Mark instances as unreachable when returning a 403 from an object fetch
This is a definite sign the instance is blocked and they are enforcing authorized_fetch
This commit is contained in:
parent
ac4cc619ea
commit
4c29366fe5
3 changed files with 34 additions and 0 deletions
|
@ -181,6 +181,15 @@ defmodule Pleroma.Object.Fetcher do
|
||||||
{:fetch_object, %Object{} = object} ->
|
{:fetch_object, %Object{} = object} ->
|
||||||
{:ok, object}
|
{:ok, object}
|
||||||
|
|
||||||
|
{:fetch, {:error, {:ok, %Tesla.Env{status: 403}}}} ->
|
||||||
|
Instances.set_consistently_unreachable(id)
|
||||||
|
|
||||||
|
Logger.error(
|
||||||
|
"Error while fetching #{id}: HTTP 403 likely due to instance block rejecting the signed fetch."
|
||||||
|
)
|
||||||
|
|
||||||
|
{:error, "Object fetch has been denied"}
|
||||||
|
|
||||||
{:fetch, {:error, error}} ->
|
{:fetch, {:error, error}} ->
|
||||||
Logger.error("Error while fetching #{id}: #{inspect(error)}")
|
Logger.error("Error while fetching #{id}: #{inspect(error)}")
|
||||||
{:error, error}
|
{:error, error}
|
||||||
|
|
|
@ -10,5 +10,16 @@ defmodule Pleroma.Workers.RemoteFetcherWorker do
|
||||||
@impl Oban.Worker
|
@impl Oban.Worker
|
||||||
def perform(%Job{args: %{"op" => "fetch_remote", "id" => id} = args}) do
|
def perform(%Job{args: %{"op" => "fetch_remote", "id" => id} = args}) do
|
||||||
{:ok, _object} = Fetcher.fetch_object_from_id(id, depth: args["depth"])
|
{:ok, _object} = Fetcher.fetch_object_from_id(id, depth: args["depth"])
|
||||||
|
|
||||||
|
case Fetcher.fetch_object_from_id(id, depth: args["depth"]) do
|
||||||
|
{:ok, _object} ->
|
||||||
|
:ok
|
||||||
|
|
||||||
|
{:error, reason = "Object fetch has been denied"} ->
|
||||||
|
{:cancel, reason}
|
||||||
|
|
||||||
|
_ ->
|
||||||
|
:error
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -57,6 +57,8 @@ defmodule Pleroma.Object.FetcherTest do
|
||||||
body: spoofed_object_with_ids("https://patch.cx/objects/spoof_content_type")
|
body: spoofed_object_with_ids("https://patch.cx/objects/spoof_content_type")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
%{method: :get, url: "https://octodon.social/users/cwebber/statuses/111647596861000656"} ->
|
||||||
|
%Tesla.Env{status: 403}
|
||||||
# Spoof: mismatching ids
|
# Spoof: mismatching ids
|
||||||
# Variant 1: Non-exisitng fake id
|
# Variant 1: Non-exisitng fake id
|
||||||
%{
|
%{
|
||||||
|
@ -417,6 +419,18 @@ defmodule Pleroma.Object.FetcherTest do
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "handle HTTP 403 response" do
|
||||||
|
object_id = "https://octodon.social/users/cwebber/statuses/111647596861000656"
|
||||||
|
Instances.set_reachable(object_id)
|
||||||
|
|
||||||
|
assert Instances.reachable?(object_id)
|
||||||
|
|
||||||
|
assert {:error, "Object fetch has been denied"} ==
|
||||||
|
Fetcher.fetch_object_from_id(object_id)
|
||||||
|
|
||||||
|
refute Instances.reachable?(object_id)
|
||||||
|
end
|
||||||
|
|
||||||
test "it can fetch pleroma polls with attachments" do
|
test "it can fetch pleroma polls with attachments" do
|
||||||
{:ok, object} =
|
{:ok, object} =
|
||||||
Fetcher.fetch_object_from_id("https://patch.cx/objects/tesla_mock/poll_attachment")
|
Fetcher.fetch_object_from_id("https://patch.cx/objects/tesla_mock/poll_attachment")
|
||||||
|
|
Loading…
Reference in a new issue