- LEMMY_FRONT_END_DIR=/app/dist
- LEMMY_FEDERATION__ENABLED=true
- LEMMY_FEDERATION__TLS_ENABLED=false
+ - LEMMY_FEDERATION__INSTANCE_WHITELIST=lemmy_beta
- LEMMY_PORT=8540
- LEMMY_SETUP__ADMIN_USERNAME=lemmy_alpha
- LEMMY_SETUP__ADMIN_PASSWORD=lemmy
- LEMMY_FRONT_END_DIR=/app/dist
- LEMMY_FEDERATION__ENABLED=true
- LEMMY_FEDERATION__TLS_ENABLED=false
+ - LEMMY_FEDERATION__INSTANCE_WHITELIST=lemmy_alpha
- LEMMY_PORT=8550
- LEMMY_SETUP__ADMIN_USERNAME=lemmy_beta
- LEMMY_SETUP__ADMIN_PASSWORD=lemmy
enabled: false
# whether tls is required for activitypub. only disable this for debugging, never for producion.
tls_enabled: true
+ # comma seperated list of instances with which federation is allowed
+ instance_whitelist: ""
}
# # email sending configuration
# email: {
+use crate::apub::is_apub_id_valid;
use crate::db::community::Community;
use crate::db::community_view::CommunityFollowerView;
use crate::db::post::Post;
A: Serialize + Debug,
{
let json = serde_json::to_string(&activity)?;
- debug!("Sending activitypub activity {}", json);
+ debug!("Sending activitypub activity {} to {:?}", json, to);
for t in to {
- debug!("Sending activity to: {}", t);
+ if is_apub_id_valid(&t) {
+ debug!("Not sending activity to {} (invalid or blacklisted)", t);
+ continue;
+ }
let res = Request::post(t)
.header("Content-Type", "application/json")
.body(json.to_owned())?
Follow(Follow),
}
-#[derive(Deserialize)]
-pub struct Params {
- community_name: String,
-}
-
/// Handler for all incoming activities to community inboxes.
pub async fn community_inbox(
input: web::Json<CommunityAcceptedObjects>,
- params: web::Query<Params>,
+ path: web::Path<String>,
db: web::Data<Pool<ConnectionManager<PgConnection>>>,
) -> Result<HttpResponse, Error> {
let input = input.into_inner();
let conn = &db.get().unwrap();
debug!(
"Community {} received activity {:?}",
- ¶ms.community_name, &input
+ &path.into_inner(),
+ &input
);
match input {
CommunityAcceptedObjects::Follow(f) => handle_follow(&f, conn),
use crate::db::user_view::UserView;
use crate::db::{Crud, SearchType};
use crate::routes::nodeinfo::{NodeInfo, NodeInfoWellKnown};
-use crate::settings::Settings;
use activitystreams::collection::OrderedCollection;
use activitystreams::object::Page;
use activitystreams::BaseBox;
where
Response: for<'de> Deserialize<'de>,
{
- if Settings::get().federation.tls_enabled && url.scheme() != "https" {
- return Err(format_err!("Activitypub uri is insecure: {}", url));
+ if !is_apub_id_valid(&url.to_string()) {
+ return Err(format_err!("Activitypub uri invalid or blocked: {}", url));
}
// TODO: this function should return a future
let timeout = Duration::from_secs(60);
/// The types of ActivityPub objects that can be fetched directly by searching for their ID.
#[serde(untagged)]
-#[derive(serde::Deserialize)]
+#[derive(serde::Deserialize, Debug)]
pub enum SearchAcceptedObjects {
Person(Box<PersonExt>),
Group(Box<GroupExt>),
fn vec_bytes_to_str(bytes: Vec<u8>) -> String {
String::from_utf8_lossy(&bytes).into_owned()
}
+
+// Checks if the ID has a valid format, correct scheme, and is in the whitelist.
+fn is_apub_id_valid(apub_id: &str) -> bool {
+ let url = match Url::parse(apub_id) {
+ Ok(u) => u,
+ Err(_) => return false,
+ };
+
+ if url.scheme() != get_apub_protocol_string() {
+ return false;
+ }
+
+ let whitelist: Vec<String> = Settings::get()
+ .federation
+ .instance_whitelist
+ .split(',')
+ .map(|d| d.to_string())
+ .collect();
+ match url.domain() {
+ Some(d) => whitelist.contains(&d.to_owned()),
+ None => false,
+ }
+}
Accept(Accept),
}
-#[derive(Deserialize)]
-pub struct Params {
- user_name: String,
-}
-
/// Handler for all incoming activities to user inboxes.
pub async fn user_inbox(
input: web::Json<UserAcceptedObjects>,
- params: web::Query<Params>,
+ path: web::Path<String>,
db: web::Data<Pool<ConnectionManager<PgConnection>>>,
) -> Result<HttpResponse, Error> {
let input = input.into_inner();
let conn = &db.get().unwrap();
- debug!("User {} received activity: {:?}", ¶ms.user_name, &input);
+ debug!(
+ "User {} received activity: {:?}",
+ &path.into_inner(),
+ &input
+ );
match input {
UserAcceptedObjects::Create(c) => handle_create(&c, conn),
pub struct Federation {
pub enabled: bool,
pub tls_enabled: bool,
+ pub instance_whitelist: String,
}
lazy_static! {
projects / lemmy.git / commitdiff