diff --git a/app/controllers/admin/settings/others_controller.rb b/app/controllers/admin/settings/others_controller.rb new file mode 100644 index 000000000..113d0c84f --- /dev/null +++ b/app/controllers/admin/settings/others_controller.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class Admin::Settings::OthersController < Admin::SettingsController + private + + def after_update_redirect_path + admin_settings_others_path + end +end diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index cf054a4fe..ae43268b2 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -44,8 +44,12 @@ class ActivityPub::Activity::Create < ActivityPub::Activity ) end + def reject_pattern? + Setting.reject_pattern.present? && @object['content']&.match?(Setting.reject_pattern) + end + def create_status - return reject_payload! if unsupported_object_type? || invalid_origin?(object_uri) || tombstone_exists? || !related_to_local_activity? + return reject_payload! if unsupported_object_type? || invalid_origin?(object_uri) || tombstone_exists? || !related_to_local_activity? || reject_pattern? with_lock("create:#{object_uri}") do return if delete_arrived_first?(object_uri) || poll_vote? diff --git a/app/models/form/admin_settings.rb b/app/models/form/admin_settings.rb index 070478e8e..5ee71240f 100644 --- a/app/models/form/admin_settings.rb +++ b/app/models/form/admin_settings.rb @@ -33,6 +33,7 @@ class Form::AdminSettings content_cache_retention_period backups_retention_period status_page_url + reject_pattern ).freeze INTEGER_KEYS = %i( @@ -69,6 +70,7 @@ class Form::AdminSettings validates :show_domain_blocks_rationale, inclusion: { in: %w(disabled users all) }, if: -> { defined?(@show_domain_blocks_rationale) } validates :media_cache_retention_period, :content_cache_retention_period, :backups_retention_period, numericality: { only_integer: true }, allow_blank: true, if: -> { defined?(@media_cache_retention_period) || defined?(@content_cache_retention_period) || defined?(@backups_retention_period) } validates :site_short_description, length: { maximum: 200 }, if: -> { defined?(@site_short_description) } + validates :reject_pattern, regexp_syntax: true, if: -> { defined?(@reject_pattern) } validates :status_page_url, url: true, allow_blank: true validate :validate_site_uploads diff --git a/app/validators/regexp_syntax_validator.rb b/app/validators/regexp_syntax_validator.rb new file mode 100644 index 000000000..57ecf882c --- /dev/null +++ b/app/validators/regexp_syntax_validator.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class RegexpSyntaxValidator < ActiveModel::EachValidator + def validate_each(record, attribute, value) + return if value.blank? + + begin + Regexp.compile(value) + rescue RegexpError => e + record.errors.add(attribute, I18n.t('applications.invalid_regexp', message: e.message)) + end + end +end diff --git a/app/views/admin/settings/others/show.html.haml b/app/views/admin/settings/others/show.html.haml new file mode 100644 index 000000000..06dcf2bf8 --- /dev/null +++ b/app/views/admin/settings/others/show.html.haml @@ -0,0 +1,19 @@ +- content_for :page_title do + = t('admin.settings.others.title') + +- content_for :heading do + %h2= t('admin.settings.title') + = render partial: 'admin/settings/shared/links' + += simple_form_for @admin_settings, url: admin_settings_others_path, html: { method: :patch } do |f| + = render 'shared/error_messages', object: @admin_settings + + %p.lead= t('admin.settings.others.preamble') + + %h4= t('admin.settings.others.activitypub') + + .fields-group + = f.input :reject_pattern, wrapper: :with_block_label, as: :text, label: t('admin.settings.reject_pattern.title'), hint: t('admin.settings.reject_pattern.desc_html'), input_html: { rows: 8 } + + .actions + = f.button :button, t('generic.save_changes'), type: :submit diff --git a/app/views/admin/settings/shared/_links.html.haml b/app/views/admin/settings/shared/_links.html.haml index 1294c26ce..4a8a5100c 100644 --- a/app/views/admin/settings/shared/_links.html.haml +++ b/app/views/admin/settings/shared/_links.html.haml @@ -6,3 +6,4 @@ - primary.item :discovery, safe_join([fa_icon('search fw'), t('admin.settings.discovery.title')]), admin_settings_discovery_path - primary.item :content_retention, safe_join([fa_icon('history fw'), t('admin.settings.content_retention.title')]), admin_settings_content_retention_path - primary.item :appearance, safe_join([fa_icon('desktop fw'), t('admin.settings.appearance.title')]), admin_settings_appearance_path + - primary.item :others, safe_join([fa_icon('cogs fw'), t('admin.settings.others.title')]), admin_settings_others_path diff --git a/config/locales/en.yml b/config/locales/en.yml index 8aab40333..f7951b4de 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -744,6 +744,10 @@ en: all: To everyone disabled: To no one users: To logged-in local users + others: + activitypub: ActivityPub + preamble: Other settings, including customizing behavior + title: Other settings registrations: preamble: Control who can create an account on your server. title: Registrations @@ -752,7 +756,15 @@ en: approved: Approval required for sign up none: Nobody can sign up open: Anyone can sign up - title: Server Settings + reject_pattern: + desc_html: Set a regular expression pattern to inspect Create Activity content, and refuse Activity if you match + title: Reject Pattern + security: + authorized_fetch: Require authentication from federated servers + authorized_fetch_hint: Requiring authentication from federated servers enables stricter enforcement of both user-level and server-level blocks. However, this comes at the cost of a performance penalty, reduces the reach of your replies, and may introduce compatibility issues with some federated services. In addition, this will not prevent dedicated actors from fetching your public posts and accounts. + authorized_fetch_overridden_hint: You are currently unable to change this setting because it is overridden by an environment variable. + federation_authentication: Federation authentication enforcement + title: Server settings site_uploads: delete: Delete uploaded file destroyed_msg: Site upload successfully deleted! @@ -964,6 +976,11 @@ en: applications: created: Application successfully created destroyed: Application successfully deleted +<<<<<<< HEAD +======= + invalid_regexp: "The provided Regexp is invalid: %{message}" + logout: Logout +>>>>>>> b663df641... Add reject pattern to Admin setting regenerate_token: Regenerate access token token_regenerated: Access token successfully regenerated warning: Be very careful with this data. Never share it with anyone! diff --git a/config/routes/admin.rb b/config/routes/admin.rb new file mode 100644 index 000000000..6b1f0e1a1 --- /dev/null +++ b/config/routes/admin.rb @@ -0,0 +1,207 @@ +# frozen_string_literal: true + +namespace :admin do + get '/dashboard', to: 'dashboard#index' + + resources :domain_allows, only: [:new, :create, :destroy] + resources :domain_blocks, only: [:new, :create, :destroy, :update, :edit] do + collection do + post :batch + end + end + + resources :export_domain_allows, only: [:new] do + collection do + get :export, constraints: { format: :csv } + post :import + end + end + + resources :export_domain_blocks, only: [:new] do + collection do + get :export, constraints: { format: :csv } + post :import + end + end + + resources :email_domain_blocks, only: [:index, :new, :create] do + collection do + post :batch + end + end + + resources :action_logs, only: [:index] + resources :warning_presets, except: [:new, :show] + + resources :announcements, except: [:show] do + member do + post :publish + post :unpublish + end + end + + get '/settings', to: redirect('/admin/settings/branding') + get '/settings/edit', to: redirect('/admin/settings/branding') + + namespace :settings do + resource :branding, only: [:show, :update], controller: 'branding' + resource :registrations, only: [:show, :update], controller: 'registrations' + resource :content_retention, only: [:show, :update], controller: 'content_retention' + resource :about, only: [:show, :update], controller: 'about' + resource :appearance, only: [:show, :update], controller: 'appearance' + resource :discovery, only: [:show, :update], controller: 'discovery' + resource :others, only: [:show, :update], controller: 'others' + end + + resources :site_uploads, only: [:destroy] + + resources :invites, only: [:index, :create, :destroy] do + collection do + post :deactivate_all + end + end + + resources :relays, only: [:index, :new, :create, :destroy] do + member do + post :enable + post :disable + end + end + + resources :instances, only: [:index, :show, :destroy], constraints: { id: %r{[^/]+} }, format: 'html' do + member do + post :clear_delivery_errors + post :restart_delivery + post :stop_delivery + end + end + + resources :rules, only: [:index, :create, :edit, :update, :destroy] + + resources :webhooks do + member do + post :enable + post :disable + end + + resource :secret, only: [], controller: 'webhooks/secrets' do + post :rotate + end + end + + resources :reports, only: [:index, :show] do + resources :actions, only: [:create], controller: 'reports/actions' do + collection do + post :preview + end + end + + member do + post :assign_to_self + post :unassign + post :reopen + post :resolve + end + end + + resources :report_notes, only: [:create, :destroy] + + resources :accounts, only: [:index, :show, :destroy] do + member do + post :enable + post :unsensitive + post :unsilence + post :unsuspend + post :redownload + post :remove_avatar + post :remove_header + post :memorialize + post :approve + post :reject + post :unblock_email + end + + collection do + post :batch + end + + resource :change_email, only: [:show, :update] + resource :reset, only: [:create] + resource :action, only: [:new, :create], controller: 'account_actions' + + resources :statuses, only: [:index, :show] do + collection do + post :batch + end + end + + resources :relationships, only: [:index] + + resource :confirmation, only: [:create] do + collection do + post :resend + end + end + end + + resources :users, only: [] do + resource :two_factor_authentication, only: [:destroy], controller: 'users/two_factor_authentications' + resource :role, only: [:show, :update], controller: 'users/roles' + end + + resources :custom_emojis, only: [:index, :new, :create] do + collection do + post :batch + end + end + + resources :ip_blocks, only: [:index, :new, :create] do + collection do + post :batch + end + end + + resources :roles, except: [:show] + resources :account_moderation_notes, only: [:create, :destroy] + resource :follow_recommendations, only: [:show, :update] + resources :tags, only: [:show, :update] + + namespace :trends do + resources :links, only: [:index] do + collection do + post :batch + end + end + + resources :tags, only: [:index] do + collection do + post :batch + end + end + + resources :statuses, only: [:index] do + collection do + post :batch + end + end + + namespace :links do + resources :preview_card_providers, only: [:index], path: :publishers do + collection do + post :batch + end + end + end + end + + namespace :disputes do + resources :appeals, only: [:index] do + member do + post :approve + post :reject + end + end + end + + resources :software_updates, only: [:index] +end diff --git a/config/settings.yml b/config/settings.yml index 5976685d7..76f85a23c 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -72,6 +72,7 @@ defaults: &defaults show_domain_blocks_rationale: 'disabled' require_invite_text: false backups_retention_period: 7 + reject_pattern: '' development: <<: *defaults