[feature] Allow exposing allows, implement /api/v1/domain_blocks and /api/v1/domain_allows (#4169)

- adds config flags `instance-expose-allowlist` and `instance-expose-allowlist-web` to allow instance admins to expose their allowlist via the web + api. - renames `instance-expose-suspended` and `instance-expose-suspended-web` to `instance-expose-blocklist` and `instance-expose-blocklist-web`. - deprecates the `suspended` filter on `/api/v1/instance/peers` endpoint and adds `blocked` and `allowed` filters - adds the `flat` query param to `/api/v1/instance/peers` to allow forcing return of a flat list of domains - implements `/api/v1/instance/domain_blocks` and `/api/v1/instance/domain_allows` endpoints with or without auth depending on config - rejigs the instance about page to include a general section on domain permissions, with block and allow subsections (and appropriate links) Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/3847 Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4150 Prerequisite to https://codeberg.org/superseriousbusiness/gotosocial/issues/3711 Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4169 Co-authored-by: tobi <tobi.smethurst@protonmail.com> Co-committed-by: tobi <tobi.smethurst@protonmail.com>
2025-10-29 07:22:24 -05:00 · 2025-05-20 11:47:40 +02:00 · 2025-05-20 11:47:40 +02:00 · ec4d4d0115
commit ec4d4d0115
parent 3a29a59e55
23 changed files with 986 additions and 271 deletions
--- a/internal/web/about.go
+++ b/internal/web/about.go
@ -57,7 +57,8 @@ func (m *Module) aboutGETHandler(c *gin.Context) {
 		Stylesheets: []string{cssAbout},
 		Extra: map[string]any{
 			"showStrap":        true,
-			"blocklistExposed": config.GetInstanceExposeSuspendedWeb(),
+			"blocklistExposed": config.GetInstanceExposeBlocklistWeb(),
+			"allowlistExposed": config.GetInstanceExposeAllowlistWeb(),
 			"languages":        config.GetInstanceLanguages().DisplayStrs(),
 		},
 	}
--- a/internal/web/domain-blocklist.go
+++ b/internal/web/domain-blocklist.go
@ -1,75 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package web
-
-import (
-	"context"
-	"fmt"
-
-	apimodel "code.superseriousbusiness.org/gotosocial/internal/api/model"
-	apiutil "code.superseriousbusiness.org/gotosocial/internal/api/util"
-	"code.superseriousbusiness.org/gotosocial/internal/config"
-	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
-	"github.com/gin-gonic/gin"
-)
-
-const (
-	domainBlockListPath = aboutPath + "/suspended"
-)
-
-func (m *Module) domainBlockListGETHandler(c *gin.Context) {
-	instance, errWithCode := m.processor.InstanceGetV1(c.Request.Context())
-	if errWithCode != nil {
-		apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
-		return
-	}
-
-	// Return instance we already got from the db,
-	// don't try to fetch it again when erroring.
-	instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) {
-		return instance, nil
-	}
-
-	// We only serve text/html at this endpoint.
-	if _, err := apiutil.NegotiateAccept(c, apiutil.TextHTML); err != nil {
-		apiutil.WebErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), instanceGet)
-		return
-	}
-
-	if !config.GetInstanceExposeSuspendedWeb() {
-		err := fmt.Errorf("this instance does not publicy expose its blocklist")
-		apiutil.WebErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), instanceGet)
-		return
-	}
-
-	domainBlocks, errWithCode := m.processor.InstancePeersGet(c.Request.Context(), true, false, false)
-	if errWithCode != nil {
-		apiutil.WebErrorHandler(c, errWithCode, instanceGet)
-		return
-	}
-
-	page := apiutil.WebPage{
-		Template:    "domain-blocklist.tmpl",
-		Instance:    instance,
-		OGMeta:      apiutil.OGBase(instance),
-		Stylesheets: []string{cssFA},
-		Extra:       map[string]any{"blocklist": domainBlocks},
-	}
-
-	apiutil.TemplateWebPage(c, page)
-}
--- a/internal/web/domainperms.go
+++ b/internal/web/domainperms.go
@ -0,0 +1,136 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package web
+
+import (
+	"context"
+	"errors"
+
+	apimodel "code.superseriousbusiness.org/gotosocial/internal/api/model"
+	apiutil "code.superseriousbusiness.org/gotosocial/internal/api/util"
+	"code.superseriousbusiness.org/gotosocial/internal/config"
+	"code.superseriousbusiness.org/gotosocial/internal/gtserror"
+	"github.com/gin-gonic/gin"
+)
+
+const (
+	domainBlocklistPath = aboutPath + "/domain_blocks"
+	domainAllowlistPath = aboutPath + "/domain_allows"
+)
+
+func (m *Module) domainBlocklistGETHandler(c *gin.Context) {
+	instance, errWithCode := m.processor.InstanceGetV1(c.Request.Context())
+	if errWithCode != nil {
+		apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	// Return instance we already got from the db,
+	// don't try to fetch it again when erroring.
+	instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) {
+		return instance, nil
+	}
+
+	// We only serve text/html at this endpoint.
+	if _, err := apiutil.NegotiateAccept(c, apiutil.TextHTML); err != nil {
+		errWithCode := gtserror.NewErrorNotAcceptable(err, err.Error())
+		apiutil.WebErrorHandler(c, errWithCode, instanceGet)
+		return
+	}
+
+	if !config.GetInstanceExposeBlocklistWeb() {
+		const errText = "this instance does not expose its blocklist via the web"
+		errWithCode := gtserror.NewErrorUnauthorized(errors.New(errText), errText)
+		apiutil.WebErrorHandler(c, errWithCode, instanceGet)
+		return
+	}
+
+	domainBlocks, errWithCode := m.processor.InstancePeersGet(
+		c.Request.Context(),
+		true,  // Include blocked.
+		false, // Don't include allowed.
+		false, // Don't include open.
+		false, // Don't flatten list.
+		false, // Don't include severity.
+	)
+	if errWithCode != nil {
+		apiutil.WebErrorHandler(c, errWithCode, instanceGet)
+		return
+	}
+
+	page := apiutil.WebPage{
+		Template:    "domain-blocklist.tmpl",
+		Instance:    instance,
+		OGMeta:      apiutil.OGBase(instance),
+		Stylesheets: []string{cssFA},
+		Extra:       map[string]any{"blocklist": domainBlocks},
+	}
+
+	apiutil.TemplateWebPage(c, page)
+}
+
+func (m *Module) domainAllowlistGETHandler(c *gin.Context) {
+	instance, errWithCode := m.processor.InstanceGetV1(c.Request.Context())
+	if errWithCode != nil {
+		apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	// Return instance we already got from the db,
+	// don't try to fetch it again when erroring.
+	instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) {
+		return instance, nil
+	}
+
+	// We only serve text/html at this endpoint.
+	if _, err := apiutil.NegotiateAccept(c, apiutil.TextHTML); err != nil {
+		errWithCode := gtserror.NewErrorNotAcceptable(err, err.Error())
+		apiutil.WebErrorHandler(c, errWithCode, instanceGet)
+		return
+	}
+
+	if !config.GetInstanceExposeAllowlistWeb() {
+		const errText = "this instance does not expose its allowlist via the web"
+		errWithCode := gtserror.NewErrorUnauthorized(errors.New(errText), errText)
+		apiutil.WebErrorHandler(c, errWithCode, instanceGet)
+		return
+	}
+
+	domainAllows, errWithCode := m.processor.InstancePeersGet(
+		c.Request.Context(),
+		false, // Don't include blocked.
+		true,  // Include allowed.
+		false, // Don't include open.
+		false, // Don't flatten list.
+		false, // Don't include severity.
+	)
+	if errWithCode != nil {
+		apiutil.WebErrorHandler(c, errWithCode, instanceGet)
+		return
+	}
+
+	page := apiutil.WebPage{
+		Template:    "domain-allowlist.tmpl",
+		Instance:    instance,
+		OGMeta:      apiutil.OGBase(instance),
+		Stylesheets: []string{cssFA},
+		Extra:       map[string]any{"allowlist": domainAllows},
+	}
+
+	apiutil.TemplateWebPage(c, page)
+}
--- a/internal/web/web.go
+++ b/internal/web/web.go
@ -127,7 +127,8 @@ func (m *Module) Route(r *router.Router, mi ...gin.HandlerFunc) {
 	everythingElseGroup.Handle(http.MethodPost, confirmEmailPath, m.confirmEmailPOSTHandler)
 	everythingElseGroup.Handle(http.MethodGet, aboutPath, m.aboutGETHandler)
 	everythingElseGroup.Handle(http.MethodGet, loginPath, m.loginGETHandler)
-	everythingElseGroup.Handle(http.MethodGet, domainBlockListPath, m.domainBlockListGETHandler)
+	everythingElseGroup.Handle(http.MethodGet, domainBlocklistPath, m.domainBlocklistGETHandler)
+	everythingElseGroup.Handle(http.MethodGet, domainAllowlistPath, m.domainAllowlistGETHandler)
 	everythingElseGroup.Handle(http.MethodGet, tagsPath, m.tagGETHandler)
 	everythingElseGroup.Handle(http.MethodGet, signupPath, m.signupGETHandler)
 	everythingElseGroup.Handle(http.MethodPost, signupPath, m.signupPOSTHandler)