From ec4d4d01150ae979896496651bc64e4148d94a06 Mon Sep 17 00:00:00 2001 From: tobi Date: Tue, 20 May 2025 11:47:40 +0200 Subject: [feature] Allow exposing allows, implement `/api/v1/domain_blocks` and `/api/v1/domain_allows` (#4169) - adds config flags `instance-expose-allowlist` and `instance-expose-allowlist-web` to allow instance admins to expose their allowlist via the web + api. - renames `instance-expose-suspended` and `instance-expose-suspended-web` to `instance-expose-blocklist` and `instance-expose-blocklist-web`. - deprecates the `suspended` filter on `/api/v1/instance/peers` endpoint and adds `blocked` and `allowed` filters - adds the `flat` query param to `/api/v1/instance/peers` to allow forcing return of a flat list of domains - implements `/api/v1/instance/domain_blocks` and `/api/v1/instance/domain_allows` endpoints with or without auth depending on config - rejigs the instance about page to include a general section on domain permissions, with block and allow subsections (and appropriate links) Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/3847 Closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4150 Prerequisite to https://codeberg.org/superseriousbusiness/gotosocial/issues/3711 Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4169 Co-authored-by: tobi Co-committed-by: tobi --- web/source/css/base.css | 4 ++-- web/template/about.tmpl | 45 +++++++++++++++++++++++++++-------- web/template/domain-allowlist.tmpl | 48 ++++++++++++++++++++++++++++++++++++++ web/template/domain-blocklist.tmpl | 17 +++++++------- 4 files changed, 93 insertions(+), 21 deletions(-) create mode 100644 web/template/domain-allowlist.tmpl (limited to 'web') diff --git a/web/source/css/base.css b/web/source/css/base.css index 615616725..c9ff21d74 100644 --- a/web/source/css/base.css +++ b/web/source/css/base.css @@ -599,7 +599,7 @@ section.oob-token { } } -.domain-blocklist { +.domain-perm-list { box-shadow: $boxshadow; .entry { @@ -632,7 +632,7 @@ section.oob-token { } @media screen and (max-width: 30rem) { - .domain-blocklist .entry { + .domain-perm-list .entry { grid-template-columns: 1fr; gap: 0; } diff --git a/web/template/about.tmpl b/web/template/about.tmpl index c263d73a7..37b12215a 100644 --- a/web/template/about.tmpl +++ b/web/template/about.tmpl @@ -99,7 +99,7 @@ Profiles can have up to
  • Register an Account on {{ .instance.Title -}}
  • Rules
  • Terms and Conditions
    • -
  • Moderated Servers
    • +
  • Domain permissions
    • @@ -172,25 +172,50 @@ Profiles can have up to {{- end }} -
    -

    Moderated servers

    +
    +

    Domain permissions

    ActivityPub instances federate with other instances by exchanging data with them over the network. Exchanged data includes things like accounts, statuses, likes, boosts, and media attachments. - This exchange of data can be prevented for instances on specific domains via a domain block created - by an instance admin. When an instance is domain blocked by another instance: +

    +

    + This exchange of data is open by default but can be blocked for instances + on specific domains via a domain block created by an instance admin. +

    +

    + Alternatively, if this instance is running in allowlist mode, exchange of data with remote + instances must be explicitly allowed via a domain allow entry. +

    +

    + For more information on domain blocks, domain allows, etc, see the following pages (all links open in a new tab):

      -
    • Any existing data from the blocked instance is deleted from the storage of the instance doing the blocking.
      • -
    • Interaction between the two instances is cut off in both directions; neither instance can interact with the other.
      • -
    • No new data from the blocked instance will be created on the instance that blocks it.
      • +
    • Federation modes
      • +
    • Domain blocks
      • +
    • Domain permission subscriptions
      • +
    +

    Blocked domains

    +

    When a domain block entry is created on this instance:

    +
      +
    • No new data from instances on the blocked domain will be created on this instance.
      • +
    • Interaction between this instance and blocked instances is cut off in both directions.
      • +
    • (In case of an exact match): Any existing data from blocked instances are deleted from the storage of this instance.

    {{- if .blocklistExposed }} - View the list of domains blocked by this instance + View the list of domains blocked by this instance + {{- else }} + This instance does not publically share its list of blocked domains. + {{- end }} +

    +

    Allowed domains

    +

    When an admin adds an explicit domain allow entry, instances on the domain and its subdomains are allowed to federate with this instance.

    +

    + {{- if .allowlistExposed }} + View the list of domains explicitly allowed by this instance {{- else }} - This instance does not publically share their list of blocked domains. + This instance does not publically share its list of explicitly allowed domains. {{- end }}

    diff --git a/web/template/domain-allowlist.tmpl b/web/template/domain-allowlist.tmpl new file mode 100644 index 000000000..b7db87bce --- /dev/null +++ b/web/template/domain-allowlist.tmpl @@ -0,0 +1,48 @@ +{{- /* +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +*/ -}} + +{{- with . }} +
    +
    +

    Instance Allowlist

    +

    + The following list of domains has been explicitly allowed by the administrator(s) of this instance. +

    +

    + This extends to subdomains, so an allowlist entry for domain 'example.com' includes domain 'social.example.com' etc as well. +

    +
    +
    +
    Domain
    +
    Public comment
    +
    + {{- range .allowlist }} +
    +
    + {{- .Domain -}} +
    +
    +

    {{- .Comment -}}

    +
    +
    + {{- end }} +
    +
    +
    +{{- end }} \ No newline at end of file diff --git a/web/template/domain-blocklist.tmpl b/web/template/domain-blocklist.tmpl index 9a21796f9..e3ebfca1b 100644 --- a/web/template/domain-blocklist.tmpl +++ b/web/template/domain-blocklist.tmpl @@ -20,18 +20,17 @@ {{- with . }}
    -

    Suspended Instances

    +

    Instance Blocklist

    - The following list of domains have been suspended - by the administrator(s) of this server. + The following list of domains has been blocked by the administrator(s) of this instance.

    - All current and future accounts on these instances are - blocked, and no more data is federated to the remote servers. - This extends to subdomains, so an entry for 'example.com' - includes 'social.example.com' as well. + All past, present, and future accounts at blocked domains are forbidden from interacting + with this instance or accounts on this instance. No data will be sent to the server at the + remote domain, and no data will be received from it. This extends to subdomains, so a + blocklist entry for domain 'example.com' includes domain 'social.example.com' etc as well.

    -
    +
    Domain
    Public comment
    @@ -42,7 +41,7 @@ {{- .Domain -}}
    -

    {{- .PublicComment -}}

    +

    {{- .Comment -}}

    {{- end }} -- cgit v1.3