mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-03-13 07:02:41 +00:00
Allow disabling C2S ActivityPub API
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
This commit is contained in:
marcin mikołajczak
parent
ad953143bb
commit
309d22aca2
5 changed files with 83 additions and 1 deletions
|
|
@ -359,7 +359,8 @@ config :pleroma, :activitypub,
|
||||||
follow_handshake_timeout: 500,
|
follow_handshake_timeout: 500,
|
||||||
note_replies_output_limit: 5,
|
note_replies_output_limit: 5,
|
||||||
sign_object_fetches: true,
|
sign_object_fetches: true,
|
||||||
authorized_fetch_mode: false
|
authorized_fetch_mode: false,
|
||||||
|
client_api_enabled: true
|
||||||
|
|
||||||
config :pleroma, :streamer,
|
config :pleroma, :streamer,
|
||||||
workers: 3,
|
workers: 3,
|
||||||
|
|
|
||||||
|
|
@ -1772,6 +1772,11 @@ config :pleroma, :config_description, [
|
||||||
type: :integer,
|
type: :integer,
|
||||||
description: "Following handshake timeout",
|
description: "Following handshake timeout",
|
||||||
suggestions: [500]
|
suggestions: [500]
|
||||||
|
},
|
||||||
|
%{
|
||||||
|
key: :client_api_enabled,
|
||||||
|
type: :boolean,
|
||||||
|
description: "Allow client to server ActivityPub interactions"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
|
||||||
34
lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex
Normal file
34
lib/pleroma/web/plugs/ap_client_api_enabled_plug.ex
Normal file
|
|
@ -0,0 +1,34 @@
|
||||||
|
# Pleroma: A lightweight social networking server
|
||||||
|
# Copyright © 2017-2024 Pleroma Authors <https://pleroma.social/>
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
|
defmodule Pleroma.Web.Plugs.APClientApiEnabledPlug do
|
||||||
|
import Plug.Conn
|
||||||
|
import Phoenix.Controller, only: [text: 2]
|
||||||
|
|
||||||
|
@config_impl Application.compile_env(:pleroma, [__MODULE__, :config_impl], Pleroma.Config)
|
||||||
|
@enabled_path [:activitypub, :client_api_enabled]
|
||||||
|
|
||||||
|
def init(options \\ []), do: Map.new(options)
|
||||||
|
|
||||||
|
def call(conn, %{allow_server: true}) do
|
||||||
|
if @config_impl.get(@enabled_path, false) do
|
||||||
|
conn
|
||||||
|
else
|
||||||
|
conn
|
||||||
|
|> assign(:user, nil)
|
||||||
|
|> assign(:token, nil)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def call(conn, _) do
|
||||||
|
if @config_impl.get(@enabled_path, false) do
|
||||||
|
conn
|
||||||
|
else
|
||||||
|
conn
|
||||||
|
|> put_status(:forbidden)
|
||||||
|
|> text("C2S not enabled")
|
||||||
|
|> halt()
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
@ -902,6 +902,7 @@ defmodule Pleroma.Web.Router do
|
||||||
# Client to Server (C2S) AP interactions
|
# Client to Server (C2S) AP interactions
|
||||||
pipeline :activitypub_client do
|
pipeline :activitypub_client do
|
||||||
plug(:ap_service_actor)
|
plug(:ap_service_actor)
|
||||||
|
plug(Pleroma.Web.Plugs.APClientApiEnabledPlug)
|
||||||
plug(:fetch_session)
|
plug(:fetch_session)
|
||||||
plug(:authenticate)
|
plug(:authenticate)
|
||||||
plug(:after_auth)
|
plug(:after_auth)
|
||||||
|
|
@ -912,6 +913,7 @@ defmodule Pleroma.Web.Router do
|
||||||
plug(:ap_service_actor)
|
plug(:ap_service_actor)
|
||||||
plug(:fetch_session)
|
plug(:fetch_session)
|
||||||
plug(:authenticate)
|
plug(:authenticate)
|
||||||
|
plug(Pleroma.Web.Plugs.APClientApiEnabledPlug, allow_server: true)
|
||||||
plug(:after_auth)
|
plug(:after_auth)
|
||||||
plug(:http_signature)
|
plug(:http_signature)
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -1416,6 +1416,22 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
||||||
assert %{"orderedItems" => []} = resp
|
assert %{"orderedItems" => []} = resp
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it does not return a local note activity when C2S API is disabled", %{conn: conn} do
|
||||||
|
clear_config([:activitypub, :client_api_enabled], false)
|
||||||
|
user = insert(:user)
|
||||||
|
reader = insert(:user)
|
||||||
|
{:ok, _note_activity} = CommonAPI.post(user, %{status: "mew mew", visibility: "local"})
|
||||||
|
|
||||||
|
resp =
|
||||||
|
conn
|
||||||
|
|> assign(:user, reader)
|
||||||
|
|> put_req_header("accept", "application/activity+json")
|
||||||
|
|> get("/users/#{user.nickname}/outbox?page=true")
|
||||||
|
|> json_response(200)
|
||||||
|
|
||||||
|
assert %{"orderedItems" => []} = resp
|
||||||
|
end
|
||||||
|
|
||||||
test "it returns a note activity in a collection", %{conn: conn} do
|
test "it returns a note activity in a collection", %{conn: conn} do
|
||||||
note_activity = insert(:note_activity)
|
note_activity = insert(:note_activity)
|
||||||
note_object = Object.normalize(note_activity, fetch: false)
|
note_object = Object.normalize(note_activity, fetch: false)
|
||||||
|
|
@ -2144,6 +2160,30 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
|
||||||
|> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
|
|> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
|
||||||
|> json_response(403)
|
|> json_response(403)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "they don't work when C2S API is disabled", %{conn: conn} do
|
||||||
|
clear_config([:activitypub, :client_api_enabled], false)
|
||||||
|
|
||||||
|
user = insert(:user)
|
||||||
|
|
||||||
|
assert conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> get("/api/ap/whoami")
|
||||||
|
|> response(403)
|
||||||
|
|
||||||
|
desc = "Description of the image"
|
||||||
|
|
||||||
|
image = %Plug.Upload{
|
||||||
|
content_type: "image/jpeg",
|
||||||
|
path: Path.absname("test/fixtures/image.jpg"),
|
||||||
|
filename: "an_image.jpg"
|
||||||
|
}
|
||||||
|
|
||||||
|
assert conn
|
||||||
|
|> assign(:user, user)
|
||||||
|
|> post("/api/ap/upload_media", %{"file" => image, "description" => desc})
|
||||||
|
|> response(403)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
test "pinned collection", %{conn: conn} do
|
test "pinned collection", %{conn: conn} do
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue