gotosocial/internal/processing/admin/domainpermission.go
tobi 183eaa5b29
[feature] Implement explicit domain allows + allowlist federation mode (#2200)
* love like winter! wohoah, wohoah

* domain allow side effects

* tests! logging! unallow!

* document federation modes

* linty linterson

* test

* further adventures in documentation

* finish up domain block documentation (i think)

* change wording a wee little bit

* docs, example

* consolidate shared domainPermission code

* call mode once

* fetch federation mode within domain blocked func

* read domain perm import in streaming manner

* don't use pointer to slice for domain perms

* don't bother copying blocks + allows before deleting

* admonish!

* change wording just a scooch

* update docs
2023-09-21 12:12:04 +02:00

335 lines
9.7 KiB
Go

// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package admin
import (
"context"
"encoding/json"
"errors"
"fmt"
"mime/multipart"
"net/http"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
)
// apiDomainPerm is a cheeky shortcut for returning
// the API version of the given domain permission
// (*gtsmodel.DomainBlock or *gtsmodel.DomainAllow),
// or an appropriate error if something goes wrong.
func (p *Processor) apiDomainPerm(
ctx context.Context,
domainPermission gtsmodel.DomainPermission,
export bool,
) (*apimodel.DomainPermission, gtserror.WithCode) {
apiDomainPerm, err := p.tc.DomainPermToAPIDomainPerm(ctx, domainPermission, export)
if err != nil {
err := gtserror.NewfAt(3, "error converting domain permission to api model: %w", err)
return nil, gtserror.NewErrorInternalError(err)
}
return apiDomainPerm, nil
}
// DomainPermissionCreate creates an instance-level permission
// targeting the given domain, and then processes any side
// effects of the permission creation.
//
// If the same permission type already exists for the domain,
// side effects will be retried.
//
// Return values for this function are the new or existing
// domain permission, the ID of the admin action resulting
// from this call, and/or an error if something goes wrong.
func (p *Processor) DomainPermissionCreate(
ctx context.Context,
permissionType gtsmodel.DomainPermissionType,
adminAcct *gtsmodel.Account,
domain string,
obfuscate bool,
publicComment string,
privateComment string,
subscriptionID string,
) (*apimodel.DomainPermission, string, gtserror.WithCode) {
switch permissionType {
// Explicitly block a domain.
case gtsmodel.DomainPermissionBlock:
return p.createDomainBlock(
ctx,
adminAcct,
domain,
obfuscate,
publicComment,
privateComment,
subscriptionID,
)
// Explicitly allow a domain.
case gtsmodel.DomainPermissionAllow:
return p.createDomainAllow(
ctx,
adminAcct,
domain,
obfuscate,
publicComment,
privateComment,
subscriptionID,
)
// Weeping, roaring, red-faced.
default:
err := gtserror.Newf("unrecognized permission type %d", permissionType)
return nil, "", gtserror.NewErrorInternalError(err)
}
}
// DomainPermissionDelete removes one domain block with the given ID,
// and processes side effects of removing the block asynchronously.
//
// Return values for this function are the deleted domain block, the ID of the admin
// action resulting from this call, and/or an error if something goes wrong.
func (p *Processor) DomainPermissionDelete(
ctx context.Context,
permissionType gtsmodel.DomainPermissionType,
adminAcct *gtsmodel.Account,
domainBlockID string,
) (*apimodel.DomainPermission, string, gtserror.WithCode) {
switch permissionType {
// Delete explicit domain block.
case gtsmodel.DomainPermissionBlock:
return p.deleteDomainBlock(
ctx,
adminAcct,
domainBlockID,
)
// Delete explicit domain allow.
case gtsmodel.DomainPermissionAllow:
return p.deleteDomainAllow(
ctx,
adminAcct,
domainBlockID,
)
// You do the hokey-cokey and you turn
// around, that's what it's all about.
default:
err := gtserror.Newf("unrecognized permission type %d", permissionType)
return nil, "", gtserror.NewErrorInternalError(err)
}
}
// DomainPermissionsImport handles the import of multiple
// domain permissions, by calling the DomainPermissionCreate
// function for each domain in the provided file. Will return
// a slice of processed domain permissions.
//
// In the case of total failure, a gtserror.WithCode will be
// returned so that the caller can respond appropriately. In
// the case of partial or total success, a MultiStatus model
// will be returned, which contains information about success
// + failure count, so that the caller can retry any failures
// as they wish.
func (p *Processor) DomainPermissionsImport(
ctx context.Context,
permissionType gtsmodel.DomainPermissionType,
account *gtsmodel.Account,
domainsF *multipart.FileHeader,
) (*apimodel.MultiStatus, gtserror.WithCode) {
// Ensure known permission type.
if permissionType != gtsmodel.DomainPermissionBlock &&
permissionType != gtsmodel.DomainPermissionAllow {
err := gtserror.Newf("unrecognized permission type %d", permissionType)
return nil, gtserror.NewErrorInternalError(err)
}
// Open the provided file.
file, err := domainsF.Open()
if err != nil {
err = gtserror.Newf("error opening attachment: %w", err)
return nil, gtserror.NewErrorBadRequest(err, err.Error())
}
defer file.Close()
// Parse file as slice of domain blocks.
domainPerms := make([]*apimodel.DomainPermission, 0)
if err := json.NewDecoder(file).Decode(&domainPerms); err != nil {
err = gtserror.Newf("error parsing attachment as domain permissions: %w", err)
return nil, gtserror.NewErrorBadRequest(err, err.Error())
}
count := len(domainPerms)
if count == 0 {
err = gtserror.New("error importing domain permissions: 0 entries provided")
return nil, gtserror.NewErrorBadRequest(err, err.Error())
}
// Try to process each domain permission, differentiating
// between successes and errors so that the caller can
// try failed imports again if desired.
multiStatusEntries := make([]apimodel.MultiStatusEntry, 0, count)
for _, domainPerm := range domainPerms {
var (
domain = domainPerm.Domain.Domain
obfuscate = domainPerm.Obfuscate
publicComment = domainPerm.PublicComment
privateComment = domainPerm.PrivateComment
subscriptionID = "" // No sub ID for imports.
errWithCode gtserror.WithCode
)
domainPerm, _, errWithCode = p.DomainPermissionCreate(
ctx,
permissionType,
account,
domain,
obfuscate,
publicComment,
privateComment,
subscriptionID,
)
var entry *apimodel.MultiStatusEntry
if errWithCode != nil {
entry = &apimodel.MultiStatusEntry{
// Use the failed domain entry as the resource value.
Resource: domain,
Message: errWithCode.Safe(),
Status: errWithCode.Code(),
}
} else {
entry = &apimodel.MultiStatusEntry{
// Use successfully created API model domain block as the resource value.
Resource: domainPerm,
Message: http.StatusText(http.StatusOK),
Status: http.StatusOK,
}
}
multiStatusEntries = append(multiStatusEntries, *entry)
}
return apimodel.NewMultiStatus(multiStatusEntries), nil
}
// DomainPermissionsGet returns all existing domain
// permissions of the requested type. If export is
// true, the format will be suitable for writing out
// to an export.
func (p *Processor) DomainPermissionsGet(
ctx context.Context,
permissionType gtsmodel.DomainPermissionType,
account *gtsmodel.Account,
export bool,
) ([]*apimodel.DomainPermission, gtserror.WithCode) {
var (
domainPerms []gtsmodel.DomainPermission
err error
)
switch permissionType {
case gtsmodel.DomainPermissionBlock:
var blocks []*gtsmodel.DomainBlock
blocks, err = p.state.DB.GetDomainBlocks(ctx)
if err != nil {
break
}
for _, block := range blocks {
domainPerms = append(domainPerms, block)
}
case gtsmodel.DomainPermissionAllow:
var allows []*gtsmodel.DomainAllow
allows, err = p.state.DB.GetDomainAllows(ctx)
if err != nil {
break
}
for _, allow := range allows {
domainPerms = append(domainPerms, allow)
}
default:
err = errors.New("unrecognized permission type")
}
if err != nil {
err := gtserror.Newf("error getting %ss: %w", permissionType.String(), err)
return nil, gtserror.NewErrorInternalError(err)
}
apiDomainPerms := make([]*apimodel.DomainPermission, len(domainPerms))
for i, domainPerm := range domainPerms {
apiDomainBlock, errWithCode := p.apiDomainPerm(ctx, domainPerm, export)
if errWithCode != nil {
return nil, errWithCode
}
apiDomainPerms[i] = apiDomainBlock
}
return apiDomainPerms, nil
}
// DomainPermissionGet returns one domain
// permission with the given id and type.
//
// If export is true, the format will be
// suitable for writing out to an export.
func (p *Processor) DomainPermissionGet(
ctx context.Context,
permissionType gtsmodel.DomainPermissionType,
id string,
export bool,
) (*apimodel.DomainPermission, gtserror.WithCode) {
var (
domainPerm gtsmodel.DomainPermission
err error
)
switch permissionType {
case gtsmodel.DomainPermissionBlock:
domainPerm, err = p.state.DB.GetDomainBlockByID(ctx, id)
case gtsmodel.DomainPermissionAllow:
domainPerm, err = p.state.DB.GetDomainAllowByID(ctx, id)
default:
err = gtserror.New("unrecognized permission type")
}
if err != nil {
if errors.Is(err, db.ErrNoEntries) {
err = fmt.Errorf("no domain %s exists with id %s", permissionType.String(), id)
return nil, gtserror.NewErrorNotFound(err, err.Error())
}
err = gtserror.Newf("error getting domain %s with id %s: %w", permissionType.String(), id, err)
return nil, gtserror.NewErrorInternalError(err)
}
return p.apiDomainPerm(ctx, domainPerm, export)
}