[security] Check all involved IRIs during block checking (#593)

* tidy up context keys, add otherInvolvedIRIs

* add ReplyToable interface

* skip block check if we own the requesting domain

* add block check for other involved IRIs

* use cacheable status fetch

* remove unused ContextActivity

* remove unused ContextActivity

* add helper for unique URIs

* check through CCs and clean slice

* add GetAccountIDForStatusURI

* add GetAccountIDForAccountURI

* check blocks on involved account

* add statuses to tests

* add some blocked tests

* go fmt

* extract Tos as well as CCs

* test PostInboxRequestBodyHook

* add some more testActivities

* deduplicate involvedAccountIDs

* go fmt

* use cacheable db functions, remove new functions
This commit is contained in:
tobi
2022-05-23 11:46:50 +02:00
committed by GitHub
parent d6abe105b3
commit 469da93678
9 changed files with 381 additions and 52 deletions

View File

@@ -140,6 +140,11 @@ type Addressable interface {
WithCC
}
// ReplyToable represents the minimum interface for an Activity that can be InReplyTo another activity.
type ReplyToable interface {
WithInReplyTo
}
// CollectionPageable represents the minimum interface for an activitystreams 'CollectionPage' object.
type CollectionPageable interface {
WithJSONLDId