mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-09 16:24:51 +00:00
Add cloud ip bans to BouncerService
This commit is contained in:
parent
d878672368
commit
50ab2e2039
10 changed files with 401 additions and 3 deletions
|
@ -66,6 +66,7 @@ use App\Jobs\VideoPipeline\{
|
|||
use App\Services\{
|
||||
AccountService,
|
||||
BookmarkService,
|
||||
BouncerService,
|
||||
CollectionService,
|
||||
FollowerService,
|
||||
InstanceService,
|
||||
|
@ -130,6 +131,11 @@ class ApiV1Controller extends Controller
|
|||
if(!$request->user()) {
|
||||
return response('', 403);
|
||||
}
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$client = $request->user()->token()->client;
|
||||
$res = [
|
||||
'name' => $client->name,
|
||||
|
@ -149,6 +155,10 @@ class ApiV1Controller extends Controller
|
|||
'redirect_uris' => 'required'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$uris = implode(',', explode('\n', $request->redirect_uris));
|
||||
|
||||
$client = Passport::client()->forceFill([
|
||||
|
@ -191,6 +201,10 @@ class ApiV1Controller extends Controller
|
|||
abort_if(!$user, 403);
|
||||
abort_if($user->status != null, 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$res = $request->has(self::PF_API_ENTITY_KEY) ? AccountService::get($user->profile_id) : AccountService::getMastodon($user->profile_id);
|
||||
|
||||
$res['source'] = [
|
||||
|
@ -213,6 +227,10 @@ class ApiV1Controller extends Controller
|
|||
*/
|
||||
public function accountById(Request $request, $id)
|
||||
{
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$res = $request->has(self::PF_API_ENTITY_KEY) ? AccountService::get($id, true) : AccountService::getMastodon($id, true);
|
||||
if(!$res) {
|
||||
return response()->json(['error' => 'Record not found'], 404);
|
||||
|
@ -229,6 +247,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'avatar' => 'sometimes|mimetypes:image/jpeg,image/png|max:' . config('pixelfed.max_avatar_size'),
|
||||
'display_name' => 'nullable|string|max:30',
|
||||
|
@ -466,6 +488,11 @@ class ApiV1Controller extends Controller
|
|||
public function accountFollowersById(Request $request, $id)
|
||||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$account = AccountService::get($id);
|
||||
abort_if(!$account, 404);
|
||||
$pid = $request->user()->profile_id;
|
||||
|
@ -557,6 +584,11 @@ class ApiV1Controller extends Controller
|
|||
public function accountFollowingById(Request $request, $id)
|
||||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$account = AccountService::get($id);
|
||||
abort_if(!$account, 404);
|
||||
$pid = $request->user()->profile_id;
|
||||
|
@ -647,6 +679,10 @@ class ApiV1Controller extends Controller
|
|||
*/
|
||||
public function accountStatusesById(Request $request, $id)
|
||||
{
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$this->validate($request, [
|
||||
|
@ -748,6 +784,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$target = Profile::where('id', '!=', $user->profile_id)
|
||||
|
@ -832,6 +872,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$target = Profile::where('id', '!=', $user->profile_id)
|
||||
|
@ -900,6 +944,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'id' => 'required|array|min:1|max:20',
|
||||
'id.*' => 'required|integer|min:1|max:' . PHP_INT_MAX
|
||||
|
@ -932,6 +980,10 @@ class ApiV1Controller extends Controller
|
|||
'resolve' => 'nullable'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$query = $request->input('q');
|
||||
$limit = $request->input('limit') ?? 20;
|
||||
|
@ -971,6 +1023,10 @@ class ApiV1Controller extends Controller
|
|||
'page' => 'nullable|integer|min:1|max:10'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$limit = $request->input('limit') ?? 40;
|
||||
|
||||
|
@ -1003,6 +1059,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$pid = $user->profile_id ?? $user->profile->id;
|
||||
|
||||
|
@ -1065,6 +1125,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$pid = $user->profile_id ?? $user->profile->id;
|
||||
|
||||
|
@ -1144,6 +1208,10 @@ class ApiV1Controller extends Controller
|
|||
'limit' => 'sometimes|integer|min:1|max:20'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$maxId = $request->input('max_id');
|
||||
$minId = $request->input('min_id');
|
||||
|
@ -1197,6 +1265,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$status = StatusService::getMastodon($id, false);
|
||||
|
@ -1256,6 +1328,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$status = Status::findOrFail($id);
|
||||
|
@ -1312,6 +1388,11 @@ class ApiV1Controller extends Controller
|
|||
$this->validate($request, [
|
||||
'limit' => 'sometimes|integer|min:1|max:100'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$res = FollowRequest::whereFollowingId($user->profile->id)
|
||||
|
@ -1552,6 +1633,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'file.*' => [
|
||||
'required_without:file',
|
||||
|
@ -1685,6 +1770,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'description' => 'nullable|string|max:' . config_cache('pixelfed.max_altext_length')
|
||||
]);
|
||||
|
@ -1735,6 +1824,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$media = Media::whereUserId($user->id)
|
||||
|
@ -1756,6 +1849,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'file.*' => [
|
||||
'required_without:file',
|
||||
|
@ -1929,6 +2026,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$pid = $user->profile_id;
|
||||
|
||||
|
@ -1982,6 +2083,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$pid = $user->profile_id;
|
||||
|
||||
|
@ -2018,6 +2123,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'limit' => 'nullable|integer|min:1|max:100',
|
||||
'min_id' => 'nullable|integer|min:1|max:'.PHP_INT_MAX,
|
||||
|
@ -2097,6 +2206,10 @@ class ApiV1Controller extends Controller
|
|||
'limit' => 'sometimes|integer|min:1|max:100'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$napi = $request->has(self::PF_API_ENTITY_KEY);
|
||||
$page = $request->input('page');
|
||||
$min = $request->input('min_id');
|
||||
|
@ -2244,6 +2357,10 @@ class ApiV1Controller extends Controller
|
|||
'local' => 'sometimes'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$napi = $request->has(self::PF_API_ENTITY_KEY);
|
||||
$min = $request->input('min_id');
|
||||
$max = $request->input('max_id');
|
||||
|
@ -2371,6 +2488,10 @@ class ApiV1Controller extends Controller
|
|||
'scope' => 'nullable|in:inbox,sent,requests'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$limit = $request->input('limit', 20);
|
||||
$scope = $request->input('scope', 'inbox');
|
||||
$pid = $request->user()->profile_id;
|
||||
|
@ -2437,6 +2558,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$res = $request->has(self::PF_API_ENTITY_KEY) ? StatusService::get($id, false) : StatusService::getMastodon($id, false);
|
||||
|
@ -2473,6 +2598,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api_strict_mode')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$pid = $user->profile_id;
|
||||
$status = StatusService::getMastodon($id, false);
|
||||
|
@ -2558,6 +2687,10 @@ class ApiV1Controller extends Controller
|
|||
'limit' => 'sometimes|integer|min:1|max:80'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$limit = $request->input('limit', 10);
|
||||
$user = $request->user();
|
||||
$pid = $user->profile_id;
|
||||
|
@ -2650,6 +2783,10 @@ class ApiV1Controller extends Controller
|
|||
'limit' => 'nullable|integer|min:1|max:80'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$limit = $request->input('limit', 10);
|
||||
$user = $request->user();
|
||||
$pid = $user->profile_id;
|
||||
|
@ -2739,6 +2876,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'status' => 'nullable|string',
|
||||
'in_reply_to_id' => 'nullable',
|
||||
|
@ -2937,6 +3078,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$status = Status::whereProfileId($request->user()->profile->id)
|
||||
->findOrFail($id);
|
||||
|
||||
|
@ -2963,6 +3108,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$status = Status::whereScope('public')->findOrFail($id);
|
||||
|
||||
|
@ -3009,6 +3158,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$status = Status::whereScope('public')->findOrFail($id);
|
||||
|
||||
|
@ -3050,6 +3203,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request,[
|
||||
'page' => 'nullable|integer|max:40',
|
||||
'min_id' => 'nullable|integer|min:0|max:' . PHP_INT_MAX,
|
||||
|
@ -3112,6 +3269,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'limit' => 'nullable|integer|min:1|max:40',
|
||||
'max_id' => 'nullable|integer|min:0',
|
||||
|
@ -3179,6 +3340,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$status = Status::findOrFail($id);
|
||||
$pid = $request->user()->profile_id;
|
||||
|
||||
|
@ -3218,6 +3383,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$status = Status::findOrFail($id);
|
||||
$pid = $request->user()->profile_id;
|
||||
|
||||
|
@ -3249,6 +3418,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'q' => 'required|string|min:1|max:100',
|
||||
'account_id' => 'nullable|string',
|
||||
|
@ -3276,6 +3449,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'limit' => 'integer|min:1|max:40'
|
||||
]);
|
||||
|
@ -3313,6 +3490,10 @@ class ApiV1Controller extends Controller
|
|||
'sort' => 'in:all,newest,popular'
|
||||
]);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$limit = $request->input('limit', 3);
|
||||
$pid = $request->user()->profile_id;
|
||||
$status = StatusService::getMastodon($id, false);
|
||||
|
@ -3404,6 +3585,10 @@ class ApiV1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$status = Status::findOrFail($id);
|
||||
$pid = $request->user()->profile_id;
|
||||
abort_if(!in_array($status->scope, ['public', 'unlisted', 'private']), 404);
|
||||
|
@ -3420,6 +3605,11 @@ class ApiV1Controller extends Controller
|
|||
public function discoverAccountsPopular(Request $request)
|
||||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$pid = $request->user()->profile_id;
|
||||
|
||||
$ids = Cache::remember('api:v1.1:discover:accounts:popular', 86400, function() {
|
||||
|
@ -3467,6 +3657,11 @@ class ApiV1Controller extends Controller
|
|||
public function getPreferences(Request $request)
|
||||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$pid = $request->user()->profile_id;
|
||||
$account = AccountService::get($pid);
|
||||
|
||||
|
@ -3514,6 +3709,11 @@ class ApiV1Controller extends Controller
|
|||
public function getMarkers(Request $request)
|
||||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$type = $request->input('timeline');
|
||||
if(is_array($type)) {
|
||||
$type = $type[0];
|
||||
|
@ -3534,6 +3734,11 @@ class ApiV1Controller extends Controller
|
|||
public function setMarkers(Request $request)
|
||||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_api')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$pid = $request->user()->profile_id;
|
||||
$home = $request->input('home.last_read_id');
|
||||
$notifications = $request->input('notifications.last_read_id');
|
||||
|
|
|
@ -23,6 +23,7 @@ use App\Services\ProfileStatusService;
|
|||
use App\Services\PublicTimelineService;
|
||||
use App\Services\NetworkTimelineService;
|
||||
use App\Util\Lexer\RestrictedNames;
|
||||
use App\Services\BouncerService;
|
||||
use App\Services\EmailService;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
|
@ -65,6 +66,10 @@ class ApiV1Dot1Controller extends Controller
|
|||
abort_if(!$user, 403);
|
||||
abort_if($user->status != null, 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$report_type = $request->input('report_type');
|
||||
$object_id = $request->input('object_id');
|
||||
$object_type = $request->input('object_type');
|
||||
|
@ -168,6 +173,10 @@ class ApiV1Dot1Controller extends Controller
|
|||
abort_if(!$user, 403);
|
||||
abort_if($user->status != null, 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$avatar = $user->profile->avatar;
|
||||
|
||||
if( $avatar->media_path == 'public/avatars/default.png' ||
|
||||
|
@ -204,6 +213,10 @@ class ApiV1Dot1Controller extends Controller
|
|||
abort_if(!$user, 403);
|
||||
abort_if($user->status != null, 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$account = AccountService::get($id);
|
||||
|
||||
if(!$account || $account['username'] !== $request->input('username')) {
|
||||
|
@ -238,6 +251,9 @@ class ApiV1Dot1Controller extends Controller
|
|||
$user = $request->user();
|
||||
abort_if(!$user, 403);
|
||||
abort_if($user->status != null, 403);
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'current_password' => 'bail|required|current_password',
|
||||
|
@ -276,6 +292,9 @@ class ApiV1Dot1Controller extends Controller
|
|||
$user = $request->user();
|
||||
abort_if(!$user, 403);
|
||||
abort_if($user->status != null, 403);
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
$agent = new Agent();
|
||||
$currentIp = $request->ip();
|
||||
|
||||
|
@ -314,6 +333,10 @@ class ApiV1Dot1Controller extends Controller
|
|||
abort_if(!$user, 403);
|
||||
abort_if($user->status != null, 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$res = [
|
||||
'active' => (bool) $user->{'2fa_enabled'},
|
||||
'setup_at' => $user->{'2fa_setup_at'}
|
||||
|
@ -331,6 +354,9 @@ class ApiV1Dot1Controller extends Controller
|
|||
$user = $request->user();
|
||||
abort_if(!$user, 403);
|
||||
abort_if($user->status != null, 403);
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
$from = config('mail.from.address');
|
||||
|
||||
$emailVerifications = EmailVerification::whereUserId($user->id)
|
||||
|
@ -404,6 +430,10 @@ class ApiV1Dot1Controller extends Controller
|
|||
abort_if(!$user, 403);
|
||||
abort_if($user->status != null, 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$res = $user->tokens->sortByDesc('created_at')->take(10)->map(function($token, $key) use($request) {
|
||||
return [
|
||||
'id' => $token->id,
|
||||
|
@ -422,7 +452,7 @@ class ApiV1Dot1Controller extends Controller
|
|||
public function inAppRegistrationPreFlightCheck(Request $request)
|
||||
{
|
||||
return [
|
||||
'open' => config('pixelfed.open_registration'),
|
||||
'open' => config_cache('pixelfed.open_registration'),
|
||||
'iara' => config('pixelfed.allow_app_registration')
|
||||
];
|
||||
}
|
||||
|
@ -430,9 +460,12 @@ class ApiV1Dot1Controller extends Controller
|
|||
public function inAppRegistration(Request $request)
|
||||
{
|
||||
abort_if($request->user(), 404);
|
||||
abort_unless(config('pixelfed.open_registration'), 404);
|
||||
abort_unless(config_cache('pixelfed.open_registration'), 404);
|
||||
abort_unless(config('pixelfed.allow_app_registration'), 404);
|
||||
abort_unless($request->hasHeader('X-PIXELFED-APP'), 403);
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
$this->validate($request, [
|
||||
'email' => [
|
||||
'required',
|
||||
|
@ -530,6 +563,9 @@ class ApiV1Dot1Controller extends Controller
|
|||
'ut' => 'required',
|
||||
'rt' => 'required'
|
||||
]);
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
$ut = $request->input('ut');
|
||||
$rt = $request->input('rt');
|
||||
$url = 'pixelfed://confirm-account/'. $ut . '?rt=' . $rt;
|
||||
|
@ -539,9 +575,12 @@ class ApiV1Dot1Controller extends Controller
|
|||
public function inAppRegistrationConfirm(Request $request)
|
||||
{
|
||||
abort_if($request->user(), 404);
|
||||
abort_unless(config('pixelfed.open_registration'), 404);
|
||||
abort_unless(config_cache('pixelfed.open_registration'), 404);
|
||||
abort_unless(config('pixelfed.allow_app_registration'), 404);
|
||||
abort_unless($request->hasHeader('X-PIXELFED-APP'), 403);
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
$this->validate($request, [
|
||||
'user_token' => 'required',
|
||||
'random_token' => 'required',
|
||||
|
@ -578,6 +617,10 @@ class ApiV1Dot1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$status = Status::whereNull('in_reply_to_id')
|
||||
->whereNull('reblog_of_id')
|
||||
->whereProfileId($request->user()->profile_id)
|
||||
|
@ -606,6 +649,10 @@ class ApiV1Dot1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$status = Status::whereNull('in_reply_to_id')
|
||||
->whereNull('reblog_of_id')
|
||||
->whereProfileId($request->user()->profile_id)
|
||||
|
@ -633,6 +680,10 @@ class ApiV1Dot1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$statuses = Status::whereProfileId($request->user()->profile_id)
|
||||
->whereScope('archived')
|
||||
->orderByDesc('id')
|
||||
|
@ -645,6 +696,10 @@ class ApiV1Dot1Controller extends Controller
|
|||
{
|
||||
abort_if(!$request->user(), 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$place = Place::whereSlug($slug)->findOrFail($id);
|
||||
|
||||
$posts = Cache::remember('pf-api:v1.1:places-by-id:' . $place->id, 3600, function() use($place) {
|
||||
|
@ -680,6 +735,10 @@ class ApiV1Dot1Controller extends Controller
|
|||
abort_if(!$request->user(), 403);
|
||||
abort_if($request->user()->is_admin != true, 403);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$this->validate($request, [
|
||||
'action' => 'required|in:cw,mark-public,mark-unlisted,mark-private,mark-spammer,delete'
|
||||
]);
|
||||
|
|
|
@ -4,6 +4,8 @@ namespace App\Http\Controllers\Auth;
|
|||
|
||||
use App\Http\Controllers\Controller;
|
||||
use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
|
||||
use App\Services\BouncerService;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class ForgotPasswordController extends Controller
|
||||
{
|
||||
|
@ -29,4 +31,33 @@ class ForgotPasswordController extends Controller
|
|||
{
|
||||
$this->middleware('guest');
|
||||
}
|
||||
|
||||
/**
|
||||
* Display the form to request a password reset link.
|
||||
*
|
||||
* @return \Illuminate\View\View
|
||||
*/
|
||||
public function showLinkRequestForm()
|
||||
{
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
|
||||
abort_if(BouncerService::checkIp(request()->ip()), 404);
|
||||
}
|
||||
|
||||
return view('auth.passwords.email');
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate the email for the given request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return void
|
||||
*/
|
||||
protected function validateEmail(Request $request)
|
||||
{
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$request->validate(['email' => 'required|email']);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ use App\AccountLog;
|
|||
use App\Http\Controllers\Controller;
|
||||
use App\User;
|
||||
use Illuminate\Foundation\Auth\AuthenticatesUsers;
|
||||
use App\Services\BouncerService;
|
||||
|
||||
class LoginController extends Controller
|
||||
{
|
||||
|
@ -42,6 +43,15 @@ class LoginController extends Controller
|
|||
$this->middleware('guest')->except('logout');
|
||||
}
|
||||
|
||||
public function showLoginForm()
|
||||
{
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
|
||||
abort_if(BouncerService::checkIp(request()->ip()), 404);
|
||||
}
|
||||
|
||||
return view('auth.login');
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate the user login request.
|
||||
*
|
||||
|
@ -51,6 +61,10 @@ class LoginController extends Controller
|
|||
*/
|
||||
public function validateLogin($request)
|
||||
{
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$rules = [
|
||||
$this->username() => 'required|email',
|
||||
'password' => 'required|string|min:6',
|
||||
|
|
|
@ -12,6 +12,7 @@ use Illuminate\Support\Facades\Validator;
|
|||
use Illuminate\Auth\Events\Registered;
|
||||
use Illuminate\Http\Request;
|
||||
use App\Services\EmailService;
|
||||
use App\Services\BouncerService;
|
||||
|
||||
class RegisterController extends Controller
|
||||
{
|
||||
|
@ -173,6 +174,9 @@ class RegisterController extends Controller
|
|||
public function showRegistrationForm()
|
||||
{
|
||||
if(config_cache('pixelfed.open_registration')) {
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp(request()->ip()), 404);
|
||||
}
|
||||
$limit = config('pixelfed.max_users');
|
||||
if($limit) {
|
||||
abort_if($limit <= User::count(), 404);
|
||||
|
@ -195,6 +199,10 @@ class RegisterController extends Controller
|
|||
{
|
||||
abort_if(config_cache('pixelfed.open_registration') == false, 400);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$count = User::count();
|
||||
$limit = config('pixelfed.max_users');
|
||||
|
||||
|
|
|
@ -4,6 +4,9 @@ namespace App\Http\Controllers\Auth;
|
|||
|
||||
use App\Http\Controllers\Controller;
|
||||
use Illuminate\Foundation\Auth\ResetsPasswords;
|
||||
use Illuminate\Support\Facades\Password;
|
||||
use Illuminate\Http\Request;
|
||||
use App\Services\BouncerService;
|
||||
|
||||
class ResetPasswordController extends Controller
|
||||
{
|
||||
|
@ -36,4 +39,51 @@ class ResetPasswordController extends Controller
|
|||
{
|
||||
$this->middleware('guest');
|
||||
}
|
||||
|
||||
/**
|
||||
* Display the password reset view for the given token.
|
||||
*
|
||||
* If no token is present, display the link request form.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
||||
*/
|
||||
public function showResetForm(Request $request)
|
||||
{
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$token = $request->route()->parameter('token');
|
||||
|
||||
return view('auth.passwords.reset')->with(
|
||||
['token' => $token, 'email' => $request->email]
|
||||
);
|
||||
}
|
||||
|
||||
public function reset(Request $request)
|
||||
{
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$request->validate($this->rules(), $this->validationErrorMessages());
|
||||
|
||||
// Here we will attempt to reset the user's password. If it is successful we
|
||||
// will update the password on an actual user model and persist it to the
|
||||
// database. Otherwise we will parse the error and return the response.
|
||||
$response = $this->broker()->reset(
|
||||
$this->credentials($request), function ($user, $password) {
|
||||
$this->resetPassword($user, $password);
|
||||
}
|
||||
);
|
||||
|
||||
// If the password was successfully reset, we will redirect the user back to
|
||||
// the application's home authenticated view. If there is an error we can
|
||||
// redirect them back to where they came from with their error message.
|
||||
return $response == Password::PASSWORD_RESET
|
||||
? $this->sendResetResponse($request, $response)
|
||||
: $this->sendResetFailedResponse($request, $response);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
20
app/Services/BouncerService.php
Normal file
20
app/Services/BouncerService.php
Normal file
|
@ -0,0 +1,20 @@
|
|||
<?php
|
||||
|
||||
namespace App\Services;
|
||||
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Symfony\Component\HttpFoundation\IpUtils;
|
||||
|
||||
class BouncerService
|
||||
{
|
||||
public static function checkIp($ip)
|
||||
{
|
||||
$knownCloudCidrs = Cache::rememberForever('pf:bouncer-service:check-ip:known-cloud-cidrs', function() {
|
||||
$file = Storage::get('bouncer/all.json');
|
||||
return json_decode($file, true);
|
||||
});
|
||||
|
||||
return IpUtils::checkIp($ip, $knownCloudCidrs);
|
||||
}
|
||||
}
|
|
@ -259,6 +259,13 @@ return [
|
|||
|
||||
'bouncer' => [
|
||||
'enabled' => env('PF_BOUNCER_ENABLED', false),
|
||||
|
||||
'cloud_ips' => [
|
||||
'ban_logins' => env('PF_BOUNCER_BAN_CLOUD_LOGINS', true),
|
||||
'ban_signups' => env('PF_BOUNCER_BAN_CLOUD_SIGNUPS', true),
|
||||
'ban_api' => env('PF_BOUNCER_BAN_CLOUD_API', true),
|
||||
'ban_api_strict_mode' => env('PF_BOUNCER_BAN_CLOUD_API_STRICT_MODE', true),
|
||||
],
|
||||
],
|
||||
|
||||
/*
|
||||
|
|
3
storage/app/bouncer/.gitignore
vendored
Normal file
3
storage/app/bouncer/.gitignore
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
*
|
||||
!.gitignore
|
||||
!all.json
|
1
storage/app/bouncer/all.json
Normal file
1
storage/app/bouncer/all.json
Normal file
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue