Require signed GET requests (authorized fetch) when using federation allow list

[belatedly]

Summary

I wasn't sure whether to call this a bug or not. I tested the allow/white list function in the current alpha and instances that are not entered in the allowed box can still fetch users and posts by searching the URL. Instances that are not explicitly allowed should not be able to fetch anything from the instance.

I did not receive a follow request from the instance I tested with, so it seems that this functionality is currently only rejecting certain activities from instances that are not explicitly allowed.

Purpose

Using an allow list allows an admin to control access to their users and content, in its current state the functionality is not enforcing this. Authorized fetch would check for signatures and reject all GET requests from instances that are not explicitly allowed.

Do you want to implement this feature yourself?

• [ ] Yes, I will implement this by myself and send a pull request

[sneexy-boi]

From what I know, this is (although "experimental") added in Sharkey. That could probably be upstreamed to here.

[KisaragiEffective]

From what I know, this is (although "experimental") added in Sharkey. That could probably be upstreamed to here.

Could you point to the MR? I couldn't find one...

[belatedly]

Could you point to the MR? I couldn't find one...

Here's the original merge: https://activitypub.software/TransFem-org/Sharkey/-/commit/fd57c7e24caf936392440de3c063b5eaa9d588cb

These are enhancements/fixes: https://activitypub.software/TransFem-org/Sharkey/-/commit/4f2fa60a72d1613ddaa315570d5754f7b54a2ac3 and https://activitypub.software/TransFem-org/Sharkey/-/commit/94fee180b92af2ff8751173d939297d584ea5244

[temtemy]

There are cases where allowlist without authorized fetch still make sense. For example, an allowlist can be used as a last-ditch defense against spam, if all others (like filtering with "prohibited words") fail. But in that case the admin still doesn't want to completely shut itself off from other instances not part of the allowlist.

In fact it would be nice if the allowlist's behavior can be adjusted, like whether it should only block all incoming messages or also suspend all delivery of activities to servers outside the list.

[temtemy]

Oh and maybe an allowlist where the Misskey will only deliver activities could be useful too... Being able to only deliver activities to the relays you've subscribed to would lessen a lot of network pushing I'd imagine.