Harden security: SSRF guard on all outbound fetches, auth fixes
- Route image-validation, Matrix image-download, and wayback/archive.today fetches through safehttp so feed-controlled URLs can't reach loopback/ RFC1918/cloud-metadata IPs (incl. via redirects). - Cap feed body size with safehttp.LimitedBody (16 MiB) to prevent OOM. - Fail closed if matrix.pickle_key is unset/<16 chars; drop the hardcoded "pete_pickle_key" default that silently weakened E2EE-at-rest. - Gate !post behind a matrix.admins allowlist; empty = disabled (channel rooms are public, so empty must not mean anyone). - Reject /\host open-redirect bypass in post-login safeNext. - Allowlist http(s) schemes for the Matrix link href; escape JSON embedded in inline <script> (prefs/sources blobs).
This commit is contained in:
@@ -6,6 +6,9 @@ pickle_key = "${PETE_PICKLE_KEY}"
|
||||
display_name = "Pete"
|
||||
data_dir = "./data"
|
||||
admin_room = "!adminroomid:matrix.example.org"
|
||||
# Matrix user IDs allowed to run in-room commands like !post. Empty disables
|
||||
# commands entirely (channel rooms may be public, so empty != "anyone").
|
||||
admins = ["@you:matrix.example.org"]
|
||||
|
||||
[matrix.channels]
|
||||
tech = "!techroomid:matrix.example.org"
|
||||
|
||||
Reference in New Issue
Block a user