alemi/upub
alemi/upub
1
0
Fork 1
Code Issues 4 Pull requests Projects Releases Packages 1 Wiki Activity Actions

chore: centralize blacklist check

Browse source
This commit is contained in:
əlemi 2024-12-31 17:10:05 +01:00
parent f572a38622
commit 6482483791
Signed by: alemi
GPG key ID: A4895B84D311642C
4 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
upub/core/src/ext.rs
View file

@ -136,3 +136,16 @@ impl TypeName for String {
"String".to_string() "String".to_string()
} }
} }
pub fn strip_proto(url: &str) -> &str {
url
.strip_prefix("https://")
.unwrap_or(url)
.strip_prefix("http://")
.unwrap_or(url)
}
pub fn is_blacklisted(id: &str, blacklist: &[String]) -> bool {
let stripped = strip_proto(id);
blacklist.iter().any(|x| stripped.starts_with(x))
}

5
upub/core/src/traits/address.rs
View file

@ -198,9 +198,8 @@ async fn expand_addressing(targets: Vec<String>, audience: Option<String>, tx: &
} }
async fn expand_addressing_with_blacklist(id: &str, blacklist: &[String], mut targets: Vec<String>, audience: Option<String>, tx: &impl ConnectionTrait) -> Result<Vec<String>, DbErr> { async fn expand_addressing_with_blacklist(id: &str, blacklist: &[String], mut targets: Vec<String>, audience: Option<String>, tx: &impl ConnectionTrait) -> Result<Vec<String>, DbErr> {
let trimmed = id.replace("https://", "").replace("http://", ""); if crate::ext::is_blacklisted(id, blacklist) {
if blacklist.iter().any(|x| trimmed.starts_with(x)) { targets.retain(|x| !apb::target::is_public(x));
targets.retain(|x| x != apb::target::PUBLIC && x != apb::target::PUBLIC_COMPACT);
} }
expand_addressing(targets, audience, tx).await expand_addressing(targets, audience, tx).await
} }

3
upub/routes/src/activitypub/application.rs
View file

@ -139,8 +139,7 @@ pub async fn cloak_proxy(
let uri = ctx.uncloak(&hmac, &uri) let uri = ctx.uncloak(&hmac, &uri)
.ok_or_else(ApiError::unauthorized)?; .ok_or_else(ApiError::unauthorized)?;
let stripped = uri.replace("https://", "").replace("http://", ""); if upub::ext::is_blacklisted(&uri, &ctx.cfg().reject.media) {
if ctx.cfg().reject.media.iter().any(|x| stripped.starts_with(x)) {
return Err(ApiError::Status(axum::http::StatusCode::UNAVAILABLE_FOR_LEGAL_REASONS)); return Err(ApiError::Status(axum::http::StatusCode::UNAVAILABLE_FOR_LEGAL_REASONS));
} }

3
upub/worker/src/outbound.rs
View file

@ -188,8 +188,7 @@ pub async fn process(ctx: Context, job: &model::job::Model) -> crate::JobResult<
targets targets
.retain(|target| { .retain(|target| {
let stripped = target.replace("https://", "").replace("http://", ""); if upub::ext::is_blacklisted(target, &ctx.cfg().reject.delivery) {
if ctx.cfg().reject.delivery.iter().any(|x| stripped.starts_with(x)) {
tracing::warn!("rejecting delivery of {} to {target}", job.activity); tracing::warn!("rejecting delivery of {} to {target}", job.activity);
false false
} else { } else {