From 183eaa5b298235acb8f25ba8f18b98e31471d965 Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Thu, 21 Sep 2023 12:12:04 +0200 Subject: [feature] Implement explicit domain allows + allowlist federation mode (#2200) * love like winter! wohoah, wohoah * domain allow side effects * tests! logging! unallow! * document federation modes * linty linterson * test * further adventures in documentation * finish up domain block documentation (i think) * change wording a wee little bit * docs, example * consolidate shared domainPermission code * call mode once * fetch federation mode within domain blocked func * read domain perm import in streaming manner * don't use pointer to slice for domain perms * don't bother copying blocks + allows before deleting * admonish! * change wording just a scooch * update docs --- internal/db/bundb/domain_test.go | 53 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) (limited to 'internal/db/bundb/domain_test.go') diff --git a/internal/db/bundb/domain_test.go b/internal/db/bundb/domain_test.go index e4e199fa1..ff687cf59 100644 --- a/internal/db/bundb/domain_test.go +++ b/internal/db/bundb/domain_test.go @@ -55,6 +55,59 @@ func (suite *DomainTestSuite) TestIsDomainBlocked() { suite.WithinDuration(time.Now(), domainBlock.CreatedAt, 10*time.Second) } +func (suite *DomainTestSuite) TestIsDomainBlockedWithAllow() { + ctx := context.Background() + + domainBlock := >smodel.DomainBlock{ + ID: "01G204214Y9TNJEBX39C7G88SW", + Domain: "some.bad.apples", + CreatedByAccountID: suite.testAccounts["admin_account"].ID, + CreatedByAccount: suite.testAccounts["admin_account"], + } + + // no domain block exists for the given domain yet + blocked, err := suite.db.IsDomainBlocked(ctx, domainBlock.Domain) + if err != nil { + suite.FailNow(err.Error()) + } + + suite.False(blocked) + + // Block this domain. + if err := suite.db.CreateDomainBlock(ctx, domainBlock); err != nil { + suite.FailNow(err.Error()) + } + + // domain block now exists + blocked, err = suite.db.IsDomainBlocked(ctx, domainBlock.Domain) + if err != nil { + suite.FailNow(err.Error()) + } + + suite.True(blocked) + suite.WithinDuration(time.Now(), domainBlock.CreatedAt, 10*time.Second) + + // Explicitly allow this domain. + domainAllow := >smodel.DomainAllow{ + ID: "01H8KY9MJQFWE712EG3VN02Y3J", + Domain: "some.bad.apples", + CreatedByAccountID: suite.testAccounts["admin_account"].ID, + CreatedByAccount: suite.testAccounts["admin_account"], + } + + if err := suite.db.CreateDomainAllow(ctx, domainAllow); err != nil { + suite.FailNow(err.Error()) + } + + // Domain allow now exists + blocked, err = suite.db.IsDomainBlocked(ctx, domainBlock.Domain) + if err != nil { + suite.FailNow(err.Error()) + } + + suite.False(blocked) +} + func (suite *DomainTestSuite) TestIsDomainBlockedWildcard() { ctx := context.Background() -- cgit v1.2.3