mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-11-24 17:25:23 +01:00
6c6f042290
* [bugfix] Return empty result when searching for blocked domains * add tests
300 lines
10 KiB
Go
300 lines
10 KiB
Go
/*
|
|
GoToSocial
|
|
Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU Affero General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU Affero General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Affero General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
package processing
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"codeberg.org/gruf/go-kv"
|
|
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
|
"github.com/superseriousbusiness/gotosocial/internal/config"
|
|
"github.com/superseriousbusiness/gotosocial/internal/db"
|
|
"github.com/superseriousbusiness/gotosocial/internal/federation/dereferencing"
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
|
"github.com/superseriousbusiness/gotosocial/internal/log"
|
|
"github.com/superseriousbusiness/gotosocial/internal/oauth"
|
|
"github.com/superseriousbusiness/gotosocial/internal/transport"
|
|
"github.com/superseriousbusiness/gotosocial/internal/util"
|
|
)
|
|
|
|
// Implementation note: in this function, we tend to log errors
|
|
// at debug level rather than return them. This is because the
|
|
// search has a sort of fallthrough logic: if we can't get a result
|
|
// with x search, we should try with y search rather than returning.
|
|
//
|
|
// If we get to the end and still haven't found anything, even then
|
|
// we shouldn't return an error, just return an empty search result.
|
|
//
|
|
// The only exception to this is when we get a malformed query, in
|
|
// which case we return a bad request error so the user knows they
|
|
// did something funky.
|
|
func (p *processor) SearchGet(ctx context.Context, authed *oauth.Auth, search *apimodel.SearchQuery) (*apimodel.SearchResult, gtserror.WithCode) {
|
|
// tidy up the query and make sure it wasn't just spaces
|
|
query := strings.TrimSpace(search.Query)
|
|
if query == "" {
|
|
err := errors.New("search query was empty string after trimming space")
|
|
return nil, gtserror.NewErrorBadRequest(err, err.Error())
|
|
}
|
|
|
|
l := log.WithFields(kv.Fields{{"query", query}}...)
|
|
|
|
searchResult := &apimodel.SearchResult{
|
|
Accounts: []apimodel.Account{},
|
|
Statuses: []apimodel.Status{},
|
|
Hashtags: []apimodel.Tag{},
|
|
}
|
|
|
|
// currently the search will only ever return one result,
|
|
// so return nothing if the offset is greater than 0
|
|
if search.Offset > 0 {
|
|
return searchResult, nil
|
|
}
|
|
|
|
foundAccounts := []*gtsmodel.Account{}
|
|
foundStatuses := []*gtsmodel.Status{}
|
|
|
|
var foundOne bool
|
|
|
|
/*
|
|
SEARCH BY MENTION
|
|
check if the query is something like @whatever_username@example.org -- this means it's likely a remote account
|
|
*/
|
|
maybeNamestring := query
|
|
if maybeNamestring[0] != '@' {
|
|
maybeNamestring = "@" + maybeNamestring
|
|
}
|
|
|
|
if username, domain, err := util.ExtractNamestringParts(maybeNamestring); err == nil {
|
|
l.Trace("search term is a mention, looking it up...")
|
|
blocked, err := p.db.IsDomainBlocked(ctx, domain)
|
|
if err != nil {
|
|
return nil, gtserror.NewErrorInternalError(fmt.Errorf("error checking domain block: %w", err))
|
|
}
|
|
if blocked {
|
|
l.Debug("domain is blocked")
|
|
return searchResult, nil
|
|
}
|
|
|
|
foundAccount, err := p.searchAccountByUsernameDomain(ctx, authed, username, domain, search.Resolve)
|
|
if err != nil {
|
|
var errNotRetrievable *dereferencing.ErrNotRetrievable
|
|
if !errors.As(err, &errNotRetrievable) {
|
|
// return a proper error only if it wasn't just not retrievable
|
|
return nil, gtserror.NewErrorInternalError(fmt.Errorf("error looking up account: %w", err))
|
|
}
|
|
return searchResult, nil
|
|
}
|
|
|
|
foundAccounts = append(foundAccounts, foundAccount)
|
|
foundOne = true
|
|
l.Trace("got an account by searching by mention")
|
|
}
|
|
|
|
/*
|
|
SEARCH BY URI
|
|
check if the query is a URI with a recognizable scheme and dereference it
|
|
*/
|
|
if !foundOne {
|
|
if uri, err := url.Parse(query); err == nil {
|
|
if uri.Scheme == "https" || uri.Scheme == "http" {
|
|
l.Trace("search term is a uri, looking it up...")
|
|
blocked, err := p.db.IsURIBlocked(ctx, uri)
|
|
if err != nil {
|
|
return nil, gtserror.NewErrorInternalError(fmt.Errorf("error checking domain block: %w", err))
|
|
}
|
|
if blocked {
|
|
l.Debug("domain is blocked")
|
|
return searchResult, nil
|
|
}
|
|
|
|
// check if it's a status...
|
|
foundStatus, err := p.searchStatusByURI(ctx, authed, uri)
|
|
if err != nil {
|
|
var (
|
|
errNotRetrievable *dereferencing.ErrNotRetrievable
|
|
errWrongType *dereferencing.ErrWrongType
|
|
)
|
|
if !errors.As(err, &errNotRetrievable) && !errors.As(err, &errWrongType) {
|
|
return nil, gtserror.NewErrorInternalError(fmt.Errorf("error looking up status: %w", err))
|
|
}
|
|
} else {
|
|
foundStatuses = append(foundStatuses, foundStatus)
|
|
foundOne = true
|
|
l.Trace("got a status by searching by URI")
|
|
}
|
|
|
|
// ... or an account
|
|
if !foundOne {
|
|
foundAccount, err := p.searchAccountByURI(ctx, authed, uri, search.Resolve)
|
|
if err != nil {
|
|
var (
|
|
errNotRetrievable *dereferencing.ErrNotRetrievable
|
|
errWrongType *dereferencing.ErrWrongType
|
|
)
|
|
if !errors.As(err, &errNotRetrievable) && !errors.As(err, &errWrongType) {
|
|
return nil, gtserror.NewErrorInternalError(fmt.Errorf("error looking up account: %w", err))
|
|
}
|
|
} else {
|
|
foundAccounts = append(foundAccounts, foundAccount)
|
|
foundOne = true
|
|
l.Trace("got an account by searching by URI")
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if !foundOne {
|
|
// we got nothing, we can return early
|
|
l.Trace("found nothing, returning")
|
|
return searchResult, nil
|
|
}
|
|
|
|
/*
|
|
FROM HERE ON we have our search results, it's just a matter of filtering them according to what this user is allowed to see,
|
|
and then converting them into our frontend format.
|
|
*/
|
|
for _, foundAccount := range foundAccounts {
|
|
// make sure there's no block in either direction between the account and the requester
|
|
blocked, err := p.db.IsBlocked(ctx, authed.Account.ID, foundAccount.ID, true)
|
|
if err != nil {
|
|
err = fmt.Errorf("SearchGet: error checking block between %s and %s: %s", authed.Account.ID, foundAccount.ID, err)
|
|
return nil, gtserror.NewErrorInternalError(err)
|
|
}
|
|
|
|
if blocked {
|
|
l.Tracef("block exists between %s and %s, skipping this result", authed.Account.ID, foundAccount.ID)
|
|
continue
|
|
}
|
|
|
|
apiAcct, err := p.tc.AccountToAPIAccountPublic(ctx, foundAccount)
|
|
if err != nil {
|
|
err = fmt.Errorf("SearchGet: error converting account %s to api account: %s", foundAccount.ID, err)
|
|
return nil, gtserror.NewErrorInternalError(err)
|
|
}
|
|
|
|
searchResult.Accounts = append(searchResult.Accounts, *apiAcct)
|
|
}
|
|
|
|
for _, foundStatus := range foundStatuses {
|
|
// make sure each found status is visible to the requester
|
|
visible, err := p.filter.StatusVisible(ctx, foundStatus, authed.Account)
|
|
if err != nil {
|
|
err = fmt.Errorf("SearchGet: error checking visibility of status %s for account %s: %s", foundStatus.ID, authed.Account.ID, err)
|
|
return nil, gtserror.NewErrorInternalError(err)
|
|
}
|
|
|
|
if !visible {
|
|
l.Tracef("status %s is not visible to account %s, skipping this result", foundStatus.ID, authed.Account.ID)
|
|
continue
|
|
}
|
|
|
|
apiStatus, err := p.tc.StatusToAPIStatus(ctx, foundStatus, authed.Account)
|
|
if err != nil {
|
|
err = fmt.Errorf("SearchGet: error converting status %s to api status: %s", foundStatus.ID, err)
|
|
return nil, gtserror.NewErrorInternalError(err)
|
|
}
|
|
|
|
searchResult.Statuses = append(searchResult.Statuses, *apiStatus)
|
|
}
|
|
|
|
return searchResult, nil
|
|
}
|
|
|
|
func (p *processor) searchStatusByURI(ctx context.Context, authed *oauth.Auth, uri *url.URL) (*gtsmodel.Status, error) {
|
|
status, statusable, err := p.federator.GetStatus(transport.WithFastfail(ctx), authed.Account.Username, uri, true, true)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if !*status.Local && statusable != nil {
|
|
// Attempt to dereference the status thread while we are here
|
|
p.federator.DereferenceThread(transport.WithFastfail(ctx), authed.Account.Username, uri, status, statusable)
|
|
}
|
|
|
|
return status, nil
|
|
}
|
|
|
|
func (p *processor) searchAccountByURI(ctx context.Context, authed *oauth.Auth, uri *url.URL, resolve bool) (*gtsmodel.Account, error) {
|
|
if !resolve {
|
|
var (
|
|
account *gtsmodel.Account
|
|
err error
|
|
uriStr = uri.String()
|
|
)
|
|
|
|
// Search the database for existing account with ID URI.
|
|
account, err = p.db.GetAccountByURI(ctx, uriStr)
|
|
if err != nil && !errors.Is(err, db.ErrNoEntries) {
|
|
return nil, fmt.Errorf("searchAccountByURI: error checking database for account %s: %w", uriStr, err)
|
|
}
|
|
|
|
if account == nil {
|
|
// Else, search the database for existing by ID URL.
|
|
account, err = p.db.GetAccountByURL(ctx, uriStr)
|
|
if err != nil {
|
|
if !errors.Is(err, db.ErrNoEntries) {
|
|
return nil, fmt.Errorf("searchAccountByURI: error checking database for account %s: %w", uriStr, err)
|
|
}
|
|
return nil, dereferencing.NewErrNotRetrievable(err)
|
|
}
|
|
}
|
|
|
|
return account, nil
|
|
}
|
|
|
|
return p.federator.GetAccountByURI(
|
|
transport.WithFastfail(ctx),
|
|
authed.Account.Username,
|
|
uri, false,
|
|
)
|
|
}
|
|
|
|
func (p *processor) searchAccountByUsernameDomain(ctx context.Context, authed *oauth.Auth, username string, domain string, resolve bool) (*gtsmodel.Account, error) {
|
|
if !resolve {
|
|
if domain == config.GetHost() || domain == config.GetAccountDomain() {
|
|
// We do local lookups using an empty domain,
|
|
// else it will fail the db search below.
|
|
domain = ""
|
|
}
|
|
|
|
// Search the database for existing account with USERNAME@DOMAIN
|
|
account, err := p.db.GetAccountByUsernameDomain(ctx, username, domain)
|
|
if err != nil {
|
|
if !errors.Is(err, db.ErrNoEntries) {
|
|
return nil, fmt.Errorf("searchAccountByUsernameDomain: error checking database for account %s@%s: %w", username, domain, err)
|
|
}
|
|
return nil, dereferencing.NewErrNotRetrievable(err)
|
|
}
|
|
|
|
return account, nil
|
|
}
|
|
|
|
return p.federator.GetAccountByUsernameDomain(
|
|
transport.WithFastfail(ctx),
|
|
authed.Account.Username,
|
|
username, domain, false,
|
|
)
|
|
}
|