[feature] Process outgoing Move from clientAPI (#2750)

* prevent moved accounts from taking create-type actions * update move logic * federate move out * indicate on web profile when an account has moved * [docs] Add migration docs section * lock while checking + setting move state * use redirectFollowers func for clientAPI as well * comment typo * linter? i barely know 'er! * Update internal/uris/uri.go Co-authored-by: Daenney <daenney@users.noreply.github.com> * add a couple tests for move * fix little mistake exposed by tests (thanks tests) * ensure Move marked as successful * attach shared util funcs to struct * lock whole account when doing move * move moving check to after error check * replace repeated text with error func * linterrrrrr!!!! * catch self follow case --------- Co-authored-by: Daenney <daenney@users.noreply.github.com>
author: tobi <31960611+tsmethurst@users.noreply.github.com> 2024-03-13 13:53:29 +0100
committer: GitHub <noreply@github.com> 2024-03-13 13:53:29 +0100
commit: ab2d063fcb04f241a3147c843a021491f5fc0a55 (patch)
tree: 3d2eff864e8b19d4d9a24f4f1fe92feda8ee4dac /internal/api/client/accounts
parent: [bugfix]: Add missing Link headers in Swagger spec (#2751) (diff)
download: gotosocial-ab2d063fcb04f241a3147c843a021491f5fc0a55.tar.xz
5 files changed, 31 insertions, 0 deletions
diff --git a/internal/api/client/accounts/follow.go b/internal/api/client/accounts/follow.go
index 2e6e79964..8a6e99744 100644
--- a/internal/api/client/accounts/follow.go
+++ b/internal/api/client/accounts/follow.go
@@ -97,6 +97,11 @@ func (m *Module) AccountFollowPOSTHandler(c *gin.Context) {
 		return
 	}
 
+	if authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
 	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/lookup.go b/internal/api/client/accounts/lookup.go
index f6bd97657..d2a8e76be 100644
--- a/internal/api/client/accounts/lookup.go
+++ b/internal/api/client/accounts/lookup.go
@@ -72,6 +72,13 @@ func (m *Module) AccountLookupGETHandler(c *gin.Context) {
 		return
 	}
 
+	if authed.Account.IsMoving() {
+		// For moving/moved accounts, just return
+		// empty to avoid breaking client apps.
+		apiutil.NotFoundAfterMove(c)
+		return
+	}
+
 	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/note.go b/internal/api/client/accounts/note.go
index 29ea01c9a..bcfd232ae 100644
--- a/internal/api/client/accounts/note.go
+++ b/internal/api/client/accounts/note.go
@@ -81,6 +81,11 @@ func (m *Module) AccountNotePOSTHandler(c *gin.Context) {
 		return
 	}
 
+	if authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
 	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/search.go b/internal/api/client/accounts/search.go
index 183fc1347..13c135601 100644
--- a/internal/api/client/accounts/search.go
+++ b/internal/api/client/accounts/search.go
@@ -113,6 +113,13 @@ func (m *Module) AccountSearchGETHandler(c *gin.Context) {
 		return
 	}
 
+	if authed.Account.IsMoving() {
+		// For moving/moved accounts, just return
+		// empty to avoid breaking client apps.
+		apiutil.Data(c, http.StatusOK, apiutil.AppJSON, apiutil.EmptyJSONArray)
+		return
+	}
+
 	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/statuses.go b/internal/api/client/accounts/statuses.go
index cd93cb74e..7dd4cbe37 100644
--- a/internal/api/client/accounts/statuses.go
+++ b/internal/api/client/accounts/statuses.go
@@ -152,6 +152,13 @@ func (m *Module) AccountStatusesGETHandler(c *gin.Context) {
 		return
 	}
 
+	if authed.Account.IsMoving() && targetAcctID != authed.Account.ID {
+		// For moving/moved accounts, allow the
+		// account to view its own statuses only.
+		apiutil.Data(c, http.StatusOK, apiutil.AppJSON, apiutil.EmptyJSONArray)
+		return
+	}
+
 	limit := 30
 	limitString := c.Query(LimitKey)
 	if limitString != "" {
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2024-03-13 13:53:29 +0100
committer	GitHub <noreply@github.com>	2024-03-13 13:53:29 +0100
commit	ab2d063fcb04f241a3147c843a021491f5fc0a55 (patch)
tree	3d2eff864e8b19d4d9a24f4f1fe92feda8ee4dac /internal/api/client/accounts
parent	[bugfix]: Add missing Link headers in Swagger spec (#2751) (diff)
download	gotosocial-ab2d063fcb04f241a3147c843a021491f5fc0a55.tar.xz