1 # Fedi API Block - An aggregator for fetching blocking data from fediverse nodes
2 # Copyright (C) 2023 Free Software Foundation
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published
6 # by the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <https://www.gnu.org/licenses/>.
23 from fba.helpers import blacklist
24 from fba.helpers import config
25 from fba.helpers import cookies
26 from fba.helpers import domain as domain_helper
28 from fba.http import network
30 from fba.models import instances
32 logging.basicConfig(level=logging.INFO)
33 logger = logging.getLogger(__name__)
35 def determine(domain: str, headers: dict) -> dict:
36 logger.debug("domain='%s',headers()=%d - CALLED!", domain, len(headers))
37 domain_helper.raise_on(domain)
39 if blacklist.is_blacklisted(domain):
40 raise Exception(f"domain='{domain}' is blacklisted but function is invoked.")
41 elif not isinstance(headers, dict):
42 raise ValueError(f"Parameter headers[]='{type(headers)}' is not of type 'dict'")
44 # Default headers with no CSRF
47 # Fetch / to check for meta tag indicating csrf
48 logger.debug("Fetching / from domain='%s' for CSRF check ...", domain)
49 response = network.fetch_response(
52 headers=network.web_headers,
53 timeout=(config.get("connection_timeout"), config.get("read_timeout"))
56 logger.debug("response.ok='%s',response.status_code=%d,response.text()=%d", response.ok, response.status_code, len(response.text))
57 if response.ok and response.status_code == 200 and response.text.strip() != "" and response.text.find("<html") > 0 and domain_helper.is_in_url(domain, response.url.split("#")[0]):
59 logger.debug("Parsing response.text()=%d Bytes ...", len(response.text))
60 cookies.store(domain, response.cookies.get_dict())
63 meta = bs4.BeautifulSoup(
67 logger.debug("meta[]='%s'", type(meta))
68 tag = meta.find("meta", attrs={"name": "csrf-token"})
70 logger.debug("tag[%s]='%s'", type(tag), tag)
72 logger.debug("Adding CSRF token='%s' for domain='%s'", tag["content"], domain)
73 reqheaders["X-CSRF-Token"] = tag["content"]
74 elif not domain_helper.is_in_url(domain, response.url.split("#")[0]):
75 logger.warning("domain='%s' doesn't match with response.url='%s', maybe redirect to other domain?", domain, response.url)
77 message = f"Redirect from domain='{domain}' to response.url='{response.url}'"
78 instances.set_last_error(domain, message)
79 raise requests.exceptions.TooManyRedirects(message)
81 logger.debug("reqheaders()=%d - EXIT!", len(reqheaders))