diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index b9f78feb141618..ec4495acd8523b 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -14,6 +14,8 @@ def perform else create_status end + rescue Mastodon::RejectPayload + reject_payload! end private @@ -79,6 +81,9 @@ def process_status @params = {} process_status_params + + raise Mastodon::RejectPayload if MediaAttachment.where(id: @params[:media_attachment_ids]).where(blurhash: Setting.reject_blurhash.split(/\r\n/).filter(&:present?).uniq).present? + process_tags process_audience diff --git a/app/models/form/admin_settings.rb b/app/models/form/admin_settings.rb index 69907d7fe2fd0f..b0e626f8dc6bc0 100644 --- a/app/models/form/admin_settings.rb +++ b/app/models/form/admin_settings.rb @@ -38,6 +38,7 @@ class Form::AdminSettings captcha_enabled authorized_fetch reject_pattern + reject_blurhash ).freeze INTEGER_KEYS = %i( diff --git a/app/views/admin/settings/others/show.html.haml b/app/views/admin/settings/others/show.html.haml index 06dcf2bf8b0098..8d0a2b1acf15c6 100644 --- a/app/views/admin/settings/others/show.html.haml +++ b/app/views/admin/settings/others/show.html.haml @@ -15,5 +15,8 @@ .fields-group = f.input :reject_pattern, wrapper: :with_block_label, as: :text, label: t('admin.settings.reject_pattern.title'), hint: t('admin.settings.reject_pattern.desc_html'), input_html: { rows: 8 } + .fields-group + = f.input :reject_blurhash, wrapper: :with_block_label, as: :text, label: t('admin.settings.reject_blurhash.title'), hint: t('admin.settings.reject_blurhash.desc_html'), input_html: { rows: 8 } + .actions = f.button :button, t('generic.save_changes'), type: :submit diff --git a/config/locales/en.yml b/config/locales/en.yml index 0d6ae47c11f1f5..bd4d8a7f3a3ba3 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -780,6 +780,9 @@ en: none: Nobody can sign up open: Anyone can sign up warning_hint: We recommend using “Approval required for sign up” unless you are confident your moderation team can handle spam and malicious registrations in a timely fashion. + reject_blurhash: + desc_html: Set a blurhashes to inspect Create Activity media attachments, and refuse Activity if you match + title: Reject blurhash reject_pattern: desc_html: Set a regular expression pattern to inspect Create Activity content, and refuse Activity if you match title: Reject Pattern diff --git a/config/locales/ja.yml b/config/locales/ja.yml index 1bbda050bbb62d..88eb0c17806fdf 100644 --- a/config/locales/ja.yml +++ b/config/locales/ja.yml @@ -762,6 +762,12 @@ ja: none: 誰にも許可しない open: 誰でも登録可 warning_hint: モデレーションチームがスパムや悪意のある登録を迅速に処理できる自信がない限り、サインアップを承認制にすることをお勧めします。 + reject_blurhash: + desc_html: Create Activityの添付画像を検査するblurhashを設定し、一致する場合はActivityを拒否します + title: 拒否画像ハッシュ + reject_pattern: + desc_html: Create Activityのcontentを検査する正規表現パターンを設定し、一致する場合はActivityを拒否します + title: 拒否パターン security: authorized_fetch: 連合サーバーによる署名なしでの情報取得を拒否する authorized_fetch_hint: ほかの連合サーバーから受け付けるリクエストに署名を必須にすることで、ユーザーによるブロックおよびドメインブロック両方の効果をより強力にします。ただし連合の処理コストが増えてパフォーマンス面で不利になるほか、このサーバーから送られた反応が届く範囲が狭まったり、連合における互換性の問題を招く可能性もあります。また、この機能は公開投稿やプロフィールへのアクセスをブロックした相手から完全に遮断できるものではありません。 diff --git a/config/settings.yml b/config/settings.yml index 3691d9035a83e8..e574090cd9ea54 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -39,6 +39,7 @@ defaults: &defaults backups_retention_period: 7 captcha_enabled: false reject_pattern: '' + reject_blurhash: '' development: <<: *defaults diff --git a/lib/exceptions.rb b/lib/exceptions.rb index d3b92f4a09300f..029235560b0630 100644 --- a/lib/exceptions.rb +++ b/lib/exceptions.rb @@ -8,6 +8,7 @@ class HostValidationError < ValidationError; end class LengthValidationError < ValidationError; end class DimensionsValidationError < ValidationError; end class StreamValidationError < ValidationError; end + class RejectPayload < ValidationError; end class RaceConditionError < Error; end class RateLimitExceededError < Error; end class SyntaxError < Error; end