Merge branch 'feature-allowlist' into egirls-sharkey
This commit is contained in:
commit
74a62c2107
22 changed files with 158 additions and 5 deletions
|
|
@ -181,6 +181,11 @@ export class ActivityPubServerService {
|
|||
this.authlogger.warn(`${request.id} ${request.url} instance ${keyHost} is blocked: refuse`);
|
||||
reply.code(401);
|
||||
return true;
|
||||
} else if (meta.allowlistMode && !this.utilityService.isAllowedHost(meta.allowedHosts, keyHost)) {
|
||||
/* allowlist mode enabled and instance not on allowlist: refuse */
|
||||
this.authLogger.warn(`${request.id} ${request.url} instance ${keyHost} is not on allowlist: refuse`);
|
||||
reply.code(401);
|
||||
return true;
|
||||
}
|
||||
|
||||
// do we know the signer already?
|
||||
|
|
|
|||
|
|
@ -141,6 +141,17 @@ export const meta = {
|
|||
type: 'string',
|
||||
},
|
||||
},
|
||||
allowedHosts: {
|
||||
type: 'array',
|
||||
optional: false, nullable: false,
|
||||
items: {
|
||||
type: 'string',
|
||||
},
|
||||
},
|
||||
allowlistMode: {
|
||||
type: 'boolean',
|
||||
optional: false, nullable: false,
|
||||
},
|
||||
sensitiveWords: {
|
||||
type: 'array',
|
||||
optional: false, nullable: false,
|
||||
|
|
@ -503,6 +514,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
pinnedUsers: instance.pinnedUsers,
|
||||
hiddenTags: instance.hiddenTags,
|
||||
blockedHosts: instance.blockedHosts,
|
||||
allowedHosts: instance.allowedHosts,
|
||||
allowlistMode: instance.allowlistMode,
|
||||
silencedHosts: instance.silencedHosts,
|
||||
sensitiveWords: instance.sensitiveWords,
|
||||
preservedUsernames: instance.preservedUsernames,
|
||||
|
|
|
|||
|
|
@ -36,6 +36,12 @@ export const paramDef = {
|
|||
type: 'string',
|
||||
},
|
||||
},
|
||||
allowedHosts: {
|
||||
type: 'array', nullable: true, items: {
|
||||
type: 'string',
|
||||
},
|
||||
},
|
||||
allowlistMode: { type: 'boolean', nullable: true },
|
||||
sensitiveWords: {
|
||||
type: 'array', nullable: true, items: {
|
||||
type: 'string',
|
||||
|
|
@ -172,6 +178,14 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
set.blockedHosts = ps.blockedHosts.filter(Boolean).map(x => x.toLowerCase());
|
||||
}
|
||||
|
||||
if (Array.isArray(ps.allowedHosts)) {
|
||||
set.allowedHosts = ps.allowedHosts.filter(Boolean).map(x => x.toLowerCase());
|
||||
}
|
||||
|
||||
if (ps.allowlistMode !== undefined) {
|
||||
set.allowlistMode = ps.allowlistMode;
|
||||
}
|
||||
|
||||
if (Array.isArray(ps.sensitiveWords)) {
|
||||
set.sensitiveWords = ps.sensitiveWords.filter(Boolean);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -114,7 +114,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
private async fetchAny(uri: string, me: MiLocalUser | null | undefined): Promise<SchemaType<typeof meta['res']> | null> {
|
||||
// ブロックしてたら中断
|
||||
const fetchedMeta = await this.metaService.fetch();
|
||||
if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, this.utilityService.extractDbHost(uri))) return null;
|
||||
const dbHost = this.utilityService.extractDbHost(uri);
|
||||
if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, dbHost)) return null;
|
||||
if (fetchedMeta.allowlistMode && !this.utilityService.isAllowedHost(fetchedMeta.allowedHosts, dbHost)) return null;
|
||||
|
||||
let local = await this.mergePack(me, ...await Promise.all([
|
||||
this.apDbResolverService.getUserFromApId(uri),
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ export const paramDef = {
|
|||
properties: {
|
||||
host: { type: 'string', nullable: true, description: 'Omit or use `null` to not filter by host.' },
|
||||
blocked: { type: 'boolean', nullable: true },
|
||||
allowed: { type: 'boolean', nullable: true },
|
||||
notResponding: { type: 'boolean', nullable: true },
|
||||
suspended: { type: 'boolean', nullable: true },
|
||||
silenced: { type: 'boolean', nullable: true },
|
||||
|
|
@ -107,6 +108,15 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
}
|
||||
}
|
||||
|
||||
if (typeof ps.allowed === 'boolean') {
|
||||
const meta = await this.metaService.fetch(true);
|
||||
if (ps.allowed) {
|
||||
query.andWhere(meta.allowedHosts.length === 0 ? '1=0' : 'instance.host IN (:...allows)', { allows: meta.allowedHosts });
|
||||
} else {
|
||||
query.andWhere(meta.allowedHosts.length === 0 ? '1=1' : 'instance.host NOT IN (:...allows)', { allows: meta.allowedHosts });
|
||||
}
|
||||
}
|
||||
|
||||
if (typeof ps.notResponding === 'boolean') {
|
||||
if (ps.notResponding) {
|
||||
query.andWhere('instance.isNotResponding = TRUE');
|
||||
|
|
|
|||
|
|
@ -159,6 +159,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
if (note.user?.isSilenced && me && followings && note.userId !== me.id && !followings[note.userId]) return false;
|
||||
if (note.user?.isSuspended) return false;
|
||||
if (this.utilityService.isBlockedHost(meta.blockedHosts, note.userHost)) return false;
|
||||
if (meta.allowlistMode && !this.utilityService.isAllowedHost(meta.allowedHosts, note.userHost)) return false;
|
||||
if (this.utilityService.isSilencedHost(meta.silencedHosts, note.userHost)) return false;
|
||||
return true;
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue