Mark instances as unreachable when returning a 403 from an object fetch

This is a definite sign the instance is blocked and they are enforcing authorized_fetch
This commit is contained in:
Mark Felder 2023-12-26 15:54:14 -05:00 committed by Floatingghost
parent ac4cc619ea
commit 4c29366fe5
3 changed files with 34 additions and 0 deletions

View file

@ -181,6 +181,15 @@ def fetch_object_from_id(id, options \\ []) do
{:fetch_object, %Object{} = object} -> {:fetch_object, %Object{} = object} ->
{:ok, object} {:ok, object}
{:fetch, {:error, {:ok, %Tesla.Env{status: 403}}}} ->
Instances.set_consistently_unreachable(id)
Logger.error(
"Error while fetching #{id}: HTTP 403 likely due to instance block rejecting the signed fetch."
)
{:error, "Object fetch has been denied"}
{:fetch, {:error, error}} -> {:fetch, {:error, error}} ->
Logger.error("Error while fetching #{id}: #{inspect(error)}") Logger.error("Error while fetching #{id}: #{inspect(error)}")
{:error, error} {:error, error}

View file

@ -10,5 +10,16 @@ defmodule Pleroma.Workers.RemoteFetcherWorker do
@impl Oban.Worker @impl Oban.Worker
def perform(%Job{args: %{"op" => "fetch_remote", "id" => id} = args}) do def perform(%Job{args: %{"op" => "fetch_remote", "id" => id} = args}) do
{:ok, _object} = Fetcher.fetch_object_from_id(id, depth: args["depth"]) {:ok, _object} = Fetcher.fetch_object_from_id(id, depth: args["depth"])
case Fetcher.fetch_object_from_id(id, depth: args["depth"]) do
{:ok, _object} ->
:ok
{:error, reason = "Object fetch has been denied"} ->
{:cancel, reason}
_ ->
:error
end
end end
end end

View file

@ -57,6 +57,8 @@ defp spoofed_object_with_ids(
body: spoofed_object_with_ids("https://patch.cx/objects/spoof_content_type") body: spoofed_object_with_ids("https://patch.cx/objects/spoof_content_type")
} }
%{method: :get, url: "https://octodon.social/users/cwebber/statuses/111647596861000656"} ->
%Tesla.Env{status: 403}
# Spoof: mismatching ids # Spoof: mismatching ids
# Variant 1: Non-exisitng fake id # Variant 1: Non-exisitng fake id
%{ %{
@ -417,6 +419,18 @@ test "handle HTTP 404 response" do
) )
end end
test "handle HTTP 403 response" do
object_id = "https://octodon.social/users/cwebber/statuses/111647596861000656"
Instances.set_reachable(object_id)
assert Instances.reachable?(object_id)
assert {:error, "Object fetch has been denied"} ==
Fetcher.fetch_object_from_id(object_id)
refute Instances.reachable?(object_id)
end
test "it can fetch pleroma polls with attachments" do test "it can fetch pleroma polls with attachments" do
{:ok, object} = {:ok, object} =
Fetcher.fetch_object_from_id("https://patch.cx/objects/tesla_mock/poll_attachment") Fetcher.fetch_object_from_id("https://patch.cx/objects/tesla_mock/poll_attachment")