-pub fn generate_shared_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, LemmyError> {
- let actor_id: Url = actor_id.clone().into();
- let url = format!(
- "{}://{}{}/inbox",
- &actor_id.scheme(),
- &actor_id.host_str().context(location_info!())?,
- if let Some(port) = actor_id.port() {
- format!(":{}", port)
- } else {
- "".to_string()
- },
- );
- Ok(Url::parse(&url)?.into())
+ let local_site_data = local_site_data_cached(&mut context.pool()).await?;
+ check_apub_id_valid(apub_id, &local_site_data).map_err(|err| match err {
+ "Federation disabled" => LemmyErrorType::FederationDisabled,
+ "Domain is blocked" => LemmyErrorType::DomainBlocked,
+ "Domain is not in allowlist" => LemmyErrorType::DomainNotInAllowList,
+ _ => panic!("Could not handle apub error!"),
+ })?;
+
+ // Only check allowlist if this is a community, and there are instances in the allowlist
+ if is_strict && !local_site_data.allowed_instances.is_empty() {
+ // need to allow this explicitly because apub receive might contain objects from our local
+ // instance.
+ let mut allowed_and_local = local_site_data
+ .allowed_instances
+ .iter()
+ .map(|i| i.domain.clone())
+ .collect::<Vec<String>>();
+ let local_instance = context
+ .settings()
+ .get_hostname_without_port()
+ .expect("local hostname is valid");
+ allowed_and_local.push(local_instance);
+
+ let domain = apub_id.domain().expect("apud id has domain").to_string();
+ if !allowed_and_local.contains(&domain) {
+ return Err(LemmyErrorType::FederationDisabledByStrictAllowList)?;
+ }
+ }
+ Ok(())