From 5061faf4d936dca22bba199fd71c7d7a29b17efa Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Thu, 20 Jul 2023 17:22:02 +0200
Subject: [PATCH] Continued: - only attempt to fetch peers when software was
 detected - added API /api/v1/instance/domain_blocks - for this the blacklist
 needs to be rewritten for having "block" reasons   included

---
 daemon.py                | 16 ++++++++++++
 fba/helpers/blacklist.py | 55 +++++++++++++++++++---------------------
 fba/http/federation.py   | 12 +++++----
 3 files changed, 49 insertions(+), 34 deletions(-)

diff --git a/daemon.py b/daemon.py
index 9ccdc64..d591fc0 100755
--- a/daemon.py
+++ b/daemon.py
@@ -37,6 +37,7 @@ import uvicorn
 from fba import database
 from fba import utils
 
+from fba.helpers import blacklist
 from fba.helpers import config
 from fba.helpers import json as json_helper
 from fba.helpers import tidyup
@@ -308,6 +309,21 @@ def nodeinfo_1_0(request: Request):
         },
     })
 
+@router.get(config.get("base_url") + "/api/v1/instance/domain_blocks", response_class=JSONResponse)
+def api_domain_blocks(request: Request):
+    blocked = blacklist.get_all()
+    blocking = list()
+
+    for block in blocked:
+        blocking.append({
+            "domain"  : block,
+            "digest"  : utils.get_hash(block),
+            "severity": "suspend",
+            "comment" : blocked[block],
+        })
+
+    return JSONResponse(status_code=200, content=blocking)
+
 @router.get(config.get("base_url") + "/api/v1/instance/peers", response_class=JSONResponse)
 def api_peers(request: Request):
     database.cursor.execute("SELECT domain FROM instances WHERE nodeinfo_url IS NOT NULL")
diff --git a/fba/helpers/blacklist.py b/fba/helpers/blacklist.py
index 3aa89c0..d2426b0 100644
--- a/fba/helpers/blacklist.py
+++ b/fba/helpers/blacklist.py
@@ -22,43 +22,40 @@ logging.basicConfig(level=logging.INFO)
 logger = logging.getLogger(__name__)
 
 # Don't check these, known trolls/flooders/testing/developing
-blacklist = [
-    # Floods federation with fake nodes as "research" project
-    "activitypub-troll.cf",
-    "activitypub-proxy.cf",
-    # Similar troll
-    "gab.best",
-    # Similar troll
-    "4chan.icu",
-    # Flooder (?)
-    "social.shrimpcam.pw",
-    "mastotroll.netz.org",
-    "lhr.life",
-    "localhost.run",
-    "loca.lt",
-    # Testing/developing installations
-    "ngrok.io",
-    "ngrok.app",
-    "ngrok-free.app",
-    "misskeytest.chn.moe",
-    "netlify.app",
-    # block flooder
-    "everyoneattack.com",
-    # CSRF
-    "hexbear.net", # See script in /instances
-]
+_blacklist = {
+    "activitypub-troll.cf": "Floods federation with fake nodes as \"research\" project",
+    "activitypub-proxy.cf": "Floods federation with fake nodes as \"research\" project",
+    "gab.best"            : "Floods federation tables with fake nodes",
+    "4chan.icu"           : "Floods federation tables with fake nodes",
+    "social.shrimpcam.pw" : "Floods federation tables with fake nodes",
+    "mastotroll.netz.org" : "Floods federation tables with fake nodes",
+    "lhr.life"            : "Floods federation tables with fake nodes",
+    "localhost.run"       : "Floods federation tables with fake nodes",
+    "loca.lt"             : "Floods federation tables with fake nodes",
+    "ngrok.io"            : "Testing/developing instances shouldn't be part of public instances",
+    "ngrok.app"           : "Testing/developing instances shouldn't be part of public instances",
+    "ngrok-free.app"      : "Testing/developing instances shouldn't be part of public instances",
+    "misskeytest.chn.moe" : "Testing/developing instances shouldn't be part of public instances",
+    "netlify.app"         : "Testing/developing instances shouldn't be part of public instances",
+    "everyoneattack.com"  : "Floods federation tables with fake nodes",
+    "hexbear.net"         : "Is a Lemmy instance with malicious JavaScript code (shell commands)",
+}
 
 def is_blacklisted(domain: str) -> bool:
     logger.debug("domain='%s' - CALLED!", domain)
     domain_helper.raise_on(domain)
 
     blacklisted = False
-    logger.debug("Checking %d blacklist entries ...", len(blacklist))
-    for peer in blacklist:
-        logger.debug("Checking peer='%s' ...", peer)
-        if peer in domain:
+    logger.debug("Checking %d blacklist entries ...", len(_blacklist))
+    for blocked in _blacklist:
+        logger.debug("Checking blocked='%s' ...", blocked)
+        if blocked in domain:
             logger.debug("domain='%s' is blacklisted.", domain)
             blacklisted = True
 
     logger.debug("blacklisted='%s' - EXIT!", blacklisted)
     return blacklisted
+
+def get_all() -> dict:
+    logger.debug("_blacklist()=%d - CALLED!", len(_blacklist))
+    return _blacklist
diff --git a/fba/http/federation.py b/fba/http/federation.py
index 6ad8413..21e2670 100644
--- a/fba/http/federation.py
+++ b/fba/http/federation.py
@@ -79,11 +79,13 @@ def fetch_instances(domain: str, origin: str, software: str, command: str, path:
     instances.set_last_instance_fetch(domain)
 
     peerlist = list()
-    try:
-        logger.debug("Fetching instances for domain='%s',software='%s',origin='%s'", domain, software, origin)
-        peerlist = fetch_peers(domain, software, origin)
-    except network.exceptions as exception:
-        logger.warning("Cannot fetch peers from domain='%s',software='%s': '%s'", domain, software, type(exception))
+    logger.debug("software='%s'", software)
+    if software is not None:
+        try:
+            logger.debug("Fetching instances for domain='%s',software='%s',origin='%s'", domain, software, origin)
+            peerlist = fetch_peers(domain, software, origin)
+        except network.exceptions as exception:
+            logger.warning("Cannot fetch peers from domain='%s',software='%s': '%s'", domain, software, type(exception))
 
     logger.debug("peerlist[]='%s'", type(peerlist))
     if isinstance(peerlist, list):
-- 
2.39.5