192
 193   @impl true
 194   def filter(%{"type" => "Delete", "actor" => actor} = object) do
 195     %{host: actor_host} = URI.parse(actor)
 196
 197     reject_deletes =
 198       instance_list(:reject_deletes)
 199       |> MRF.subdomains_regex()
 200
 201     if MRF.subdomain_match?(reject_deletes, actor_host) do
 202       {:reject, "[SimplePolicy] host in reject_deletes list"}
 203     else
 204       {:ok, object}
 205     end
 206   end
 207
 208   @impl true
 209   def filter(%{"actor" => actor} = object) do
 210     actor_info = URI.parse(actor)
 211
 212     with {:ok, object} <- check_accept(actor_info, object),
 213          {:ok, object} <- check_reject(actor_info, object),
 214          {:ok, object} <- check_media_removal(actor_info, object),
 215          {:ok, object} <- check_media_nsfw(actor_info, object),
 216          {:ok, object} <- check_ftl_removal(actor_info, object),
 217          {:ok, object} <- check_followers_only(actor_info, object),
 218          {:ok, object} <- check_report_removal(actor_info, object),
 219          {:ok, object} <- check_object(object) do
 220       {:ok, object}
 221     else
 222       {:reject, nil} -> {:reject, "[SimplePolicy]"}
 223       {:reject, _} = e -> e
 224       _ -> {:reject, "[SimplePolicy]"}
 225     end
 226   end
 227
 228   def filter(%{"id" => actor, "type" => obj_type} = object)
 229       when obj_type in ["Application", "Group", "Organization", "Person", "Service"] do
 230     actor_info = URI.parse(actor)
 231
 232     with {:ok, object} <- check_accept(actor_info, object),
 233          {:ok, object} <- check_reject(actor_info, object),
 234          {:ok, object} <- check_avatar_removal(actor_info, object),
 235          {:ok, object} <- check_banner_removal(actor_info, object) do
 236       {:ok, object}
 237     else
 238       {:reject, nil} -> {:reject, "[SimplePolicy]"}
 239       {:reject, _} = e -> e
 240       _ -> {:reject, "[SimplePolicy]"}
 241     end
 242   end
 243
 244   def filter(object) when is_binary(object) do
 245     uri = URI.parse(object)
 246
 247     with {:ok, object} <- check_accept(uri, object),
 248          {:ok, object} <- check_reject(uri, object) do
 249       {:ok, object}
 250     else
 251       {:reject, nil} -> {:reject, "[SimplePolicy]"}
 252       {:reject, _} = e -> e
 253       _ -> {:reject, "[SimplePolicy]"}
 254     end
 255   end
 256
 257   def filter(object), do: {:ok, object}
 258
 259   @impl true
 260   def describe do
 261     exclusions = Config.get([:mrf, :transparency_exclusions]) |> MRF.instance_list_from_tuples()
 262
 263     mrf_simple_excluded =
 264       Config.get(:mrf_simple)
 265       |> Enum.map(fn {rule, instances} ->
 266         {rule, Enum.reject(instances, fn {host, _} -> host in exclusions end)}
 267       end)
 268
 269     mrf_simple =
 270       mrf_simple_excluded
 271       |> Enum.map(fn {rule, instances} ->
 272         {rule, Enum.map(instances, fn {host, _} -> host end)}
 273       end)
 274       |> Map.new()
 275
 276     # This is for backwards compatibility. We originally didn't sent
 277     # extra info like a reason why an instance was rejected/quarantined/etc.
 278     # Because we didn't want to break backwards compatibility it was decided
 279     # to add an extra "info" key.
 280     mrf_simple_info =
 281       mrf_simple_excluded
 282       |> Enum.map(fn {rule, instances} ->
 283         {rule, Enum.reject(instances, fn {_, reason} -> reason == "" end)}
 284       end)
 285       |> Enum.reject(fn {_, instances} -> instances == [] end)
 286       |> Enum.map(fn {rule, instances} ->
 287         instances =
 288           instances
 289           |> Enum.map(fn {host, reason} -> {host, %{"reason" => reason}} end)
 290           |> Map.new()
 291
 292         {rule, instances}
 293       end)
 294       |> Map.new()
 295
 296     {:ok, %{mrf_simple: mrf_simple, mrf_simple_info: mrf_simple_info}}
 297   end
 298
 299   @impl true
 300   def config_description do
 301     %{
 302       key: :mrf_simple,
 303       related_policy: "Pleroma.Web.ActivityPub.MRF.SimplePolicy",
 304       label: "MRF Simple",
 305       description: "Simple ingress policies",
 306       children:
 307         [
 308           %{
 309             key: :media_removal,
 310             description:
 311               "List of instances to strip media attachments from and the reason for doing so"
 312           },
 313           %{
 314             key: :media_nsfw,
 315             label: "Media NSFW",
 316             description:
 317               "List of instances to tag all media as NSFW (sensitive) from and the reason for doing so"
 318           },
 319           %{
 320             key: :federated_timeline_removal,
 321             description:
 322               "List of instances to remove from the Federated (aka The Whole Known Network) Timeline and the reason for doing so"
 323           },
 324           %{
 325             key: :reject,
 326             description:
 327               "List of instances to reject activities from (except deletes) and the reason for doing so"
 328           },
 329           %{
 330             key: :accept,
 331             description:
 332               "List of instances to only accept activities from (except deletes) and the reason for doing so"
 333           },
 334           %{
 335             key: :followers_only,
 336             description:
 337               "Force posts from the given instances to be visible by followers only and the reason for doing so"
 338           },
 339           %{
 340             key: :report_removal,
 341             description: "List of instances to reject reports from and the reason for doing so"
 342           },
 343           %{
 344             key: :avatar_removal,
 345             description: "List of instances to strip avatars from and the reason for doing so"
 346           },
 347           %{
 348             key: :banner_removal,
 349             description: "List of instances to strip banners from and the reason for doing so"
 350           },
 351           %{
 352             key: :reject_deletes,
 353             description: "List of instances to reject deletions from and the reason for doing so"
 354           }
 355         ]
 356         |> Enum.map(fn setting ->
 357           Map.merge(
 358             setting,
 359             %{
 360               type: {:list, :tuple},
 361               key_placeholder: "instance",
 362               value_placeholder: "reason",
 363               suggestions: [{"example.com", "Some reason"}, {"*.example.com", "Another reason"}]
 364             }
 365           )
 366         end)
 367     }
 368   end
 369 end