Merge branch 'feature/hellthread-mitigation' into 'develop'

implement hellthread mitigation

Closes #474

See merge request pleroma/pleroma!588

config/config.exs

@@ -163,6 +163,8 @@
   allow_followersonly: false,
   allow_direct: false
 
+config :pleroma, :mrf_hellthread, threshold: 10
+
 config :pleroma, :mrf_simple,
   media_removal: [],
   media_nsfw: [],

docs/config.md

@@ -121,6 +121,9 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
 * `allow_followersonly`: whether to allow followers-only posts
 * `allow_direct`: whether to allow direct messages
 
+## :mrf_hellthread
+* `threshold`: Number of mentioned users after which the message gets discarded as spam
+
 ## :media_proxy
 * `enabled`: Enables proxying of remote media to the instance’s proxy
 * `base_url`: The base URL to access a user-uploaded file. Useful when you want to proxy the media files via another host/CDN fronts.

lib/pleroma/web/activity_pub/mrf/hellthread_policy.ex

@@ -0,0 +1,18 @@
+defmodule Pleroma.Web.ActivityPub.MRF.HellthreadPolicy do
+  @behaviour Pleroma.Web.ActivityPub.MRF
+
+  @impl true
+  def filter(%{"type" => "Create"} = object) do
+    threshold = Pleroma.Config.get([:mrf_hellthread, :threshold])
+    recipients = (object["to"] || []) ++ (object["cc"] || [])
+
+    if length(recipients) > threshold do
+      {:reject, nil}
+    else
+      {:ok, object}
+    end
+  end
+
+  @impl true
+  def filter(object), do: {:ok, object}
+end