[security] Check all involved IRIs during block checking (#593)

* tidy up context keys, add otherInvolvedIRIs * add ReplyToable interface * skip block check if we own the requesting domain * add block check for other involved IRIs * use cacheable status fetch * remove unused ContextActivity * remove unused ContextActivity * add helper for unique URIs * check through CCs and clean slice * add GetAccountIDForStatusURI * add GetAccountIDForAccountURI * check blocks on involved account * add statuses to tests * add some blocked tests * go fmt * extract Tos as well as CCs * test PostInboxRequestBodyHook * add some more testActivities * deduplicate involvedAccountIDs * go fmt * use cacheable db functions, remove new functions
2025-12-04 23:38:08 -06:00 · 2022-05-23 11:46:50 +02:00 · 2022-05-23 11:46:50 +02:00 · 469da93678
commit 469da93678
parent d6abe105b3
9 changed files with 381 additions and 52 deletions
--- a/internal/db/bundb/domain.go
+++ b/internal/db/bundb/domain.go
@ -23,6 +23,8 @@ import (
 	"net/url"
 	"strings"

+	"github.com/spf13/viper"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
@ -33,7 +35,7 @@ type domainDB struct {
 }

 func (d *domainDB) IsDomainBlocked(ctx context.Context, domain string) (bool, db.Error) {
-	if domain == "" {
+	if domain == "" || domain == viper.GetString(config.Keys.Host) {
 		return false, nil
 	}