logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

simple_policy.ex (11560B)


  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  4. defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
  5. @moduledoc "Filter activities depending on their origin instance"
  6. @behaviour Pleroma.Web.ActivityPub.MRF.Policy
  7. alias Pleroma.Config
  8. alias Pleroma.FollowingRelationship
  9. alias Pleroma.User
  10. alias Pleroma.Web.ActivityPub.MRF
  11. require Pleroma.Constants
  12. defp check_accept(%{host: actor_host} = _actor_info, activity) do
  13. accepts =
  14. instance_list(:accept)
  15. |> MRF.subdomains_regex()
  16. cond do
  17. accepts == [] -> {:ok, activity}
  18. actor_host == Config.get([Pleroma.Web.Endpoint, :url, :host]) -> {:ok, activity}
  19. MRF.subdomain_match?(accepts, actor_host) -> {:ok, activity}
  20. true -> {:reject, "[SimplePolicy] host not in accept list"}
  21. end
  22. end
  23. defp check_reject(%{host: actor_host} = _actor_info, activity) do
  24. rejects =
  25. instance_list(:reject)
  26. |> MRF.subdomains_regex()
  27. if MRF.subdomain_match?(rejects, actor_host) do
  28. {:reject, "[SimplePolicy] host in reject list"}
  29. else
  30. {:ok, activity}
  31. end
  32. end
  33. defp check_media_removal(
  34. %{host: actor_host} = _actor_info,
  35. %{"type" => type, "object" => %{"attachment" => object_attachment}} = activity
  36. )
  37. when length(object_attachment) > 0 and type in ["Create", "Update"] do
  38. media_removal =
  39. instance_list(:media_removal)
  40. |> MRF.subdomains_regex()
  41. activity =
  42. if MRF.subdomain_match?(media_removal, actor_host) do
  43. object = Map.delete(activity["object"], "attachment")
  44. Map.put(activity, "object", object)
  45. else
  46. activity
  47. end
  48. {:ok, activity}
  49. end
  50. defp check_media_removal(_actor_info, activity), do: {:ok, activity}
  51. defp check_media_nsfw(
  52. %{host: actor_host} = _actor_info,
  53. %{
  54. "type" => type,
  55. "object" => %{} = _object
  56. } = activity
  57. )
  58. when type in ["Create", "Update"] do
  59. media_nsfw =
  60. instance_list(:media_nsfw)
  61. |> MRF.subdomains_regex()
  62. activity =
  63. if MRF.subdomain_match?(media_nsfw, actor_host) do
  64. Kernel.put_in(activity, ["object", "sensitive"], true)
  65. else
  66. activity
  67. end
  68. {:ok, activity}
  69. end
  70. defp check_media_nsfw(_actor_info, activity), do: {:ok, activity}
  71. defp check_ftl_removal(%{host: actor_host} = _actor_info, activity) do
  72. timeline_removal =
  73. instance_list(:federated_timeline_removal)
  74. |> MRF.subdomains_regex()
  75. activity =
  76. with true <- MRF.subdomain_match?(timeline_removal, actor_host),
  77. user <- User.get_cached_by_ap_id(activity["actor"]),
  78. true <- Pleroma.Constants.as_public() in activity["to"] do
  79. to = List.delete(activity["to"], Pleroma.Constants.as_public()) ++ [user.follower_address]
  80. cc = List.delete(activity["cc"], user.follower_address) ++ [Pleroma.Constants.as_public()]
  81. activity
  82. |> Map.put("to", to)
  83. |> Map.put("cc", cc)
  84. else
  85. _ -> activity
  86. end
  87. {:ok, activity}
  88. end
  89. defp intersection(list1, list2) do
  90. list1 -- list1 -- list2
  91. end
  92. defp check_followers_only(%{host: actor_host} = _actor_info, activity) do
  93. followers_only =
  94. instance_list(:followers_only)
  95. |> MRF.subdomains_regex()
  96. activity =
  97. with true <- MRF.subdomain_match?(followers_only, actor_host),
  98. user <- User.get_cached_by_ap_id(activity["actor"]) do
  99. # Don't use Map.get/3 intentionally, these must not be nil
  100. fixed_to = activity["to"] || []
  101. fixed_cc = activity["cc"] || []
  102. to = FollowingRelationship.followers_ap_ids(user, fixed_to)
  103. cc = FollowingRelationship.followers_ap_ids(user, fixed_cc)
  104. activity
  105. |> Map.put("to", intersection([user.follower_address | to], fixed_to))
  106. |> Map.put("cc", intersection([user.follower_address | cc], fixed_cc))
  107. else
  108. _ -> activity
  109. end
  110. {:ok, activity}
  111. end
  112. defp check_report_removal(%{host: actor_host} = _actor_info, %{"type" => "Flag"} = activity) do
  113. report_removal =
  114. instance_list(:report_removal)
  115. |> MRF.subdomains_regex()
  116. if MRF.subdomain_match?(report_removal, actor_host) do
  117. {:reject, "[SimplePolicy] host in report_removal list"}
  118. else
  119. {:ok, activity}
  120. end
  121. end
  122. defp check_report_removal(_actor_info, activity), do: {:ok, activity}
  123. defp check_avatar_removal(%{host: actor_host} = _actor_info, %{"icon" => _icon} = activity) do
  124. avatar_removal =
  125. instance_list(:avatar_removal)
  126. |> MRF.subdomains_regex()
  127. if MRF.subdomain_match?(avatar_removal, actor_host) do
  128. {:ok, Map.delete(activity, "icon")}
  129. else
  130. {:ok, activity}
  131. end
  132. end
  133. defp check_avatar_removal(_actor_info, activity), do: {:ok, activity}
  134. defp check_banner_removal(%{host: actor_host} = _actor_info, %{"image" => _image} = activity) do
  135. banner_removal =
  136. instance_list(:banner_removal)
  137. |> MRF.subdomains_regex()
  138. if MRF.subdomain_match?(banner_removal, actor_host) do
  139. {:ok, Map.delete(activity, "image")}
  140. else
  141. {:ok, activity}
  142. end
  143. end
  144. defp check_banner_removal(_actor_info, activity), do: {:ok, activity}
  145. defp check_object(%{"object" => object} = activity) do
  146. with {:ok, _object} <- filter(object) do
  147. {:ok, activity}
  148. end
  149. end
  150. defp check_object(activity), do: {:ok, activity}
  151. defp instance_list(config_key) do
  152. Config.get([:mrf_simple, config_key])
  153. |> MRF.instance_list_from_tuples()
  154. end
  155. @impl true
  156. def id_filter(id) do
  157. host_info = URI.parse(id)
  158. with {:ok, _} <- check_accept(host_info, %{}),
  159. {:ok, _} <- check_reject(host_info, %{}) do
  160. true
  161. else
  162. _ -> false
  163. end
  164. end
  165. @impl true
  166. def filter(%{"type" => "Delete", "actor" => actor} = activity) do
  167. %{host: actor_host} = URI.parse(actor)
  168. reject_deletes =
  169. instance_list(:reject_deletes)
  170. |> MRF.subdomains_regex()
  171. if MRF.subdomain_match?(reject_deletes, actor_host) do
  172. {:reject, "[SimplePolicy] host in reject_deletes list"}
  173. else
  174. {:ok, activity}
  175. end
  176. end
  177. @impl true
  178. def filter(%{"actor" => actor} = activity) do
  179. actor_info = URI.parse(actor)
  180. with {:ok, activity} <- check_accept(actor_info, activity),
  181. {:ok, activity} <- check_reject(actor_info, activity),
  182. {:ok, activity} <- check_media_removal(actor_info, activity),
  183. {:ok, activity} <- check_media_nsfw(actor_info, activity),
  184. {:ok, activity} <- check_ftl_removal(actor_info, activity),
  185. {:ok, activity} <- check_followers_only(actor_info, activity),
  186. {:ok, activity} <- check_report_removal(actor_info, activity),
  187. {:ok, activity} <- check_object(activity) do
  188. {:ok, activity}
  189. else
  190. {:reject, _} = e -> e
  191. end
  192. end
  193. def filter(%{"id" => actor, "type" => actor_type} = activity)
  194. when actor_type in ["Application", "Group", "Organization", "Person", "Service"] do
  195. actor_info = URI.parse(actor)
  196. with {:ok, activity} <- check_accept(actor_info, activity),
  197. {:ok, activity} <- check_reject(actor_info, activity),
  198. {:ok, activity} <- check_avatar_removal(actor_info, activity),
  199. {:ok, activity} <- check_banner_removal(actor_info, activity) do
  200. {:ok, activity}
  201. else
  202. {:reject, _} = e -> e
  203. end
  204. end
  205. def filter(activity) when is_binary(activity) do
  206. uri = URI.parse(activity)
  207. with {:ok, activity} <- check_accept(uri, activity),
  208. {:ok, activity} <- check_reject(uri, activity) do
  209. {:ok, activity}
  210. else
  211. {:reject, _} = e -> e
  212. end
  213. end
  214. def filter(activity), do: {:ok, activity}
  215. @impl true
  216. def describe do
  217. exclusions = Config.get([:mrf, :transparency_exclusions]) |> MRF.instance_list_from_tuples()
  218. mrf_simple_excluded =
  219. Config.get(:mrf_simple)
  220. |> Enum.map(fn {rule, instances} ->
  221. {rule, Enum.reject(instances, fn {host, _} -> host in exclusions end)}
  222. end)
  223. mrf_simple =
  224. mrf_simple_excluded
  225. |> Enum.map(fn {rule, instances} ->
  226. {rule, Enum.map(instances, fn {host, _} -> host end)}
  227. end)
  228. |> Map.new()
  229. # This is for backwards compatibility. We originally didn't sent
  230. # extra info like a reason why an instance was rejected/quarantined/etc.
  231. # Because we didn't want to break backwards compatibility it was decided
  232. # to add an extra "info" key.
  233. mrf_simple_info =
  234. mrf_simple_excluded
  235. |> Enum.map(fn {rule, instances} ->
  236. {rule, Enum.reject(instances, fn {_, reason} -> reason == "" end)}
  237. end)
  238. |> Enum.reject(fn {_, instances} -> instances == [] end)
  239. |> Enum.map(fn {rule, instances} ->
  240. instances =
  241. instances
  242. |> Enum.map(fn {host, reason} -> {host, %{"reason" => reason}} end)
  243. |> Map.new()
  244. {rule, instances}
  245. end)
  246. |> Map.new()
  247. {:ok, %{mrf_simple: mrf_simple, mrf_simple_info: mrf_simple_info}}
  248. end
  249. @impl true
  250. def config_description do
  251. %{
  252. key: :mrf_simple,
  253. related_policy: "Pleroma.Web.ActivityPub.MRF.SimplePolicy",
  254. label: "MRF Simple",
  255. description: "Simple ingress policies",
  256. children:
  257. [
  258. %{
  259. key: :media_removal,
  260. description:
  261. "List of instances to strip media attachments from and the reason for doing so"
  262. },
  263. %{
  264. key: :media_nsfw,
  265. label: "Media NSFW",
  266. description:
  267. "List of instances to tag all media as NSFW (sensitive) from and the reason for doing so"
  268. },
  269. %{
  270. key: :federated_timeline_removal,
  271. description:
  272. "List of instances to remove from the Federated (aka The Whole Known Network) Timeline and the reason for doing so"
  273. },
  274. %{
  275. key: :reject,
  276. description:
  277. "List of instances to reject activities from (except deletes) and the reason for doing so"
  278. },
  279. %{
  280. key: :accept,
  281. description:
  282. "List of instances to only accept activities from (except deletes) and the reason for doing so"
  283. },
  284. %{
  285. key: :followers_only,
  286. description:
  287. "Force posts from the given instances to be visible by followers only and the reason for doing so"
  288. },
  289. %{
  290. key: :report_removal,
  291. description: "List of instances to reject reports from and the reason for doing so"
  292. },
  293. %{
  294. key: :avatar_removal,
  295. description: "List of instances to strip avatars from and the reason for doing so"
  296. },
  297. %{
  298. key: :banner_removal,
  299. description: "List of instances to strip banners from and the reason for doing so"
  300. },
  301. %{
  302. key: :reject_deletes,
  303. description: "List of instances to reject deletions from and the reason for doing so"
  304. }
  305. ]
  306. |> Enum.map(fn setting ->
  307. Map.merge(
  308. setting,
  309. %{
  310. type: {:list, :tuple},
  311. key_placeholder: "instance",
  312. value_placeholder: "reason",
  313. suggestions: [{"example.com", "Some reason"}, {"*.example.com", "Another reason"}]
  314. }
  315. )
  316. end)
  317. }
  318. end
  319. end