Add option to restrict all users to local content
This commit is contained in:
parent
3235923276
commit
6f29865d43
|
@ -28,7 +28,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
- Configuration: `notify_email` option
|
- Configuration: `notify_email` option
|
||||||
- Configuration: Media proxy `whitelist` option
|
- Configuration: Media proxy `whitelist` option
|
||||||
- Configuration: `report_uri` option
|
- Configuration: `report_uri` option
|
||||||
- Configuration: `limit_unauthenticated_to_local_content` option
|
- Configuration: `limit_to_local_content` option
|
||||||
- Pleroma API: User subscriptions
|
- Pleroma API: User subscriptions
|
||||||
- Pleroma API: Healthcheck endpoint
|
- Pleroma API: Healthcheck endpoint
|
||||||
- Pleroma API: `/api/v1/pleroma/mascot` per-user frontend mascot configuration endpoints
|
- Pleroma API: `/api/v1/pleroma/mascot` per-user frontend mascot configuration endpoints
|
||||||
|
|
|
@ -245,7 +245,7 @@
|
||||||
healthcheck: false,
|
healthcheck: false,
|
||||||
remote_post_retention_days: 90,
|
remote_post_retention_days: 90,
|
||||||
skip_thread_containment: true,
|
skip_thread_containment: true,
|
||||||
limit_unauthenticated_to_local_content: true
|
limit_to_local_content: :unauthenticated
|
||||||
|
|
||||||
config :pleroma, :markup,
|
config :pleroma, :markup,
|
||||||
# XXX - unfortunately, inline images must be enabled by default right now, because
|
# XXX - unfortunately, inline images must be enabled by default right now, because
|
||||||
|
|
|
@ -112,7 +112,8 @@ config :pleroma, Pleroma.Emails.Mailer,
|
||||||
* `healthcheck`: If set to true, system data will be shown on ``/api/pleroma/healthcheck``.
|
* `healthcheck`: If set to true, system data will be shown on ``/api/pleroma/healthcheck``.
|
||||||
* `remote_post_retention_days`: The default amount of days to retain remote posts when pruning the database.
|
* `remote_post_retention_days`: The default amount of days to retain remote posts when pruning the database.
|
||||||
* `skip_thread_containment`: Skip filter out broken threads. The default is `false`.
|
* `skip_thread_containment`: Skip filter out broken threads. The default is `false`.
|
||||||
* `limit_unauthenticated_to_local_content`: Limit unauthenticated users to search for local statutes and users only. The default is `true`.
|
* `limit_to_local_content`: Limit unauthenticated users to search for local statutes and users only. Possible values: `:unauthenticated`, `:all` and `false`. The default is `:unauthenticated`.
|
||||||
|
|
||||||
|
|
||||||
## :logger
|
## :logger
|
||||||
* `backends`: `:console` is used to send logs to stdout, `{ExSyslogger, :ex_syslogger}` to log to syslog, and `Quack.Logger` to log to Slack
|
* `backends`: `:console` is used to send logs to stdout, `{ExSyslogger, :ex_syslogger}` to log to syslog, and `Quack.Logger` to log to Slack
|
||||||
|
|
|
@ -56,18 +56,19 @@ defp query_with(q, :rum, search_query) do
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
# users can search everything
|
defp maybe_restrict_local(q, user) do
|
||||||
defp maybe_restrict_local(q, %User{}), do: q
|
limit = Pleroma.Config.get([:instance, :limit_to_local_content], :unauthenticated)
|
||||||
|
|
||||||
# unauthenticated users can only search local activities
|
case {limit, user} do
|
||||||
defp maybe_restrict_local(q, _) do
|
{:all, _} -> restrict_local(q)
|
||||||
if Pleroma.Config.get([:instance, :limit_unauthenticated_to_local_content], true) do
|
{:unauthenticated, %User{}} -> q
|
||||||
where(q, local: true)
|
{:unauthenticated, _} -> restrict_local(q)
|
||||||
else
|
{false, _} -> q
|
||||||
q
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp restrict_local(q), do: where(q, local: true)
|
||||||
|
|
||||||
defp maybe_fetch(activities, user, search_query) do
|
defp maybe_fetch(activities, user, search_query) do
|
||||||
with true <- Regex.match?(~r/https?:/, search_query),
|
with true <- Regex.match?(~r/https?:/, search_query),
|
||||||
{:ok, object} <- Fetcher.fetch_object_from_id(search_query),
|
{:ok, object} <- Fetcher.fetch_object_from_id(search_query),
|
||||||
|
|
|
@ -28,16 +28,6 @@ def search(query, opts \\ []) do
|
||||||
results
|
results
|
||||||
end
|
end
|
||||||
|
|
||||||
defp maybe_resolve(true, %User{}, query) do
|
|
||||||
User.get_or_fetch(query)
|
|
||||||
end
|
|
||||||
|
|
||||||
defp maybe_resolve(true, _, query) do
|
|
||||||
unless restrict_local?(), do: User.get_or_fetch(query)
|
|
||||||
end
|
|
||||||
|
|
||||||
defp maybe_resolve(_, _, _), do: :noop
|
|
||||||
|
|
||||||
defp search_query(query, for_user) do
|
defp search_query(query, for_user) do
|
||||||
query
|
query
|
||||||
|> union_query()
|
|> union_query()
|
||||||
|
@ -49,10 +39,6 @@ defp search_query(query, for_user) do
|
||||||
|> maybe_restrict_local(for_user)
|
|> maybe_restrict_local(for_user)
|
||||||
end
|
end
|
||||||
|
|
||||||
defp restrict_local? do
|
|
||||||
Pleroma.Config.get([:instance, :limit_unauthenticated_to_local_content], true)
|
|
||||||
end
|
|
||||||
|
|
||||||
defp union_query(query) do
|
defp union_query(query) do
|
||||||
fts_subquery = fts_search_subquery(query)
|
fts_subquery = fts_search_subquery(query)
|
||||||
trigram_subquery = trigram_search_subquery(query)
|
trigram_subquery = trigram_search_subquery(query)
|
||||||
|
@ -64,17 +50,30 @@ defp distinct_query(q) do
|
||||||
from(s in subquery(q), order_by: s.search_type, distinct: s.id)
|
from(s in subquery(q), order_by: s.search_type, distinct: s.id)
|
||||||
end
|
end
|
||||||
|
|
||||||
# unauthenticated users can only search local activities
|
defp maybe_resolve(true, user, query) do
|
||||||
defp maybe_restrict_local(q, %User{}), do: q
|
case {limit(), user} do
|
||||||
|
{:all, _} -> :noop
|
||||||
defp maybe_restrict_local(q, _) do
|
{:unauthenticated, %User{}} -> User.get_or_fetch(query)
|
||||||
if restrict_local?() do
|
{:unauthenticated, _} -> :noop
|
||||||
where(q, [u], u.local == true)
|
{false, _} -> User.get_or_fetch(query)
|
||||||
else
|
|
||||||
q
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp maybe_resolve(_, _, _), do: :noop
|
||||||
|
|
||||||
|
defp maybe_restrict_local(q, user) do
|
||||||
|
case {limit(), user} do
|
||||||
|
{:all, _} -> restrict_local(q)
|
||||||
|
{:unauthenticated, %User{}} -> q
|
||||||
|
{:unauthenticated, _} -> restrict_local(q)
|
||||||
|
{false, _} -> q
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
defp limit, do: Pleroma.Config.get([:instance, :limit_to_local_content], :unauthenticated)
|
||||||
|
|
||||||
|
defp restrict_local(q), do: where(q, [u], u.local == true)
|
||||||
|
|
||||||
defp boost_search_rank_query(query, nil), do: query
|
defp boost_search_rank_query(query, nil), do: query
|
||||||
|
|
||||||
defp boost_search_rank_query(query, for_user) do
|
defp boost_search_rank_query(query, for_user) do
|
||||||
|
|
|
@ -139,18 +139,25 @@ test "find only local statuses for unauthenticated users", %{local_activity: loc
|
||||||
assert [^local_activity] = Activity.search(nil, "find me")
|
assert [^local_activity] = Activity.search(nil, "find me")
|
||||||
end
|
end
|
||||||
|
|
||||||
test "find all statuses for unauthenticated users when `limit_unauthenticated_to_local_content` is `false`",
|
test "find only local statuses for unauthenticated users when `limit_to_local_content` is `:all`",
|
||||||
|
%{local_activity: local_activity} do
|
||||||
|
Pleroma.Config.put([:instance, :limit_to_local_content], :all)
|
||||||
|
assert [^local_activity] = Activity.search(nil, "find me")
|
||||||
|
Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "find all statuses for unauthenticated users when `limit_to_local_content` is `false`",
|
||||||
%{
|
%{
|
||||||
local_activity: local_activity,
|
local_activity: local_activity,
|
||||||
remote_activity: remote_activity
|
remote_activity: remote_activity
|
||||||
} do
|
} do
|
||||||
Pleroma.Config.put([:instance, :limit_unauthenticated_to_local_content], false)
|
Pleroma.Config.put([:instance, :limit_to_local_content], false)
|
||||||
|
|
||||||
activities = Enum.sort_by(Activity.search(nil, "find me"), & &1.id)
|
activities = Enum.sort_by(Activity.search(nil, "find me"), & &1.id)
|
||||||
|
|
||||||
assert [^local_activity, ^remote_activity] = activities
|
assert [^local_activity, ^remote_activity] = activities
|
||||||
|
|
||||||
Pleroma.Config.put([:instance, :limit_unauthenticated_to_local_content], true)
|
Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1099,8 +1099,20 @@ test "find only local users for unauthenticated users" do
|
||||||
assert [%{id: ^id}] = User.search("lain")
|
assert [%{id: ^id}] = User.search("lain")
|
||||||
end
|
end
|
||||||
|
|
||||||
test "find all users for unauthenticated users when `limit_unauthenticated_to_local_content` is `false`" do
|
test "find only local users for authenticated users when `limit_to_local_content` is `:all`" do
|
||||||
Pleroma.Config.put([:instance, :limit_unauthenticated_to_local_content], false)
|
Pleroma.Config.put([:instance, :limit_to_local_content], :all)
|
||||||
|
|
||||||
|
%{id: id} = insert(:user, %{name: "lain"})
|
||||||
|
insert(:user, %{name: "ebn", nickname: "lain@mastodon.social", local: false})
|
||||||
|
insert(:user, %{nickname: "lain@pleroma.soykaf.com", local: false})
|
||||||
|
|
||||||
|
assert [%{id: ^id}] = User.search("lain")
|
||||||
|
|
||||||
|
Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
|
||||||
|
end
|
||||||
|
|
||||||
|
test "find all users for unauthenticated users when `limit_to_local_content` is `false`" do
|
||||||
|
Pleroma.Config.put([:instance, :limit_to_local_content], false)
|
||||||
|
|
||||||
u1 = insert(:user, %{name: "lain"})
|
u1 = insert(:user, %{name: "lain"})
|
||||||
u2 = insert(:user, %{name: "ebn", nickname: "lain@mastodon.social", local: false})
|
u2 = insert(:user, %{name: "ebn", nickname: "lain@mastodon.social", local: false})
|
||||||
|
@ -1114,7 +1126,7 @@ test "find all users for unauthenticated users when `limit_unauthenticated_to_lo
|
||||||
|
|
||||||
assert [u1.id, u2.id, u3.id] == results
|
assert [u1.id, u2.id, u3.id] == results
|
||||||
|
|
||||||
Pleroma.Config.put([:instance, :limit_unauthenticated_to_local_content], true)
|
Pleroma.Config.put([:instance, :limit_to_local_content], :unauthenticated)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "finds a user whose name is nil" do
|
test "finds a user whose name is nil" do
|
||||||
|
|
Loading…
Reference in a new issue