diff options
| -rw-r--r-- | config/config.md | 13 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/mrf/user_allowlist.ex | 23 | ||||
| -rw-r--r-- | lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 6 |
3 files changed, 42 insertions, 0 deletions
diff --git a/config/config.md b/config/config.md index 5b4110646..c843bca5d 100644 --- a/config/config.md +++ b/config/config.md @@ -87,3 +87,16 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent * ``ct_max_age``: The maximum age for the `Expect-CT` header if sent * ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`. + +## :mrf_user_allowlist + +The keys in this section are the domain names that the policy should apply to. +Each key should be assigned a list of users that should be allowed through by +their ActivityPub ID. + +An example: + +``` +config :pleroma, :mrf_user_allowlist, + "example.org": ["https://example.org/users/admin"] +``` diff --git a/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex b/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex new file mode 100644 index 000000000..3503d8692 --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/user_allowlist.ex @@ -0,0 +1,23 @@ +defmodule Pleroma.Web.ActivityPub.MRF.UserAllowListPolicy do + alias Pleroma.Config + + @behaviour Pleroma.Web.ActivityPub.MRF + + defp filter_by_list(object, []), do: {:ok, object} + + defp filter_by_list(%{"actor" => actor} = object, allow_list) do + if actor in allow_list do + {:ok, object} + else + {:reject, nil} + end + end + + @impl true + def filter(object) do + actor_info = URI.parse(object["actor"]) + allow_list = Config.get([:mrf_user_allowlist, String.to_atom(actor_info.host)], []) + + filter_by_list(object, allow_list) + end +end diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index 151db0bb7..2ea75cf16 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do alias Pleroma.Stats alias Pleroma.Web alias Pleroma.{User, Repo} + alias Pleroma.Config alias Pleroma.Web.ActivityPub.MRF plug(Pleroma.Web.FederatingPlug) @@ -52,6 +53,10 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do |> Repo.all() |> Enum.map(fn u -> u.ap_id end) + mrf_user_allowlist = + Config.get([:mrf_user_allowlist], []) + |> Enum.into(%{}, fn {k, v} -> {k, length(v)} end) + mrf_transparency = Keyword.get(instance, :mrf_transparency) federation_response = @@ -59,6 +64,7 @@ defmodule Pleroma.Web.Nodeinfo.NodeinfoController do %{ mrf_policies: mrf_policies, mrf_simple: mrf_simple, + mrf_user_allowlist: mrf_user_allowlist, quarantined_instances: quarantined } else |