From 8c05d19c7f1bd7ec61052df4fe9bad328d84a51b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 26 Nov 2018 23:23:43 +0000 Subject: [PATCH 1/3] MRF: add user allowlist module --- .../web/activity_pub/mrf/user_allowlist.ex | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 lib/pleroma/web/activity_pub/mrf/user_allowlist.ex diff --git a/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex b/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex new file mode 100644 index 000000000..3503d8692 --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex @@ -0,0 +1,23 @@ +defmodule Pleroma.Web.ActivityPub.MRF.UserAllowListPolicy do + alias Pleroma.Config + + @behaviour Pleroma.Web.ActivityPub.MRF + + defp filter_by_list(object, []), do: {:ok, object} + + defp filter_by_list(%{"actor" => actor} = object, allow_list) do + if actor in allow_list do + {:ok, object} + else + {:reject, nil} + end + end + + @impl true + def filter(object) do + actor_info = URI.parse(object["actor"]) + allow_list = Config.get([:mrf_user_allowlist, String.to_atom(actor_info.host)], []) + + filter_by_list(object, allow_list) + end +end From 271f9f1335cfbb4b2b93c696b16c74dc3a73c756 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 26 Nov 2018 23:42:24 +0000 Subject: [PATCH 2/3] nodeinfo: add mrf_user_allowlist data --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 151db0bb7..2ea75cf16 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do alias Pleroma.Stats alias Pleroma.Web alias Pleroma.{User, Repo} + alias Pleroma.Config alias Pleroma.Web.ActivityPub.MRF plug(Pleroma.Web.FederatingPlug) @@ -52,6 +53,10 @@ def nodeinfo(conn, %{"version" => "2.0"}) do |> Repo.all() |> Enum.map(fn u -> u.ap_id end) + mrf_user_allowlist = + Config.get([:mrf_user_allowlist], []) + |> Enum.into(%{}, fn {k, v} -> {k, length(v)} end) + mrf_transparency = Keyword.get(instance, :mrf_transparency) federation_response = @@ -59,6 +64,7 @@ def nodeinfo(conn, %{"version" => "2.0"}) do %{ mrf_policies: mrf_policies, mrf_simple: mrf_simple, + mrf_user_allowlist: mrf_user_allowlist, quarantined_instances: quarantined } else From 6979eeda34a7c9c201c0816f322c3a29c6d947e6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 26 Nov 2018 23:54:46 +0000 Subject: [PATCH 3/3] config: document mrf_user_allowlist --- config/config.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/config/config.md b/config/config.md index 5b4110646..c843bca5d 100644 --- a/config/config.md +++ b/config/config.md @@ -87,3 +87,16 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent * ``ct_max_age``: The maximum age for the `Expect-CT` header if sent * ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`. + +## :mrf_user_allowlist + +The keys in this section are the domain names that the policy should apply to. +Each key should be assigned a list of users that should be allowed through by +their ActivityPub ID. + +An example: + +``` +config :pleroma, :mrf_user_allowlist, + "example.org": ["https://example.org/users/admin"] +```