rich_media/helpers.ex: Add config to disable fetching from remote activities

2020-02-14 21:51:57 +01:00 · 2020-02-14 21:51:57 +01:00 · 8d064eb451
parent 3eddd9caa6
commit 8d064eb451
4 changed files with 34 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -75,6 +75,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - A new users admin digest email
 - OAuth: admin scopes support (relevant setting: `[:auth, :enforce_oauth_admin_scope_usage]`).
 - Add an option `authorized_fetch_mode` to require HTTP signatures for AP fetches.
+- Rich Media: Add `local_only` to `[:rich_media, :enabled]`, which forbids getting link previews for remote activities
 <details>
  <summary>API Changes</summary>

--- a/config/description.exs
+++ b/config/description.exs
@ -2105,8 +2105,9 @@
    children: [
      %{
        key: :enabled,
-        type: :boolean,
-        description: "Enables RichMedia parsing of URLs."
+        type: [:boolean, :atom],
+        description: "Enables/disables RichMedia or allows it only on local activities",
+        suggestions: [true, false, :local_only]
      },
      %{
        key: :ignore_hosts,
--- a/lib/pleroma/web/rich_media/helpers.ex
+++ b/lib/pleroma/web/rich_media/helpers.ex
@ -49,8 +49,17 @@ defp get_tld(host) do
    |> hd
  end

+  # Comparison with true/false done to handle :local_only
+  defp can_fetch?(%Activity{local: true}) do
+    Config.get([:rich_media, :enabled]) != false
+  end
+
+  defp can_fetch?(_activity) do
+    Config.get([:rich_media, :enabled]) == true
+  end
+
  def fetch_data_for_activity(%Activity{data: %{"type" => "Create"}} = activity) do
-    with true <- Config.get([:rich_media, :enabled]),
+    with true <- can_fetch?(activity),
         %Object{} = object <- Object.normalize(activity),
         false <- object.data["sensitive"] || false,
         {:ok, page_url} <- HTML.extract_first_external_url(object, object.data["content"]),
--- a/test/web/rich_media/helpers_test.exs
+++ b/test/web/rich_media/helpers_test.exs
@ -118,4 +118,24 @@ test "refuses to crawl URLs of private network from posts" do
    assert %{} = Helpers.fetch_data_for_activity(activity4)
    assert %{} = Helpers.fetch_data_for_activity(activity5)
  end
+
+  test "only crawls from local posts when [:rich_media, :enabled] is set to :local_only" do
+    content = ~s[<a href="https://example.com/ogp">https://example.com/ogp</a>]
+    remote_user = insert(:user, local: false)
+    local_user = insert(:user, local: true)
+    remote_note = insert(:note, %{user: remote_user, data: %{"content" => content}})
+    local_note = insert(:note, %{user: local_user, data: %{"content" => content}})
+
+    remote_activity =
+      insert(:note_activity, %{user: remote_user, note: remote_note, local: false})
+
+    local_activity = insert(:note_activity, %{user: local_user, note: local_note, local: true})
+
+    Config.put([:rich_media, :enabled], :local_only)
+
+    assert %{} == Helpers.fetch_data_for_activity(remote_activity)
+
+    assert %{page_url: "https://example.com/ogp", rich_media: _} =
+             Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(local_activity)
+  end
 end