From 97253df3ee0b38256ac19ebfafebbc69b162b14c Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 00:53:37 +0000 Subject: [PATCH 1/3] MRF: simple policy: contain media removal/nsfw ops to create activities only --- lib/pleroma/web/activity_pub/mrf/simple_policy.ex | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex index 7fecb8a4f..49caef5b2 100644 --- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex @@ -23,7 +23,8 @@ defp check_reject(actor_info, object) do end @media_removal Keyword.get(@mrf_policy, :media_removal) - defp check_media_removal(actor_info, object) do + defp check_media_removal(actor_info, %{"type" => activity_type} = object) + when activity_type == "Create" do if actor_info.host in @media_removal do child_object = Map.delete(object["object"], "attachment") object = Map.put(object, "object", child_object) @@ -33,8 +34,11 @@ defp check_media_removal(actor_info, object) do end end + defp check_media_removal(actor_info, object), do: {:ok, object} + @media_nsfw Keyword.get(@mrf_policy, :media_nsfw) - defp check_media_nsfw(actor_info, object) do + defp check_media_nsfw(actor_info, %{"type" => activity_type} = object) + when activity_type == "Create" do child_object = object["object"] if actor_info.host in @media_nsfw and child_object["attachment"] != nil and @@ -49,6 +53,8 @@ defp check_media_nsfw(actor_info, object) do end end + defp check_media_nsfw(actor_info, object), do: {:ok, object} + @ftl_removal Keyword.get(@mrf_policy, :federated_timeline_removal) defp check_ftl_removal(actor_info, object) do if actor_info.host in @ftl_removal do From 88094c266d74acccc6efa304dc0bd85638849a87 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 01:06:44 +0000 Subject: [PATCH 2/3] MRF: simple policy: refactor module to use guards and pattern matching --- .../web/activity_pub/mrf/simple_policy.ex | 107 ++++++++---------- 1 file changed, 49 insertions(+), 58 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex index 49caef5b2..319721d48 100644 --- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex @@ -5,86 +5,77 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do @mrf_policy Application.get_env(:pleroma, :mrf_simple) @accept Keyword.get(@mrf_policy, :accept) - defp check_accept(actor_info, object) do - if length(@accept) > 0 and not (actor_info.host in @accept) do - {:reject, nil} - else - {:ok, object} - end + defp check_accept(%{host: actor_host} = actor_info, object) + when length(@accept) > 0 and not (actor_host in @accept) do + {:reject, nil} end + defp check_accept(actor_info, object), do: {:ok, object} + @reject Keyword.get(@mrf_policy, :reject) - defp check_reject(actor_info, object) do - if actor_info.host in @reject do - {:reject, nil} - else - {:ok, object} - end + defp check_reject(%{host: actor_host} = actor_info, object) when actor_host in @reject do + {:reject, nil} end + defp check_reject(actor_info, object), do: {:ok, object} + @media_removal Keyword.get(@mrf_policy, :media_removal) - defp check_media_removal(actor_info, %{"type" => activity_type} = object) - when activity_type == "Create" do - if actor_info.host in @media_removal do - child_object = Map.delete(object["object"], "attachment") - object = Map.put(object, "object", child_object) - {:ok, object} - else - {:ok, object} - end + defp check_media_removal(%{host: actor_host} = actor_info, %{"type" => "Create"} = object) + when actor_host in @media_removal do + child_object = Map.delete(object["object"], "attachment") + object = Map.put(object, "object", child_object) + {:ok, object} end defp check_media_removal(actor_info, object), do: {:ok, object} @media_nsfw Keyword.get(@mrf_policy, :media_nsfw) - defp check_media_nsfw(actor_info, %{"type" => activity_type} = object) - when activity_type == "Create" do - child_object = object["object"] - - if actor_info.host in @media_nsfw and child_object["attachment"] != nil and - length(child_object["attachment"]) > 0 do - tags = (child_object["tag"] || []) ++ ["nsfw"] - child_object = Map.put(child_object, "tags", tags) - child_object = Map.put(child_object, "sensitive", true) - object = Map.put(object, "object", child_object) - {:ok, object} - else - {:ok, object} - end + defp check_media_nsfw( + %{host: actor_host} = actor_info, + %{ + "type" => "Create", + "object" => %{"attachment" => child_attachment} = child_object + } = object + ) + when actor_host in @media_nsfw and length(child_attachment) > 0 do + tags = (child_object["tag"] || []) ++ ["nsfw"] + child_object = Map.put(child_object, "tags", tags) + child_object = Map.put(child_object, "sensitive", true) + object = Map.put(object, "object", child_object) + {:ok, object} end defp check_media_nsfw(actor_info, object), do: {:ok, object} @ftl_removal Keyword.get(@mrf_policy, :federated_timeline_removal) - defp check_ftl_removal(actor_info, object) do - if actor_info.host in @ftl_removal do - user = User.get_by_ap_id(object["actor"]) + defp check_ftl_removal(%{host: actor_host} = actor_info, object) + when actor_host in @ftl_removal do + user = User.get_by_ap_id(object["actor"]) - # flip to/cc relationship to make the post unlisted - object = - if "https://www.w3.org/ns/activitystreams#Public" in object["to"] and - user.follower_address in object["cc"] do - to = - List.delete(object["to"], "https://www.w3.org/ns/activitystreams#Public") ++ - [user.follower_address] + # flip to/cc relationship to make the post unlisted + object = + if "https://www.w3.org/ns/activitystreams#Public" in object["to"] and + user.follower_address in object["cc"] do + to = + List.delete(object["to"], "https://www.w3.org/ns/activitystreams#Public") ++ + [user.follower_address] - cc = - List.delete(object["cc"], user.follower_address) ++ - ["https://www.w3.org/ns/activitystreams#Public"] + cc = + List.delete(object["cc"], user.follower_address) ++ + ["https://www.w3.org/ns/activitystreams#Public"] - object - |> Map.put("to", to) - |> Map.put("cc", cc) - else - object - end + object + |> Map.put("to", to) + |> Map.put("cc", cc) + else + object + end - {:ok, object} - else - {:ok, object} - end + {:ok, object} end + defp check_ftl_removal(actor_info, object), do: {:ok, object} + @impl true def filter(object) do actor_info = URI.parse(object["actor"]) From e0b8c0ccba57cb8f920929c61b64c523f431edec Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 10 Sep 2018 01:13:38 +0000 Subject: [PATCH 3/3] MRF: reject non-public: use pattern match to remove unnecessary if block --- .../web/activity_pub/mrf/reject_non_public.ex | 65 +++++++++---------- 1 file changed, 32 insertions(+), 33 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex b/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex index b6936fe90..129d04617 100644 --- a/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex +++ b/lib/pleroma/web/activity_pub/mrf/reject_non_public.ex @@ -7,43 +7,42 @@ defmodule Pleroma.Web.ActivityPub.MRF.RejectNonPublic do @allow_direct Keyword.get(@mrf_rejectnonpublic, :allow_direct) @impl true - def filter(object) do - if object["type"] == "Create" do - user = User.get_cached_by_ap_id(object["actor"]) - public = "https://www.w3.org/ns/activitystreams#Public" + def filter(%{"type" => "Create"} = object) do + user = User.get_cached_by_ap_id(object["actor"]) + public = "https://www.w3.org/ns/activitystreams#Public" - # Determine visibility - visibility = - cond do - public in object["to"] -> "public" - public in object["cc"] -> "unlisted" - user.follower_address in object["to"] -> "followers" - true -> "direct" + # Determine visibility + visibility = + cond do + public in object["to"] -> "public" + public in object["cc"] -> "unlisted" + user.follower_address in object["to"] -> "followers" + true -> "direct" + end + + case visibility do + "public" -> + {:ok, object} + + "unlisted" -> + {:ok, object} + + "followers" -> + with true <- @allow_followersonly do + {:ok, object} + else + _e -> {:reject, nil} end - case visibility do - "public" -> + "direct" -> + with true <- @allow_direct do {:ok, object} - - "unlisted" -> - {:ok, object} - - "followers" -> - with true <- @allow_followersonly do - {:ok, object} - else - _e -> {:reject, nil} - end - - "direct" -> - with true <- @allow_direct do - {:ok, object} - else - _e -> {:reject, nil} - end - end - else - {:ok, object} + else + _e -> {:reject, nil} + end end end + + @impl true + def filter(object), do: {:ok, object} end