diff --git a/internal/gtsmodel/account.go b/internal/gtsmodel/account.go
index 4f385b3a6..67ce05d0b 100644
--- a/internal/gtsmodel/account.go
+++ b/internal/gtsmodel/account.go
@@ -29,47 +29,47 @@ import (
// Account represents either a local or a remote fediverse account, gotosocial or otherwise (mastodon, pleroma, etc).
type Account struct {
- ID string `validate:"required,ulid" bun:"type:CHAR(26),pk,nullzero,notnull,unique"` // id of this item in the database
- CreatedAt time.Time `validate:"-" bun:"type:timestamp,nullzero,notnull,default:current_timestamp"` // when was item created
- UpdatedAt time.Time `validate:"-" bun:"type:timestamp,nullzero,notnull,default:current_timestamp"` // when was item last updated
- Username string `validate:"required" bun:",nullzero,notnull,unique:userdomain"` // Username of the account, should just be a string of [a-zA-Z0-9_]. Can be added to domain to create the full username in the form ``[username]@[domain]`` eg., ``user_96@example.org``. Username and domain should be unique *with* each other
- Domain string `validate:"omitempty,fqdn" bun:",nullzero,unique:userdomain"` // Domain of the account, will be null if this is a local account, otherwise something like ``example.org`` or ``mastodon.social``. Should be unique with username.
- AvatarMediaAttachmentID string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // Database ID of the media attachment, if present
- AvatarMediaAttachment *MediaAttachment `validate:"-" bun:"rel:belongs-to"` // MediaAttachment corresponding to avatarMediaAttachmentID
- AvatarRemoteURL string `validate:"omitempty,url" bun:",nullzero"` // For a non-local account, where can the header be fetched?
- HeaderMediaAttachmentID string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // Database ID of the media attachment, if present
- HeaderMediaAttachment *MediaAttachment `validate:"-" bun:"rel:belongs-to"` // MediaAttachment corresponding to headerMediaAttachmentID
- HeaderRemoteURL string `validate:"omitempty,url" bun:",nullzero"` // For a non-local account, where can the header be fetched?
- DisplayName string `validate:"-" bun:",nullzero"` // DisplayName for this account. Can be empty, then just the Username will be used for display purposes.
- Fields []Field `validate:"-"` // a key/value map of fields that this account has added to their profile
- Note string `validate:"-" bun:",nullzero"` // A note that this account has on their profile (ie., the account's bio/description of themselves)
- Memorial bool `validate:"-" bun:",nullzero,default:false"` // Is this a memorial account, ie., has the user passed away?
- AlsoKnownAs string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // This account is associated with x account id
- MovedToAccountID string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // This account has moved this account id in the database
- Bot bool `validate:"-" bun:",nullzero,default:false"` // Does this account identify itself as a bot?
- Reason string `validate:"-" bun:",nullzero"` // What reason was given for signing up when this account was created?
- Locked bool `validate:"-" bun:",nullzero,default:true"` // Does this account need an approval for new followers?
- Discoverable bool `validate:"-" bun:",nullzero,default:false"` // Should this account be shown in the instance's profile directory?
- Privacy Visibility `validate:"oneof=public unlocked followers_only mutuals_only direct" bun:",nullzero,notnull,default:'public'"` // Default post privacy for this account
- Sensitive bool `validate:"-" bun:",nullzero,default:false"` // Set posts from this account to sensitive by default?
- Language string `validate:"-" bun:",nullzero,notnull,default:'en'"` // What language does this account post in?
- URI string `validate:"required,url" bun:",nullzero,notnull,unique"` // ActivityPub URI for this account.
- URL string `validate:"omitempty,url" bun:",nullzero,unique"` // Web URL for this account's profile
- LastWebfingeredAt time.Time `validate:"required_with=Domain" bun:"type:timestamp,nullzero"` // Last time this account was refreshed/located with webfinger.
- InboxURI string `validate:"omitempty,url" bun:",nullzero,unique"` // Address of this account's ActivityPub inbox, for sending activity to
- OutboxURI string `validate:"omitempty,url" bun:",nullzero,unique"` // Address of this account's activitypub outbox
- FollowingURI string `validate:"omitempty,url" bun:",nullzero,unique"` // URI for getting the following list of this account
- FollowersURI string `validate:"omitempty,url" bun:",nullzero,unique"` // URI for getting the followers list of this account
- FeaturedCollectionURI string `validate:"omitempty,url" bun:",nullzero,unique"` // URL for getting the featured collection list of this account
- ActorType string `validate:"oneof=Application Group Organization Person Service" bun:",nullzero,notnull"` // What type of activitypub actor is this account?
- PrivateKey *rsa.PrivateKey `validate:"required_without=Domain"` // Privatekey for validating activitypub requests, will only be defined for local accounts
- PublicKey *rsa.PublicKey `validate:"required"` // Publickey for encoding activitypub requests, will be defined for both local and remote accounts
- PublicKeyURI string `validate:"required,url" bun:",nullzero,notnull,unique"` // Web-reachable location of this account's public key
- SensitizedAt time.Time `validate:"-" bun:"type:timestamp,nullzero"` // When was this account set to have all its media shown as sensitive?
- SilencedAt time.Time `validate:"-" bun:"type:timestamp,nullzero"` // When was this account silenced (eg., statuses only visible to followers, not public)?
- SuspendedAt time.Time `validate:"-" bun:"type:timestamp,nullzero"` // When was this account suspended (eg., don't allow it to log in/post, don't accept media/posts from this account)
- HideCollections bool `validate:"-" bun:",nullzero,default:false"` // Hide this account's collections
- SuspensionOrigin string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // id of the database entry that caused this account to become suspended -- can be an account ID or a domain block ID
+ ID string `validate:"required,ulid" bun:"type:CHAR(26),pk,nullzero,notnull,unique"` // id of this item in the database
+ CreatedAt time.Time `validate:"-" bun:"type:timestamp,nullzero,notnull,default:current_timestamp"` // when was item created
+ UpdatedAt time.Time `validate:"-" bun:"type:timestamp,nullzero,notnull,default:current_timestamp"` // when was item last updated
+ Username string `validate:"required" bun:",nullzero,notnull,unique:userdomain"` // Username of the account, should just be a string of [a-zA-Z0-9_]. Can be added to domain to create the full username in the form ``[username]@[domain]`` eg., ``user_96@example.org``. Username and domain should be unique *with* each other
+ Domain string `validate:"omitempty,fqdn" bun:",nullzero,unique:userdomain"` // Domain of the account, will be null if this is a local account, otherwise something like ``example.org`` or ``mastodon.social``. Should be unique with username.
+ AvatarMediaAttachmentID string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // Database ID of the media attachment, if present
+ AvatarMediaAttachment *MediaAttachment `validate:"-" bun:"rel:belongs-to"` // MediaAttachment corresponding to avatarMediaAttachmentID
+ AvatarRemoteURL string `validate:"omitempty,url" bun:",nullzero"` // For a non-local account, where can the header be fetched?
+ HeaderMediaAttachmentID string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // Database ID of the media attachment, if present
+ HeaderMediaAttachment *MediaAttachment `validate:"-" bun:"rel:belongs-to"` // MediaAttachment corresponding to headerMediaAttachmentID
+ HeaderRemoteURL string `validate:"omitempty,url" bun:",nullzero"` // For a non-local account, where can the header be fetched?
+ DisplayName string `validate:"-" bun:",nullzero"` // DisplayName for this account. Can be empty, then just the Username will be used for display purposes.
+ Fields []Field `validate:"-"` // a key/value map of fields that this account has added to their profile
+ Note string `validate:"-" bun:",nullzero"` // A note that this account has on their profile (ie., the account's bio/description of themselves)
+ Memorial bool `validate:"-" bun:",nullzero,default:false"` // Is this a memorial account, ie., has the user passed away?
+ AlsoKnownAs string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // This account is associated with x account id
+ MovedToAccountID string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // This account has moved this account id in the database
+ Bot bool `validate:"-" bun:",nullzero,default:false"` // Does this account identify itself as a bot?
+ Reason string `validate:"-" bun:",nullzero"` // What reason was given for signing up when this account was created?
+ Locked bool `validate:"-" bun:",nullzero,default:true"` // Does this account need an approval for new followers?
+ Discoverable bool `validate:"-" bun:",nullzero,default:false"` // Should this account be shown in the instance's profile directory?
+ Privacy Visibility `validate:"required_without=Domain,omitempty,oneof=public unlocked followers_only mutuals_only direct" bun:",nullzero"` // Default post privacy for this account
+ Sensitive bool `validate:"-" bun:",nullzero,default:false"` // Set posts from this account to sensitive by default?
+ Language string `validate:"omitempty,bcp47_language_tag" bun:",nullzero,notnull,default:'en'"` // What language does this account post in?
+ URI string `validate:"required,url" bun:",nullzero,notnull,unique"` // ActivityPub URI for this account.
+ URL string `validate:"required_without=Domain,omitempty,url" bun:",nullzero,unique"` // Web URL for this account's profile
+ LastWebfingeredAt time.Time `validate:"required_with=Domain" bun:"type:timestamp,nullzero"` // Last time this account was refreshed/located with webfinger.
+ InboxURI string `validate:"required_without=Domain,omitempty,url" bun:",nullzero,unique"` // Address of this account's ActivityPub inbox, for sending activity to
+ OutboxURI string `validate:"required_without=Domain,omitempty,url" bun:",nullzero,unique"` // Address of this account's activitypub outbox
+ FollowingURI string `validate:"required_without=Domain,omitempty,url" bun:",nullzero,unique"` // URI for getting the following list of this account
+ FollowersURI string `validate:"required_without=Domain,omitempty,url" bun:",nullzero,unique"` // URI for getting the followers list of this account
+ FeaturedCollectionURI string `validate:"required_without=Domain,omitempty,url" bun:",nullzero,unique"` // URL for getting the featured collection list of this account
+ ActorType string `validate:"oneof=Application Group Organization Person Service" bun:",nullzero,notnull"` // What type of activitypub actor is this account?
+ PrivateKey *rsa.PrivateKey `validate:"required_without=Domain"` // Privatekey for validating activitypub requests, will only be defined for local accounts
+ PublicKey *rsa.PublicKey `validate:"required"` // Publickey for encoding activitypub requests, will be defined for both local and remote accounts
+ PublicKeyURI string `validate:"required,url" bun:",nullzero,notnull,unique"` // Web-reachable location of this account's public key
+ SensitizedAt time.Time `validate:"-" bun:"type:timestamp,nullzero"` // When was this account set to have all its media shown as sensitive?
+ SilencedAt time.Time `validate:"-" bun:"type:timestamp,nullzero"` // When was this account silenced (eg., statuses only visible to followers, not public)?
+ SuspendedAt time.Time `validate:"-" bun:"type:timestamp,nullzero"` // When was this account suspended (eg., don't allow it to log in/post, don't accept media/posts from this account)
+ HideCollections bool `validate:"-" bun:",nullzero,default:false"` // Hide this account's collections
+ SuspensionOrigin string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // id of the database entry that caused this account to become suspended -- can be an account ID or a domain block ID
}
// Field represents a key value field on an account, for things like pronouns, website, etc.
diff --git a/internal/gtsmodel/application.go b/internal/gtsmodel/application.go
index 30035123e..27ea61000 100644
--- a/internal/gtsmodel/application.go
+++ b/internal/gtsmodel/application.go
@@ -28,8 +28,8 @@ type Application struct {
UpdatedAt time.Time `validate:"-" bun:"type:timestamp,nullzero,notnull,default:current_timestamp"` // when was item last updated
Name string `validate:"required" bun:",nullzero,notnull"` // name of the application given when it was created (eg., 'tusky')
Website string `validate:"omitempty,url" bun:",nullzero"` // website for the application given when it was created (eg., 'https://tusky.app')
- RedirectURI string `validate:"required" bun:",nullzero,notnull"` // redirect uri requested by the application for oauth2 flow
+ RedirectURI string `validate:"required,uri" bun:",nullzero,notnull"` // redirect uri requested by the application for oauth2 flow
ClientID string `validate:"omitempty,ulid" bun:"type:CHAR(26),nullzero"` // id of the associated oauth client entity in the db
ClientSecret string `validate:"required,uuid" bun:",nullzero,notnull"` // secret of the associated oauth client entity in the db
- Scopes string `validate:"required" bun:",nullzero,notnull,default:'read'"` // scopes requested when this app was created
+ Scopes string `validate:"-" bun:",nullzero,notnull,default:'read'"` // scopes requested when this app was created
}
diff --git a/internal/validate/account_test.go b/internal/validate/account_test.go
new file mode 100644
index 000000000..8fcdcfb38
--- /dev/null
+++ b/internal/validate/account_test.go
@@ -0,0 +1,343 @@
+/*
+ GoToSocial
+ Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see .
+*/
+
+package validate_test
+
+import (
+ "crypto/rand"
+ "crypto/rsa"
+ "testing"
+ "time"
+
+ "github.com/stretchr/testify/suite"
+ "github.com/superseriousbusiness/gotosocial/internal/ap"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+ "github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyAccount() *gtsmodel.Account {
+
+ priv, err := rsa.GenerateKey(rand.Reader, 2048)
+ if err != nil {
+ panic(err)
+ }
+ pub := &priv.PublicKey
+
+ return >smodel.Account{
+ ID: "01F8MH1H7YV1Z7D2C8K2730QBF",
+ CreatedAt: time.Now().Add(-48 * time.Hour),
+ UpdatedAt: time.Now().Add(-48 * time.Hour),
+ Username: "the_mighty_zork",
+ Domain: "",
+ AvatarMediaAttachmentID: "01F8MH58A357CV5K7R7TJMSH6S",
+ AvatarMediaAttachment: nil,
+ AvatarRemoteURL: "",
+ HeaderMediaAttachmentID: "01PFPMWK2FF0D9WMHEJHR07C3Q",
+ HeaderMediaAttachment: nil,
+ HeaderRemoteURL: "",
+ DisplayName: "original zork (he/they)",
+ Fields: []gtsmodel.Field{},
+ Note: "hey yo this is my profile!",
+ Memorial: false,
+ AlsoKnownAs: "",
+ MovedToAccountID: "",
+ Bot: false,
+ Reason: "I wanna be on this damned webbed site so bad! Please! Wow",
+ Locked: false,
+ Discoverable: true,
+ Privacy: gtsmodel.VisibilityPublic,
+ Sensitive: false,
+ Language: "en",
+ URI: "http://localhost:8080/users/the_mighty_zork",
+ URL: "http://localhost:8080/@the_mighty_zork",
+ LastWebfingeredAt: time.Time{},
+ InboxURI: "http://localhost:8080/users/the_mighty_zork/inbox",
+ OutboxURI: "http://localhost:8080/users/the_mighty_zork/outbox",
+ FollowersURI: "http://localhost:8080/users/the_mighty_zork/followers",
+ FollowingURI: "http://localhost:8080/users/the_mighty_zork/following",
+ FeaturedCollectionURI: "http://localhost:8080/users/the_mighty_zork/collections/featured",
+ ActorType: ap.ActorPerson,
+ PrivateKey: priv,
+ PublicKey: pub,
+ PublicKeyURI: "http://localhost:8080/users/the_mighty_zork#main-key",
+ SensitizedAt: time.Time{},
+ SilencedAt: time.Time{},
+ SuspendedAt: time.Time{},
+ HideCollections: false,
+ SuspensionOrigin: "",
+ }
+}
+
+type AccountValidateTestSuite struct {
+ suite.Suite
+}
+
+func (suite *AccountValidateTestSuite) TestValidateAccountHappyPath() {
+ // no problem here
+ a := happyAccount()
+ err := validate.Struct(*a)
+ suite.NoError(err)
+}
+
+// ID must be set and be valid ULID
+func (suite *AccountValidateTestSuite) TestValidateAccountBadID() {
+ a := happyAccount()
+
+ a.ID = ""
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+ a.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+// CreatedAt can be set or not -- it will be set in the database anyway
+func (suite *AccountValidateTestSuite) TestValidateAccountNoCreatedAt() {
+ a := happyAccount()
+
+ a.CreatedAt = time.Time{}
+ err := validate.Struct(*a)
+ suite.NoError(err)
+}
+
+// LastWebfingeredAt must be defined if remote account
+func (suite *AccountValidateTestSuite) TestValidateAccountNoWebfingeredAt() {
+ a := happyAccount()
+
+ a.Domain = "example.org"
+ a.LastWebfingeredAt = time.Time{}
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.LastWebfingeredAt' Error:Field validation for 'LastWebfingeredAt' failed on the 'required_with' tag")
+}
+
+// Username must be set
+func (suite *AccountValidateTestSuite) TestValidateAccountUsername() {
+ a := happyAccount()
+
+ a.Username = ""
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.Username' Error:Field validation for 'Username' failed on the 'required' tag")
+}
+
+// Domain must be either empty (for local accounts) or proper fqdn (for remote accounts)
+func (suite *AccountValidateTestSuite) TestValidateAccountDomain() {
+ a := happyAccount()
+ a.LastWebfingeredAt = time.Now()
+
+ a.Domain = ""
+ err := validate.Struct(*a)
+ suite.NoError(err)
+
+ a.Domain = "localhost:8080"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.Domain' Error:Field validation for 'Domain' failed on the 'fqdn' tag")
+
+ a.Domain = "ahhhhh"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.Domain' Error:Field validation for 'Domain' failed on the 'fqdn' tag")
+
+ a.Domain = "https://www.example.org"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.Domain' Error:Field validation for 'Domain' failed on the 'fqdn' tag")
+
+ a.Domain = "example.org:8080"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.Domain' Error:Field validation for 'Domain' failed on the 'fqdn' tag")
+
+ a.Domain = "example.org"
+ err = validate.Struct(*a)
+ suite.NoError(err)
+}
+
+// Attachment IDs must either be not set, or must be valid ULID
+func (suite *AccountValidateTestSuite) TestValidateAttachmentIDs() {
+ a := happyAccount()
+
+ a.AvatarMediaAttachmentID = ""
+ a.HeaderMediaAttachmentID = ""
+ err := validate.Struct(*a)
+ suite.NoError(err)
+
+ a.AvatarMediaAttachmentID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+ a.HeaderMediaAttachmentID = "aaaa"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.AvatarMediaAttachmentID' Error:Field validation for 'AvatarMediaAttachmentID' failed on the 'ulid' tag\nKey: 'Account.HeaderMediaAttachmentID' Error:Field validation for 'HeaderMediaAttachmentID' failed on the 'ulid' tag")
+}
+
+// Attachment remote URLs must either not be set, or be valid URLs
+func (suite *AccountValidateTestSuite) TestValidateAttachmentRemoteURLs() {
+ a := happyAccount()
+
+ a.AvatarRemoteURL = ""
+ a.HeaderRemoteURL = ""
+ err := validate.Struct(*a)
+ suite.NoError(err)
+
+ a.AvatarRemoteURL = "-------------"
+ a.HeaderRemoteURL = "https://valid-url.com"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.AvatarRemoteURL' Error:Field validation for 'AvatarRemoteURL' failed on the 'url' tag")
+
+ a.AvatarRemoteURL = "https://valid-url.com"
+ a.HeaderRemoteURL = ""
+ err = validate.Struct(*a)
+ suite.NoError(err)
+}
+
+// Default privacy must be set if account is local
+func (suite *AccountValidateTestSuite) TestValidatePrivacy() {
+ a := happyAccount()
+ a.LastWebfingeredAt = time.Now()
+
+ a.Privacy = ""
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.Privacy' Error:Field validation for 'Privacy' failed on the 'required_without' tag")
+
+ a.Privacy = "not valid"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.Privacy' Error:Field validation for 'Privacy' failed on the 'oneof' tag")
+
+ a.Privacy = gtsmodel.VisibilityFollowersOnly
+ err = validate.Struct(*a)
+ suite.NoError(err)
+
+ a.Privacy = ""
+ a.Domain = "example.org"
+ err = validate.Struct(*a)
+ suite.NoError(err)
+
+ a.Privacy = "invalid"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.Privacy' Error:Field validation for 'Privacy' failed on the 'oneof' tag")
+}
+
+// If set, language must be a valid language
+func (suite *AccountValidateTestSuite) TestValidateLanguage() {
+ a := happyAccount()
+
+ a.Language = ""
+ err := validate.Struct(*a)
+ suite.NoError(err)
+
+ a.Language = "not valid"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.Language' Error:Field validation for 'Language' failed on the 'bcp47_language_tag' tag")
+
+ a.Language = "en-uk"
+ err = validate.Struct(*a)
+ suite.NoError(err)
+}
+
+// Account URI must be set and must be valid
+func (suite *AccountValidateTestSuite) TestValidateAccountURI() {
+ a := happyAccount()
+
+ a.URI = "invalid-uri"
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.URI' Error:Field validation for 'URI' failed on the 'url' tag")
+
+ a.URI = ""
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.URI' Error:Field validation for 'URI' failed on the 'required' tag")
+}
+
+// ActivityPub URIs must be set on account if it's local
+func (suite *AccountValidateTestSuite) TestValidateAccountURIs() {
+ a := happyAccount()
+ a.LastWebfingeredAt = time.Now()
+
+ a.InboxURI = "invalid-uri"
+ a.OutboxURI = "invalid-uri"
+ a.FollowersURI = "invalid-uri"
+ a.FollowingURI = "invalid-uri"
+ a.FeaturedCollectionURI = "invalid-uri"
+ a.PublicKeyURI = "invalid-uri"
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.InboxURI' Error:Field validation for 'InboxURI' failed on the 'url' tag\nKey: 'Account.OutboxURI' Error:Field validation for 'OutboxURI' failed on the 'url' tag\nKey: 'Account.FollowingURI' Error:Field validation for 'FollowingURI' failed on the 'url' tag\nKey: 'Account.FollowersURI' Error:Field validation for 'FollowersURI' failed on the 'url' tag\nKey: 'Account.FeaturedCollectionURI' Error:Field validation for 'FeaturedCollectionURI' failed on the 'url' tag\nKey: 'Account.PublicKeyURI' Error:Field validation for 'PublicKeyURI' failed on the 'url' tag")
+
+ a.InboxURI = ""
+ a.OutboxURI = ""
+ a.FollowersURI = ""
+ a.FollowingURI = ""
+ a.FeaturedCollectionURI = ""
+ a.PublicKeyURI = ""
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.InboxURI' Error:Field validation for 'InboxURI' failed on the 'required_without' tag\nKey: 'Account.OutboxURI' Error:Field validation for 'OutboxURI' failed on the 'required_without' tag\nKey: 'Account.FollowingURI' Error:Field validation for 'FollowingURI' failed on the 'required_without' tag\nKey: 'Account.FollowersURI' Error:Field validation for 'FollowersURI' failed on the 'required_without' tag\nKey: 'Account.FeaturedCollectionURI' Error:Field validation for 'FeaturedCollectionURI' failed on the 'required_without' tag\nKey: 'Account.PublicKeyURI' Error:Field validation for 'PublicKeyURI' failed on the 'required' tag")
+
+ a.Domain = "example.org"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.PublicKeyURI' Error:Field validation for 'PublicKeyURI' failed on the 'required' tag")
+
+ a.InboxURI = "invalid-uri"
+ a.OutboxURI = "invalid-uri"
+ a.FollowersURI = "invalid-uri"
+ a.FollowingURI = "invalid-uri"
+ a.FeaturedCollectionURI = "invalid-uri"
+ a.PublicKeyURI = "invalid-uri"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.InboxURI' Error:Field validation for 'InboxURI' failed on the 'url' tag\nKey: 'Account.OutboxURI' Error:Field validation for 'OutboxURI' failed on the 'url' tag\nKey: 'Account.FollowingURI' Error:Field validation for 'FollowingURI' failed on the 'url' tag\nKey: 'Account.FollowersURI' Error:Field validation for 'FollowersURI' failed on the 'url' tag\nKey: 'Account.FeaturedCollectionURI' Error:Field validation for 'FeaturedCollectionURI' failed on the 'url' tag\nKey: 'Account.PublicKeyURI' Error:Field validation for 'PublicKeyURI' failed on the 'url' tag")
+}
+
+// Actor type must be set and valid
+func (suite *AccountValidateTestSuite) TestValidateActorType() {
+ a := happyAccount()
+
+ a.ActorType = ""
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.ActorType' Error:Field validation for 'ActorType' failed on the 'oneof' tag")
+
+ a.ActorType = "not valid"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.ActorType' Error:Field validation for 'ActorType' failed on the 'oneof' tag")
+
+ a.ActorType = ap.ActivityArrive
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.ActorType' Error:Field validation for 'ActorType' failed on the 'oneof' tag")
+
+ a.ActorType = ap.ActorOrganization
+ err = validate.Struct(*a)
+ suite.NoError(err)
+}
+
+// Private key must be set on local accounts
+func (suite *AccountValidateTestSuite) TestValidatePrivateKey() {
+ a := happyAccount()
+ a.LastWebfingeredAt = time.Now()
+
+ a.PrivateKey = nil
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.PrivateKey' Error:Field validation for 'PrivateKey' failed on the 'required_without' tag")
+
+ a.Domain = "example.org"
+ err = validate.Struct(*a)
+ suite.NoError(err)
+}
+
+// Public key must be set
+func (suite *AccountValidateTestSuite) TestValidatePublicKey() {
+ a := happyAccount()
+
+ a.PublicKey = nil
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Account.PublicKey' Error:Field validation for 'PublicKey' failed on the 'required' tag")
+}
+
+func TestAccountValidateTestSuite(t *testing.T) {
+ suite.Run(t, new(AccountValidateTestSuite))
+}
diff --git a/internal/validate/application_test.go b/internal/validate/application_test.go
new file mode 100644
index 000000000..38fe0d8ff
--- /dev/null
+++ b/internal/validate/application_test.go
@@ -0,0 +1,133 @@
+/*
+ GoToSocial
+ Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see .
+*/
+
+package validate_test
+
+import (
+ "testing"
+ "time"
+
+ "github.com/stretchr/testify/suite"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+ "github.com/superseriousbusiness/gotosocial/internal/validate"
+)
+
+func happyApplication() *gtsmodel.Application {
+ return >smodel.Application{
+ ID: "01FE91RJR88PSEEE30EV35QR8N",
+ CreatedAt: time.Now(),
+ UpdatedAt: time.Now(),
+ Name: "Tusky",
+ Website: "https://tusky.app",
+ RedirectURI: "oauth2redirect://com.keylesspalace.tusky/",
+ ClientID: "01FEEDMF6C0QD589MRK7919Z0R",
+ ClientSecret: "bd740cf1-024a-4e4d-8c39-866538f52fe6",
+ Scopes: "read write follow",
+ }
+}
+
+type ApplicationValidateTestSuite struct {
+ suite.Suite
+}
+
+func (suite *ApplicationValidateTestSuite) TestValidateApplicationHappyPath() {
+ // no problem here
+ a := happyApplication()
+ err := validate.Struct(*a)
+ suite.NoError(err)
+}
+
+func (suite *ApplicationValidateTestSuite) TestValidateApplicationBadID() {
+ a := happyApplication()
+
+ a.ID = ""
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Application.ID' Error:Field validation for 'ID' failed on the 'required' tag")
+
+ a.ID = "01FE96W293ZPRG9FQQP48HK8N001FE96W32AT24VYBGM12WN3GKB"
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Application.ID' Error:Field validation for 'ID' failed on the 'ulid' tag")
+}
+
+func (suite *ApplicationValidateTestSuite) TestValidateApplicationNoCreatedAt() {
+ a := happyApplication()
+
+ a.CreatedAt = time.Time{}
+ err := validate.Struct(*a)
+ suite.NoError(err)
+}
+
+func (suite *ApplicationValidateTestSuite) TestValidateApplicationName() {
+ a := happyApplication()
+
+ a.Name = ""
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Application.Name' Error:Field validation for 'Name' failed on the 'required' tag")
+}
+
+func (suite *ApplicationValidateTestSuite) TestValidateApplicationWebsite() {
+ a := happyApplication()
+
+ a.Website = "invalid-website"
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Application.Website' Error:Field validation for 'Website' failed on the 'url' tag")
+
+ a.Website = ""
+ err = validate.Struct(*a)
+ suite.NoError(err)
+}
+
+func (suite *ApplicationValidateTestSuite) TestValidateApplicationRedirectURI() {
+ a := happyApplication()
+
+ a.RedirectURI = "invalid-uri"
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Application.RedirectURI' Error:Field validation for 'RedirectURI' failed on the 'uri' tag")
+
+ a.RedirectURI = ""
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Application.RedirectURI' Error:Field validation for 'RedirectURI' failed on the 'required' tag")
+
+ a.RedirectURI = "urn:ietf:wg:oauth:2.0:oob"
+ err = validate.Struct(*a)
+ suite.NoError(err)
+}
+
+func (suite *ApplicationValidateTestSuite) TestValidateApplicationClientSecret() {
+ a := happyApplication()
+
+ a.ClientSecret = "invalid-uuid"
+ err := validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Application.ClientSecret' Error:Field validation for 'ClientSecret' failed on the 'uuid' tag")
+
+ a.ClientSecret = ""
+ err = validate.Struct(*a)
+ suite.EqualError(err, "Key: 'Application.ClientSecret' Error:Field validation for 'ClientSecret' failed on the 'required' tag")
+}
+
+func (suite *ApplicationValidateTestSuite) TestValidateApplicationScopes() {
+ a := happyApplication()
+
+ a.Scopes = ""
+ err := validate.Struct(*a)
+ suite.NoError(err)
+}
+
+func TestApplicationValidateTestSuite(t *testing.T) {
+ suite.Run(t, new(ApplicationValidateTestSuite))
+}
diff --git a/lint.sh b/lint.sh
index db661c243..da7fe05b5 100755
--- a/lint.sh
+++ b/lint.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-golangci-lint run
\ No newline at end of file
+golangci-lint run --test=false