Add white list policy

2024-11-21 22:17:59 +00:00 · 2018-12-27 18:55:00 +09:00 · 2018-12-27 18:55:00 +09:00 · c1f1cfe066
parent b97720cbd7
commit c1f1cfe066
3 changed files with 36 additions and 20 deletions
--- a/bin/pre-deploy
+++ b/bin/pre-deploy
@ -1,21 +1,6 @@
 #!/bin/bash

-cat << EOF > relay.yaml
-# this is the path that the object graph will get dumped to (in JSON-LD format),
-# you probably shouldn't change it, but you can if you want.
-db: files/relay.jsonld
-
-# Listener
-listen: 0.0.0.0
-port: ${PORT:-5000}
-
-# Note
-note: "Make a note about your instance here."
-
-# this section is for ActivityPub
-ap:
-  # this is used for generating activitypub messages, as well as instructions for
-  # linking AP identities.  it should be an SSL-enabled domain reachable by https.
-  host: '$HOSTNAME'
-  blocked_instances: []
-EOF
+sed \
+  -e "s/__PORT__/${PORT:-5000}/g" \
+  -e "s/__HOSTNAME__/$HOSTNAME/g" \
+  relay_template.yaml > relay.yaml
--- a/relay/actor.py
+++ b/relay/actor.py
@ -35,7 +35,11 @@ from . import app, CONFIG
 from .remote_actor import fetch_actor


-AP_CONFIG = CONFIG.get('ap', {'host': 'localhost','blocked_instances':[]})
+AP_CONFIG = CONFIG.get('ap', {
+    'host': 'localhost',
+    'blocked_instances': [],
+    'allowed_instances': [],
+})
 CACHE_SIZE = CONFIG.get('cache-size', 16384)


@ -218,6 +222,10 @@ async def handle_follow(actor, data, request):
    if urlsplit(inbox).hostname in AP_CONFIG['blocked_instances']:
        return

+    if AP_CONFIG['allowed_instances'] and\
+            urlsplit(inbox).hostname not in AP_CONFIG['allowed_instances']:
+        return
+
    if inbox not in following:
        following += [inbox]
        DATABASE['relay-list'] = following
--- a/relay_template.yaml
+++ b/relay_template.yaml
@ -0,0 +1,23 @@
+# this is the path that the object graph will get dumped to (in JSON-LD format),
+# you probably shouldn't change it, but you can if you want.
+db: files/relay.jsonld
+
+# Listener
+listen: 0.0.0.0
+port: __PORT__
+
+# Note
+note: "Make a note about your instance here."
+
+# this section is for ActivityPub
+ap:
+  # this is used for generating activitypub messages, as well as instructions for
+  # linking AP identities.  it should be an SSL-enabled domain reachable by https.
+  host: '__HOSTNAME__'
+  blocked_instances: []
+  allowed_instances:
+    - edge.twingyeo.kr
+    - planet.moe
+    - qdon.space
+    - twingyeo.kr
+    - uri.life