Merge pull request #96 from immers-space/ignore-junk

Efficiency and compatibility updates
This commit is contained in:
Will Murphy 2023-06-23 14:07:57 -05:00 committed by GitHub
commit 7f1da8594b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 2973 additions and 2014 deletions

View file

@ -1,3 +1,11 @@
## v1.5.1 (2023-06-23)
Efficiency and compatibility updates
### Fixed
* Detect and bail out on irrelevant activities earlier in the flow to save work (several softwares seem to be spamming every known guppe actor with all their public activity)
* Fix cache retrieval of actor keys during signature verification
* Detect and bail out on unverifiable deletes before trying to fetch the actor
* Fix real ip address not logged behind reverse proxy
* Increase log storage
## v1.5.0 (2023-05-26) ## v1.5.0 (2023-05-26)
### Added ### Added

View file

@ -9,13 +9,23 @@ services:
- "node.labels.web==true" - "node.labels.web==true"
restart: always restart: always
ports: ports:
- 80:80 - mode: host
- 443:443 protocol: tcp
published: 80
target: 80
- mode: host
protocol: tcp
published: 443
target: 443
volumes: volumes:
- ssl_data:/etc/resty-auto-ssl - ssl_data:/etc/resty-auto-ssl
depends_on: depends_on:
- guppe - guppe
env_file: '.env' env_file: '.env'
logging:
driver: local
options:
max-size: '100m'
guppe: guppe:
image: datatitian/guppe image: datatitian/guppe
deploy: deploy:
@ -34,7 +44,7 @@ services:
logging: logging:
driver: local driver: local
options: options:
max-size: '10m' max-size: '100m'
healthcheck: healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8085"] test: ["CMD", "curl", "-f", "http://localhost:8085"]
interval: 1m30s interval: 1m30s
@ -60,7 +70,7 @@ services:
logging: logging:
driver: local driver: local
options: options:
max-size: '10m' max-size: '100m'
mongodb: mongodb:
image: mongo:4.2 image: mongo:4.2
@ -76,7 +86,7 @@ services:
logging: logging:
driver: local driver: local
options: options:
max-size: '10m' max-size: '100m'
volumes: volumes:
mongo-data: mongo-data:

View file

@ -56,7 +56,7 @@ const apex = ActivitypubExpress({
}) })
app.use( app.use(
morgan(':remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status Accepts ":req[accept]" ":referrer" ":user-agent"'), morgan(':remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status ":referrer" ":user-agent"'),
express.json({ type: apex.consts.jsonldTypes }), express.json({ type: apex.consts.jsonldTypes }),
apex, apex,
function checkAdminKey (req, res, next) { function checkAdminKey (req, res, next) {
@ -92,6 +92,24 @@ async function actorOnDemand (req, res, next) {
} catch (err) { return next(err) } } catch (err) { return next(err) }
next() next()
} }
// Lots of servers are delivering inappropriate activities to Guppe, move the filtering up earlier in the process to save work
apex.net.inbox.post.slice(
// just after standardizing the jsonld
apex.net.inbox.post.indexOf(apex.net.validators.jsonld) + 1,
0,
function (req, res, next) {
try {
const groupIRI = apex.utils.usernameToIRI(apex.actorParam)
if (!apex.audienceFromActivity(req.body).includes(groupIRI) && !req.body.object?.[0] === groupIRI) {
console.log('Ignoring irrelevant activity', req.body)
return res.status(202).send('Irrelevant activity ignored')
}
} catch (err) {
console.warn('Error performing prefilter:', err)
}
next()
}
)
// Do not boost posts from servers who abuse the service. // Do not boost posts from servers who abuse the service.
apex.net.inbox.post.splice( apex.net.inbox.post.splice(
// Blocked domain check is inserted into apex inbox route right after the sender is verified // Blocked domain check is inserted into apex inbox route right after the sender is verified
@ -145,11 +163,6 @@ app.on('apex-inbox', async ({ actor, activity, recipient, object }) => {
switch (activity.type.toLowerCase()) { switch (activity.type.toLowerCase()) {
// automatically reshare incoming posts // automatically reshare incoming posts
case 'create': { case 'create': {
// check audience to ignore forwarded messages not adddressed to group
const audience = apex.audienceFromActivity(activity)
if (!audience.includes(recipient.id) || !activity.object?.length) {
return
}
const to = [ const to = [
recipient.followers[0], recipient.followers[0],
apex.consts.publicAddress apex.consts.publicAddress

4930
package-lock.json generated

File diff suppressed because it is too large Load diff

View file

@ -5,7 +5,7 @@
"main": "index.js", "main": "index.js",
"dependencies": { "dependencies": {
"@small-tech/auto-encrypt": "^3.1.0", "@small-tech/auto-encrypt": "^3.1.0",
"activitypub-express": "^4.3.0", "activitypub-express": "^4.4.0",
"connect-history-api-fallback": "^2.0.0", "connect-history-api-fallback": "^2.0.0",
"cors": "^2.8.4", "cors": "^2.8.4",
"dotenv": "^16.0.3", "dotenv": "^16.0.3",