Add cloud ip bans to BouncerService

This commit is contained in:
Daniel Supernault 2023-04-20 01:08:54 -06:00
parent d878672368
commit 50ab2e2039
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
10 changed files with 401 additions and 3 deletions

View file

@ -66,6 +66,7 @@ use App\Jobs\VideoPipeline\{
use App\Services\{
AccountService,
BookmarkService,
BouncerService,
CollectionService,
FollowerService,
InstanceService,
@ -130,6 +131,11 @@ class ApiV1Controller extends Controller
if(!$request->user()) {
return response('', 403);
}
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$client = $request->user()->token()->client;
$res = [
'name' => $client->name,
@ -149,6 +155,10 @@ class ApiV1Controller extends Controller
'redirect_uris' => 'required'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$uris = implode(',', explode('\n', $request->redirect_uris));
$client = Passport::client()->forceFill([
@ -191,6 +201,10 @@ class ApiV1Controller extends Controller
abort_if(!$user, 403);
abort_if($user->status != null, 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$res = $request->has(self::PF_API_ENTITY_KEY) ? AccountService::get($user->profile_id) : AccountService::getMastodon($user->profile_id);
$res['source'] = [
@ -213,6 +227,10 @@ class ApiV1Controller extends Controller
*/
public function accountById(Request $request, $id)
{
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$res = $request->has(self::PF_API_ENTITY_KEY) ? AccountService::get($id, true) : AccountService::getMastodon($id, true);
if(!$res) {
return response()->json(['error' => 'Record not found'], 404);
@ -229,6 +247,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'avatar' => 'sometimes|mimetypes:image/jpeg,image/png|max:' . config('pixelfed.max_avatar_size'),
'display_name' => 'nullable|string|max:30',
@ -466,6 +488,11 @@ class ApiV1Controller extends Controller
public function accountFollowersById(Request $request, $id)
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$account = AccountService::get($id);
abort_if(!$account, 404);
$pid = $request->user()->profile_id;
@ -557,6 +584,11 @@ class ApiV1Controller extends Controller
public function accountFollowingById(Request $request, $id)
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$account = AccountService::get($id);
abort_if(!$account, 404);
$pid = $request->user()->profile_id;
@ -647,6 +679,10 @@ class ApiV1Controller extends Controller
*/
public function accountStatusesById(Request $request, $id)
{
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$this->validate($request, [
@ -748,6 +784,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$target = Profile::where('id', '!=', $user->profile_id)
@ -832,6 +872,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$target = Profile::where('id', '!=', $user->profile_id)
@ -900,6 +944,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'id' => 'required|array|min:1|max:20',
'id.*' => 'required|integer|min:1|max:' . PHP_INT_MAX
@ -932,6 +980,10 @@ class ApiV1Controller extends Controller
'resolve' => 'nullable'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$query = $request->input('q');
$limit = $request->input('limit') ?? 20;
@ -971,6 +1023,10 @@ class ApiV1Controller extends Controller
'page' => 'nullable|integer|min:1|max:10'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$limit = $request->input('limit') ?? 40;
@ -1003,6 +1059,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$pid = $user->profile_id ?? $user->profile->id;
@ -1065,6 +1125,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$pid = $user->profile_id ?? $user->profile->id;
@ -1144,6 +1208,10 @@ class ApiV1Controller extends Controller
'limit' => 'sometimes|integer|min:1|max:20'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$maxId = $request->input('max_id');
$minId = $request->input('min_id');
@ -1197,6 +1265,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$status = StatusService::getMastodon($id, false);
@ -1256,6 +1328,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$status = Status::findOrFail($id);
@ -1312,6 +1388,11 @@ class ApiV1Controller extends Controller
$this->validate($request, [
'limit' => 'sometimes|integer|min:1|max:100'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$res = FollowRequest::whereFollowingId($user->profile->id)
@ -1552,6 +1633,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'file.*' => [
'required_without:file',
@ -1685,6 +1770,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'description' => 'nullable|string|max:' . config_cache('pixelfed.max_altext_length')
]);
@ -1735,6 +1824,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$media = Media::whereUserId($user->id)
@ -1756,6 +1849,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'file.*' => [
'required_without:file',
@ -1929,6 +2026,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$pid = $user->profile_id;
@ -1982,6 +2083,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$pid = $user->profile_id;
@ -2018,6 +2123,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'limit' => 'nullable|integer|min:1|max:100',
'min_id' => 'nullable|integer|min:1|max:'.PHP_INT_MAX,
@ -2097,6 +2206,10 @@ class ApiV1Controller extends Controller
'limit' => 'sometimes|integer|min:1|max:100'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$napi = $request->has(self::PF_API_ENTITY_KEY);
$page = $request->input('page');
$min = $request->input('min_id');
@ -2244,6 +2357,10 @@ class ApiV1Controller extends Controller
'local' => 'sometimes'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$napi = $request->has(self::PF_API_ENTITY_KEY);
$min = $request->input('min_id');
$max = $request->input('max_id');
@ -2371,6 +2488,10 @@ class ApiV1Controller extends Controller
'scope' => 'nullable|in:inbox,sent,requests'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$limit = $request->input('limit', 20);
$scope = $request->input('scope', 'inbox');
$pid = $request->user()->profile_id;
@ -2437,6 +2558,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$res = $request->has(self::PF_API_ENTITY_KEY) ? StatusService::get($id, false) : StatusService::getMastodon($id, false);
@ -2473,6 +2598,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$pid = $user->profile_id;
$status = StatusService::getMastodon($id, false);
@ -2558,6 +2687,10 @@ class ApiV1Controller extends Controller
'limit' => 'sometimes|integer|min:1|max:80'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$limit = $request->input('limit', 10);
$user = $request->user();
$pid = $user->profile_id;
@ -2650,6 +2783,10 @@ class ApiV1Controller extends Controller
'limit' => 'nullable|integer|min:1|max:80'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$limit = $request->input('limit', 10);
$user = $request->user();
$pid = $user->profile_id;
@ -2739,6 +2876,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'status' => 'nullable|string',
'in_reply_to_id' => 'nullable',
@ -2937,6 +3078,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$status = Status::whereProfileId($request->user()->profile->id)
->findOrFail($id);
@ -2963,6 +3108,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$status = Status::whereScope('public')->findOrFail($id);
@ -3009,6 +3158,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$user = $request->user();
$status = Status::whereScope('public')->findOrFail($id);
@ -3050,6 +3203,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request,[
'page' => 'nullable|integer|max:40',
'min_id' => 'nullable|integer|min:0|max:' . PHP_INT_MAX,
@ -3112,6 +3269,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'limit' => 'nullable|integer|min:1|max:40',
'max_id' => 'nullable|integer|min:0',
@ -3179,6 +3340,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$status = Status::findOrFail($id);
$pid = $request->user()->profile_id;
@ -3218,6 +3383,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$status = Status::findOrFail($id);
$pid = $request->user()->profile_id;
@ -3249,6 +3418,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'q' => 'required|string|min:1|max:100',
'account_id' => 'nullable|string',
@ -3276,6 +3449,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'limit' => 'integer|min:1|max:40'
]);
@ -3313,6 +3490,10 @@ class ApiV1Controller extends Controller
'sort' => 'in:all,newest,popular'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$limit = $request->input('limit', 3);
$pid = $request->user()->profile_id;
$status = StatusService::getMastodon($id, false);
@ -3404,6 +3585,10 @@ class ApiV1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$status = Status::findOrFail($id);
$pid = $request->user()->profile_id;
abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
@ -3420,6 +3605,11 @@ class ApiV1Controller extends Controller
public function discoverAccountsPopular(Request $request)
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$pid = $request->user()->profile_id;
$ids = Cache::remember('api:v1.1:discover:accounts:popular', 86400, function() {
@ -3467,6 +3657,11 @@ class ApiV1Controller extends Controller
public function getPreferences(Request $request)
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$pid = $request->user()->profile_id;
$account = AccountService::get($pid);
@ -3514,6 +3709,11 @@ class ApiV1Controller extends Controller
public function getMarkers(Request $request)
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$type = $request->input('timeline');
if(is_array($type)) {
$type = $type[0];
@ -3534,6 +3734,11 @@ class ApiV1Controller extends Controller
public function setMarkers(Request $request)
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$pid = $request->user()->profile_id;
$home = $request->input('home.last_read_id');
$notifications = $request->input('notifications.last_read_id');

View file

@ -23,6 +23,7 @@ use App\Services\ProfileStatusService;
use App\Services\PublicTimelineService;
use App\Services\NetworkTimelineService;
use App\Util\Lexer\RestrictedNames;
use App\Services\BouncerService;
use App\Services\EmailService;
use Illuminate\Support\Str;
use Illuminate\Support\Facades\Hash;
@ -65,6 +66,10 @@ class ApiV1Dot1Controller extends Controller
abort_if(!$user, 403);
abort_if($user->status != null, 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$report_type = $request->input('report_type');
$object_id = $request->input('object_id');
$object_type = $request->input('object_type');
@ -168,6 +173,10 @@ class ApiV1Dot1Controller extends Controller
abort_if(!$user, 403);
abort_if($user->status != null, 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$avatar = $user->profile->avatar;
if( $avatar->media_path == 'public/avatars/default.png' ||
@ -204,6 +213,10 @@ class ApiV1Dot1Controller extends Controller
abort_if(!$user, 403);
abort_if($user->status != null, 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$account = AccountService::get($id);
if(!$account || $account['username'] !== $request->input('username')) {
@ -238,6 +251,9 @@ class ApiV1Dot1Controller extends Controller
$user = $request->user();
abort_if(!$user, 403);
abort_if($user->status != null, 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'current_password' => 'bail|required|current_password',
@ -276,6 +292,9 @@ class ApiV1Dot1Controller extends Controller
$user = $request->user();
abort_if(!$user, 403);
abort_if($user->status != null, 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$agent = new Agent();
$currentIp = $request->ip();
@ -314,6 +333,10 @@ class ApiV1Dot1Controller extends Controller
abort_if(!$user, 403);
abort_if($user->status != null, 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$res = [
'active' => (bool) $user->{'2fa_enabled'},
'setup_at' => $user->{'2fa_setup_at'}
@ -331,6 +354,9 @@ class ApiV1Dot1Controller extends Controller
$user = $request->user();
abort_if(!$user, 403);
abort_if($user->status != null, 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$from = config('mail.from.address');
$emailVerifications = EmailVerification::whereUserId($user->id)
@ -404,6 +430,10 @@ class ApiV1Dot1Controller extends Controller
abort_if(!$user, 403);
abort_if($user->status != null, 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$res = $user->tokens->sortByDesc('created_at')->take(10)->map(function($token, $key) use($request) {
return [
'id' => $token->id,
@ -422,7 +452,7 @@ class ApiV1Dot1Controller extends Controller
public function inAppRegistrationPreFlightCheck(Request $request)
{
return [
'open' => config('pixelfed.open_registration'),
'open' => config_cache('pixelfed.open_registration'),
'iara' => config('pixelfed.allow_app_registration')
];
}
@ -430,9 +460,12 @@ class ApiV1Dot1Controller extends Controller
public function inAppRegistration(Request $request)
{
abort_if($request->user(), 404);
abort_unless(config('pixelfed.open_registration'), 404);
abort_unless(config_cache('pixelfed.open_registration'), 404);
abort_unless(config('pixelfed.allow_app_registration'), 404);
abort_unless($request->hasHeader('X-PIXELFED-APP'), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'email' => [
'required',
@ -530,6 +563,9 @@ class ApiV1Dot1Controller extends Controller
'ut' => 'required',
'rt' => 'required'
]);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$ut = $request->input('ut');
$rt = $request->input('rt');
$url = 'pixelfed://confirm-account/'. $ut . '?rt=' . $rt;
@ -539,9 +575,12 @@ class ApiV1Dot1Controller extends Controller
public function inAppRegistrationConfirm(Request $request)
{
abort_if($request->user(), 404);
abort_unless(config('pixelfed.open_registration'), 404);
abort_unless(config_cache('pixelfed.open_registration'), 404);
abort_unless(config('pixelfed.allow_app_registration'), 404);
abort_unless($request->hasHeader('X-PIXELFED-APP'), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'user_token' => 'required',
'random_token' => 'required',
@ -578,6 +617,10 @@ class ApiV1Dot1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$status = Status::whereNull('in_reply_to_id')
->whereNull('reblog_of_id')
->whereProfileId($request->user()->profile_id)
@ -606,6 +649,10 @@ class ApiV1Dot1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$status = Status::whereNull('in_reply_to_id')
->whereNull('reblog_of_id')
->whereProfileId($request->user()->profile_id)
@ -633,6 +680,10 @@ class ApiV1Dot1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$statuses = Status::whereProfileId($request->user()->profile_id)
->whereScope('archived')
->orderByDesc('id')
@ -645,6 +696,10 @@ class ApiV1Dot1Controller extends Controller
{
abort_if(!$request->user(), 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$place = Place::whereSlug($slug)->findOrFail($id);
$posts = Cache::remember('pf-api:v1.1:places-by-id:' . $place->id, 3600, function() use($place) {
@ -680,6 +735,10 @@ class ApiV1Dot1Controller extends Controller
abort_if(!$request->user(), 403);
abort_if($request->user()->is_admin != true, 403);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$this->validate($request, [
'action' => 'required|in:cw,mark-public,mark-unlisted,mark-private,mark-spammer,delete'
]);

View file

@ -4,6 +4,8 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
use App\Services\BouncerService;
use Illuminate\Http\Request;
class ForgotPasswordController extends Controller
{
@ -29,4 +31,33 @@ class ForgotPasswordController extends Controller
{
$this->middleware('guest');
}
/**
* Display the form to request a password reset link.
*
* @return \Illuminate\View\View
*/
public function showLinkRequestForm()
{
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
abort_if(BouncerService::checkIp(request()->ip()), 404);
}
return view('auth.passwords.email');
}
/**
* Validate the email for the given request.
*
* @param \Illuminate\Http\Request $request
* @return void
*/
protected function validateEmail(Request $request)
{
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$request->validate(['email' => 'required|email']);
}
}

View file

@ -6,6 +6,7 @@ use App\AccountLog;
use App\Http\Controllers\Controller;
use App\User;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use App\Services\BouncerService;
class LoginController extends Controller
{
@ -42,6 +43,15 @@ class LoginController extends Controller
$this->middleware('guest')->except('logout');
}
public function showLoginForm()
{
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
abort_if(BouncerService::checkIp(request()->ip()), 404);
}
return view('auth.login');
}
/**
* Validate the user login request.
*
@ -51,6 +61,10 @@ class LoginController extends Controller
*/
public function validateLogin($request)
{
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$rules = [
$this->username() => 'required|email',
'password' => 'required|string|min:6',

View file

@ -12,6 +12,7 @@ use Illuminate\Support\Facades\Validator;
use Illuminate\Auth\Events\Registered;
use Illuminate\Http\Request;
use App\Services\EmailService;
use App\Services\BouncerService;
class RegisterController extends Controller
{
@ -173,6 +174,9 @@ class RegisterController extends Controller
public function showRegistrationForm()
{
if(config_cache('pixelfed.open_registration')) {
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp(request()->ip()), 404);
}
$limit = config('pixelfed.max_users');
if($limit) {
abort_if($limit <= User::count(), 404);
@ -195,6 +199,10 @@ class RegisterController extends Controller
{
abort_if(config_cache('pixelfed.open_registration') == false, 400);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$count = User::count();
$limit = config('pixelfed.max_users');

View file

@ -4,6 +4,9 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Support\Facades\Password;
use Illuminate\Http\Request;
use App\Services\BouncerService;
class ResetPasswordController extends Controller
{
@ -36,4 +39,51 @@ class ResetPasswordController extends Controller
{
$this->middleware('guest');
}
/**
* Display the password reset view for the given token.
*
* If no token is present, display the link request form.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
*/
public function showResetForm(Request $request)
{
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$token = $request->route()->parameter('token');
return view('auth.passwords.reset')->with(
['token' => $token, 'email' => $request->email]
);
}
public function reset(Request $request)
{
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$request->validate($this->rules(), $this->validationErrorMessages());
// Here we will attempt to reset the user's password. If it is successful we
// will update the password on an actual user model and persist it to the
// database. Otherwise we will parse the error and return the response.
$response = $this->broker()->reset(
$this->credentials($request), function ($user, $password) {
$this->resetPassword($user, $password);
}
);
// If the password was successfully reset, we will redirect the user back to
// the application's home authenticated view. If there is an error we can
// redirect them back to where they came from with their error message.
return $response == Password::PASSWORD_RESET
? $this->sendResetResponse($request, $response)
: $this->sendResetFailedResponse($request, $response);
}
}

View file

@ -0,0 +1,20 @@
<?php
namespace App\Services;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Storage;
use Symfony\Component\HttpFoundation\IpUtils;
class BouncerService
{
public static function checkIp($ip)
{
$knownCloudCidrs = Cache::rememberForever('pf:bouncer-service:check-ip:known-cloud-cidrs', function() {
$file = Storage::get('bouncer/all.json');
return json_decode($file, true);
});
return IpUtils::checkIp($ip, $knownCloudCidrs);
}
}

View file

@ -259,6 +259,13 @@ return [
'bouncer' => [
'enabled' => env('PF_BOUNCER_ENABLED', false),
'cloud_ips' => [
'ban_logins' => env('PF_BOUNCER_BAN_CLOUD_LOGINS', true),
'ban_signups' => env('PF_BOUNCER_BAN_CLOUD_SIGNUPS', true),
'ban_api' => env('PF_BOUNCER_BAN_CLOUD_API', true),
'ban_api_strict_mode' => env('PF_BOUNCER_BAN_CLOUD_API_STRICT_MODE', true),
],
],
/*

3
storage/app/bouncer/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
*
!.gitignore
!all.json

File diff suppressed because one or more lines are too long