allow autorejecting incoming ap activities by `id`, `@context`, and domain + autoject suspended domains & their subdomains
parent
d82d7e0b2b
commit
86f29a68fb
|
@ -185,4 +185,37 @@ class ActivityPub::Activity
|
|||
Rails.logger.info("Rejected #{@json['type']} activity #{@json['id']} from #{@account.uri}#{@options[:relayed_through_account] && "via #{@options[:relayed_through_account].uri}"}")
|
||||
nil
|
||||
end
|
||||
|
||||
def should_reject?
|
||||
return unless @object
|
||||
|
||||
oid = @json['id']
|
||||
return true if ENV.fetch('REJECT_IF_ID_STARTS_WITH', '').split.any? { |r| oid.start_with?(r) }
|
||||
return true if ENV.fetch('REJECT_IF_ID_CONTAINS', '').split.any? { |r| r.in?(oid) }
|
||||
|
||||
url = object_uri.start_with?('http') ? object_uri : @object['url']
|
||||
return if url.nil?
|
||||
|
||||
domain = url.scan(/[\w\-]+\.[\w\-]+(?:\.[\w\-]+)*/).first
|
||||
blocks = DomainBlock.suspend
|
||||
return true if blocks.where(domain: domain).or(blocks.where('domain LIKE ?', "%.#{domain}")).exists?
|
||||
|
||||
if @object['@context'].is_a?(Array)
|
||||
inline_context = @object['@context'].find { |item| item.is_a?(Hash) }
|
||||
if inline_context
|
||||
keys = inline_context.keys
|
||||
return true if ENV.fetch('REJECT_IF_CONTEXT_EQUALS', '').split.any? { |r| r.in?(keys) }
|
||||
return true if ENV.fetch('REJECT_IF_CONTEXT_STARTS_WITH', '').split.any? { |r| keys.any? { |k| k.start_with?(r) } }
|
||||
return true if ENV.fetch('REJECT_IF_CONTEXT_CONTAINS', '').split.any? { |r| keys.any? { |k| r.in?(k) } }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def autoreject?
|
||||
if @options[:imported] || should_reject?
|
||||
Rails.logger.info("Auto-rejected #{@json['type']} activity #{@json['id']}")
|
||||
return true
|
||||
end
|
||||
false
|
||||
end
|
||||
end
|
||||
|
|
|
@ -11,6 +11,7 @@ class ActivityPub::Activity::Accept < ActivityPub::Activity
|
|||
private
|
||||
|
||||
def accept_follow
|
||||
return if autoreject?
|
||||
return accept_follow_for_relay if relay_follow?
|
||||
|
||||
target_account = account_from_uri(target_uri)
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class ActivityPub::Activity::Add < ActivityPub::Activity
|
||||
def perform
|
||||
return if autoreject?
|
||||
return unless @json['target'].present? && value_or_id(@json['target']) == @account.featured_collection_url
|
||||
|
||||
status = status_from_uri(object_uri)
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class ActivityPub::Activity::Announce < ActivityPub::Activity
|
||||
def perform
|
||||
return if autoreject?
|
||||
return reject_payload! if !@options[:imported] && (delete_arrived_first?(@json['id']) || !related_to_local_activity?)
|
||||
|
||||
original_status = status_from_object
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class ActivityPub::Activity::Create < ActivityPub::Activity
|
||||
def perform
|
||||
return if autoreject?
|
||||
return reject_payload! if unsupported_object_type? || !@options[:imported] && (invalid_origin?(@object['id']) || Tombstone.exists?(uri: @object['id']) || !related_to_local_activity?)
|
||||
|
||||
RedisLock.acquire(lock_options) do |lock|
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class ActivityPub::Activity::Flag < ActivityPub::Activity
|
||||
def perform
|
||||
return if autoreject?
|
||||
return if skip_reports?
|
||||
|
||||
target_accounts = object_uris.map { |uri| account_from_uri(uri) }.compact.select(&:local?)
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class ActivityPub::Activity::Follow < ActivityPub::Activity
|
||||
def perform
|
||||
return if autoreject?
|
||||
target_account = account_from_uri(object_uri)
|
||||
|
||||
return if target_account.nil? || !target_account.local? || delete_arrived_first?(@json['id']) || @account.requested?(target_account)
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class ActivityPub::Activity::Like < ActivityPub::Activity
|
||||
def perform
|
||||
return if autoreject?
|
||||
original_status = status_from_uri(object_uri)
|
||||
|
||||
return if original_status.nil? || !original_status.account.local? || delete_arrived_first?(@json['id']) || @account.favourited?(original_status)
|
||||
|
|
|
@ -4,6 +4,7 @@ class ActivityPub::Activity::Move < ActivityPub::Activity
|
|||
PROCESSING_COOLDOWN = 7.days.seconds
|
||||
|
||||
def perform
|
||||
return if autoreject?
|
||||
return if origin_account.uri != object_uri || processed?
|
||||
|
||||
mark_as_processing!
|
||||
|
|
|
@ -4,6 +4,7 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
|
|||
SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze
|
||||
|
||||
def perform
|
||||
return if autoreject?
|
||||
if equals_or_includes_any?(@object['type'], SUPPORTED_TYPES)
|
||||
update_account
|
||||
elsif equals_or_includes_any?(@object['type'], %w(Question))
|
||||
|
|
Loading…
Reference in New Issue