[security] Check all involved IRIs during block checking (#593)

* tidy up context keys, add otherInvolvedIRIs

* add ReplyToable interface

* skip block check if we own the requesting domain

* add block check for other involved IRIs

* use cacheable status fetch

* remove unused ContextActivity

* remove unused ContextActivity

* add helper for unique URIs

* check through CCs and clean slice

* add GetAccountIDForStatusURI

* add GetAccountIDForAccountURI

* check blocks on involved account

* add statuses to tests

* add some blocked tests

* go fmt

* extract Tos as well as CCs

* test PostInboxRequestBodyHook

* add some more testActivities

* deduplicate involvedAccountIDs

* go fmt

* use cacheable db functions, remove new functions

testrig/testmodels.go

@@ -1601,6 +1601,30 @@ func NewTestActivities(accounts map[string]*gtsmodel.Account) map[string]Activit
 		dmForZork)
 	createDmForZorkSig, createDmForZorkDigest, creatDmForZorkDate := GetSignatureForActivity(createDmForZork, accounts["remote_account_1"].PublicKeyURI, accounts["remote_account_1"].PrivateKey, URLMustParse(accounts["local_account_1"].InboxURI))
 
+	replyToTurtle := NewAPNote(
+		URLMustParse("http://fossbros-anonymous.io/users/foss_satan/statuses/2f1195a6-5cb0-4475-adf5-92ab9a0147fe"),
+		URLMustParse("http://fossbros-anonymous.io/@foss_satan/2f1195a6-5cb0-4475-adf5-92ab9a0147fe"),
+		time.Now(),
+		"@1happyturtle@localhost:8080 u suck lol",
+		"",
+		URLMustParse("http://fossbros-anonymous.io/users/foss_satan"),
+		[]*url.URL{URLMustParse("http://fossbros-anonymous.io/users/foss_satan/followers")},
+		[]*url.URL{URLMustParse("http://localhost:8080/users/1happyturtle")},
+		false,
+		[]vocab.ActivityStreamsMention{newAPMention(
+			URLMustParse("http://localhost:8080/users/1happyturtle"),
+			"@1happyturtle@localhost:8080",
+		)},
+		nil,
+	)
+	createReplyToTurtle := WrapAPNoteInCreate(
+		URLMustParse("http://fossbros-anonymous.io/users/foss_satan/statuses/2f1195a6-5cb0-4475-adf5-92ab9a0147fe"),
+		URLMustParse("http://fossbros-anonymous.io/users/foss_satan"),
+		time.Now(),
+		replyToTurtle)
+	createReplyToTurtleForZorkSig, createReplyToTurtleForZorkDigest, createReplyToTurtleForZorkDate := GetSignatureForActivity(createReplyToTurtle, accounts["remote_account_1"].PublicKeyURI, accounts["remote_account_1"].PrivateKey, URLMustParse(accounts["local_account_1"].InboxURI))
+	createReplyToTurtleForTurtleSig, createReplyToTurtleForTurtleDigest, createReplyToTurtleForTurtleDate := GetSignatureForActivity(createReplyToTurtle, accounts["remote_account_1"].PublicKeyURI, accounts["remote_account_1"].PrivateKey, URLMustParse(accounts["local_account_2"].InboxURI))
+
 	forwardedMessage := NewAPNote(
 		URLMustParse("http://example.org/users/some_user/statuses/afaba698-5740-4e32-a702-af61aa543bc1"),
 		URLMustParse("http://example.org/@some_user/afaba698-5740-4e32-a702-af61aa543bc1"),
@@ -1628,6 +1652,18 @@ func NewTestActivities(accounts map[string]*gtsmodel.Account) map[string]Activit
 			DigestHeader:    createDmForZorkDigest,
 			DateHeader:      creatDmForZorkDate,
 		},
+		"reply_to_turtle_for_zork": {
+			Activity:        createReplyToTurtle,
+			SignatureHeader: createReplyToTurtleForZorkSig,
+			DigestHeader:    createReplyToTurtleForZorkDigest,
+			DateHeader:      createReplyToTurtleForZorkDate,
+		},
+		"reply_to_turtle_for_turtle": {
+			Activity:        createReplyToTurtle,
+			SignatureHeader: createReplyToTurtleForTurtleSig,
+			DigestHeader:    createReplyToTurtleForTurtleDigest,
+			DateHeader:      createReplyToTurtleForTurtleDate,
+		},
 		"forwarded_message": {
 			Activity:        createForwardedMessage,
 			SignatureHeader: createForwardedMessageSig,