From: Dessalines Date: Fri, 21 Apr 2023 21:41:03 +0000 (-0400) Subject: Remove last Option, - pub allowed: Option>, - pub blocked: Option>, + pub allowed: Vec, + pub blocked: Vec, } #[derive(Debug, Serialize, Deserialize, Clone)] diff --git a/crates/api_common/src/utils.rs b/crates/api_common/src/utils.rs index ee3ee844..75f878fc 100644 --- a/crates/api_common/src/utils.rs +++ b/crates/api_common/src/utils.rs @@ -318,10 +318,6 @@ pub async fn build_federated_instances( let allowed = Instance::allowlist(pool).await?; let blocked = Instance::blocklist(pool).await?; - // These can return empty vectors, so convert them to options - let allowed = (!allowed.is_empty()).then_some(allowed); - let blocked = (!blocked.is_empty()).then_some(blocked); - Ok(Some(FederatedInstances { linked, allowed, diff --git a/crates/apub/src/lib.rs b/crates/apub/src/lib.rs index 43e26961..a5bc41d1 100644 --- a/crates/apub/src/lib.rs +++ b/crates/apub/src/lib.rs @@ -69,16 +69,22 @@ fn check_apub_id_valid(apub_id: &Url, local_site_data: &LocalSiteData) -> Result return Err("Federation disabled"); } - if let Some(blocked) = local_site_data.blocked_instances.as_ref() { - if blocked.iter().any(|i| domain.eq(&i.domain)) { - return Err("Domain is blocked"); - } + if local_site_data + .blocked_instances + .iter() + .any(|i| domain.eq(&i.domain)) + { + return Err("Domain is blocked"); } - if let Some(allowed) = local_site_data.allowed_instances.as_ref() { - if !allowed.iter().any(|i| domain.eq(&i.domain)) { - return Err("Domain is not in allowlist"); - } + // Only check this if there are instances in the allowlist + if !local_site_data.allowed_instances.is_empty() + && !local_site_data + .allowed_instances + .iter() + .any(|i| domain.eq(&i.domain)) + { + return Err("Domain is not in allowlist"); } Ok(()) @@ -87,8 +93,8 @@ fn check_apub_id_valid(apub_id: &Url, local_site_data: &LocalSiteData) -> Result #[derive(Clone)] pub(crate) struct LocalSiteData { local_site: Option, - allowed_instances: Option>, - blocked_instances: Option>, + allowed_instances: Vec, + blocked_instances: Vec, } pub(crate) async fn fetch_local_site_data( @@ -96,12 +102,8 @@ pub(crate) async fn fetch_local_site_data( ) -> Result { // LocalSite may be missing let local_site = LocalSite::read(pool).await.ok(); - let allowed = Instance::allowlist(pool).await?; - let blocked = Instance::blocklist(pool).await?; - - // These can return empty vectors, so convert them to options - let allowed_instances = (!allowed.is_empty()).then_some(allowed); - let blocked_instances = (!blocked.is_empty()).then_some(blocked); + let allowed_instances = Instance::allowlist(pool).await?; + let blocked_instances = Instance::blocklist(pool).await?; Ok(LocalSiteData { local_site, @@ -126,26 +128,25 @@ pub(crate) fn check_apub_id_valid_with_strictness( } check_apub_id_valid(apub_id, local_site_data).map_err(LemmyError::from_message)?; - if let Some(allowed) = local_site_data.allowed_instances.as_ref() { - // Only check allowlist if this is a community - if is_strict { - // need to allow this explicitly because apub receive might contain objects from our local - // instance. - let mut allowed_and_local = allowed - .iter() - .map(|i| i.domain.clone()) - .collect::>(); - let local_instance = settings - .get_hostname_without_port() - .expect("local hostname is valid"); - allowed_and_local.push(local_instance); - - let domain = apub_id.domain().expect("apud id has domain").to_string(); - if !allowed_and_local.contains(&domain) { - return Err(LemmyError::from_message( - "Federation forbidden by strict allowlist", - )); - } + // Only check allowlist if this is a community, and there are instances in the allowlist + if is_strict && !local_site_data.allowed_instances.is_empty() { + // need to allow this explicitly because apub receive might contain objects from our local + // instance. + let mut allowed_and_local = local_site_data + .allowed_instances + .iter() + .map(|i| i.domain.clone()) + .collect::>(); + let local_instance = settings + .get_hostname_without_port() + .expect("local hostname is valid"); + allowed_and_local.push(local_instance); + + let domain = apub_id.domain().expect("apud id has domain").to_string(); + if !allowed_and_local.contains(&domain) { + return Err(LemmyError::from_message( + "Federation forbidden by strict allowlist", + )); } } Ok(()) diff --git a/crates/apub/src/objects/mod.rs b/crates/apub/src/objects/mod.rs index ff4182dd..1dbc7c63 100644 --- a/crates/apub/src/objects/mod.rs +++ b/crates/apub/src/objects/mod.rs @@ -64,7 +64,6 @@ pub(crate) mod tests { }; use lemmy_db_schema::{source::secret::Secret, utils::build_db_pool_for_tests}; use lemmy_utils::{ - error::LemmyError, rate_limit::{RateLimitCell, RateLimitConfig}, settings::SETTINGS, }; @@ -89,9 +88,6 @@ pub(crate) mod tests { // TODO: would be nice if we didnt have to use a full context for tests. pub(crate) async fn init_context() -> Data { - async fn x() -> Result { - Ok(String::new()) - } // call this to run migrations let pool = build_db_pool_for_tests().await;