[security] Check all involved IRIs during block checking (#593)

* tidy up context keys, add otherInvolvedIRIs * add ReplyToable interface * skip block check if we own the requesting domain * add block check for other involved IRIs * use cacheable status fetch * remove unused ContextActivity * remove unused ContextActivity * add helper for unique URIs * check through CCs and clean slice * add GetAccountIDForStatusURI * add GetAccountIDForAccountURI * check blocks on involved account * add statuses to tests * add some blocked tests * go fmt * extract Tos as well as CCs * test PostInboxRequestBodyHook * add some more testActivities * deduplicate involvedAccountIDs * go fmt * use cacheable db functions, remove new functions
2025-06-05 21:59:39 +02:00 · 2022-05-23 11:46:50 +02:00
parent d6abe105b3
commit 469da93678
9 changed files with 381 additions and 52 deletions
--- a/internal/util/unique.go
+++ b/internal/util/unique.go
@@ -18,6 +18,8 @@

 package util

+import "net/url"
+
 // UniqueStrings returns a deduplicated version of a given string slice.
 func UniqueStrings(s []string) []string {
 	keys := make(map[string]bool, len(s))
@@ -30,3 +32,16 @@ func UniqueStrings(s []string) []string {
 	}
 	return list
 }
+
+// UniqueURIs returns a deduplicated version of a given *url.URL slice.
+func UniqueURIs(s []*url.URL) []*url.URL {
+	keys := make(map[string]bool, len(s))
+	list := []*url.URL{}
+	for _, entry := range s {
+		if _, value := keys[entry.String()]; !value {
+			keys[entry.String()] = true
+			list = append(list, entry)
+		}
+	}
+	return list
+}