mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-01-22 06:09:43 +01:00
301543616b
* [feature] Add domain permission drafts and excludes * fix typescript complaining * lint * make filenames more consistent * test own domain excluded
392 lines
9.6 KiB
Go
392 lines
9.6 KiB
Go
// GoToSocial
|
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package bundb
|
|
|
|
import (
|
|
"context"
|
|
"net/url"
|
|
"time"
|
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/config"
|
|
"github.com/superseriousbusiness/gotosocial/internal/db"
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
|
"github.com/superseriousbusiness/gotosocial/internal/state"
|
|
"github.com/superseriousbusiness/gotosocial/internal/util"
|
|
"github.com/uptrace/bun"
|
|
)
|
|
|
|
type domainDB struct {
|
|
db *bun.DB
|
|
state *state.State
|
|
}
|
|
|
|
func (d *domainDB) CreateDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow) error {
|
|
// Normalize the domain as punycode
|
|
var err error
|
|
allow.Domain, err = util.Punify(allow.Domain)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Attempt to store domain allow in DB
|
|
if _, err := d.db.NewInsert().
|
|
Model(allow).
|
|
Exec(ctx); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Clear the domain allow cache (for later reload)
|
|
d.state.Caches.DB.DomainAllow.Clear()
|
|
|
|
return nil
|
|
}
|
|
|
|
func (d *domainDB) GetDomainAllow(ctx context.Context, domain string) (*gtsmodel.DomainAllow, error) {
|
|
// Normalize the domain as punycode
|
|
domain, err := util.Punify(domain)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Check for easy case, domain referencing *us*
|
|
if domain == "" || domain == config.GetAccountDomain() ||
|
|
domain == config.GetHost() {
|
|
return nil, db.ErrNoEntries
|
|
}
|
|
|
|
var allow gtsmodel.DomainAllow
|
|
|
|
// Look for allow matching domain in DB
|
|
q := d.db.
|
|
NewSelect().
|
|
Model(&allow).
|
|
Where("? = ?", bun.Ident("domain_allow.domain"), domain)
|
|
if err := q.Scan(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &allow, nil
|
|
}
|
|
|
|
func (d *domainDB) GetDomainAllows(ctx context.Context) ([]*gtsmodel.DomainAllow, error) {
|
|
allows := []*gtsmodel.DomainAllow{}
|
|
|
|
if err := d.db.
|
|
NewSelect().
|
|
Model(&allows).
|
|
Scan(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return allows, nil
|
|
}
|
|
|
|
func (d *domainDB) GetDomainAllowByID(ctx context.Context, id string) (*gtsmodel.DomainAllow, error) {
|
|
var allow gtsmodel.DomainAllow
|
|
|
|
q := d.db.
|
|
NewSelect().
|
|
Model(&allow).
|
|
Where("? = ?", bun.Ident("domain_allow.id"), id)
|
|
if err := q.Scan(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &allow, nil
|
|
}
|
|
|
|
func (d *domainDB) UpdateDomainAllow(ctx context.Context, allow *gtsmodel.DomainAllow, columns ...string) error {
|
|
// Normalize the domain as punycode
|
|
var err error
|
|
allow.Domain, err = util.Punify(allow.Domain)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Ensure updated_at is set.
|
|
allow.UpdatedAt = time.Now()
|
|
if len(columns) != 0 {
|
|
columns = append(columns, "updated_at")
|
|
}
|
|
|
|
// Attempt to update domain allow.
|
|
if _, err := d.db.
|
|
NewUpdate().
|
|
Model(allow).
|
|
Column(columns...).
|
|
Where("? = ?", bun.Ident("domain_allow.id"), allow.ID).
|
|
Exec(ctx); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Clear the domain allow cache (for later reload)
|
|
d.state.Caches.DB.DomainAllow.Clear()
|
|
|
|
return nil
|
|
}
|
|
|
|
func (d *domainDB) DeleteDomainAllow(ctx context.Context, domain string) error {
|
|
// Normalize the domain as punycode
|
|
domain, err := util.Punify(domain)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Attempt to delete domain allow
|
|
if _, err := d.db.NewDelete().
|
|
Model((*gtsmodel.DomainAllow)(nil)).
|
|
Where("? = ?", bun.Ident("domain_allow.domain"), domain).
|
|
Exec(ctx); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Clear the domain allow cache (for later reload)
|
|
d.state.Caches.DB.DomainAllow.Clear()
|
|
|
|
return nil
|
|
}
|
|
|
|
func (d *domainDB) CreateDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock) error {
|
|
// Normalize the domain as punycode
|
|
var err error
|
|
block.Domain, err = util.Punify(block.Domain)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Attempt to store domain block in DB
|
|
if _, err := d.db.NewInsert().
|
|
Model(block).
|
|
Exec(ctx); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Clear the domain block cache (for later reload)
|
|
d.state.Caches.DB.DomainBlock.Clear()
|
|
|
|
return nil
|
|
}
|
|
|
|
func (d *domainDB) GetDomainBlock(ctx context.Context, domain string) (*gtsmodel.DomainBlock, error) {
|
|
// Normalize the domain as punycode
|
|
domain, err := util.Punify(domain)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Check for easy case, domain referencing *us*
|
|
if domain == "" || domain == config.GetAccountDomain() ||
|
|
domain == config.GetHost() {
|
|
return nil, db.ErrNoEntries
|
|
}
|
|
|
|
var block gtsmodel.DomainBlock
|
|
|
|
// Look for block matching domain in DB
|
|
q := d.db.
|
|
NewSelect().
|
|
Model(&block).
|
|
Where("? = ?", bun.Ident("domain_block.domain"), domain)
|
|
if err := q.Scan(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &block, nil
|
|
}
|
|
|
|
func (d *domainDB) GetDomainBlocks(ctx context.Context) ([]*gtsmodel.DomainBlock, error) {
|
|
blocks := []*gtsmodel.DomainBlock{}
|
|
|
|
if err := d.db.
|
|
NewSelect().
|
|
Model(&blocks).
|
|
Scan(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return blocks, nil
|
|
}
|
|
|
|
func (d *domainDB) GetDomainBlockByID(ctx context.Context, id string) (*gtsmodel.DomainBlock, error) {
|
|
var block gtsmodel.DomainBlock
|
|
|
|
q := d.db.
|
|
NewSelect().
|
|
Model(&block).
|
|
Where("? = ?", bun.Ident("domain_block.id"), id)
|
|
if err := q.Scan(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &block, nil
|
|
}
|
|
|
|
func (d *domainDB) UpdateDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock, columns ...string) error {
|
|
// Normalize the domain as punycode
|
|
var err error
|
|
block.Domain, err = util.Punify(block.Domain)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Ensure updated_at is set.
|
|
block.UpdatedAt = time.Now()
|
|
if len(columns) != 0 {
|
|
columns = append(columns, "updated_at")
|
|
}
|
|
|
|
// Attempt to update domain block.
|
|
if _, err := d.db.
|
|
NewUpdate().
|
|
Model(block).
|
|
Column(columns...).
|
|
Where("? = ?", bun.Ident("domain_block.id"), block.ID).
|
|
Exec(ctx); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Clear the domain block cache (for later reload)
|
|
d.state.Caches.DB.DomainBlock.Clear()
|
|
|
|
return nil
|
|
}
|
|
|
|
func (d *domainDB) DeleteDomainBlock(ctx context.Context, domain string) error {
|
|
// Normalize the domain as punycode
|
|
domain, err := util.Punify(domain)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Attempt to delete domain block
|
|
if _, err := d.db.NewDelete().
|
|
Model((*gtsmodel.DomainBlock)(nil)).
|
|
Where("? = ?", bun.Ident("domain_block.domain"), domain).
|
|
Exec(ctx); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Clear the domain block cache (for later reload)
|
|
d.state.Caches.DB.DomainBlock.Clear()
|
|
|
|
return nil
|
|
}
|
|
|
|
func (d *domainDB) IsDomainBlocked(ctx context.Context, domain string) (bool, error) {
|
|
// Normalize the domain as punycode
|
|
domain, err := util.Punify(domain)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
// Domain referencing *us* cannot be blocked.
|
|
if domain == "" || domain == config.GetAccountDomain() ||
|
|
domain == config.GetHost() {
|
|
return false, nil
|
|
}
|
|
|
|
// Check the cache for an explicit domain allow (hydrating the cache with callback if necessary).
|
|
explicitAllow, err := d.state.Caches.DB.DomainAllow.Matches(domain, func() ([]string, error) {
|
|
var domains []string
|
|
|
|
// Scan list of all explicitly allowed domains from DB
|
|
q := d.db.NewSelect().
|
|
Table("domain_allows").
|
|
Column("domain")
|
|
if err := q.Scan(ctx, &domains); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return domains, nil
|
|
})
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
// Check the cache for a domain block (hydrating the cache with callback if necessary)
|
|
explicitBlock, err := d.state.Caches.DB.DomainBlock.Matches(domain, func() ([]string, error) {
|
|
var domains []string
|
|
|
|
// Scan list of all blocked domains from DB
|
|
q := d.db.NewSelect().
|
|
Table("domain_blocks").
|
|
Column("domain")
|
|
if err := q.Scan(ctx, &domains); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return domains, nil
|
|
})
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
// Calculate if blocked
|
|
// based on federation mode.
|
|
switch mode := config.GetInstanceFederationMode(); mode {
|
|
|
|
case config.InstanceFederationModeBlocklist:
|
|
// Blocklist/default mode: explicit allow
|
|
// takes precedence over explicit block.
|
|
//
|
|
// Domains that have neither block
|
|
// or allow entries are allowed.
|
|
return !(explicitAllow || !explicitBlock), nil
|
|
|
|
case config.InstanceFederationModeAllowlist:
|
|
// Allowlist mode: explicit block takes
|
|
// precedence over explicit allow.
|
|
//
|
|
// Domains that have neither block
|
|
// or allow entries are blocked.
|
|
return (explicitBlock || !explicitAllow), nil
|
|
|
|
default:
|
|
// This should never happen but account
|
|
// for it anyway to make the code tidier.
|
|
return false, gtserror.Newf("unrecognized federation mode: %s", mode)
|
|
}
|
|
}
|
|
|
|
func (d *domainDB) AreDomainsBlocked(ctx context.Context, domains []string) (bool, error) {
|
|
for _, domain := range domains {
|
|
if blocked, err := d.IsDomainBlocked(ctx, domain); err != nil {
|
|
return false, err
|
|
} else if blocked {
|
|
return blocked, nil
|
|
}
|
|
}
|
|
return false, nil
|
|
}
|
|
|
|
func (d *domainDB) IsURIBlocked(ctx context.Context, uri *url.URL) (bool, error) {
|
|
return d.IsDomainBlocked(ctx, uri.Hostname())
|
|
}
|
|
|
|
func (d *domainDB) AreURIsBlocked(ctx context.Context, uris []*url.URL) (bool, error) {
|
|
for _, uri := range uris {
|
|
if blocked, err := d.IsDomainBlocked(ctx, uri.Hostname()); err != nil {
|
|
return false, err
|
|
} else if blocked {
|
|
return blocked, nil
|
|
}
|
|
}
|
|
return false, nil
|
|
}
|