From 6499e5f7ea54b6d0baf8be37e3d985221f7a0220 Mon Sep 17 00:00:00 2001
From: alemi <me@alemi.dev>
Date: Tue, 31 Dec 2024 16:29:34 +0100
Subject: [PATCH] feat: add public addressing rejection

basically prevent instances from appearing on public tl but still allow
users to follow specific remote users. won't defend against harassment
tho, need another rule
---
 upub/core/src/config.rs         |  6 ++++++
 upub/core/src/traits/address.rs | 24 ++++++++++++++++++++----
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/upub/core/src/config.rs b/upub/core/src/config.rs
index 55f5321..a0a7720 100644
--- a/upub/core/src/config.rs
+++ b/upub/core/src/config.rs
@@ -154,6 +154,12 @@ pub struct RejectConfig {
 	/// discard incoming activities from these instances
 	pub incoming: Vec<String>,
 
+	#[serde(default)]
+	/// prevent content from these instances from being displayed publicly
+	/// this effectively removes the public (aka NULL) addressing: only other addressees (followers,
+	/// mentions) will be able to see content from these instances on timelines and directly
+	pub public: Vec<String>,
+
 	#[serde(default)]
 	/// prevent proxying media coming from these instances
 	pub media: Vec<String>,
diff --git a/upub/core/src/traits/address.rs b/upub/core/src/traits/address.rs
index de3f4b8..d0698f8 100644
--- a/upub/core/src/traits/address.rs
+++ b/upub/core/src/traits/address.rs
@@ -59,16 +59,24 @@ impl Addresser for crate::Context {
 		match (activity, object) {
 			(None, None) => Ok(()),
 			(Some(activity), None) => {
-				let to = expand_addressing(activity.addressed(), None, tx).await?;
+				let to = expand_addressing_with_blacklist(
+					&activity.id, &self.cfg().reject.public, activity.addressed(), None, tx
+				).await?;
 				address_to(self, to, Some(activity.internal), None, self.is_local(&activity.id), activity.published, tx).await
 			},
 			(None, Some(object)) => {
-				let to = expand_addressing(object.addressed(), object.audience.clone(), tx).await?;
+				let to = expand_addressing_with_blacklist(
+					&object.id, &self.cfg().reject.public, object.addressed(), object.audience.clone(), tx
+				).await?;
 				address_to(self, to, None, Some(object.internal), self.is_local(&object.id), object.published, tx).await
 			},
 			(Some(activity), Some(object)) => {
-				let to_activity = BTreeSet::from_iter(expand_addressing(activity.addressed(), object.audience.clone(), tx).await?);
-				let to_object = BTreeSet::from_iter(expand_addressing(object.addressed(), object.audience.clone(), tx).await?);
+				let to_activity = BTreeSet::from_iter(expand_addressing_with_blacklist(
+					&activity.id, &self.cfg().reject.public, activity.addressed(), object.audience.clone(), tx
+				).await?);
+				let to_object = BTreeSet::from_iter(expand_addressing_with_blacklist(
+					&object.id, &self.cfg().reject.public, object.addressed(), object.audience.clone(), tx
+				).await?);
 
 				let to_common = to_activity.intersection(&to_object).cloned().collect();
 				address_to(self, to_common, Some(activity.internal), Some(object.internal), self.is_local(&activity.id), activity.published, tx).await?;
@@ -188,3 +196,11 @@ async fn expand_addressing(targets: Vec<String>, audience: Option<String>, tx: &
 	}
 	Ok(out)
 }
+
+async fn expand_addressing_with_blacklist(id: &str, blacklist: &[String], mut targets: Vec<String>, audience: Option<String>, tx: &impl ConnectionTrait) -> Result<Vec<String>, DbErr> {
+	let trimmed = id.replace("https://", "").replace("http://", "");
+	if blacklist.iter().any(|x| trimmed.starts_with(x)) {
+		targets.retain(|x| x != apb::target::PUBLIC && x != apb::target::PUBLIC_COMPACT);
+	}
+	expand_addressing(targets, audience, tx).await
+}