diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2024-01-19 14:13:24 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2024-01-19 13:13:24 +0000 |
| commit | 33dbd3ab7a2245cdd7ec56eb26d53d01e2c89f16 (patch) | |
| tree | 36214cf998f9324c9e6df9c9dc97aae077372a60 /internal/processing/admin/domainblock.go | |
| parent | [chore] Harden up boolptr logic on Accounts, warn if not set (#2544) (diff) | |
| download | gotosocial-33dbd3ab7a2245cdd7ec56eb26d53d01e2c89f16.tar.xz | |
[bugfix] Ensure domain block side effects skipped if allow in place (blocklist mode) (#2542)
Diffstat (limited to 'internal/processing/admin/domainblock.go')
| -rw-r--r-- | internal/processing/admin/domainblock.go | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/internal/processing/admin/domainblock.go b/internal/processing/admin/domainblock.go index 4161ec12f..9fe5dc847 100644 --- a/internal/processing/admin/domainblock.go +++ b/internal/processing/admin/domainblock.go @@ -26,6 +26,7 @@ import ( "codeberg.org/gruf/go-kv" "github.com/superseriousbusiness/gotosocial/internal/ap" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" @@ -92,6 +93,15 @@ func (p *Processor) createDomainBlock( {"actionID", actionID}, }...).WithContext(ctx) + skip, err := p.skipBlockSideEffects(ctx, domain) + if err != nil { + return err + } + if skip != "" { + l.Infof("skipping domain block side effects: %s", skip) + return nil + } + l.Info("processing domain block side effects") defer func() { l.Info("finished processing domain block side effects") }() @@ -109,6 +119,54 @@ func (p *Processor) createDomainBlock( return apiDomainBlock, actionID, nil } +// skipBlockSideEffects checks if side effects of block creation +// should be skipped for the given domain, taking account of +// instance federation mode, and existence of any allows +// which ought to "shield" this domain from being blocked. +// +// If the caller should skip, the returned string will be non-zero +// and will be set to a reason why side effects should be skipped. +// +// - blocklist mode + allow exists: "..." (skip) +// - blocklist mode + no allow: "" (don't skip) +// - allowlist mode + allow exists: "" (don't skip) +// - allowlist mode + no allow: "" (don't skip) +func (p *Processor) skipBlockSideEffects( + ctx context.Context, + domain string, +) (string, gtserror.MultiError) { + var ( + skip string // Assume "" (don't skip). + errs gtserror.MultiError + ) + + // Never skip block side effects in allowlist mode. + fediMode := config.GetInstanceFederationMode() + if fediMode == config.InstanceFederationModeAllowlist { + return skip, errs + } + + // We know we're in blocklist mode. + // + // We want to skip domain block side + // effects if an allow is already + // in place which overrides the block. + + // Check if an explicit allow exists for this domain. + domainAllow, err := p.state.DB.GetDomainAllow(ctx, domain) + if err != nil && !errors.Is(err, db.ErrNoEntries) { + errs.Appendf("error getting domain allow: %w", err) + return skip, errs + } + + if domainAllow != nil { + skip = "running in blocklist mode, and an explicit allow exists for this domain" + return skip, errs + } + + return skip, errs +} + // domainBlockSideEffects processes the side effects of a domain block: // // 1. Strip most info away from the instance entry for the domain. |