-fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError> {
- Ok(Url::parse(&format!("{}/moderators", community_id))?.into())
+ let local_site_data = local_site_data_cached(&mut context.pool()).await?;
+ check_apub_id_valid(apub_id, &local_site_data).map_err(|err| match err {
+ "Federation disabled" => LemmyErrorType::FederationDisabled,
+ "Domain is blocked" => LemmyErrorType::DomainBlocked,
+ "Domain is not in allowlist" => LemmyErrorType::DomainNotInAllowList,
+ _ => panic!("Could not handle apub error!"),
+ })?;
+
+ // Only check allowlist if this is a community, and there are instances in the allowlist
+ if is_strict && !local_site_data.allowed_instances.is_empty() {
+ // need to allow this explicitly because apub receive might contain objects from our local
+ // instance.
+ let mut allowed_and_local = local_site_data
+ .allowed_instances
+ .iter()
+ .map(|i| i.domain.clone())
+ .collect::<Vec<String>>();
+ let local_instance = context
+ .settings()
+ .get_hostname_without_port()
+ .expect("local hostname is valid");
+ allowed_and_local.push(local_instance);
+
+ let domain = apub_id.domain().expect("apud id has domain").to_string();
+ if !allowed_and_local.contains(&domain) {
+ return Err(LemmyErrorType::FederationDisabledByStrictAllowList)?;
+ }
+ }
+ Ok(())