mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-31 02:52:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
gotosocial/internal/web/domainperms.go

137 lines
4.3 KiB
Go
Raw Normal View History

[feature] Allow exposing allows, implement `/api/v1/domain_blocks` and `/api/v1/domain_allows` (#4169) - adds config flags `instance-expose-allowlist` and `instance-expose-allowlist-web` to allow instance admins to expose their allowlist via the web + api. - renames `instance-expose-suspended` and `instance-expose-suspended-web` to `instance-expose-blocklist` and `instance-expose-blocklist-web`. - deprecates the `suspended` filter on `/api/v1/instance/peers` endpoint and adds `blocked` and `allowed` filters - adds the `flat` query param to `/api/v1/instance/peers` to allow forcing return of a flat list of domains - implements `/api/v1/instance/domain_blocks` and `/api/v1/instance/domain_allows` endpoints with or without auth depending on config - rejigs the instance about page to include a general section on domain permissions, with block and allow subsections (and appropriate links) Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/3847 Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4150 Prerequisite to https://codeberg.org/superseriousbusiness/gotosocial/issues/3711 Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4169 Co-authored-by: tobi <tobi.smethurst@protonmail.com> Co-committed-by: tobi <tobi.smethurst@protonmail.com>
2025-05-20 11:47:40 +02:00
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package web
import (
"context"
"errors"
apimodel "code.superseriousbusiness.org/gotosocial/internal/api/model"
apiutil "code.superseriousbusiness.org/gotosocial/internal/api/util"
"code.superseriousbusiness.org/gotosocial/internal/config"
"code.superseriousbusiness.org/gotosocial/internal/gtserror"
"github.com/gin-gonic/gin"
)
const (
domainBlocklistPath = aboutPath + "/domain_blocks"
domainAllowlistPath = aboutPath + "/domain_allows"
)
func (m *Module) domainBlocklistGETHandler(c *gin.Context) {
instance, errWithCode := m.processor.InstanceGetV1(c.Request.Context())
if errWithCode != nil {
apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
// Return instance we already got from the db,
// don't try to fetch it again when erroring.
instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) {
return instance, nil
}
// We only serve text/html at this endpoint.
if _, err := apiutil.NegotiateAccept(c, apiutil.TextHTML); err != nil {
errWithCode := gtserror.NewErrorNotAcceptable(err, err.Error())
apiutil.WebErrorHandler(c, errWithCode, instanceGet)
return
}
if !config.GetInstanceExposeBlocklistWeb() {
const errText = "this instance does not expose its blocklist via the web"
errWithCode := gtserror.NewErrorUnauthorized(errors.New(errText), errText)
apiutil.WebErrorHandler(c, errWithCode, instanceGet)
return
}
domainBlocks, errWithCode := m.processor.InstancePeersGet(
c.Request.Context(),
true, // Include blocked.
false, // Don't include allowed.
false, // Don't include open.
false, // Don't flatten list.
false, // Don't include severity.
)
if errWithCode != nil {
apiutil.WebErrorHandler(c, errWithCode, instanceGet)
return
}
page := apiutil.WebPage{
Template: "domain-blocklist.tmpl",
Instance: instance,
OGMeta: apiutil.OGBase(instance),
Stylesheets: []string{cssFA},
Extra: map[string]any{"blocklist": domainBlocks},
}
apiutil.TemplateWebPage(c, page)
}
func (m *Module) domainAllowlistGETHandler(c *gin.Context) {
instance, errWithCode := m.processor.InstanceGetV1(c.Request.Context())
if errWithCode != nil {
apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return
}
// Return instance we already got from the db,
// don't try to fetch it again when erroring.
instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) {
return instance, nil
}
// We only serve text/html at this endpoint.
if _, err := apiutil.NegotiateAccept(c, apiutil.TextHTML); err != nil {
errWithCode := gtserror.NewErrorNotAcceptable(err, err.Error())
apiutil.WebErrorHandler(c, errWithCode, instanceGet)
return
}
if !config.GetInstanceExposeAllowlistWeb() {
const errText = "this instance does not expose its allowlist via the web"
errWithCode := gtserror.NewErrorUnauthorized(errors.New(errText), errText)
apiutil.WebErrorHandler(c, errWithCode, instanceGet)
return
}
domainAllows, errWithCode := m.processor.InstancePeersGet(
c.Request.Context(),
false, // Don't include blocked.
true, // Include allowed.
false, // Don't include open.
false, // Don't flatten list.
false, // Don't include severity.
)
if errWithCode != nil {
apiutil.WebErrorHandler(c, errWithCode, instanceGet)
return
}
page := apiutil.WebPage{
Template: "domain-allowlist.tmpl",
Instance: instance,
OGMeta: apiutil.OGBase(instance),
Stylesheets: []string{cssFA},
Extra: map[string]any{"allowlist": domainAllows},
}
apiutil.TemplateWebPage(c, page)
}
Reference in a new issue Copy permalink