allow autorejecting incoming ap activities by `id`, `@context`, and domain + autoject suspended domains & their subdomains
parent
d82d7e0b2b
commit
86f29a68fb
|
@ -185,4 +185,37 @@ class ActivityPub::Activity
|
||||||
Rails.logger.info("Rejected #{@json['type']} activity #{@json['id']} from #{@account.uri}#{@options[:relayed_through_account] && "via #{@options[:relayed_through_account].uri}"}")
|
Rails.logger.info("Rejected #{@json['type']} activity #{@json['id']} from #{@account.uri}#{@options[:relayed_through_account] && "via #{@options[:relayed_through_account].uri}"}")
|
||||||
nil
|
nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def should_reject?
|
||||||
|
return unless @object
|
||||||
|
|
||||||
|
oid = @json['id']
|
||||||
|
return true if ENV.fetch('REJECT_IF_ID_STARTS_WITH', '').split.any? { |r| oid.start_with?(r) }
|
||||||
|
return true if ENV.fetch('REJECT_IF_ID_CONTAINS', '').split.any? { |r| r.in?(oid) }
|
||||||
|
|
||||||
|
url = object_uri.start_with?('http') ? object_uri : @object['url']
|
||||||
|
return if url.nil?
|
||||||
|
|
||||||
|
domain = url.scan(/[\w\-]+\.[\w\-]+(?:\.[\w\-]+)*/).first
|
||||||
|
blocks = DomainBlock.suspend
|
||||||
|
return true if blocks.where(domain: domain).or(blocks.where('domain LIKE ?', "%.#{domain}")).exists?
|
||||||
|
|
||||||
|
if @object['@context'].is_a?(Array)
|
||||||
|
inline_context = @object['@context'].find { |item| item.is_a?(Hash) }
|
||||||
|
if inline_context
|
||||||
|
keys = inline_context.keys
|
||||||
|
return true if ENV.fetch('REJECT_IF_CONTEXT_EQUALS', '').split.any? { |r| r.in?(keys) }
|
||||||
|
return true if ENV.fetch('REJECT_IF_CONTEXT_STARTS_WITH', '').split.any? { |r| keys.any? { |k| k.start_with?(r) } }
|
||||||
|
return true if ENV.fetch('REJECT_IF_CONTEXT_CONTAINS', '').split.any? { |r| keys.any? { |k| r.in?(k) } }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def autoreject?
|
||||||
|
if @options[:imported] || should_reject?
|
||||||
|
Rails.logger.info("Auto-rejected #{@json['type']} activity #{@json['id']}")
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
false
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -11,6 +11,7 @@ class ActivityPub::Activity::Accept < ActivityPub::Activity
|
||||||
private
|
private
|
||||||
|
|
||||||
def accept_follow
|
def accept_follow
|
||||||
|
return if autoreject?
|
||||||
return accept_follow_for_relay if relay_follow?
|
return accept_follow_for_relay if relay_follow?
|
||||||
|
|
||||||
target_account = account_from_uri(target_uri)
|
target_account = account_from_uri(target_uri)
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
class ActivityPub::Activity::Add < ActivityPub::Activity
|
class ActivityPub::Activity::Add < ActivityPub::Activity
|
||||||
def perform
|
def perform
|
||||||
|
return if autoreject?
|
||||||
return unless @json['target'].present? && value_or_id(@json['target']) == @account.featured_collection_url
|
return unless @json['target'].present? && value_or_id(@json['target']) == @account.featured_collection_url
|
||||||
|
|
||||||
status = status_from_uri(object_uri)
|
status = status_from_uri(object_uri)
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
class ActivityPub::Activity::Announce < ActivityPub::Activity
|
class ActivityPub::Activity::Announce < ActivityPub::Activity
|
||||||
def perform
|
def perform
|
||||||
|
return if autoreject?
|
||||||
return reject_payload! if !@options[:imported] && (delete_arrived_first?(@json['id']) || !related_to_local_activity?)
|
return reject_payload! if !@options[:imported] && (delete_arrived_first?(@json['id']) || !related_to_local_activity?)
|
||||||
|
|
||||||
original_status = status_from_object
|
original_status = status_from_object
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
class ActivityPub::Activity::Create < ActivityPub::Activity
|
class ActivityPub::Activity::Create < ActivityPub::Activity
|
||||||
def perform
|
def perform
|
||||||
|
return if autoreject?
|
||||||
return reject_payload! if unsupported_object_type? || !@options[:imported] && (invalid_origin?(@object['id']) || Tombstone.exists?(uri: @object['id']) || !related_to_local_activity?)
|
return reject_payload! if unsupported_object_type? || !@options[:imported] && (invalid_origin?(@object['id']) || Tombstone.exists?(uri: @object['id']) || !related_to_local_activity?)
|
||||||
|
|
||||||
RedisLock.acquire(lock_options) do |lock|
|
RedisLock.acquire(lock_options) do |lock|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
class ActivityPub::Activity::Flag < ActivityPub::Activity
|
class ActivityPub::Activity::Flag < ActivityPub::Activity
|
||||||
def perform
|
def perform
|
||||||
|
return if autoreject?
|
||||||
return if skip_reports?
|
return if skip_reports?
|
||||||
|
|
||||||
target_accounts = object_uris.map { |uri| account_from_uri(uri) }.compact.select(&:local?)
|
target_accounts = object_uris.map { |uri| account_from_uri(uri) }.compact.select(&:local?)
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
class ActivityPub::Activity::Follow < ActivityPub::Activity
|
class ActivityPub::Activity::Follow < ActivityPub::Activity
|
||||||
def perform
|
def perform
|
||||||
|
return if autoreject?
|
||||||
target_account = account_from_uri(object_uri)
|
target_account = account_from_uri(object_uri)
|
||||||
|
|
||||||
return if target_account.nil? || !target_account.local? || delete_arrived_first?(@json['id']) || @account.requested?(target_account)
|
return if target_account.nil? || !target_account.local? || delete_arrived_first?(@json['id']) || @account.requested?(target_account)
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
class ActivityPub::Activity::Like < ActivityPub::Activity
|
class ActivityPub::Activity::Like < ActivityPub::Activity
|
||||||
def perform
|
def perform
|
||||||
|
return if autoreject?
|
||||||
original_status = status_from_uri(object_uri)
|
original_status = status_from_uri(object_uri)
|
||||||
|
|
||||||
return if original_status.nil? || !original_status.account.local? || delete_arrived_first?(@json['id']) || @account.favourited?(original_status)
|
return if original_status.nil? || !original_status.account.local? || delete_arrived_first?(@json['id']) || @account.favourited?(original_status)
|
||||||
|
|
|
@ -4,6 +4,7 @@ class ActivityPub::Activity::Move < ActivityPub::Activity
|
||||||
PROCESSING_COOLDOWN = 7.days.seconds
|
PROCESSING_COOLDOWN = 7.days.seconds
|
||||||
|
|
||||||
def perform
|
def perform
|
||||||
|
return if autoreject?
|
||||||
return if origin_account.uri != object_uri || processed?
|
return if origin_account.uri != object_uri || processed?
|
||||||
|
|
||||||
mark_as_processing!
|
mark_as_processing!
|
||||||
|
|
|
@ -4,6 +4,7 @@ class ActivityPub::Activity::Update < ActivityPub::Activity
|
||||||
SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze
|
SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze
|
||||||
|
|
||||||
def perform
|
def perform
|
||||||
|
return if autoreject?
|
||||||
if equals_or_includes_any?(@object['type'], SUPPORTED_TYPES)
|
if equals_or_includes_any?(@object['type'], SUPPORTED_TYPES)
|
||||||
update_account
|
update_account
|
||||||
elsif equals_or_includes_any?(@object['type'], %w(Question))
|
elsif equals_or_includes_any?(@object['type'], %w(Question))
|
||||||
|
|
Loading…
Reference in New Issue