feat(apub): verify blocked

crates/apub/src/activities/create_or_update/note.rs

@@ -15,6 +15,7 @@ use crate::{
     activities::CreateOrUpdateType,
     actors::ApubUser,
     objects::{ApubPost, Note},
+    utils::verify_blocked,
 };
 
 #[derive(Deserialize, Serialize, Debug)]
@@ -97,6 +98,7 @@ impl ActivityHandler for CreateOrUpdateNote {
     async fn verify(&self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
         // TODO
         ApubPost::verify(&self.object, &self.id, data).await?;
+        verify_blocked(&self.id, data).await?;
         Ok(())
     }
 

crates/apub/src/activities/following/accept_follow.rs

@@ -78,7 +78,7 @@ impl ActivityHandler for AcceptFollow {
     }
 
     async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
-        // TODO
+        // TODO: just throw error
         Ok(())
     }
 

crates/apub/src/activities/following/follow.rs

@@ -23,6 +23,7 @@ use url::Url;
 use crate::{
     activities::{AcceptFollow, ApubReceivedFollow},
     actors::ApubUser,
+    utils::verify_blocked,
 };
 
 /// <https://github.com/LemmyNet/lemmy/blob/963d04b3526f8a5e9ff762960bfb5215e353bb27/crates/apub/src/protocol/activities/following/follow.rs>
@@ -58,8 +59,9 @@ impl ActivityHandler for Follow {
         self.actor.inner()
     }
 
-    async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+    async fn verify(&self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
         // TODO
+        verify_blocked(&self.id, data).await?;
         Ok(())
     }
 

crates/apub/src/activities/following/undo_follow.rs

@@ -11,7 +11,7 @@ use sea_orm::EntityTrait;
 use serde::{Deserialize, Serialize};
 use url::Url;
 
-use crate::{activities::Follow, actors::ApubUser};
+use crate::{activities::Follow, actors::ApubUser, utils::verify_blocked};
 
 // https://github.com/LemmyNet/lemmy/blob/963d04b3526f8a5e9ff762960bfb5215e353bb27/crates/apub/src/protocol/activities/following/undo_follow.rs
 #[derive(Clone, Debug, Deserialize, Serialize)]
@@ -44,8 +44,9 @@ impl ActivityHandler for UndoFollow {
         self.actor.inner()
     }
 
-    async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+    async fn verify(&self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
         // TODO
+        verify_blocked(&self.id, data).await?;
         Ok(())
     }
 

crates/apub/src/activities/like_or_announce/like_or_announce.rs

@@ -22,6 +22,7 @@ use crate::{
     activities::{ApubReceivedAnnounce, ApubReceivedLike, LikeOrAnnounceType},
     actors::ApubUser,
     objects::ApubPost,
+    utils::verify_blocked,
 };
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
@@ -48,8 +49,9 @@ impl ActivityHandler for LikeOrAnnounce {
         self.actor.inner()
     }
 
-    async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+    async fn verify(&self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
         // TODO
+        verify_blocked(&self.id, data).await?;
         Ok(())
     }
 

crates/apub/src/activities/like_or_announce/undo_like_or_announce.rs

@@ -11,7 +11,7 @@ use serde::{Deserialize, Serialize};
 use url::Url;
 
 use super::LikeOrAnnounceType;
-use crate::{activities::LikeOrAnnounce, actors::ApubUser};
+use crate::{activities::LikeOrAnnounce, actors::ApubUser, utils::verify_blocked};
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
 #[serde(rename_all = "camelCase")]
@@ -37,8 +37,9 @@ impl ActivityHandler for UndoLikeOrAnnounce {
         self.actor.inner()
     }
 
-    async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+    async fn verify(&self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
         // TODO
+        verify_blocked(&self.id, data).await?;
         Ok(())
     }
 

crates/apub/src/lib.rs

@@ -3,6 +3,7 @@ pub mod actors;
 pub mod collections;
 pub mod links;
 pub mod objects;
+mod utils;
 
 // #[cfg(test)]
 pub mod tests {

crates/apub/src/utils/mod.rs

@@ -0,0 +1,3 @@
+mod verify_blocked;
+
+pub use verify_blocked::verify_blocked;

crates/apub/src/utils/verify_blocked.rs

@@ -0,0 +1,38 @@
+use activitypub_federation::config::Data;
+use axum::http::StatusCode;
+use hatsu_db_schema::prelude::BlockedUrl;
+use hatsu_utils::{AppData, AppError};
+use sea_orm::EntityTrait;
+use url::Url;
+
+pub async fn verify_blocked(url: &Url, data: &Data<AppData>) -> Result<(), AppError> {
+    let blocked_url = BlockedUrl::find().all(&data.conn).await?;
+
+    if blocked_url
+        .clone()
+        .into_iter()
+        .filter(|url| url.is_instance)
+        .filter_map(|url| Url::parse(&url.id).ok())
+        .map(|url| url.origin())
+        .any(|instance| url.origin().eq(&instance))
+    {
+        Err(AppError::new(
+            format!("blocked instance: {:?}", url.host_str()),
+            None,
+            Some(StatusCode::BAD_REQUEST),
+        ))
+    } else if blocked_url
+        .into_iter()
+        .filter(|url| !url.is_instance)
+        .filter_map(|url| Url::parse(&url.id).ok())
+        .any(|actor| url.eq(&actor))
+    {
+        Err(AppError::new(
+            format!("blocked actor: {}", url),
+            None,
+            Some(StatusCode::BAD_REQUEST),
+        ))
+    } else {
+        Ok(())
+    }
+}