Domain block (#76)

* start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block
2025-10-29 14:42:24 -05:00 · 2021-07-05 13:23:03 +02:00 · 2021-07-05 13:23:03 +02:00 · d389e7b150
commit d389e7b150
parent cf19aaf0df
100 changed files with 3447 additions and 1419 deletions
--- a/internal/federation/federatingprotocol.go
+++ b/internal/federation/federatingprotocol.go
@ -119,10 +119,15 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
 		return nil, false, fmt.Errorf("could not fetch requested account with username %s: %s", username, err)
 	}

-	publicKeyOwnerURI, err := f.AuthenticateFederatedRequest(requestedAccount.Username, r)
+	publicKeyOwnerURI, authenticated, err := f.AuthenticateFederatedRequest(ctx, requestedAccount.Username)
 	if err != nil {
 		l.Debugf("request not authenticated: %s", err)
-		return ctx, false, fmt.Errorf("not authenticated: %s", err)
+		return ctx, false, err
+	}
+
+	if !authenticated {
+		w.WriteHeader(http.StatusForbidden)
+		return ctx, false, nil
 	}

 	// authentication has passed, so add an instance entry for this instance if it hasn't been done already
@ -230,6 +235,14 @@ func (f *federator) Blocked(ctx context.Context, actorIRIs []*url.URL) (bool, er
 	}

 	for _, uri := range actorIRIs {
+		blockedDomain, err := f.blockedDomain(uri.Host)
+		if err != nil {
+			return false, fmt.Errorf("error checking domain block: %s", err)
+		}
+		if blockedDomain {
+			return true, nil
+		}
+
 		a := &gtsmodel.Account{}
 		if err := f.db.GetWhere([]db.Where{{Key: "uri", Value: uri.String()}}, a); err != nil {
 			_, ok := err.(db.ErrNoEntries)