From f26509bf1621f05e6188df75e5f27d1c8ec77593 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Fri, 21 Feb 2025 17:38:55 -0800
Subject: [PATCH] Fix missing check for domain presence in rich media
 ignore_host configuration

---
 changelog.d/rich-media-ignore-host.fix    |  1 +
 lib/pleroma/web/rich_media/card.ex        | 14 ++++++++++----
 test/pleroma/web/rich_media/card_test.exs | 19 +++++++++++++++++++
 3 files changed, 30 insertions(+), 4 deletions(-)
 create mode 100644 changelog.d/rich-media-ignore-host.fix

diff --git a/changelog.d/rich-media-ignore-host.fix b/changelog.d/rich-media-ignore-host.fix
new file mode 100644
index 000000000..b70866ac7
--- /dev/null
+++ b/changelog.d/rich-media-ignore-host.fix
@@ -0,0 +1 @@
+Fix missing check for domain presence in rich media ignore_host configuration
diff --git a/lib/pleroma/web/rich_media/card.ex b/lib/pleroma/web/rich_media/card.ex
index abad4957e..6b4bb9555 100644
--- a/lib/pleroma/web/rich_media/card.ex
+++ b/lib/pleroma/web/rich_media/card.ex
@@ -54,7 +54,10 @@ defmodule Pleroma.Web.RichMedia.Card do
 
   @spec get_by_url(String.t() | nil) :: t() | nil | :error
   def get_by_url(url) when is_binary(url) do
-    if @config_impl.get([:rich_media, :enabled]) do
+    host = URI.parse(url).host
+
+    with true <- @config_impl.get([:rich_media, :enabled]),
+         true <- host not in @config_impl.get([:rich_media, :ignore_hosts], []) do
       url_hash = url_to_hash(url)
 
       @cachex.fetch!(:rich_media_cache, url_hash, fn _ ->
@@ -69,7 +72,7 @@ defmodule Pleroma.Web.RichMedia.Card do
         end
       end)
     else
-      :error
+      false -> :error
     end
   end
 
@@ -77,7 +80,10 @@ defmodule Pleroma.Web.RichMedia.Card do
 
   @spec get_or_backfill_by_url(String.t(), keyword()) :: t() | nil
   def get_or_backfill_by_url(url, opts \\ []) do
-    if @config_impl.get([:rich_media, :enabled]) do
+    host = URI.parse(url).host
+
+    with true <- @config_impl.get([:rich_media, :enabled]),
+         true <- host not in @config_impl.get([:rich_media, :ignore_hosts], []) do
       case get_by_url(url) do
         %__MODULE__{} = card ->
           card
@@ -94,7 +100,7 @@ defmodule Pleroma.Web.RichMedia.Card do
           nil
       end
     else
-      nil
+      false -> nil
     end
   end
 
diff --git a/test/pleroma/web/rich_media/card_test.exs b/test/pleroma/web/rich_media/card_test.exs
index 387defc8c..c69f85323 100644
--- a/test/pleroma/web/rich_media/card_test.exs
+++ b/test/pleroma/web/rich_media/card_test.exs
@@ -83,4 +83,23 @@ defmodule Pleroma.Web.RichMedia.CardTest do
              Card.get_by_activity(activity)
            )
   end
+
+  test "refuses to crawl URL in activity from ignored host/domain" do
+    clear_config([:rich_media, :ignore_hosts], ["example.com"])
+
+    user = insert(:user)
+
+    url = "https://example.com/ogp"
+
+    {:ok, activity} =
+      CommonAPI.post(user, %{
+        status: "[test](#{url})",
+        content_type: "text/markdown"
+      })
+
+    refute_enqueued(
+      worker: RichMediaWorker,
+      args: %{"url" => url, "activity_id" => activity.id}
+    )
+  end
 end