logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git
commit: fa8e2ffa3f493d5b2911507b0ac06094615e9d8f
parent 60deddb7e5b8bb10037cca6e6f11a5bbef298d39
Author: Alex Gleason <alex@alexgleason.me>
Date:   Sun,  6 Feb 2022 18:25:14 +0000

Merge branch 'max_media_attachments' into 'develop'

Allow specifying max media attachment count

Closes #2665

See merge request pleroma/pleroma!3630

Diffstat:

Mconfig/config.exs3++-
Mconfig/description.exs8++++++++
Mlib/pleroma/web/common_api/activity_draft.ex7++++++-
Mlib/pleroma/web/common_api/utils.ex15+++++++++++++++
Mlib/pleroma/web/mastodon_api/views/instance_view.ex1+
Mtest/pleroma/web/common_api_test.exs26++++++++++++++++++++++++++
6 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/config/config.exs b/config/config.exs @@ -259,7 +259,8 @@ config :pleroma, :instance, privileged_staff: false, max_endorsed_users: 20, birthday_required: false, - birthday_min_age: 0 + birthday_min_age: 0, + max_media_attachments: 1_000 config :pleroma, :welcome, direct_message: [ diff --git a/config/description.exs b/config/description.exs @@ -553,6 +553,14 @@ config :pleroma, :config_description, [ ] }, %{ + key: :max_media_attachments, + type: :integer, + description: "Maximum number of post media attachments", + suggestions: [ + 1_000_000 + ] + }, + %{ key: :upload_limit, type: :integer, description: "File size limit of uploads (except for avatar, background, banner)", diff --git a/lib/pleroma/web/common_api/activity_draft.ex b/lib/pleroma/web/common_api/activity_draft.ex @@ -112,7 +112,12 @@ defmodule Pleroma.Web.CommonAPI.ActivityDraft do defp attachments(%{params: params} = draft) do attachments = Utils.attachments_from_ids(params) - %__MODULE__{draft | attachments: attachments} + draft = %__MODULE__{draft | attachments: attachments} + + case Utils.validate_attachments_count(attachments) do + :ok -> draft + {:error, message} -> add_error(draft, message) + end end defp in_reply_to(%{params: %{in_reply_to_status_id: ""}} = draft), do: draft diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex @@ -492,4 +492,19 @@ defmodule Pleroma.Web.CommonAPI.Utils do {:error, dgettext("errors", "The status is over the character limit")} end end + + def validate_attachments_count([] = _attachments) do + :ok + end + + def validate_attachments_count(attachments) do + limit = Config.get([:instance, :max_media_attachments]) + count = length(attachments) + + if count <= limit do + :ok + else + {:error, dgettext("errors", "Too many attachments")} + end + end end diff --git a/lib/pleroma/web/mastodon_api/views/instance_view.ex b/lib/pleroma/web/mastodon_api/views/instance_view.ex @@ -31,6 +31,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceView do approval_required: Keyword.get(instance, :account_approval_required), # Extra (not present in Mastodon): max_toot_chars: Keyword.get(instance, :limit), + max_media_attachments: Keyword.get(instance, :max_media_attachments), poll_limits: Keyword.get(instance, :poll_limits), upload_limit: Keyword.get(instance, :upload_limit), avatar_upload_limit: Keyword.get(instance, :avatar_upload_limit), diff --git a/test/pleroma/web/common_api_test.exs b/test/pleroma/web/common_api_test.exs @@ -683,6 +683,32 @@ defmodule Pleroma.Web.CommonAPITest do assert {:ok, _activity} = CommonAPI.post(user, %{status: "12345"}) end + test "it validates media attachment limits are correctly enforced" do + clear_config([:instance, :max_media_attachments], 4) + + user = insert(:user) + + file = %Plug.Upload{ + content_type: "image/jpeg", + path: Path.absname("test/fixtures/image.jpg"), + filename: "an_image.jpg" + } + + {:ok, upload} = ActivityPub.upload(file, actor: user.ap_id) + + assert {:error, "Too many attachments"} = + CommonAPI.post(user, %{ + status: "", + media_ids: List.duplicate(upload.id, 5) + }) + + assert {:ok, _activity} = + CommonAPI.post(user, %{ + status: "", + media_ids: [upload.id] + }) + end + test "it can handle activities that expire" do user = insert(:user)