diff options
author | Gabe Kangas <gabek@real-ity.com> | 2022-01-04 12:50:34 -0800 |
---|---|---|
committer | Gabe Kangas <gabek@real-ity.com> | 2022-01-06 23:02:48 -0800 |
commit | 40baf69a79e3fca54df6b642139e52075d812f5d (patch) | |
tree | ae3c01fe7ee8afb83b5e28d5a0bacca917ac20e6 | |
parent | c29000d27d75a5a56d4fcb2ae5d9ade7b18ff470 (diff) |
Split out actor and domain blocking checks
-rw-r--r-- | activitypub/inbox/worker.go | 42 |
1 files changed, 30 insertions, 12 deletions
diff --git a/activitypub/inbox/worker.go b/activitypub/inbox/worker.go index 8ae9dc08f..8445c3e13 100644 --- a/activitypub/inbox/worker.go +++ b/activitypub/inbox/worker.go @@ -38,8 +38,6 @@ func handle(request apmodels.InboxRequest) { // Verify will Verify the http signature of an inbound request as well as // check it against the list of blocked domains. func Verify(request *http.Request) (bool, error) { - blockedDomains := data.GetBlockedFederatedDomains() - verifier, err := httpsig.NewVerifier(request) if err != nil { return false, errors.Wrap(err, "failed to create key verifier for request") @@ -76,19 +74,15 @@ func Verify(request *http.Request) (bool, error) { } // Test to see if the actor is in the list of blocked federated domains. - for _, blockedDomain := range blockedDomains { - if strings.Contains(actor.ActorIri.Host, blockedDomain) { - return false, errors.New("actor domain is blocked: " + blockedDomain) - } + if isBlockedDomain(actor.ActorIri.Hostname()) { + return false, errors.New("actor is blocked") } // If actor is specifically blocked, then fail validation. - blockedactor, err := persistence.GetFollower(actor.ActorIri.String()) - if err != nil { - return false, errors.Wrap(err, "error validating actor against blocked actors") - } - if blockedactor != nil && blockedactor.DisabledAt != nil { - return false, errors.Wrap(err, "remote actor is blocked") + if blocked, err := isBlockedActor(actor.ActorIri); err != nil { + return false, err + } else if blocked { + return true, nil } key := actor.W3IDSecurityV1PublicKey.Begin().Get().GetW3IDSecurityV1PublicKeyPem().Get() @@ -114,3 +108,27 @@ func Verify(request *http.Request) (bool, error) { return true, nil } + +func isBlockedDomain(domain string) bool { + blockedDomains := data.GetBlockedFederatedDomains() + + for _, blockedDomain := range blockedDomains { + if strings.Contains(domain, blockedDomain) { + return true + } + } + + return false +} + +func isBlockedActor(actorIRI *url.URL) (bool, error) { + blockedactor, err := persistence.GetFollower(actorIRI.String()) + if err != nil { + return false, errors.Wrap(err, "error validating actor against blocked actors") + } + if blockedactor != nil && blockedactor.DisabledAt != nil { + return true, errors.Wrap(err, "remote actor is blocked") + } + + return false, nil +} |