add whitelist feature
This commit is contained in:
parent
f34b42ae78
commit
1a922ecb29
|
@ -17,4 +17,7 @@ ap:
|
||||||
blocked_instances:
|
blocked_instances:
|
||||||
- 'bad-instance.example.com'
|
- 'bad-instance.example.com'
|
||||||
- 'another-bad-instance.example.com'
|
- 'another-bad-instance.example.com'
|
||||||
|
whitelist_enabled: false
|
||||||
|
whitelist:
|
||||||
|
- 'good-instance.example.com'
|
||||||
|
- 'another.good-instance.example.com'
|
|
@ -35,7 +35,7 @@ from . import app, CONFIG
|
||||||
from .remote_actor import fetch_actor
|
from .remote_actor import fetch_actor
|
||||||
|
|
||||||
|
|
||||||
AP_CONFIG = CONFIG.get('ap', {'host': 'localhost','blocked_instances':[]})
|
AP_CONFIG = CONFIG.get('ap', {'host': 'localhost','blocked_instances':[], 'whitelist_enabled': False, 'whitelist': []})
|
||||||
CACHE_SIZE = CONFIG.get('cache-size', 16384)
|
CACHE_SIZE = CONFIG.get('cache-size', 16384)
|
||||||
|
|
||||||
|
|
||||||
|
@ -106,10 +106,15 @@ async def push_message_to_actor(actor, message, our_key_id):
|
||||||
|
|
||||||
async def follow_remote_actor(actor_uri):
|
async def follow_remote_actor(actor_uri):
|
||||||
actor = await fetch_actor(actor_uri)
|
actor = await fetch_actor(actor_uri)
|
||||||
|
|
||||||
if not actor:
|
if not actor:
|
||||||
logging.info('failed to fetch actor at: %r', actor_uri)
|
logging.info('failed to fetch actor at: %r', actor_uri)
|
||||||
return
|
return
|
||||||
|
|
||||||
|
if AP_CONFIG['whitelist_enabled'] is True and urlsplit(actor_uri).hostname not in AP_CONFIG['whitelist']:
|
||||||
|
logging.info('refusing to follow non-whitelisted actor: %r', actor_uri)
|
||||||
|
return
|
||||||
|
|
||||||
logging.info('following: %r', actor_uri)
|
logging.info('following: %r', actor_uri)
|
||||||
|
|
||||||
message = {
|
message = {
|
||||||
|
@ -294,7 +299,10 @@ async def inbox(request):
|
||||||
if 'actor' not in data or not request['validated']:
|
if 'actor' not in data or not request['validated']:
|
||||||
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
|
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
|
||||||
|
|
||||||
if data['type'] != 'Follow' and 'https://{}/inbox'.format(instance) not in DATABASE['relay-list']:
|
elif data['type'] != 'Follow' and 'https://{}/inbox'.format(instance) not in DATABASE['relay-list']:
|
||||||
|
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
|
||||||
|
|
||||||
|
elif AP_CONFIG['whitelist_enabled'] is True and instance not in AP_CONFIG['whitelist']:
|
||||||
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
|
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
|
||||||
|
|
||||||
actor = await fetch_actor(data["actor"])
|
actor = await fetch_actor(data["actor"])
|
||||||
|
|
|
@ -5,6 +5,7 @@ import simplejson as json
|
||||||
|
|
||||||
|
|
||||||
from . import CONFIG
|
from . import CONFIG
|
||||||
|
AP_CONFIG = CONFIG.get('ap', {'blocked_instances':[], 'whitelist_enabled': False, 'whitelist': []})
|
||||||
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -16,7 +17,11 @@ except:
|
||||||
|
|
||||||
following = DATABASE.get('relay-list', [])
|
following = DATABASE.get('relay-list', [])
|
||||||
for inbox in following:
|
for inbox in following:
|
||||||
if urllib.parse.urlsplit(inbox).hostname in CONFIG['ap']['blocked_instances']:
|
if urllib.parse.urlsplit(inbox).hostname in AP_CONFIG['blocked_instances']:
|
||||||
|
following.remove(inbox)
|
||||||
|
DATABASE['relay-list'] = following
|
||||||
|
|
||||||
|
elif AP_CONFIG['whitelist_enabled'] is True and urllib.parse.urlsplit(inbox).hostname not in AP_CONFIG['whitelist']:
|
||||||
following.remove(inbox)
|
following.remove(inbox)
|
||||||
DATABASE['relay-list'] = following
|
DATABASE['relay-list'] = following
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue