[feature] Implement explicit domain allows + allowlist federation mode (#2200)

* love like winter! wohoah, wohoah

* domain allow side effects

* tests! logging! unallow!

* document federation modes

* linty linterson

* test

* further adventures in documentation

* finish up domain block documentation (i think)

* change wording a wee little bit

* docs, example

* consolidate shared domainPermission code

* call mode once

* fetch federation mode within domain blocked func

* read domain perm import in streaming manner

* don't use pointer to slice for domain perms

* don't bother copying blocks + allows before deleting

* admonish!

* change wording just a scooch

* update docs

6 files changed, 71 insertions, 6 deletions

diff --git a/internal/config/config.go b/internal/config/config.go
index 16ef32a8b..314257831 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -76,12 +76,13 @@ type Configuration struct {
 	WebTemplateBaseDir string `name:"web-template-base-dir" usage:"Basedir for html templating files for rendering pages and composing emails."`
 	WebAssetBaseDir    string `name:"web-asset-base-dir" usage:"Directory to serve static assets from, accessible at example.org/assets/"`
 
-	InstanceExposePeers            bool `name:"instance-expose-peers" usage:"Allow unauthenticated users to query /api/v1/instance/peers?filter=open"`
-	InstanceExposeSuspended        bool `name:"instance-expose-suspended" usage:"Expose suspended instances via web UI, and allow unauthenticated users to query /api/v1/instance/peers?filter=suspended"`
-	InstanceExposeSuspendedWeb     bool `name:"instance-expose-suspended-web" usage:"Expose list of suspended instances as webpage on /about/suspended"`
-	InstanceExposePublicTimeline   bool `name:"instance-expose-public-timeline" usage:"Allow unauthenticated users to query /api/v1/timelines/public"`
-	InstanceDeliverToSharedInboxes bool `name:"instance-deliver-to-shared-inboxes" usage:"Deliver federated messages to shared inboxes, if they're available."`
-	InstanceInjectMastodonVersion  bool `name:"instance-inject-mastodon-version" usage:"This injects a Mastodon compatible version in /api/v1/instance to help Mastodon clients that use that version for feature detection"`
+	InstanceFederationMode         string `name:"instance-federation-mode" usage:"Set instance federation mode."`
+	InstanceExposePeers            bool   `name:"instance-expose-peers" usage:"Allow unauthenticated users to query /api/v1/instance/peers?filter=open"`
+	InstanceExposeSuspended        bool   `name:"instance-expose-suspended" usage:"Expose suspended instances via web UI, and allow unauthenticated users to query /api/v1/instance/peers?filter=suspended"`
+	InstanceExposeSuspendedWeb     bool   `name:"instance-expose-suspended-web" usage:"Expose list of suspended instances as webpage on /about/suspended"`
+	InstanceExposePublicTimeline   bool   `name:"instance-expose-public-timeline" usage:"Allow unauthenticated users to query /api/v1/timelines/public"`
+	InstanceDeliverToSharedInboxes bool   `name:"instance-deliver-to-shared-inboxes" usage:"Deliver federated messages to shared inboxes, if they're available."`
+	InstanceInjectMastodonVersion  bool   `name:"instance-inject-mastodon-version" usage:"This injects a Mastodon compatible version in /api/v1/instance to help Mastodon clients that use that version for feature detection"`
 
 	AccountsRegistrationOpen bool `name:"accounts-registration-open" usage:"Allow anyone to submit an account signup request. If false, server will be invite-only."`
 	AccountsApprovalRequired bool `name:"accounts-approval-required" usage:"Do account signups require approval by an admin or moderator before user can log in? If false, new registrations will be automatically approved."`
diff --git a/internal/config/const.go b/internal/config/const.go
new file mode 100644
index 000000000..29e4b14e8
--- /dev/null
+++ b/internal/config/const.go
@@ -0,0 +1,26 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package config
+
+// Instance federation mode determines how this
+// instance federates with others (if at all).
+const (
+	InstanceFederationModeBlocklist = "blocklist"
+	InstanceFederationModeAllowlist = "allowlist"
+	InstanceFederationModeDefault   = InstanceFederationModeBlocklist
+)
diff --git a/internal/config/defaults.go b/internal/config/defaults.go
index 9ad9c125c..fe2aa3acc 100644
--- a/internal/config/defaults.go
+++ b/internal/config/defaults.go
@@ -57,6 +57,7 @@ var Defaults = Configuration{
 	WebTemplateBaseDir: "./web/template/",
 	WebAssetBaseDir:    "./web/assets/",
 
+	InstanceFederationMode:         InstanceFederationModeDefault,
 	InstanceExposePeers:            false,
 	InstanceExposeSuspended:        false,
 	InstanceExposeSuspendedWeb:     false,
diff --git a/internal/config/flags.go b/internal/config/flags.go
index 74ceedc00..29e0726a6 100644
--- a/internal/config/flags.go
+++ b/internal/config/flags.go
@@ -83,6 +83,7 @@ func (s *ConfigState) AddServerFlags(cmd *cobra.Command) {
 		cmd.Flags().String(WebAssetBaseDirFlag(), cfg.WebAssetBaseDir, fieldtag("WebAssetBaseDir", "usage"))
 
 		// Instance
+		cmd.Flags().String(InstanceFederationModeFlag(), cfg.InstanceFederationMode, fieldtag("InstanceFederationMode", "usage"))
 		cmd.Flags().Bool(InstanceExposePeersFlag(), cfg.InstanceExposePeers, fieldtag("InstanceExposePeers", "usage"))
 		cmd.Flags().Bool(InstanceExposeSuspendedFlag(), cfg.InstanceExposeSuspended, fieldtag("InstanceExposeSuspended", "usage"))
 		cmd.Flags().Bool(InstanceExposeSuspendedWebFlag(), cfg.InstanceExposeSuspendedWeb, fieldtag("InstanceExposeSuspendedWeb", "usage"))
diff --git a/internal/config/helpers.gen.go b/internal/config/helpers.gen.go
index f232d37a3..46a239596 100644
--- a/internal/config/helpers.gen.go
+++ b/internal/config/helpers.gen.go
@@ -749,6 +749,31 @@ func GetWebAssetBaseDir() string { return global.GetWebAssetBaseDir() }
 // SetWebAssetBaseDir safely sets the value for global configuration 'WebAssetBaseDir' field
 func SetWebAssetBaseDir(v string) { global.SetWebAssetBaseDir(v) }
 
+// GetInstanceFederationMode safely fetches the Configuration value for state's 'InstanceFederationMode' field
+func (st *ConfigState) GetInstanceFederationMode() (v string) {
+	st.mutex.RLock()
+	v = st.config.InstanceFederationMode
+	st.mutex.RUnlock()
+	return
+}
+
+// SetInstanceFederationMode safely sets the Configuration value for state's 'InstanceFederationMode' field
+func (st *ConfigState) SetInstanceFederationMode(v string) {
+	st.mutex.Lock()
+	defer st.mutex.Unlock()
+	st.config.InstanceFederationMode = v
+	st.reloadToViper()
+}
+
+// InstanceFederationModeFlag returns the flag name for the 'InstanceFederationMode' field
+func InstanceFederationModeFlag() string { return "instance-federation-mode" }
+
+// GetInstanceFederationMode safely fetches the value for global configuration 'InstanceFederationMode' field
+func GetInstanceFederationMode() string { return global.GetInstanceFederationMode() }
+
+// SetInstanceFederationMode safely sets the value for global configuration 'InstanceFederationMode' field
+func SetInstanceFederationMode(v string) { global.SetInstanceFederationMode(v) }
+
 // GetInstanceExposePeers safely fetches the Configuration value for state's 'InstanceExposePeers' field
 func (st *ConfigState) GetInstanceExposePeers() (v bool) {
 	st.mutex.RLock()
diff --git a/internal/config/validate.go b/internal/config/validate.go
index bc8edc816..45cdc4eee 100644
--- a/internal/config/validate.go
+++ b/internal/config/validate.go
@@ -61,6 +61,17 @@ func Validate() error {
 		errs = append(errs, fmt.Errorf("%s must be set to either http or https, provided value was %s", ProtocolFlag(), proto))
 	}
 
+	// federation mode
+	switch federationMode := GetInstanceFederationMode(); federationMode {
+	case InstanceFederationModeBlocklist, InstanceFederationModeAllowlist:
+		// no problem
+		break
+	case "":
+		errs = append(errs, fmt.Errorf("%s must be set", InstanceFederationModeFlag()))
+	default:
+		errs = append(errs, fmt.Errorf("%s must be set to either blocklist or allowlist, provided value was %s", InstanceFederationModeFlag(), federationMode))
+	}
+
 	webAssetsBaseDir := GetWebAssetBaseDir()
 	if webAssetsBaseDir == "" {
 		errs = append(errs, fmt.Errorf("%s must be set", WebAssetBaseDirFlag()))