[#2046] Defaulted pleroma/restrict_unauthenticated basing on instance privacy setting (i.e. restrict on private instances only by default).

This commit is contained in:
Ivan Tashkinov 2020-08-14 20:55:45 +03:00
parent 33e508d7c6
commit 95529ab709
7 changed files with 31 additions and 37 deletions

View file

@ -725,10 +725,12 @@ config :pleroma, :hackney_pools,
timeout: 300_000 timeout: 300_000
] ]
private_instance? = :if_instance_is_private
config :pleroma, :restrict_unauthenticated, config :pleroma, :restrict_unauthenticated,
timelines: %{local: false, federated: false}, timelines: %{local: private_instance?, federated: private_instance?},
profiles: %{local: false, remote: false}, profiles: %{local: private_instance?, remote: private_instance?},
activities: %{local: false, remote: false} activities: %{local: private_instance?, remote: private_instance?}
config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false

View file

@ -81,6 +81,16 @@ defmodule Pleroma.Config do
Application.delete_env(:pleroma, key) Application.delete_env(:pleroma, key)
end end
def restrict_unauthenticated_access?(resource, kind) do
setting = get([:restrict_unauthenticated, resource, kind])
if setting in [nil, :if_instance_is_private] do
!get!([:instance, :public])
else
setting
end
end
def oauth_consumer_strategies, do: get([:auth, :oauth_consumer_strategies], []) def oauth_consumer_strategies, do: get([:auth, :oauth_consumer_strategies], [])
def oauth_consumer_enabled?, do: oauth_consumer_strategies() != [] def oauth_consumer_enabled?, do: oauth_consumer_strategies() != []

View file

@ -311,10 +311,12 @@ defmodule Pleroma.User do
def visible_for(_, _), do: :invisible def visible_for(_, _), do: :invisible
defp restrict_unauthenticated?(%User{local: local}) do defp restrict_unauthenticated?(%User{local: true}) do
config_key = if local, do: :local, else: :remote Config.restrict_unauthenticated_access?(:profiles, :local)
end
Config.get([:restrict_unauthenticated, :profiles, config_key], false) defp restrict_unauthenticated?(%User{local: _}) do
Config.restrict_unauthenticated_access?(:profiles, :remote)
end end
defp visible_account_status(user) do defp visible_account_status(user) do

View file

@ -59,12 +59,9 @@ defmodule Pleroma.Web.ActivityPub.Visibility do
end end
def visible_for_user?(%{local: local} = activity, nil) do def visible_for_user?(%{local: local} = activity, nil) do
cfg_key = cfg_key = if local, do: :local, else: :remote
if local,
do: :local,
else: :remote
if Pleroma.Config.get([:restrict_unauthenticated, :activities, cfg_key]), if Pleroma.Config.restrict_unauthenticated_access?(:activities, cfg_key),
do: false, do: false,
else: is_public?(activity) else: is_public?(activity)
end end

View file

@ -8,6 +8,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
import Pleroma.Web.ControllerHelper, import Pleroma.Web.ControllerHelper,
only: [add_link_headers: 2, add_link_headers: 3] only: [add_link_headers: 2, add_link_headers: 3]
alias Pleroma.Config
alias Pleroma.Pagination alias Pleroma.Pagination
alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.Plugs.OAuthScopesPlug
@ -89,11 +90,11 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
end end
defp restrict_unauthenticated?(true = _local_only) do defp restrict_unauthenticated?(true = _local_only) do
Pleroma.Config.get([:restrict_unauthenticated, :timelines, :local]) Config.restrict_unauthenticated_access?(:timelines, :local)
end end
defp restrict_unauthenticated?(_) do defp restrict_unauthenticated?(_) do
Pleroma.Config.get([:restrict_unauthenticated, :timelines, :federated]) Config.restrict_unauthenticated_access?(:timelines, :federated)
end end
# GET /api/v1/timelines/public # GET /api/v1/timelines/public

View file

@ -16,7 +16,7 @@ defmodule Pleroma.Web.Preload.Providers.Timelines do
end end
def build_public_tag(acc, params) do def build_public_tag(acc, params) do
if Pleroma.Config.get([:restrict_unauthenticated, :timelines, :federated], true) do if Pleroma.Config.restrict_unauthenticated_access?(:timelines, :federated) do
acc acc
else else
Map.put(acc, @public_url, public_timeline(params)) Map.put(acc, @public_url, public_timeline(params))

View file

@ -12,16 +12,8 @@ defmodule Pleroma.Web.Preload.Providers.TimelineTest do
@public_url "/api/v1/timelines/public" @public_url "/api/v1/timelines/public"
describe "unauthenticated timeliness when restricted" do describe "unauthenticated timeliness when restricted" do
setup do setup do: clear_config([:restrict_unauthenticated, :timelines, :local], true)
svd_config = Pleroma.Config.get([:restrict_unauthenticated, :timelines]) setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], true)
Pleroma.Config.put([:restrict_unauthenticated, :timelines], %{local: true, federated: true})
on_exit(fn ->
Pleroma.Config.put([:restrict_unauthenticated, :timelines], svd_config)
end)
:ok
end
test "return nothing" do test "return nothing" do
tl_data = Timelines.generate_terms(%{}) tl_data = Timelines.generate_terms(%{})
@ -31,20 +23,10 @@ defmodule Pleroma.Web.Preload.Providers.TimelineTest do
end end
describe "unauthenticated timeliness when unrestricted" do describe "unauthenticated timeliness when unrestricted" do
setup do setup do: clear_config([:restrict_unauthenticated, :timelines, :local], false)
svd_config = Pleroma.Config.get([:restrict_unauthenticated, :timelines]) setup do: clear_config([:restrict_unauthenticated, :timelines, :federated], false)
Pleroma.Config.put([:restrict_unauthenticated, :timelines], %{ setup do: {:ok, user: insert(:user)}
local: false,
federated: false
})
on_exit(fn ->
Pleroma.Config.put([:restrict_unauthenticated, :timelines], svd_config)
end)
{:ok, user: insert(:user)}
end
test "returns the timeline when not restricted" do test "returns the timeline when not restricted" do
assert Timelines.generate_terms(%{}) assert Timelines.generate_terms(%{})