From 17eecfb6d9f50821d7822d60fa4135d59ea5ca57 Mon Sep 17 00:00:00 2001
From: f0x52 <f0x@cthu.lu>
Date: Wed, 25 Jan 2023 18:06:41 +0100
Subject: [feature] Public list of suspended domains (#1362)

* basic rendered domain blocklist (unauthenticated!)

* style basic domain block list

* better formatting for domain blocklist

* add opt-in config option for showing suspended domains

* format/linter

* re-use InstancePeersGet for web-accessible domain blocklist

* reword explanation, border styling

* always attach blocklist handler, update error message

* domain blocklist error message grammar
---
 internal/api/client/instance/instancepeersget.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'internal/api/client/instance')

diff --git a/internal/api/client/instance/instancepeersget.go b/internal/api/client/instance/instancepeersget.go
index d3880e2cd..9e2ed89e5 100644
--- a/internal/api/client/instance/instancepeersget.go
+++ b/internal/api/client/instance/instancepeersget.go
@@ -24,6 +24,7 @@ import (
 	"strings"
 
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 
@@ -105,6 +106,8 @@ func (m *Module) InstancePeersGETHandler(c *gin.Context) {
 		return
 	}
 
+	var isUnauthenticated = authed.Account == nil || authed.User == nil
+
 	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGet)
 		return
@@ -136,7 +139,19 @@ func (m *Module) InstancePeersGETHandler(c *gin.Context) {
 		flat = true
 	}
 
-	data, errWithCode := m.processor.InstancePeersGet(c.Request.Context(), authed, includeSuspended, includeOpen, flat)
+	if includeOpen && !config.GetInstanceExposePeers() && isUnauthenticated {
+		err := fmt.Errorf("peers open query requires an authenticated account/user")
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet)
+		return
+	}
+
+	if includeSuspended && !config.GetInstanceExposeSuspended() && isUnauthenticated {
+		err := fmt.Errorf("peers suspended query requires an authenticated account/user")
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet)
+		return
+	}
+
+	data, errWithCode := m.processor.InstancePeersGet(c.Request.Context(), includeSuspended, includeOpen, flat)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGet)
 		return
-- 
cgit v1.2.3