3 files changed, 38 insertions, 0 deletions

diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 72e1d77..cd77370 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -8,6 +8,8 @@ Follower-only replies to unknown users are not shown in timelines.
 
 Added verification of metadata links: if the linked page contains a link back to the snac user with a rel="me" attribute, it's marked as verified.
 
+Added a new server-level configuration parameter: `min_account_age`. If this value (in seconds) is set in `server.json`, any activity coming from accounts that were created newer than that will be discarded. This can be used to mitigate spam.
+
 Added a profile-page relation to links in webfinger responses (contributed by khm).
 
 Fixed some regressions and a crash.
diff --git a/activitypub.c b/activitypub.c
index d8f748e..3e306a6 100644
--- a/activitypub.c
+++ b/activitypub.c
@@ -1826,6 +1826,38 @@ int process_input_message(snac *snac, xs_dict *msg, xs_dict *req)
         }
     }
 
+    /* check the minimum acceptable account age */
+    int min_account_age = xs_number_get(xs_dict_get(srv_config, "min_account_age"));
+
+    if (min_account_age > 0) {
+        char *actor_date = xs_dict_get(actor_o, "published");
+        if (!xs_is_null(actor_date)) {
+            time_t actor_t = xs_parse_iso_date(actor_date, 0);
+
+            if (actor_t < 950000000) {
+                snac_log(snac, xs_fmt("rejected activity from %s (suspicious date, %s)",
+                    actor, actor_date));
+
+                return 1;
+            }
+
+            if (actor_t > 0) {
+                int td = (int)(time(NULL) - actor_t);
+
+                snac_debug(snac, 2, xs_fmt("actor %s age: %d seconds", actor, td));
+
+                if (td < min_account_age) {
+                    snac_log(snac, xs_fmt("rejected activity from %s (too new, %d seconds)",
+                        actor, td));
+
+                    return 1;
+                }
+            }
+        }
+        else
+            snac_log(snac, xs_fmt("warning: empty or null creation date for %s", actor));
+    }
+
     if (strcmp(type, "Follow") == 0) { /** **/
         if (!follower_check(snac, actor)) {
             /* ensure the actor object is here */
diff --git a/doc/snac.8 b/doc/snac.8
index de05bcf..85106d3 100644
--- a/doc/snac.8
+++ b/doc/snac.8
@@ -205,6 +205,10 @@ If set to true, history monthly snapshots are not served nor their links shown.
 This boolean value selects if shared inboxes are announced or not. Enabling
 shared inboxes helps (somewhat) in optimizing incoming traffic for instances
 with a large number of users.
+.It Ic min_account_age
+If this numeric value (in seconds) is set, any activity coming from an account
+that was created more recently than that will be rejected. This may be used
+to mitigate spam from automatically created accounts.
 .El
 .Pp
 You must restart the server to make effective these changes.