[feature] User muting (#2960)

* User muting

* Address review feedback

* Rename uniqueness constraint on user_mutes to match convention

* Remove unused account_id from where clause

* Add UserMute to NewTestDB

* Update test/envparsing.sh with new and fixed cache stuff

* Address tobi's review comments

* Make compiledUserMuteListEntry.expired consistent with UserMute.Expired

* Make sure mute_expires_at is serialized as an explicit null for indefinite mutes

---------

Co-authored-by: tobi <tobi.smethurst@protonmail.com>

8 files changed, 904 insertions, 5 deletions

diff --git a/internal/api/client/accounts/accounts.go b/internal/api/client/accounts/accounts.go
index 61fdc41ad..0dbc5ea53 100644
--- a/internal/api/client/accounts/accounts.go
+++ b/internal/api/client/accounts/accounts.go
@@ -45,12 +45,14 @@ const (
 	FollowPath        = BasePathWithID + "/follow"
 	ListsPath         = BasePathWithID + "/lists"
 	LookupPath        = BasePath + "/lookup"
+	MutePath          = BasePathWithID + "/mute"
 	NotePath          = BasePathWithID + "/note"
 	RelationshipsPath = BasePath + "/relationships"
 	SearchPath        = BasePath + "/search"
 	StatusesPath      = BasePathWithID + "/statuses"
 	UnblockPath       = BasePathWithID + "/unblock"
 	UnfollowPath      = BasePathWithID + "/unfollow"
+	UnmutePath        = BasePathWithID + "/unmute"
 	UpdatePath        = BasePath + "/update_credentials"
 	VerifyPath        = BasePath + "/verify_credentials"
 	MovePath          = BasePath + "/move"
@@ -117,6 +119,10 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
 	// account note
 	attachHandler(http.MethodPost, NotePath, m.AccountNotePOSTHandler)
 
+	// mute or unmute account
+	attachHandler(http.MethodPost, MutePath, m.AccountMutePOSTHandler)
+	attachHandler(http.MethodPost, UnmutePath, m.AccountUnmutePOSTHandler)
+
 	// search for accounts
 	attachHandler(http.MethodGet, SearchPath, m.AccountSearchGETHandler)
 	attachHandler(http.MethodGet, LookupPath, m.AccountLookupGETHandler)
diff --git a/internal/api/client/accounts/mute.go b/internal/api/client/accounts/mute.go
new file mode 100644
index 000000000..37cd3bbff
--- /dev/null
+++ b/internal/api/client/accounts/mute.go
@@ -0,0 +1,170 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package accounts
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"github.com/superseriousbusiness/gotosocial/internal/util"
+)
+
+// AccountMutePOSTHandler swagger:operation POST /api/v1/accounts/{id}/mute accountMute
+//
+// Mute account by ID.
+//
+// If account was already muted, succeeds anyway. This can be used to update the details of a mute.
+//
+//	---
+//	tags:
+//	- accounts
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: id
+//		type: string
+//		description: The ID of the account to block.
+//		in: path
+//		required: true
+//	-
+//		name: notifications
+//		type: boolean
+//		description: Mute notifications as well as posts.
+//		in: formData
+//		required: false
+//		default: false
+//	-
+//		name: duration
+//		type: number
+//		description: How long the mute should last, in seconds. If 0 or not provided, mute lasts indefinitely.
+//		in: formData
+//		required: false
+//		default: 0
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- write:mutes
+//
+//	responses:
+//		'200':
+//			description: Your relationship to the account.
+//			schema:
+//				"$ref": "#/definitions/accountRelationship"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'403':
+//			description: forbidden to moved accounts
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+func (m *Module) AccountMutePOSTHandler(c *gin.Context) {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
+	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	targetAcctID := c.Param(IDKey)
+	if targetAcctID == "" {
+		err := errors.New("no account id specified")
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	form := &apimodel.UserMuteCreateUpdateRequest{}
+	if err := c.ShouldBind(form); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if err := normalizeCreateUpdateMute(form); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnprocessableEntity(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	relationship, errWithCode := m.processor.Account().MuteCreate(
+		c.Request.Context(),
+		authed.Account,
+		targetAcctID,
+		form,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	apiutil.JSON(c, http.StatusOK, relationship)
+}
+
+func normalizeCreateUpdateMute(form *apimodel.UserMuteCreateUpdateRequest) error {
+	// Apply defaults for missing fields.
+	form.Notifications = util.Ptr(util.PtrValueOr(form.Notifications, false))
+
+	// Normalize mute duration if necessary.
+	// If we parsed this as JSON, expires_in
+	// may be either a float64 or a string.
+	if ei := form.DurationI; ei != nil {
+		switch e := ei.(type) {
+		case float64:
+			form.Duration = util.Ptr(int(e))
+
+		case string:
+			duration, err := strconv.Atoi(e)
+			if err != nil {
+				return fmt.Errorf("could not parse duration value %s as integer: %w", e, err)
+			}
+
+			form.Duration = &duration
+
+		default:
+			return fmt.Errorf("could not parse expires_in type %T as integer", ei)
+		}
+	}
+
+	// Interpret zero as indefinite duration.
+	if form.Duration != nil && *form.Duration == 0 {
+		form.Duration = nil
+	}
+
+	return nil
+}
diff --git a/internal/api/client/accounts/mute_test.go b/internal/api/client/accounts/mute_test.go
new file mode 100644
index 000000000..d181a2e3b
--- /dev/null
+++ b/internal/api/client/accounts/mute_test.go
@@ -0,0 +1,173 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package accounts_test
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"strconv"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"github.com/superseriousbusiness/gotosocial/testrig"
+)
+
+type MuteTestSuite struct {
+	AccountStandardTestSuite
+}
+
+func (suite *MuteTestSuite) postMute(
+	accountID string,
+	notifications *bool,
+	duration *int,
+	requestJson *string,
+	expectedHTTPStatus int,
+	expectedBody string,
+) (*apimodel.Relationship, error) {
+	// instantiate recorder + test context
+	recorder := httptest.NewRecorder()
+	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
+	ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens["local_account_1"]))
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
+
+	// create the request
+	ctx.Request = httptest.NewRequest(http.MethodPut, config.GetProtocol()+"://"+config.GetHost()+"/api/"+accounts.BasePath+"/"+accountID+"/mute", nil)
+	ctx.Request.Header.Set("accept", "application/json")
+	if requestJson != nil {
+		ctx.Request.Header.Set("content-type", "application/json")
+		ctx.Request.Body = io.NopCloser(strings.NewReader(*requestJson))
+	} else {
+		ctx.Request.Form = make(url.Values)
+		if notifications != nil {
+			ctx.Request.Form["notifications"] = []string{strconv.FormatBool(*notifications)}
+		}
+		if duration != nil {
+			ctx.Request.Form["duration"] = []string{strconv.Itoa(*duration)}
+		}
+	}
+
+	ctx.AddParam("id", accountID)
+
+	// trigger the handler
+	suite.accountsModule.AccountMutePOSTHandler(ctx)
+
+	// read the response
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	b, err := io.ReadAll(result.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	errs := gtserror.NewMultiError(2)
+
+	// check code + body
+	if resultCode := recorder.Code; expectedHTTPStatus != resultCode {
+		errs.Appendf("expected %d got %d", expectedHTTPStatus, resultCode)
+		if expectedBody == "" {
+			return nil, errs.Combine()
+		}
+	}
+
+	// if we got an expected body, return early
+	if expectedBody != "" {
+		if string(b) != expectedBody {
+			errs.Appendf("expected %s got %s", expectedBody, string(b))
+		}
+		return nil, errs.Combine()
+	}
+
+	resp := &apimodel.Relationship{}
+	if err := json.Unmarshal(b, resp); err != nil {
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+func (suite *MuteTestSuite) TestPostMuteFull() {
+	accountID := suite.testAccounts["remote_account_1"].ID
+	notifications := true
+	duration := 86400
+	relationship, err := suite.postMute(accountID, &notifications, &duration, nil, http.StatusOK, "")
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	suite.True(relationship.Muting)
+	suite.Equal(notifications, relationship.MutingNotifications)
+}
+
+func (suite *MuteTestSuite) TestPostMuteFullJSON() {
+	accountID := suite.testAccounts["remote_account_2"].ID
+	// Use a numeric literal with a fractional part to test the JSON-specific handling for non-integer "duration".
+	requestJson := `{
+		"notifications": true,
+		"duration": 86400.1
+	}`
+	relationship, err := suite.postMute(accountID, nil, nil, &requestJson, http.StatusOK, "")
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	suite.True(relationship.Muting)
+	suite.True(relationship.MutingNotifications)
+}
+
+func (suite *MuteTestSuite) TestPostMuteMinimal() {
+	accountID := suite.testAccounts["remote_account_3"].ID
+	relationship, err := suite.postMute(accountID, nil, nil, nil, http.StatusOK, "")
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	suite.True(relationship.Muting)
+	suite.False(relationship.MutingNotifications)
+}
+
+func (suite *MuteTestSuite) TestPostMuteSelf() {
+	accountID := suite.testAccounts["local_account_1"].ID
+	_, err := suite.postMute(accountID, nil, nil, nil, http.StatusNotAcceptable, `{"error":"Not Acceptable: getMuteTarget: account 01F8MH1H7YV1Z7D2C8K2730QBF cannot mute or unmute itself"}`)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+}
+
+func (suite *MuteTestSuite) TestPostMuteNonexistentAccount() {
+	accountID := "not_even_a_real_ULID"
+	_, err := suite.postMute(accountID, nil, nil, nil, http.StatusNotFound, `{"error":"Not Found: getMuteTarget: target account not_even_a_real_ULID not found in the db"}`)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+}
+
+func TestMuteTestSuite(t *testing.T) {
+	suite.Run(t, new(MuteTestSuite))
+}
diff --git a/internal/api/client/accounts/unmute.go b/internal/api/client/accounts/unmute.go
new file mode 100644
index 000000000..665c3908e
--- /dev/null
+++ b/internal/api/client/accounts/unmute.go
@@ -0,0 +1,98 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package accounts
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+)
+
+// AccountUnmutePOSTHandler swagger:operation POST /api/v1/accounts/{id}/unmute accountUnmute
+//
+// Unmute account by ID.
+//
+// If account was already unmuted (or has never been muted), succeeds anyway.
+//
+//	---
+//	tags:
+//	- accounts
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: id
+//		type: string
+//		description: The ID of the account to unmute.
+//		in: path
+//		required: true
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- write:mutes
+//
+//	responses:
+//		'200':
+//			name: account relationship
+//			description: Your relationship to this account.
+//			schema:
+//				"$ref": "#/definitions/accountRelationship"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+func (m *Module) AccountUnmutePOSTHandler(c *gin.Context) {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	targetAcctID := c.Param(IDKey)
+	if targetAcctID == "" {
+		err := errors.New("no account id specified")
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	relationship, errWithCode := m.processor.Account().MuteRemove(c.Request.Context(), authed.Account, targetAcctID)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	apiutil.JSON(c, http.StatusOK, relationship)
+
+}
diff --git a/internal/api/client/accounts/unmute_test.go b/internal/api/client/accounts/unmute_test.go
new file mode 100644
index 000000000..5a00c3610
--- /dev/null
+++ b/internal/api/client/accounts/unmute_test.go
@@ -0,0 +1,136 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package accounts_test
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+
+	"github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"github.com/superseriousbusiness/gotosocial/testrig"
+)
+
+func (suite *MuteTestSuite) postUnmute(
+	accountID string,
+	expectedHTTPStatus int,
+	expectedBody string,
+) (*apimodel.Relationship, error) {
+	// instantiate recorder + test context
+	recorder := httptest.NewRecorder()
+	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
+	ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens["local_account_1"]))
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
+
+	// create the request
+	ctx.Request = httptest.NewRequest(http.MethodPut, config.GetProtocol()+"://"+config.GetHost()+"/api/"+accounts.BasePath+"/"+accountID+"/unmute", nil)
+	ctx.Request.Header.Set("accept", "application/json")
+
+	ctx.AddParam("id", accountID)
+
+	// trigger the handler
+	suite.accountsModule.AccountUnmutePOSTHandler(ctx)
+
+	// read the response
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	b, err := io.ReadAll(result.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	errs := gtserror.NewMultiError(2)
+
+	// check code + body
+	if resultCode := recorder.Code; expectedHTTPStatus != resultCode {
+		errs.Appendf("expected %d got %d", expectedHTTPStatus, resultCode)
+		if expectedBody == "" {
+			return nil, errs.Combine()
+		}
+	}
+
+	// if we got an expected body, return early
+	if expectedBody != "" {
+		if string(b) != expectedBody {
+			errs.Appendf("expected %s got %s", expectedBody, string(b))
+		}
+		return nil, errs.Combine()
+	}
+
+	resp := &apimodel.Relationship{}
+	if err := json.Unmarshal(b, resp); err != nil {
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+func (suite *MuteTestSuite) TestPostUnmuteWithoutPreviousMute() {
+	accountID := suite.testAccounts["remote_account_4"].ID
+	relationship, err := suite.postUnmute(accountID, http.StatusOK, "")
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	suite.False(relationship.Muting)
+	suite.False(relationship.MutingNotifications)
+}
+
+func (suite *MuteTestSuite) TestPostWithPreviousMute() {
+	accountID := suite.testAccounts["local_account_2"].ID
+
+	relationship, err := suite.postMute(accountID, nil, nil, nil, http.StatusOK, "")
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	suite.True(relationship.Muting)
+	suite.False(relationship.MutingNotifications)
+
+	relationship, err = suite.postUnmute(accountID, http.StatusOK, "")
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	suite.False(relationship.Muting)
+	suite.False(relationship.MutingNotifications)
+}
+
+func (suite *MuteTestSuite) TestPostUnmuteSelf() {
+	accountID := suite.testAccounts["local_account_1"].ID
+	_, err := suite.postUnmute(accountID, http.StatusNotAcceptable, `{"error":"Not Acceptable: getMuteTarget: account 01F8MH1H7YV1Z7D2C8K2730QBF cannot mute or unmute itself"}`)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+}
+
+func (suite *MuteTestSuite) TestPostUnmuteNonexistentAccount() {
+	accountID := "not_even_a_real_ULID"
+	_, err := suite.postUnmute(accountID, http.StatusNotFound, `{"error":"Not Found: getMuteTarget: target account not_even_a_real_ULID not found in the db"}`)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+}
diff --git a/internal/api/client/mutes/mutes_test.go b/internal/api/client/mutes/mutes_test.go
new file mode 100644
index 000000000..5d450e32c
--- /dev/null
+++ b/internal/api/client/mutes/mutes_test.go
@@ -0,0 +1,136 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package mutes_test
+
+import (
+	"bytes"
+	"fmt"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/api/client/mutes"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/email"
+	"github.com/superseriousbusiness/gotosocial/internal/federation"
+	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/media"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"github.com/superseriousbusiness/gotosocial/internal/processing"
+	"github.com/superseriousbusiness/gotosocial/internal/state"
+	"github.com/superseriousbusiness/gotosocial/internal/storage"
+	"github.com/superseriousbusiness/gotosocial/internal/typeutils"
+	"github.com/superseriousbusiness/gotosocial/testrig"
+)
+
+type MutesTestSuite struct {
+	// standard suite interfaces
+	suite.Suite
+	db           db.DB
+	storage      *storage.Driver
+	mediaManager *media.Manager
+	federator    *federation.Federator
+	processor    *processing.Processor
+	emailSender  email.Sender
+	sentEmails   map[string]string
+	state        state.State
+
+	// standard suite models
+	testTokens       map[string]*gtsmodel.Token
+	testClients      map[string]*gtsmodel.Client
+	testApplications map[string]*gtsmodel.Application
+	testUsers        map[string]*gtsmodel.User
+	testAccounts     map[string]*gtsmodel.Account
+
+	// module being tested
+	mutesModule *mutes.Module
+}
+
+func (suite *MutesTestSuite) SetupSuite() {
+	suite.testTokens = testrig.NewTestTokens()
+	suite.testClients = testrig.NewTestClients()
+	suite.testApplications = testrig.NewTestApplications()
+	suite.testUsers = testrig.NewTestUsers()
+	suite.testAccounts = testrig.NewTestAccounts()
+}
+
+func (suite *MutesTestSuite) SetupTest() {
+	suite.state.Caches.Init()
+	testrig.StartNoopWorkers(&suite.state)
+
+	testrig.InitTestConfig()
+	testrig.InitTestLog()
+
+	suite.db = testrig.NewTestDB(&suite.state)
+	suite.state.DB = suite.db
+	suite.storage = testrig.NewInMemoryStorage()
+	suite.state.Storage = suite.storage
+
+	testrig.StartTimelines(
+		&suite.state,
+		visibility.NewFilter(&suite.state),
+		typeutils.NewConverter(&suite.state),
+	)
+
+	suite.mediaManager = testrig.NewTestMediaManager(&suite.state)
+	suite.federator = testrig.NewTestFederator(&suite.state, testrig.NewTestTransportController(&suite.state, testrig.NewMockHTTPClient(nil, "../../../../testrig/media")), suite.mediaManager)
+	suite.sentEmails = make(map[string]string)
+	suite.emailSender = testrig.NewEmailSender("../../../../web/template/", suite.sentEmails)
+	suite.processor = testrig.NewTestProcessor(&suite.state, suite.federator, suite.emailSender, suite.mediaManager)
+	suite.mutesModule = mutes.New(suite.processor)
+	testrig.StandardDBSetup(suite.db, nil)
+	testrig.StandardStorageSetup(suite.storage, "../../../../testrig/media")
+}
+
+func (suite *MutesTestSuite) TearDownTest() {
+	testrig.StandardDBTeardown(suite.db)
+	testrig.StandardStorageTeardown(suite.storage)
+	testrig.StopWorkers(&suite.state)
+}
+
+func (suite *MutesTestSuite) newContext(recorder *httptest.ResponseRecorder, requestMethod string, requestBody []byte, requestPath string, bodyContentType string) *gin.Context {
+	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
+
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
+	ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens["local_account_1"]))
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
+
+	protocol := config.GetProtocol()
+	host := config.GetHost()
+
+	baseURI := fmt.Sprintf("%s://%s", protocol, host)
+	requestURI := fmt.Sprintf("%s/%s", baseURI, requestPath)
+
+	ctx.Request = httptest.NewRequest(requestMethod, requestURI, bytes.NewReader(requestBody)) // the endpoint we're hitting
+
+	if bodyContentType != "" {
+		ctx.Request.Header.Set("Content-Type", bodyContentType)
+	}
+
+	ctx.Request.Header.Set("accept", "application/json")
+
+	return ctx
+}
+
+func TestMutesTestSuite(t *testing.T) {
+	suite.Run(t, new(MutesTestSuite))
+}
diff --git a/internal/api/client/mutes/mutesget.go b/internal/api/client/mutes/mutesget.go
index d609da868..7fcbc2b44 100644
--- a/internal/api/client/mutes/mutesget.go
+++ b/internal/api/client/mutes/mutesget.go
@@ -24,14 +24,13 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
 // MutesGETHandler swagger:operation GET /api/v1/mutes mutesGet
 //
 // Get an array of accounts that requesting account has muted.
 //
-// NOT IMPLEMENTED YET: Will currently always return an array of length 0.
-//
 // The next and previous queries can be parsed from the returned Link header.
 // Example:
 //
@@ -89,6 +88,7 @@ import (
 //
 //	responses:
 //		'200':
+//			description: List of muted accounts, including when their mutes expire (if applicable).
 //			headers:
 //				Link:
 //					type: string
@@ -96,7 +96,7 @@ import (
 //			schema:
 //				type: array
 //				items:
-//					"$ref": "#/definitions/account"
+//					"$ref": "#/definitions/mutedAccount"
 //		'400':
 //			description: bad request
 //		'401':
@@ -108,7 +108,8 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) MutesGETHandler(c *gin.Context) {
-	if _, err := oauth.Authed(c, true, true, true, true); err != nil {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
 	}
@@ -118,5 +119,29 @@ func (m *Module) MutesGETHandler(c *gin.Context) {
 		return
 	}
 
-	apiutil.Data(c, http.StatusOK, apiutil.AppJSON, apiutil.EmptyJSONArray)
+	page, errWithCode := paging.ParseIDPage(c,
+		1,  // min limit
+		80, // max limit
+		40, // default limit
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	resp, errWithCode := m.processor.Account().MutesGet(
+		c.Request.Context(),
+		authed.Account,
+		page,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	if resp.LinkHeader != "" {
+		c.Header("Link", resp.LinkHeader)
+	}
+
+	apiutil.JSON(c, http.StatusOK, resp.Items)
 }
diff --git a/internal/api/client/mutes/mutesget_test.go b/internal/api/client/mutes/mutesget_test.go
new file mode 100644
index 000000000..2e5a00c6a
--- /dev/null
+++ b/internal/api/client/mutes/mutesget_test.go
@@ -0,0 +1,155 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package mutes_test
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"time"
+
+	"github.com/superseriousbusiness/gotosocial/internal/api/client/mutes"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"github.com/superseriousbusiness/gotosocial/testrig"
+)
+
+func (suite *MutesTestSuite) getMutedAccounts(
+	expectedHTTPStatus int,
+	expectedBody string,
+) ([]*apimodel.MutedAccount, error) {
+	// instantiate recorder + test context
+	recorder := httptest.NewRecorder()
+	ctx, _ := testrig.CreateGinTestContext(recorder, nil)
+	ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts["local_account_1"])
+	ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens["local_account_1"]))
+	ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+	ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers["local_account_1"])
+
+	// create the request
+	ctx.Request = httptest.NewRequest(http.MethodGet, config.GetProtocol()+"://"+config.GetHost()+"/api/"+mutes.BasePath, nil)
+	ctx.Request.Header.Set("accept", "application/json")
+
+	// trigger the handler
+	suite.mutesModule.MutesGETHandler(ctx)
+
+	// read the response
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	b, err := io.ReadAll(result.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	errs := gtserror.NewMultiError(2)
+
+	// check code + body
+	if resultCode := recorder.Code; expectedHTTPStatus != resultCode {
+		errs.Appendf("expected %d got %d", expectedHTTPStatus, resultCode)
+		if expectedBody == "" {
+			return nil, errs.Combine()
+		}
+	}
+
+	// if we got an expected body, return early
+	if expectedBody != "" {
+		if string(b) != expectedBody {
+			errs.Appendf("expected %s got %s", expectedBody, string(b))
+		}
+		return nil, errs.Combine()
+	}
+
+	resp := make([]*apimodel.MutedAccount, 0)
+	if err := json.Unmarshal(b, &resp); err != nil {
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+func (suite *MutesTestSuite) TestGetMutedAccounts() {
+	// Mute a user with a finite duration.
+	mute1 := &gtsmodel.UserMute{
+		ID:              "01HZQ4K4MJTZ3RWVAEEJQDKK7M",
+		ExpiresAt:       time.Now().Add(time.Duration(1) * time.Hour),
+		AccountID:       suite.testAccounts["local_account_1"].ID,
+		TargetAccountID: suite.testAccounts["local_account_2"].ID,
+	}
+	err := suite.db.PutMute(context.Background(), mute1)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	// Mute a user with an indefinite duration.
+	mute2 := &gtsmodel.UserMute{
+		ID:              "01HZQ4K641EMWBEJ9A99WST1GP",
+		AccountID:       suite.testAccounts["local_account_1"].ID,
+		TargetAccountID: suite.testAccounts["remote_account_1"].ID,
+	}
+	err = suite.db.PutMute(context.Background(), mute2)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	// Fetch all muted accounts for the logged-in account.
+	mutedAccounts, err := suite.getMutedAccounts(http.StatusOK, "")
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+	suite.NotEmpty(mutedAccounts)
+
+	// Check that we got the accounts we just muted, and that their mute expiration times are set correctly.
+	// Note that the account list will be in *reverse* order by mute ID.
+	if suite.Len(mutedAccounts, 2) {
+		// This mute expiration should be a string.
+		mutedAccount1 := mutedAccounts[1]
+		suite.Equal(mute1.TargetAccountID, mutedAccount1.ID)
+		suite.NotEmpty(mutedAccount1.MuteExpiresAt)
+
+		// This mute expiration should be null.
+		mutedAccount2 := mutedAccounts[0]
+		suite.Equal(mute2.TargetAccountID, mutedAccount2.ID)
+		suite.Nil(mutedAccount2.MuteExpiresAt)
+	}
+}
+
+func (suite *MutesTestSuite) TestIndefinitelyMutedAccountSerializesMuteExpirationAsNull() {
+	// Mute a user with an indefinite duration.
+	mute := &gtsmodel.UserMute{
+		ID:              "01HZQ4K641EMWBEJ9A99WST1GP",
+		AccountID:       suite.testAccounts["local_account_1"].ID,
+		TargetAccountID: suite.testAccounts["remote_account_1"].ID,
+	}
+	err := suite.db.PutMute(context.Background(), mute)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+
+	// Fetch all muted accounts for the logged-in account.
+	// The expected body contains `"mute_expires_at":null`.
+	_, err = suite.getMutedAccounts(http.StatusOK, `[{"id":"01F8MH5ZK5VRH73AKHQM6Y9VNX","username":"foss_satan","acct":"foss_satan@fossbros-anonymous.io","display_name":"big gerald","locked":false,"discoverable":true,"bot":false,"created_at":"2021-09-26T10:52:36.000Z","note":"i post about like, i dunno, stuff, or whatever!!!!","url":"http://fossbros-anonymous.io/@foss_satan","avatar":"","avatar_static":"","header":"http://localhost:8080/assets/default_header.png","header_static":"http://localhost:8080/assets/default_header.png","followers_count":0,"following_count":0,"statuses_count":3,"last_status_at":"2021-09-11T09:40:37.000Z","emojis":[],"fields":[],"mute_expires_at":null}]`)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+}