moving stuff around

21 files changed, 2633 insertions, 0 deletions

diff --git a/internal/validate/block_test.go b/internal/validate/block_test.go
new file mode 100644
index 000000000..0b3293fb5
--- /dev/null
+++ b/internal/validate/block_test.go
@@ -0,0 +1,116 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyBlock() *gtsmodel.Block {
+	return &gtsmodel.Block{
+		ID:              "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:       time.Now(),
+		UpdatedAt:       time.Now(),
+		URI:             "https://example.org/accounts/someone/blocks/01FE91RJR88PSEEE30EV35QR8N",
+		AccountID:       "01FEED79PRMVWPRMFHFQM8MJQN",
+		Account:         nil,
+		TargetAccountID: "01FEEDMF6C0QD589MRK7919Z0R",
+		TargetAccount:   nil,
+	}
+}
+
+type BlockValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *BlockValidateTestSuite) TestValidateBlockHappyPath() {
+	// no problem here
+	d := happyBlock()
+	err := validate.Struct(*d)
+	suite.NoError(err)
+}
+
+func (suite *BlockValidateTestSuite) TestValidateBlockBadID() {
+	d := happyBlock()
+
+	d.ID = ""
+	err := validate.Struct(*d)
+	suite.EqualError(err, "Key: 'Block.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	d.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*d)
+	suite.EqualError(err, "Key: 'Block.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *BlockValidateTestSuite) TestValidateBlockNoCreatedAt() {
+	d := happyBlock()
+
+	d.CreatedAt = time.Time{}
+	err := validate.Struct(*d)
+	suite.NoError(err)
+}
+
+func (suite *BlockValidateTestSuite) TestValidateBlockCreatedByAccountID() {
+	d := happyBlock()
+
+	d.AccountID = ""
+	err := validate.Struct(*d)
+	suite.EqualError(err, "Key: 'Block.AccountID' Error:Field validation for 'AccountID' failed on the 'required' tag")
+
+	d.AccountID = "this-is-not-a-valid-ulid"
+	err = validate.Struct(*d)
+	suite.EqualError(err, "Key: 'Block.AccountID' Error:Field validation for 'AccountID' failed on the 'ulid' tag")
+}
+
+func (suite *BlockValidateTestSuite) TestValidateBlockTargetAccountID() {
+	d := happyBlock()
+
+	d.TargetAccountID = "invalid-ulid"
+	err := validate.Struct(*d)
+	suite.EqualError(err, "Key: 'Block.TargetAccountID' Error:Field validation for 'TargetAccountID' failed on the 'ulid' tag")
+
+	d.TargetAccountID = "01FEEDHX4G7EGHF5GD9E82Y51Q"
+	err = validate.Struct(*d)
+	suite.NoError(err)
+
+	d.TargetAccountID = ""
+	err = validate.Struct(*d)
+	suite.EqualError(err, "Key: 'Block.TargetAccountID' Error:Field validation for 'TargetAccountID' failed on the 'required' tag")
+}
+
+func (suite *BlockValidateTestSuite) TestValidateBlockURI() {
+	d := happyBlock()
+
+	d.URI = "invalid-uri"
+	err := validate.Struct(*d)
+	suite.EqualError(err, "Key: 'Block.URI' Error:Field validation for 'URI' failed on the 'url' tag")
+
+	d.URI = ""
+	err = validate.Struct(*d)
+	suite.EqualError(err, "Key: 'Block.URI' Error:Field validation for 'URI' failed on the 'required' tag")
+}
+
+func TestBlockValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(BlockValidateTestSuite))
+}
diff --git a/internal/validate/domainblock_test.go b/internal/validate/domainblock_test.go
new file mode 100644
index 000000000..0ce826f12
--- /dev/null
+++ b/internal/validate/domainblock_test.go
@@ -0,0 +1,122 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyDomainBlock() *gtsmodel.DomainBlock {
+	return &gtsmodel.DomainBlock{
+		ID:                 "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:          time.Now(),
+		UpdatedAt:          time.Now(),
+		Domain:             "baddudes.suck",
+		CreatedByAccountID: "01FEED79PRMVWPRMFHFQM8MJQN",
+		PrivateComment:     "we don't like em",
+		PublicComment:      "poo poo dudes",
+		Obfuscate:          false,
+		SubscriptionID:     "",
+	}
+}
+
+type DomainBlockValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *DomainBlockValidateTestSuite) TestValidateDomainBlockHappyPath() {
+	// no problem here
+	d := happyDomainBlock()
+	err := validate.Struct(*d)
+	suite.NoError(err)
+}
+
+func (suite *DomainBlockValidateTestSuite) TestValidateDomainBlockBadID() {
+	d := happyDomainBlock()
+
+	d.ID = ""
+	err := validate.Struct(*d)
+	suite.EqualError(err, "Key: 'DomainBlock.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	d.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*d)
+	suite.EqualError(err, "Key: 'DomainBlock.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *DomainBlockValidateTestSuite) TestValidateDomainBlockNoCreatedAt() {
+	d := happyDomainBlock()
+
+	d.CreatedAt = time.Time{}
+	err := validate.Struct(*d)
+	suite.NoError(err)
+}
+
+func (suite *DomainBlockValidateTestSuite) TestValidateDomainBlockBadDomain() {
+	d := happyDomainBlock()
+
+	d.Domain = ""
+	err := validate.Struct(*d)
+	suite.EqualError(err, "Key: 'DomainBlock.Domain' Error:Field validation for 'Domain' failed on the 'required' tag")
+
+	d.Domain = "this-is-not-a-valid-domain"
+	err = validate.Struct(*d)
+	suite.EqualError(err, "Key: 'DomainBlock.Domain' Error:Field validation for 'Domain' failed on the 'fqdn' tag")
+}
+
+func (suite *DomainBlockValidateTestSuite) TestValidateDomainBlockCreatedByAccountID() {
+	d := happyDomainBlock()
+
+	d.CreatedByAccountID = ""
+	err := validate.Struct(*d)
+	suite.EqualError(err, "Key: 'DomainBlock.CreatedByAccountID' Error:Field validation for 'CreatedByAccountID' failed on the 'required' tag")
+
+	d.CreatedByAccountID = "this-is-not-a-valid-ulid"
+	err = validate.Struct(*d)
+	suite.EqualError(err, "Key: 'DomainBlock.CreatedByAccountID' Error:Field validation for 'CreatedByAccountID' failed on the 'ulid' tag")
+}
+
+func (suite *DomainBlockValidateTestSuite) TestValidateDomainBlockComments() {
+	d := happyDomainBlock()
+
+	d.PrivateComment = ""
+	d.PublicComment = ""
+	err := validate.Struct(*d)
+	suite.NoError(err)
+}
+
+func (suite *DomainBlockValidateTestSuite) TestValidateDomainSubscriptionID() {
+	d := happyDomainBlock()
+
+	d.SubscriptionID = "invalid-ulid"
+	err := validate.Struct(*d)
+	suite.EqualError(err, "Key: 'DomainBlock.SubscriptionID' Error:Field validation for 'SubscriptionID' failed on the 'ulid' tag")
+
+	d.SubscriptionID = "01FEEDHX4G7EGHF5GD9E82Y51Q"
+	err = validate.Struct(*d)
+	suite.NoError(err)
+}
+
+func TestDomainBlockValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(DomainBlockValidateTestSuite))
+}
diff --git a/internal/validate/emaildomainblock_test.go b/internal/validate/emaildomainblock_test.go
new file mode 100644
index 000000000..26ba08615
--- /dev/null
+++ b/internal/validate/emaildomainblock_test.go
@@ -0,0 +1,97 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyEmailDomainBlock() *gtsmodel.EmailDomainBlock {
+	return &gtsmodel.EmailDomainBlock{
+		ID:                 "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:          time.Now(),
+		UpdatedAt:          time.Now(),
+		Domain:             "baddudes.suck",
+		CreatedByAccountID: "01FEED79PRMVWPRMFHFQM8MJQN",
+	}
+}
+
+type EmailDomainBlockValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *EmailDomainBlockValidateTestSuite) TestValidateEmailDomainBlockHappyPath() {
+	// no problem here
+	e := happyEmailDomainBlock()
+	err := validate.Struct(*e)
+	suite.NoError(err)
+}
+
+func (suite *EmailDomainBlockValidateTestSuite) TestValidateEmailDomainBlockBadID() {
+	e := happyEmailDomainBlock()
+
+	e.ID = ""
+	err := validate.Struct(*e)
+	suite.EqualError(err, "Key: 'EmailDomainBlock.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	e.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'EmailDomainBlock.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *EmailDomainBlockValidateTestSuite) TestValidateEmailDomainBlockNoCreatedAt() {
+	e := happyEmailDomainBlock()
+
+	e.CreatedAt = time.Time{}
+	err := validate.Struct(*e)
+	suite.NoError(err)
+}
+
+func (suite *EmailDomainBlockValidateTestSuite) TestValidateEmailDomainBlockBadDomain() {
+	e := happyEmailDomainBlock()
+
+	e.Domain = ""
+	err := validate.Struct(*e)
+	suite.EqualError(err, "Key: 'EmailDomainBlock.Domain' Error:Field validation for 'Domain' failed on the 'required' tag")
+
+	e.Domain = "this-is-not-a-valid-domain"
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'EmailDomainBlock.Domain' Error:Field validation for 'Domain' failed on the 'fqdn' tag")
+}
+
+func (suite *EmailDomainBlockValidateTestSuite) TestValidateEmailDomainBlockCreatedByAccountID() {
+	e := happyEmailDomainBlock()
+
+	e.CreatedByAccountID = ""
+	err := validate.Struct(*e)
+	suite.EqualError(err, "Key: 'EmailDomainBlock.CreatedByAccountID' Error:Field validation for 'CreatedByAccountID' failed on the 'required' tag")
+
+	e.CreatedByAccountID = "this-is-not-a-valid-ulid"
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'EmailDomainBlock.CreatedByAccountID' Error:Field validation for 'CreatedByAccountID' failed on the 'ulid' tag")
+}
+
+func TestEmailDomainBlockValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(EmailDomainBlockValidateTestSuite))
+}
diff --git a/internal/validate/emoji_test.go b/internal/validate/emoji_test.go
new file mode 100644
index 000000000..4ada1ca8b
--- /dev/null
+++ b/internal/validate/emoji_test.go
@@ -0,0 +1,195 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"os"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyEmoji() *gtsmodel.Emoji {
+	// the file validator actually runs os.Stat on given paths, so we need to just create small
+	// temp files for both the main attachment file and the thumbnail
+
+	imageFile, err := os.CreateTemp("", "gts_test_emoji")
+	if err != nil {
+		panic(err)
+	}
+	if _, err := imageFile.WriteString("main"); err != nil {
+		panic(err)
+	}
+	imagePath := imageFile.Name()
+	if err := imageFile.Close(); err != nil {
+		panic(err)
+	}
+
+	staticFile, err := os.CreateTemp("", "gts_test_emoji_static")
+	if err != nil {
+		panic(err)
+	}
+	if _, err := staticFile.WriteString("thumbnail"); err != nil {
+		panic(err)
+	}
+	imageStaticPath := staticFile.Name()
+	if err := staticFile.Close(); err != nil {
+		panic(err)
+	}
+
+	return &gtsmodel.Emoji{
+		ID:                     "01F8MH6NEM8D7527KZAECTCR76",
+		CreatedAt:              time.Now().Add(-71 * time.Hour),
+		UpdatedAt:              time.Now().Add(-71 * time.Hour),
+		Shortcode:              "blob_test",
+		Domain:                 "example.org",
+		ImageRemoteURL:         "https://example.org/emojis/blob_test.gif",
+		ImageStaticRemoteURL:   "https://example.org/emojis/blob_test.png",
+		ImageURL:               "",
+		ImageStaticURL:         "",
+		ImagePath:              imagePath,
+		ImageStaticPath:        imageStaticPath,
+		ImageContentType:       "image/gif",
+		ImageStaticContentType: "image/png",
+		ImageFileSize:          1024,
+		ImageStaticFileSize:    256,
+		ImageUpdatedAt:         time.Now(),
+		Disabled:               false,
+		URI:                    "https://example.org/emojis/blob_test",
+		VisibleInPicker:        true,
+		CategoryID:             "01FEE47ZH70PWDSEAVBRFNX325",
+	}
+}
+
+type EmojiValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *EmojiValidateTestSuite) TestValidateEmojiHappyPath() {
+	// no problem here
+	m := happyEmoji()
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func (suite *EmojiValidateTestSuite) TestValidateEmojiBadFilePaths() {
+	e := happyEmoji()
+
+	e.ImagePath = "/tmp/nonexistent/file/for/gotosocial/test"
+	err := validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImagePath' Error:Field validation for 'ImagePath' failed on the 'file' tag")
+
+	e.ImagePath = ""
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImagePath' Error:Field validation for 'ImagePath' failed on the 'required' tag")
+
+	e.ImagePath = "???????????thisnot a valid path####"
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImagePath' Error:Field validation for 'ImagePath' failed on the 'file' tag")
+
+	e.ImageStaticPath = "/tmp/nonexistent/file/for/gotosocial/test"
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImagePath' Error:Field validation for 'ImagePath' failed on the 'file' tag\nKey: 'Emoji.ImageStaticPath' Error:Field validation for 'ImageStaticPath' failed on the 'file' tag")
+
+	e.ImageStaticPath = ""
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImagePath' Error:Field validation for 'ImagePath' failed on the 'file' tag\nKey: 'Emoji.ImageStaticPath' Error:Field validation for 'ImageStaticPath' failed on the 'required' tag")
+
+	e.ImageStaticPath = "???????????thisnot a valid path####"
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImagePath' Error:Field validation for 'ImagePath' failed on the 'file' tag\nKey: 'Emoji.ImageStaticPath' Error:Field validation for 'ImageStaticPath' failed on the 'file' tag")
+}
+
+func (suite *EmojiValidateTestSuite) TestValidateEmojiURI() {
+	e := happyEmoji()
+
+	e.URI = "aaaaaaaaaa"
+	err := validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.URI' Error:Field validation for 'URI' failed on the 'url' tag")
+
+	e.URI = ""
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.URI' Error:Field validation for 'URI' failed on the 'url' tag")
+}
+
+func (suite *EmojiValidateTestSuite) TestValidateEmojiURLCombos() {
+	e := happyEmoji()
+
+	e.ImageRemoteURL = ""
+	err := validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImageRemoteURL' Error:Field validation for 'ImageRemoteURL' failed on the 'required_without' tag\nKey: 'Emoji.ImageURL' Error:Field validation for 'ImageURL' failed on the 'required_without' tag")
+
+	e.ImageURL = "https://whatever.org"
+	err = validate.Struct(*e)
+	suite.NoError(err)
+
+	e.ImageStaticRemoteURL = ""
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImageStaticRemoteURL' Error:Field validation for 'ImageStaticRemoteURL' failed on the 'required_without' tag\nKey: 'Emoji.ImageStaticURL' Error:Field validation for 'ImageStaticURL' failed on the 'required_without' tag")
+
+	e.ImageStaticURL = "https://whatever.org"
+	err = validate.Struct(*e)
+	suite.NoError(err)
+
+	e.ImageURL = ""
+	e.ImageStaticURL = ""
+	e.ImageRemoteURL = ""
+	e.ImageStaticRemoteURL = ""
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImageRemoteURL' Error:Field validation for 'ImageRemoteURL' failed on the 'required_without' tag\nKey: 'Emoji.ImageStaticRemoteURL' Error:Field validation for 'ImageStaticRemoteURL' failed on the 'required_without' tag\nKey: 'Emoji.ImageURL' Error:Field validation for 'ImageURL' failed on the 'required_without' tag\nKey: 'Emoji.ImageStaticURL' Error:Field validation for 'ImageStaticURL' failed on the 'required_without' tag")
+}
+
+func (suite *EmojiValidateTestSuite) TestValidateFileSize() {
+	e := happyEmoji()
+
+	e.ImageFileSize = 0
+	err := validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImageFileSize' Error:Field validation for 'ImageFileSize' failed on the 'required' tag")
+
+	e.ImageStaticFileSize = 0
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImageFileSize' Error:Field validation for 'ImageFileSize' failed on the 'required' tag\nKey: 'Emoji.ImageStaticFileSize' Error:Field validation for 'ImageStaticFileSize' failed on the 'required' tag")
+
+	e.ImageFileSize = -1
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImageFileSize' Error:Field validation for 'ImageFileSize' failed on the 'min' tag\nKey: 'Emoji.ImageStaticFileSize' Error:Field validation for 'ImageStaticFileSize' failed on the 'required' tag")
+
+	e.ImageStaticFileSize = -1
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImageFileSize' Error:Field validation for 'ImageFileSize' failed on the 'min' tag\nKey: 'Emoji.ImageStaticFileSize' Error:Field validation for 'ImageStaticFileSize' failed on the 'min' tag")
+}
+
+func (suite *EmojiValidateTestSuite) TestValidateDomain() {
+	e := happyEmoji()
+
+	e.Domain = ""
+	err := validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.ImageURL' Error:Field validation for 'ImageURL' failed on the 'required_without' tag\nKey: 'Emoji.ImageStaticURL' Error:Field validation for 'ImageStaticURL' failed on the 'required_without' tag")
+
+	e.Domain = "aaaaaaaaa"
+	err = validate.Struct(*e)
+	suite.EqualError(err, "Key: 'Emoji.Domain' Error:Field validation for 'Domain' failed on the 'fqdn' tag")
+}
+
+func TestEmojiValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(EmojiValidateTestSuite))
+}
diff --git a/internal/validate/follow_test.go b/internal/validate/follow_test.go
new file mode 100644
index 000000000..d624666be
--- /dev/null
+++ b/internal/validate/follow_test.go
@@ -0,0 +1,88 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyFollow() *gtsmodel.Follow {
+	return &gtsmodel.Follow{
+		ID:              "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:       time.Now(),
+		UpdatedAt:       time.Now(),
+		AccountID:       "01FE96MAE58MXCE5C4SSMEMCEK",
+		Account:         nil,
+		TargetAccountID: "01FE96MXRHWZHKC0WH5FT82H1A",
+		TargetAccount:   nil,
+		URI:             "https://example.org/users/user1/activity/follow/01FE91RJR88PSEEE30EV35QR8N",
+	}
+}
+
+type FollowValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *FollowValidateTestSuite) TestValidateFollowHappyPath() {
+	// no problem here
+	f := happyFollow()
+	err := validate.Struct(*f)
+	suite.NoError(err)
+}
+
+func (suite *FollowValidateTestSuite) TestValidateFollowBadID() {
+	f := happyFollow()
+
+	f.ID = ""
+	err := validate.Struct(*f)
+	suite.EqualError(err, "Key: 'Follow.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	f.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*f)
+	suite.EqualError(err, "Key: 'Follow.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *FollowValidateTestSuite) TestValidateFollowNoCreatedAt() {
+	f := happyFollow()
+
+	f.CreatedAt = time.Time{}
+	err := validate.Struct(*f)
+	suite.NoError(err)
+}
+
+func (suite *FollowValidateTestSuite) TestValidateFollowNoURI() {
+	f := happyFollow()
+
+	f.URI = ""
+	err := validate.Struct(*f)
+	suite.EqualError(err, "Key: 'Follow.URI' Error:Field validation for 'URI' failed on the 'required' tag")
+
+	f.URI = "this-is-not-a-valid-url"
+	err = validate.Struct(*f)
+	suite.EqualError(err, "Key: 'Follow.URI' Error:Field validation for 'URI' failed on the 'url' tag")
+}
+
+func TestFollowValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(FollowValidateTestSuite))
+}
diff --git a/internal/validate/followrequest_test.go b/internal/validate/followrequest_test.go
new file mode 100644
index 000000000..f607e24c3
--- /dev/null
+++ b/internal/validate/followrequest_test.go
@@ -0,0 +1,88 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyFollowRequest() *gtsmodel.FollowRequest {
+	return &gtsmodel.FollowRequest{
+		ID:              "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:       time.Now(),
+		UpdatedAt:       time.Now(),
+		AccountID:       "01FE96MAE58MXCE5C4SSMEMCEK",
+		Account:         nil,
+		TargetAccountID: "01FE96MXRHWZHKC0WH5FT82H1A",
+		TargetAccount:   nil,
+		URI:             "https://example.org/users/user1/activity/follow/01FE91RJR88PSEEE30EV35QR8N",
+	}
+}
+
+type FollowRequestValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *FollowRequestValidateTestSuite) TestValidateFollowRequestHappyPath() {
+	// no problem here
+	f := happyFollowRequest()
+	err := validate.Struct(*f)
+	suite.NoError(err)
+}
+
+func (suite *FollowRequestValidateTestSuite) TestValidateFollowRequestBadID() {
+	f := happyFollowRequest()
+
+	f.ID = ""
+	err := validate.Struct(*f)
+	suite.EqualError(err, "Key: 'FollowRequest.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	f.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*f)
+	suite.EqualError(err, "Key: 'FollowRequest.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *FollowRequestValidateTestSuite) TestValidateFollowRequestNoCreatedAt() {
+	f := happyFollowRequest()
+
+	f.CreatedAt = time.Time{}
+	err := validate.Struct(*f)
+	suite.NoError(err)
+}
+
+func (suite *FollowRequestValidateTestSuite) TestValidateFollowRequestNoURI() {
+	f := happyFollowRequest()
+
+	f.URI = ""
+	err := validate.Struct(*f)
+	suite.EqualError(err, "Key: 'FollowRequest.URI' Error:Field validation for 'URI' failed on the 'required' tag")
+
+	f.URI = "this-is-not-a-valid-url"
+	err = validate.Struct(*f)
+	suite.EqualError(err, "Key: 'FollowRequest.URI' Error:Field validation for 'URI' failed on the 'url' tag")
+}
+
+func TestFollowRequestValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(FollowRequestValidateTestSuite))
+}
diff --git a/internal/validate/formvalidation.go b/internal/validate/formvalidation.go
new file mode 100644
index 000000000..a30ec1a58
--- /dev/null
+++ b/internal/validate/formvalidation.go
@@ -0,0 +1,182 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate
+
+import (
+	"errors"
+	"fmt"
+	"net/mail"
+
+	"github.com/superseriousbusiness/gotosocial/internal/regexes"
+	pwv "github.com/wagslane/go-password-validator"
+	"golang.org/x/text/language"
+)
+
+const (
+	maximumPasswordLength         = 64
+	minimumPasswordEntropy        = 60 // dictates password strength. See https://github.com/wagslane/go-password-validator
+	minimumReasonLength           = 40
+	maximumReasonLength           = 500
+	maximumSiteTitleLength        = 40
+	maximumShortDescriptionLength = 500
+	maximumDescriptionLength      = 5000
+	maximumSiteTermsLength        = 5000
+	maximumUsernameLength         = 64
+	maximumEmojiShortcodeLength   = 30
+	maximumHashtagLength          = 30
+)
+
+// NewPassword returns an error if the given password is not sufficiently strong, or nil if it's ok.
+func NewPassword(password string) error {
+	if password == "" {
+		return errors.New("no password provided")
+	}
+
+	if len(password) > maximumPasswordLength {
+		return fmt.Errorf("password should be no more than %d chars", maximumPasswordLength)
+	}
+
+	return pwv.Validate(password, minimumPasswordEntropy)
+}
+
+// Username makes sure that a given username is valid (ie., letters, numbers, underscores, check length).
+// Returns an error if not.
+func Username(username string) error {
+	if username == "" {
+		return errors.New("no username provided")
+	}
+
+	if !regexes.Username.MatchString(username) {
+		return fmt.Errorf("given username %s was invalid: must contain only lowercase letters, numbers, and underscores, max %d characters", username, maximumUsernameLength)
+	}
+
+	return nil
+}
+
+// Email makes sure that a given email address is a valid address.
+// Returns an error if not.
+func Email(email string) error {
+	if email == "" {
+		return errors.New("no email provided")
+	}
+
+	_, err := mail.ParseAddress(email)
+	return err
+}
+
+// Language checks that the given language string is a 2- or 3-letter ISO 639 code.
+// Returns an error if the language cannot be parsed. See: https://pkg.go.dev/golang.org/x/text/language
+func Language(lang string) error {
+	if lang == "" {
+		return errors.New("no language provided")
+	}
+	_, err := language.ParseBase(lang)
+	return err
+}
+
+// SignUpReason checks that a sufficient reason is given for a server signup request
+func SignUpReason(reason string, reasonRequired bool) error {
+	if !reasonRequired {
+		// we don't care!
+		// we're not going to do anything with this text anyway if no reason is required
+		return nil
+	}
+
+	if reason == "" {
+		return errors.New("no reason provided")
+	}
+
+	if len(reason) < minimumReasonLength {
+		return fmt.Errorf("reason should be at least %d chars but '%s' was %d", minimumReasonLength, reason, len(reason))
+	}
+
+	if len(reason) > maximumReasonLength {
+		return fmt.Errorf("reason should be no more than %d chars but given reason was %d", maximumReasonLength, len(reason))
+	}
+	return nil
+}
+
+// DisplayName checks that a requested display name is valid
+func DisplayName(displayName string) error {
+	// TODO: add some validation logic here -- length, characters, etc
+	return nil
+}
+
+// Note checks that a given profile/account note/bio is valid
+func Note(note string) error {
+	// TODO: add some validation logic here -- length, characters, etc
+	return nil
+}
+
+// Privacy checks that the desired privacy setting is valid
+func Privacy(privacy string) error {
+	// TODO: add some validation logic here -- length, characters, etc
+	return nil
+}
+
+// EmojiShortcode just runs the given shortcode through the regular expression
+// for emoji shortcodes, to figure out whether it's a valid shortcode, ie., 2-30 characters,
+// lowercase a-z, numbers, and underscores.
+func EmojiShortcode(shortcode string) error {
+	if !regexes.EmojiShortcode.MatchString(shortcode) {
+		return fmt.Errorf("shortcode %s did not pass validation, must be between 2 and 30 characters, lowercase letters, numbers, and underscores only", shortcode)
+	}
+	return nil
+}
+
+// SiteTitle ensures that the given site title is within spec.
+func SiteTitle(siteTitle string) error {
+	if len(siteTitle) > maximumSiteTitleLength {
+		return fmt.Errorf("site title should be no more than %d chars but given title was %d", maximumSiteTitleLength, len(siteTitle))
+	}
+
+	return nil
+}
+
+// SiteShortDescription ensures that the given site short description is within spec.
+func SiteShortDescription(d string) error {
+	if len(d) > maximumShortDescriptionLength {
+		return fmt.Errorf("short description should be no more than %d chars but given description was %d", maximumShortDescriptionLength, len(d))
+	}
+
+	return nil
+}
+
+// SiteDescription ensures that the given site description is within spec.
+func SiteDescription(d string) error {
+	if len(d) > maximumDescriptionLength {
+		return fmt.Errorf("description should be no more than %d chars but given description was %d", maximumDescriptionLength, len(d))
+	}
+
+	return nil
+}
+
+// SiteTerms ensures that the given site terms string is within spec.
+func SiteTerms(t string) error {
+	if len(t) > maximumSiteTermsLength {
+		return fmt.Errorf("terms should be no more than %d chars but given terms was %d", maximumSiteTermsLength, len(t))
+	}
+
+	return nil
+}
+
+// ULID returns true if the passed string is a valid ULID.
+func ULID(i string) bool {
+	return regexes.ULID.MatchString(i)
+}
diff --git a/internal/validate/formvalidation_test.go b/internal/validate/formvalidation_test.go
new file mode 100644
index 000000000..03bed42d8
--- /dev/null
+++ b/internal/validate/formvalidation_test.go
@@ -0,0 +1,283 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"errors"
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+type ValidationTestSuite struct {
+	suite.Suite
+}
+
+func (suite *ValidationTestSuite) TestCheckPasswordStrength() {
+	empty := ""
+	terriblePassword := "password"
+	weakPassword := "OKPassword"
+	shortPassword := "Ok12"
+	specialPassword := "Ok12%"
+	longPassword := "thisisafuckinglongpasswordbutnospecialchars"
+	tooLong := "Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Quisque a enim nibh. Vestibulum bibendum leo ac porttitor auctor."
+	strongPassword := "3dX5@Zc%mV*W2MBNEy$@"
+	var err error
+
+	err = validate.NewPassword(empty)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("no password provided"), err)
+	}
+
+	err = validate.NewPassword(terriblePassword)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("insecure password, try including more special characters, using uppercase letters, using numbers or using a longer password"), err)
+	}
+
+	err = validate.NewPassword(weakPassword)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("insecure password, try including more special characters, using numbers or using a longer password"), err)
+	}
+
+	err = validate.NewPassword(shortPassword)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("insecure password, try including more special characters or using a longer password"), err)
+	}
+
+	err = validate.NewPassword(specialPassword)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("insecure password, try including more special characters or using a longer password"), err)
+	}
+
+	err = validate.NewPassword(longPassword)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
+	err = validate.NewPassword(tooLong)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("password should be no more than 64 chars"), err)
+	}
+
+	err = validate.NewPassword(strongPassword)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+}
+
+func (suite *ValidationTestSuite) TestValidateUsername() {
+	empty := ""
+	tooLong := "holycrapthisisthelongestusernameiveeverseeninmylifethatstoomuchman"
+	withSpaces := "this username has spaces in it"
+	weirdChars := "thisusername&&&&&&&istooweird!!"
+	leadingSpace := " see_that_leading_space"
+	trailingSpace := "thisusername_ends_with_a_space "
+	newlines := "this_is\n_almost_ok"
+	goodUsername := "this_is_a_good_username"
+	var err error
+
+	err = validate.Username(empty)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("no username provided"), err)
+	}
+
+	err = validate.Username(tooLong)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), fmt.Errorf("given username %s was invalid: must contain only lowercase letters, numbers, and underscores, max 64 characters", tooLong), err)
+	}
+
+	err = validate.Username(withSpaces)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), fmt.Errorf("given username %s was invalid: must contain only lowercase letters, numbers, and underscores, max 64 characters", withSpaces), err)
+	}
+
+	err = validate.Username(weirdChars)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), fmt.Errorf("given username %s was invalid: must contain only lowercase letters, numbers, and underscores, max 64 characters", weirdChars), err)
+	}
+
+	err = validate.Username(leadingSpace)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), fmt.Errorf("given username %s was invalid: must contain only lowercase letters, numbers, and underscores, max 64 characters", leadingSpace), err)
+	}
+
+	err = validate.Username(trailingSpace)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), fmt.Errorf("given username %s was invalid: must contain only lowercase letters, numbers, and underscores, max 64 characters", trailingSpace), err)
+	}
+
+	err = validate.Username(newlines)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), fmt.Errorf("given username %s was invalid: must contain only lowercase letters, numbers, and underscores, max 64 characters", newlines), err)
+	}
+
+	err = validate.Username(goodUsername)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+}
+
+func (suite *ValidationTestSuite) TestValidateEmail() {
+	empty := ""
+	notAnEmailAddress := "this-is-no-email-address!"
+	almostAnEmailAddress := "@thisisalmostan@email.address"
+	aWebsite := "https://thisisawebsite.com"
+	emailAddress := "thisis.actually@anemail.address"
+	var err error
+
+	err = validate.Email(empty)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("no email provided"), err)
+	}
+
+	err = validate.Email(notAnEmailAddress)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("mail: missing '@' or angle-addr"), err)
+	}
+
+	err = validate.Email(almostAnEmailAddress)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("mail: no angle-addr"), err)
+	}
+
+	err = validate.Email(aWebsite)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("mail: missing '@' or angle-addr"), err)
+	}
+
+	err = validate.Email(emailAddress)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+}
+
+func (suite *ValidationTestSuite) TestValidateLanguage() {
+	empty := ""
+	notALanguage := "this isn't a language at all!"
+	english := "en"
+	capitalEnglish := "EN"
+	arabic3Letters := "ara"
+	mixedCapsEnglish := "eN"
+	englishUS := "en-us"
+	dutch := "nl"
+	german := "de"
+	var err error
+
+	err = validate.Language(empty)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("no language provided"), err)
+	}
+
+	err = validate.Language(notALanguage)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("language: tag is not well-formed"), err)
+	}
+
+	err = validate.Language(english)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
+	err = validate.Language(capitalEnglish)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
+	err = validate.Language(arabic3Letters)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
+	err = validate.Language(mixedCapsEnglish)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
+	err = validate.Language(englishUS)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("language: tag is not well-formed"), err)
+	}
+
+	err = validate.Language(dutch)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
+	err = validate.Language(german)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+}
+
+func (suite *ValidationTestSuite) TestValidateReason() {
+	empty := ""
+	badReason := "because"
+	goodReason := "to smash the state and destroy capitalism ultimately and completely"
+	tooLong := "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris auctor mollis viverra. Maecenas maximus mollis sem, nec fermentum velit consectetur non. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Quisque a enim nibh. Vestibulum bibendum leo ac porttitor auctor. Curabitur velit tellus, facilisis vitae lorem a, ullamcorper efficitur leo. Sed a auctor tortor. Sed ut finibus ante, sit amet laoreet sapien. Donec ullamcorper tellus a nibh sodales vulputate. Donec id dolor eu odio mollis bibendum. Pellentesque habitant morbi tristique senectus et netus at."
+	var err error
+
+	// check with no reason required
+	err = validate.SignUpReason(empty, false)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
+	err = validate.SignUpReason(badReason, false)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
+	err = validate.SignUpReason(tooLong, false)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
+	err = validate.SignUpReason(goodReason, false)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+
+	// check with reason required
+	err = validate.SignUpReason(empty, true)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("no reason provided"), err)
+	}
+
+	err = validate.SignUpReason(badReason, true)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("reason should be at least 40 chars but 'because' was 7"), err)
+	}
+
+	err = validate.SignUpReason(tooLong, true)
+	if assert.Error(suite.T(), err) {
+		assert.Equal(suite.T(), errors.New("reason should be no more than 500 chars but given reason was 600"), err)
+	}
+
+	err = validate.SignUpReason(goodReason, true)
+	if assert.NoError(suite.T(), err) {
+		assert.Equal(suite.T(), nil, err)
+	}
+}
+
+func TestValidationTestSuite(t *testing.T) {
+	suite.Run(t, new(ValidationTestSuite))
+}
diff --git a/internal/validate/instance_test.go b/internal/validate/instance_test.go
new file mode 100644
index 000000000..6042da80e
--- /dev/null
+++ b/internal/validate/instance_test.go
@@ -0,0 +1,146 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyInstance() *gtsmodel.Instance {
+	return &gtsmodel.Instance{
+		ID:                     "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:              time.Now(),
+		UpdatedAt:              time.Now(),
+		Domain:                 "example.org",
+		Title:                  "Example Instance",
+		URI:                    "https://example.org",
+		SuspendedAt:            time.Time{},
+		DomainBlockID:          "",
+		DomainBlock:            nil,
+		ShortDescription:       "This is a description for the example/testing instance.",
+		Description:            "This is a way longer description for the example/testing instance!",
+		Terms:                  "Don't be a knobhead.",
+		ContactEmail:           "admin@example.org",
+		ContactAccountUsername: "admin",
+		ContactAccountID:       "01FEE20H5QWHJDEXAEE9G96PR0",
+		ContactAccount:         nil,
+		Reputation:             420,
+		Version:                "gotosocial 0.1.0",
+	}
+}
+
+type InstanceValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *InstanceValidateTestSuite) TestValidateInstanceHappyPath() {
+	// no problem here
+	m := happyInstance()
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func (suite *InstanceValidateTestSuite) TestValidateInstanceBadID() {
+	m := happyInstance()
+
+	m.ID = ""
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Instance.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	m.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Instance.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *InstanceValidateTestSuite) TestValidateInstanceAccountURI() {
+	i := happyInstance()
+
+	i.URI = ""
+	err := validate.Struct(*i)
+	suite.EqualError(err, "Key: 'Instance.URI' Error:Field validation for 'URI' failed on the 'required' tag")
+
+	i.URI = "---------------------------"
+	err = validate.Struct(*i)
+	suite.EqualError(err, "Key: 'Instance.URI' Error:Field validation for 'URI' failed on the 'url' tag")
+}
+
+func (suite *InstanceValidateTestSuite) TestValidateInstanceDodgyAccountID() {
+	i := happyInstance()
+
+	i.ContactAccountID = "9HZJ76B6VXSKF"
+	err := validate.Struct(*i)
+	suite.EqualError(err, "Key: 'Instance.ContactAccountID' Error:Field validation for 'ContactAccountID' failed on the 'ulid' tag")
+
+	i.ContactAccountID = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!!!!!!!!!!!!"
+	err = validate.Struct(*i)
+	suite.EqualError(err, "Key: 'Instance.ContactAccountID' Error:Field validation for 'ContactAccountID' failed on the 'ulid' tag")
+
+	i.ContactAccountID = ""
+	err = validate.Struct(*i)
+	suite.EqualError(err, "Key: 'Instance.ContactAccountID' Error:Field validation for 'ContactAccountID' failed on the 'required_with' tag")
+
+	i.ContactAccountUsername = ""
+	err = validate.Struct(*i)
+	suite.NoError(err)
+}
+
+func (suite *InstanceValidateTestSuite) TestValidateInstanceDomain() {
+	i := happyInstance()
+
+	i.Domain = "poopoo"
+	err := validate.Struct(*i)
+	suite.EqualError(err, "Key: 'Instance.Domain' Error:Field validation for 'Domain' failed on the 'fqdn' tag")
+
+	i.Domain = ""
+	err = validate.Struct(*i)
+	suite.EqualError(err, "Key: 'Instance.Domain' Error:Field validation for 'Domain' failed on the 'required' tag")
+
+	i.Domain = "https://aaaaaaaaaaaaah.org"
+	err = validate.Struct(*i)
+	suite.EqualError(err, "Key: 'Instance.Domain' Error:Field validation for 'Domain' failed on the 'fqdn' tag")
+}
+
+func (suite *InstanceValidateTestSuite) TestValidateInstanceContactEmail() {
+	i := happyInstance()
+
+	i.ContactEmail = "poopoo"
+	err := validate.Struct(*i)
+	suite.EqualError(err, "Key: 'Instance.ContactEmail' Error:Field validation for 'ContactEmail' failed on the 'email' tag")
+
+	i.ContactEmail = ""
+	err = validate.Struct(*i)
+	suite.NoError(err)
+}
+
+func (suite *InstanceValidateTestSuite) TestValidateInstanceNoCreatedAt() {
+	i := happyInstance()
+
+	i.CreatedAt = time.Time{}
+	err := validate.Struct(*i)
+	suite.NoError(err)
+}
+
+func TestInstanceValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(InstanceValidateTestSuite))
+}
diff --git a/internal/validate/mediaattachment_test.go b/internal/validate/mediaattachment_test.go
new file mode 100644
index 000000000..84c2fa4eb
--- /dev/null
+++ b/internal/validate/mediaattachment_test.go
@@ -0,0 +1,230 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"os"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyMediaAttachment() *gtsmodel.MediaAttachment {
+	// the file validator actually runs os.Stat on given paths, so we need to just create small
+	// temp files for both the main attachment file and the thumbnail
+
+	mainFile, err := os.CreateTemp("", "gts_test_mainfile")
+	if err != nil {
+		panic(err)
+	}
+	if _, err := mainFile.WriteString("main"); err != nil {
+		panic(err)
+	}
+	mainPath := mainFile.Name()
+	if err := mainFile.Close(); err != nil {
+		panic(err)
+	}
+
+	thumbnailFile, err := os.CreateTemp("", "gts_test_thumbnail")
+	if err != nil {
+		panic(err)
+	}
+	if _, err := thumbnailFile.WriteString("thumbnail"); err != nil {
+		panic(err)
+	}
+	thumbnailPath := thumbnailFile.Name()
+	if err := thumbnailFile.Close(); err != nil {
+		panic(err)
+	}
+
+	return &gtsmodel.MediaAttachment{
+		ID:        "01F8MH6NEM8D7527KZAECTCR76",
+		CreatedAt: time.Now().Add(-71 * time.Hour),
+		UpdatedAt: time.Now().Add(-71 * time.Hour),
+		StatusID:  "01F8MH75CBF9JFX4ZAD54N0W0R",
+		URL:       "http://localhost:8080/fileserver/01F8MH17FWEB39HZJ76B6VXSKF/attachment/original/01F8MH6NEM8D7527KZAECTCR76.jpeg",
+		RemoteURL: "",
+		Type:      gtsmodel.FileTypeImage,
+		FileMeta: gtsmodel.FileMeta{
+			Original: gtsmodel.Original{
+				Width:  1200,
+				Height: 630,
+				Size:   756000,
+				Aspect: 1.9047619047619047,
+			},
+			Small: gtsmodel.Small{
+				Width:  256,
+				Height: 134,
+				Size:   34304,
+				Aspect: 1.9104477611940298,
+			},
+		},
+		AccountID:         "01F8MH17FWEB39HZJ76B6VXSKF",
+		Description:       "Black and white image of some 50's style text saying: Welcome On Board",
+		ScheduledStatusID: "",
+		Blurhash:          "LNJRdVM{00Rj%Mayt7j[4nWBofRj",
+		Processing:        2,
+		File: gtsmodel.File{
+			Path:        mainPath,
+			ContentType: "image/jpeg",
+			FileSize:    62529,
+			UpdatedAt:   time.Now().Add(-71 * time.Hour),
+		},
+		Thumbnail: gtsmodel.Thumbnail{
+			Path:        thumbnailPath,
+			ContentType: "image/jpeg",
+			FileSize:    6872,
+			UpdatedAt:   time.Now().Add(-71 * time.Hour),
+			URL:         "http://localhost:8080/fileserver/01F8MH17FWEB39HZJ76B6VXSKF/attachment/small/01F8MH6NEM8D7527KZAECTCR76.jpeg",
+			RemoteURL:   "",
+		},
+		Avatar: false,
+		Header: false,
+	}
+}
+
+type MediaAttachmentValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *MediaAttachmentValidateTestSuite) TestValidateMediaAttachmentHappyPath() {
+	// no problem here
+	m := happyMediaAttachment()
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func (suite *MediaAttachmentValidateTestSuite) TestValidateMediaAttachmentBadFilePaths() {
+	m := happyMediaAttachment()
+
+	m.File.Path = "/tmp/nonexistent/file/for/gotosocial/test"
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.File.Path' Error:Field validation for 'Path' failed on the 'file' tag")
+
+	m.File.Path = ""
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.File.Path' Error:Field validation for 'Path' failed on the 'required' tag")
+
+	m.File.Path = "???????????thisnot a valid path####"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.File.Path' Error:Field validation for 'Path' failed on the 'file' tag")
+
+	m.Thumbnail.Path = "/tmp/nonexistent/file/for/gotosocial/test"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.File.Path' Error:Field validation for 'Path' failed on the 'file' tag\nKey: 'MediaAttachment.Thumbnail.Path' Error:Field validation for 'Path' failed on the 'file' tag")
+
+	m.Thumbnail.Path = ""
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.File.Path' Error:Field validation for 'Path' failed on the 'file' tag\nKey: 'MediaAttachment.Thumbnail.Path' Error:Field validation for 'Path' failed on the 'required' tag")
+
+	m.Thumbnail.Path = "???????????thisnot a valid path####"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.File.Path' Error:Field validation for 'Path' failed on the 'file' tag\nKey: 'MediaAttachment.Thumbnail.Path' Error:Field validation for 'Path' failed on the 'file' tag")
+}
+
+func (suite *MediaAttachmentValidateTestSuite) TestValidateMediaAttachmentBadType() {
+	m := happyMediaAttachment()
+
+	m.Type = ""
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.Type' Error:Field validation for 'Type' failed on the 'oneof' tag")
+
+	m.Type = "Not Supported"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.Type' Error:Field validation for 'Type' failed on the 'oneof' tag")
+}
+
+func (suite *MediaAttachmentValidateTestSuite) TestValidateMediaAttachmentBadFileMeta() {
+	m := happyMediaAttachment()
+
+	m.FileMeta.Original.Aspect = 0
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.FileMeta.Original.Aspect' Error:Field validation for 'Aspect' failed on the 'required_with' tag")
+
+	m.FileMeta.Original.Height = 0
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.FileMeta.Original.Height' Error:Field validation for 'Height' failed on the 'required_with' tag\nKey: 'MediaAttachment.FileMeta.Original.Aspect' Error:Field validation for 'Aspect' failed on the 'required_with' tag")
+
+	m.FileMeta.Original = gtsmodel.Original{}
+	err = validate.Struct(*m)
+	suite.NoError(err)
+
+	m.FileMeta.Focus.X = 3.6
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.FileMeta.Focus.X' Error:Field validation for 'X' failed on the 'max' tag")
+
+	m.FileMeta.Focus.Y = -50
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.FileMeta.Focus.X' Error:Field validation for 'X' failed on the 'max' tag\nKey: 'MediaAttachment.FileMeta.Focus.Y' Error:Field validation for 'Y' failed on the 'min' tag")
+}
+
+func (suite *MediaAttachmentValidateTestSuite) TestValidateMediaAttachmentBadURLCombos() {
+	m := happyMediaAttachment()
+
+	m.URL = "aaaaaaaaaa"
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.URL' Error:Field validation for 'URL' failed on the 'url' tag")
+
+	m.URL = ""
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.URL' Error:Field validation for 'URL' failed on the 'required_without' tag\nKey: 'MediaAttachment.RemoteURL' Error:Field validation for 'RemoteURL' failed on the 'required_without' tag")
+
+	m.RemoteURL = "oooooooooo"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.RemoteURL' Error:Field validation for 'RemoteURL' failed on the 'url' tag")
+
+	m.RemoteURL = "https://a-valid-url.gay"
+	err = validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func (suite *MediaAttachmentValidateTestSuite) TestValidateMediaAttachmentBlurhash() {
+	m := happyMediaAttachment()
+
+	m.Blurhash = ""
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.Blurhash' Error:Field validation for 'Blurhash' failed on the 'required_if' tag")
+
+	m.Type = gtsmodel.FileTypeAudio
+	err = validate.Struct(*m)
+	suite.NoError(err)
+
+	m.Blurhash = "some_blurhash"
+	err = validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func (suite *MediaAttachmentValidateTestSuite) TestValidateMediaAttachmentProcessing() {
+	m := happyMediaAttachment()
+
+	m.Processing = 420
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.Processing' Error:Field validation for 'Processing' failed on the 'oneof' tag")
+
+	m.Processing = -5
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'MediaAttachment.Processing' Error:Field validation for 'Processing' failed on the 'oneof' tag")
+}
+
+func TestMediaAttachmentValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(MediaAttachmentValidateTestSuite))
+}
diff --git a/internal/validate/mention_test.go b/internal/validate/mention_test.go
new file mode 100644
index 000000000..59ba1e3fd
--- /dev/null
+++ b/internal/validate/mention_test.go
@@ -0,0 +1,102 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyMention() *gtsmodel.Mention {
+	return &gtsmodel.Mention{
+		ID:               "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:        time.Now(),
+		UpdatedAt:        time.Now(),
+		OriginAccountID:  "01FE96MAE58MXCE5C4SSMEMCEK",
+		OriginAccountURI: "https://some-instance/accounts/bleepbloop",
+		OriginAccount:    nil,
+		TargetAccountID:  "01FE96MXRHWZHKC0WH5FT82H1A",
+		TargetAccount:    nil,
+		StatusID:         "01FE96NBPNJNY26730FT6GZTFE",
+		Status:           nil,
+	}
+}
+
+type MentionValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *MentionValidateTestSuite) TestValidateMentionHappyPath() {
+	// no problem here
+	m := happyMention()
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func (suite *MentionValidateTestSuite) TestValidateMentionBadID() {
+	m := happyMention()
+
+	m.ID = ""
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Mention.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	m.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Mention.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *MentionValidateTestSuite) TestValidateMentionAccountURI() {
+	m := happyMention()
+
+	m.OriginAccountURI = ""
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Mention.OriginAccountURI' Error:Field validation for 'OriginAccountURI' failed on the 'url' tag")
+
+	m.OriginAccountURI = "---------------------------"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Mention.OriginAccountURI' Error:Field validation for 'OriginAccountURI' failed on the 'url' tag")
+}
+
+func (suite *MentionValidateTestSuite) TestValidateMentionDodgyStatusID() {
+	m := happyMention()
+
+	m.StatusID = "9HZJ76B6VXSKF"
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Mention.StatusID' Error:Field validation for 'StatusID' failed on the 'ulid' tag")
+
+	m.StatusID = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!!!!!!!!!!!!"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Mention.StatusID' Error:Field validation for 'StatusID' failed on the 'ulid' tag")
+}
+
+func (suite *MentionValidateTestSuite) TestValidateMentionNoCreatedAt() {
+	m := happyMention()
+
+	m.CreatedAt = time.Time{}
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func TestMentionValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(MentionValidateTestSuite))
+}
diff --git a/internal/validate/notification_test.go b/internal/validate/notification_test.go
new file mode 100644
index 000000000..700560f2a
--- /dev/null
+++ b/internal/validate/notification_test.go
@@ -0,0 +1,98 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyNotification() *gtsmodel.Notification {
+	return &gtsmodel.Notification{
+		ID:               "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:        time.Now(),
+		NotificationType: gtsmodel.NotificationFave,
+		OriginAccountID:  "01FE96MAE58MXCE5C4SSMEMCEK",
+		OriginAccount:    nil,
+		TargetAccountID:  "01FE96MXRHWZHKC0WH5FT82H1A",
+		TargetAccount:    nil,
+		StatusID:         "01FE96NBPNJNY26730FT6GZTFE",
+		Status:           nil,
+	}
+}
+
+type NotificationValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *NotificationValidateTestSuite) TestValidateNotificationHappyPath() {
+	// no problem here
+	m := happyNotification()
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func (suite *NotificationValidateTestSuite) TestValidateNotificationBadID() {
+	m := happyNotification()
+
+	m.ID = ""
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Notification.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	m.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Notification.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *NotificationValidateTestSuite) TestValidateNotificationStatusID() {
+	m := happyNotification()
+
+	m.StatusID = ""
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Notification.StatusID' Error:Field validation for 'StatusID' failed on the 'required_if' tag")
+
+	m.StatusID = "9HZJ76B6VXSKF"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Notification.StatusID' Error:Field validation for 'StatusID' failed on the 'ulid' tag")
+
+	m.StatusID = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!!!!!!!!!!!!"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'Notification.StatusID' Error:Field validation for 'StatusID' failed on the 'ulid' tag")
+
+	m.StatusID = ""
+	m.NotificationType = gtsmodel.NotificationFollowRequest
+	err = validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func (suite *NotificationValidateTestSuite) TestValidateNotificationNoCreatedAt() {
+	m := happyNotification()
+
+	m.CreatedAt = time.Time{}
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func TestNotificationValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(NotificationValidateTestSuite))
+}
diff --git a/internal/validate/routersession_test.go b/internal/validate/routersession_test.go
new file mode 100644
index 000000000..7ab4034d1
--- /dev/null
+++ b/internal/validate/routersession_test.go
@@ -0,0 +1,88 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyRouterSession() *gtsmodel.RouterSession {
+	return &gtsmodel.RouterSession{
+		ID:    "01FE91RJR88PSEEE30EV35QR8N",
+		Auth:  []byte("12345678901234567890123456789012"),
+		Crypt: []byte("12345678901234567890123456789012"),
+	}
+}
+
+type RouterSessionValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *RouterSessionValidateTestSuite) TestValidateRouterSessionHappyPath() {
+	// no problem here
+	r := happyRouterSession()
+	err := validate.Struct(*r)
+	suite.NoError(err)
+}
+
+func (suite *RouterSessionValidateTestSuite) TestValidateRouterSessionAuth() {
+	r := happyRouterSession()
+
+	// remove auth struct
+	r.Auth = nil
+	err := validate.Struct(*r)
+	suite.EqualError(err, "Key: 'RouterSession.Auth' Error:Field validation for 'Auth' failed on the 'required' tag")
+
+	// auth bytes too long
+	r.Auth = []byte("1234567890123456789012345678901234567890")
+	err = validate.Struct(*r)
+	suite.EqualError(err, "Key: 'RouterSession.Auth' Error:Field validation for 'Auth' failed on the 'len' tag")
+
+	// auth bytes too short
+	r.Auth = []byte("12345678901")
+	err = validate.Struct(*r)
+	suite.EqualError(err, "Key: 'RouterSession.Auth' Error:Field validation for 'Auth' failed on the 'len' tag")
+}
+
+func (suite *RouterSessionValidateTestSuite) TestValidateRouterSessionCrypt() {
+	r := happyRouterSession()
+
+	// remove crypt struct
+	r.Crypt = nil
+	err := validate.Struct(*r)
+	suite.EqualError(err, "Key: 'RouterSession.Crypt' Error:Field validation for 'Crypt' failed on the 'required' tag")
+
+	// crypt bytes too long
+	r.Crypt = []byte("1234567890123456789012345678901234567890")
+	err = validate.Struct(*r)
+	suite.EqualError(err, "Key: 'RouterSession.Crypt' Error:Field validation for 'Crypt' failed on the 'len' tag")
+
+	// crypt bytes too short
+	r.Crypt = []byte("12345678901")
+	err = validate.Struct(*r)
+	suite.EqualError(err, "Key: 'RouterSession.Crypt' Error:Field validation for 'Crypt' failed on the 'len' tag")
+}
+
+func TestRouterSessionValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(RouterSessionValidateTestSuite))
+}
diff --git a/internal/validate/status_test.go b/internal/validate/status_test.go
new file mode 100644
index 000000000..57e7259b9
--- /dev/null
+++ b/internal/validate/status_test.go
@@ -0,0 +1,163 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/ap"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyStatus() *gtsmodel.Status {
+	return &gtsmodel.Status{
+		ID:                       "01FEBBH6NYDG87NK6A6EC543ED",
+		CreatedAt:                time.Now(),
+		UpdatedAt:                time.Now(),
+		URI:                      "https://example.org/users/test_user/statuses/01FEBBH6NYDG87NK6A6EC543ED",
+		URL:                      "https://example.org/@test_user/01FEBBH6NYDG87NK6A6EC543ED",
+		Content:                  "<p>Test status! #hello</p>",
+		AttachmentIDs:            []string{"01FEBBKZBY9H5FEP3PHVVAAGN1", "01FEBBM7S2R4WT6WWW22KN1PWE"},
+		Attachments:              nil,
+		TagIDs:                   []string{"01FEBBNBMBSN1FESMZ1TCXNWYP"},
+		Tags:                     nil,
+		MentionIDs:               nil,
+		Mentions:                 nil,
+		EmojiIDs:                 nil,
+		Emojis:                   nil,
+		Local:                    true,
+		AccountID:                "01FEBBQ4KEP3824WW61MF52638",
+		Account:                  nil,
+		AccountURI:               "https://example.org/users/test_user",
+		InReplyToID:              "",
+		InReplyToURI:             "",
+		InReplyToAccountID:       "",
+		InReplyTo:                nil,
+		InReplyToAccount:         nil,
+		BoostOfID:                "",
+		BoostOfAccountID:         "",
+		BoostOf:                  nil,
+		BoostOfAccount:           nil,
+		ContentWarning:           "hello world test post",
+		Visibility:               gtsmodel.VisibilityPublic,
+		Sensitive:                false,
+		Language:                 "en",
+		CreatedWithApplicationID: "01FEBBZHF4GFVRXSJVXD0JTZZ2",
+		CreatedWithApplication:   nil,
+		VisibilityAdvanced: gtsmodel.VisibilityAdvanced{
+			Federated: true,
+			Boostable: true,
+			Replyable: true,
+			Likeable:  true,
+		},
+		ActivityStreamsType: ap.ObjectNote,
+		Text:                "Test status! #hello",
+		Pinned:              false,
+	}
+}
+
+type StatusValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *StatusValidateTestSuite) TestValidateStatusHappyPath() {
+	// no problem here
+	s := happyStatus()
+	err := validate.Struct(*s)
+	suite.NoError(err)
+}
+
+func (suite *StatusValidateTestSuite) TestValidateStatusBadID() {
+	s := happyStatus()
+
+	s.ID = ""
+	err := validate.Struct(*s)
+	suite.EqualError(err, "Key: 'Status.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	s.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*s)
+	suite.EqualError(err, "Key: 'Status.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *StatusValidateTestSuite) TestValidateStatusAttachmentIDs() {
+	s := happyStatus()
+
+	s.AttachmentIDs[0] = ""
+	err := validate.Struct(*s)
+	suite.EqualError(err, "Key: 'Status.AttachmentIDs[0]' Error:Field validation for 'AttachmentIDs[0]' failed on the 'ulid' tag")
+
+	s.AttachmentIDs[0] = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*s)
+	suite.EqualError(err, "Key: 'Status.AttachmentIDs[0]' Error:Field validation for 'AttachmentIDs[0]' failed on the 'ulid' tag")
+
+	s.AttachmentIDs[1] = ""
+	err = validate.Struct(*s)
+	suite.EqualError(err, "Key: 'Status.AttachmentIDs[0]' Error:Field validation for 'AttachmentIDs[0]' failed on the 'ulid' tag\nKey: 'Status.AttachmentIDs[1]' Error:Field validation for 'AttachmentIDs[1]' failed on the 'ulid' tag")
+
+	s.AttachmentIDs = []string{}
+	err = validate.Struct(*s)
+	suite.NoError(err)
+
+	s.AttachmentIDs = nil
+	err = validate.Struct(*s)
+	suite.NoError(err)
+}
+
+func (suite *StatusValidateTestSuite) TestStatusApplicationID() {
+	s := happyStatus()
+
+	s.CreatedWithApplicationID = ""
+	err := validate.Struct(*s)
+	suite.EqualError(err, "Key: 'Status.CreatedWithApplicationID' Error:Field validation for 'CreatedWithApplicationID' failed on the 'required_if' tag")
+
+	s.Local = false
+	err = validate.Struct(*s)
+	suite.NoError(err)
+}
+
+func (suite *StatusValidateTestSuite) TestValidateStatusReplyFields() {
+	s := happyStatus()
+
+	s.InReplyToAccountID = "01FEBCTP6DN7961PN81C3DVM4N                         "
+	err := validate.Struct(*s)
+	suite.EqualError(err, "Key: 'Status.InReplyToID' Error:Field validation for 'InReplyToID' failed on the 'required_with' tag\nKey: 'Status.InReplyToURI' Error:Field validation for 'InReplyToURI' failed on the 'required_with' tag\nKey: 'Status.InReplyToAccountID' Error:Field validation for 'InReplyToAccountID' failed on the 'ulid' tag")
+
+	s.InReplyToAccountID = "01FEBCTP6DN7961PN81C3DVM4N"
+	err = validate.Struct(*s)
+	suite.EqualError(err, "Key: 'Status.InReplyToID' Error:Field validation for 'InReplyToID' failed on the 'required_with' tag\nKey: 'Status.InReplyToURI' Error:Field validation for 'InReplyToURI' failed on the 'required_with' tag")
+
+	s.InReplyToURI = "https://example.org/users/mmbop/statuses/aaaaaaaa"
+	err = validate.Struct(*s)
+	suite.EqualError(err, "Key: 'Status.InReplyToID' Error:Field validation for 'InReplyToID' failed on the 'required_with' tag")
+
+	s.InReplyToID = "not a valid ulid"
+	err = validate.Struct(*s)
+	suite.EqualError(err, "Key: 'Status.InReplyToID' Error:Field validation for 'InReplyToID' failed on the 'ulid' tag")
+
+	s.InReplyToID = "01FEBD07E72DEY6YB9K10ZA6ST"
+	err = validate.Struct(*s)
+	suite.NoError(err)
+}
+
+func TestStatusValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(StatusValidateTestSuite))
+}
diff --git a/internal/validate/statusbookmark_test.go b/internal/validate/statusbookmark_test.go
new file mode 100644
index 000000000..667994aa0
--- /dev/null
+++ b/internal/validate/statusbookmark_test.go
@@ -0,0 +1,88 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyStatusBookmark() *gtsmodel.StatusBookmark {
+	return &gtsmodel.StatusBookmark{
+		ID:              "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:       time.Now(),
+		AccountID:       "01FE96MAE58MXCE5C4SSMEMCEK",
+		Account:         nil,
+		TargetAccountID: "01FE96MXRHWZHKC0WH5FT82H1A",
+		TargetAccount:   nil,
+		StatusID:        "01FE96NBPNJNY26730FT6GZTFE",
+		Status:          nil,
+	}
+}
+
+type StatusBookmarkValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *StatusBookmarkValidateTestSuite) TestValidateStatusBookmarkHappyPath() {
+	// no problem here
+	m := happyStatusBookmark()
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func (suite *StatusBookmarkValidateTestSuite) TestValidateStatusBookmarkBadID() {
+	m := happyStatusBookmark()
+
+	m.ID = ""
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'StatusBookmark.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	m.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'StatusBookmark.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *StatusBookmarkValidateTestSuite) TestValidateStatusBookmarkDodgyStatusID() {
+	m := happyStatusBookmark()
+
+	m.StatusID = "9HZJ76B6VXSKF"
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'StatusBookmark.StatusID' Error:Field validation for 'StatusID' failed on the 'ulid' tag")
+
+	m.StatusID = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!!!!!!!!!!!!"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'StatusBookmark.StatusID' Error:Field validation for 'StatusID' failed on the 'ulid' tag")
+}
+
+func (suite *StatusBookmarkValidateTestSuite) TestValidateStatusBookmarkNoCreatedAt() {
+	m := happyStatusBookmark()
+
+	m.CreatedAt = time.Time{}
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func TestStatusBookmarkValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(StatusBookmarkValidateTestSuite))
+}
diff --git a/internal/validate/statusfave_test.go b/internal/validate/statusfave_test.go
new file mode 100644
index 000000000..52bef1749
--- /dev/null
+++ b/internal/validate/statusfave_test.go
@@ -0,0 +1,101 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyStatusFave() *gtsmodel.StatusFave {
+	return &gtsmodel.StatusFave{
+		ID:              "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:       time.Now(),
+		AccountID:       "01FE96MAE58MXCE5C4SSMEMCEK",
+		Account:         nil,
+		TargetAccountID: "01FE96MXRHWZHKC0WH5FT82H1A",
+		TargetAccount:   nil,
+		StatusID:        "01FE96NBPNJNY26730FT6GZTFE",
+		Status:          nil,
+		URI:             "https://example.org/users/user1/activity/faves/01FE91RJR88PSEEE30EV35QR8N",
+	}
+}
+
+type StatusFaveValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *StatusFaveValidateTestSuite) TestValidateStatusFaveHappyPath() {
+	// no problem here
+	f := happyStatusFave()
+	err := validate.Struct(*f)
+	suite.NoError(err)
+}
+
+func (suite *StatusFaveValidateTestSuite) TestValidateStatusFaveBadID() {
+	f := happyStatusFave()
+
+	f.ID = ""
+	err := validate.Struct(*f)
+	suite.EqualError(err, "Key: 'StatusFave.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	f.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*f)
+	suite.EqualError(err, "Key: 'StatusFave.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *StatusFaveValidateTestSuite) TestValidateStatusFaveDodgyStatusID() {
+	f := happyStatusFave()
+
+	f.StatusID = "9HZJ76B6VXSKF"
+	err := validate.Struct(*f)
+	suite.EqualError(err, "Key: 'StatusFave.StatusID' Error:Field validation for 'StatusID' failed on the 'ulid' tag")
+
+	f.StatusID = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!!!!!!!!!!!!"
+	err = validate.Struct(*f)
+	suite.EqualError(err, "Key: 'StatusFave.StatusID' Error:Field validation for 'StatusID' failed on the 'ulid' tag")
+}
+
+func (suite *StatusFaveValidateTestSuite) TestValidateStatusFaveNoCreatedAt() {
+	f := happyStatusFave()
+
+	f.CreatedAt = time.Time{}
+	err := validate.Struct(*f)
+	suite.NoError(err)
+}
+
+func (suite *StatusFaveValidateTestSuite) TestValidateStatusFaveNoURI() {
+	f := happyStatusFave()
+
+	f.URI = ""
+	err := validate.Struct(*f)
+	suite.EqualError(err, "Key: 'StatusFave.URI' Error:Field validation for 'URI' failed on the 'required' tag")
+
+	f.URI = "this-is-not-a-valid-url"
+	err = validate.Struct(*f)
+	suite.EqualError(err, "Key: 'StatusFave.URI' Error:Field validation for 'URI' failed on the 'url' tag")
+}
+
+func TestStatusFaveValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(StatusFaveValidateTestSuite))
+}
diff --git a/internal/validate/statusmute_test.go b/internal/validate/statusmute_test.go
new file mode 100644
index 000000000..de23114eb
--- /dev/null
+++ b/internal/validate/statusmute_test.go
@@ -0,0 +1,88 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyStatusMute() *gtsmodel.StatusMute {
+	return &gtsmodel.StatusMute{
+		ID:              "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:       time.Now(),
+		AccountID:       "01FE96MAE58MXCE5C4SSMEMCEK",
+		Account:         nil,
+		TargetAccountID: "01FE96MXRHWZHKC0WH5FT82H1A",
+		TargetAccount:   nil,
+		StatusID:        "01FE96NBPNJNY26730FT6GZTFE",
+		Status:          nil,
+	}
+}
+
+type StatusMuteValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *StatusMuteValidateTestSuite) TestValidateStatusMuteHappyPath() {
+	// no problem here
+	m := happyStatusMute()
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func (suite *StatusMuteValidateTestSuite) TestValidateStatusMuteBadID() {
+	m := happyStatusMute()
+
+	m.ID = ""
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'StatusMute.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+	m.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'StatusMute.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *StatusMuteValidateTestSuite) TestValidateStatusMuteDodgyStatusID() {
+	m := happyStatusMute()
+
+	m.StatusID = "9HZJ76B6VXSKF"
+	err := validate.Struct(*m)
+	suite.EqualError(err, "Key: 'StatusMute.StatusID' Error:Field validation for 'StatusID' failed on the 'ulid' tag")
+
+	m.StatusID = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!!!!!!!!!!!!"
+	err = validate.Struct(*m)
+	suite.EqualError(err, "Key: 'StatusMute.StatusID' Error:Field validation for 'StatusID' failed on the 'ulid' tag")
+}
+
+func (suite *StatusMuteValidateTestSuite) TestValidateStatusMuteNoCreatedAt() {
+	m := happyStatusMute()
+
+	m.CreatedAt = time.Time{}
+	err := validate.Struct(*m)
+	suite.NoError(err)
+}
+
+func TestStatusMuteValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(StatusMuteValidateTestSuite))
+}
diff --git a/internal/validate/structvalidation.go b/internal/validate/structvalidation.go
new file mode 100644
index 000000000..7717822d9
--- /dev/null
+++ b/internal/validate/structvalidation.go
@@ -0,0 +1,75 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate
+
+import (
+	"reflect"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/superseriousbusiness/gotosocial/internal/regexes"
+)
+
+var v *validator.Validate
+
+// Validation Panic messages
+const (
+	PointerPanic = "validate function was passed pointer"
+	InvalidPanic = "validate function was passed invalid item"
+)
+
+func ulidValidator(fl validator.FieldLevel) bool {
+	field := fl.Field()
+
+	switch field.Kind() {
+	case reflect.String:
+		return regexes.ULID.MatchString(field.String())
+	default:
+		return false
+	}
+}
+
+func init() {
+	v = validator.New()
+	v.RegisterValidation("ulid", ulidValidator)
+}
+
+// Struct validates the passed struct, returning validator.ValidationErrors if invalid, or nil if OK.
+func Struct(s interface{}) error {
+	switch reflect.ValueOf(s).Kind() {
+	case reflect.Invalid:
+		panic(InvalidPanic)
+	case reflect.Ptr:
+		panic(PointerPanic)
+	}
+
+	err := v.Struct(s)
+	return processValidationError(err)
+}
+
+func processValidationError(err error) error {
+	if err == nil {
+		return nil
+	}
+
+	if ive, ok := err.(*validator.InvalidValidationError); ok {
+		panic(ive)
+	}
+
+	return err.(validator.ValidationErrors)
+}
diff --git a/internal/validate/structvalidation_test.go b/internal/validate/structvalidation_test.go
new file mode 100644
index 000000000..606d92da4
--- /dev/null
+++ b/internal/validate/structvalidation_test.go
@@ -0,0 +1,65 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+type ValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *ValidateTestSuite) TestValidatePointer() {
+	var nilUser *gtsmodel.User
+	suite.PanicsWithValue(validate.PointerPanic, func() {
+		validate.Struct(nilUser)
+	})
+}
+
+func (suite *ValidateTestSuite) TestValidateNil() {
+	suite.PanicsWithValue(validate.InvalidPanic, func() {
+		validate.Struct(nil)
+	})
+}
+
+func (suite *ValidateTestSuite) TestValidateWeirdULID() {
+	type a struct {
+		ID bool `validate:"required,ulid"`
+	}
+
+	err := validate.Struct(a{ID: true})
+	suite.Error(err)
+}
+
+func (suite *ValidateTestSuite) TestValidateNotStruct() {
+	type aaaaaaa string
+	aaaaaa := aaaaaaa("aaaa")
+	suite.Panics(func() {
+		validate.Struct(aaaaaa)
+	})
+}
+
+func TestValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(ValidateTestSuite))
+}
diff --git a/internal/validate/tag_test.go b/internal/validate/tag_test.go
new file mode 100644
index 000000000..4f8ab2fba
--- /dev/null
+++ b/internal/validate/tag_test.go
@@ -0,0 +1,93 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyTag() *gtsmodel.Tag {
+	return &gtsmodel.Tag{
+		ID:                     "01FE91RJR88PSEEE30EV35QR8N",
+		CreatedAt:              time.Now(),
+		UpdatedAt:              time.Now(),
+		URL:                    "https://example.org/tags/some_tag",
+		Name:                   "some_tag",
+		FirstSeenFromAccountID: "01FE91SR5P2GW06K3AJ98P72MT",
+		Useable:                true,
+		Listable:               true,
+		LastStatusAt:           time.Now(),
+	}
+}
+
+type TagValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *TagValidateTestSuite) TestValidateTagHappyPath() {
+	// no problem here
+	t := happyTag()
+	err := validate.Struct(*t)
+	suite.NoError(err)
+}
+
+func (suite *TagValidateTestSuite) TestValidateTagNoName() {
+	t := happyTag()
+	t.Name = ""
+
+	err := validate.Struct(*t)
+	suite.EqualError(err, "Key: 'Tag.Name' Error:Field validation for 'Name' failed on the 'required' tag")
+}
+
+func (suite *TagValidateTestSuite) TestValidateTagBadURL() {
+	t := happyTag()
+
+	t.URL = ""
+	err := validate.Struct(*t)
+	suite.EqualError(err, "Key: 'Tag.URL' Error:Field validation for 'URL' failed on the 'required' tag")
+
+	t.URL = "no-schema.com"
+	err = validate.Struct(*t)
+	suite.EqualError(err, "Key: 'Tag.URL' Error:Field validation for 'URL' failed on the 'url' tag")
+
+	t.URL = "justastring"
+	err = validate.Struct(*t)
+	suite.EqualError(err, "Key: 'Tag.URL' Error:Field validation for 'URL' failed on the 'url' tag")
+
+	t.URL = "https://aaa\n\n\naaaaaaaa"
+	err = validate.Struct(*t)
+	suite.EqualError(err, "Key: 'Tag.URL' Error:Field validation for 'URL' failed on the 'url' tag")
+}
+
+func (suite *TagValidateTestSuite) TestValidateTagNoFirstSeenFromAccountID() {
+	t := happyTag()
+	t.FirstSeenFromAccountID = ""
+
+	err := validate.Struct(*t)
+	suite.NoError(err)
+}
+
+func TestTagValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(TagValidateTestSuite))
+}
diff --git a/internal/validate/user_test.go b/internal/validate/user_test.go
new file mode 100644
index 000000000..5a13a510f
--- /dev/null
+++ b/internal/validate/user_test.go
@@ -0,0 +1,125 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package validate_test
+
+import (
+	"net"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyUser() *gtsmodel.User {
+	return &gtsmodel.User{
+		ID:                     "01FE8TTK9F34BR0KG7639AJQTX",
+		Email:                  "whatever@example.org",
+		AccountID:              "01FE8TWA7CN8J7237K5DFS1RY5",
+		Account:                nil,
+		EncryptedPassword:      "$2y$10$tkRapNGW.RWkEuCMWdgArunABFvsPGRvFQY3OibfSJo0RDL3z8WfC",
+		CreatedAt:              time.Now(),
+		UpdatedAt:              time.Now(),
+		SignUpIP:               net.ParseIP("128.64.32.16"),
+		CurrentSignInAt:        time.Now(),
+		CurrentSignInIP:        net.ParseIP("128.64.32.16"),
+		LastSignInAt:           time.Now(),
+		LastSignInIP:           net.ParseIP("128.64.32.16"),
+		SignInCount:            0,
+		InviteID:               "",
+		ChosenLanguages:        []string{},
+		FilteredLanguages:      []string{},
+		Locale:                 "en",
+		CreatedByApplicationID: "01FE8Y5EHMWCA1MHMTNHRVZ1X4",
+		CreatedByApplication:   nil,
+		LastEmailedAt:          time.Now(),
+		ConfirmationToken:      "",
+		ConfirmedAt:            time.Now(),
+		ConfirmationSentAt:     time.Time{},
+		UnconfirmedEmail:       "",
+		Moderator:              false,
+		Admin:                  false,
+		Disabled:               false,
+		Approved:               true,
+	}
+}
+
+type UserValidateTestSuite struct {
+	suite.Suite
+}
+
+func (suite *UserValidateTestSuite) TestValidateUserHappyPath() {
+	// no problem here
+	u := happyUser()
+	err := validate.Struct(*u)
+	suite.NoError(err)
+}
+
+func (suite *UserValidateTestSuite) TestValidateUserNoID() {
+	// user has no id set
+	u := happyUser()
+	u.ID = ""
+
+	err := validate.Struct(*u)
+	suite.EqualError(err, "Key: 'User.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+}
+
+func (suite *UserValidateTestSuite) TestValidateUserNoEmail() {
+	// user has no email or unconfirmed email set
+	u := happyUser()
+	u.Email = ""
+
+	err := validate.Struct(*u)
+	suite.EqualError(err, "Key: 'User.Email' Error:Field validation for 'Email' failed on the 'required_with' tag\nKey: 'User.UnconfirmedEmail' Error:Field validation for 'UnconfirmedEmail' failed on the 'required_without' tag")
+}
+
+func (suite *UserValidateTestSuite) TestValidateUserOnlyUnconfirmedEmail() {
+	// user has only UnconfirmedEmail but ConfirmedAt is set
+	u := happyUser()
+	u.Email = ""
+	u.UnconfirmedEmail = "whatever@example.org"
+
+	err := validate.Struct(*u)
+	suite.EqualError(err, "Key: 'User.Email' Error:Field validation for 'Email' failed on the 'required_with' tag")
+}
+
+func (suite *UserValidateTestSuite) TestValidateUserOnlyUnconfirmedEmailOK() {
+	// user has only UnconfirmedEmail and ConfirmedAt is not set
+	u := happyUser()
+	u.Email = ""
+	u.UnconfirmedEmail = "whatever@example.org"
+	u.ConfirmedAt = time.Time{}
+
+	err := validate.Struct(*u)
+	suite.NoError(err)
+}
+
+func (suite *UserValidateTestSuite) TestValidateUserNoConfirmedAt() {
+	// user has Email but no ConfirmedAt
+	u := happyUser()
+	u.ConfirmedAt = time.Time{}
+
+	err := validate.Struct(*u)
+	suite.EqualError(err, "Key: 'User.ConfirmedAt' Error:Field validation for 'ConfirmedAt' failed on the 'required_with' tag")
+}
+
+func TestUserValidateTestSuite(t *testing.T) {
+	suite.Run(t, new(UserValidateTestSuite))
+}