Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • funkwhale funkwhale
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 379
    • Issues 379
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 22
    • Merge requests 22
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • funkwhalefunkwhale
  • funkwhalefunkwhale
  • Issues
  • #853
Closed
Open
Issue created Jun 10, 2019 by Agate@agateMaintainer7 of 7 checklist items completed7/7 checklist items

Allow-listing mode for pods

(Part of our roadmap for 0.20, see the forum topic)

In it's default configuration, a Funkwhale pod accepts traffic and messages from any other pod. This is fine, but some setups need more security and control about their interactions on the network, and especially with possible bad/unwanted actors.

To achieve that we'll provide an allow-listing (or bastion) mode, where all interactions with other pods are blocked by default, but admin/mods can manually approve specific pods to be part of a trusted network.

All federation messages from/to other pods would be discarded.

Todo

  • Allow-listing settings (enable/disable and expose/hide the allowed domains in the API/Nodeinfo) (!781 (merged))
  • Adding an allowed field on the Domain model, with a default value at None (no choice made) (!781 (merged))
  • Drop ActivityPub requests/messages from/to unallowed domains when allow-listing is enabled (!789 (merged))
  • UI for mods to allow/disallow a domain, filter allowed/disallowed domains, for instance admins to manage allow-listing settings (!800 (merged))
  • Expose allow listing settings in NodeInfo (!793 (merged))
  • Prevent fetches from unauthenticated actors / disallowed domains when allow-listing is enabled (!799 (merged))
  • Write documentation (!804 (merged))
Edited Jun 26, 2019 by Agate
Assignee
Assign to
Time tracking