From a5e98083f253c268bb1468bfaf358038e0e60147 Mon Sep 17 00:00:00 2001 From: floatingghost Date: Thu, 29 Dec 2022 20:56:06 +0000 Subject: [PATCH] Add link verification in profile fields (#405) Co-authored-by: FloatingGhost Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/405 --- CHANGELOG.md | 2 + lib/pleroma/application.ex | 3 +- lib/pleroma/user.ex | 84 +++++++++++++++++-- lib/pleroma/web/rel_me.ex | 3 +- .../mastodon_api/update_credentials_test.exs | 63 ++++++++++++++ 5 files changed, 144 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d556b39c3..ea6a25e4b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Prometheus metrics exporting from `/api/v1/akkoma/metrics` - Ability to alter http pool size - Translation of statuses via ArgosTranslate +- Ability to "verify" links in profile fields via rel=me +- Mix tasks to dump/load config to/from json for bulk editing ### Removed - Non-finch HTTP adapters diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index 26b500dc8..0273972be 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -159,7 +159,8 @@ defp cachex_children do build_cachex("banned_urls", default_ttl: :timer.hours(24 * 30), limit: 5_000), build_cachex("translations", default_ttl: :timer.hours(24 * 30), limit: 2500), build_cachex("instances", default_ttl: :timer.hours(24), ttl_interval: 1000, limit: 2500), - build_cachex("request_signatures", default_ttl: :timer.hours(24 * 30), limit: 3000) + build_cachex("request_signatures", default_ttl: :timer.hours(24 * 30), limit: 3000), + build_cachex("rel_me", default_ttl: :timer.hours(24 * 30), limit: 300) ] end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index d7c1511ce..2d4bd097d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -479,7 +479,7 @@ def remote_user_changeset(struct \\ %User{local: false}, params) do |> validate_format(:nickname, @email_regex) |> validate_length(:bio, max: bio_limit) |> validate_length(:name, max: name_limit) - |> validate_fields(true) + |> validate_fields(true, struct) |> validate_non_local() end @@ -549,7 +549,7 @@ def update_changeset(struct, params \\ %{}) do :pleroma_settings_store, &{:ok, Map.merge(struct.pleroma_settings_store, &1)} ) - |> validate_fields(false) + |> validate_fields(false, struct) end defp put_fields(changeset) do @@ -2359,7 +2359,8 @@ def update_background(user, background) do |> update_and_set_cache() end - def validate_fields(changeset, remote? \\ false) do + @spec validate_fields(Ecto.Changeset.t(), Boolean.t(), User.t()) :: Ecto.Changeset.t() + def validate_fields(changeset, remote? \\ false, struct) do limit_name = if remote?, do: :max_remote_account_fields, else: :max_account_fields limit = Config.get([:instance, limit_name], 0) @@ -2372,6 +2373,7 @@ def validate_fields(changeset, remote? \\ false) do [fields: "invalid"] end end) + |> maybe_validate_rel_me_field(struct) end defp valid_field?(%{"name" => name, "value" => value}) do @@ -2384,6 +2386,75 @@ defp valid_field?(%{"name" => name, "value" => value}) do defp valid_field?(_), do: false + defp is_url(nil), do: nil + + defp is_url(uri) do + case URI.parse(uri) do + %URI{host: nil} -> false + %URI{scheme: nil} -> false + _ -> true + end + end + + @spec maybe_validate_rel_me_field(Changeset.t(), User.t()) :: Changeset.t() + defp maybe_validate_rel_me_field(changeset, %User{ap_id: _ap_id} = struct) do + fields = get_change(changeset, :fields) + raw_fields = get_change(changeset, :raw_fields) + + if is_nil(fields) do + changeset + else + validate_rel_me_field(changeset, fields, raw_fields, struct) + end + end + + defp maybe_validate_rel_me_field(changeset, _), do: changeset + + @spec validate_rel_me_field(Changeset.t(), [Map.t()], [Map.t()], User.t()) :: Changeset.t() + defp validate_rel_me_field(changeset, fields, raw_fields, %User{ + nickname: nickname, + ap_id: ap_id + }) do + fields = + fields + |> Enum.with_index() + |> Enum.map(fn {%{"name" => name, "value" => value}, index} -> + raw_value = + if is_nil(raw_fields) do + nil + else + Enum.at(raw_fields, index)["value"] + end + + if is_url(raw_value) do + frontend_url = + Pleroma.Web.Router.Helpers.redirect_url( + Pleroma.Web.Endpoint, + :redirector_with_meta, + nickname + ) + + possible_urls = [ap_id, frontend_url] + + with "me" <- RelMe.maybe_put_rel_me(raw_value, possible_urls) do + %{ + "name" => name, + "value" => value, + "verified_at" => DateTime.to_iso8601(DateTime.utc_now()) + } + else + e -> + Logger.error("Could not check for rel=me, #{inspect(e)}") + %{"name" => name, "value" => value} + end + else + %{"name" => name, "value" => value} + end + end) + + put_change(changeset, :fields, fields) + end + defp truncate_field(%{"name" => name, "value" => value}) do {name, _chopped} = String.split_at(name, Config.get([:instance, :account_field_name_length], 255)) @@ -2551,11 +2622,8 @@ def sanitize_html(%User{} = user) do # - display name def sanitize_html(%User{} = user, filter) do fields = - Enum.map(user.fields, fn %{"name" => name, "value" => value} -> - %{ - "name" => name, - "value" => HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly) - } + Enum.map(user.fields, fn %{"value" => value} = field -> + Map.put(field, "value", HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly)) end) user diff --git a/lib/pleroma/web/rel_me.ex b/lib/pleroma/web/rel_me.ex index 1826031dd..3a1812f7a 100644 --- a/lib/pleroma/web/rel_me.ex +++ b/lib/pleroma/web/rel_me.ex @@ -38,12 +38,11 @@ defp parse_url(url) do def maybe_put_rel_me("http" <> _ = target_page, profile_urls) when is_list(profile_urls) do {:ok, rel_me_hrefs} = parse(target_page) - true = Enum.any?(rel_me_hrefs, fn x -> x in profile_urls end) "me" rescue - _ -> nil + e -> nil end def maybe_put_rel_me(_, _) do diff --git a/test/pleroma/web/mastodon_api/update_credentials_test.exs b/test/pleroma/web/mastodon_api/update_credentials_test.exs index 2ba909dad..e9b8825bf 100644 --- a/test/pleroma/web/mastodon_api/update_credentials_test.exs +++ b/test/pleroma/web/mastodon_api/update_credentials_test.exs @@ -465,6 +465,69 @@ test "update fields", %{conn: conn} do ] end + test "update fields with a link to content with rel=me, with ap id", %{user: user, conn: conn} do + Tesla.Mock.mock(fn + %{url: "http://example.com/rel_me/ap_id"} -> + %Tesla.Env{ + status: 200, + body: ~s[] + } + end) + + field = %{name: "Website", value: "http://example.com/rel_me/ap_id"} + + account_data = + conn + |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: [field]}) + |> json_response_and_validate_schema(200) + + assert [ + %{ + "name" => "Website", + "value" => + ~s[http://example.com/rel_me/ap_id], + "verified_at" => verified_at + } + ] = account_data["fields"] + + {:ok, verified_at, _} = DateTime.from_iso8601(verified_at) + assert DateTime.diff(DateTime.utc_now(), verified_at) < 10 + end + + test "update fields with a link to content with rel=me, with frontend path", %{ + user: user, + conn: conn + } do + fe_url = "#{Pleroma.Web.Endpoint.url()}/#{user.nickname}" + + Tesla.Mock.mock(fn + %{url: "http://example.com/rel_me/fe_path"} -> + %Tesla.Env{ + status: 200, + body: ~s[] + } + end) + + field = %{name: "Website", value: "http://example.com/rel_me/fe_path"} + + account_data = + conn + |> patch("/api/v1/accounts/update_credentials", %{fields_attributes: [field]}) + |> json_response_and_validate_schema(200) + + assert [ + %{ + "name" => "Website", + "value" => + ~s[http://example.com/rel_me/fe_path], + "verified_at" => verified_at + } + ] = account_data["fields"] + + {:ok, verified_at, _} = DateTime.from_iso8601(verified_at) + assert DateTime.diff(DateTime.utc_now(), verified_at) < 10 + end + test "emojis in fields labels", %{conn: conn} do fields = [ %{name: ":firefox:", value: "is best 2hu"},