Merge branch 'features/mrf-id_filter' into 'develop'

Add id_filter to MRFs See merge request pleroma/pleroma!3858
2024-05-18 09:42:40 +00:00 · 2024-04-20 09:08:22 +00:00 · 2024-04-20 09:08:22 +00:00 · b7cb885960
parent 50af909c01 b183d31eb9
commit b7cb885960
7 changed files with 48 additions and 1 deletions
--- a/changelog.d/mrf-id_filter.add
+++ b/changelog.d/mrf-id_filter.add
@ -0,0 +1 @@
+Add `id_filter` to MRF to filter URLs and their domain prior to fetching
--- a/lib/pleroma/object/fetcher.ex
+++ b/lib/pleroma/object/fetcher.ex
@ -168,6 +168,7 @@ defmodule Pleroma.Object.Fetcher do
    Logger.debug("Fetching object #{id} via AP")

    with {:scheme, true} <- {:scheme, String.starts_with?(id, "http")},
+         {_, true} <- {:mrf, MRF.id_filter(id)},
         {:ok, body} <- get_object(id),
         {:ok, data} <- safe_json_decode(body),
         :ok <- Containment.contain_origin_from_id(id, data) do
@ -183,6 +184,9 @@ defmodule Pleroma.Object.Fetcher do
      {:error, e} ->
        {:error, e}

+      {:mrf, false} ->
+        {:error, {:reject, "Filtered by id"}}
+
      e ->
        {:error, e}
    end
--- a/lib/pleroma/web/activity_pub/mrf.ex
+++ b/lib/pleroma/web/activity_pub/mrf.ex
@ -108,6 +108,14 @@ defmodule Pleroma.Web.ActivityPub.MRF do

  def filter(%{} = object), do: get_policies() |> filter(object)

+  def id_filter(policies, id) when is_binary(id) do
+    policies
+    |> Enum.filter(&function_exported?(&1, :id_filter, 1))
+    |> Enum.all?(& &1.id_filter(id))
+  end
+
+  def id_filter(id) when is_binary(id), do: get_policies() |> id_filter(id)
+
  @impl true
  def pipeline_filter(%{} = message, meta) do
    object = meta[:object_data]
--- a/lib/pleroma/web/activity_pub/mrf/drop_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/drop_policy.ex
@ -13,6 +13,12 @@ defmodule Pleroma.Web.ActivityPub.MRF.DropPolicy do
    {:reject, object}
  end

+  @impl true
+  def id_filter(id) do
+    Logger.debug("REJECTING #{id}")
+    false
+  end
+
  @impl true
  def describe, do: {:ok, %{}}
 end
--- a/lib/pleroma/web/activity_pub/mrf/policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/policy.ex
@ -4,6 +4,7 @@

 defmodule Pleroma.Web.ActivityPub.MRF.Policy do
  @callback filter(map()) :: {:ok | :reject, map()}
+  @callback id_filter(String.t()) :: boolean()
  @callback describe() :: {:ok | :error, map()}
  @callback config_description() :: %{
              optional(:children) => [map()],
@ -13,5 +14,5 @@ defmodule Pleroma.Web.ActivityPub.MRF.Policy do
              description: String.t()
            }
  @callback history_awareness() :: :auto | :manual
-  @optional_callbacks config_description: 0, history_awareness: 0
+  @optional_callbacks config_description: 0, history_awareness: 0, id_filter: 1
 end
--- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
+++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex
@ -191,6 +191,18 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do
    |> MRF.instance_list_from_tuples()
  end

+  @impl true
+  def id_filter(id) do
+    host_info = URI.parse(id)
+
+    with {:ok, _} <- check_accept(host_info, %{}),
+         {:ok, _} <- check_reject(host_info, %{}) do
+      true
+    else
+      _ -> false
+    end
+  end
+
  @impl true
  def filter(%{"type" => "Delete", "actor" => actor} = object) do
    %{host: actor_host} = URI.parse(actor)
--- a/test/pleroma/web/activity_pub/mrf/simple_policy_test.exs
+++ b/test/pleroma/web/activity_pub/mrf/simple_policy_test.exs
@ -252,6 +252,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
      remote_message = build_remote_message()

      assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
+      assert SimplePolicy.id_filter(remote_message["actor"])
    end

    test "activity has a matching host" do
@ -260,6 +261,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
      remote_message = build_remote_message()

      assert {:reject, _} = SimplePolicy.filter(remote_message)
+      refute SimplePolicy.id_filter(remote_message["actor"])
    end

    test "activity matches with wildcard domain" do
@ -268,6 +270,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
      remote_message = build_remote_message()

      assert {:reject, _} = SimplePolicy.filter(remote_message)
+      refute SimplePolicy.id_filter(remote_message["actor"])
    end

    test "actor has a matching host" do
@ -276,6 +279,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
      remote_user = build_remote_user()

      assert {:reject, _} = SimplePolicy.filter(remote_user)
+      refute SimplePolicy.id_filter(remote_user["id"])
    end

    test "reject Announce when object would be rejected" do
@ -288,6 +292,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
      }

      assert {:reject, _} = SimplePolicy.filter(announce)
+      # Note: Non-Applicable for id_filter/1
    end

    test "reject by URI object" do
@ -300,6 +305,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
      }

      assert {:reject, _} = SimplePolicy.filter(announce)
+      # Note: Non-Applicable for id_filter/1
    end
  end

@ -370,6 +376,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do

      assert SimplePolicy.filter(local_message) == {:ok, local_message}
      assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
+      assert SimplePolicy.id_filter(local_message["actor"])
+      assert SimplePolicy.id_filter(remote_message["actor"])
    end

    test "is not empty but activity doesn't have a matching host" do
@ -380,6 +388,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do

      assert SimplePolicy.filter(local_message) == {:ok, local_message}
      assert {:reject, _} = SimplePolicy.filter(remote_message)
+      assert SimplePolicy.id_filter(local_message["actor"])
+      refute SimplePolicy.id_filter(remote_message["actor"])
    end

    test "activity has a matching host" do
@ -390,6 +400,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do

      assert SimplePolicy.filter(local_message) == {:ok, local_message}
      assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
+      assert SimplePolicy.id_filter(local_message["actor"])
+      assert SimplePolicy.id_filter(remote_message["actor"])
    end

    test "activity matches with wildcard domain" do
@ -400,6 +412,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do

      assert SimplePolicy.filter(local_message) == {:ok, local_message}
      assert SimplePolicy.filter(remote_message) == {:ok, remote_message}
+      assert SimplePolicy.id_filter(local_message["actor"])
+      assert SimplePolicy.id_filter(remote_message["actor"])
    end

    test "actor has a matching host" do
@ -408,6 +422,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do
      remote_user = build_remote_user()

      assert SimplePolicy.filter(remote_user) == {:ok, remote_user}
+      assert SimplePolicy.id_filter(remote_user["id"])
    end
  end
				`@ -0,0 +1 @@`
				Add `id_filter` to MRF to filter URLs and their domain prior to fetching