Add option to restrict all users to local content

This commit is contained in:
Egor Kislitsyn 2019-06-11 21:25:53 +07:00
parent 3235923276
commit 6f29865d43
7 changed files with 59 additions and 39 deletions

View file

@ -28,7 +28,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Configuration: `notify_email` option - Configuration: `notify_email` option
- Configuration: Media proxy `whitelist` option - Configuration: Media proxy `whitelist` option
- Configuration: `report_uri` option - Configuration: `report_uri` option
- Configuration: `limit_unauthenticated_to_local_content` option - Configuration: `limit_to_local_content` option
- Pleroma API: User subscriptions - Pleroma API: User subscriptions
- Pleroma API: Healthcheck endpoint - Pleroma API: Healthcheck endpoint
- Pleroma API: `/api/v1/pleroma/mascot` per-user frontend mascot configuration endpoints - Pleroma API: `/api/v1/pleroma/mascot` per-user frontend mascot configuration endpoints

View file

@ -245,7 +245,7 @@ config :pleroma, :instance,
healthcheck: false, healthcheck: false,
remote_post_retention_days: 90, remote_post_retention_days: 90,
skip_thread_containment: true, skip_thread_containment: true,
limit_unauthenticated_to_local_content: true limit_to_local_content: :unauthenticated
config :pleroma, :markup, config :pleroma, :markup,
# XXX - unfortunately, inline images must be enabled by default right now, because # XXX - unfortunately, inline images must be enabled by default right now, because

View file

@ -112,7 +112,8 @@ config :pleroma, Pleroma.Emails.Mailer,
* `healthcheck`: If set to true, system data will be shown on ``/api/pleroma/healthcheck``. * `healthcheck`: If set to true, system data will be shown on ``/api/pleroma/healthcheck``.
* `remote_post_retention_days`: The default amount of days to retain remote posts when pruning the database. * `remote_post_retention_days`: The default amount of days to retain remote posts when pruning the database.
* `skip_thread_containment`: Skip filter out broken threads. The default is `false`. * `skip_thread_containment`: Skip filter out broken threads. The default is `false`.
* `limit_unauthenticated_to_local_content`: Limit unauthenticated users to search for local statutes and users only. The default is `true`. * `limit_to_local_content`: Limit unauthenticated users to search for local statutes and users only. Possible values: `:unauthenticated`, `:all` and `false`. The default is `:unauthenticated`.
## :logger ## :logger
* `backends`: `:console` is used to send logs to stdout, `{ExSyslogger, :ex_syslogger}` to log to syslog, and `Quack.Logger` to log to Slack * `backends`: `:console` is used to send logs to stdout, `{ExSyslogger, :ex_syslogger}` to log to syslog, and `Quack.Logger` to log to Slack

View file

@ -56,18 +56,19 @@ defmodule Pleroma.Activity.Search do
) )
end end
# users can search everything defp maybe_restrict_local(q, user) do
defp maybe_restrict_local(q, %User{}), do: q limit = Pleroma.Config.get([:instance, :limit_to_local_content], :unauthenticated)
# unauthenticated users can only search local activities case {limit, user} do
defp maybe_restrict_local(q, _) do {:all, _} -> restrict_local(q)
if Pleroma.Config.get([:instance, :limit_unauthenticated_to_local_content], true) do {:unauthenticated, %User{}} -> q
where(q, local: true) {:unauthenticated, _} -> restrict_local(q)
else {false, _} -> q
q
end end
end end
defp restrict_local(q), do: where(q, local: true)
defp maybe_fetch(activities, user, search_query) do defp maybe_fetch(activities, user, search_query) do
with true <- Regex.match?(~r/https?:/, search_query), with true <- Regex.match?(~r/https?:/, search_query),
{:ok, object} <- Fetcher.fetch_object_from_id(search_query), {:ok, object} <- Fetcher.fetch_object_from_id(search_query),

View file

@ -28,16 +28,6 @@ defmodule Pleroma.User.Search do
results results
end end
defp maybe_resolve(true, %User{}, query) do
User.get_or_fetch(query)
end
defp maybe_resolve(true, _, query) do
unless restrict_local?(), do: User.get_or_fetch(query)
end
defp maybe_resolve(_, _, _), do: :noop
defp search_query(query, for_user) do defp search_query(query, for_user) do
query query
|> union_query() |> union_query()
@ -49,10 +39,6 @@ defmodule Pleroma.User.Search do
|> maybe_restrict_local(for_user) |> maybe_restrict_local(for_user)
end end
defp restrict_local? do
Pleroma.Config.get([:instance, :limit_unauthenticated_to_local_content], true)
end
defp union_query(query) do defp union_query(query) do
fts_subquery = fts_search_subquery(query) fts_subquery = fts_search_subquery(query)
trigram_subquery = trigram_search_subquery(query) trigram_subquery = trigram_search_subquery(query)
@ -64,17 +50,30 @@ defmodule Pleroma.User.Search do
from(s in subquery(q), order_by: s.search_type, distinct: s.id) from(s in subquery(q), order_by: s.search_type, distinct: s.id)
end end
# unauthenticated users can only search local activities defp maybe_resolve(true, user, query) do
defp maybe_restrict_local(q, %User{}), do: q case {limit(), user} do
{:all, _} -> :noop
defp maybe_restrict_local(q, _) do {:unauthenticated, %User{}} -> User.get_or_fetch(query)
if restrict_local?() do {:unauthenticated, _} -> :noop
where(q, [u], u.local == true) {false, _} -> User.get_or_fetch(query)
else
q
end end
end end
defp maybe_resolve(_, _, _), do: :noop
defp maybe_restrict_local(q, user) do
case {limit(), user} do
{:all, _} -> restrict_local(q)
{:unauthenticated, %User{}} -> q
{:unauthenticated, _} -> restrict_local(q)
{false, _} -> q
end
end
defp limit, do: Pleroma.Config.get([:instance, :limit_to_local_content], :unauthenticated)
defp restrict_local(q), do: where(q, [u], u.local == true)
defp boost_search_rank_query(query, nil), do: query defp boost_search_rank_query(query, nil), do: query
defp boost_search_rank_query(query, for_user) do defp boost_search_rank_query(query, for_user) do

View file

@ -139,18 +139,25 @@ defmodule Pleroma.ActivityTest do
assert [^local_activity] = Activity.search(nil, "find me") assert [^local_activity] = Activity.search(nil, "find me")
end end
test "find all statuses for unauthenticated users when `limit_unauthenticated_to_local_content` is `false`", test "find only local statuses for unauthenticated users when `limit_to_local_content` is `:all`",
%{local_activity: local_activity} do
Pleroma.Config.put([:instance, :limit_to_local_content], :all)
assert [^local_activity] = Activity.search(nil, "find me")
Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
end
test "find all statuses for unauthenticated users when `limit_to_local_content` is `false`",
%{ %{
local_activity: local_activity, local_activity: local_activity,
remote_activity: remote_activity remote_activity: remote_activity
} do } do
Pleroma.Config.put([:instance, :limit_unauthenticated_to_local_content], false) Pleroma.Config.put([:instance, :limit_to_local_content], false)
activities = Enum.sort_by(Activity.search(nil, "find me"), & &1.id) activities = Enum.sort_by(Activity.search(nil, "find me"), & &1.id)
assert [^local_activity, ^remote_activity] = activities assert [^local_activity, ^remote_activity] = activities
Pleroma.Config.put([:instance, :limit_unauthenticated_to_local_content], true) Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
end end
end end
end end

View file

@ -1099,8 +1099,20 @@ defmodule Pleroma.UserTest do
assert [%{id: ^id}] = User.search("lain") assert [%{id: ^id}] = User.search("lain")
end end
test "find all users for unauthenticated users when `limit_unauthenticated_to_local_content` is `false`" do test "find only local users for authenticated users when `limit_to_local_content` is `:all`" do
Pleroma.Config.put([:instance, :limit_unauthenticated_to_local_content], false) Pleroma.Config.put([:instance, :limit_to_local_content], :all)
%{id: id} = insert(:user, %{name: "lain"})
insert(:user, %{name: "ebn", nickname: "lain@mastodon.social", local: false})
insert(:user, %{nickname: "lain@pleroma.soykaf.com", local: false})
assert [%{id: ^id}] = User.search("lain")
Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
end
test "find all users for unauthenticated users when `limit_to_local_content` is `false`" do
Pleroma.Config.put([:instance, :limit_to_local_content], false)
u1 = insert(:user, %{name: "lain"}) u1 = insert(:user, %{name: "lain"})
u2 = insert(:user, %{name: "ebn", nickname: "lain@mastodon.social", local: false}) u2 = insert(:user, %{name: "ebn", nickname: "lain@mastodon.social", local: false})
@ -1114,7 +1126,7 @@ defmodule Pleroma.UserTest do
assert [u1.id, u2.id, u3.id] == results assert [u1.id, u2.id, u3.id] == results
Pleroma.Config.put([:instance, :limit_unauthenticated_to_local_content], true) Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
end end
test "finds a user whose name is nil" do test "finds a user whose name is nil" do