Add reject pattern to Admin setting

2024-02-16 16:14:23 +09:00 · 2024-02-16 16:14:23 +09:00 · 0cd5faaa9d
commit 0cd5faaa9d
parent c2f59a2848
9 changed files with 275 additions and 2 deletions
--- a/app/controllers/admin/settings/others_controller.rb
+++ b/app/controllers/admin/settings/others_controller.rb
@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Admin::Settings::OthersController < Admin::SettingsController
+  private
+
+  def after_update_redirect_path
+    admin_settings_others_path
+  end
+end
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@ -44,8 +44,12 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
    )
  end

+  def reject_pattern?
+    Setting.reject_pattern.present? && @object['content']&.match?(Setting.reject_pattern)
+  end
+
  def create_status
-    return reject_payload! if unsupported_object_type? || invalid_origin?(object_uri) || tombstone_exists? || !related_to_local_activity?
+    return reject_payload! if unsupported_object_type? || invalid_origin?(object_uri) || tombstone_exists? || !related_to_local_activity? || reject_pattern?

    with_lock("create:#{object_uri}") do
      return if delete_arrived_first?(object_uri) || poll_vote?
--- a/app/models/form/admin_settings.rb
+++ b/app/models/form/admin_settings.rb
@ -33,6 +33,7 @@ class Form::AdminSettings
    content_cache_retention_period
    backups_retention_period
    status_page_url
+    reject_pattern
  ).freeze

  INTEGER_KEYS = %i(
@ -69,6 +70,7 @@ class Form::AdminSettings
  validates :show_domain_blocks_rationale, inclusion: { in: %w(disabled users all) }, if: -> { defined?(@show_domain_blocks_rationale) }
  validates :media_cache_retention_period, :content_cache_retention_period, :backups_retention_period, numericality: { only_integer: true }, allow_blank: true, if: -> { defined?(@media_cache_retention_period) || defined?(@content_cache_retention_period) || defined?(@backups_retention_period) }
  validates :site_short_description, length: { maximum: 200 }, if: -> { defined?(@site_short_description) }
+  validates :reject_pattern, regexp_syntax: true, if: -> { defined?(@reject_pattern) }
  validates :status_page_url, url: true, allow_blank: true
  validate :validate_site_uploads

--- a/app/validators/regexp_syntax_validator.rb
+++ b/app/validators/regexp_syntax_validator.rb
@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class RegexpSyntaxValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    return if value.blank?
+
+    begin
+      Regexp.compile(value)
+    rescue RegexpError => e
+      record.errors.add(attribute, I18n.t('applications.invalid_regexp', message: e.message))
+    end
+  end
+end
--- a/app/views/admin/settings/others/show.html.haml
+++ b/app/views/admin/settings/others/show.html.haml
@ -0,0 +1,19 @@
+- content_for :page_title do
+  = t('admin.settings.others.title')
+
+- content_for :heading do
+  %h2= t('admin.settings.title')
+  = render partial: 'admin/settings/shared/links'
+
+= simple_form_for @admin_settings, url: admin_settings_others_path, html: { method: :patch } do |f|
+  = render 'shared/error_messages', object: @admin_settings
+
+  %p.lead= t('admin.settings.others.preamble')
+
+  %h4= t('admin.settings.others.activitypub')
+
+  .fields-group
+    = f.input :reject_pattern, wrapper: :with_block_label, as: :text, label: t('admin.settings.reject_pattern.title'), hint: t('admin.settings.reject_pattern.desc_html'), input_html: { rows: 8 }
+
+  .actions
+    = f.button :button, t('generic.save_changes'), type: :submit
--- a/app/views/admin/settings/shared/_links.html.haml
+++ b/app/views/admin/settings/shared/_links.html.haml
@ -6,3 +6,4 @@
    - primary.item :discovery, safe_join([fa_icon('search fw'), t('admin.settings.discovery.title')]), admin_settings_discovery_path
    - primary.item :content_retention, safe_join([fa_icon('history fw'), t('admin.settings.content_retention.title')]), admin_settings_content_retention_path
    - primary.item :appearance, safe_join([fa_icon('desktop fw'), t('admin.settings.appearance.title')]), admin_settings_appearance_path
+    - primary.item :others, safe_join([fa_icon('cogs fw'), t('admin.settings.others.title')]), admin_settings_others_path
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -744,6 +744,10 @@ en:
        all: To everyone
        disabled: To no one
        users: To logged-in local users
+      others:
+        activitypub: ActivityPub
+        preamble: Other settings, including customizing behavior
+        title: Other settings
      registrations:
        preamble: Control who can create an account on your server.
        title: Registrations
@ -752,7 +756,15 @@ en:
          approved: Approval required for sign up
          none: Nobody can sign up
          open: Anyone can sign up
-      title: Server Settings
+      reject_pattern:
+        desc_html: Set a regular expression pattern to inspect Create Activity content, and refuse Activity if you match
+        title: Reject Pattern
+      security:
+        authorized_fetch: Require authentication from federated servers
+        authorized_fetch_hint: Requiring authentication from federated servers enables stricter enforcement of both user-level and server-level blocks. However, this comes at the cost of a performance penalty, reduces the reach of your replies, and may introduce compatibility issues with some federated services. In addition, this will not prevent dedicated actors from fetching your public posts and accounts.
+        authorized_fetch_overridden_hint: You are currently unable to change this setting because it is overridden by an environment variable.
+        federation_authentication: Federation authentication enforcement
+      title: Server settings
    site_uploads:
      delete: Delete uploaded file
      destroyed_msg: Site upload successfully deleted!
@ -964,6 +976,11 @@ en:
  applications:
    created: Application successfully created
    destroyed: Application successfully deleted
+<<<<<<< HEAD
+=======
+    invalid_regexp: "The provided Regexp is invalid: %{message}"
+    logout: Logout
+>>>>>>> b663df641... Add reject pattern to Admin setting
    regenerate_token: Regenerate access token
    token_regenerated: Access token successfully regenerated
    warning: Be very careful with this data. Never share it with anyone!
--- a/config/routes/admin.rb
+++ b/config/routes/admin.rb
@ -0,0 +1,207 @@
+# frozen_string_literal: true
+
+namespace :admin do
+  get '/dashboard', to: 'dashboard#index'
+
+  resources :domain_allows, only: [:new, :create, :destroy]
+  resources :domain_blocks, only: [:new, :create, :destroy, :update, :edit] do
+    collection do
+      post :batch
+    end
+  end
+
+  resources :export_domain_allows, only: [:new] do
+    collection do
+      get :export, constraints: { format: :csv }
+      post :import
+    end
+  end
+
+  resources :export_domain_blocks, only: [:new] do
+    collection do
+      get :export, constraints: { format: :csv }
+      post :import
+    end
+  end
+
+  resources :email_domain_blocks, only: [:index, :new, :create] do
+    collection do
+      post :batch
+    end
+  end
+
+  resources :action_logs, only: [:index]
+  resources :warning_presets, except: [:new, :show]
+
+  resources :announcements, except: [:show] do
+    member do
+      post :publish
+      post :unpublish
+    end
+  end
+
+  get '/settings', to: redirect('/admin/settings/branding')
+  get '/settings/edit', to: redirect('/admin/settings/branding')
+
+  namespace :settings do
+    resource :branding, only: [:show, :update], controller: 'branding'
+    resource :registrations, only: [:show, :update], controller: 'registrations'
+    resource :content_retention, only: [:show, :update], controller: 'content_retention'
+    resource :about, only: [:show, :update], controller: 'about'
+    resource :appearance, only: [:show, :update], controller: 'appearance'
+    resource :discovery, only: [:show, :update], controller: 'discovery'
+    resource :others, only: [:show, :update], controller: 'others'
+  end
+
+  resources :site_uploads, only: [:destroy]
+
+  resources :invites, only: [:index, :create, :destroy] do
+    collection do
+      post :deactivate_all
+    end
+  end
+
+  resources :relays, only: [:index, :new, :create, :destroy] do
+    member do
+      post :enable
+      post :disable
+    end
+  end
+
+  resources :instances, only: [:index, :show, :destroy], constraints: { id: %r{[^/]+} }, format: 'html' do
+    member do
+      post :clear_delivery_errors
+      post :restart_delivery
+      post :stop_delivery
+    end
+  end
+
+  resources :rules, only: [:index, :create, :edit, :update, :destroy]
+
+  resources :webhooks do
+    member do
+      post :enable
+      post :disable
+    end
+
+    resource :secret, only: [], controller: 'webhooks/secrets' do
+      post :rotate
+    end
+  end
+
+  resources :reports, only: [:index, :show] do
+    resources :actions, only: [:create], controller: 'reports/actions' do
+      collection do
+        post :preview
+      end
+    end
+
+    member do
+      post :assign_to_self
+      post :unassign
+      post :reopen
+      post :resolve
+    end
+  end
+
+  resources :report_notes, only: [:create, :destroy]
+
+  resources :accounts, only: [:index, :show, :destroy] do
+    member do
+      post :enable
+      post :unsensitive
+      post :unsilence
+      post :unsuspend
+      post :redownload
+      post :remove_avatar
+      post :remove_header
+      post :memorialize
+      post :approve
+      post :reject
+      post :unblock_email
+    end
+
+    collection do
+      post :batch
+    end
+
+    resource :change_email, only: [:show, :update]
+    resource :reset, only: [:create]
+    resource :action, only: [:new, :create], controller: 'account_actions'
+
+    resources :statuses, only: [:index, :show] do
+      collection do
+        post :batch
+      end
+    end
+
+    resources :relationships, only: [:index]
+
+    resource :confirmation, only: [:create] do
+      collection do
+        post :resend
+      end
+    end
+  end
+
+  resources :users, only: [] do
+    resource :two_factor_authentication, only: [:destroy], controller: 'users/two_factor_authentications'
+    resource :role, only: [:show, :update], controller: 'users/roles'
+  end
+
+  resources :custom_emojis, only: [:index, :new, :create] do
+    collection do
+      post :batch
+    end
+  end
+
+  resources :ip_blocks, only: [:index, :new, :create] do
+    collection do
+      post :batch
+    end
+  end
+
+  resources :roles, except: [:show]
+  resources :account_moderation_notes, only: [:create, :destroy]
+  resource :follow_recommendations, only: [:show, :update]
+  resources :tags, only: [:show, :update]
+
+  namespace :trends do
+    resources :links, only: [:index] do
+      collection do
+        post :batch
+      end
+    end
+
+    resources :tags, only: [:index] do
+      collection do
+        post :batch
+      end
+    end
+
+    resources :statuses, only: [:index] do
+      collection do
+        post :batch
+      end
+    end
+
+    namespace :links do
+      resources :preview_card_providers, only: [:index], path: :publishers do
+        collection do
+          post :batch
+        end
+      end
+    end
+  end
+
+  namespace :disputes do
+    resources :appeals, only: [:index] do
+      member do
+        post :approve
+        post :reject
+      end
+    end
+  end
+
+  resources :software_updates, only: [:index]
+end
--- a/config/settings.yml
+++ b/config/settings.yml
@ -72,6 +72,7 @@ defaults: &defaults
  show_domain_blocks_rationale: 'disabled'
  require_invite_text: false
  backups_retention_period: 7
+  reject_pattern: ''

 development:
  <<: *defaults