From 53b0a0601a1deda45e8f7aab1cf5b211d7ca6e56 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 23 Jun 2019 14:24:30 -0600 Subject: [PATCH 1/7] Update .env.example --- .env.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.example b/.env.example index d87451b75..f5ed15a93 100644 --- a/.env.example +++ b/.env.example @@ -56,7 +56,7 @@ ACTIVITYPUB_SHAREDINBOX=false # php artisan optimize:clear # php artisan optimize -PF_COSTAR_ENABLED=false +PF_COSTAR_ENABLED=true CS_BLOCKED_DOMAINS='gab.com,gab.ai,develop.gab.com' CS_CW_DOMAINS='switter.at' CS_UNLISTED_DOMAINS='example.org,example.net,example.com' From 83e56333883da5442076bfe236e6fc55740c0018 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 23 Jun 2019 20:35:37 -0600 Subject: [PATCH 2/7] Update User RateLimit --- app/Util/RateLimit/User.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/Util/RateLimit/User.php b/app/Util/RateLimit/User.php index 75e4b1c6e..c93aa6c4f 100644 --- a/app/Util/RateLimit/User.php +++ b/app/Util/RateLimit/User.php @@ -48,4 +48,9 @@ trait User { { return 500; } + + public function getMaxInstanceBansPerDayAttribute() + { + return 100; + } } \ No newline at end of file From d2039ac3fdb9f160419c05fbdd7096976f6ad97f Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 23 Jun 2019 20:35:56 -0600 Subject: [PATCH 3/7] Update web routes --- routes/web.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routes/web.php b/routes/web.php index ee4da9733..4efa82265 100644 --- a/routes/web.php +++ b/routes/web.php @@ -192,7 +192,7 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact Route::get('privacy/blocked-users', 'SettingsController@blockedUsers')->name('settings.privacy.blocked-users'); Route::post('privacy/blocked-users', 'SettingsController@blockedUsersUpdate'); Route::get('privacy/blocked-instances', 'SettingsController@blockedInstances')->name('settings.privacy.blocked-instances'); - Route::post('privacy/blocked-instances', 'SettingsController@blockedInstanceStore'); + Route::post('privacy/blocked-instances', 'SettingsController@blockedInstanceStore')->middleware('throttle:maxInstanceBansPerDay,1440'); Route::post('privacy/blocked-instances/unblock', 'SettingsController@blockedInstanceUnblock')->name('settings.privacy.blocked-instances.unblock'); Route::get('privacy/blocked-keywords', 'SettingsController@blockedKeywords')->name('settings.privacy.blocked-keywords'); From 13f18d09c8ab8facad4adbeed25ae13223cbb2c7 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 23 Jun 2019 21:09:13 -0600 Subject: [PATCH 4/7] Update blocked instances view --- .../privacy/blocked-instances.blade.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/resources/views/settings/privacy/blocked-instances.blade.php b/resources/views/settings/privacy/blocked-instances.blade.php index 34fb7d8fb..ff2b1812d 100644 --- a/resources/views/settings/privacy/blocked-instances.blade.php +++ b/resources/views/settings/privacy/blocked-instances.blade.php @@ -64,23 +64,31 @@ }, }) .then(val => { - if (!val) throw null; + if (!val) { + swal.stopLoading(); + swal.close(); + return; + }; try { let validator = new URL(val); - if(!validator.hostname) throw null; + if(!validator.hostname || validator.protocol != 'https:') { + swal.stopLoading(); + swal.close(); + swal('Invalid URL', 'The URL you have entered is not valid, it must start with https://', 'error'); + return; + }; axios.post(window.location.href, { - domain: validator.hostname + domain: validator.href }).then(res => { window.location.href = window.location.href; }).catch(err => { swal.stopLoading(); swal.close(); - swal('An Error Occured', 'An error occured, please try again later.', 'error'); }); } catch(e) { swal.stopLoading(); swal.close(); - swal('An Error Occured', 'An error occured, please try again later.', 'error'); + swal('Invalid URL', 'The URL you have entered is not valid, it must start with https://', 'error'); } }) }); From 95807c93e5446f02787051597f19ce2480dd39bd Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 23 Jun 2019 22:22:23 -0600 Subject: [PATCH 5/7] Update AP Helpers --- app/Util/ActivityPub/Helpers.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php index f2c1169db..14e40cc40 100644 --- a/app/Util/ActivityPub/Helpers.php +++ b/app/Util/ActivityPub/Helpers.php @@ -146,9 +146,13 @@ class Helpers { $host = parse_url($valid, PHP_URL_HOST); + if(count(dns_get_record($host, DNS_A | DNS_AAAA)) == 0) { + return false; + } + if(config('costar.enabled') == true) { if( - (config('costar.domain.block') != null && in_array($host, config('costar.domain.block')) == true) || + (config('costar.domain.block') != null && Str::contains($host, config('costar.domain.block')) == true) || (config('costar.actor.block') != null && in_array($url, config('costar.actor.block')) == true) ) { return false; From 74b76ac1758a066892c6fc530acfcde29319ee9a Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 23 Jun 2019 23:31:07 -0600 Subject: [PATCH 6/7] Update PrivacySettings --- app/Http/Controllers/Settings/PrivacySettings.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/Http/Controllers/Settings/PrivacySettings.php b/app/Http/Controllers/Settings/PrivacySettings.php index d3283c921..8e987ab68 100644 --- a/app/Http/Controllers/Settings/PrivacySettings.php +++ b/app/Http/Controllers/Settings/PrivacySettings.php @@ -10,6 +10,7 @@ use App\Profile; use App\User; use App\UserFilter; use App\Util\Lexer\PrettyNumber; +use App\Util\ActivityPub\Helpers; use Auth, Cache, DB; use Illuminate\Http\Request; @@ -134,9 +135,13 @@ trait PrivacySettings public function blockedInstanceStore(Request $request) { $this->validate($request, [ - 'domain' => 'required|active_url' + 'domain' => 'required|url|min:1|max:120' ]); $domain = $request->input('domain'); + if(Helpers::validateUrl($domain) == false) { + return abort(400, 'Invalid domain'); + } + $domain = parse_url($domain, PHP_URL_HOST); $instance = Instance::firstOrCreate(['domain' => $domain]); $filter = new UserFilter; $filter->user_id = Auth::user()->profile->id; From 1c0b6134e3914556c8b0a9e726e2570deba52274 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 23 Jun 2019 23:31:45 -0600 Subject: [PATCH 7/7] Update privacy settings view --- .../views/settings/privacy/blocked-instances.blade.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/resources/views/settings/privacy/blocked-instances.blade.php b/resources/views/settings/privacy/blocked-instances.blade.php index ff2b1812d..d7e6679f0 100644 --- a/resources/views/settings/privacy/blocked-instances.blade.php +++ b/resources/views/settings/privacy/blocked-instances.blade.php @@ -69,12 +69,13 @@ swal.close(); return; }; + let msg = 'The URL you have entered is not valid, please try again.' try { let validator = new URL(val); if(!validator.hostname || validator.protocol != 'https:') { swal.stopLoading(); swal.close(); - swal('Invalid URL', 'The URL you have entered is not valid, it must start with https://', 'error'); + swal('Invalid URL', msg, 'error'); return; }; axios.post(window.location.href, { @@ -84,11 +85,13 @@ }).catch(err => { swal.stopLoading(); swal.close(); + swal('Invalid URL', msg, 'error'); + return; }); } catch(e) { swal.stopLoading(); swal.close(); - swal('Invalid URL', 'The URL you have entered is not valid, it must start with https://', 'error'); + swal('Invalid URL', msg, 'error'); } }) });