Reject requests from specified instances if authorized_fetch_mode is enabled

Signed-off-by: marcin mikołajczak <git@mkljczk.pl>

lib/pleroma/signature.ex

@@ -37,8 +37,7 @@ defmodule Pleroma.Signature do
   end
 
   def fetch_public_key(conn) do
-    with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
-         {:ok, actor_id} <- key_id_to_actor_id(kid),
+    with {:ok, actor_id} <- get_actor_id(conn),
          {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
       {:ok, public_key}
     else
@@ -48,8 +47,7 @@ defmodule Pleroma.Signature do
   end
 
   def refetch_public_key(conn) do
-    with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
-         {:ok, actor_id} <- key_id_to_actor_id(kid),
+    with {:ok, actor_id} <- get_actor_id(conn),
          {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id),
          {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do
       {:ok, public_key}
@@ -59,6 +57,16 @@ defmodule Pleroma.Signature do
     end
   end
 
+  def get_actor_id(conn) do
+    with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
+         {:ok, actor_id} <- key_id_to_actor_id(kid) do
+      {:ok, actor_id}
+    else
+      e ->
+        {:error, e}
+    end
+  end
+
   def sign(%User{} = user, headers) do
     with {:ok, %{keys: keys}} <- User.ensure_keys_present(user),
          {:ok, private_key, _} <- Keys.keys_from_pem(keys) do

lib/pleroma/web/mastodon_api/views/instance_view.ex

@@ -105,6 +105,7 @@ defmodule Pleroma.Web.MastodonAPI.InstanceView do
 
   def federation do
     quarantined = Config.get([:instance, :quarantined_instances], [])
+    rejected = Config.get([:instance, :rejected_instances], [])
 
     if Config.get([:mrf, :transparency]) do
       {:ok, data} = MRF.describe()
@@ -124,6 +125,12 @@ defmodule Pleroma.Web.MastodonAPI.InstanceView do
           |> Enum.map(fn {instance, reason} -> {instance, %{"reason" => reason}} end)
           |> Map.new()
       })
+      |> Map.put(
+        :rejected_instances,
+        rejected
+        |> Enum.map(fn {instance, reason} -> {instance, %{"reason" => reason}} end)
+        |> Map.new()
+      )
     else
       %{}
     end

lib/pleroma/web/plugs/http_signature_plug.ex

@@ -5,6 +5,10 @@
 defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
   import Plug.Conn
   import Phoenix.Controller, only: [get_format: 1, text: 2]
+
+  alias Pleroma.Config
+  alias Pleroma.Web.ActivityPub.MRF
+
   require Logger
 
   def init(options) do
@@ -19,7 +23,9 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
     if get_format(conn) == "activity+json" do
       conn
       |> maybe_assign_valid_signature()
+      |> maybe_assign_actor_id()
       |> maybe_require_signature()
+      |> maybe_filter_requests()
     else
       conn
     end
@@ -46,6 +52,16 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
     end
   end
 
+  defp maybe_assign_actor_id(%{assigns: %{valid_signature: true}} = conn) do
+    adapter = Application.get_env(:http_signatures, :adapter)
+
+    {:ok, actor_id} = adapter.get_actor_id(conn)
+
+    assign(conn, :actor_id, actor_id)
+  end
+
+  defp maybe_assign_actor_id(conn), do: conn
+
   defp has_signature_header?(conn) do
     conn |> get_req_header("signature") |> Enum.at(0, false)
   end
@@ -62,4 +78,28 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
       conn
     end
   end
+
+  defp maybe_filter_requests(%{halted: true} = conn), do: conn
+
+  defp maybe_filter_requests(conn) do
+    if Pleroma.Config.get([:activitypub, :authorized_fetch_mode], false) do
+      %{host: host} = URI.parse(conn.assigns.actor_id)
+
+      if MRF.subdomain_match?(rejected_domains(), host) do
+        conn
+        |> put_status(:unauthorized)
+        |> halt()
+      else
+        conn
+      end
+    else
+      conn
+    end
+  end
+
+  defp rejected_domains do
+    Config.get([:instance, :rejected_instances])
+    |> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples()
+    |> Pleroma.Web.ActivityPub.MRF.subdomains_regex()
+  end
 end