FoundKeyGang/FoundKey
FoundKeyGang/FoundKey
7
19
Fork 22
Code Issues 37 Pull requests 4 Releases Activity

server: block subdomains of a blocked host #259

Closed
norm wants to merge 7 commits from wildcard-block into main
pull from: wildcard-block
merge into: FoundKeyGang:main
Conversation 6 Commits 7 Files changed 5 +42 -26
norm commented 2022-12-01 06:43:34 +00:00
Owner
Copy link

For example, if blocked.tld is blocked, then so is iam.blocked.tld.

Changelog: Changed

For example, if `blocked.tld` is blocked, then so is `iam.blocked.tld`. Changelog: Changed
norm commented 2022-12-01 06:44:31 +00:00
Author
Owner
Copy link

Hopefully I got where all of the blocked host checks were done, but let me know if there's any I missed.

Also if there's a better way to do this, that would be appeciated as well.

Hopefully I got where all of the blocked host checks were done, but let me know if there's any I missed. Also if there's a better way to do this, that would be appeciated as well.
norm force-pushed wildcard-block from 496094c4b8 to e8783d52b1 2022-12-01 06:46:29 +00:00 Compare
Johann150 commented 2022-12-01 06:50:15 +00:00
Owner
Copy link

I think it would be a better idea to replace all checks with a function, similar to shouldSkipInstance. That way if we want to change it in the future we don't have to search everything again.

I'm also not sure if we should always do this or if we should use an explicit * instead.

i18n.ts.blockedInstancesDescription should also be adjusted to reflect the new meaning.

I think it would be a better idea to replace all checks with a function, similar to `shouldSkipInstance`. That way if we want to change it in the future we don't have to search everything again. I'm also not sure if we should always do this or if we should use an explicit `*` instead. `i18n.ts.blockedInstancesDescription` should also be adjusted to reflect the new meaning.
norm force-pushed wildcard-block from e8783d52b1 to e64fe1c04d 2022-12-01 07:11:49 +00:00 Compare
norm commented 2022-12-01 07:13:16 +00:00
Author
Owner
Copy link

I decided to just use shouldSkipInstance since it does what all of those previous checks did.

I decided to just use `shouldSkipInstance` since it does what all of those previous checks did.
Johann150 commented 2022-12-01 07:20:23 +00:00
Owner
Copy link

Using that is a very bad idea in queue/processors/inbox because it would mean you can never unblock an instance if it was blocked more than the dead instance threshold. Currently, if an instance sends something our way, the instance will no longer be detected as dead because the lastCommunicatedAt will be updated. Blocking an instance from sending us something if they are dead disallows this. It needs to be a separate function.

Using that is a very bad idea in `queue/processors/inbox` because it would mean you can never unblock an instance if it was blocked more than the dead instance threshold. Currently, if an instance sends something our way, the instance will no longer be detected as dead because the `lastCommunicatedAt` will be updated. Blocking an instance from sending us something if they are dead disallows this. It needs to be a separate function.
norm force-pushed wildcard-block from e64fe1c04d to 1765caa7c5 2022-12-01 07:42:30 +00:00 Compare
norm force-pushed wildcard-block from 1765caa7c5 to 0f709026b1 2022-12-01 07:44:18 +00:00 Compare
norm added 1 commit 2022-12-01 07:47:05 +00:00
use correct types for sameOrSubdomainOf
All checks were successful
ci/woodpecker/push/build Pipeline was successful
Details
ci/woodpecker/push/lint-backend Pipeline was successful
Details
ci/woodpecker/push/lint-client Pipeline was successful
Details
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
b3e01fcd6a
norm commented 2022-12-01 07:49:36 +00:00
Author
Owner
Copy link

Good point, I made a separate function for that.

Good point, I made a separate function for that.
norm added 1 commit 2022-12-01 07:57:49 +00:00
fix sql to also match subdomain
Some checks failed
ci/woodpecker/push/lint-client Pipeline was successful
Details
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/push/lint-backend Pipeline was successful
Details
ci/woodpecker/push/build Pipeline was successful
Details
ci/woodpecker/pr/lint-backend Pipeline failed
Details
ci/woodpecker/pr/build Pipeline was successful
Details
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/pr/lint-client Pipeline failed
Details
ci/woodpecker/pr/test Pipeline failed
Details
c97c29ad0f
norm added 1 commit 2022-12-01 08:02:25 +00:00
replace skipped.includes with some(sameOrSubdomainOf)
Some checks failed
ci/woodpecker/push/build Pipeline was successful
Details
ci/woodpecker/push/lint-backend Pipeline was successful
Details
ci/woodpecker/push/lint-client Pipeline was successful
Details
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/pr/build Pipeline was successful
Details
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/pr/lint-backend Pipeline failed
Details
ci/woodpecker/pr/lint-client Pipeline failed
Details
ci/woodpecker/pr/test Pipeline failed
Details
154a0de60f
norm added 1 commit 2022-12-01 08:06:18 +00:00
simplify sql squery
Some checks failed
ci/woodpecker/push/build Pipeline was successful
Details
ci/woodpecker/push/lint-backend Pipeline was successful
Details
ci/woodpecker/push/lint-client Pipeline was successful
Details
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/pr/build Pipeline was successful
Details
ci/woodpecker/pr/lint-backend Pipeline failed
Details
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/pr/lint-client Pipeline failed
Details
ci/woodpecker/pr/test Pipeline failed
Details
1b6361f289
Johann150 requested changes 2022-12-01 08:11:16 +00:00
packages/backend/src/misc/skipped-instances.ts Outdated
@ -12,0 +29,4 @@
return true;
}
const result = await db.query('SELECT "host" FROM instance WHERE ("host" = $1 OR "host" LIKE \'%.\' || $1) AND "isSuspended"', [
Johann150 commented 2022-12-01 08:11:09 +00:00
Owner
Copy link

Being suspended does not mean incoming activities will be dropped.

Being suspended does not mean incoming activities will be dropped.
norm marked this conversation as resolved
norm added 1 commit 2022-12-01 08:20:29 +00:00
only check meta.blockedHosts
Some checks failed
ci/woodpecker/push/build Pipeline was successful
Details
ci/woodpecker/push/lint-backend Pipeline was successful
Details
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/push/lint-client Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
ci/woodpecker/pr/build Pipeline was successful
Details
ci/woodpecker/pr/lint-backend Pipeline failed
Details
ci/woodpecker/pr/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/pr/lint-client Pipeline failed
Details
ci/woodpecker/pr/test Pipeline failed
Details
492c116510
Johann150 reviewed 2022-12-01 08:29:02 +00:00
Johann150 left a comment
Owner
Copy link

I'm still thinking about using a * placeholder because it could also allow to block all hosts that start with misskey-forkbomb... 🤔

I'm still thinking about using a `*` placeholder because it could also allow to block all hosts that start with `misskey-forkbomb`... 🤔
packages/backend/src/misc/skipped-instances.ts Outdated
@ -20,3 +39,3 @@
const { blockedHosts } = await fetchMeta();
const skipped = hosts.filter(host => blockedHosts.includes(host));
const skipped = hosts.filter(host => blockedHosts.some(blockedHost => sameOrSubdomainOf(host, blockedHost)));
Johann150 commented 2022-12-01 08:27:53 +00:00
Owner
Copy link
-	const skipped = hosts.filter(host => blockedHosts.some(blockedHost => sameOrSubdomainOf(host, blockedHost)));
+	const skipped = hosts.filter(host => shouldBlockInstance(host));
```diff - const skipped = hosts.filter(host => blockedHosts.some(blockedHost => sameOrSubdomainOf(host, blockedHost))); + const skipped = hosts.filter(host => shouldBlockInstance(host)); ```
norm marked this conversation as resolved
norm added 1 commit 2022-12-01 08:36:09 +00:00
apply suggestion
All checks were successful
ci/woodpecker/push/lint-client Pipeline was successful
Details
ci/woodpecker/push/build Pipeline was successful
Details
ci/woodpecker/push/lint-backend Pipeline was successful
Details
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details
d3cf94b602
norm commented 2022-12-01 09:23:12 +00:00
Author
Owner
Copy link

Closed in favour of #260

Closed in favour of #260
norm closed this pull request 2022-12-01 09:23:12 +00:00
norm deleted branch wildcard-block 2022-12-01 09:23:16 +00:00
All checks were successful
ci/woodpecker/push/lint-client Pipeline was successful
Details
ci/woodpecker/push/build Pipeline was successful
Details
ci/woodpecker/push/lint-backend Pipeline was successful
Details
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
Details
ci/woodpecker/push/test Pipeline was successful
Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Johann150
Labels
Clear labels   
feature

task that proposes new feature(s)

  
fix

task to fix behavioral problems in the FoundKey codebase

  
upkeep

task that should make FoundKey smaller and more maintainable

No labels
feature
fix
upkeep
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: FoundKeyGang/FoundKey#259
No description provided.
Delete branch "wildcard-block"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?