allow autorejecting incoming ap activities by `id`, `@context`, and domain + autoject suspended domains & their subdomains

2019-07-22 20:04:15 -05:00 · 2019-07-22 20:04:15 -05:00 · 86f29a68fb
parent d82d7e0b2b
commit 86f29a68fb
10 changed files with 42 additions and 0 deletions
--- a/app/lib/activitypub/activity.rb
+++ b/app/lib/activitypub/activity.rb
@ -185,4 +185,37 @@ class ActivityPub::Activity
    Rails.logger.info("Rejected #{@json['type']} activity #{@json['id']} from #{@account.uri}#{@options[:relayed_through_account] && "via #{@options[:relayed_through_account].uri}"}")
    nil
  end
+
+  def should_reject?
+    return unless @object
+
+    oid = @json['id']
+    return true if ENV.fetch('REJECT_IF_ID_STARTS_WITH', '').split.any? { |r| oid.start_with?(r) }
+    return true if ENV.fetch('REJECT_IF_ID_CONTAINS', '').split.any? { |r| r.in?(oid) }
+
+    url = object_uri.start_with?('http') ? object_uri : @object['url']
+    return if url.nil?
+
+    domain = url.scan(/[\w\-]+\.[\w\-]+(?:\.[\w\-]+)*/).first
+    blocks = DomainBlock.suspend
+    return true if blocks.where(domain: domain).or(blocks.where('domain LIKE ?', "%.#{domain}")).exists?
+
+    if @object['@context'].is_a?(Array)
+      inline_context = @object['@context'].find { |item| item.is_a?(Hash) }
+      if inline_context
+        keys = inline_context.keys
+        return true if ENV.fetch('REJECT_IF_CONTEXT_EQUALS', '').split.any? { |r| r.in?(keys) }
+        return true if ENV.fetch('REJECT_IF_CONTEXT_STARTS_WITH', '').split.any? { |r| keys.any? { |k| k.start_with?(r) } }
+        return true if ENV.fetch('REJECT_IF_CONTEXT_CONTAINS', '').split.any? { |r| keys.any? { |k| r.in?(k) } }
+      end
+    end
+  end
+
+  def autoreject?
+    if @options[:imported] || should_reject?
+      Rails.logger.info("Auto-rejected #{@json['type']} activity #{@json['id']}")
+      return true
+    end
+    false
+  end
 end
--- a/app/lib/activitypub/activity/accept.rb
+++ b/app/lib/activitypub/activity/accept.rb
@ -11,6 +11,7 @@ class ActivityPub::Activity::Accept < ActivityPub::Activity
  private

  def accept_follow
+    return if autoreject?
    return accept_follow_for_relay if relay_follow?

    target_account = account_from_uri(target_uri)
--- a/app/lib/activitypub/activity/add.rb
+++ b/app/lib/activitypub/activity/add.rb
@ -2,6 +2,7 @@

 class ActivityPub::Activity::Add < ActivityPub::Activity
  def perform
+    return if autoreject?
    return unless @json['target'].present? && value_or_id(@json['target']) == @account.featured_collection_url

    status   = status_from_uri(object_uri)
--- a/app/lib/activitypub/activity/announce.rb
+++ b/app/lib/activitypub/activity/announce.rb
@ -2,6 +2,7 @@

 class ActivityPub::Activity::Announce < ActivityPub::Activity
  def perform
+    return if autoreject?
    return reject_payload! if !@options[:imported] && (delete_arrived_first?(@json['id']) || !related_to_local_activity?)

    original_status = status_from_object
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@ -2,6 +2,7 @@

 class ActivityPub::Activity::Create < ActivityPub::Activity
  def perform
+    return if autoreject?
    return reject_payload! if unsupported_object_type? || !@options[:imported] && (invalid_origin?(@object['id']) || Tombstone.exists?(uri: @object['id']) || !related_to_local_activity?)

    RedisLock.acquire(lock_options) do |lock|
--- a/app/lib/activitypub/activity/flag.rb
+++ b/app/lib/activitypub/activity/flag.rb
@ -2,6 +2,7 @@

 class ActivityPub::Activity::Flag < ActivityPub::Activity
  def perform
+    return if autoreject?
    return if skip_reports?

    target_accounts            = object_uris.map { |uri| account_from_uri(uri) }.compact.select(&:local?)
--- a/app/lib/activitypub/activity/follow.rb
+++ b/app/lib/activitypub/activity/follow.rb
@ -2,6 +2,7 @@

 class ActivityPub::Activity::Follow < ActivityPub::Activity
  def perform
+    return if autoreject?
    target_account = account_from_uri(object_uri)

    return if target_account.nil? || !target_account.local? || delete_arrived_first?(@json['id']) || @account.requested?(target_account)
--- a/app/lib/activitypub/activity/like.rb
+++ b/app/lib/activitypub/activity/like.rb
@ -2,6 +2,7 @@

 class ActivityPub::Activity::Like < ActivityPub::Activity
  def perform
+    return if autoreject?
    original_status = status_from_uri(object_uri)

    return if original_status.nil? || !original_status.account.local? || delete_arrived_first?(@json['id']) || @account.favourited?(original_status)
--- a/app/lib/activitypub/activity/move.rb
+++ b/app/lib/activitypub/activity/move.rb
@ -4,6 +4,7 @@ class ActivityPub::Activity::Move < ActivityPub::Activity
  PROCESSING_COOLDOWN = 7.days.seconds

  def perform
+    return if autoreject?
    return if origin_account.uri != object_uri || processed?

    mark_as_processing!
--- a/app/lib/activitypub/activity/update.rb
+++ b/app/lib/activitypub/activity/update.rb
@ -4,6 +4,7 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
  SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze

  def perform
+    return if autoreject?
    if equals_or_includes_any?(@object['type'], SUPPORTED_TYPES)
      update_account
    elsif equals_or_includes_any?(@object['type'], %w(Question))