Nosial/FederationServer
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Add public entities configuration and authorization checks for entity records
Some checks are pending
CI / release (push) Waiting to run
Details
CI / debug (push) Waiting to run
Details
CI / check-phpunit (push) Waiting to run
Details
CI / check-phpdoc (push) Waiting to run
Details
CI / generate-phpdoc (push) Blocked by required conditions
Details
CI / test (push) Blocked by required conditions
Details
CI / release-documentation (push) Blocked by required conditions
Details
CI / release-artifacts (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
netkas 2025-06-06 13:22:03 -04:00
parent 417499b6f4
commit 1eb5b83eb2
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
5 changed files with 26 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/FederationServer/Classes/Configuration.php
View file

@ -4,7 +4,6 @@
use FederationServer\Classes\Configuration\DatabaseConfiguration;
use FederationServer\Classes\Configuration\RedisConfiguration;
use FederationServer\Classes\Configuration\FileStorageConfiguration;
use FederationServer\Classes\Configuration\ServerConfiguration;
use FederationServer\Classes\Enums\AuditLogType;
@ -36,6 +35,7 @@
self::$configuration->setDefault('server.public_audit_entries', array_map(fn($type) => $type->value, AuditLogType::cases()));
self::$configuration->setDefault('server.public_evidence', true);
self::$configuration->setDefault('server.public_blacklist', true);
self::$configuration->setDefault('server.public_entities', true);
self::$configuration->setDefault('server.min_blacklist_time', 1800);
self::$configuration->setDefault('database.host', '127.0.0.1');

12
src/FederationServer/Classes/Configuration/ServerConfiguration.php
View file

@ -23,6 +23,7 @@
private array $publicAuditEntries;
private bool $publicEvidence;
private bool $publicBlacklist;
private bool $publicEntities = true;
private int $minBlacklistTime;
/**
@ -46,6 +47,7 @@
$this->publicAuditEntries = array_map(fn($type) => AuditLogType::from($type), $config['public_audit_entries'] ?? []);
$this->publicEvidence = $config['public_evidence'] ?? true;
$this->publicBlacklist = $config['public_blacklist'] ?? true;
$this->publicEntities = $config['public_entities'] ?? true;
$this->minBlacklistTime = $config['min_blacklist_time'] ?? 1800;
}
@ -189,6 +191,16 @@
return $this->publicBlacklist;
}
/**
* Checks if entities are publicly accessible
*
* @return bool True if public entities is enabled, false otherwise
*/
public function isEntitiesPublic(): bool
{
return $this->publicEntities;
}
/**
* Returns the minimum allowed time that a blacklist could be set to expire, for example
* 1800 = 30 Minutes, if a blacklist is set to expire within 30 minutes or more, it's valid, otherwise

6
src/FederationServer/Methods/Entities/GetEntityRecord.php
View file

@ -17,6 +17,12 @@
*/
public static function handleRequest(): void
{
$authenticatedOperator = FederationServer::getAuthenticatedOperator();
if(!Configuration::getServerConfiguration()->isEntitiesPublic() && $authenticatedOperator === null)
{
throw new RequestException('Unauthorized: You must be authenticated to view entity records', 401);
}
if(!preg_match('#^/entities/([a-fA-F0-9\-]{36,})$#', FederationServer::getPath(), $matches))
{
throw new RequestException('Bad Request: Entity UUID is required', 400);

6
src/FederationServer/Methods/Entities/ListEntities.php
View file

@ -16,6 +16,12 @@
*/
public static function handleRequest(): void
{
$authenticatedOperator = FederationServer::getAuthenticatedOperator();
if(!Configuration::getServerConfiguration()->isEntitiesPublic() && $authenticatedOperator === null)
{
throw new RequestException('Unauthorized: You must be authenticated to view entity records', 401);
}
$limit = (int) (FederationServer::getParameter('limit') ?? Configuration::getServerConfiguration()->getListEntitiesMaxItems());
$page = (int) (FederationServer::getParameter('page') ?? 1);

2
src/FederationServer/Methods/Entities/ListEntityAuditLogs.php
View file

@ -17,7 +17,7 @@
*/
public static function handleRequest(): void
{
$authenticatedOperator = FederationServer::getAuthenticatedOperator(false);
$authenticatedOperator = FederationServer::getAuthenticatedOperator();
if(!Configuration::getServerConfiguration()->isAuditLogsPublic() && $authenticatedOperator === null)
{
throw new RequestException('Unauthorized: Public audit logs are disabled and no operator is authenticated', 403);