[security] Check all involved IRIs during block checking (#593)

* tidy up context keys, add otherInvolvedIRIs * add ReplyToable interface * skip block check if we own the requesting domain * add block check for other involved IRIs * use cacheable status fetch * remove unused ContextActivity * remove unused ContextActivity * add helper for unique URIs * check through CCs and clean slice * add GetAccountIDForStatusURI * add GetAccountIDForAccountURI * check blocks on involved account * add statuses to tests * add some blocked tests * go fmt * extract Tos as well as CCs * test PostInboxRequestBodyHook * add some more testActivities * deduplicate involvedAccountIDs * go fmt * use cacheable db functions, remove new functions
2025-06-05 21:59:39 +02:00 · 2022-05-23 11:46:50 +02:00
parent d6abe105b3
commit 469da93678
9 changed files with 381 additions and 52 deletions
--- a/internal/typeutils/internaltoas.go
+++ b/internal/typeutils/internaltoas.go
@@ -393,9 +393,9 @@ func (c *converter) StatusToAS(ctx context.Context, s *gtsmodel.Status) (vocab.A
 	if s.InReplyToID != "" {
 		// fetch the replied status if we don't have it on hand already
 		if s.InReplyTo == nil {
-			rs := &gtsmodel.Status{}
-			if err := c.db.GetByID(ctx, s.InReplyToID, rs); err != nil {
-				return nil, fmt.Errorf("StatusToAS: error retrieving replied-to status from db: %s", err)
+			rs, err := c.db.GetStatusByID(ctx, s.InReplyToID)
+			if err != nil {
+				return nil, fmt.Errorf("StatusToAS: error getting replied to status %s: %s", s.InReplyToID, err)
 			}
 			s.InReplyTo = rs
 		}