about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-02-14 04:01:02 +0100
committerEugen Rochko <eugen@zeonfederated.com>2017-02-14 04:01:37 +0100
commit40a40537326aa168d20324bd8bd0e979d5083570 (patch)
tree323cc18fe0437e16c4aa122deebec826af4d912e /app
parent94b61bdcf687c8234398de76fec932f53c46565f (diff)
Disable PuSH for blocked domains
Diffstat (limited to 'app')
-rw-r--r--app/services/pubsubhubbub/subscribe_service.rb5
-rw-r--r--app/workers/pubsubhubbub/distribution_worker.rb5
2 files changed, 7 insertions, 3 deletions
diff --git a/app/services/pubsubhubbub/subscribe_service.rb b/app/services/pubsubhubbub/subscribe_service.rb
index 343376d77..bf36e3fa6 100644
--- a/app/services/pubsubhubbub/subscribe_service.rb
+++ b/app/services/pubsubhubbub/subscribe_service.rb
@@ -2,8 +2,9 @@
 
 class Pubsubhubbub::SubscribeService < BaseService
   def call(account, callback, secret, lease_seconds)
-    return ['Invalid topic URL', 422] if account.nil?
-    return ['Invalid callback URL', 422] unless !callback.blank? && callback =~ /\A#{URI.regexp(%w(http https))}\z/
+    return ['Invalid topic URL',        422] if account.nil?
+    return ['Invalid callback URL',     422] unless !callback.blank? && callback =~ /\A#{URI.regexp(%w(http https))}\z/
+    return ['Callback URL not allowed', 403] if DomainBlock.blocked?(Addressable::URI.parse(callback).host)
 
     subscription = Subscription.where(account: account, callback_url: callback).first_or_create!(account: account, callback_url: callback)
     Pubsubhubbub::ConfirmationWorker.perform_async(subscription.id, 'subscribe', secret, lease_seconds)
diff --git a/app/workers/pubsubhubbub/distribution_worker.rb b/app/workers/pubsubhubbub/distribution_worker.rb
index d5437bf6b..82ff257af 100644
--- a/app/workers/pubsubhubbub/distribution_worker.rb
+++ b/app/workers/pubsubhubbub/distribution_worker.rb
@@ -13,8 +13,11 @@ class Pubsubhubbub::DistributionWorker
     account  = stream_entry.account
     renderer = AccountsController.renderer.new(method: 'get', http_host: Rails.configuration.x.local_domain, https: Rails.configuration.x.use_https)
     payload  = renderer.render(:show, assigns: { account: account, entries: [stream_entry] }, formats: [:atom])
+    # domains  = account.followers_domains
 
-    Subscription.where(account: account).active.select('id').find_each do |subscription|
+    Subscription.where(account: account).active.select('id, callback_url').find_each do |subscription|
+      host = Addressable::URI.parse(subscription.callback_url).host
+      next if DomainBlock.blocked?(host) # || !domains.include?(host)
       Pubsubhubbub::DeliveryWorker.perform_async(subscription.id, payload)
     end
   rescue ActiveRecord::RecordNotFound