Merge branch 'block_unauth' into 'master'
reject activities from instance not on relay-list See merge request pleroma/relay!11
This commit is contained in:
commit
d890bdd6ed
|
@ -272,10 +272,14 @@ processors = {
|
||||||
|
|
||||||
async def inbox(request):
|
async def inbox(request):
|
||||||
data = await request.json()
|
data = await request.json()
|
||||||
|
instance = urlsplit(data['actor']).hostname
|
||||||
|
|
||||||
if 'actor' not in data or not request['validated']:
|
if 'actor' not in data or not request['validated']:
|
||||||
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
|
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
|
||||||
|
|
||||||
|
if data['type'] != 'Follow' and 'https://{}/inbox'.format(instance) not in DATABASE['relay-list']:
|
||||||
|
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
|
||||||
|
|
||||||
actor = await fetch_actor(data["actor"])
|
actor = await fetch_actor(data["actor"])
|
||||||
actor_uri = 'https://{}/actor'.format(request.host)
|
actor_uri = 'https://{}/actor'.format(request.host)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue