mirror of
https://github.com/superseriousbusiness/gotosocial
synced 2025-06-05 21:59:39 +02:00
[security] Check all involved IRIs during block checking (#593)
* tidy up context keys, add otherInvolvedIRIs * add ReplyToable interface * skip block check if we own the requesting domain * add block check for other involved IRIs * use cacheable status fetch * remove unused ContextActivity * remove unused ContextActivity * add helper for unique URIs * check through CCs and clean slice * add GetAccountIDForStatusURI * add GetAccountIDForAccountURI * check blocks on involved account * add statuses to tests * add some blocked tests * go fmt * extract Tos as well as CCs * test PostInboxRequestBodyHook * add some more testActivities * deduplicate involvedAccountIDs * go fmt * use cacheable db functions, remove new functions
This commit is contained in:
@@ -140,6 +140,11 @@ type Addressable interface {
|
||||
WithCC
|
||||
}
|
||||
|
||||
// ReplyToable represents the minimum interface for an Activity that can be InReplyTo another activity.
|
||||
type ReplyToable interface {
|
||||
WithInReplyTo
|
||||
}
|
||||
|
||||
// CollectionPageable represents the minimum interface for an activitystreams 'CollectionPage' object.
|
||||
type CollectionPageable interface {
|
||||
WithJSONLDId
|
||||
|
Reference in New Issue
Block a user