From f0adbaab721528920444b66e97ba4c743fcbaa69 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Fri, 20 Sep 2024 10:21:38 -0400 Subject: [PATCH] Adding local site settings to reject federated upvotes or downvotes. - Should help defend against downvote spamming instances. - Fixes #4086 --- crates/api_common/src/site.rs | 10 +++++++-- crates/api_crud/src/site/create.rs | 2 ++ crates/api_crud/src/site/update.rs | 2 ++ crates/apub/src/activities/voting/vote.rs | 21 ++++++++++++++----- crates/db_schema/src/schema.rs | 2 ++ crates/db_schema/src/source/local_site.rs | 16 +++++++++++--- .../down.sql | 4 ++++ .../up.sql | 4 ++++ 8 files changed, 51 insertions(+), 10 deletions(-) create mode 100644 migrations/2024-09-20-134838_add_federation_vote_rejection/down.sql create mode 100644 migrations/2024-09-20-134838_add_federation_vote_rejection/up.sql diff --git a/crates/api_common/src/site.rs b/crates/api_common/src/site.rs index a4f4ea71e0..528a82bfe3 100644 --- a/crates/api_common/src/site.rs +++ b/crates/api_common/src/site.rs @@ -204,6 +204,8 @@ pub struct CreateSite { pub registration_mode: Option, pub oauth_registration: Option, pub content_warning: Option, + pub reject_federated_upvotes: Option, + pub reject_federated_downvotes: Option, } #[skip_serializing_none] @@ -287,13 +289,17 @@ pub struct EditSite { /// A list of blocked URLs pub blocked_urls: Option>, pub registration_mode: Option, - /// Whether or not external auth methods can auto-register users. - pub oauth_registration: Option, /// Whether to email admins for new reports. pub reports_email_admins: Option, /// If present, nsfw content is visible by default. Should be displayed by frontends/clients /// when the site is first opened by a user. pub content_warning: Option, + /// Whether or not external auth methods can auto-register users. + pub oauth_registration: Option, + /// If enabled, your site rejects federated upvotes. + pub reject_federated_upvotes: Option, + /// If enabled, your site rejects federated downvotes. + pub reject_federated_downvotes: Option, } #[derive(Debug, Serialize, Deserialize, Clone)] diff --git a/crates/api_crud/src/site/create.rs b/crates/api_crud/src/site/create.rs index fa630b2f15..20c26476dc 100644 --- a/crates/api_crud/src/site/create.rs +++ b/crates/api_crud/src/site/create.rs @@ -110,6 +110,8 @@ pub async fn create_site( captcha_enabled: data.captcha_enabled, captcha_difficulty: data.captcha_difficulty.clone(), default_post_listing_mode: data.default_post_listing_mode, + reject_federated_upvotes: data.reject_federated_upvotes, + reject_federated_downvotes: data.reject_federated_downvotes, ..Default::default() }; diff --git a/crates/api_crud/src/site/update.rs b/crates/api_crud/src/site/update.rs index daa0bc49e1..79930513d3 100644 --- a/crates/api_crud/src/site/update.rs +++ b/crates/api_crud/src/site/update.rs @@ -121,6 +121,8 @@ pub async fn update_site( reports_email_admins: data.reports_email_admins, default_post_listing_mode: data.default_post_listing_mode, oauth_registration: data.oauth_registration, + reject_federated_upvotes: data.reject_federated_upvotes, + reject_federated_downvotes: data.reject_federated_downvotes, ..Default::default() }; diff --git a/crates/apub/src/activities/voting/vote.rs b/crates/apub/src/activities/voting/vote.rs index 324c8b3007..081cea9626 100644 --- a/crates/apub/src/activities/voting/vote.rs +++ b/crates/apub/src/activities/voting/vote.rs @@ -68,12 +68,23 @@ impl ActivityHandler for Vote { check_bot_account(&actor.0)?; - let enable_downvotes = LocalSite::read(&mut context.pool()) - .await - .map(|l| l.enable_downvotes) + // Check for enabled federation votes + let local_site = LocalSite::read(&mut context.pool()).await; + let enable_federated_downvotes = local_site + .as_ref() + .map(|l| l.enable_downvotes && !l.reject_federated_downvotes) .unwrap_or(true); - if self.kind == VoteType::Dislike && !enable_downvotes { - // If this is a downvote but downvotes are ignored, only undo any existing vote + + let enable_federated_upvotes = local_site + .as_ref() + .map(|l| !l.reject_federated_upvotes) + .unwrap_or(true); + + let reject_vote_check = (self.kind == VoteType::Dislike && !enable_federated_downvotes) + || (self.kind == VoteType::Like && !enable_federated_upvotes); + + if reject_vote_check { + // If this is a rejection, undo the vote match object { PostOrComment::Post(p) => undo_vote_post(actor, &p, context).await, PostOrComment::Comment(c) => undo_vote_comment(actor, &c, context).await, diff --git a/crates/db_schema/src/schema.rs b/crates/db_schema/src/schema.rs index 289032e008..e1e0c2a551 100644 --- a/crates/db_schema/src/schema.rs +++ b/crates/db_schema/src/schema.rs @@ -398,6 +398,8 @@ diesel::table! { default_post_sort_type -> PostSortTypeEnum, default_comment_sort_type -> CommentSortTypeEnum, oauth_registration -> Bool, + reject_federated_upvotes -> Bool, + reject_federated_downvotes -> Bool, } } diff --git a/crates/db_schema/src/source/local_site.rs b/crates/db_schema/src/source/local_site.rs index 5131ce7ac2..9008ea7d36 100644 --- a/crates/db_schema/src/source/local_site.rs +++ b/crates/db_schema/src/source/local_site.rs @@ -72,6 +72,10 @@ pub struct LocalSite { pub default_comment_sort_type: CommentSortType, /// Whether or not external auth methods can auto-register users. pub oauth_registration: bool, + /// If enabled, your site rejects federated upvotes. + pub reject_federated_upvotes: bool, + /// If enabled, your site rejects federated downvotes. + pub reject_federated_downvotes: bool, } #[derive(Clone, derive_new::new)] @@ -114,8 +118,6 @@ pub struct LocalSiteInsertForm { #[new(default)] pub registration_mode: Option, #[new(default)] - pub oauth_registration: Option, - #[new(default)] pub reports_email_admins: Option, #[new(default)] pub federation_signed_fetch: Option, @@ -125,6 +127,12 @@ pub struct LocalSiteInsertForm { pub default_post_sort_type: Option, #[new(default)] pub default_comment_sort_type: Option, + #[new(default)] + pub oauth_registration: Option, + #[new(default)] + pub reject_federated_upvotes: Option, + #[new(default)] + pub reject_federated_downvotes: Option, } #[derive(Clone, Default)] @@ -148,11 +156,13 @@ pub struct LocalSiteUpdateForm { pub captcha_enabled: Option, pub captcha_difficulty: Option, pub registration_mode: Option, - pub oauth_registration: Option, pub reports_email_admins: Option, pub updated: Option>>, pub federation_signed_fetch: Option, pub default_post_listing_mode: Option, pub default_post_sort_type: Option, pub default_comment_sort_type: Option, + pub oauth_registration: Option, + pub reject_federated_upvotes: Option, + pub reject_federated_downvotes: Option, } diff --git a/migrations/2024-09-20-134838_add_federation_vote_rejection/down.sql b/migrations/2024-09-20-134838_add_federation_vote_rejection/down.sql new file mode 100644 index 0000000000..27ce04d693 --- /dev/null +++ b/migrations/2024-09-20-134838_add_federation_vote_rejection/down.sql @@ -0,0 +1,4 @@ +ALTER TABLE local_site + DROP COLUMN reject_federated_upvotes, + DROP COLUMN reject_federated_downvotes; + diff --git a/migrations/2024-09-20-134838_add_federation_vote_rejection/up.sql b/migrations/2024-09-20-134838_add_federation_vote_rejection/up.sql new file mode 100644 index 0000000000..13bc1f5828 --- /dev/null +++ b/migrations/2024-09-20-134838_add_federation_vote_rejection/up.sql @@ -0,0 +1,4 @@ +ALTER TABLE local_site + ADD COLUMN reject_federated_upvotes boolean DEFAULT FALSE NOT NULL, + ADD COLUMN reject_federated_downvotes boolean DEFAULT FALSE NOT NULL; +