Add reject pattern to Admin setting (Ported to Glitch Soc)

# Conflicts:
#	app/views/admin/settings/shared/_links.html.haml
#	config/routes/admin.rb
This commit is contained in:
noellabo 2024-02-16 16:14:23 +09:00 committed by Jeremy Kescher
parent e60d3df9bb
commit 5255bd08e0
No known key found for this signature in database
GPG key ID: 80A419A7A613DFA4
5 changed files with 29 additions and 1 deletions

View file

@ -46,8 +46,12 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
) )
end end
def reject_pattern?
Setting.reject_pattern.present? && @object['content']&.match?(Setting.reject_pattern)
end
def create_status def create_status
return reject_payload! if unsupported_object_type? || non_matching_uri_hosts?(@account.uri, object_uri) || tombstone_exists? || !related_to_local_activity? return reject_payload! if unsupported_object_type? || non_matching_uri_hosts?(@account.uri, object_uri) || tombstone_exists? || !related_to_local_activity? || reject_pattern?
with_redis_lock("create:#{object_uri}") do with_redis_lock("create:#{object_uri}") do
return if delete_arrived_first?(object_uri) || poll_vote? return if delete_arrived_first?(object_uri) || poll_vote?

View file

@ -45,6 +45,7 @@ class Form::AdminSettings
status_page_url status_page_url
captcha_enabled captcha_enabled
authorized_fetch authorized_fetch
reject_pattern
).freeze ).freeze
INTEGER_KEYS = %i( INTEGER_KEYS = %i(
@ -95,6 +96,7 @@ class Form::AdminSettings
validates :show_domain_blocks_rationale, inclusion: { in: %w(disabled users all) }, if: -> { defined?(@show_domain_blocks_rationale) } validates :show_domain_blocks_rationale, inclusion: { in: %w(disabled users all) }, if: -> { defined?(@show_domain_blocks_rationale) }
validates :media_cache_retention_period, :content_cache_retention_period, :backups_retention_period, numericality: { only_integer: true }, allow_blank: true, if: -> { defined?(@media_cache_retention_period) || defined?(@content_cache_retention_period) || defined?(@backups_retention_period) } validates :media_cache_retention_period, :content_cache_retention_period, :backups_retention_period, numericality: { only_integer: true }, allow_blank: true, if: -> { defined?(@media_cache_retention_period) || defined?(@content_cache_retention_period) || defined?(@backups_retention_period) }
validates :site_short_description, length: { maximum: 200 }, if: -> { defined?(@site_short_description) } validates :site_short_description, length: { maximum: 200 }, if: -> { defined?(@site_short_description) }
validates :reject_pattern, regexp_syntax: true, if: -> { defined?(@reject_pattern) }
validates :status_page_url, url: true, allow_blank: true validates :status_page_url, url: true, allow_blank: true
validate :validate_site_uploads validate :validate_site_uploads

View file

@ -0,0 +1,13 @@
# frozen_string_literal: true
class RegexpSyntaxValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value)
return if value.blank?
begin
Regexp.compile(value)
rescue RegexpError => e
record.errors.add(attribute, I18n.t('applications.invalid_regexp', message: e.message))
end
end
end

View file

@ -766,6 +766,10 @@ en:
all: To everyone all: To everyone
disabled: To no one disabled: To no one
users: To logged-in local users users: To logged-in local users
others:
activitypub: ActivityPub
preamble: Other settings, including customizing behavior
title: Other settings
registrations: registrations:
preamble: Control who can create an account on your server. preamble: Control who can create an account on your server.
title: Registrations title: Registrations
@ -774,6 +778,9 @@ en:
approved: Approval required for sign up approved: Approval required for sign up
none: Nobody can sign up none: Nobody can sign up
open: Anyone can sign up open: Anyone can sign up
reject_pattern:
desc_html: Set a regular expression pattern to inspect Create Activity content, and refuse Activity if you match
title: Reject Pattern
security: security:
authorized_fetch: Require authentication from federated servers authorized_fetch: Require authentication from federated servers
authorized_fetch_hint: Requiring authentication from federated servers enables stricter enforcement of both user-level and server-level blocks. However, this comes at the cost of a performance penalty, reduces the reach of your replies, and may introduce compatibility issues with some federated services. In addition, this will not prevent dedicated actors from fetching your public posts and accounts. authorized_fetch_hint: Requiring authentication from federated servers enables stricter enforcement of both user-level and server-level blocks. However, this comes at the cost of a performance penalty, reduces the reach of your replies, and may introduce compatibility issues with some federated services. In addition, this will not prevent dedicated actors from fetching your public posts and accounts.
@ -1029,6 +1036,7 @@ en:
applications: applications:
created: Application successfully created created: Application successfully created
destroyed: Application successfully deleted destroyed: Application successfully deleted
invalid_regexp: "The provided Regexp is invalid: %{message}"
logout: Logout logout: Logout
regenerate_token: Regenerate access token regenerate_token: Regenerate access token
token_regenerated: Access token successfully regenerated token_regenerated: Access token successfully regenerated

View file

@ -46,6 +46,7 @@ defaults: &defaults
require_invite_text: false require_invite_text: false
backups_retention_period: 7 backups_retention_period: 7
captcha_enabled: false captcha_enabled: false
reject_pattern: ''
development: development:
<<: *defaults <<: *defaults