yojo-art · kozakura913 · Jan 11, 2025 · Dec 18, 2024 · Dec 18, 2024 · Dec 18, 2024
diff --git a/CHANGELOG_YOJO.md b/CHANGELOG_YOJO.md
@@ -4,6 +4,7 @@
 
 ### General
 - Feat: システムユーザーのファイル一覧を追加 [#595](https://github.com/yojo-art/cherrypick/pull/595)
+- Feat: 公開投稿以外の配送を制限する機能 [#574](https://github.com/yojo-art/cherrypick/pull/574)
 - Enhance: Fedibird形式の絵文字情報連合に対応 [#604](https://github.com/yojo-art/cherrypick/pull/604)
 	- 以下の情報が対応ソフト間で連合されます
     - キーワード

diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml
@@ -331,6 +331,7 @@ stopActivityDelivery: "アクティビティの配送を停止"
 blockThisInstance: "このサーバーをブロック"
 silenceThisInstance: "サーバーをサイレンス"
 mediaSilenceThisInstance: "サーバーをメディアサイレンス"
+quarantineThisInstance: "サーバーに公開投稿のみ配送"
 operations: "操作"
 software: "ソフトウェア"
 version: "バージョン"
@@ -3102,6 +3103,8 @@ _moderationLogTypes:
   deleteGalleryPost: "ギャラリーの投稿を削除"
   updateOfficialTags: "公式タグ一覧を更新"
   promoteQueue: "ジョブキューを再試行"
+  quarantineRemoteInstance: "公開投稿のみ配送に制限"
+  unquarantineRemoteInstance: "公開投稿のみ配送を解除"
 
 _fileViewer:
   title: "ファイルの詳細"

diff --git a/packages/backend/migration/1734500881453-AddQuarantineLimited.js b/packages/backend/migration/1734500881453-AddQuarantineLimited.js
@@ -0,0 +1,16 @@
+/*
+ * SPDX-FileCopyrightText: syuilo and misskey-project, yojo-art team
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+export class AddQuarantineLimited1734500881453 {
+    name = 'AddQuarantineLimited1734500881453'
+
+    async up(queryRunner) {
+        await queryRunner.query(`ALTER TABLE "instance" ADD "quarantineLimited" boolean NOT NULL DEFAULT false`);
+    }
+
+    async down(queryRunner) {
+        await queryRunner.query(`ALTER TABLE "instance" DROP COLUMN "quarantineLimited"`);
+    }
+}
diff --git a/packages/backend/src/core/GlobalEventService.ts b/packages/backend/src/core/GlobalEventService.ts
@@ -288,6 +288,7 @@ export interface InternalEventTypes {
 	unmute: { muterId: MiUser['id']; muteeId: MiUser['id']; };
 	userListMemberAdded: { userListId: MiUserList['id']; memberId: MiUser['id']; };
 	userListMemberRemoved: { userListId: MiUserList['id']; memberId: MiUser['id']; };
+	clearQuarantinedHostsCache: string;
 }
 
 type EventTypesToEventPayload<T> = EventUnionFromDictionary<UndefinedAsNullAll<SerializedAll<T>>>;

diff --git a/packages/backend/src/core/QueueService.ts b/packages/backend/src/core/QueueService.ts
@@ -5,7 +5,7 @@
 
 import { randomUUID } from 'node:crypto';
 import { Inject, Injectable } from '@nestjs/common';
-import type { IActivity } from '@/core/activitypub/type.js';
+import { isAnnounce, isBlock, isPost, isUndo, type IActivity } from '@/core/activitypub/type.js';
 import type { MiDriveFile } from '@/models/DriveFile.js';
 import type { MiAbuseUserReport } from '@/models/AbuseUserReport.js';
 import type { MiWebhook, webhookEventTypes } from '@/models/Webhook.js';
@@ -107,6 +107,31 @@ export class QueueService {
 		});
 	}
 
+	private isPublicContent(content: IActivity) {
+		let toPublicOnly = false;
+		if (isAnnounce(content)) {
+			toPublicOnly = true;
+		}
+		if (isBlock(content)) {
+			toPublicOnly = true;
+		}
+		if (typeof content.object !== 'string') {
+			if (isUndo(content)) {
+				if (isBlock(content.object)) {
+					toPublicOnly = true;
+				}
+			}
+			if (isPost(content.object)) {
+				toPublicOnly = true;
+			}
+		}
+		if (toPublicOnly) {
+			return String(content.to) === 'https://www.w3.org/ns/activitystreams#Public' || String(content.cc) === 'https://www.w3.org/ns/activitystreams#Public';
+		} else {
+			return true;
+		}
+	}
+
 	@bindThis
 	public deliver(user: ThinUser, content: IActivity | null, to: string | null, isSharedInbox: boolean) {
 		if (content == null) return null;
@@ -123,6 +148,7 @@ export class QueueService {
 			digest,
 			to,
 			isSharedInbox,
+			isPublicContent: this.isPublicContent(content),
 		};
 
 		return this.deliverQueue.add(to, data, {
@@ -165,6 +191,7 @@ export class QueueService {
 				digest,
 				to: d[0],
 				isSharedInbox: d[1],
+				isPublicContent: this.isPublicContent(content),
 			},
 			opts,
 		})));

diff --git a/packages/backend/src/core/entities/InstanceEntityService.ts b/packages/backend/src/core/entities/InstanceEntityService.ts
@@ -60,6 +60,7 @@ export class InstanceEntityService {
 			latestRequestReceivedAt: instance.latestRequestReceivedAt ? instance.latestRequestReceivedAt.toISOString() : null,
 			moderationNote: iAmModerator ? instance.moderationNote : null,
 			reversiVersion: instance.reversiVersion,
+			isQuarantineLimited: instance.quarantineLimited,
 		};
 	}
 

diff --git a/packages/backend/src/models/Instance.ts b/packages/backend/src/models/Instance.ts
@@ -163,4 +163,12 @@ export class MiInstance {
 		length: 64, nullable: true,
 	})
 	public reversiVersion: string | null;
+	/**
+	 * このインスタンスへの配送制限
+	 */
+	@Index()
+	@Column('boolean', {
+		default: false,
+	})
+	public quarantineLimited: boolean;
 }
diff --git a/packages/backend/src/models/json-schema/federation-instance.ts b/packages/backend/src/models/json-schema/federation-instance.ts
@@ -124,5 +124,9 @@ export const packedFederationInstanceSchema = {
 			type: 'string',
 			optional: true, nullable: true,
 		},
+		isQuarantineLimited: {
+			type: 'boolean',
+			optional: false, nullable: false,
+		},
 	},
 } as const;
diff --git a/packages/backend/src/queue/processors/DeliverProcessorService.ts b/packages/backend/src/queue/processors/DeliverProcessorService.ts
@@ -6,6 +6,7 @@
 import { Inject, Injectable } from '@nestjs/common';
 import * as Bull from 'bullmq';
 import { Not } from 'typeorm';
+import * as Redis from 'ioredis';
 import { DI } from '@/di-symbols.js';
 import type { InstancesRepository, MiMeta } from '@/models/_.js';
 import type Logger from '@/logger.js';
@@ -20,13 +21,15 @@ import FederationChart from '@/core/chart/charts/federation.js';
 import { StatusError } from '@/misc/status-error.js';
 import { UtilityService } from '@/core/UtilityService.js';
 import { bindThis } from '@/decorators.js';
+import { GlobalEvents } from '@/core/GlobalEventService.js';
 import { QueueLoggerService } from '../QueueLoggerService.js';
 import type { DeliverJobData } from '../types.js';
 
 @Injectable()
 export class DeliverProcessorService {
 	private logger: Logger;
 	private suspendedHostsCache: MemorySingleCache<MiInstance[]>;
+	private quarantinedHostsCache: MemorySingleCache<MiInstance[]>;
 	private latest: string | null;
 
 	constructor(
@@ -35,6 +38,8 @@ export class DeliverProcessorService {
 
 		@Inject(DI.instancesRepository)
 		private instancesRepository: InstancesRepository,
+		@Inject(DI.redisForSub)
+		private redisForSub: Redis.Redis,
 
 		private utilityService: UtilityService,
 		private federatedInstanceService: FederatedInstanceService,
@@ -47,6 +52,25 @@ export class DeliverProcessorService {
 	) {
 		this.logger = this.queueLoggerService.logger.createSubLogger('deliver');
 		this.suspendedHostsCache = new MemorySingleCache<MiInstance[]>(1000 * 60 * 60); // 1h
+		this.quarantinedHostsCache = new MemorySingleCache<MiInstance[]>(1000 * 60 * 60); // 1h
+		this.redisForSub.on('message', this.onMessage);
+	}
+
+	@bindThis
+	private async onMessage(_: string, data: string): Promise<void> {
+		const obj = JSON.parse(data);
+
+		if (obj.channel === 'internal') {
+			const { type, body } = obj.message as GlobalEvents['internal']['payload'];
+			switch (type) {
+				case 'clearQuarantinedHostsCache': {
+					this.quarantinedHostsCache.delete();
+					break;
+				}
+				default:
+					break;
+			}
+		}
 	}
 
 	@bindThis
@@ -70,6 +94,21 @@ export class DeliverProcessorService {
 		if (suspendedHosts.map(x => x.host).includes(this.utilityService.toPuny(host))) {
 			return 'skip (suspended)';
 		}
+		// isQuarantinedなら中断
+		let quarantinedHosts = this.quarantinedHostsCache.get();
+		if (quarantinedHosts == null) {
+			quarantinedHosts = await this.instancesRepository.find({
+				where: {
+					quarantineLimited: true,
+				},
+			});
+			this.quarantinedHostsCache.set(quarantinedHosts);
+		}
+		if (!job.data.isPublicContent) {
+			if (quarantinedHosts.map(x => x.host).includes(this.utilityService.toPuny(host))) {
+				return 'skip (quarantined)';
+			}
+		}
 
 		try {
 			await this.apRequestService.signedPost(job.data.user, job.data.to, job.data.content, job.data.digest);

diff --git a/packages/backend/src/queue/types.ts b/packages/backend/src/queue/types.ts
@@ -27,6 +27,8 @@ export type DeliverJobData = {
 	to: string;
 	/** whether it is sharedInbox */
 	isSharedInbox: boolean;
+	/** Activity is Public */
+	isPublicContent: boolean;
 };
 
 export type InboxJobData = {

diff --git a/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts b/packages/backend/src/server/api/endpoints/admin/federation/update-instance.ts
@@ -10,6 +10,7 @@ import { UtilityService } from '@/core/UtilityService.js';
 import { DI } from '@/di-symbols.js';
 import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
 import { ModerationLogService } from '@/core/ModerationLogService.js';
+import { GlobalEventService } from '@/core/GlobalEventService.js';
 
 export const meta = {
 	tags: ['admin'],
@@ -25,6 +26,7 @@ export const paramDef = {
 		host: { type: 'string' },
 		isSuspended: { type: 'boolean' },
 		moderationNote: { type: 'string' },
+		isQuarantineLimit: { type: 'boolean' },
 	},
 	required: ['host'],
 } as const;
@@ -34,6 +36,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 	constructor(
 		@Inject(DI.instancesRepository)
 		private instancesRepository: InstancesRepository,
+		private globalEventService: GlobalEventService,
 
 		private utilityService: UtilityService,
 		private federatedInstanceService: FederatedInstanceService,
@@ -52,9 +55,22 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			if (ps.isSuspended != null && isSuspendedBefore !== ps.isSuspended) {
 				suspensionState = ps.isSuspended ? 'manuallySuspended' : 'none';
 			}
+			const isQuarantineLimitBefore = instance.quarantineLimited;
+			let quarantineLimited: undefined | boolean;
+
+			if (ps.isQuarantineLimit != null && isQuarantineLimitBefore !== ps.isQuarantineLimit) {
+				quarantineLimited = ps.isQuarantineLimit;
+			}
+			const moderationNoteBefore = instance.moderationNote;
+			if ((ps.moderationNote === undefined || moderationNoteBefore === ps.moderationNote) && (quarantineLimited === undefined || isQuarantineLimitBefore === quarantineLimited) && (suspensionState === undefined || isSuspendedBefore === ps.isSuspended)) {
+				//何も変更が無い時はupdateを呼ばない
+				//呼ぶとエラーが発生する
+				return;
+			}
 
 			await this.federatedInstanceService.update(instance.id, {
 				suspensionState,
+				quarantineLimited,
 				moderationNote: ps.moderationNote,
 			});
 
@@ -71,6 +87,20 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 					});
 				}
 			}
+			if (ps.isQuarantineLimit != null && isQuarantineLimitBefore !== ps.isQuarantineLimit) {
+				if (ps.isQuarantineLimit) {
+					this.moderationLogService.log(me, 'quarantineRemoteInstance', {
+						id: instance.id,
+						host: instance.host,
+					});
+				} else {
+					this.moderationLogService.log(me, 'unquarantineRemoteInstance', {
+						id: instance.id,
+						host: instance.host,
+					});
+				}
+				this.globalEventService.publishInternalEvent('clearQuarantinedHostsCache', '');
+			}
 
 			if (ps.moderationNote != null && instance.moderationNote !== ps.moderationNote) {
 				this.moderationLogService.log(me, 'updateRemoteInstanceNote', {

diff --git a/packages/backend/src/server/api/endpoints/federation/instances.ts b/packages/backend/src/server/api/endpoints/federation/instances.ts
@@ -40,6 +40,7 @@ export const paramDef = {
 		federating: { type: 'boolean', nullable: true },
 		subscribing: { type: 'boolean', nullable: true },
 		publishing: { type: 'boolean', nullable: true },
+		quarantined: { type: 'boolean', nullable: true },
 		limit: { type: 'integer', minimum: 1, maximum: 100, default: 30 },
 		offset: { type: 'integer', default: 0 },
 		sort: {
@@ -126,6 +127,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 					query.andWhere('instance.suspensionState = \'none\'');
 				}
 			}
+			if (typeof ps.quarantined === 'boolean') {
+				if (ps.quarantined) {
+					query.andWhere('instance.quarantineLimited = TRUE');
+				} else {
+					query.andWhere('instance.quarantineLimited = FALSE');
+				}
+			}
 
 			if (typeof ps.silenced === 'boolean') {
 				const meta = await this.metaService.fetch(true);

diff --git a/packages/backend/src/types.ts b/packages/backend/src/types.ts
@@ -127,6 +127,8 @@ export const moderationLogTypes = [
 	'deleteGalleryPost',
 	'updateOfficialTags',
 	'unsetUserMutualLink',
+	'quarantineRemoteInstance',
+	'unquarantineRemoteInstance',
 ] as const;
 
 export type ModerationLogPayloads = {
@@ -392,7 +394,15 @@ export type ModerationLogPayloads = {
 		userId: string;
 		userUsername: string;
 		userMutualLinkSections: { name: string | null; mutualLinks: { fileId: string; description: string | null; imgSrc: string; }[]; }[] | []
-	}
+	};
+	quarantineRemoteInstance: {
+		id: string;
+		host: string;
+	};
+	unquarantineRemoteInstance: {
+		id: string;
+		host: string;
+	};
 };
 
 export type Serialized<T> = {