feat: add fetch rejection policy
This commit is contained in:
parent
d6f188de23
commit
a9dbe5dd9c
GPG key ID:
A4895B84D311642C
3 changed files with 19 additions and 1 deletions
|
|
@ -154,6 +154,10 @@ pub struct RejectConfig {
|
|||
/// discard incoming activities from these instances
|
||||
pub incoming: Vec<String>,
|
||||
|
||||
#[serde(default)]
|
||||
/// prevent fetching content from these instances
|
||||
pub fetch: Vec<String>,
|
||||
|
||||
#[serde(default)]
|
||||
/// prevent content from these instances from being displayed publicly
|
||||
/// this effectively removes the public (aka NULL) addressing: only other addressees (followers,
|
||||
|
|
|
|||
|
|
@ -42,6 +42,9 @@ pub enum RequestError {
|
|||
#[error("resource no longer exists")]
|
||||
Tombstone,
|
||||
|
||||
#[error("request aborted due to configured policies")]
|
||||
AbortedForPolicy,
|
||||
|
||||
#[error("error constructing http signature: {0:?}")]
|
||||
HttpSignature(#[from] httpsign::HttpSignatureError),
|
||||
}
|
||||
|
|
@ -131,7 +134,7 @@ pub trait Fetcher {
|
|||
|
||||
let mut signer = HttpSignature::new(
|
||||
format!("{from}#main-key"), // TODO don't hardcode #main-key
|
||||
//"hs2019".to_string(), // pixelfeed/iceshrimp made me go back
|
||||
//"hs2019".to_string(), // TODO could we switch to this now?
|
||||
"rsa-sha256".to_string(),
|
||||
&headers,
|
||||
);
|
||||
|
|
@ -168,6 +171,10 @@ pub trait Fetcher {
|
|||
#[async_trait::async_trait]
|
||||
impl Fetcher for crate::Context {
|
||||
async fn pull_r(&self, id: &str, depth: u32) -> Result<Pull<serde_json::Value>, RequestError> {
|
||||
if crate::ext::is_blacklisted(id, &self.cfg().reject.fetch) {
|
||||
return Err(RequestError::AbortedForPolicy);
|
||||
}
|
||||
|
||||
tracing::debug!("fetching {id}");
|
||||
// let _domain = self.fetch_domain(&crate::Context::server(id)).await?;
|
||||
|
||||
|
|
@ -526,6 +533,9 @@ impl Dereferenceable<serde_json::Value> for apb::Node<serde_json::Value> {
|
|||
match self {
|
||||
apb::Node::Link(uri) => {
|
||||
let href = uri.href()?;
|
||||
if crate::ext::is_blacklisted(&href, &ctx.cfg().reject.fetch) {
|
||||
return Err(RequestError::AbortedForPolicy);
|
||||
}
|
||||
tracing::info!("dereferencing {href}");
|
||||
let res = crate::Context::request(Method::GET, &href, None, ctx.base(), ctx.pkey(), ctx.domain())
|
||||
.await?
|
||||
|
|
|
|||
|
|
@ -117,6 +117,10 @@ pub async fn ap_fetch(
|
|||
},
|
||||
};
|
||||
|
||||
if upub::ext::is_blacklisted(&query.uri, &ctx.cfg().reject.fetch) {
|
||||
return Err(crate::ApiError::FetchError(upub::traits::fetch::RequestError::AbortedForPolicy));
|
||||
}
|
||||
|
||||
let resp = Context::request(
|
||||
Method::GET,
|
||||
&query.uri,
|
||||
|
|
|
|||
Loading…
Reference in a new issue