add pleroma_restrict_unauthenticated_search.lua

2025-05-02 18:43:27 -03:00 · 2025-05-02 18:43:27 -03:00 · 8434492b18
commit 8434492b18
parent 2c1f155328
1 changed files with 35 additions and 0 deletions
--- a/scripts/pleroma_restrict_unauthenticated_search.lua
+++ b/scripts/pleroma_restrict_unauthenticated_search.lua
@ -0,0 +1,35 @@
+local function webfingerInit(cfg)
+    return {} -- no ctx
+end
+
+local function webfingerCallback(cfg, _ctx)
+    local h, err = ngx.req.get_headers()
+
+    if err == "truncated" then
+        return 400, 'too many headers'
+    end
+
+    local authheader = h["authorization"]
+
+    if authheader == nil then
+        return 400, "requires authentication"
+    else
+        return nil
+    end
+end
+
+return {
+    name='PleromaRestrictUnauthenticatedSearch',
+    author='luna@l4.pm',
+    title='restrict unauth search',
+    description=[[
+    Search can be a DoS vector. restrict it without Authorization header.
+    Useful for small instances.
+    ]],
+    version=1,
+    init=searchInit,
+    callbacks = {
+        ['/api/v2/search'] = searchCallback
+    },
+    config={},
+}