2020-04-14 16:59:04 +00:00
|
|
|
|
# Pleroma: A lightweight social networking server
|
2021-01-13 06:49:20 +00:00
|
|
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
2020-04-14 16:59:04 +00:00
|
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
|
|
|
|
defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
|
|
|
|
|
require Logger
|
|
|
|
|
|
|
|
|
|
alias Pleroma.Config
|
2024-03-08 02:06:40 +00:00
|
|
|
|
alias Pleroma.Emoji.Pack
|
2020-04-14 16:59:04 +00:00
|
|
|
|
|
|
|
|
|
@moduledoc "Detect new emojis by their shortcode and steals them"
|
2021-06-07 19:22:08 +00:00
|
|
|
|
@behaviour Pleroma.Web.ActivityPub.MRF.Policy
|
2020-04-14 16:59:04 +00:00
|
|
|
|
|
2024-03-08 02:06:40 +00:00
|
|
|
|
@pack_name "stolen"
|
|
|
|
|
|
2024-03-10 00:35:35 +00:00
|
|
|
|
# Config defaults
|
|
|
|
|
@size_limit 50_000
|
|
|
|
|
@download_unknown_size false
|
|
|
|
|
|
2024-03-08 02:06:40 +00:00
|
|
|
|
defp create_pack() do
|
|
|
|
|
with {:ok, pack} = Pack.create(@pack_name) do
|
|
|
|
|
Pack.save_metadata(
|
|
|
|
|
%{
|
|
|
|
|
"description" => "Collection of emoji auto-stolen from other instances",
|
|
|
|
|
"homepage" => Pleroma.Web.Endpoint.url(),
|
|
|
|
|
"can-download" => false,
|
|
|
|
|
"share-files" => false
|
|
|
|
|
},
|
|
|
|
|
pack
|
|
|
|
|
)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
defp load_or_create_pack() do
|
|
|
|
|
case Pack.load_pack(@pack_name) do
|
|
|
|
|
{:ok, pack} -> {:ok, pack}
|
|
|
|
|
{:error, :enoent} -> create_pack()
|
|
|
|
|
e -> e
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
defp add_emoji(shortcode, extension, filedata) do
|
|
|
|
|
{:ok, pack} = load_or_create_pack()
|
2024-03-09 21:41:26 +00:00
|
|
|
|
# Make final path infeasible to predict to thwart certain kinds of attacks
|
|
|
|
|
# (48 bits is slighty more than 8 base62 chars, thus 9 chars)
|
|
|
|
|
salt =
|
|
|
|
|
:crypto.strong_rand_bytes(6)
|
|
|
|
|
|> :crypto.bytes_to_integer()
|
|
|
|
|
|> Base62.encode()
|
|
|
|
|
|> String.pad_leading(9, "0")
|
|
|
|
|
|
|
|
|
|
filename = shortcode <> "-" <> salt <> "." <> extension
|
|
|
|
|
|
2024-03-08 02:06:40 +00:00
|
|
|
|
Pack.add_file(pack, shortcode, filename, filedata)
|
|
|
|
|
end
|
|
|
|
|
|
2020-04-14 16:59:04 +00:00
|
|
|
|
defp accept_host?(host), do: host in Config.get([:mrf_steal_emoji, :hosts], [])
|
|
|
|
|
|
2022-05-18 19:25:10 +00:00
|
|
|
|
defp shortcode_matches?(shortcode, pattern) when is_binary(pattern) do
|
|
|
|
|
shortcode == pattern
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
defp shortcode_matches?(shortcode, pattern) do
|
|
|
|
|
String.match?(shortcode, pattern)
|
|
|
|
|
end
|
|
|
|
|
|
2024-02-20 20:11:26 +00:00
|
|
|
|
defp reject_emoji?({shortcode, _url}, installed_emoji) do
|
|
|
|
|
valid_shortcode? = String.match?(shortcode, ~r/^[a-zA-Z0-9_-]+$/)
|
|
|
|
|
|
|
|
|
|
rejected_shortcode? =
|
|
|
|
|
[:mrf_steal_emoji, :rejected_shortcodes]
|
|
|
|
|
|> Config.get([])
|
|
|
|
|
|> Enum.any?(fn pattern -> shortcode_matches?(shortcode, pattern) end)
|
|
|
|
|
|
|
|
|
|
emoji_installed? = Enum.member?(installed_emoji, shortcode)
|
|
|
|
|
|
|
|
|
|
!valid_shortcode? or rejected_shortcode? or emoji_installed?
|
|
|
|
|
end
|
|
|
|
|
|
2024-03-08 02:06:40 +00:00
|
|
|
|
defp steal_emoji(%{} = response, {shortcode, extension}) do
|
|
|
|
|
case add_emoji(shortcode, extension, response.body) do
|
|
|
|
|
{:ok, _} ->
|
2024-03-07 12:07:02 +00:00
|
|
|
|
shortcode
|
|
|
|
|
|
|
|
|
|
e ->
|
2024-03-08 02:06:40 +00:00
|
|
|
|
Logger.warning(
|
2024-03-09 21:41:26 +00:00
|
|
|
|
"MRF.StealEmojiPolicy: Failed to add #{shortcode} as #{extension}: #{inspect(e)}"
|
2024-03-08 02:06:40 +00:00
|
|
|
|
)
|
|
|
|
|
|
2024-03-07 12:07:02 +00:00
|
|
|
|
nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2024-03-07 22:35:05 +00:00
|
|
|
|
defp get_extension_if_safe(response) do
|
|
|
|
|
content_type =
|
|
|
|
|
:proplists.get_value("content-type", response.headers, MIME.from_path(response.url))
|
|
|
|
|
|
|
|
|
|
case content_type do
|
|
|
|
|
"image/" <> _ -> List.first(MIME.extensions(content_type))
|
|
|
|
|
_ -> nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2024-06-05 18:03:29 +00:00
|
|
|
|
defp get_int_header(headers, header_name, default \\ nil) do
|
|
|
|
|
with rawval when rawval != :undefined <- :proplists.get_value(header_name, headers),
|
|
|
|
|
{int, ""} <- Integer.parse(rawval) do
|
|
|
|
|
int
|
|
|
|
|
else
|
|
|
|
|
_ -> default
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2024-03-10 00:35:35 +00:00
|
|
|
|
defp is_remote_size_within_limit?(url) do
|
|
|
|
|
with {:ok, %{status: status, headers: headers} = _response} when status in 200..299 <-
|
|
|
|
|
Pleroma.HTTP.request(:head, url, nil, [], []) do
|
2024-06-05 18:03:29 +00:00
|
|
|
|
content_length = get_int_header(headers, "content-length")
|
2024-03-10 00:35:35 +00:00
|
|
|
|
size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit)
|
|
|
|
|
|
|
|
|
|
accept_unknown =
|
|
|
|
|
Config.get([:mrf_steal_emoji, :download_unknown_size], @download_unknown_size)
|
|
|
|
|
|
|
|
|
|
content_length <= size_limit or
|
|
|
|
|
(content_length == nil and accept_unknown)
|
|
|
|
|
else
|
|
|
|
|
_ -> false
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2024-03-08 02:06:40 +00:00
|
|
|
|
defp maybe_steal_emoji({shortcode, url}) do
|
2020-04-14 16:59:04 +00:00
|
|
|
|
url = Pleroma.Web.MediaProxy.url(url)
|
|
|
|
|
|
2024-03-10 00:35:35 +00:00
|
|
|
|
with {:remote_size, true} <- {:remote_size, is_remote_size_within_limit?(url)},
|
|
|
|
|
{:ok, %{status: status} = response} when status in 200..299 <- Pleroma.HTTP.get(url) do
|
|
|
|
|
size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit)
|
2024-03-07 22:35:05 +00:00
|
|
|
|
extension = get_extension_if_safe(response)
|
2020-12-25 08:30:36 +00:00
|
|
|
|
|
2024-03-07 22:35:05 +00:00
|
|
|
|
if byte_size(response.body) <= size_limit and extension do
|
2024-03-08 02:06:40 +00:00
|
|
|
|
steal_emoji(response, {shortcode, extension})
|
2020-12-24 17:27:28 +00:00
|
|
|
|
else
|
2020-12-25 08:30:36 +00:00
|
|
|
|
Logger.debug(
|
2021-10-06 06:08:21 +00:00
|
|
|
|
"MRF.StealEmojiPolicy: :#{shortcode}: at #{url} (#{byte_size(response.body)} B) over size limit (#{size_limit} B)"
|
2020-12-25 08:30:36 +00:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
nil
|
2020-04-14 16:59:04 +00:00
|
|
|
|
end
|
|
|
|
|
else
|
2020-12-25 08:30:36 +00:00
|
|
|
|
e ->
|
2023-08-01 10:43:50 +00:00
|
|
|
|
Logger.warning("MRF.StealEmojiPolicy: Failed to fetch #{url}: #{inspect(e)}")
|
2020-12-25 08:30:36 +00:00
|
|
|
|
nil
|
2020-04-14 16:59:04 +00:00
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
@impl true
|
|
|
|
|
def filter(%{"object" => %{"emoji" => foreign_emojis, "actor" => actor}} = message) do
|
|
|
|
|
host = URI.parse(actor).host
|
|
|
|
|
|
2020-12-25 08:30:36 +00:00
|
|
|
|
if host != Pleroma.Web.Endpoint.host() and accept_host?(host) do
|
2020-04-14 16:59:04 +00:00
|
|
|
|
installed_emoji = Pleroma.Emoji.get_all() |> Enum.map(fn {k, _} -> k end)
|
|
|
|
|
|
|
|
|
|
new_emojis =
|
|
|
|
|
foreign_emojis
|
2024-02-20 20:11:26 +00:00
|
|
|
|
|> Enum.reject(&reject_emoji?(&1, installed_emoji))
|
2024-03-08 02:06:40 +00:00
|
|
|
|
|> Enum.map(&maybe_steal_emoji(&1))
|
2020-04-14 16:59:04 +00:00
|
|
|
|
|> Enum.filter(& &1)
|
|
|
|
|
|
|
|
|
|
if !Enum.empty?(new_emojis) do
|
|
|
|
|
Logger.info("Stole new emojis: #{inspect(new_emojis)}")
|
|
|
|
|
Pleroma.Emoji.reload()
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
{:ok, message}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def filter(message), do: {:ok, message}
|
|
|
|
|
|
2021-08-14 16:08:39 +00:00
|
|
|
|
@impl true
|
|
|
|
|
@spec config_description :: %{
|
|
|
|
|
children: [
|
|
|
|
|
%{
|
|
|
|
|
description: <<_::272, _::_*256>>,
|
|
|
|
|
key: :hosts | :rejected_shortcodes | :size_limit,
|
|
|
|
|
suggestions: [any(), ...],
|
2024-06-05 18:09:52 +00:00
|
|
|
|
type: {:list, :string} | {:list, :string} | :integer | :boolean
|
2021-08-14 16:08:39 +00:00
|
|
|
|
},
|
|
|
|
|
...
|
|
|
|
|
],
|
|
|
|
|
description: <<_::448>>,
|
|
|
|
|
key: :mrf_steal_emoji,
|
|
|
|
|
label: <<_::80>>,
|
|
|
|
|
related_policy: <<_::352>>
|
|
|
|
|
}
|
|
|
|
|
def config_description do
|
|
|
|
|
%{
|
|
|
|
|
key: :mrf_steal_emoji,
|
|
|
|
|
related_policy: "Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy",
|
|
|
|
|
label: "MRF Emojis",
|
|
|
|
|
description: "Steals emojis from selected instances when it sees them.",
|
|
|
|
|
children: [
|
|
|
|
|
%{
|
|
|
|
|
key: :hosts,
|
|
|
|
|
type: {:list, :string},
|
|
|
|
|
description: "List of hosts to steal emojis from",
|
|
|
|
|
suggestions: [""]
|
|
|
|
|
},
|
|
|
|
|
%{
|
|
|
|
|
key: :rejected_shortcodes,
|
|
|
|
|
type: {:list, :string},
|
2022-05-18 19:25:10 +00:00
|
|
|
|
description: """
|
|
|
|
|
A list of patterns or matches to reject shortcodes with.
|
|
|
|
|
|
|
|
|
|
Each pattern can be a string or [Regex](https://hexdocs.pm/elixir/Regex.html) in the format of `~r/PATTERN/`.
|
|
|
|
|
""",
|
|
|
|
|
suggestions: ["foo", ~r/foo/]
|
2021-08-14 16:08:39 +00:00
|
|
|
|
},
|
|
|
|
|
%{
|
|
|
|
|
key: :size_limit,
|
|
|
|
|
type: :integer,
|
|
|
|
|
description: "File size limit (in bytes), checked before an emoji is saved to the disk",
|
|
|
|
|
suggestions: ["100000"]
|
2024-06-05 18:09:52 +00:00
|
|
|
|
},
|
|
|
|
|
%{
|
|
|
|
|
key: :download_unknown_size,
|
|
|
|
|
type: :boolean,
|
|
|
|
|
description: "Whether to download emoji if size can't be determined ahead of time",
|
|
|
|
|
suggestions: [false, true]
|
2021-08-14 16:08:39 +00:00
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
2020-04-14 16:59:04 +00:00
|
|
|
|
@impl true
|
|
|
|
|
def describe do
|
|
|
|
|
{:ok, %{}}
|
|
|
|
|
end
|
|
|
|
|
end
|