Add some hard limits on inserted activities.
This commit is contained in:
parent
922abcda61
commit
5811e65e67
|
@ -98,7 +98,8 @@
|
|||
name: "Pleroma",
|
||||
email: "example@example.com",
|
||||
description: "A Pleroma instance, an alternative fediverse server",
|
||||
limit: 5000,
|
||||
limit: 5_000,
|
||||
remote_limit: 10_000,
|
||||
upload_limit: 16_000_000,
|
||||
avatar_upload_limit: 2_000_000,
|
||||
background_upload_limit: 4_000_000,
|
||||
|
|
|
@ -63,6 +63,7 @@ config :pleroma, Pleroma.Mailer,
|
|||
* `email`: Email used to reach an Administrator/Moderator of the instance
|
||||
* `description`: The instance’s description, can be seen in nodeinfo and ``/api/v1/instance``
|
||||
* `limit`: Posts character limit (CW/Subject included in the counter)
|
||||
* `remote_limit`: Hard character limit beyond which remote posts will be dropped.
|
||||
* `upload_limit`: File size limit of uploads (except for avatar, background, banner)
|
||||
* `avatar_upload_limit`: File size limit of user’s profile avatars
|
||||
* `background_upload_limit`: File size limit of user’s profile backgrounds
|
||||
|
|
|
@ -56,10 +56,18 @@ defp check_actor_is_active(actor) do
|
|||
end
|
||||
end
|
||||
|
||||
defp check_remote_limit(%{"object" => %{"content" => content}}) do
|
||||
limit = Pleroma.Config.get([:instance, :remote_limit])
|
||||
String.length(content) <= limit
|
||||
end
|
||||
|
||||
defp check_remote_limit(_), do: true
|
||||
|
||||
def insert(map, local \\ true) when is_map(map) do
|
||||
with nil <- Activity.normalize(map),
|
||||
map <- lazy_put_activity_defaults(map),
|
||||
:ok <- check_actor_is_active(map["actor"]),
|
||||
{_, true} <- {:remote_limit_error, check_remote_limit(map)},
|
||||
{:ok, map} <- MRF.filter(map),
|
||||
:ok <- insert_full_object(map) do
|
||||
{recipients, _, _} = get_recipients(map)
|
||||
|
|
|
@ -31,6 +31,24 @@ test "it returns a user" do
|
|||
end
|
||||
|
||||
describe "insertion" do
|
||||
test "drops activities beyond a certain limit" do
|
||||
limit = Pleroma.Config.get([:instance, :remote_limit])
|
||||
|
||||
random_text =
|
||||
:crypto.strong_rand_bytes(limit + 1)
|
||||
|> Base.encode64()
|
||||
|> binary_part(0, limit + 1)
|
||||
|
||||
data = %{
|
||||
"ok" => true,
|
||||
"object" => %{
|
||||
"content" => random_text
|
||||
}
|
||||
}
|
||||
|
||||
assert {:error, {:remote_limit_error, _}} = ActivityPub.insert(data)
|
||||
end
|
||||
|
||||
test "returns the activity if one with the same id is already in" do
|
||||
activity = insert(:note_activity)
|
||||
{:ok, new_activity} = ActivityPub.insert(activity.data)
|
||||
|
|
Loading…
Reference in New Issue