From 8d899d61970a566eb828330d1292df31f1f7b938 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Tue, 20 Aug 2019 22:10:36 +0700 Subject: [PATCH 1/3] Add `:ap_routes` rate limit --- config/config.exs | 3 ++- config/test.exs | 3 ++- lib/pleroma/web/ostatus/ostatus_controller.ex | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/config/config.exs b/config/config.exs index 758661120..2f6145516 100644 --- a/config/config.exs +++ b/config/config.exs @@ -548,7 +548,8 @@ config :pleroma, :rate_limit, statuses_actions: {10_000, 15}, status_id_action: {60_000, 3}, password_reset: {1_800_000, 5}, - account_confirmation_resend: {8_640_000, 5} + account_confirmation_resend: {8_640_000, 5}, + ap_routes: {60_000, 15} # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. diff --git a/config/test.exs b/config/test.exs index 6f75f39b5..30a51f734 100644 --- a/config/test.exs +++ b/config/test.exs @@ -71,7 +71,8 @@ config :pleroma, Pleroma.ScheduledActivity, config :pleroma, :rate_limit, search: [{1000, 30}, {1000, 30}], app_account_creation: {10_000, 5}, - password_reset: {1000, 30} + password_reset: {1000, 30}, + ap_routes: nil config :pleroma, :http_security, report_uri: "https://endpoint.com" diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex index c70063b84..305901dfd 100644 --- a/lib/pleroma/web/ostatus/ostatus_controller.ex +++ b/lib/pleroma/web/ostatus/ostatus_controller.ex @@ -22,6 +22,8 @@ defmodule Pleroma.Web.OStatus.OStatusController do alias Pleroma.Web.Router alias Pleroma.Web.XML + plug(Pleroma.Plugs.RateLimiter, :ap_routes when action in [:object, :activity]) + plug(Pleroma.Web.FederatingPlug when action in [:salmon_incoming]) plug( From 85bd8a4e31761f835cd5d79519c3644577643012 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Wed, 21 Aug 2019 21:24:35 +0300 Subject: [PATCH 2/3] fixed clear config after test --- test/user_test.exs | 3 +++ test/web/activity_pub/activity_pub_test.exs | 2 +- test/web/activity_pub/transmogrifier_test.exs | 2 ++ .../mastodon_api_controller/update_credentials_test.exs | 1 + 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/test/user_test.exs b/test/user_test.exs index b70133a94..661ffc0b3 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -541,6 +541,9 @@ defmodule Pleroma.UserTest do avatar: %{some: "avatar"} } + clear_config([:instance, :user_bio_length]) + clear_config([:instance, :user_name_length]) + test "it confirms validity" do cs = User.remote_user_creation(@valid_remote) assert cs.valid? diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index f20cd2840..1515f4eb6 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -555,7 +555,7 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do note_two = insert(:note, data: %{"context" => "suya.."}) activity_two = insert(:note_activity, note: note_two) - {:ok, activity_two} = CommonAPI.add_mute(user, activity_two) + {:ok, _activity_two} = CommonAPI.add_mute(user, activity_two) assert [_activity_two, _activity_one] = ActivityPub.fetch_activities([], %{"muting_user" => user, "with_muted" => true}) diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index d8fbcd628..629c76c97 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -24,6 +24,8 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do :ok end + clear_config([:instance, :max_remote_account_fields]) + describe "handle_incoming" do test "it ignores an incoming notice if we already have it" do activity = insert(:note_activity) diff --git a/test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs b/test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs index dd443495b..87ee82050 100644 --- a/test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller/update_credentials_test.exs @@ -9,6 +9,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do use Pleroma.Web.ConnCase import Pleroma.Factory + clear_config([:instance, :max_account_fields]) describe "updating credentials" do test "sets user settings in a generic way", %{conn: conn} do From a79ebac592f550e5df99a6ad39de27467708e4ed Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 22 Aug 2019 16:03:43 +0700 Subject: [PATCH 3/3] Improve AP routes rate limit --- lib/pleroma/web/ostatus/ostatus_controller.ex | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex index 305901dfd..fdba0f77f 100644 --- a/lib/pleroma/web/ostatus/ostatus_controller.ex +++ b/lib/pleroma/web/ostatus/ostatus_controller.ex @@ -22,7 +22,10 @@ defmodule Pleroma.Web.OStatus.OStatusController do alias Pleroma.Web.Router alias Pleroma.Web.XML - plug(Pleroma.Plugs.RateLimiter, :ap_routes when action in [:object, :activity]) + plug( + Pleroma.Plugs.RateLimiter, + {:ap_routes, params: ["uuid"]} when action in [:object, :activity] + ) plug(Pleroma.Web.FederatingPlug when action in [:salmon_incoming])