Merge branch 'feature/mrf-user-allowlist' into 'develop'

MRF: user allowlist module See merge request pleroma/pleroma!477
2018-11-27 00:12:03 +00:00 · 2018-11-27 00:12:03 +00:00 · 5ae6088d37
parent a76058fc1d 6979eeda34
commit 5ae6088d37
3 changed files with 42 additions and 0 deletions
--- a/config/config.md
+++ b/config/config.md
@ -87,3 +87,16 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
 * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
 * ``ct_max_age``: The maximum age for the `Expect-CT` header if sent
 * ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`.
+
+## :mrf_user_allowlist
+
+The keys in this section are the domain names that the policy should apply to.
+Each key should be assigned a list of users that should be allowed through by
+their ActivityPub ID.
+
+An example:
+
+```
+config :pleroma, :mrf_user_allowlist,
+  "example.org": ["https://example.org/users/admin"]
+```
--- a/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex
+++ b/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex
@ -0,0 +1,23 @@
+defmodule Pleroma.Web.ActivityPub.MRF.UserAllowListPolicy do
+  alias Pleroma.Config
+
+  @behaviour Pleroma.Web.ActivityPub.MRF
+
+  defp filter_by_list(object, []), do: {:ok, object}
+
+  defp filter_by_list(%{"actor" => actor} = object, allow_list) do
+    if actor in allow_list do
+      {:ok, object}
+    else
+      {:reject, nil}
+    end
+  end
+
+  @impl true
+  def filter(object) do
+    actor_info = URI.parse(object["actor"])
+    allow_list = Config.get([:mrf_user_allowlist, String.to_atom(actor_info.host)], [])
+
+    filter_by_list(object, allow_list)
+  end
+end
--- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
+++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex
@ -4,6 +4,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
  alias Pleroma.Stats
  alias Pleroma.Web
  alias Pleroma.{User, Repo}
+  alias Pleroma.Config
  alias Pleroma.Web.ActivityPub.MRF

  plug(Pleroma.Web.FederatingPlug)
@ -52,6 +53,10 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
      |> Repo.all()
      |> Enum.map(fn u -> u.ap_id end)

+    mrf_user_allowlist =
+      Config.get([:mrf_user_allowlist], [])
+      |> Enum.into(%{}, fn {k, v} -> {k, length(v)} end)
+
    mrf_transparency = Keyword.get(instance, :mrf_transparency)

    federation_response =
@ -59,6 +64,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do
        %{
          mrf_policies: mrf_policies,
          mrf_simple: mrf_simple,
+          mrf_user_allowlist: mrf_user_allowlist,
          quarantined_instances: quarantined
        }
      else