summaryrefslogtreecommitdiff
path: root/internal/processing/fedi
diff options
context:
space:
mode:
Diffstat (limited to 'internal/processing/fedi')
-rw-r--r--internal/processing/fedi/common.go9
-rw-r--r--internal/processing/fedi/user.go9
2 files changed, 16 insertions, 2 deletions
diff --git a/internal/processing/fedi/common.go b/internal/processing/fedi/common.go
index 38c31ffd2..c41f1e00c 100644
--- a/internal/processing/fedi/common.go
+++ b/internal/processing/fedi/common.go
@@ -63,6 +63,13 @@ func (p *Processor) authenticate(ctx context.Context, requestedUsername string)
return nil, nil, gtserror.NewErrorUnauthorized(err)
}
+ if !requestingAccount.SuspendedAt.IsZero() {
+ // Account was marked as suspended by a
+ // local admin action. Stop request early.
+ err = fmt.Errorf("account %s marked as suspended", requestingAccount.ID)
+ return nil, nil, gtserror.NewErrorForbidden(err)
+ }
+
// Ensure no block exists between requester + requested.
blocked, err := p.state.DB.IsEitherBlocked(ctx, requestedAccount.ID, requestingAccount.ID)
if err != nil {
@@ -72,7 +79,7 @@ func (p *Processor) authenticate(ctx context.Context, requestedUsername string)
if blocked {
err = fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID)
- return nil, nil, gtserror.NewErrorUnauthorized(err)
+ return nil, nil, gtserror.NewErrorForbidden(err)
}
return requestedAccount, requestingAccount, nil
diff --git a/internal/processing/fedi/user.go b/internal/processing/fedi/user.go
index 67f137f25..17663a8f4 100644
--- a/internal/processing/fedi/user.go
+++ b/internal/processing/fedi/user.go
@@ -106,6 +106,13 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque
return nil, gtserror.NewErrorUnauthorized(err)
}
+ if !requestingAccount.SuspendedAt.IsZero() {
+ // Account was marked as suspended by a
+ // local admin action. Stop request early.
+ err = fmt.Errorf("account %s marked as suspended", requestingAccount.ID)
+ return nil, gtserror.NewErrorForbidden(err)
+ }
+
blocked, err := p.state.DB.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID)
if err != nil {
err := gtserror.Newf("error checking block from account %s to account %s: %w", requestedAccount.ID, requestingAccount.ID, err)
@@ -114,7 +121,7 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque
if blocked {
err := fmt.Errorf("account %s blocks account %s", requestedAccount.ID, requestingAccount.ID)
- return nil, gtserror.NewErrorUnauthorized(err)
+ return nil, gtserror.NewErrorForbidden(err)
}
return data(person)
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-13 15:19:37 +0000