alemi/upub
alemi/upub
1
0
Fork 1
Code Issues 4 Pull requests Projects Releases Packages 1 Wiki Activity Actions

feat: add fetch rejection policy

Browse source
This commit is contained in:
əlemi 2024-12-31 17:11:06 +01:00
parent d6f188de23
commit a9dbe5dd9c
Signed by: alemi
GPG key ID: A4895B84D311642C
3 changed files with 19 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
upub/core/src/config.rs
View file

@ -154,6 +154,10 @@ pub struct RejectConfig {
/// discard incoming activities from these instances /// discard incoming activities from these instances
pub incoming: Vec<String>, pub incoming: Vec<String>,
#[serde(default)]
/// prevent fetching content from these instances
pub fetch: Vec<String>,
#[serde(default)] #[serde(default)]
/// prevent content from these instances from being displayed publicly /// prevent content from these instances from being displayed publicly
/// this effectively removes the public (aka NULL) addressing: only other addressees (followers, /// this effectively removes the public (aka NULL) addressing: only other addressees (followers,

12
upub/core/src/traits/fetch.rs
View file

@ -42,6 +42,9 @@ pub enum RequestError {
#[error("resource no longer exists")] #[error("resource no longer exists")]
Tombstone, Tombstone,
#[error("request aborted due to configured policies")]
AbortedForPolicy,
#[error("error constructing http signature: {0:?}")] #[error("error constructing http signature: {0:?}")]
HttpSignature(#[from] httpsign::HttpSignatureError), HttpSignature(#[from] httpsign::HttpSignatureError),
} }
@ -131,7 +134,7 @@ pub trait Fetcher {
let mut signer = HttpSignature::new( let mut signer = HttpSignature::new(
format!("{from}#main-key"), // TODO don't hardcode #main-key format!("{from}#main-key"), // TODO don't hardcode #main-key
//"hs2019".to_string(), // pixelfeed/iceshrimp made me go back //"hs2019".to_string(), // TODO could we switch to this now?
"rsa-sha256".to_string(), "rsa-sha256".to_string(),
&headers, &headers,
); );
@ -168,6 +171,10 @@ pub trait Fetcher {
#[async_trait::async_trait] #[async_trait::async_trait]
impl Fetcher for crate::Context { impl Fetcher for crate::Context {
async fn pull_r(&self, id: &str, depth: u32) -> Result<Pull<serde_json::Value>, RequestError> { async fn pull_r(&self, id: &str, depth: u32) -> Result<Pull<serde_json::Value>, RequestError> {
if crate::ext::is_blacklisted(id, &self.cfg().reject.fetch) {
return Err(RequestError::AbortedForPolicy);
}
tracing::debug!("fetching {id}"); tracing::debug!("fetching {id}");
// let _domain = self.fetch_domain(&crate::Context::server(id)).await?; // let _domain = self.fetch_domain(&crate::Context::server(id)).await?;
@ -526,6 +533,9 @@ impl Dereferenceable<serde_json::Value> for apb::Node<serde_json::Value> {
match self { match self {
apb::Node::Link(uri) => { apb::Node::Link(uri) => {
let href = uri.href()?; let href = uri.href()?;
if crate::ext::is_blacklisted(&href, &ctx.cfg().reject.fetch) {
return Err(RequestError::AbortedForPolicy);
}
tracing::info!("dereferencing {href}"); tracing::info!("dereferencing {href}");
let res = crate::Context::request(Method::GET, &href, None, ctx.base(), ctx.pkey(), ctx.domain()) let res = crate::Context::request(Method::GET, &href, None, ctx.base(), ctx.pkey(), ctx.domain())
.await? .await?

4
upub/routes/src/activitypub/application.rs
View file

@ -117,6 +117,10 @@ pub async fn ap_fetch(
}, },
}; };
if upub::ext::is_blacklisted(&query.uri, &ctx.cfg().reject.fetch) {
return Err(crate::ApiError::FetchError(upub::traits::fetch::RequestError::AbortedForPolicy));
}
let resp = Context::request( let resp = Context::request(
Method::GET, Method::GET,
&query.uri, &query.uri,