From 7cd529beba32d54ffb3ec2e84316c7c18e22605e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 30 May 2025 14:30:37 +0200 Subject: [PATCH] Continued: - fixed bad POST requests for misskey (you should run ./fba.py fetch_blocks --software=misskey) - added more headers for security checks --- fba/commands.py | 2 ++ fba/http/network.py | 11 +++++++++-- fba/networks/misskey.py | 10 ++++------ 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/fba/commands.py b/fba/commands.py index 3293552..fd5bc21 100644 --- a/fba/commands.py +++ b/fba/commands.py @@ -299,9 +299,11 @@ def fetch_blocks(args: argparse.Namespace) -> int: database.cursor.execute("SELECT domain, software, origin, nodeinfo_url FROM instances WHERE software = ? OR original_software = ? ORDER BY last_blocked ASC, total_blocks DESC", [args.software, args.software]) elif args.only_none: # Check only entries with total_blocked=None + logger.debug("Checking only entries with total_blocked=None ...") database.cursor.execute("SELECT domain, software, origin, nodeinfo_url FROM instances WHERE software IN ('pleroma', 'mastodon', 'lemmy', 'friendica', 'misskey', 'piefed', 'typecho') AND nodeinfo_url IS NOT NULL AND total_blocks IS NULL ORDER BY last_blocked ASC, total_blocks DESC") else: # Re-check after "timeout" (aka. minimum interval) + logger.debug("Checking any federating software with possible blocklist ...") database.cursor.execute("SELECT domain, software, origin, nodeinfo_url FROM instances WHERE software IN ('pleroma', 'mastodon', 'lemmy', 'friendica', 'misskey', 'piefed', 'typecho') AND nodeinfo_url IS NOT NULL ORDER BY last_blocked ASC, total_blocks DESC") # Load all rows diff --git a/fba/http/network.py b/fba/http/network.py index fb7a7a9..9f62316 100644 --- a/fba/http/network.py +++ b/fba/http/network.py @@ -40,8 +40,11 @@ web_headers = { # HTTP headers for API requests _api_headers = { - "User-Agent" : config.get("useragent"), - "Content-Type": "application/json", + "User-Agent" : config.get("useragent"), + "Content-Type" : "application/json", + "Sec-Fetch-Dest": "empty", + "Sec-Fetch-Mode": "cors", + "Sec-Fetch-Site": "same-origin", } # Exceptions to always catch @@ -86,6 +89,10 @@ def post_json_api(domain: str, path: str, data: str = "", headers: dict = {}) -> "status_code": 200, } + # Add domain as referer and origin + headers["Referer"] = f"https://{domain}/" + headers["Origin"] = f"https://{domain}/" + try: logger.debug("Sending POST to domain='%s',path='%s',data='%s',headers(%d)='%s'", domain, path, data, len(headers), headers) start = time.perf_counter() diff --git a/fba/networks/misskey.py b/fba/networks/misskey.py index 5630cdb..6d56b45 100644 --- a/fba/networks/misskey.py +++ b/fba/networks/misskey.py @@ -165,19 +165,17 @@ def fetch_blocks(domain: str) -> list: try: logger.debug("Fetching offset=%d from domain='%s' ...", offset, domain) if offset == 0: - logger.debug("Sending JSON API request to domain='%s',step=%d,offset=%d", domain, step, offset) + logger.debug("Sending JSON API request to domain='%s',step=%d ...", domain, step) fetched = network.post_json_api(domain, "/api/federation/instances", json.dumps({ - "sort" : "+pubAt", + "sort" : "+pubSub", "host" : None, - "suspended": True, "limit" : step }), headers) else: - logger.debug("Sending JSON API request to domain='%s',step=%d,offset=%d", domain, step, offset) + logger.debug("Sending JSON API request to domain='%s',step=%d,offset=%d ...", domain, step, offset) fetched = network.post_json_api(domain, "/api/federation/instances", json.dumps({ - "sort" : "+pubAt", + "sort" : "+pubSub", "host" : None, - "suspended": True, "limit" : step, "offset" : offset - 1 }), headers) -- 2.39.5