forked from AkkomaGang/akkoma
Merge pull request 'MRF transparency: don’t forget to obfuscate short domains' (#676) from Oneric/akkoma:mrf-obfuscation into develop
Reviewed-on: AkkomaGang/akkoma#676
This commit is contained in:
commit
e97d08ee98
4 changed files with 43 additions and 2 deletions
|
@ -19,6 +19,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- Documentation issue in which a non-existing nginx file was referenced
|
- Documentation issue in which a non-existing nginx file was referenced
|
||||||
- Issue where a bad inbox URL could break federation
|
- Issue where a bad inbox URL could break federation
|
||||||
- Issue where hashtag rel values would be scrubbed
|
- Issue where hashtag rel values would be scrubbed
|
||||||
|
- Issue where short domains listed in `transparency_obfuscate_domains` were not actually obfuscated
|
||||||
|
|
||||||
## 2023.08
|
## 2023.08
|
||||||
|
|
||||||
|
|
|
@ -61,6 +61,32 @@ config :pleroma, :mrf_simple,
|
||||||
|
|
||||||
The effects of MRF policies can be very drastic. It is important to use this functionality carefully. Always try to talk to an admin before writing an MRF policy concerning their instance.
|
The effects of MRF policies can be very drastic. It is important to use this functionality carefully. Always try to talk to an admin before writing an MRF policy concerning their instance.
|
||||||
|
|
||||||
|
## Hiding or Obfuscating Policies
|
||||||
|
|
||||||
|
You can opt out of publicly displaying all MRF policies or only hide or obfuscate selected domains.
|
||||||
|
|
||||||
|
To just hide everything set:
|
||||||
|
|
||||||
|
```elixir
|
||||||
|
config :pleroma, :mrf,
|
||||||
|
...
|
||||||
|
transparency: false,
|
||||||
|
```
|
||||||
|
|
||||||
|
To hide or obfuscate only select entries, use:
|
||||||
|
|
||||||
|
```elixir
|
||||||
|
config :pleroma, :mrf,
|
||||||
|
...
|
||||||
|
transparency_obfuscate_domains: ["handholdi.ng", "badword.com"],
|
||||||
|
transparency_exclusions: [{"ghost.club", "even a fragment is too spoopy for humans"}]
|
||||||
|
```
|
||||||
|
|
||||||
|
## More MRF Policies
|
||||||
|
|
||||||
|
See the [documentation cheatsheet](cheatsheet.md)
|
||||||
|
for all available MRF policies and their options.
|
||||||
|
|
||||||
## Writing your own MRF Policy
|
## Writing your own MRF Policy
|
||||||
|
|
||||||
As discussed above, the MRF system is a modular system that supports pluggable policies. This means that an admin may write a custom MRF policy in Elixir or any other language that runs on the Erlang VM, by specifying the module name in the `policies` config setting.
|
As discussed above, the MRF system is a modular system that supports pluggable policies. This means that an admin may write a custom MRF policy in Elixir or any other language that runs on the Erlang VM, by specifying the module name in the `policies` config setting.
|
||||||
|
|
|
@ -314,6 +314,20 @@ def filter(object) when is_binary(object) do
|
||||||
def filter(object), do: {:ok, object}
|
def filter(object), do: {:ok, object}
|
||||||
|
|
||||||
defp obfuscate(string) when is_binary(string) do
|
defp obfuscate(string) when is_binary(string) do
|
||||||
|
# Want to strip at least two neighbouring chars
|
||||||
|
# to ensure at least one non-dot char is in the obfuscation area
|
||||||
|
stripped = String.length(string) - 6
|
||||||
|
|
||||||
|
{keepstart, keepend} =
|
||||||
|
if stripped > 1 do
|
||||||
|
{3, 3}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
2 - div(1 - stripped, 2),
|
||||||
|
2 + div(stripped, 2)
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
string
|
string
|
||||||
|> to_charlist()
|
|> to_charlist()
|
||||||
|> Enum.with_index()
|
|> Enum.with_index()
|
||||||
|
@ -322,7 +336,7 @@ defp obfuscate(string) when is_binary(string) do
|
||||||
?.
|
?.
|
||||||
|
|
||||||
{char, index} ->
|
{char, index} ->
|
||||||
if 3 <= index && index < String.length(string) - 3, do: ?*, else: char
|
if keepstart <= index && index < String.length(string) - keepend, do: ?*, else: char
|
||||||
end)
|
end)
|
||||||
|> to_string()
|
|> to_string()
|
||||||
end
|
end
|
||||||
|
|
|
@ -283,7 +283,7 @@ test "obfuscates domains listed in :transparency_obfuscate_domains" do
|
||||||
|
|
||||||
assert {:ok,
|
assert {:ok,
|
||||||
%{
|
%{
|
||||||
mrf_simple: %{reject: ["rem***.*****nce", "a.b"]},
|
mrf_simple: %{reject: ["rem***.*****nce", "*.b"]},
|
||||||
mrf_simple_info: %{reject: %{"rem***.*****nce" => %{}}}
|
mrf_simple_info: %{reject: %{"rem***.*****nce" => %{}}}
|
||||||
}} = SimplePolicy.describe()
|
}} = SimplePolicy.describe()
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue