[feature] Allow exposing allows, implement /api/v1/domain_blocks and /api/v1/domain_allows (#4169)

- adds config flags `instance-expose-allowlist` and `instance-expose-allowlist-web` to allow instance admins to expose their allowlist via the web + api.
- renames `instance-expose-suspended` and `instance-expose-suspended-web` to  `instance-expose-blocklist` and `instance-expose-blocklist-web`.
- deprecates the `suspended` filter on `/api/v1/instance/peers` endpoint and adds `blocked` and `allowed` filters
- adds the `flat` query param to `/api/v1/instance/peers` to allow forcing return of a flat list of domains
- implements `/api/v1/instance/domain_blocks` and `/api/v1/instance/domain_allows` endpoints with or without auth depending on config
- rejigs the instance about page to include a general section on domain permissions, with block and allow subsections (and appropriate links)

Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/3847
Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4150

Prerequisite to https://codeberg.org/superseriousbusiness/gotosocial/issues/3711

Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4169
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Co-committed-by: tobi <tobi.smethurst@protonmail.com>

web/template/about.tmpl

@@ -99,7 +99,7 @@ Profiles can have up to
                 <li><a href="#signup">Register an Account on {{ .instance.Title -}}</a></li>
                 <li><a href="#rules">Rules</a></li>
                 <li><a href="#terms">Terms and Conditions</a></li>
-                <li><a href="#moderated-servers">Moderated Servers</a></li>
+                <li><a href="#domain-permissions">Domain permissions</a></li>
             </ol>
         </div>
     </nav>
@@ -172,25 +172,50 @@ Profiles can have up to
             {{- end }}
         </div>
     </section>
-    <section class="about-section" role="region" aria-labelledby="moderated-servers">
-        <h3 id="moderated-servers">Moderated servers</h3>
+    <section class="about-section" role="region" aria-labelledby="domain-permissions">
+        <h3 id="domain-permissions">Domain permissions</h3>
         <div class="about-section-contents">
             <p>
                 ActivityPub instances federate with other instances by exchanging data with them over the network.
                 Exchanged data includes things like accounts, statuses, likes, boosts, and media attachments.
-                This exchange of data can be prevented for instances on specific domains via a domain block created
-                by an instance admin. When an instance is domain blocked by another instance:
+            </p>
+            <p>
+                This exchange of data is open by default but can be <strong>blocked</strong> for instances
+                on specific domains via a domain block created by an instance admin.
+            </p>
+            <p>
+                Alternatively, if this instance is running in allowlist mode, exchange of data with remote
+                instances must be explicitly <strong>allowed</strong> via a domain allow entry.
+            </p>
+            <p>
+                For more information on domain blocks, domain allows, etc, see the following pages (all links open in a new tab):
             </p>
             <ul>
-                <li>Any existing data from the blocked instance is deleted from the storage of the instance doing the blocking.</li>
-                <li>Interaction between the two instances is cut off in both directions; neither instance can interact with the other.</li>
-                <li>No new data from the blocked instance will be created on the instance that blocks it.</li>
+                <li><a href="https://docs.gotosocial.org/en/latest/admin/federation_modes/" target="_blank" rel="noreferrer">Federation modes</a></li>
+                <li><a href="https://docs.gotosocial.org/en/latest/admin/domain_blocks/" target="_blank" rel="noreferrer">Domain blocks</a></li>
+                <li><a href="https://docs.gotosocial.org/en/latest/admin/domain_permission_subscriptions/" target="_blank" rel="noreferrer">Domain permission subscriptions</a></li>
+            </ul>
+            <h4>Blocked domains</h4>
+            <p>When a domain block entry is created on this instance:</p>
+            <ul>
+                <li>No new data from instances on the blocked domain will be created on this instance.</li>
+                <li>Interaction between this instance and blocked instances is cut off in both directions.</li>
+                <li>(In case of an exact match): Any existing data from blocked instances are deleted from the storage of this instance.</li>
             </ul>
             <p>
                 {{- if .blocklistExposed }}
-                <a href="/about/suspended">View the list of domains blocked by this instance</a>
+                <a href="/about/domain_blocks">View the list of domains blocked by this instance</a>
                 {{- else }}
-                This instance does not publically share their list of blocked domains.
+                This instance does not publically share its list of blocked domains.
+                {{- end }}
+            </p>
+            <h4>Allowed domains</h4>
+            <p>When an admin adds an explicit domain allow entry, instances on the domain and its subdomains are allowed to federate with this instance.</p>
+            <p>
+                {{- if .allowlistExposed }}
+                <a href="/about/domain_allows">View the list of domains explicitly allowed by this instance</a>
+                {{- else }}
+                This instance does not publically share its list of explicitly allowed domains.
                 {{- end }}
             </p>
         </div>

web/template/domain-allowlist.tmpl

@@ -0,0 +1,48 @@
+{{- /*
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/ -}}
+
+{{- with . }}
+<main>
+    <section>
+        <h1>Instance Allowlist</h1>
+        <p>
+            The following list of domains has been explicitly allowed by the administrator(s) of this instance.
+        </p>
+        <p>
+            This extends to subdomains, so an allowlist entry for domain 'example.com' includes domain 'social.example.com' etc as well.
+        </p>
+        <div class="list domain-perm-list">
+            <div class="header entry">
+                <div class="domain">Domain</div>
+                <div class="public_comment">Public comment</div>
+            </div>
+            {{- range .allowlist }}
+            <div class="entry" id="{{- .Domain -}}">
+                <div class="domain">
+                    <a class="text-cutoff" href="#{{- .Domain -}}" title="{{- .Domain -}}">{{- .Domain -}}</a>
+                </div>
+                <div class="public_comment">
+                    <p>{{- .Comment -}}</p>
+                </div>
+            </div>
+            {{- end }}
+        </div>
+    </section>
+</main>
+{{- end }}

web/template/domain-blocklist.tmpl

@@ -20,18 +20,17 @@
 {{- with . }}
 <main>
     <section>
-        <h1>Suspended Instances</h1>
+        <h1>Instance Blocklist</h1>
         <p>
-            The following list of domains have been suspended
-            by the administrator(s) of this server.
+            The following list of domains has been blocked by the administrator(s) of this instance.
         </p>
         <p>
-            All current and future accounts on these instances are
-            blocked, and no more data is federated to the remote servers.
-            This extends to subdomains, so an entry for 'example.com'
-            includes 'social.example.com' as well.
+            All past, present, and future accounts at blocked domains are forbidden from interacting
+            with this instance or accounts on this instance. No data will be sent to the server at the
+            remote domain, and no data will be received from it. This extends to subdomains, so a
+            blocklist entry for domain 'example.com' includes domain 'social.example.com' etc as well.
         </p>
-        <div class="list domain-blocklist">
+        <div class="list domain-perm-list">
             <div class="header entry">
                 <div class="domain">Domain</div>
                 <div class="public_comment">Public comment</div>
@@ -42,7 +41,7 @@
                     <a class="text-cutoff" href="#{{- .Domain -}}" title="{{- .Domain -}}">{{- .Domain -}}</a>
                 </div>
                 <div class="public_comment">
-                    <p>{{- .PublicComment -}}</p>
+                    <p>{{- .Comment -}}</p>
                 </div>
             </div>
             {{- end }}