mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-29 16:52:25 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
gotosocial/internal/db/bundb/domain.go
tobi a9b2d4ee35 [feature] Handle retractions of domain permission subscription entries (#4261) 
# Description

> If this is a code change, please include a summary of what you've coded, and link to the issue(s) it closes/implements.
>
> If this is a documentation change, please briefly describe what you've changed and why.

This pull request adds logic for nicely handling retractions of entries from domain permission subscriptions.

See docs for how this works but basically retracted entries will either be removed (and possibly picked up by a lower-prio subscription), or orphaned (and then possibly adopted), depending on the config of the domain permission subscription.

closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4101

## Checklist

Please put an x inside each checkbox to indicate that you've read and followed it: `[ ]` -> `[x]`

If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want).

- [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md).
- [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat.
- [x] I/we have not leveraged AI to create the proposed changes.
- [x] I/we have performed a self-review of added code.
- [x] I/we have written code that is legible and maintainable by others.
- [x] I/we have commented the added code, particularly in hard-to-understand areas.
- [x] I/we have made any necessary changes to documentation.
- [x] I/we have added tests that cover new code.
- [ ] I/we have run tests and they pass locally with the changes.
- [x] I/we have run `go fmt ./...` and `golangci-lint run`.

Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4261
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Co-committed-by: tobi <tobi.smethurst@protonmail.com>
2025-06-15 12:36:51 +02:00

423 lines
11 KiB
Go
Raw Blame History

// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package bundb
import (
"context"
"net/url"
"time"
"code.superseriousbusiness.org/gotosocial/internal/config"
"code.superseriousbusiness.org/gotosocial/internal/db"
"code.superseriousbusiness.org/gotosocial/internal/gtserror"
"code.superseriousbusiness.org/gotosocial/internal/gtsmodel"
"code.superseriousbusiness.org/gotosocial/internal/state"
"code.superseriousbusiness.org/gotosocial/internal/util"
"github.com/uptrace/bun"
)
type domainDB struct {
db *bun.DB
state *state.State
}
func (d *domainDB) PutDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow) (err error) {
// Normalize the domain as punycode, note the extra
// validation step for domain name write operations.
allow.Domain, err = util.PunifySafely(allow.Domain)
if err != nil {
return gtserror.Newf("error punifying domain %s: %w", allow.Domain, err)
}
// Attempt to store domain allow in DB
if _, err := d.db.NewInsert().
Model(allow).
Exec(ctx); err != nil {
return err
}
// Clear the domain allow cache (for later reload)
d.state.Caches.DB.DomainAllow.Clear()
return nil
}
func (d *domainDB) GetDomainAllow(ctx context.Context, domain string) (*gtsmodel.DomainAllow, error) {
// Normalize domain as punycode for lookup.
domain, err := util.Punify(domain)
if err != nil {
return nil, gtserror.Newf("error punifying domain %s: %w", domain, err)
}
// Check for easy case, domain referencing *us*
if domain == "" || domain == config.GetAccountDomain() ||
domain == config.GetHost() {
return nil, db.ErrNoEntries
}
var allow gtsmodel.DomainAllow
// Look for allow matching domain in DB
q := d.db.
NewSelect().
Model(&allow).
Where("? = ?", bun.Ident("domain_allow.domain"), domain)
if err := q.Scan(ctx); err != nil {
return nil, err
}
return &allow, nil
}
func (d *domainDB) GetDomainAllows(ctx context.Context) ([]*gtsmodel.DomainAllow, error) {
allows := []*gtsmodel.DomainAllow{}
if err := d.db.
NewSelect().
Model(&allows).
Scan(ctx); err != nil {
return nil, err
}
return allows, nil
}
func (d *domainDB) GetDomainAllowsBySubscriptionID(ctx context.Context, subscriptionID string) ([]*gtsmodel.DomainAllow, error) {
allows := []*gtsmodel.DomainAllow{}
if err := d.db.
NewSelect().
Model(&allows).
Where("? = ?", bun.Ident("subscription_id"), subscriptionID).
Scan(ctx); err != nil {
return nil, err
}
return allows, nil
}
func (d *domainDB) GetDomainAllowByID(ctx context.Context, id string) (*gtsmodel.DomainAllow, error) {
var allow gtsmodel.DomainAllow
q := d.db.
NewSelect().
Model(&allow).
Where("? = ?", bun.Ident("domain_allow.id"), id)
if err := q.Scan(ctx); err != nil {
return nil, err
}
return &allow, nil
}
func (d *domainDB) UpdateDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow, columns ...string) (err error) {
// Normalize the domain as punycode, note the extra
// validation step for domain name write operations.
allow.Domain, err = util.PunifySafely(allow.Domain)
if err != nil {
return gtserror.Newf("error punifying domain %s: %w", allow.Domain, err)
}
// Ensure updated_at is set.
allow.UpdatedAt = time.Now()
if len(columns) != 0 {
columns = append(columns, "updated_at")
}
// Attempt to update domain allow.
if _, err := d.db.
NewUpdate().
Model(allow).
Column(columns...).
Where("? = ?", bun.Ident("domain_allow.id"), allow.ID).
Exec(ctx); err != nil {
return err
}
// Clear the domain allow cache (for later reload)
d.state.Caches.DB.DomainAllow.Clear()
return nil
}
func (d *domainDB) DeleteDomainAllow(ctx context.Context, domain string) error {
// Normalize domain as punycode for lookup.
domain, err := util.Punify(domain)
if err != nil {
return gtserror.Newf("error punifying domain %s: %w", domain, err)
}
// Attempt to delete domain allow
if _, err := d.db.NewDelete().
Model((*gtsmodel.DomainAllow)(nil)).
Where("? = ?", bun.Ident("domain_allow.domain"), domain).
Exec(ctx); err != nil {
return err
}
// Clear the domain allow cache (for later reload)
d.state.Caches.DB.DomainAllow.Clear()
return nil
}
func (d *domainDB) PutDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock) error {
var err error
// Normalize the domain as punycode, note the extra
// validation step for domain name write operations.
block.Domain, err = util.PunifySafely(block.Domain)
if err != nil {
return gtserror.Newf("error punifying domain %s: %w", block.Domain, err)
}
// Attempt to store domain block in DB
if _, err := d.db.NewInsert().
Model(block).
Exec(ctx); err != nil {
return err
}
// Clear the domain block cache (for later reload)
d.state.Caches.DB.DomainBlock.Clear()
return nil
}
func (d *domainDB) GetDomainBlock(ctx context.Context, domain string) (*gtsmodel.DomainBlock, error) {
// Normalize domain as punycode for lookup.
domain, err := util.Punify(domain)
if err != nil {
return nil, gtserror.Newf("error punifying domain %s: %w", domain, err)
}
// Check for easy case, domain referencing *us*
if domain == "" || domain == config.GetAccountDomain() ||
domain == config.GetHost() {
return nil, db.ErrNoEntries
}
var block gtsmodel.DomainBlock
// Look for block matching domain in DB
q := d.db.
NewSelect().
Model(&block).
Where("? = ?", bun.Ident("domain_block.domain"), domain)
if err := q.Scan(ctx); err != nil {
return nil, err
}
return &block, nil
}
func (d *domainDB) GetDomainBlocks(ctx context.Context) ([]*gtsmodel.DomainBlock, error) {
blocks := []*gtsmodel.DomainBlock{}
if err := d.db.
NewSelect().
Model(&blocks).
Scan(ctx); err != nil {
return nil, err
}
return blocks, nil
}
func (d *domainDB) GetDomainBlocksBySubscriptionID(ctx context.Context, subscriptionID string) ([]*gtsmodel.DomainBlock, error) {
blocks := []*gtsmodel.DomainBlock{}
if err := d.db.
NewSelect().
Model(&blocks).
Where("? = ?", bun.Ident("subscription_id"), subscriptionID).
Scan(ctx); err != nil {
return nil, err
}
return blocks, nil
}
func (d *domainDB) GetDomainBlockByID(ctx context.Context, id string) (*gtsmodel.DomainBlock, error) {
var block gtsmodel.DomainBlock
q := d.db.
NewSelect().
Model(&block).
Where("? = ?", bun.Ident("domain_block.id"), id)
if err := q.Scan(ctx); err != nil {
return nil, err
}
return &block, nil
}
func (d *domainDB) UpdateDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock, columns ...string) error {
var err error
// Normalize the domain as punycode, note the extra
// validation step for domain name write operations.
block.Domain, err = util.PunifySafely(block.Domain)
if err != nil {
return gtserror.Newf("error punifying domain %s: %w", block.Domain, err)
}
// Ensure updated_at is set.
block.UpdatedAt = time.Now()
if len(columns) != 0 {
columns = append(columns, "updated_at")
}
// Attempt to update domain block.
if _, err := d.db.
NewUpdate().
Model(block).
Column(columns...).
Where("? = ?", bun.Ident("domain_block.id"), block.ID).
Exec(ctx); err != nil {
return err
}
// Clear the domain block cache (for later reload)
d.state.Caches.DB.DomainBlock.Clear()
return nil
}
func (d *domainDB) DeleteDomainBlock(ctx context.Context, domain string) error {
// Normalize domain as punycode for lookup.
domain, err := util.Punify(domain)
if err != nil {
return gtserror.Newf("error punifying domain %s: %w", domain, err)
}
// Attempt to delete domain block
if _, err := d.db.NewDelete().
Model((*gtsmodel.DomainBlock)(nil)).
Where("? = ?", bun.Ident("domain_block.domain"), domain).
Exec(ctx); err != nil {
return err
}
// Clear the domain block cache (for later reload)
d.state.Caches.DB.DomainBlock.Clear()
return nil
}
func (d *domainDB) IsDomainBlocked(ctx context.Context, domain string) (bool, error) {
// Normalize domain as punycode for lookup.
domain, err := util.Punify(domain)
if err != nil {
return false, gtserror.Newf("error punifying domain %s: %w", domain, err)
}
// Domain referencing *us* cannot be blocked.
if domain == "" || domain == config.GetAccountDomain() ||
domain == config.GetHost() {
return false, nil
}
// Check the cache for an explicit domain allow (hydrating the cache with callback if necessary).
explicitAllow, err := d.state.Caches.DB.DomainAllow.Matches(domain, func() ([]string, error) {
var domains []string
// Scan list of all explicitly allowed domains from DB
q := d.db.NewSelect().
Table("domain_allows").
Column("domain")
if err := q.Scan(ctx, &domains); err != nil {
return nil, err
}
return domains, nil
})
if err != nil {
return false, err
}
// Check the cache for a domain block (hydrating the cache with callback if necessary)
explicitBlock, err := d.state.Caches.DB.DomainBlock.Matches(domain, func() ([]string, error) {
var domains []string
// Scan list of all blocked domains from DB
q := d.db.NewSelect().
Table("domain_blocks").
Column("domain")
if err := q.Scan(ctx, &domains); err != nil {
return nil, err
}
return domains, nil
})
if err != nil {
return false, err
}
// Calculate if blocked
// based on federation mode.
switch mode := config.GetInstanceFederationMode(); mode {
case config.InstanceFederationModeBlocklist:
// Blocklist/default mode: explicit allow
// takes precedence over explicit block.
//
// Domains that have neither block
// or allow entries are allowed.
return !(explicitAllow || !explicitBlock), nil
case config.InstanceFederationModeAllowlist:
// Allowlist mode: explicit block takes
// precedence over explicit allow.
//
// Domains that have neither block
// or allow entries are blocked.
return (explicitBlock || !explicitAllow), nil
default:
// This should never happen but account
// for it anyway to make the code tidier.
return false, gtserror.Newf("unrecognized federation mode: %s", mode)
}
}
func (d *domainDB) AreDomainsBlocked(ctx context.Context, domains []string) (bool, error) {
for _, domain := range domains {
if blocked, err := d.IsDomainBlocked(ctx, domain); err != nil {
return false, err
} else if blocked {
return blocked, nil
}
}
return false, nil
}
func (d *domainDB) IsURIBlocked(ctx context.Context, uri *url.URL) (bool, error) {
return d.IsDomainBlocked(ctx, uri.Hostname())
}
func (d *domainDB) AreURIsBlocked(ctx context.Context, uris []*url.URL) (bool, error) {
for _, uri := range uris {
if blocked, err := d.IsDomainBlocked(ctx, uri.Hostname()); err != nil {
return false, err
} else if blocked {
return blocked, nil
}
}
return false, nil
}
Reference in a new issue View git blame Copy permalink