From cf9da94bba9004f41c8a92f7a1718ebc194a5899 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@libreserver.org>
Date: Fri, 11 Mar 2022 17:44:53 +0000
Subject: [PATCH] Detect post delivery via a third party

---
 daemon.py | 20 +++++++++++++++++++-
 inbox.py  |  6 ++++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/daemon.py b/daemon.py
index de27d4bc6..1c88d2622 100644
--- a/daemon.py
+++ b/daemon.py
@@ -424,6 +424,21 @@ def save_domain_qrcode(base_dir: str, http_prefix: str,
 class PubServer(BaseHTTPRequestHandler):
     protocol_version = 'HTTP/1.1'
 
+    def _detect_mitm(self) -> bool:
+        """Detect if a request contains a MiTM
+        """
+        mitm_domains = ['cloudflare']
+        check_headers = (
+            'Server', 'Report-To', 'Report-to', 'report-to',
+            'Expect-CT', 'Expect-Ct', 'expect-ct'
+        )
+        for interloper in mitm_domains:
+            for header_name in check_headers:
+                if self.headers.get(header_name):
+                    if interloper in self.headers[header_name]:
+                        return True
+        return False
+
     def _get_instance_url(self, calling_domain: str) -> str:
         """Returns the URL for this instance
         """
@@ -1711,6 +1726,8 @@ class PubServer(BaseHTTPRequestHandler):
                                  self.server.blocked_cache_last_updated,
                                  self.server.blocked_cache_update_secs)
 
+        mitm = self._detect_mitm()
+
         queue_filename = \
             save_post_to_inbox_queue(self.server.base_dir,
                                      self.server.http_prefix,
@@ -1722,7 +1739,8 @@ class PubServer(BaseHTTPRequestHandler):
                                      self.path,
                                      self.server.debug,
                                      self.server.blocked_cache,
-                                     self.server.system_language)
+                                     self.server.system_language,
+                                     mitm)
         if queue_filename:
             # add json to the queue
             if queue_filename not in self.server.inbox_queue:
diff --git a/inbox.py b/inbox.py
index 6018c6f0d..88c78fd05 100644
--- a/inbox.py
+++ b/inbox.py
@@ -459,7 +459,8 @@ def save_post_to_inbox_queue(base_dir: str, http_prefix: str,
                              message_bytes: str,
                              http_headers: {},
                              post_path: str, debug: bool,
-                             blocked_cache: [], system_language: str) -> str:
+                             blocked_cache: [], system_language: str,
+                             mitm: bool) -> str:
     """Saves the given json to the inbox queue for the person
     key_id specifies the actor sending the post
     """
@@ -592,7 +593,8 @@ def save_post_to_inbox_queue(base_dir: str, http_prefix: str,
         'original': original_post_json_object,
         'digest': digest,
         'filename': filename,
-        'destination': destination
+        'destination': destination,
+        'mitm': mitm
     }
 
     if debug: