rich_media/helpers.ex: Add config to disable fetching from remote activities

This commit is contained in:
Haelwenn (lanodan) Monnier 2020-02-14 21:51:57 +01:00
parent 3eddd9caa6
commit 8d064eb451
No known key found for this signature in database
GPG Key ID: D5B7A8E43C997DEE
4 changed files with 34 additions and 3 deletions

View File

@ -75,6 +75,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- A new users admin digest email
- OAuth: admin scopes support (relevant setting: `[:auth, :enforce_oauth_admin_scope_usage]`).
- Add an option `authorized_fetch_mode` to require HTTP signatures for AP fetches.
- Rich Media: Add `local_only` to `[:rich_media, :enabled]`, which forbids getting link previews for remote activities
<details>
<summary>API Changes</summary>

View File

@ -2105,8 +2105,9 @@
children: [
%{
key: :enabled,
type: :boolean,
description: "Enables RichMedia parsing of URLs."
type: [:boolean, :atom],
description: "Enables/disables RichMedia or allows it only on local activities",
suggestions: [true, false, :local_only]
},
%{
key: :ignore_hosts,

View File

@ -49,8 +49,17 @@ defp get_tld(host) do
|> hd
end
# Comparison with true/false done to handle :local_only
defp can_fetch?(%Activity{local: true}) do
Config.get([:rich_media, :enabled]) != false
end
defp can_fetch?(_activity) do
Config.get([:rich_media, :enabled]) == true
end
def fetch_data_for_activity(%Activity{data: %{"type" => "Create"}} = activity) do
with true <- Config.get([:rich_media, :enabled]),
with true <- can_fetch?(activity),
%Object{} = object <- Object.normalize(activity),
false <- object.data["sensitive"] || false,
{:ok, page_url} <- HTML.extract_first_external_url(object, object.data["content"]),

View File

@ -118,4 +118,24 @@ test "refuses to crawl URLs of private network from posts" do
assert %{} = Helpers.fetch_data_for_activity(activity4)
assert %{} = Helpers.fetch_data_for_activity(activity5)
end
test "only crawls from local posts when [:rich_media, :enabled] is set to :local_only" do
content = ~s[<a href="https://example.com/ogp">https://example.com/ogp</a>]
remote_user = insert(:user, local: false)
local_user = insert(:user, local: true)
remote_note = insert(:note, %{user: remote_user, data: %{"content" => content}})
local_note = insert(:note, %{user: local_user, data: %{"content" => content}})
remote_activity =
insert(:note_activity, %{user: remote_user, note: remote_note, local: false})
local_activity = insert(:note_activity, %{user: local_user, note: local_note, local: true})
Config.put([:rich_media, :enabled], :local_only)
assert %{} == Helpers.fetch_data_for_activity(remote_activity)
assert %{page_url: "https://example.com/ogp", rich_media: _} =
Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(local_activity)
end
end