Allow admins to switch between blacklisting and whitelisting domains
This includes the migrations and necessary configuration setting to enable it. This does not include any admin UI for making these changes. add silence to domain_whitelist for about/more Fix WhitelistDomainService Update Domain Whitelisting to static methods fix missing uses of AllowDomainService temp whitelist fixing Fix default domain allow severity always being :enable update for ActivityPub some whitelisting fixing Fix silencing new users for whitelisted domains with :silence Fix silence detection For whatever reason, :silence is returning as "silence" so now we check for both.master
parent
fcb527cdd6
commit
49e4db9755
|
@ -0,0 +1,14 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class Admin::DomainWhitelistController < ApplicationController
|
||||
before_action :require_admin!
|
||||
|
||||
layout 'admin'
|
||||
|
||||
def index
|
||||
@unblocks = DomainWhitelist.paginate(page: params[:page], per_page: 40)
|
||||
end
|
||||
|
||||
def create
|
||||
end
|
||||
end
|
|
@ -0,0 +1,4 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Admin::DomainWhitelistHelper
|
||||
end
|
|
@ -6,6 +6,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
|
|||
|
||||
def perform
|
||||
return if delete_arrived_first?(object_uri) || unsupported_object_type? || invalid_origin?(@object['id'])
|
||||
return if AllowDomainService.blocked?(@account.domain)
|
||||
|
||||
RedisLock.acquire(lock_options) do |lock|
|
||||
if lock.acquired?
|
||||
|
@ -249,7 +250,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
|
|||
|
||||
def skip_download?
|
||||
return @skip_download if defined?(@skip_download)
|
||||
@skip_download ||= DomainBlock.find_by(domain: @account.domain)&.reject_media?
|
||||
@skip_download ||= AllowDomainService.reject_media?(@account.domain)
|
||||
end
|
||||
|
||||
def invalid_origin?(url)
|
||||
|
|
|
@ -148,7 +148,7 @@ class OStatus::Activity::Creation < OStatus::Activity::Base
|
|||
end
|
||||
|
||||
def save_media
|
||||
do_not_download = DomainBlock.find_by(domain: @account.domain)&.reject_media?
|
||||
do_not_download = AllowDomainService.reject_media?(@account.domain)
|
||||
media_attachments = []
|
||||
|
||||
@xml.xpath('./xmlns:link[@rel="enclosure"]', xmlns: OStatus::TagManager::XMLNS).each do |link|
|
||||
|
@ -176,7 +176,7 @@ class OStatus::Activity::Creation < OStatus::Activity::Base
|
|||
end
|
||||
|
||||
def save_emojis(parent)
|
||||
do_not_download = DomainBlock.find_by(domain: parent.account.domain)&.reject_media?
|
||||
do_not_download = AllowDomainService.reject_media?(parent.account.domain)
|
||||
|
||||
return if do_not_download
|
||||
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class DomainWhitelist < ApplicationRecord
|
||||
enum severity: [:silence, :enable]
|
||||
|
||||
def self.enabled?
|
||||
return Setting.where(var: 'whitelist_enabled').first_or_initialize(var: 'whitelist_enabled', value: false)
|
||||
end
|
||||
|
||||
validates :domain, presence: true, uniqueness: true
|
||||
|
||||
def self.blocked?(domain)
|
||||
!where(domain: domain).exists?
|
||||
end
|
||||
|
||||
def self.silenced?(domain)
|
||||
whitelist = where(domain: domain)
|
||||
whitelist.exists? && whitelist[0].severity == :silence
|
||||
end
|
||||
|
||||
before_validation :normalize_domain
|
||||
|
||||
private
|
||||
|
||||
def normalize_domain
|
||||
self.domain = TagManager.instance.normalize_domain(domain)
|
||||
end
|
||||
end
|
|
@ -180,20 +180,15 @@ class ActivityPub::ProcessAccountService < BaseService
|
|||
end
|
||||
|
||||
def skip_download?
|
||||
@account.suspended? || domain_block&.reject_media?
|
||||
@account.suspended? || AllowDomainService.reject_media?(@domain)
|
||||
end
|
||||
|
||||
def auto_suspend?
|
||||
domain_block&.suspend?
|
||||
AllowDomainService.blocked?(@domain)
|
||||
end
|
||||
|
||||
def auto_silence?
|
||||
domain_block&.silence?
|
||||
end
|
||||
|
||||
def domain_block
|
||||
return @domain_block if defined?(@domain_block)
|
||||
@domain_block = DomainBlock.find_by(domain: @domain)
|
||||
AllowDomainService.silenced?(@domain)
|
||||
end
|
||||
|
||||
def key_changed?
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AllowDomainService < BaseService
|
||||
def self.default_allow
|
||||
return :suspend if DomainWhitelist.enabled?
|
||||
:enable
|
||||
end
|
||||
|
||||
def self.record_type
|
||||
if DomainWhitelist.enabled?
|
||||
DomainWhitelist
|
||||
else
|
||||
DomainBlock
|
||||
end
|
||||
end
|
||||
|
||||
def self.call(domain)
|
||||
return true if domain.nil?
|
||||
domain = self.record_type.find_by(domain: domain)
|
||||
return self.default_allow if domain.nil?
|
||||
return domain.severity
|
||||
end
|
||||
|
||||
def self.blocked?(domain)
|
||||
return self.call(domain) == :suspend
|
||||
end
|
||||
|
||||
def self.silenced?(domain)
|
||||
sev = self.call(domain)
|
||||
return sev == :silence || sev == "silence"
|
||||
end
|
||||
|
||||
def self.reject_media?(domain)
|
||||
domain = self.record_type.find_by(domain: domain)
|
||||
!domain.nil? && domain.reject_media?
|
||||
end
|
||||
|
||||
end
|
|
@ -54,7 +54,7 @@ class Pubsubhubbub::SubscribeService < BaseService
|
|||
end
|
||||
|
||||
def blocked_domain?
|
||||
DomainBlock.blocked? Addressable::URI.parse(callback).host
|
||||
AllowDomainService.blocked?(Addressable::URI.parse(callback).host)
|
||||
end
|
||||
|
||||
def locate_subscription
|
||||
|
|
|
@ -126,16 +126,11 @@ class ResolveAccountService < BaseService
|
|||
end
|
||||
|
||||
def auto_suspend?
|
||||
domain_block&.suspend?
|
||||
AllowDomainService.blocked?(@domain)
|
||||
end
|
||||
|
||||
def auto_silence?
|
||||
domain_block&.silence?
|
||||
end
|
||||
|
||||
def domain_block
|
||||
return @domain_block if defined?(@domain_block)
|
||||
@domain_block = DomainBlock.find_by(domain: @domain)
|
||||
AllowDomainService.silenced?(@domain)
|
||||
end
|
||||
|
||||
def atom_url
|
||||
|
|
|
@ -30,7 +30,7 @@ class SendInteractionService < BaseService
|
|||
end
|
||||
|
||||
def block_notification?
|
||||
DomainBlock.blocked?(@target_account.domain)
|
||||
AllowDomainService.blocked?(@target_account.domain)
|
||||
end
|
||||
|
||||
def salmon
|
||||
|
|
|
@ -25,8 +25,7 @@ class UpdateRemoteProfileService < BaseService
|
|||
account.display_name = remote_profile.display_name || ''
|
||||
account.note = remote_profile.note || ''
|
||||
account.locked = remote_profile.locked?
|
||||
|
||||
if !account.suspended? && !DomainBlock.find_by(domain: account.domain)&.reject_media?
|
||||
if !account.suspended? && !AllowDomainService.reject_media?(account.domain)
|
||||
if remote_profile.avatar.present?
|
||||
account.avatar_remote_url = remote_profile.avatar
|
||||
else
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class WhitelistDomainService < BaseService
|
||||
def self.call(domain, severity)
|
||||
d = DomainWhitelist.where(domain: domain).first_or_create!(domain: domain, severity: severity)
|
||||
d.severity = severity
|
||||
d.save!
|
||||
|
||||
if severity == :silence
|
||||
Account.where(domain: domain).update_all(silenced: true)
|
||||
elsif severity == :enable
|
||||
Account.where(:domain => domain).update_all(suspended: false)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -37,7 +37,7 @@ class Pubsubhubbub::DeliveryWorker
|
|||
end
|
||||
|
||||
def blocked_domain?
|
||||
DomainBlock.blocked?(host)
|
||||
AllowDomainService.blocked?(host)
|
||||
end
|
||||
|
||||
def host
|
||||
|
|
|
@ -57,6 +57,8 @@ defaults: &defaults
|
|||
activity_api_enabled: true
|
||||
peers_api_enabled: true
|
||||
show_known_fediverse_at_about_page: true
|
||||
whitelist_enabled: false
|
||||
|
||||
development:
|
||||
<<: *defaults
|
||||
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
class AddWhitelists < ActiveRecord::Migration[5.0]
|
||||
def change
|
||||
create_table :domain_whitelists do |t|
|
||||
t.string :domain, null: false, default: ''
|
||||
t.integer :severity, default: 0
|
||||
t.boolean :reject_media
|
||||
t.timestamps
|
||||
end
|
||||
|
||||
add_index :domain_whitelists, :domain, unique: true
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue