Limit maximum ActivityPub request and response sizes to a configurable setting
This commit is contained in:
parent
e9e8a03e08
commit
a2d5202d4e
4 changed files with 7 additions and 1 deletions
|
@ -2249,6 +2249,9 @@ PATH =
|
||||||
;; Enable/Disable user statistics for nodeinfo if federation is enabled
|
;; Enable/Disable user statistics for nodeinfo if federation is enabled
|
||||||
; SHARE_USER_STATISTICS = true
|
; SHARE_USER_STATISTICS = true
|
||||||
;;
|
;;
|
||||||
|
;; Maximum ActivityPub request and response size (MB)
|
||||||
|
; MAX_SIZE = 4
|
||||||
|
;;
|
||||||
;; HTTP signature algorithms
|
;; HTTP signature algorithms
|
||||||
; ALGORITHMS = rsa-sha256, rsa-sha512
|
; ALGORITHMS = rsa-sha256, rsa-sha512
|
||||||
;;
|
;;
|
||||||
|
|
|
@ -1087,6 +1087,7 @@ Task queue configuration has been moved to `queue.task`. However, the below conf
|
||||||
|
|
||||||
- `ENABLED`: **true**: Enable/Disable federation capabilities
|
- `ENABLED`: **true**: Enable/Disable federation capabilities
|
||||||
- `SHARE_USER_STATISTICS`: **true**: Enable/Disable user statistics for nodeinfo if federation is enabled
|
- `SHARE_USER_STATISTICS`: **true**: Enable/Disable user statistics for nodeinfo if federation is enabled
|
||||||
|
- `MAX_SIZE`: **4**: Maximum ActivityPub request and response size (MB)
|
||||||
- `ALGORITHMS`: **rsa-sha256, rsa-sha512**: HTTP signature algorithms
|
- `ALGORITHMS`: **rsa-sha256, rsa-sha512**: HTTP signature algorithms
|
||||||
- `DIGEST_ALGORITHM`: **SHA-256**: HTTP signature digest algorithm
|
- `DIGEST_ALGORITHM`: **SHA-256**: HTTP signature digest algorithm
|
||||||
- `GET_HEADERS`: **(request-target), Date**: GET headers for federation requests
|
- `GET_HEADERS`: **(request-target), Date**: GET headers for federation requests
|
||||||
|
|
|
@ -15,6 +15,7 @@ var (
|
||||||
Federation = struct {
|
Federation = struct {
|
||||||
Enabled bool
|
Enabled bool
|
||||||
ShareUserStatistics bool
|
ShareUserStatistics bool
|
||||||
|
MaxSize int64
|
||||||
Algorithms []string
|
Algorithms []string
|
||||||
DigestAlgorithm string
|
DigestAlgorithm string
|
||||||
GetHeaders []string
|
GetHeaders []string
|
||||||
|
@ -22,6 +23,7 @@ var (
|
||||||
}{
|
}{
|
||||||
Enabled: true,
|
Enabled: true,
|
||||||
ShareUserStatistics: true,
|
ShareUserStatistics: true,
|
||||||
|
MaxSize: 4,
|
||||||
Algorithms: []string{"rsa-sha256", "rsa-sha512"},
|
Algorithms: []string{"rsa-sha256", "rsa-sha512"},
|
||||||
DigestAlgorithm: "SHA-256",
|
DigestAlgorithm: "SHA-256",
|
||||||
GetHeaders: []string{"(request-target)", "Date"},
|
GetHeaders: []string{"(request-target)", "Date"},
|
||||||
|
|
|
@ -61,7 +61,7 @@ func fetch(iri *url.URL) (b []byte, err error) {
|
||||||
err = fmt.Errorf("url IRI fetch [%s] failed with status (%d): %s", iri, resp.StatusCode, resp.Status)
|
err = fmt.Errorf("url IRI fetch [%s] failed with status (%d): %s", iri, resp.StatusCode, resp.Status)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
b, err = io.ReadAll(resp.Body)
|
b, err = io.ReadAll(io.LimitReader(resp.Body, setting.Federation.MaxSize*(1<<20)))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Reference in a new issue