Commit 1a922ecb authored by Izalia Mae's avatar Izalia Mae

add whitelist feature

parent f34b42ae
...@@ -17,4 +17,7 @@ ap: ...@@ -17,4 +17,7 @@ ap:
blocked_instances: blocked_instances:
- 'bad-instance.example.com' - 'bad-instance.example.com'
- 'another-bad-instance.example.com' - 'another-bad-instance.example.com'
whitelist_enabled: false
whitelist:
- 'good-instance.example.com'
- 'another.good-instance.example.com'
\ No newline at end of file
...@@ -35,7 +35,7 @@ from . import app, CONFIG ...@@ -35,7 +35,7 @@ from . import app, CONFIG
from .remote_actor import fetch_actor from .remote_actor import fetch_actor
AP_CONFIG = CONFIG.get('ap', {'host': 'localhost','blocked_instances':[]}) AP_CONFIG = CONFIG.get('ap', {'host': 'localhost','blocked_instances':[], 'whitelist_enabled': False, 'whitelist': []})
CACHE_SIZE = CONFIG.get('cache-size', 16384) CACHE_SIZE = CONFIG.get('cache-size', 16384)
...@@ -106,10 +106,15 @@ async def push_message_to_actor(actor, message, our_key_id): ...@@ -106,10 +106,15 @@ async def push_message_to_actor(actor, message, our_key_id):
async def follow_remote_actor(actor_uri): async def follow_remote_actor(actor_uri):
actor = await fetch_actor(actor_uri) actor = await fetch_actor(actor_uri)
if not actor: if not actor:
logging.info('failed to fetch actor at: %r', actor_uri) logging.info('failed to fetch actor at: %r', actor_uri)
return return
if AP_CONFIG['whitelist_enabled'] is True and urlsplit(actor_uri).hostname not in AP_CONFIG['whitelist']:
logging.info('refusing to follow non-whitelisted actor: %r', actor_uri)
return
logging.info('following: %r', actor_uri) logging.info('following: %r', actor_uri)
message = { message = {
...@@ -294,7 +299,10 @@ async def inbox(request): ...@@ -294,7 +299,10 @@ async def inbox(request):
if 'actor' not in data or not request['validated']: if 'actor' not in data or not request['validated']:
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain') raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
if data['type'] != 'Follow' and 'https://{}/inbox'.format(instance) not in DATABASE['relay-list']: elif data['type'] != 'Follow' and 'https://{}/inbox'.format(instance) not in DATABASE['relay-list']:
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
elif AP_CONFIG['whitelist_enabled'] is True and instance not in AP_CONFIG['whitelist']:
raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain') raise aiohttp.web.HTTPUnauthorized(body='access denied', content_type='text/plain')
actor = await fetch_actor(data["actor"]) actor = await fetch_actor(data["actor"])
......
...@@ -5,6 +5,7 @@ import simplejson as json ...@@ -5,6 +5,7 @@ import simplejson as json
from . import CONFIG from . import CONFIG
AP_CONFIG = CONFIG.get('ap', {'blocked_instances':[], 'whitelist_enabled': False, 'whitelist': []})
try: try:
...@@ -16,7 +17,11 @@ except: ...@@ -16,7 +17,11 @@ except:
following = DATABASE.get('relay-list', []) following = DATABASE.get('relay-list', [])
for inbox in following: for inbox in following:
if urllib.parse.urlsplit(inbox).hostname in CONFIG['ap']['blocked_instances']: if urllib.parse.urlsplit(inbox).hostname in AP_CONFIG['blocked_instances']:
following.remove(inbox)
DATABASE['relay-list'] = following
elif AP_CONFIG['whitelist_enabled'] is True and urllib.parse.urlsplit(inbox).hostname not in AP_CONFIG['whitelist']:
following.remove(inbox) following.remove(inbox)
DATABASE['relay-list'] = following DATABASE['relay-list'] = following
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment