From 6b95a65a08a93148afd8902167293f749c17ca3b Mon Sep 17 00:00:00 2001 From: localhost_frssoft Date: Fri, 29 Sep 2023 03:50:39 +0300 Subject: [PATCH] improved checks for input fedi handle and support instances restrictions --- functions.lua | 16 +++++++++++++--- join.lua | 13 ++++++++++++- onboard.lua | 22 ++++++++++++++++------ settingtypes.txt | 4 ++++ 4 files changed, 45 insertions(+), 10 deletions(-) diff --git a/functions.lua b/functions.lua index 3cfbc60..fc35c47 100644 --- a/functions.lua +++ b/functions.lua @@ -228,7 +228,17 @@ function fediauth.give_code(secret_b32, time) return codeseq end -function fediauth.str_repeats(s,c) - local _,n = s:gsub(c,"") - return n +function fediauth.check_for_restricted_instance(domain) + local restricted_instances = minetest.settings:get("fediauth.restricted_instances") or {} + if type(restricted_instances) == "string" then + restricted_instances = restricted_instances:split(",") + end + for _, instance in ipairs(restricted_instances) do + if instance == domain then + minetest.log("action", "[fediauth] domain restricted: '" .. domain .. "'") + return true + end + end + return false end + diff --git a/join.lua b/join.lua index 9ffe209..0ae0f63 100644 --- a/join.lua +++ b/join.lua @@ -124,11 +124,22 @@ minetest.register_on_player_receive_fields(function(player, formname, fields) -- check for new player or doesn't have fedi account if fields.fediverse_account_url then -- basic prevent mention spam and limit length - if not string.starts(fields.fediverse_account_url, "@") or string.len(fields.fediverse_account_url) < 3 or string.len(fields.fediverse_account_url) > 100 or fediauth.str_repeats(fields.fediverse_account_url, "@") > 2 then + if not string.starts(fields.fediverse_account_url, "@") or string.len(fields.fediverse_account_url) < 3 or string.len(fields.fediverse_account_url) > 100 then minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Try again, your input is incorrect")) minetest.show_formspec(playername, FORMNAMEFEDI, formspecfediadd) return end + fedihandle = fields.fediverse_account_url:split("@") + if #fedihandle ~= 2 then + minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Incorrect format")) + minetest.show_formspec(playername, FORMNAMEFEDI, formspecfediadd) + return + end + if fediauth.check_for_restricted_instance(fedihandle[2]) then + minetest.chat_send_player(playername, minetest.colorize("#ff0000", fedihandle[2] .. "has restricted, try another...")) + minetest.show_formspec(playername, FORMNAMEFEDI, formspecfediadd) + return + end local secret_b32 = fediauth.get_player_secret_b32(playername) local codeseq = fediauth.give_code(secret_b32) fediauth.send_code(codeseq[1], fields.fediverse_account_url) diff --git a/onboard.lua b/onboard.lua index d84ab1f..9f2f571 100644 --- a/onboard.lua +++ b/onboard.lua @@ -39,12 +39,22 @@ minetest.register_on_player_receive_fields(function(player, formname, fields) return end - if fields.fediverse_account_url then + if fields.fediverse_account_url then local playername = player:get_player_name() - if not string.starts(fields.fediverse_account_url, "@") or string.len(fields.fediverse_account_url) < 3 or string.len(fields.fediverse_account_url) > 100 then - minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Try again, your input is incorrect")) - return - end + -- basic prevent mention spam and limit length + if not string.starts(fields.fediverse_account_url, "@") or string.len(fields.fediverse_account_url) < 3 or string.len(fields.fediverse_account_url) > 100 then + minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Try again, your input is incorrect")) + return + end + fedihandle = fields.fediverse_account_url:split("@") + if #fedihandle ~= 2 then + minetest.chat_send_player(playername, minetest.colorize("#ff0000", "Incorrect format")) + return + end + if fediauth.check_for_restricted_instance(fedihandle[2]) then + minetest.chat_send_player(playername, minetest.colorize("#ff0000", fedihandle[2] .. "has restricted, try another...")) + return + end local secret_b32 = fediauth.get_player_secret_b32(playername) local codeseq = fediauth.give_code(secret_b32) fediauth.send_code(codeseq[1], fields.fediverse_account_url) @@ -56,7 +66,7 @@ minetest.register_on_player_receive_fields(function(player, formname, fields) minetest.show_formspec(playername, FORMNAME, formspec) - end + end if fields.code then local playername = player:get_player_name() diff --git a/settingtypes.txt b/settingtypes.txt index a00cf94..15e8a2e 100644 --- a/settingtypes.txt +++ b/settingtypes.txt @@ -7,3 +7,7 @@ fediauth.api_token (Token for account) string # If no fediverse account - no access to server fediauth.fedi_required (Require Fediverse account for each user) bool false + +# Useful if remote instance blocked on service account server or any other reasons +# Separated by comma +fediauth.restricted_instances (Restrict instance domains) string example.com,another.example.com,