diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-05-23 11:46:50 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-05-23 11:46:50 +0200 |
| commit | 469da93678b3f738f65372d13dcd1ea7de390063 (patch) | |
| tree | 33d6b5b9facd3cf242235fbfb5f9275051864923 /internal/ap/contextkey.go | |
| parent | [docs] Add Caddy instructions to the documentation (#594) (diff) | |
| download | gotosocial-469da93678b3f738f65372d13dcd1ea7de390063.tar.xz | |
[security] Check all involved IRIs during block checking (#593)
* tidy up context keys, add otherInvolvedIRIs
* add ReplyToable interface
* skip block check if we own the requesting domain
* add block check for other involved IRIs
* use cacheable status fetch
* remove unused ContextActivity
* remove unused ContextActivity
* add helper for unique URIs
* check through CCs and clean slice
* add GetAccountIDForStatusURI
* add GetAccountIDForAccountURI
* check blocks on involved account
* add statuses to tests
* add some blocked tests
* go fmt
* extract Tos as well as CCs
* test PostInboxRequestBodyHook
* add some more testActivities
* deduplicate involvedAccountIDs
* go fmt
* use cacheable db functions, remove new functions
Diffstat (limited to 'internal/ap/contextkey.go')
| -rw-r--r-- | internal/ap/contextkey.go | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/internal/ap/contextkey.go b/internal/ap/contextkey.go index e432a9199..2afdefe05 100644 --- a/internal/ap/contextkey.go +++ b/internal/ap/contextkey.go @@ -22,20 +22,16 @@ package ap type ContextKey string const ( - // ContextActivity can be used to set and retrieve the actual go-fed pub.Activity within a context. - ContextActivity ContextKey = "activity" // ContextReceivingAccount can be used the set and retrieve the account being interacted with / receiving an activity in their inbox. - ContextReceivingAccount ContextKey = "account" + ContextReceivingAccount ContextKey = "receivingAccount" // ContextRequestingAccount can be used to set and retrieve the account of an incoming federation request. // This will often be the actor of the instance that's posting the request. ContextRequestingAccount ContextKey = "requestingAccount" - // ContextRequestingActorIRI can be used to set and retrieve the actor of an incoming federation request. - // This will usually be the owner of whatever activity is being posted. - ContextRequestingActorIRI ContextKey = "requestingActorIRI" + // ContextOtherInvolvedIRIs can be used to set and retrieve a slice of all IRIs that are 'involved' in an Activity without being + // the receivingAccount or the requestingAccount. In other words, people or notes who are CC'ed or Replied To by an Activity. + ContextOtherInvolvedIRIs ContextKey = "otherInvolvedIRIs" // ContextRequestingPublicKeyVerifier can be used to set and retrieve the public key verifier of an incoming federation request. ContextRequestingPublicKeyVerifier ContextKey = "requestingPublicKeyVerifier" // ContextRequestingPublicKeySignature can be used to set and retrieve the value of the signature header of an incoming federation request. ContextRequestingPublicKeySignature ContextKey = "requestingPublicKeySignature" - // ContextFromFederatorChan can be used to pass a pointer to the fromFederator channel into the federator for use in callbacks. - ContextFromFederatorChan ContextKey = "fromFederatorChan" ) |