Merge pull request #96 from immers-space/ignore-junk

Efficiency and compatibility updates

CHANGELOG.md

@@ -1,3 +1,11 @@
+## v1.5.1 (2023-06-23)
+Efficiency and compatibility updates
+### Fixed
+* Detect and bail out on irrelevant activities earlier in the flow to save work (several softwares seem to be spamming every known guppe actor with all their public activity)
+* Fix cache retrieval of actor keys during signature verification
+* Detect and bail out on unverifiable deletes before trying to fetch the actor
+* Fix real ip address not logged behind reverse proxy
+* Increase log storage
 ## v1.5.0 (2023-05-26)
 
 ### Added

docker-compose.yml

@@ -9,13 +9,23 @@ services:
           - "node.labels.web==true"
     restart: always
     ports:
-      - 80:80
+      - mode: host
-      - 443:443
+        protocol: tcp
+        published: 80
+        target: 80
+      - mode: host
+        protocol: tcp
+        published: 443
+        target: 443
     volumes:
       - ssl_data:/etc/resty-auto-ssl
     depends_on:
       - guppe
     env_file: '.env'
+    logging:
+      driver: local
+      options:
+        max-size: '100m'
   guppe:
     image: datatitian/guppe
     deploy:
@@ -34,7 +44,7 @@ services:
     logging:
       driver: local
       options:
-        max-size: '10m'
+        max-size: '100m'
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8085"]
       interval: 1m30s
@@ -60,7 +70,7 @@ services:
     logging:
       driver: local
       options:
-        max-size: '10m'
+        max-size: '100m'
 
   mongodb:
     image: mongo:4.2
@@ -76,7 +86,7 @@ services:
     logging:
       driver: local
       options:
-        max-size: '10m'
+        max-size: '100m'
 
 volumes:
   mongo-data:

index.js

@@ -56,7 +56,7 @@ const apex = ActivitypubExpress({
 })
 
 app.use(
-  morgan(':remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status Accepts ":req[accept]" ":referrer" ":user-agent"'),
+  morgan(':remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status ":referrer" ":user-agent"'),
   express.json({ type: apex.consts.jsonldTypes }),
   apex,
   function checkAdminKey (req, res, next) {
@@ -92,6 +92,24 @@ async function actorOnDemand (req, res, next) {
   } catch (err) { return next(err) }
   next()
 }
+// Lots of servers are delivering inappropriate activities to Guppe, move the filtering up earlier in the process to save work
+apex.net.inbox.post.slice(
+  // just after standardizing the jsonld
+  apex.net.inbox.post.indexOf(apex.net.validators.jsonld) + 1,
+  0,
+  function (req, res, next) {
+    try {
+      const groupIRI = apex.utils.usernameToIRI(apex.actorParam)
+      if (!apex.audienceFromActivity(req.body).includes(groupIRI) && !req.body.object?.[0] === groupIRI) {
+        console.log('Ignoring irrelevant activity', req.body)
+        return res.status(202).send('Irrelevant activity ignored')
+      }
+    } catch (err) {
+      console.warn('Error performing prefilter:', err)
+    }
+    next()
+  }
+)
 // Do not boost posts from servers who abuse the service.
 apex.net.inbox.post.splice(
   // Blocked domain check is inserted into apex inbox route right after the sender is verified
@@ -145,11 +163,6 @@ app.on('apex-inbox', async ({ actor, activity, recipient, object }) => {
   switch (activity.type.toLowerCase()) {
     // automatically reshare incoming posts
     case 'create': {
-      // check audience to ignore forwarded messages not adddressed to group
-      const audience = apex.audienceFromActivity(activity)
-      if (!audience.includes(recipient.id) || !activity.object?.length) {
-        return
-      }
       const to = [
         recipient.followers[0],
         apex.consts.publicAddress

package.json

@@ -5,7 +5,7 @@
   "main": "index.js",
   "dependencies": {
     "@small-tech/auto-encrypt": "^3.1.0",
-    "activitypub-express": "^4.3.0",
+    "activitypub-express": "^4.4.0",
     "connect-history-api-fallback": "^2.0.0",
     "cors": "^2.8.4",
     "dotenv": "^16.0.3",