From 2c287d301f497b70303818cd460044d21248a38b Mon Sep 17 00:00:00 2001 From: Izalia Mae Date: Tue, 13 Dec 2022 10:14:27 -0500 Subject: [PATCH] prevent (un)follows from users --- relay/processors.py | 47 +++++++++++++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/relay/processors.py b/relay/processors.py index 7184171..0d94f6b 100644 --- a/relay/processors.py +++ b/relay/processors.py @@ -26,6 +26,11 @@ async def handle_relay(request, s): logging.verbose(f'already relayed {request.message.objectid}') return + if request.message.get('to') != ['https://www.w3.org/ns/activitystreams#Public']: + logging.verbose('Message was not public') + logging.verbose(request.message.get('to')) + return + message = Message.new_announce( host = request.config.host, object = request.message.objectid @@ -68,17 +73,17 @@ async def handle_follow(request, s): ## reject if the actor isn't whitelisted while the whiltelist is enabled if s.get_config('whitelist') and not s.get_whitelist(request.actor.domain): logging.verbose(f'Rejected actor for not being in the whitelist: {request.actor.id}') - accept = False + approve = False ## reject if software used by actor is banned - if s.get_banned_software(software): + if s.get_ban('software', software): logging.verbose(f'Rejected follow from actor for using specific software: actor={request.actor.id}, software={software}') - accept = False + approve = False ## reject if the actor is not an instance actor if person_check(request.actor, software): logging.verbose(f'Non-application actor tried to follow: {request.actor.id}') - accept = False + approve = False if approve: if not request.instance: @@ -101,11 +106,12 @@ async def handle_follow(request, s): followid = request.message.id ) + # Doesn't seem to work now request.app.push_message( - request.actor.shared_inbox, + request.actor.inbox, Message.new_response( host = request.config.host, - actor = request.actor.id, + actor = request.message.actorid, followid = request.message.id, accept = approve ) @@ -136,16 +142,27 @@ async def handle_undo(request, s): if request.message.object.type != 'Follow': return await handle_forward(request) - s.delete('instances', id=request.instance.id) + instance_follow = request.instance.followid + message_follow = request.message.object.id - request.app.push_message( - request.actor.shared_inbox, - Message.new_unfollow( - host = request.config.host, - actor = request.actor.id, - follow = request.message + if person_check(request.actor, request.instance.software): + return logging.verbose(f'Non-application actor tried to unfollow: {request.actor.id}') + + if instance_follow and instance_follow != message_follow: + return logging.verbose(f'Followid does not match: {instance_follow}, {message_follow}') + + s.delete('instances', id=request.instance.id) + logging.verbose(f'Removed inbox: {request.instance.inbox}') + + if request.instance.software != 'mastodon': + request.app.push_message( + request.actor.shared_inbox, + Message.new_unfollow( + host = request.config.host, + actor = request.actor.id, + follow = request.message + ) ) - ) processors = { @@ -166,12 +183,14 @@ async def run_processor(request): new_data = {} if request.instance and not request.instance.software: + logging.verbose(f'Fetching nodeinfo for instance: {request.instance.domain}') nodeinfo = await request.app.client.fetch_nodeinfo(request.instance.domain) if nodeinfo: new_data['software'] = nodeinfo.sw_name if not request.instance.actor: + logging.verbose(f'Fetching actor for instance: {request.instance.domain}') new_data['actor'] = request.signature.keyid.split('#', 1)[0] if not request.instance.actor_data: