From 5e4c390be8955e5556b41ac211ffe812488e1985 Mon Sep 17 00:00:00 2001
From: noellabo <noel.yoshiba@gmail.com>
Date: Sun, 18 Feb 2024 11:24:19 +0900
Subject: [PATCH] Add reject blurhash to Admin setting

---
 app/lib/activitypub/activity/create.rb         | 5 +++++
 app/models/form/admin_settings.rb              | 1 +
 app/views/admin/settings/others/show.html.haml | 3 +++
 config/locales/en.yml                          | 3 +++
 config/locales/ja.yml                          | 6 ++++++
 config/settings.yml                            | 1 +
 lib/exceptions.rb                              | 1 +
 7 files changed, 20 insertions(+)

diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index afa76cf4004d4c..b0c7c4f4adfd66 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -14,6 +14,8 @@ def perform
     else
       create_status
     end
+  rescue Mastodon::RejectPayload
+    reject_payload!
   end
 
   private
@@ -79,6 +81,9 @@ def process_status
     @params               = {}
 
     process_status_params
+
+    raise Mastodon::RejectPayload if MediaAttachment.where(id: @params[:media_attachment_ids]).where(blurhash: Setting.reject_blurhash.split(/\r\n/).filter(&:present?).uniq).present?
+
     process_tags
     process_audience
 
diff --git a/app/models/form/admin_settings.rb b/app/models/form/admin_settings.rb
index 6e803ae7c2bddd..c7c68c1776e609 100644
--- a/app/models/form/admin_settings.rb
+++ b/app/models/form/admin_settings.rb
@@ -40,6 +40,7 @@ class Form::AdminSettings
     app_icon
     favicon
     reject_pattern
+    reject_blurhash
   ).freeze
 
   INTEGER_KEYS = %i(
diff --git a/app/views/admin/settings/others/show.html.haml b/app/views/admin/settings/others/show.html.haml
index 06dcf2bf8b0098..8d0a2b1acf15c6 100644
--- a/app/views/admin/settings/others/show.html.haml
+++ b/app/views/admin/settings/others/show.html.haml
@@ -15,5 +15,8 @@
   .fields-group
     = f.input :reject_pattern, wrapper: :with_block_label, as: :text, label: t('admin.settings.reject_pattern.title'), hint: t('admin.settings.reject_pattern.desc_html'), input_html: { rows: 8 }
 
+  .fields-group
+    = f.input :reject_blurhash, wrapper: :with_block_label, as: :text, label: t('admin.settings.reject_blurhash.title'), hint: t('admin.settings.reject_blurhash.desc_html'), input_html: { rows: 8 }
+
   .actions
     = f.button :button, t('generic.save_changes'), type: :submit
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 4cf2d328b5ca9a..bb6f03c11c6c8c 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -785,6 +785,9 @@ en:
           none: Nobody can sign up
           open: Anyone can sign up
         warning_hint: We recommend using “Approval required for sign up” unless you are confident your moderation team can handle spam and malicious registrations in a timely fashion.
+      reject_blurhash:
+        desc_html: Set a blurhashes to inspect Create Activity media attachments, and refuse Activity if you match
+        title: Reject blurhash
       reject_pattern:
         desc_html: Set a regular expression pattern to inspect Create Activity content, and refuse Activity if you match
         title: Reject Pattern
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index ec6963517abdcb..4001eee32e4570 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -767,6 +767,12 @@ ja:
           none: 誰にも許可しない
           open: 誰でも登録可
         warning_hint: モデレーションチームがスパムや悪意のある登録を迅速に処理できる自信がない限り、サインアップを承認制にすることをお勧めします。
+      reject_blurhash:
+        desc_html: Create Activityの添付画像を検査するblurhashを設定し、一致する場合はActivityを拒否します
+        title: 拒否画像ハッシュ
+      reject_pattern:
+        desc_html: Create Activityのcontentを検査する正規表現パターンを設定し、一致する場合はActivityを拒否します
+        title: 拒否パターン
       security:
         authorized_fetch: 連合サーバーによる署名なしでの情報取得を拒否する
         authorized_fetch_hint: ほかの連合サーバーから受け付けるリクエストに署名を必須にすることで、ユーザーによるブロックおよびドメインブロック両方の効果をより強力にします。ただし連合の処理コストが増えてパフォーマンス面で不利になるほか、このサーバーから送られた反応が届く範囲が狭まったり、連合における互換性の問題を招く可能性もあります。また、この機能は公開投稿やプロフィールへのアクセスをブロックした相手から完全に遮断できるものではありません。
diff --git a/config/settings.yml b/config/settings.yml
index 599ba46a66796d..43040593198c75 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -39,6 +39,7 @@ defaults: &defaults
   backups_retention_period: 7
   captcha_enabled: false
   reject_pattern: ''
+  reject_blurhash: ''
 
 development:
   <<: *defaults
diff --git a/lib/exceptions.rb b/lib/exceptions.rb
index d3b92f4a09300f..029235560b0630 100644
--- a/lib/exceptions.rb
+++ b/lib/exceptions.rb
@@ -8,6 +8,7 @@ class HostValidationError < ValidationError; end
   class LengthValidationError < ValidationError; end
   class DimensionsValidationError < ValidationError; end
   class StreamValidationError < ValidationError; end
+  class RejectPayload < ValidationError; end
   class RaceConditionError < Error; end
   class RateLimitExceededError < Error; end
   class SyntaxError < Error; end