logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

simple_policy.ex (11657B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
  6.   @moduledoc "Filter activities depending on their origin instance"
  7.   @behaviour Pleroma.Web.ActivityPub.MRF.Policy
  9.   alias Pleroma.Config
  10.   alias Pleroma.FollowingRelationship
  11.   alias Pleroma.User
  12.   alias Pleroma.Web.ActivityPub.MRF
  14.   require Pleroma.Constants
  16.   defp check_accept(%{host: actor_host} = _actor_info, object) do
  17.     accepts =
  18.       instance_list(:accept)
  19.       |> MRF.subdomains_regex()
  21.     cond do
  22.       accepts == [] -> {:ok, object}
  23.       actor_host == Config.get([Pleroma.Web.Endpoint, :url, :host]) -> {:ok, object}
  24.       MRF.subdomain_match?(accepts, actor_host) -> {:ok, object}
  25.       true -> {:reject, "[SimplePolicy] host not in accept list"}
  26.     end
  27.   end
  29.   defp check_reject(%{host: actor_host} = _actor_info, object) do
  30.     rejects =
  31.       instance_list(:reject)
  32.       |> MRF.subdomains_regex()
  34.     if MRF.subdomain_match?(rejects, actor_host) do
  35.       {:reject, "[SimplePolicy] host in reject list"}
  36.     else
  37.       {:ok, object}
  38.     end
  39.   end
  41.   defp check_media_removal(
  42.          %{host: actor_host} = _actor_info,
  43.          %{"type" => type, "object" => %{"attachment" => child_attachment}} = object
  44.        )
  45.        when length(child_attachment) > 0 and type in ["Create", "Update"] do
  46.     media_removal =
  47.       instance_list(:media_removal)
  48.       |> MRF.subdomains_regex()
  50.     object =
  51.       if MRF.subdomain_match?(media_removal, actor_host) do
  52.         child_object = Map.delete(object["object"], "attachment")
  53.         Map.put(object, "object", child_object)
  54.       else
  55.         object
  56.       end
  58.     {:ok, object}
  59.   end
  61.   defp check_media_removal(_actor_info, object), do: {:ok, object}
  63.   defp check_media_nsfw(
  64.          %{host: actor_host} = _actor_info,
  65.          %{
  66.            "type" => type,
  67.            "object" => %{} = _child_object
  68.          } = object
  69.        )
  70.        when type in ["Create", "Update"] do
  71.     media_nsfw =
  72.       instance_list(:media_nsfw)
  73.       |> MRF.subdomains_regex()
  75.     object =
  76.       if MRF.subdomain_match?(media_nsfw, actor_host) do
  77.         Kernel.put_in(object, ["object", "sensitive"], true)
  78.       else
  79.         object
  80.       end
  82.     {:ok, object}
  83.   end
  85.   defp check_media_nsfw(_actor_info, object), do: {:ok, object}
  87.   defp check_ftl_removal(%{host: actor_host} = _actor_info, object) do
  88.     timeline_removal =
  89.       instance_list(:federated_timeline_removal)
  90.       |> MRF.subdomains_regex()
  92.     object =
  93.       with true <- MRF.subdomain_match?(timeline_removal, actor_host),
  94.            user <- User.get_cached_by_ap_id(object["actor"]),
  95.            true <- Pleroma.Constants.as_public() in object["to"] do
  96.         to = List.delete(object["to"], Pleroma.Constants.as_public()) ++ [user.follower_address]
  98.         cc = List.delete(object["cc"], user.follower_address) ++ [Pleroma.Constants.as_public()]
  100.         object
  101.         |> Map.put("to", to)
  102.         |> Map.put("cc", cc)
  103.       else
  104.         _ -> object
  105.       end
  107.     {:ok, object}
  108.   end
  110.   defp intersection(list1, list2) do
  111.     list1 -- list1 -- list2
  112.   end
  114.   defp check_followers_only(%{host: actor_host} = _actor_info, object) do
  115.     followers_only =
  116.       instance_list(:followers_only)
  117.       |> MRF.subdomains_regex()
  119.     object =
  120.       with true <- MRF.subdomain_match?(followers_only, actor_host),
  121.            user <- User.get_cached_by_ap_id(object["actor"]) do
  122.         # Don't use Map.get/3 intentionally, these must not be nil
  123.         fixed_to = object["to"] || []
  124.         fixed_cc = object["cc"] || []
  126.         to = FollowingRelationship.followers_ap_ids(user, fixed_to)
  127.         cc = FollowingRelationship.followers_ap_ids(user, fixed_cc)
  129.         object
  130.         |> Map.put("to", intersection([user.follower_address | to], fixed_to))
  131.         |> Map.put("cc", intersection([user.follower_address | cc], fixed_cc))
  132.       else
  133.         _ -> object
  134.       end
  136.     {:ok, object}
  137.   end
  139.   defp check_report_removal(%{host: actor_host} = _actor_info, %{"type" => "Flag"} = object) do
  140.     report_removal =
  141.       instance_list(:report_removal)
  142.       |> MRF.subdomains_regex()
  144.     if MRF.subdomain_match?(report_removal, actor_host) do
  145.       {:reject, "[SimplePolicy] host in report_removal list"}
  146.     else
  147.       {:ok, object}
  148.     end
  149.   end
  151.   defp check_report_removal(_actor_info, object), do: {:ok, object}
  153.   defp check_avatar_removal(%{host: actor_host} = _actor_info, %{"icon" => _icon} = object) do
  154.     avatar_removal =
  155.       instance_list(:avatar_removal)
  156.       |> MRF.subdomains_regex()
  158.     if MRF.subdomain_match?(avatar_removal, actor_host) do
  159.       {:ok, Map.delete(object, "icon")}
  160.     else
  161.       {:ok, object}
  162.     end
  163.   end
  165.   defp check_avatar_removal(_actor_info, object), do: {:ok, object}
  167.   defp check_banner_removal(%{host: actor_host} = _actor_info, %{"image" => _image} = object) do
  168.     banner_removal =
  169.       instance_list(:banner_removal)
  170.       |> MRF.subdomains_regex()
  172.     if MRF.subdomain_match?(banner_removal, actor_host) do
  173.       {:ok, Map.delete(object, "image")}
  174.     else
  175.       {:ok, object}
  176.     end
  177.   end
  179.   defp check_banner_removal(_actor_info, object), do: {:ok, object}
  181.   defp check_object(%{"object" => object} = activity) do
  182.     with {:ok, _object} <- filter(object) do
  183.       {:ok, activity}
  184.     end
  185.   end
  187.   defp check_object(object), do: {:ok, object}
  189.   defp instance_list(config_key) do
  190.     Config.get([:mrf_simple, config_key])
  191.     |> MRF.instance_list_from_tuples()
  192.   end
  194.   @impl true
  195.   def id_filter(id) do
  196.     host_info = URI.parse(id)
  198.     with {:ok, _} <- check_accept(host_info, %{}),
  199.          {:ok, _} <- check_reject(host_info, %{}) do
  200.       true
  201.     else
  202.       _ -> false
  203.     end
  204.   end
  206.   @impl true
  207.   def filter(%{"type" => "Delete", "actor" => actor} = object) do
  208.     %{host: actor_host} = URI.parse(actor)
  210.     reject_deletes =
  211.       instance_list(:reject_deletes)
  212.       |> MRF.subdomains_regex()
  214.     if MRF.subdomain_match?(reject_deletes, actor_host) do
  215.       {:reject, "[SimplePolicy] host in reject_deletes list"}
  216.     else
  217.       {:ok, object}
  218.     end
  219.   end
  221.   @impl true
  222.   def filter(%{"actor" => actor} = object) do
  223.     actor_info = URI.parse(actor)
  225.     with {:ok, object} <- check_accept(actor_info, object),
  226.          {:ok, object} <- check_reject(actor_info, object),
  227.          {:ok, object} <- check_media_removal(actor_info, object),
  228.          {:ok, object} <- check_media_nsfw(actor_info, object),
  229.          {:ok, object} <- check_ftl_removal(actor_info, object),
  230.          {:ok, object} <- check_followers_only(actor_info, object),
  231.          {:ok, object} <- check_report_removal(actor_info, object),
  232.          {:ok, object} <- check_object(object) do
  233.       {:ok, object}
  234.     else
  235.       {:reject, nil} -> {:reject, "[SimplePolicy]"}
  236.       {:reject, _} = e -> e
  237.       _ -> {:reject, "[SimplePolicy]"}
  238.     end
  239.   end
  241.   def filter(%{"id" => actor, "type" => obj_type} = object)
  242.       when obj_type in ["Application", "Group", "Organization", "Person", "Service"] do
  243.     actor_info = URI.parse(actor)
  245.     with {:ok, object} <- check_accept(actor_info, object),
  246.          {:ok, object} <- check_reject(actor_info, object),
  247.          {:ok, object} <- check_avatar_removal(actor_info, object),
  248.          {:ok, object} <- check_banner_removal(actor_info, object) do
  249.       {:ok, object}
  250.     else
  251.       {:reject, nil} -> {:reject, "[SimplePolicy]"}
  252.       {:reject, _} = e -> e
  253.       _ -> {:reject, "[SimplePolicy]"}
  254.     end
  255.   end
  257.   def filter(object) when is_binary(object) do
  258.     uri = URI.parse(object)
  260.     with {:ok, object} <- check_accept(uri, object),
  261.          {:ok, object} <- check_reject(uri, object) do
  262.       {:ok, object}
  263.     else
  264.       {:reject, nil} -> {:reject, "[SimplePolicy]"}
  265.       {:reject, _} = e -> e
  266.       _ -> {:reject, "[SimplePolicy]"}
  267.     end
  268.   end
  270.   def filter(object), do: {:ok, object}
  272.   @impl true
  273.   def describe do
  274.     exclusions = Config.get([:mrf, :transparency_exclusions]) |> MRF.instance_list_from_tuples()
  276.     mrf_simple_excluded =
  277.       Config.get(:mrf_simple)
  278.       |> Enum.map(fn {rule, instances} ->
  279.         {rule, Enum.reject(instances, fn {host, _} -> host in exclusions end)}
  280.       end)
  282.     mrf_simple =
  283.       mrf_simple_excluded
  284.       |> Enum.map(fn {rule, instances} ->
  285.         {rule, Enum.map(instances, fn {host, _} -> host end)}
  286.       end)
  287.       |> Map.new()
  289.     # This is for backwards compatibility. We originally didn't sent
  290.     # extra info like a reason why an instance was rejected/quarantined/etc.
  291.     # Because we didn't want to break backwards compatibility it was decided
  292.     # to add an extra "info" key.
  293.     mrf_simple_info =
  294.       mrf_simple_excluded
  295.       |> Enum.map(fn {rule, instances} ->
  296.         {rule, Enum.reject(instances, fn {_, reason} -> reason == "" end)}
  297.       end)
  298.       |> Enum.reject(fn {_, instances} -> instances == [] end)
  299.       |> Enum.map(fn {rule, instances} ->
  300.         instances =
  301.           instances
  302.           |> Enum.map(fn {host, reason} -> {host, %{"reason" => reason}} end)
  303.           |> Map.new()
  305.         {rule, instances}
  306.       end)
  307.       |> Map.new()
  309.     {:ok, %{mrf_simple: mrf_simple, mrf_simple_info: mrf_simple_info}}
  310.   end
  312.   @impl true
  313.   def config_description do
  314.     %{
  315.       key: :mrf_simple,
  316.       related_policy: "Pleroma.Web.ActivityPub.MRF.SimplePolicy",
  317.       label: "MRF Simple",
  318.       description: "Simple ingress policies",
  319.       children:
  320.         [
  321.           %{
  322.             key: :media_removal,
  323.             description:
  324.               "List of instances to strip media attachments from and the reason for doing so"
  325.           },
  326.           %{
  327.             key: :media_nsfw,
  328.             label: "Media NSFW",
  329.             description:
  330.               "List of instances to tag all media as NSFW (sensitive) from and the reason for doing so"
  331.           },
  332.           %{
  333.             key: :federated_timeline_removal,
  334.             description:
  335.               "List of instances to remove from the Federated (aka The Whole Known Network) Timeline and the reason for doing so"
  336.           },
  337.           %{
  338.             key: :reject,
  339.             description:
  340.               "List of instances to reject activities from (except deletes) and the reason for doing so"
  341.           },
  342.           %{
  343.             key: :accept,
  344.             description:
  345.               "List of instances to only accept activities from (except deletes) and the reason for doing so"
  346.           },
  347.           %{
  348.             key: :followers_only,
  349.             description:
  350.               "Force posts from the given instances to be visible by followers only and the reason for doing so"
  351.           },
  352.           %{
  353.             key: :report_removal,
  354.             description: "List of instances to reject reports from and the reason for doing so"
  355.           },
  356.           %{
  357.             key: :avatar_removal,
  358.             description: "List of instances to strip avatars from and the reason for doing so"
  359.           },
  360.           %{
  361.             key: :banner_removal,
  362.             description: "List of instances to strip banners from and the reason for doing so"
  363.           },
  364.           %{
  365.             key: :reject_deletes,
  366.             description: "List of instances to reject deletions from and the reason for doing so"
  367.           }
  368.         ]
  369.         |> Enum.map(fn setting ->
  370.           Map.merge(
  371.             setting,
  372.             %{
  373.               type: {:list, :tuple},
  374.               key_placeholder: "instance",
  375.               value_placeholder: "reason",
  376.               suggestions: [{"example.com", "Some reason"}, {"*.example.com", "Another reason"}]
  377.             }
  378.           )
  379.         end)
  380.     }
  381.   end
  382. end