[security] Check all involved IRIs during block checking (#593)

* tidy up context keys, add otherInvolvedIRIs * add ReplyToable interface * skip block check if we own the requesting domain * add block check for other involved IRIs * use cacheable status fetch * remove unused ContextActivity * remove unused ContextActivity * add helper for unique URIs * check through CCs and clean slice * add GetAccountIDForStatusURI * add GetAccountIDForAccountURI * check blocks on involved account * add statuses to tests * add some blocked tests * go fmt * extract Tos as well as CCs * test PostInboxRequestBodyHook * add some more testActivities * deduplicate involvedAccountIDs * go fmt * use cacheable db functions, remove new functions
2025-11-11 06:37:28 -06:00 · 2022-05-23 11:46:50 +02:00 · 2022-05-23 11:46:50 +02:00 · 469da93678
commit 469da93678
parent d6abe105b3
9 changed files with 381 additions and 52 deletions
--- a/internal/ap/interfaces.go
+++ b/internal/ap/interfaces.go
@ -140,6 +140,11 @@ type Addressable interface {
 	WithCC
 }

+// ReplyToable represents the minimum interface for an Activity that can be InReplyTo another activity.
+type ReplyToable interface {
+	WithInReplyTo
+}
+
 // CollectionPageable represents the minimum interface for an activitystreams 'CollectionPage' object.
 type CollectionPageable interface {
 	WithJSONLDId