diff --git a/CHANGELOG.md b/CHANGELOG.md
index f0783d489..7548a546a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -47,6 +47,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- MRF: Support for priming the mediaproxy cache (`Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`)
- MRF: Support for excluding specific domains from Transparency.
- MRF: Support for filtering posts based on who they mention (`Pleroma.Web.ActivityPub.MRF.MentionPolicy`)
+- MRF: Support for filtering posts based on ActivityStreams vocabulary (`Pleroma.Web.ActivityPub.MRF.VocabularyPolicy`)
- MRF (Simple Policy): Support for wildcard domains.
- Support for wildcard domains in user domain blocks setting.
- Configuration: `quarantined_instances` support wildcard domains.
diff --git a/config/config.exs b/config/config.exs
index b7047a039..758661120 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -338,6 +338,10 @@
config :pleroma, :mrf_subchain, match_actor: %{}
+config :pleroma, :mrf_vocabulary,
+ accept: [],
+ reject: []
+
config :pleroma, :rich_media,
enabled: true,
ignore_hosts: [],
diff --git a/docs/config.md b/docs/config.md
index e5c3f08fa..20311db54 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -103,6 +103,7 @@ config :pleroma, Pleroma.Emails.Mailer,
* `Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicy`: Rejects posts from likely spambots by rejecting posts from new users that contain links.
* `Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`: Crawls attachments using their MediaProxy URLs so that the MediaProxy cache is primed.
* `Pleroma.Web.ActivityPub.MRF.MentionPolicy`: Drops posts mentioning configurable users. (see `:mrf_mention` section)
+ * `Pleroma.Web.ActivityPub.MRF.VocabularyPolicy`: Restricts activities to a configured set of vocabulary. (see `:mrf_vocabulary` section)
* `public`: Makes the client API in authentificated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network.
* `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send.
* `managed_config`: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json``
@@ -278,6 +279,10 @@ config :pleroma, :mrf_subchain,
## :mrf_mention
* `actors`: A list of actors, for which to drop any posts mentioning.
+## :mrf_vocabulary
+* `accept`: A list of ActivityStreams terms to accept. If empty, all supported messages are accepted.
+* `reject`: A list of ActivityStreams terms to reject. If empty, no messages are rejected.
+
## :media_proxy
* `enabled`: Enables proxying of remote media to the instance’s proxy
* `base_url`: The base URL to access a user-uploaded file. Useful when you want to proxy the media files via another host/CDN fronts.
diff --git a/lib/pleroma/web/activity_pub/mrf/vocabulary_policy.ex b/lib/pleroma/web/activity_pub/mrf/vocabulary_policy.ex
new file mode 100644
index 000000000..74da8d57e
--- /dev/null
+++ b/lib/pleroma/web/activity_pub/mrf/vocabulary_policy.ex
@@ -0,0 +1,36 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.VocabularyPolicy do
+ @moduledoc "Filter messages which belong to certain activity vocabularies"
+
+ @behaviour Pleroma.Web.ActivityPub.MRF
+
+ def filter(%{"type" => "Undo", "object" => child_message} = message) do
+ with {:ok, _} <- filter(child_message) do
+ {:ok, message}
+ else
+ {:reject, nil} ->
+ {:reject, nil}
+ end
+ end
+
+ def filter(%{"type" => message_type} = message) do
+ with accepted_vocabulary <- Pleroma.Config.get([:mrf_vocabulary, :accept]),
+ rejected_vocabulary <- Pleroma.Config.get([:mrf_vocabulary, :reject]),
+ true <-
+ length(accepted_vocabulary) == 0 || Enum.member?(accepted_vocabulary, message_type),
+ false <-
+ length(rejected_vocabulary) > 0 && Enum.member?(rejected_vocabulary, message_type),
+ {:ok, _} <- filter(message["object"]) do
+ {:ok, message}
+ else
+ _ -> {:reject, nil}
+ end
+ end
+
+ def filter(message), do: {:ok, message}
+
+ def describe, do: {:ok, %{mrf_vocabulary: Pleroma.Config.get(:mrf_vocabulary)}}
+end
diff --git a/test/web/activity_pub/mrf/vocabulary_policy_test.exs b/test/web/activity_pub/mrf/vocabulary_policy_test.exs
new file mode 100644
index 000000000..c3b11d7a1
--- /dev/null
+++ b/test/web/activity_pub/mrf/vocabulary_policy_test.exs
@@ -0,0 +1,123 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ActivityPub.MRF.VocabularyPolicyTest do
+ use Pleroma.DataCase
+
+ alias Pleroma.Web.ActivityPub.MRF.VocabularyPolicy
+
+ describe "accept" do
+ test "it accepts based on parent activity type" do
+ config = Pleroma.Config.get([:mrf_vocabulary, :accept])
+ Pleroma.Config.put([:mrf_vocabulary, :accept], ["Like"])
+
+ message = %{
+ "type" => "Like",
+ "object" => "whatever"
+ }
+
+ {:ok, ^message} = VocabularyPolicy.filter(message)
+
+ Pleroma.Config.put([:mrf_vocabulary, :accept], config)
+ end
+
+ test "it accepts based on child object type" do
+ config = Pleroma.Config.get([:mrf_vocabulary, :accept])
+ Pleroma.Config.put([:mrf_vocabulary, :accept], ["Create", "Note"])
+
+ message = %{
+ "type" => "Create",
+ "object" => %{
+ "type" => "Note",
+ "content" => "whatever"
+ }
+ }
+
+ {:ok, ^message} = VocabularyPolicy.filter(message)
+
+ Pleroma.Config.put([:mrf_vocabulary, :accept], config)
+ end
+
+ test "it does not accept disallowed child objects" do
+ config = Pleroma.Config.get([:mrf_vocabulary, :accept])
+ Pleroma.Config.put([:mrf_vocabulary, :accept], ["Create", "Note"])
+
+ message = %{
+ "type" => "Create",
+ "object" => %{
+ "type" => "Article",
+ "content" => "whatever"
+ }
+ }
+
+ {:reject, nil} = VocabularyPolicy.filter(message)
+
+ Pleroma.Config.put([:mrf_vocabulary, :accept], config)
+ end
+
+ test "it does not accept disallowed parent types" do
+ config = Pleroma.Config.get([:mrf_vocabulary, :accept])
+ Pleroma.Config.put([:mrf_vocabulary, :accept], ["Announce", "Note"])
+
+ message = %{
+ "type" => "Create",
+ "object" => %{
+ "type" => "Note",
+ "content" => "whatever"
+ }
+ }
+
+ {:reject, nil} = VocabularyPolicy.filter(message)
+
+ Pleroma.Config.put([:mrf_vocabulary, :accept], config)
+ end
+ end
+
+ describe "reject" do
+ test "it rejects based on parent activity type" do
+ config = Pleroma.Config.get([:mrf_vocabulary, :reject])
+ Pleroma.Config.put([:mrf_vocabulary, :reject], ["Like"])
+
+ message = %{
+ "type" => "Like",
+ "object" => "whatever"
+ }
+
+ {:reject, nil} = VocabularyPolicy.filter(message)
+
+ Pleroma.Config.put([:mrf_vocabulary, :reject], config)
+ end
+
+ test "it rejects based on child object type" do
+ config = Pleroma.Config.get([:mrf_vocabulary, :reject])
+ Pleroma.Config.put([:mrf_vocabulary, :reject], ["Note"])
+
+ message = %{
+ "type" => "Create",
+ "object" => %{
+ "type" => "Note",
+ "content" => "whatever"
+ }
+ }
+
+ {:reject, nil} = VocabularyPolicy.filter(message)
+
+ Pleroma.Config.put([:mrf_vocabulary, :reject], config)
+ end
+
+ test "it passes through objects that aren't disallowed" do
+ config = Pleroma.Config.get([:mrf_vocabulary, :reject])
+ Pleroma.Config.put([:mrf_vocabulary, :reject], ["Like"])
+
+ message = %{
+ "type" => "Announce",
+ "object" => "whatever"
+ }
+
+ {:ok, ^message} = VocabularyPolicy.filter(message)
+
+ Pleroma.Config.put([:mrf_vocabulary, :reject], config)
+ end
+ end
+end