From 469da93678b3f738f65372d13dcd1ea7de390063 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Mon, 23 May 2022 11:46:50 +0200
Subject: [security] Check all involved IRIs during block checking (#593)

* tidy up context keys, add otherInvolvedIRIs

* add ReplyToable interface

* skip block check if we own the requesting domain

* add block check for other involved IRIs

* use cacheable status fetch

* remove unused ContextActivity

* remove unused ContextActivity

* add helper for unique URIs

* check through CCs and clean slice

* add GetAccountIDForStatusURI

* add GetAccountIDForAccountURI

* check blocks on involved account

* add statuses to tests

* add some blocked tests

* go fmt

* extract Tos as well as CCs

* test PostInboxRequestBodyHook

* add some more testActivities

* deduplicate involvedAccountIDs

* go fmt

* use cacheable db functions, remove new functions
---
 internal/util/unique.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'internal/util/unique.go')

diff --git a/internal/util/unique.go b/internal/util/unique.go
index be97a57b0..364c935b7 100644
--- a/internal/util/unique.go
+++ b/internal/util/unique.go
@@ -18,6 +18,8 @@
 
 package util
 
+import "net/url"
+
 // UniqueStrings returns a deduplicated version of a given string slice.
 func UniqueStrings(s []string) []string {
 	keys := make(map[string]bool, len(s))
@@ -30,3 +32,16 @@ func UniqueStrings(s []string) []string {
 	}
 	return list
 }
+
+// UniqueURIs returns a deduplicated version of a given *url.URL slice.
+func UniqueURIs(s []*url.URL) []*url.URL {
+	keys := make(map[string]bool, len(s))
+	list := []*url.URL{}
+	for _, entry := range s {
+		if _, value := keys[entry.String()]; !value {
+			keys[entry.String()] = true
+			list = append(list, entry)
+		}
+	}
+	return list
+}
-- 
cgit v1.2.3