1 files changed, 39 insertions, 68 deletions
diff --git a/internal/processing/fedi/common.go b/internal/processing/fedi/common.go
index fc783f93e..ff6ed6fd4 100644
--- a/internal/processing/fedi/common.go
+++ b/internal/processing/fedi/common.go
@@ -20,7 +20,6 @@ package fedi
 import (
 	"context"
 	"errors"
-	"fmt"
 	"net/url"
 
 	"code.superseriousbusiness.org/gotosocial/internal/db"
@@ -30,21 +29,23 @@ import (
 
 type commonAuth struct {
 	handshakingURI *url.URL          // Set to requestingAcct's URI if we're currently handshaking them.
-	requestingAcct *gtsmodel.Account // Remote account making request to this instance.
-	receivingAcct  *gtsmodel.Account // Local account receiving the request.
+	requester      *gtsmodel.Account // Remote account making request to this instance.
+	receiver       *gtsmodel.Account // Local account receiving the request.
 }
 
+// authenticate is a util function for authenticating a signed GET
+// request to one of the AP/fedi resources handled in this package.
 func (p *Processor) authenticate(ctx context.Context, requestedUser string) (*commonAuth, gtserror.WithCode) {
-	// First get the requested (receiving) LOCAL account with username from database.
+	// Get the requested local account
+	// with given username from database.
 	receiver, err := p.state.DB.GetAccountByUsernameDomain(ctx, requestedUser, "")
-	if err != nil {
-		if !errors.Is(err, db.ErrNoEntries) {
-			// Real db error.
-			err = gtserror.Newf("db error getting account %s: %w", requestedUser, err)
-			return nil, gtserror.NewErrorInternalError(err)
-		}
+	if err != nil && !errors.Is(err, db.ErrNoEntries) {
+		err = gtserror.Newf("db error getting account %s: %w", requestedUser, err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
 
-		// Account just not found in the db.
+	if receiver == nil {
+		err := gtserror.Newf("account %s not found in the db", requestedUser)
 		return nil, gtserror.NewErrorNotFound(err)
 	}
 
@@ -60,74 +61,44 @@ func (p *Processor) authenticate(ctx context.Context, requestedUser string) (*co
 		// don't know the requester yet.
 		return &commonAuth{
 			handshakingURI: pubKeyAuth.OwnerURI,
-			receivingAcct:  receiver,
+			receiver:       receiver,
 		}, nil
 	}
 
 	// Get requester from auth.
 	requester := pubKeyAuth.Owner
 
-	// Ensure block does not exist between receiver and requester.
-	blocked, err := p.state.DB.IsEitherBlocked(ctx, receiver.ID, requester.ID)
-	if err != nil {
-		err := gtserror.Newf("error checking block: %w", err)
-		return nil, gtserror.NewErrorInternalError(err)
-	} else if blocked {
-		const text = "block exists between accounts"
-		return nil, gtserror.NewErrorForbidden(errors.New(text))
+	// Check if requester is suspended.
+	switch {
+	case !requester.IsSuspended():
+		// No problem.
+
+	case requester.DeletedSelf():
+		// Requester deleted their own account.
+		// Why are they now requesting something?
+		err := gtserror.Newf("requester %s self-deleted", requester.UsernameDomain())
+		return nil, gtserror.NewErrorUnauthorized(err)
+
+	default:
+		// Admin from our instance likely suspended account.
+		err := gtserror.Newf("requester %s is suspended", requester.UsernameDomain())
+		return nil, gtserror.NewErrorForbidden(err)
 	}
 
-	return &commonAuth{
-		requestingAcct: requester,
-		receivingAcct:  receiver,
-	}, nil
-}
-
-// validateIntReqRequest is a shortcut function
-// for returning an accepted interaction request
-// targeting `requestedUser`.
-func (p *Processor) validateIntReqRequest(
-	ctx context.Context,
-	requestedUser string,
-	intReqID string,
-) (*gtsmodel.InteractionRequest, gtserror.WithCode) {
-	// Authenticate incoming request, getting related accounts.
-	auth, errWithCode := p.authenticate(ctx, requestedUser)
-	if errWithCode != nil {
-		return nil, errWithCode
-	}
-
-	if auth.handshakingURI != nil {
-		// We're currently handshaking, which means we don't know
-		// this account yet. This should be a very rare race condition.
-		err := gtserror.Newf("network race handshaking %s", auth.handshakingURI)
-		return nil, gtserror.NewErrorInternalError(err)
-	}
-
-	// Fetch interaction request with the given ID.
-	req, err := p.state.DB.GetInteractionRequestByID(ctx, intReqID)
-	if err != nil && !errors.Is(err, db.ErrNoEntries) {
-		err := gtserror.Newf("db error getting interaction request %s: %w", intReqID, err)
+	// Ensure receiver does not block requester.
+	blocked, err := p.state.DB.IsBlocked(ctx, receiver.ID, requester.ID)
+	if err != nil {
+		err := gtserror.Newf("db error checking block: %w", err)
 		return nil, gtserror.NewErrorInternalError(err)
 	}
 
-	// Ensure that this is an existing
-	// and *accepted* interaction request.
-	if req == nil || !req.IsAccepted() {
-		const text = "interaction request not found"
-		return nil, gtserror.NewErrorNotFound(errors.New(text))
-	}
-
-	// Ensure interaction request was accepted
-	// by the account in the request path.
-	if req.TargetAccountID != auth.receivingAcct.ID {
-		text := fmt.Sprintf(
-			"account %s is not targeted by interaction request %s and therefore can't accept it",
-			requestedUser, intReqID,
-		)
-		return nil, gtserror.NewErrorNotFound(errors.New(text))
+	if blocked {
+		var text = requestedUser + " blocks " + requester.Username
+		return nil, gtserror.NewErrorForbidden(errors.New(text))
 	}
 
-	// All fine.
-	return req, nil
+	return &commonAuth{
+		requester: requester,
+		receiver:  receiver,
+	}, nil
 }