mirror
/
bridgy-fed
kopia lustrzana https://github.com/snarfed/bridgy-fed
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Web.send, ActivityPub.send: skip sending to blocklisted URLs 

for #597
pull/598/head
Ryan Barrett 2023-07-22 20:02:12 -10:00
rodzic ca1d0dcc01
commit 405ca4145f
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 6BE31FDF4776E9D4
4 zmienionych plików z 22 dodań i 1 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

4
activitypub.py
Wyświetl plik

@ -162,6 +162,10 @@ class ActivityPub(User, Protocol):
If `obj.recipient_obj` is set, it's interpreted as the receiving actor
who we're delivering to and its id is populated into `cc`.
"""
if is_blocklisted(url):
logger.info(f'Skipping sending to {url}')
return False
# this is set in web.webmention_task()
orig_obj = getattr(obj, 'orig_obj', None)
orig_as2 = orig_obj.as_as2() if orig_obj else None

6
tests/test_activitypub.py
Wyświetl plik

@ -1916,3 +1916,9 @@ class ActivityPubUtilsTest(TestCase):
}, source_protocol='ap')
self.assertEqual('http://mas.to/inbox', ActivityPub.target_for(obj))
mock_get.assert_has_calls([self.as2_req('http://the/author')])
@patch('requests.post')
def test_send_blocklisted(self, mock_post):
self.assertFalse(ActivityPub.send(Object(as2=NOTE),
'https://fed.brid.gy/ap/sharedInbox'))
mock_post.assert_not_called()

9
tests/test_web.py
Wyświetl plik

@ -2030,6 +2030,15 @@ class WebUtilTest(TestCase):
mock_get.assert_not_called()
mock_post.assert_not_called()
def test_send_blocklisted(self, mock_get, mock_post):
obj = Object(id='http://mas.to/like#ok', as2={
**test_activitypub.LIKE,
'object': 'https://fed.brid.gy/foo',
})
self.assertFalse(Web.send(obj, 'https://fed.brid.gy/foo'))
mock_get.assert_not_called()
mock_post.assert_not_called()
def test_send_errors(self, mock_get, mock_post):
for err in [
requests.HTTPError(response=util.Struct(status_code='429', text='')),

4
web.py
Wyświetl plik

@ -280,7 +280,9 @@ class Web(User, Protocol):
# to followers, we just update our stored objects (elsewhere) and web
# users consume them via feeds.
verb = obj.as1.get('verb')
if verb in ('accept', 'undo') or url not in as1.targets(obj.as1):
if (verb in ('accept', 'undo')
or url not in as1.targets(obj.as1)
or common.is_blocklisted(url)):
logger.info(f'Skipping sending to {url}')
return False