diff --git a/.env.example b/.env.example index 66d51d9b1..92f6cb3ce 100644 --- a/.env.example +++ b/.env.example @@ -65,3 +65,7 @@ HORIZON_DARKMODE=true # php artisan optimize ACTIVITY_PUB=false REMOTE_FOLLOW=false + +CS_BLOCKED_DOMAINS='example.org,example.net,example.com' +CS_CW_DOMAINS='example.org,example.net,example.com' +CS_UNLISTED_DOMAINS='example.org,example.net,example.com' diff --git a/.env.testing b/.env.testing index 77037af17..82f28be00 100644 --- a/.env.testing +++ b/.env.testing @@ -56,3 +56,7 @@ MIX_API_SEARCH="${API_SEARCH}" TELESCOPE_ENABLED=false PF_MAX_USERS=1000 + +CS_BLOCKED_DOMAINS='example.org,example.net,example.com' +CS_CW_DOMAINS='example.org,example.net,example.com' +CS_UNLISTED_DOMAINS='example.org,example.net,example.com' diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php index e529b3bc6..aa9463953 100644 --- a/app/Util/ActivityPub/Helpers.php +++ b/app/Util/ActivityPub/Helpers.php @@ -24,6 +24,7 @@ use App\Jobs\StatusPipeline\NewStatusPipeline; use App\Util\HttpSignatures\{GuzzleHttpSignatures, KeyStore, Context, Verifier}; use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory; use App\Util\ActivityPub\HttpSignature; +use Illuminate\Support\Str; class Helpers { @@ -141,7 +142,22 @@ class Helpers { $valid = filter_var($url, FILTER_VALIDATE_URL); - if(in_array(parse_url($valid, PHP_URL_HOST), $localhosts)) { + if(!$valid) { + return false; + } + + $host = parse_url($valid, PHP_URL_HOST); + + if(config('costar.enabled') == true) { + if( + (config('costar.domain.block') != null && in_array($host, config('costar.domain.block')) == true) || + (config('costar.actor.block') != null && in_array($url, config('costar.actor.block')) == true) + ) { + return false; + } + } + + if(in_array($host, $localhosts)) { return false; } @@ -151,7 +167,7 @@ class Helpers { public static function validateLocalUrl($url) { $url = self::validateUrl($url); - if($url) { + if($url == true) { $domain = config('pixelfed.domain.app'); $host = parse_url($url, PHP_URL_HOST); $url = $domain === $host ? $url : false; @@ -217,6 +233,48 @@ class Helpers { $activity = ['object' => $res]; } + if(isset($res['content']) == false) { + abort(400, 'Invalid object'); + } + + $scope = 'private'; + $cw = isset($activity['sensitive']) ? (bool) $activity['sensitive'] : false; + + if(isset($res['to']) == true && in_array('https://www.w3.org/ns/activitystreams#Public', $res['to'])) { + $scope = 'public'; + } + + if(isset($res['cc']) == true && in_array('https://www.w3.org/ns/activitystreams#Public', $res['cc'])) { + $scope = 'unlisted'; + } + + if(config('costar.enabled') == true) { + $blockedKeywords = config('costar.keyword.block'); + if($blockedKeywords !== null) { + $keywords = config('costar.keyword.block'); + foreach($keywords as $kw) { + if(Str::contains($res['content'], $kw) == true) { + abort(400, 'Invalid object'); + } + } + } + + $unlisted = config('costar.domain.unlisted'); + if(in_array(parse_url($url, PHP_URL_HOST), $unlisted) == true) { + $unlisted = true; + $scope = 'unlisted'; + } else { + $unlisted = false; + } + + $cw = config('costar.domain.cw'); + if(in_array(parse_url($url, PHP_URL_HOST), $cw) == true) { + $cw = true; + } else { + $cw = isset($activity['sensitive']) ? (bool) $activity['sensitive'] : false; + } + } + $idDomain = parse_url($res['id'], PHP_URL_HOST); $urlDomain = parse_url($url, PHP_URL_HOST); $actorDomain = parse_url($activity['object']['attributedTo'], PHP_URL_HOST); @@ -246,6 +304,9 @@ class Helpers { $status->created_at = Carbon::parse($ts); $status->in_reply_to_id = $reply_to; $status->local = false; + $status->is_nsfw = $cw; + $status->scope = $scope; + $status->visibility = $scope; $status->save(); self::importNoteAttachment($res, $status); @@ -301,6 +362,9 @@ class Helpers { public static function profileFirstOrNew($url, $runJobs = false) { $url = self::validateUrl($url); + if($url == false) { + abort(400, 'Invalid url'); + } $host = parse_url($url, PHP_URL_HOST); $local = config('pixelfed.domain.app') == $host ? true : false; diff --git a/config/costar.php b/config/costar.php new file mode 100644 index 000000000..29af954ec --- /dev/null +++ b/config/costar.php @@ -0,0 +1,33 @@ + env('PF_COSTAR_ENABLED', true), + + 'domain' => [ + 'block' => env('CS_BLOCKED_DOMAINS', null) ? explode(',', env('CS_BLOCKED_DOMAINS')) : null, + 'cw' => env('CS_CW_DOMAINS', null) ? explode(',', env('CS_CW_DOMAINS')) : null, + 'unlisted' => env('CS_UNLISTED_DOMAINS', null) ? explode(',', env('CS_UNLISTED_DOMAINS')) : null, + ], + + 'keyword' => [ + 'block' => env('CS_BLOCKED_KEYWORDS', null) ? explode(',', env('CS_BLOCKED_KEYWORDS')) : null, + 'cw' => env('CS_CW_KEYWORDS', null) ? explode(',', env('CS_CW_KEYWORDS')) : null, + 'unlisted' => env('CS_UNLISTED_KEYWORDS', null) ? explode(',', env('CS_UNLISTED_KEYWORDS')) : null, + ], + + 'actor' => [ + 'block' => env('CS_BLOCKED_ACTOR', null) ? explode(',', env('CS_BLOCKED_ACTOR')) : null, + 'cw' => env('CS_CW_ACTOR', null) ? explode(',', env('CS_CW_ACTOR')) : null, + 'unlisted' => env('CS_UNLISTED_ACTOR', null) ? explode(',', env('CS_UNLISTED_ACTOR')) : null, + ] + +]; \ No newline at end of file diff --git a/tests/Unit/CostarTest.php b/tests/Unit/CostarTest.php new file mode 100644 index 000000000..3e4961b43 --- /dev/null +++ b/tests/Unit/CostarTest.php @@ -0,0 +1,24 @@ +assertTrue(in_array('example.net', $domains)); + + $blockedDomain = 'https://example.org/user/replyGuy'; + $this->assertFalse(Helpers::validateUrl($blockedDomain)); + + $unblockedDomain = 'https://pixelfed.org/user/pixelfed'; + $this->assertEquals(Helpers::validateUrl($unblockedDomain), $unblockedDomain); + } +}