diff --git a/.gitignore b/.gitignore index 2858cefd5..3fbf17ba8 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ /*.ez /uploads /test/uploads +/.elixir_ls # Prevent committing custom emojis /priv/static/emoji/custom/* @@ -22,3 +23,6 @@ erl_crash.dump # Database setup file, some may forget to delete it /config/setup_db.psql + +.DS_Store +.env \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 35029c8f0..46fa1c74c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,6 +7,7 @@ variables: POSTGRES_DB: pleroma_test POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres + DB_HOST: postgres stages: - lint diff --git a/config/config.exs b/config/config.exs index 68c054457..d3f9cf6e4 100644 --- a/config/config.exs +++ b/config/config.exs @@ -52,7 +52,15 @@ limit: 5000, upload_limit: 16_000_000, registrations_open: true, - federating: true + federating: true, + rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy, + public: true + +config :pleroma, :mrf_simple, + media_removal: [], + media_nsfw: [], + federated_timeline_removal: [], + reject: [] config :pleroma, :media_proxy, enabled: false, diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index c77fd6816..207674999 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -104,7 +104,7 @@ def update_changeset(struct, params \\ %{}) do |> cast(params, [:bio, :name]) |> unique_constraint(:nickname) |> validate_format(:nickname, ~r/^[a-zA-Z\d]+$/) - |> validate_length(:bio, max: 1000) + |> validate_length(:bio, max: 5000) |> validate_length(:name, min: 1, max: 100) end @@ -322,6 +322,16 @@ def increase_note_count(%User{} = user) do update_and_set_cache(cs) end + def decrease_note_count(%User{} = user) do + note_count = user.info["note_count"] || 0 + note_count = if note_count <= 0, do: 0, else: note_count - 1 + new_info = Map.put(user.info, "note_count", note_count) + + cs = info_changeset(user, %{info: new_info}) + + update_and_set_cache(cs) + end + def update_note_count(%User{} = user) do note_count_query = from( diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index d071135c4..99c169034 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -10,6 +10,9 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do @httpoison Application.get_env(:pleroma, :httpoison) + @instance Application.get_env(:pleroma, :instance) + @rewrite_policy Keyword.get(@instance, :rewrite_policy) + def get_recipients(data) do (data["to"] || []) ++ (data["cc"] || []) end @@ -17,7 +20,8 @@ def get_recipients(data) do def insert(map, local \\ true) when is_map(map) do with nil <- Activity.get_by_ap_id(map["id"]), map <- lazy_put_activity_defaults(map), - :ok <- insert_full_object(map) do + :ok <- insert_full_object(map), + {:ok, map} <- @rewrite_policy.filter(map) do {:ok, activity} = Repo.insert(%Activity{ data: map, @@ -172,7 +176,8 @@ def delete(%Object{data: %{"id" => id, "actor" => actor}} = object, local \\ tru with Repo.delete(object), Repo.delete_all(Activity.all_non_create_by_object_ap_id_q(id)), {:ok, activity} <- insert(data, local), - :ok <- maybe_federate(activity) do + :ok <- maybe_federate(activity), + {:ok, actor} <- User.decrease_note_count(user) do {:ok, activity} end end diff --git a/lib/pleroma/web/activity_pub/mrf/drop_policy.ex b/lib/pleroma/web/activity_pub/mrf/drop_policy.ex new file mode 100644 index 000000000..4333bca28 --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/drop_policy.ex @@ -0,0 +1,8 @@ +defmodule Pleroma.Web.ActivityPub.MRF.DropPolicy do + require Logger + + def filter(object) do + Logger.info("REJECTING #{inspect(object)}") + {:reject, object} + end +end diff --git a/lib/pleroma/web/activity_pub/mrf/noop_policy.ex b/lib/pleroma/web/activity_pub/mrf/noop_policy.ex new file mode 100644 index 000000000..9dd3acb04 --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/noop_policy.ex @@ -0,0 +1,5 @@ +defmodule Pleroma.Web.ActivityPub.MRF.NoOpPolicy do + def filter(object) do + {:ok, object} + end +end diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex new file mode 100644 index 000000000..ea1af0f4d --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex @@ -0,0 +1,76 @@ +defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do + alias Pleroma.User + + @mrf_policy Application.get_env(:pleroma, :mrf_simple) + + @reject Keyword.get(@mrf_policy, :reject) + defp check_reject(actor_info, object) do + if actor_info.host in @reject do + {:reject, nil} + else + {:ok, object} + end + end + + @media_removal Keyword.get(@mrf_policy, :media_removal) + defp check_media_removal(actor_info, object) do + if actor_info.host in @media_removal do + child_object = Map.delete(object["object"], "attachment") + object = Map.put(object, "object", child_object) + end + + {:ok, object} + end + + @media_nsfw Keyword.get(@mrf_policy, :media_nsfw) + defp check_media_nsfw(actor_info, object) do + child_object = object["object"] + + if actor_info.host in @media_nsfw and child_object["attachment"] != nil and + length(child_object["attachment"]) > 0 do + tags = (child_object["tag"] || []) ++ ["nsfw"] + child_object = Map.put(child_object, "tags", tags) + child_object = Map.put(child_object, "sensitive", true) + object = Map.put(object, "object", child_object) + end + + {:ok, object} + end + + @ftl_removal Keyword.get(@mrf_policy, :federated_timeline_removal) + defp check_ftl_removal(actor_info, object) do + if actor_info.host in @ftl_removal do + user = User.get_by_ap_id(object["actor"]) + + # flip to/cc relationship to make the post unlisted + if "https://www.w3.org/ns/activitystreams#Public" in object["to"] and + user.follower_address in object["cc"] do + to = + List.delete(object["to"], "https://www.w3.org/ns/activitystreams#Public") ++ + [user.follower_address] + + cc = + List.delete(object["cc"], user.follower_address) ++ + ["https://www.w3.org/ns/activitystreams#Public"] + + object = Map.put(object, "to", to) + object = Map.put(object, "cc", cc) + end + end + + {:ok, object} + end + + def filter(object) do + actor_info = URI.parse(object["actor"]) + + with {:ok, object} <- check_reject(actor_info, object), + {:ok, object} <- check_media_removal(actor_info, object), + {:ok, object} <- check_media_nsfw(actor_info, object), + {:ok, object} <- check_ftl_removal(actor_info, object) do + {:ok, object} + else + e -> {:reject, nil} + end + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 8f63fdc70..cecf5527c 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -5,6 +5,8 @@ defmodule Pleroma.Web.Router do @instance Application.get_env(:pleroma, :instance) @federating Keyword.get(@instance, :federating) + @public Keyword.get(@instance, :public) + @registrations_open Keyword.get(@instance, :registrations_open) def user_fetcher(username) do {:ok, Repo.get_by(User, %{nickname: username})} @@ -160,21 +162,9 @@ def user_fetcher(username) do get("/statusnet/version", TwitterAPI.UtilController, :version) end - @instance Application.get_env(:pleroma, :instance) - @registrations_open Keyword.get(@instance, :registrations_open) - scope "/api", Pleroma.Web do pipe_through(:api) - get("/statuses/public_timeline", TwitterAPI.Controller, :public_timeline) - - get( - "/statuses/public_and_external_timeline", - TwitterAPI.Controller, - :public_and_external_timeline - ) - - get("/statuses/networkpublic_timeline", TwitterAPI.Controller, :public_and_external_timeline) get("/statuses/user_timeline", TwitterAPI.Controller, :user_timeline) get("/qvitter/statuses/user_timeline", TwitterAPI.Controller, :user_timeline) get("/users/show", TwitterAPI.Controller, :show_user) @@ -192,6 +182,24 @@ def user_fetcher(username) do get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline) end + scope "/api", Pleroma.Web do + if @public do + pipe_through(:api) + else + pipe_through(:authenticated_api) + end + + get("/statuses/public_timeline", TwitterAPI.Controller, :public_timeline) + + get( + "/statuses/public_and_external_timeline", + TwitterAPI.Controller, + :public_and_external_timeline + ) + + get("/statuses/networkpublic_timeline", TwitterAPI.Controller, :public_and_external_timeline) + end + scope "/api", Pleroma.Web do pipe_through(:authenticated_api) diff --git a/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex b/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex index 2bb54977e..34cd7ed89 100644 --- a/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex +++ b/lib/pleroma/web/templates/mastodon_api/mastodon/login.html.eex @@ -1,4 +1,4 @@ -