AkkomaGang/akkoma
AkkomaGang/akkoma
16
70
Fork 113
Code Issues 150 Pull requests 22 Projects 2 Releases 22 Packages Wiki Activity

Merge pull request 'Fetcher: Only check SimplePolicy rules when policy is enabled' (#1044) from mkljczk/akkoma:fetcher-simple-policy into develop
All checks were successful
ci/woodpecker/push/docs Pipeline was successful
Details
ci/woodpecker/push/publish/4 Pipeline was successful
Details
ci/woodpecker/push/publish/1 Pipeline was successful
Details
ci/woodpecker/push/publish/2 Pipeline was successful
Details

Browse source 
Reviewed-on: #1044
Reviewed-by: Oneric <oneric@noreply.akkoma>
This commit is contained in:
Oneric 2026-02-18 13:37:27 +00:00
commit 7c0deab8c5
2 changed files with 30 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

28
lib/pleroma/object/fetcher.ex
View file

@ -10,6 +10,7 @@ defmodule Pleroma.Object.Fetcher do
alias Pleroma.Object.Containment
alias Pleroma.Repo
alias Pleroma.Web.ActivityPub.InternalFetchActor
alias Pleroma.Web.ActivityPub.MRF
alias Pleroma.Web.ActivityPub.ObjectValidator
alias Pleroma.Web.ActivityPub.Transmogrifier
alias Pleroma.Web.Federator
@ -138,10 +139,7 @@ defmodule Pleroma.Object.Fetcher do
{:valid_uri_scheme, true} <-
{:valid_uri_scheme, uri.scheme == "http" or uri.scheme == "https"},
# If we have instance restrictions, apply them here to prevent fetching from unwanted instances
{:mrf_reject_check, {:ok, nil}} <-
{:mrf_reject_check, Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_reject(uri)},
{:mrf_accept_check, {:ok, _}} <-
{:mrf_accept_check, Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_accept(uri)},
{_, {:ok, _}} <- {:mrf_check, maybe_restrict_uri_mrf(uri)},
{_, nil} <- {:fetch_object, Object.get_cached_by_ap_id(id)},
{_, true} <- {:allowed_depth, Federator.allowed_thread_distance?(options[:depth])},
{_, {:ok, data}} <- {:fetch, fetch_and_contain_remote_object_from_id(id)},
@ -161,11 +159,7 @@ defmodule Pleroma.Object.Fetcher do
log_fetch_error(id, e)
{:error, :invalid_uri_scheme}
{:mrf_reject_check, _} = e ->
log_fetch_error(id, e)
{:reject, :mrf}
{:mrf_accept_check, _} = e ->
{:mrf_check, _} = e ->
log_fetch_error(id, e)
{:reject, :mrf}
@ -213,6 +207,17 @@ defmodule Pleroma.Object.Fetcher do
Logger.error("Object rejected while fetching #{id} #{inspect(error)}")
end
defp maybe_restrict_uri_mrf(uri) do
with {:enabled, true} <- {:enabled, MRF.SimplePolicy in MRF.get_policies()},
{:ok, _} <- MRF.SimplePolicy.check_reject(uri),
{:ok, _} <- MRF.SimplePolicy.check_accept(uri) do
{:ok, nil}
else
{:enabled, false} -> {:ok, nil}
{:reject, reason} -> {:reject, reason}
end
end
defp prepare_activity_params(data) do
%{
"type" => "Create",
@ -298,10 +303,7 @@ defmodule Pleroma.Object.Fetcher do
with {:valid_uri_scheme, true} <- {:valid_uri_scheme, String.starts_with?(id, "http")},
%URI{} = uri <- URI.parse(id),
{:mrf_reject_check, {:ok, nil}} <-
{:mrf_reject_check, Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_reject(uri)},
{:mrf_accept_check, {:ok, _}} <-
{:mrf_accept_check, Pleroma.Web.ActivityPub.MRF.SimplePolicy.check_accept(uri)},
{_, {:ok, _}} <- {:mrf_check, maybe_restrict_uri_mrf(uri)},
{:local_fetch, :ok} <- {:local_fetch, Containment.contain_local_fetch(id)},
{:ok, final_id, body} <- get_object(id),
# a canonical ID shouldn't be a redirect

15
test/pleroma/object/fetcher_test.exs
View file

@ -352,14 +352,29 @@ defmodule Pleroma.Object.FetcherTest do
test "does not fetch anything from a rejected instance" do
clear_config([:mrf_simple, :reject], [{"evil.example.org", "i said so"}])
clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.SimplePolicy])
assert {:reject, _} =
Fetcher.fetch_object_from_id("http://evil.example.org/@admin/99541947525187367")
end
test "fetches from a rejected instance when mrf_simple is off" do
clear_config([:mrf_simple, :reject], [
{"mastodon.example.org", "forgot the reason, will disable for now"}
])
clear_config([:mrf, :policies], [])
assert {:ok, _object} =
Fetcher.fetch_object_from_id(
"http://mastodon.example.org/@admin/99541947525187367"
)
end
test "does not fetch anything if mrf_simple accept is on" do
clear_config([:mrf_simple, :accept], [{"mastodon.example.org", "i said so"}])
clear_config([:mrf_simple, :reject], [])
clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.SimplePolicy])
assert {:reject, _} =
Fetcher.fetch_object_from_id(