pleroma

commit: 309d22aca2ec0557b27c8e3d8d12b088061e0142
parent ad953143bb00d67eb981806981f8ef3e35c437e1
Author: marcin mikołajczak <git@mkljczk.pl>
Date:   Mon, 16 Sep 2024 13:33:56 +0200

Allow disabling C2S ActivityPub API

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>

Diffstat:
M
config/config.exs
3
++-
M
config/description.exs
5
+++++
A
lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex
34
++++++++++++++++++++++++++++++++++
M
lib/pleroma/web/router.ex
2
++
M
test/pleroma/web/activity_pub/activity_pub_controller_test.exs
40
++++++++++++++++++++++++++++++++++++++++

5 files changed, 83 insertions(+), 1 deletion(-)
diff --git a/config/config.exs b/config/config.exs
@@ -359,7 +359,8 @@ config :pleroma, :activitypub,
   follow_handshake_timeout: 500,
   note_replies_output_limit: 5,
   sign_object_fetches: true,
-  authorized_fetch_mode: false
+  authorized_fetch_mode: false,
+  client_api_enabled: true
 
 config :pleroma, :streamer,
   workers: 3,
diff --git a/config/description.exs b/config/description.exs
@@ -1772,6 +1772,11 @@ config :pleroma, :config_description, [
         type: :integer,
         description: "Following handshake timeout",
         suggestions: [500]
+      },
+      %{
+        key: :client_api_enabled,
+        type: :boolean,
+        description: "Allow client to server ActivityPub interactions"
       }
     ]
   },
diff --git a/lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex b/lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex
@@ -0,0 +1,34 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2024 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Plugs.APClientApiEnabledPlug do
+  import Plug.Conn
+  import Phoenix.Controller, only: [text: 2]
+
+  @config_impl Application.compile_env(:pleroma, [__MODULE__, :config_impl], Pleroma.Config)
+  @enabled_path [:activitypub, :client_api_enabled]
+
+  def init(options \\ []), do: Map.new(options)
+
+  def call(conn, %{allow_server: true}) do
+    if @config_impl.get(@enabled_path, false) do
+      conn
+    else
+      conn
+      |> assign(:user, nil)
+      |> assign(:token, nil)
+    end
+  end
+
+  def call(conn, _) do
+    if @config_impl.get(@enabled_path, false) do
+      conn
+    else
+      conn
+      |> put_status(:forbidden)
+      |> text("C2S not enabled")
+      |> halt()
+    end
+  end
+end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
@@ -902,6 +902,7 @@ defmodule Pleroma.Web.Router do
   # Client to Server (C2S) AP interactions
   pipeline :activitypub_client do
     plug(:ap_service_actor)
+    plug(Pleroma.Web.Plugs.APClientApiEnabledPlug)
     plug(:fetch_session)
     plug(:authenticate)
     plug(:after_auth)
@@ -912,6 +913,7 @@ defmodule Pleroma.Web.Router do
     plug(:ap_service_actor)
     plug(:fetch_session)
     plug(:authenticate)
+    plug(Pleroma.Web.Plugs.APClientApiEnabledPlug, allow_server: true)
     plug(:after_auth)
     plug(:http_signature)
   end
diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
@@ -1416,6 +1416,22 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       assert %{"orderedItems" => []} = resp
     end
 
+    test "it does not return a local note activity when C2S API is disabled", %{conn: conn} do
+      clear_config([:activitypub, :client_api_enabled], false)
+      user = insert(:user)
+      reader = insert(:user)
+      {:ok, _note_activity} = CommonAPI.post(user, %{status: "mew mew", visibility: "local"})
+
+      resp =
+        conn
+        |> assign(:user, reader)
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/outbox?page=true")
+        |> json_response(200)
+
+      assert %{"orderedItems" => []} = resp
+    end
+
     test "it returns a note activity in a collection", %{conn: conn} do
       note_activity = insert(:note_activity)
       note_object = Object.normalize(note_activity, fetch: false)
@@ -2144,6 +2160,30 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       |> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
       |> json_response(403)
     end
+
+    test "they don't work when C2S API is disabled", %{conn: conn} do
+      clear_config([:activitypub, :client_api_enabled], false)
+
+      user = insert(:user)
+
+      assert conn
+             |> assign(:user, user)
+             |> get("/api/ap/whoami")
+             |> response(403)
+
+      desc = "Description of the image"
+
+      image = %Plug.Upload{
+        content_type: "image/jpeg",
+        path: Path.absname("test/fixtures/image.jpg"),
+        filename: "an_image.jpg"
+      }
+
+      assert conn
+             |> assign(:user, user)
+             |> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
+             |> response(403)
+    end
   end
 
   test "pinned collection", %{conn: conn} do