Software-defined Application Firewall for ActivityPub inboxes.
|
|
||
|---|---|---|
| src | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| LICENSE | ||
| README.md | ||
Fedivet
Software-defined Application Firewall for ActivityPub inboxes.
Infrastructure
We provide keyed LRU caches with TTL to retrieve information about the incoming requests, such as domain history, user history, instance metadata, etc.
Built-in Data Sources (TODO)
- Fediverse Observer
- Domain WHOIS
- Advertised NodeInfo
- Federation Reports from Friend Instances
#[allow(clippy::unused_async)]
async fn build_state(args: &Args) -> AppState<MisskeyError> {
let mut state = AppState::new(args.backend.parse().expect("Invalid backend URL"));
let instance_history = Arc::new(LruData::sized(
&|host| async move { Ok::<_, ()>("Todo") },
512.try_into().unwrap(),
Some(Duration::from_secs(600)),
));
state.push_evaluator(Box::new(move |info: &APRequestInfo<'_>| {
let act = info.activity.as_ref().map_err(|_| ERROR_DENIED).cloned();
let instance_history = Arc::clone(&instance_history);
async move {
let act = act?;
let host = act
.actor
.as_ref()
.and_then(|s| Url::parse(s).ok())
.ok_or(ERROR_DENIED)?;
let instance = instance_history
.query(host.host_str().unwrap().to_owned())
.await;
match instance {
Ok(i) => {
log::info!("Instance history: {:?}", i);
Ok(())
}
Err(_) => Err::<(), _>(ERROR_DENIED),
}
}
}));
// let user_history = Arc::new(LruData::sized( ... ));
state.push_evaluator(Box::new(|info: &APRequestInfo<'_>| {
let act = info.activity.as_ref().map_err(|_| ERROR_DENIED).cloned();
async move {
let act = act?;
log::debug!("Activity: {:?}", act);
Ok(())
}
}));
state
}