From c1f1cfe0660e672ab95fc62e9874922450210114 Mon Sep 17 00:00:00 2001
From: kjwon15 <kjwonmail@gmail.com>
Date: Thu, 27 Dec 2018 18:55:00 +0900
Subject: [PATCH] Add white list policy

---
 bin/pre-deploy      | 23 ++++-------------------
 relay/actor.py      | 10 +++++++++-
 relay_template.yaml | 23 +++++++++++++++++++++++
 3 files changed, 36 insertions(+), 20 deletions(-)
 create mode 100644 relay_template.yaml

diff --git a/bin/pre-deploy b/bin/pre-deploy
index 9ac6ba8..51e37f6 100755
--- a/bin/pre-deploy
+++ b/bin/pre-deploy
@@ -1,21 +1,6 @@
 #!/bin/bash
 
-cat << EOF > relay.yaml
-# this is the path that the object graph will get dumped to (in JSON-LD format),
-# you probably shouldn't change it, but you can if you want.
-db: files/relay.jsonld
-
-# Listener
-listen: 0.0.0.0
-port: ${PORT:-5000}
-
-# Note
-note: "Make a note about your instance here."
-
-# this section is for ActivityPub
-ap:
-  # this is used for generating activitypub messages, as well as instructions for
-  # linking AP identities.  it should be an SSL-enabled domain reachable by https.
-  host: '$HOSTNAME'
-  blocked_instances: []
-EOF
+sed \
+  -e "s/__PORT__/${PORT:-5000}/g" \
+  -e "s/__HOSTNAME__/$HOSTNAME/g" \
+  relay_template.yaml > relay.yaml
diff --git a/relay/actor.py b/relay/actor.py
index 6eee902..3c4e352 100644
--- a/relay/actor.py
+++ b/relay/actor.py
@@ -35,7 +35,11 @@ from . import app, CONFIG
 from .remote_actor import fetch_actor
 
 
-AP_CONFIG = CONFIG.get('ap', {'host': 'localhost','blocked_instances':[]})
+AP_CONFIG = CONFIG.get('ap', {
+    'host': 'localhost',
+    'blocked_instances': [],
+    'allowed_instances': [],
+})
 CACHE_SIZE = CONFIG.get('cache-size', 16384)
 
 
@@ -218,6 +222,10 @@ async def handle_follow(actor, data, request):
     if urlsplit(inbox).hostname in AP_CONFIG['blocked_instances']:
         return
 
+    if AP_CONFIG['allowed_instances'] and\
+            urlsplit(inbox).hostname not in AP_CONFIG['allowed_instances']:
+        return
+
     if inbox not in following:
         following += [inbox]
         DATABASE['relay-list'] = following
diff --git a/relay_template.yaml b/relay_template.yaml
new file mode 100644
index 0000000..7c8aec1
--- /dev/null
+++ b/relay_template.yaml
@@ -0,0 +1,23 @@
+# this is the path that the object graph will get dumped to (in JSON-LD format),
+# you probably shouldn't change it, but you can if you want.
+db: files/relay.jsonld
+
+# Listener
+listen: 0.0.0.0
+port: __PORT__
+
+# Note
+note: "Make a note about your instance here."
+
+# this section is for ActivityPub
+ap:
+  # this is used for generating activitypub messages, as well as instructions for
+  # linking AP identities.  it should be an SSL-enabled domain reachable by https.
+  host: '__HOSTNAME__'
+  blocked_instances: []
+  allowed_instances:
+    - edge.twingyeo.kr
+    - planet.moe
+    - qdon.space
+    - twingyeo.kr
+    - uri.life