From 702fa3167fa47364889b0dc32ed6305b497ca9bf Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 22 Apr 2021 10:27:20 +0100 Subject: [PATCH] Instance allow list for receiving DMs --- inbox.py | 49 +++++++++++++++++++++++++++---------------------- utils.py | 19 +++++++++++++++++++ 2 files changed, 46 insertions(+), 22 deletions(-) diff --git a/inbox.py b/inbox.py index 864e5a1ac..da64d8f54 100644 --- a/inbox.py +++ b/inbox.py @@ -11,6 +11,7 @@ import os import datetime import time from linked_data_sig import verifyJsonSignature +from utils import dmAllowedFromDomain from utils import isRecentPost from utils import getConfigParam from utils import hasUsersPath @@ -2466,28 +2467,32 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int, if not isFollowingActor(baseDir, nickname, domain, sendH): - # send back a bounce DM - if postJsonObject.get('id') and \ - postJsonObject.get('object'): - # don't send bounces back to - # replies to bounce messages - obj = postJsonObject['object'] - if isinstance(obj, dict): - if not obj.get('inReplyTo'): - senderPostId = \ - postJsonObject['id'] - _bounceDM(senderPostId, - session, httpPrefix, - baseDir, - nickname, domain, - port, sendH, - federationList, - sendThreads, postLog, - cachedWebfingers, - personCache, - translate, debug, - lastBounceMessage) - return False + # DMs may always be allowed from some domains + if not dmAllowedFromDomain(baseDir, + nickname, domain, + sendingActorDomain): + # send back a bounce DM + if postJsonObject.get('id') and \ + postJsonObject.get('object'): + # don't send bounces back to + # replies to bounce messages + obj = postJsonObject['object'] + if isinstance(obj, dict): + if not obj.get('inReplyTo'): + senderPostId = \ + postJsonObject['id'] + _bounceDM(senderPostId, + session, httpPrefix, + baseDir, + nickname, domain, + port, sendH, + federationList, + sendThreads, postLog, + cachedWebfingers, + personCache, + translate, debug, + lastBounceMessage) + return False # dm index will be updated updateIndexList.append('dm') diff --git a/utils.py b/utils.py index dce31f502..c08a5d8e1 100644 --- a/utils.py +++ b/utils.py @@ -2203,3 +2203,22 @@ def loadTranslationsFromFile(baseDir: str, language: str) -> ({}, str): translationsFile = baseDir + '/translations/' + \ systemLanguage + '.json' return loadJson(translationsFile), systemLanguage + + +def dmAllowedFromDomain(baseDir: str, + nickname: str, domain: str, + sendingActorDomain: str): + """When a DM is received and the .followDMs flag file exists + Then optionally some domains can be specified as allowed, + regardless of individual follows. + i.e. Mostly you only want DMs from followers, but there are + a few particular instances that you trust + """ + dmAllowedDomainsFilename = \ + baseDir + '/accounts/' + \ + nickname + '@' + domain + '/dmAllowedDomains.txt' + if not os.path.isfile(dmAllowedDomainsFilename): + return False + if sendingActorDomain + '\n' in open(dmAllowedDomainsFilename).read(): + return True + return False