Mark instances as unreachable when returning a 403 from an object fetch
This is a definite sign the instance is blocked and they are enforcing authorized_fetch
This commit is contained in:
parent
ac4cc619ea
commit
4c29366fe5
3 changed files with 34 additions and 0 deletions
|
@ -181,6 +181,15 @@ def fetch_object_from_id(id, options \\ []) do
|
|||
{:fetch_object, %Object{} = object} ->
|
||||
{:ok, object}
|
||||
|
||||
{:fetch, {:error, {:ok, %Tesla.Env{status: 403}}}} ->
|
||||
Instances.set_consistently_unreachable(id)
|
||||
|
||||
Logger.error(
|
||||
"Error while fetching #{id}: HTTP 403 likely due to instance block rejecting the signed fetch."
|
||||
)
|
||||
|
||||
{:error, "Object fetch has been denied"}
|
||||
|
||||
{:fetch, {:error, error}} ->
|
||||
Logger.error("Error while fetching #{id}: #{inspect(error)}")
|
||||
{:error, error}
|
||||
|
|
|
@ -10,5 +10,16 @@ defmodule Pleroma.Workers.RemoteFetcherWorker do
|
|||
@impl Oban.Worker
|
||||
def perform(%Job{args: %{"op" => "fetch_remote", "id" => id} = args}) do
|
||||
{:ok, _object} = Fetcher.fetch_object_from_id(id, depth: args["depth"])
|
||||
|
||||
case Fetcher.fetch_object_from_id(id, depth: args["depth"]) do
|
||||
{:ok, _object} ->
|
||||
:ok
|
||||
|
||||
{:error, reason = "Object fetch has been denied"} ->
|
||||
{:cancel, reason}
|
||||
|
||||
_ ->
|
||||
:error
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -57,6 +57,8 @@ defp spoofed_object_with_ids(
|
|||
body: spoofed_object_with_ids("https://patch.cx/objects/spoof_content_type")
|
||||
}
|
||||
|
||||
%{method: :get, url: "https://octodon.social/users/cwebber/statuses/111647596861000656"} ->
|
||||
%Tesla.Env{status: 403}
|
||||
# Spoof: mismatching ids
|
||||
# Variant 1: Non-exisitng fake id
|
||||
%{
|
||||
|
@ -417,6 +419,18 @@ test "handle HTTP 404 response" do
|
|||
)
|
||||
end
|
||||
|
||||
test "handle HTTP 403 response" do
|
||||
object_id = "https://octodon.social/users/cwebber/statuses/111647596861000656"
|
||||
Instances.set_reachable(object_id)
|
||||
|
||||
assert Instances.reachable?(object_id)
|
||||
|
||||
assert {:error, "Object fetch has been denied"} ==
|
||||
Fetcher.fetch_object_from_id(object_id)
|
||||
|
||||
refute Instances.reachable?(object_id)
|
||||
end
|
||||
|
||||
test "it can fetch pleroma polls with attachments" do
|
||||
{:ok, object} =
|
||||
Fetcher.fetch_object_from_id("https://patch.cx/objects/tesla_mock/poll_attachment")
|
||||
|
|
Loading…
Reference in a new issue