Add config option to prevent serving media from listed homeservers

CHANGELOG.md

@@ -7,6 +7,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
+### Added
+
+* Added a `federation.ignoredHosts` config option to block media from individual homeservers.
+
 ### Removed
 
 * IPFS support has been removed due to maintenance burden.

api/_responses/errors.go

@@ -40,6 +40,10 @@ func AuthFailed() *ErrorResponse {
 	return &ErrorResponse{common.ErrCodeUnknownToken, "Authentication Failed", common.ErrCodeUnknownToken}
 }
 
+func MediaBlocked() *ErrorResponse {
+	return &ErrorResponse{common.ErrCodeNotFound, "Media blocked or not found", common.ErrCodeForbidden}
+}
+
 func GuestAuthFailed() *ErrorResponse {
 	return &ErrorResponse{common.ErrCodeNoGuests, "Guests cannot use this endpoint", common.ErrCodeNoGuests}
 }

api/r0/download.go

@@ -8,6 +8,7 @@ import (
 	"github.com/turt2live/matrix-media-repo/api/_apimeta"
 	"github.com/turt2live/matrix-media-repo/api/_responses"
 	"github.com/turt2live/matrix-media-repo/api/_routers"
+	"github.com/turt2live/matrix-media-repo/util"
 
 	"github.com/sirupsen/logrus"
 	"github.com/turt2live/matrix-media-repo/common"
@@ -52,6 +53,11 @@ func DownloadMedia(r *http.Request, rctx rcontext.RequestContext, user _apimeta.
 		"allowRemote": downloadRemote,
 	})
 
+	if !util.IsGlobalAdmin(user.UserId) && util.IsHostIgnored(server) {
+		rctx.Log.Warn("Request blocked due to domain being ignored.")
+		return _responses.MediaBlocked()
+	}
+
 	streamedMedia, err := download_controller.GetMedia(server, mediaId, downloadRemote, false, rctx)
 	if err != nil {
 		if err == common.ErrMediaNotFound {

api/r0/thumbnail.go

@@ -5,6 +5,7 @@ import (
 	"github.com/turt2live/matrix-media-repo/api/_apimeta"
 	"github.com/turt2live/matrix-media-repo/api/_responses"
 	"github.com/turt2live/matrix-media-repo/api/_routers"
+	"github.com/turt2live/matrix-media-repo/util"
 
 	"net/http"
 	"strconv"
@@ -39,6 +40,11 @@ func ThumbnailMedia(r *http.Request, rctx rcontext.RequestContext, user _apimeta
 		"allowRemote": downloadRemote,
 	})
 
+	if !util.IsGlobalAdmin(user.UserId) && util.IsHostIgnored(server) {
+		rctx.Log.Warn("Request blocked due to domain being ignored.")
+		return _responses.MediaBlocked()
+	}
+
 	widthStr := r.URL.Query().Get("width")
 	heightStr := r.URL.Query().Get("height")
 	method := r.URL.Query().Get("method")

api/unstable/info.go

@@ -12,6 +12,7 @@ import (
 	"github.com/turt2live/matrix-media-repo/api/_apimeta"
 	"github.com/turt2live/matrix-media-repo/api/_responses"
 	"github.com/turt2live/matrix-media-repo/api/_routers"
+	"github.com/turt2live/matrix-media-repo/util"
 	"github.com/turt2live/matrix-media-repo/util/stream_util"
 
 	"github.com/disintegration/imaging"
@@ -73,6 +74,11 @@ func MediaInfo(r *http.Request, rctx rcontext.RequestContext, user _apimeta.User
 		"allowRemote": downloadRemote,
 	})
 
+	if !util.IsGlobalAdmin(user.UserId) && util.IsHostIgnored(server) {
+		rctx.Log.Warn("Request blocked due to domain being ignored.")
+		return _responses.MediaBlocked()
+	}
+
 	streamedMedia, err := download_controller.GetMedia(server, mediaId, downloadRemote, true, rctx)
 	if err != nil {
 		if err == common.ErrMediaNotFound {

api/unstable/local_copy.go

@@ -5,6 +5,7 @@ import (
 	"github.com/turt2live/matrix-media-repo/api/_apimeta"
 	"github.com/turt2live/matrix-media-repo/api/_responses"
 	"github.com/turt2live/matrix-media-repo/api/_routers"
+	"github.com/turt2live/matrix-media-repo/util"
 	"github.com/turt2live/matrix-media-repo/util/stream_util"
 
 	"net/http"
@@ -42,6 +43,11 @@ func LocalCopy(r *http.Request, rctx rcontext.RequestContext, user _apimeta.User
 		"allowRemote": downloadRemote,
 	})
 
+	if !util.IsGlobalAdmin(user.UserId) && util.IsHostIgnored(server) {
+		rctx.Log.Warn("Request blocked due to domain being ignored.")
+		return _responses.MediaBlocked()
+	}
+
 	// TODO: There's a lot of room for improvement here. Instead of re-uploading media, we should just update the DB.
 
 	streamedMedia, err := download_controller.GetMedia(server, mediaId, downloadRemote, true, rctx)

common/config/models_main.go

@@ -64,7 +64,8 @@ type SharedSecretConfig struct {
 }
 
 type FederationConfig struct {
-	BackoffAt int `yaml:"backoffAt"`
+	BackoffAt    int      `yaml:"backoffAt"`
+	IgnoredHosts []string `yaml:"ignoredHosts,flow"`
 }
 
 type PluginConfig struct {

config.sample.yaml

@@ -41,6 +41,18 @@ federation:
   # the remote server do not count towards this.
   backoffAt: 20
 
+  # The domains the media repo should never serve media for. Existing media already stored from
+  # these domains will remain, however will not be downloadable without a data export. Media
+  # repo administrators will bypass this check. Admin APIs will still work for media on these
+  # domains.
+  #
+  # This will not prevent the listed domains from accessing media on this media repo - it only
+  # stops users on *this* media repo from accessing media originally uploaded to the listed domains.
+  #
+  # Note: Adding domains controlled by the media repo itself to this list is not advisable.
+  ignoredHosts:
+    - example.org
+
 # The database configuration for the media repository
 # Do NOT put your homeserver's existing database credentials here. Create a new database and
 # user instead. Using the same server is fine, just not the same username and database.

util/config.go

 package util
 
 import (
+	"strings"
+
 	"github.com/turt2live/matrix-media-repo/common/config"
 )
 
@@ -18,3 +20,13 @@ func IsGlobalAdmin(userId string) bool {
 
 	return false
 }
+
+func IsHostIgnored(serverName string) bool {
+	serverName = strings.ToLower(serverName)
+	for _, host := range config.Get().Federation.IgnoredHosts {
+		if strings.ToLower(host) == serverName {
+			return true
+		}
+	}
+	return false
+}