hash username and pass it to redlight server too, allows locking access to API on a per-user level.

This commit is contained in:
PC-Admin 2023-08-12 18:09:42 +08:00
parent f52b0c39dc
commit c46e73865f
3 changed files with 17 additions and 12 deletions

View File

@ -44,6 +44,10 @@ class RedlightClientModule:
hashed_room_id = self.double_hash_sha256(room)
logger.info(f"Double hashed room ID: {hashed_room_id}")
# Double hash the username
hashed_user_id = self.double_hash_sha256(user)
logger.info(f"Double hashed user ID: {hashed_user_id}")
# Log the desired message
logger.info("Hello World!")

View File

@ -59,12 +59,13 @@ class RedlightServerResource:
# Log the request to Synapse's log
logger.info(f"Received abuse lookup request: {content}")
# Extract room_id from the content
# Extract room_id_hash and user_id_hash from the content
data = json.loads(content)
room_id = data["room_id"]
room_id_hash = data["room_id_hash"]
user_id_hash = data["user_id_hash"]
# TODO: Check the room_id against your list/database
is_abuse = room_id == "!OEedGOAXDBahPyWMSQ:example.com"
# Check the room_id_hash against your list/database or hardcoded value
is_abuse = room_id_hash == "5dd9968ad279b8d918b1340dde1923ed0b99f59337f4905188955bf0f1d51d9f"
if is_abuse:
request.setResponseCode(http.OK)
@ -81,7 +82,6 @@ class RedlightServerResource:
request.setResponseCode(400)
defer.returnValue(json.dumps({"error": "Bad Request"}).encode("utf-8"))
def on_GET(self, request):
return self.method_not_allowed(request)

View File

@ -6,11 +6,11 @@ This document gives a detailed summary about how Redlight will work.
## Definitions
Redlight List - A comprehensive list of abusive rooms on the Matrix network, abusive rooms are assigned a 'report_id' for identification as well as multiple 'tags' that describe the infringing content in said room.
Source List - A comprehensive list of abusive rooms on the Matrix network, abusive rooms are assigned a 'report_id' for identification as well as multiple 'tags' that describe the infringing content in said room.
Tags - Content tags that describe the type of abusive material found in a room, for example 'csam', 'lolicon' or 'terrorism'.
Redlight Server - Will be trusted homeservers that are modified, they'll cache the Redlight list in memory while providing an API interface to "Redlight clients". Redlight servers will pick their own "content tags" that they are filtering, which by extension will allow clients to pick a level of filtering that suits them.
Redlight Server - Will be trusted homeservers that are modified, they'll cache the source list in memory while providing an API interface to "Redlight clients". Redlight servers will pick their own "content tags" that they are filtering, which by extension will allow clients to pick a level of filtering that suits them.
Redlight Client - Will be untrusted homeservers that are whitelisted by their desired Redlight server. When a user on a client homeserver attempts to join a room, the hash of the room_id will be sent to the redlight server, which will confirm or deny if the room is abusive, the client then denies the user entry to that room if it is flagged.
@ -35,13 +35,13 @@ With Redlight only trusted parties will be allowed to run "redlight servers" and
This creates a chain of trust where each party using this system must be accountable and can have their access revoked by the party "above" them if foul play is detected.
## Securing the Redlight List
## Securing the Source List
The following methods will be used to secure the redlight list:
The following methods will be used to secure the source list:
- Avoid writing the redlight list to disk, redlight servers will simply pull the latest copy and store it in memory only.
- Avoid writing the source list to disk, redlight servers will simply pull the latest copy and store it in memory only.
- Whitelisting clients, redlight servers will only serve approved clients.
- Ratelimiting the amount of requests, if a client is requesting too many rooms in a specified timeframe their access will be automatically cut-off, forcing them to ask their redlight server to re-enable them.
- Ratelimiting the amount of requests, if a client homeservers user is finding too many rooms they could be limited?
- Ratelimiting the amount of hits, if a client is finding too many abusive rooms in a specified timeframe their access will be automatically cut-off, forcing them to ask their redlight server to re-enable them.
@ -69,7 +69,8 @@ return either `200 OK` to signify a match or `204 No Content` to signify no matc
```js
{
"room_id_hash": "962c56a12d861d1921073916db9a1fb47ccc7887d3199690f1de156e57cac709"
"room_id_hash": "5dd9968ad279b8d918b1340dde1923ed0b99f59337f4905188955bf0f1d51d9f",
"user_id_hash": "6123512760887c37bb7b550a1a3caa8b8cd954706f4cc7fe934cb42611132627"
}
```