[bugfix] Fix potential dereference of accounts on own instance (#757)

* add GetAccountByUsernameDomain

* simplify search

* add escape to not deref accounts on own domain

* check if local + we have account by ap uri

internal/cache/account.go

@@ -37,6 +37,7 @@ func NewAccountCache() *AccountCache {
 		RegisterLookups: func(lm *cache.LookupMap[string, string]) {
 			lm.RegisterLookup("uri")
 			lm.RegisterLookup("url")
+			lm.RegisterLookup("usernamedomain")
 		},
 
 		AddLookups: func(lm *cache.LookupMap[string, string], acc *gtsmodel.Account) {
@@ -46,6 +47,7 @@ func NewAccountCache() *AccountCache {
 			if url := acc.URL; url != "" {
 				lm.Set("url", url, acc.ID)
 			}
+			lm.Set("usernamedomain", usernameDomainKey(acc.Username, acc.Domain), acc.ID)
 		},
 
 		DeleteLookups: func(lm *cache.LookupMap[string, string], acc *gtsmodel.Account) {
@@ -55,6 +57,7 @@ func NewAccountCache() *AccountCache {
 			if url := acc.URL; url != "" {
 				lm.Delete("url", url)
 			}
+			lm.Delete("usernamedomain", usernameDomainKey(acc.Username, acc.Domain))
 		},
 	})
 	c.cache.SetTTL(time.Minute*5, false)
@@ -77,6 +80,10 @@ func (c *AccountCache) GetByURI(uri string) (*gtsmodel.Account, bool) {
 	return c.cache.GetBy("uri", uri)
 }
 
+func (c *AccountCache) GetByUsernameDomain(username string, domain string) (*gtsmodel.Account, bool) {
+	return c.cache.GetBy("usernamedomain", usernameDomainKey(username, domain))
+}
+
 // Put places a account in the cache, ensuring that the object place is a copy for thread-safety
 func (c *AccountCache) Put(account *gtsmodel.Account) {
 	if account == nil || account.ID == "" {
@@ -135,3 +142,11 @@ func copyAccount(account *gtsmodel.Account) *gtsmodel.Account {
 		SuspensionOrigin:        account.SuspensionOrigin,
 	}
 }
+
+func usernameDomainKey(username string, domain string) string {
+	u := "@" + username
+	if domain != "" {
+		return u + "@" + domain
+	}
+	return u
+}