[feature] Fetch + create domain permissions from subscriptions nightly (#3635)

* peepeepoopoo

* test domain perm subs

* swagger

* envparsing

* dries your wets

* start on docs

* finish up docs

* copy paste errors

* rename actions package

* rename force -> skipCache

* move obfuscate parse nearer to where err is checked

* make higherPrios a simple slice

* don't use receiver for permsFrom funcs

* add more context to error logs

* defer finished log

* use switch for permType instead of if/else

* thanks linter, love you <3

* validate csv headers before full read

* use bufio scanner
This commit is contained in:
tobi 2025-01-08 11:29:40 +01:00 committed by GitHub
parent c013892ca2
commit 451803b230
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
95 changed files with 3320 additions and 626 deletions

View file

@ -225,10 +225,11 @@ Simply download the binary + assets (or Docker container), tweak your configurat
### Safety + security features
- Built-in, automatic support for secure HTTPS with [Let's Encrypt](https://letsencrypt.org/).
- Strict privacy enforcement for posts and strict blocking logic.
- Import and export allow lists and deny lists. Subscribe to community-created block lists (think Ad blocker, but for federation!) (feature still in progress).
- Strict privacy enforcement for posts, and strict blocking logic.
- [Choose the visibility of posts on the web view of your profile](https://docs.gotosocial.org/en/latest/user_guide/settings/#visibility-level-of-posts-to-show-on-your-profile).
- [Import, export](https://docs.gotosocial.org/en/latest/admin/settings/#importexport), and [subscribe](https://docs.gotosocial.org/en/latest/admin/domain_permission_subscriptions) to community-created domain allow and domain block lists.
- HTTP signature authentication: GoToSocial requires [HTTP Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12) when sending and receiving messages, to ensure that your messages can't be tampered with and your identity can't be forged.
- Built-in, automatic support for secure HTTPS with [Let's Encrypt](https://letsencrypt.org/).
### Various federation modes

View file

@ -71,7 +71,7 @@ These are provided in no specific order.
- [x] **Filters v2** -- implement v2 of the filters API.
- [x] **Mute accounts** -- mute accounts to prevent their posts showing up in your home timeline (optional: for limited period of time).
- [x] **Non-replyable posts** -- design a non-replyable post path for GoToSocial based on https://github.com/mastodon/mastodon/issues/14762#issuecomment-1196889788; allow users to create non-replyable posts.
- [ ] **Block + allow list subscriptions** -- allow instance admins to subscribe their instance to plaintext domain block/allow lists (much of the work for this is already in place).
- [x] **Block + allow list subscriptions** -- allow instance admins to subscribe their instance to domain block/allow lists.
- [x] **Direct conversation view** -- allow users to easily page through all direct-message conversations they're a part of.
- [ ] **Oauth token management** -- create / view / invalidate OAuth tokens via the settings panel.
- [ ] **Status EDIT support** -- edit statuses that you've created, without having to delete + redraft. Federate edits out properly.

View file

@ -40,7 +40,8 @@ func initState(ctx context.Context) (*state.State, error) {
state.Caches.Init()
state.Caches.Start()
// Set the state DB connection
// Only set state DB connection.
// Don't need Actions or Workers for this (yet).
dbConn, err := bundb.NewBunDBService(ctx, &state)
if err != nil {
return nil, fmt.Errorf("error creating dbConn: %w", err)

View file

@ -127,6 +127,8 @@ func setupList(ctx context.Context) (*list, error) {
state.Caches.Init()
state.Caches.Start()
// Only set state DB connection.
// Don't need Actions or Workers for this.
dbService, err := bundb.NewBunDBService(ctx, &state)
if err != nil {
return nil, fmt.Errorf("error creating dbservice: %w", err)

View file

@ -45,10 +45,12 @@ func setupPrune(ctx context.Context) (*prune, error) {
state.Caches.Start()
// Scheduler is required for the
// claner, but no other workers
// cleaner, but no other workers
// are needed for this CLI action.
state.Workers.StartScheduler()
// Set state DB connection.
// Don't need Actions for this.
dbService, err := bundb.NewBunDBService(ctx, &state)
if err != nil {
return nil, fmt.Errorf("error creating dbservice: %w", err)

View file

@ -33,12 +33,12 @@
var Export action.GTSAction = func(ctx context.Context) error {
var state state.State
// Only set state DB connection.
// Don't need Actions or Workers for this.
dbConn, err := bundb.NewBunDBService(ctx, &state)
if err != nil {
return fmt.Errorf("error creating dbservice: %s", err)
}
// Set the state DB connection
state.DB = dbConn
exporter := trans.NewExporter(dbConn)

View file

@ -33,12 +33,12 @@
var Import action.GTSAction = func(ctx context.Context) error {
var state state.State
// Only set state DB connection.
// Don't need Actions or Workers for this.
dbConn, err := bundb.NewBunDBService(ctx, &state)
if err != nil {
return fmt.Errorf("error creating dbservice: %s", err)
}
// Set the state DB connection
state.DB = dbConn
importer := trans.NewImporter(dbConn)

View file

@ -32,6 +32,7 @@
"github.com/KimMachineGun/automemlimit/memlimit"
"github.com/gin-gonic/gin"
"github.com/superseriousbusiness/gotosocial/cmd/gotosocial/action"
"github.com/superseriousbusiness/gotosocial/internal/admin"
"github.com/superseriousbusiness/gotosocial/internal/api"
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
"github.com/superseriousbusiness/gotosocial/internal/cleaner"
@ -44,6 +45,7 @@
"github.com/superseriousbusiness/gotosocial/internal/metrics"
"github.com/superseriousbusiness/gotosocial/internal/middleware"
tlprocessor "github.com/superseriousbusiness/gotosocial/internal/processing/timeline"
"github.com/superseriousbusiness/gotosocial/internal/subscriptions"
"github.com/superseriousbusiness/gotosocial/internal/timeline"
"github.com/superseriousbusiness/gotosocial/internal/tracing"
"go.uber.org/automaxprocs/maxprocs"
@ -164,6 +166,10 @@
// Set DB on state.
state.DB = dbService
// Set Actions on state, providing workers to
// Actions as well for triggering side effects.
state.AdminActions = admin.New(dbService, &state.Workers)
// Ensure necessary database instance prerequisites exist.
if err := dbService.CreateInstanceAccount(ctx); err != nil {
return fmt.Errorf("error creating instance account: %s", err)
@ -283,15 +289,18 @@ func(context.Context, time.Time) {
// Create background cleaner.
cleaner := cleaner.New(state)
// Now schedule background cleaning tasks.
if err := cleaner.ScheduleJobs(); err != nil {
return fmt.Errorf("error scheduling cleaner jobs: %w", err)
}
// Create subscriptions fetcher.
subscriptions := subscriptions.New(
state,
transportController,
typeConverter,
)
// Create the processor using all the
// other services we've created so far.
process = processing.NewProcessor(
cleaner,
subscriptions,
typeConverter,
federator,
oauthServer,
@ -302,6 +311,16 @@ func(context.Context, time.Time) {
intFilter,
)
// Schedule background cleaning tasks.
if err := cleaner.ScheduleJobs(); err != nil {
return fmt.Errorf("error scheduling cleaner jobs: %w", err)
}
// Schedule background subscriptions updating.
if err := subscriptions.ScheduleJobs(); err != nil {
return fmt.Errorf("error scheduling subscriptions jobs: %w", err)
}
// Initialize the specialized workers pools.
state.Workers.Client.Init(messages.ClientMsgIndices())
state.Workers.Federator.Init(messages.FederatorMsgIndices())

View file

@ -20,11 +20,9 @@
package testrig
import (
"bytes"
"context"
"errors"
"fmt"
"io"
"net/http"
"os"
"os/signal"
@ -47,6 +45,7 @@
"github.com/superseriousbusiness/gotosocial/internal/router"
"github.com/superseriousbusiness/gotosocial/internal/state"
"github.com/superseriousbusiness/gotosocial/internal/storage"
"github.com/superseriousbusiness/gotosocial/internal/subscriptions"
"github.com/superseriousbusiness/gotosocial/internal/timeline"
"github.com/superseriousbusiness/gotosocial/internal/tracing"
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
@ -159,16 +158,8 @@
testrig.StandardStorageSetup(state.Storage, "./testrig/media")
// build backend handlers
transportController := testrig.NewTestTransportController(state, testrig.NewMockHTTPClient(func(req *http.Request) (*http.Response, error) {
r := io.NopCloser(bytes.NewReader([]byte{}))
return &http.Response{
StatusCode: 200,
Body: r,
Header: http.Header{
"Content-Type": req.Header.Values("Accept"),
},
}, nil
}, ""))
httpClient := testrig.NewMockHTTPClient(nil, "./testrig/media")
transportController := testrig.NewTestTransportController(state, httpClient)
mediaManager := testrig.NewTestMediaManager(state)
federator := testrig.NewTestFederator(state, transportController, mediaManager)
@ -314,11 +305,23 @@
// Create background cleaner.
cleaner := cleaner.New(state)
// Now schedule background cleaning tasks.
// Schedule background cleaning tasks.
if err := cleaner.ScheduleJobs(); err != nil {
return fmt.Errorf("error scheduling cleaner jobs: %w", err)
}
// Create subscriptions fetcher.
subscriptions := subscriptions.New(
state,
transportController,
typeConverter,
)
// Schedule background subscriptions updating.
if err := subscriptions.ScheduleJobs(); err != nil {
return fmt.Errorf("error scheduling subscriptions jobs: %w", err)
}
// Finally start the main http server!
if err := route.Start(); err != nil {
return fmt.Errorf("error starting router: %w", err)

View file

@ -2,7 +2,7 @@
GoToSocial supports 'blocking'/'suspending' domains that you don't want your instance to federate with. In our documentation, the two terms 'block' and 'suspend' are used interchangeably with regard to domains, because they mean the same thing: preventing your instance and the instance running on the target domain from communicating with one another, effectively cutting off federation between the two instances.
You can view, create, and remove domain blocks and domain allows using the [instance admin panel](./settings.md#federation).
You can view, create, and remove domain blocks and domain allows using the [instance admin panel](./settings.md#domain-permissions).
This document focuses on what domain blocks actually *do* and what side effects are processed when you create a new domain block.

View file

@ -0,0 +1,145 @@
# Domain Permission Subscriptions
Via the [admin settings panel](./settings.md#subscriptions), you can create and manage domain permission subscriptions.
Domain permission subscriptions allow you to specify a URL at which a permission list is hosted. Every 24hrs at 11pm (by default), your instance will fetch and parse each list you're subscribed to, in order of priority (highest to lowest), and create domain permissions (or domain permission drafts) based on entries discovered in the lists.
Each domain permission subscription can be used to create domain allow or domain block entries.
!!! warning
Currently, via blocklist subscriptions it is only possible to create "suspend" level domain blocks; other severities are not yet supported. Entries of severity "silence" or "limit" etc. on subscribed blocklists will be skipped.
## Priority
When you specify multiple domain permission subscriptions, they will be fetched and parsed in order of priority, from highest priority (255) to lowest priority (0).
Permissions discovered on lists higher up in the priority ranking will override permissions on lists lower down in the priority ranking.
For example, an instance admin subscribes to two allow lists, "Important List" at priority 255, and "Less Important List" at priority 128. Each of these subscribed lists contain an entry for `good-eggs.example.org`.
The subscription with the higher priority is the one that now creates and manages the domain allow entry for `good-eggs.example.org`.
If the subscription with the higher priority is removed, then the next time all the subscriptions are fetched, "Less Important List" will create (or take ownership of) the domain allow instead.
## Orphan Permissions
Domain permissions (blocks or allows) that are not currently managed by a domain permission subscription are considered "orphan" permissions. This includes permissions that an admin created in the settings panel by hand, or which were imported manually via the import/export page.
If you wish, when creating a domain permission subscription, you can set ["adopt orphans"](./settings.md#adopt-orphan-permissions) to true for that subscription. If a domain permission subscription that is set to adopt orphans encounters an orphan permission which is *also present on the list at the subscription's URI*, then it will "adopt" the orphan by setting the orphan's subscription ID to its own ID.
For example, an instance admin manually creates a domain block for the domain `horrid-trolls.example.org`. Later, they create a domain permission subscription for a block list that contains an entry for `horrid-trolls.example.org`, and they set "adopt orphans" to true. When their instance fetches and parses the list, and creates domain permission entries from it, then the orphan domain block for `horrid-trolls.example.org` gets adopted by the domain permission subscription. Now, if the domain permission subscription is removed, and the option to remove all permissions owned by the subscription is checked, then the domain block for `horrid-trolls.example.org` will also be removed.
## Fun Stuff To Do With Domain Permission Subscriptions
### 1. Create an allowlist-federation cluster.
Domain permission subscriptions make it possible to easily create allowlist-federation clusters, ie., a group of instances can essentially form their own mini-fediverse, wherein each instance runs in [allowlist federation mode](./federation_modes.md#allowlist-federation-mode), and subscribes to a cooperatively-managed allowlist hosted somewhere.
For example, instances `instance-a.example.org`, `instance-b.example.org`, and `instance-c.example.org` decide that they only want to federate with each other.
Using some version management platform like GitHub, they host a plaintext-formatted allowlist at something like `https://raw.githubusercontent.com/our-cluster/allowlist/refs/heads/main/allows.txt`.
The contents of the plaintext-formatted allowlist are as follows:
```text
instance-a.example.org
instance-b.example.org
instance-c.example.org
```
Each instance admin sets their federation mode to `allowlist`, and creates a subscription to create allows from `https://raw.githubusercontent.com/our-cluster/allowlist/refs/heads/main/allows.txt`, which results in domain allow entries being created for their own domain, and for each other domain in the cluster.
At some point, someone from `instance-d.example.org` asks (out of band) whether they can be added to the cluster. The existing admins agree, and update their plaintext-formatted allowlist to read:
```text
instance-a.example.org
instance-b.example.org
instance-c.example.org
instance-d.example.org
```
The next time each instance fetches the list, a new domain allow entry will be created for `instance-d.example.org`, and it will be able to federate with the other domains on the list.
### 2. Cooperatively manage a blocklist.
Domain permission subscriptions make it easy to collaborate on and subscribe to shared blocklists of domains that host illegal / fashy / otherwise undesired accounts and content.
For example, the admins of instances `instance-e.example.org`, `instance-f.example.org`, and `instance-g.example.org` decide that they are tired of duplicating work by playing whack-a-mole with bad actors. To make their lives easier, they decide to collaborate on a shared blocklist.
Using some version management platform like GitHub, they host a blocklist at something like `https://raw.githubusercontent.com/baddies/blocklist/refs/heads/main/blocks.csv`.
When someone discovers a new domain hosting an instance they don't like, they can open a pull request or similar against the list, to add the questionable instance to the domain.
For example, someone gets an unpleasant reply from a new instance `fashy-arseholes.example.org`. Using their collaboration tools, they propose adding `fashy-arseholes.example.org` to the blocklist. After some deliberation and discussion, the domain is added to the list.
The next time each of `instance-e.example.org`, `instance-f.example.org`, and `instance-g.example.org` fetch the block list, a block entry will be created for ``fashy-arseholes.example.org``.
### 3. Subscribe to a blocklist, but ignore some of it.
Say that `instance-g.example.org` in the previous section decides that they agree with most of the collaboratively-curated blocklist, but they actually would like to keep federating with ``fashy-arseholes.example.org`` for some godforsaken reason.
This can be done in one of three ways:
1. The admin of `instance-g.example.org` subscribes to the shared blocklist, but they do so with the ["create as drafts"](./settings.md#create-permissions-as-drafts) option set to true. When their instance fetches the blocklist, a draft block is created for `fashy-arseholes.example.org`. The admin of `instance-g` just leaves the permission as a draft, or rejects it, so it never comes into force.
2. Before the blocklist is re-fetched, the admin of `instance-g.example.org` creates a [domain permission exclude](./settings.md#excludes) entry for ``instance-g.example.org``. The domain ``instance-g.example.org`` then becomes exempt/excluded from automatic permission creation, and so the block for ``instance-g.example.org`` on the shared blocklist does not get created in the database of ``instance-g.example.org`` the next time the list is fetched.
3. The admin of `instance-g.example.org` creates an explicit domain allow entry for `fashy-arseholes.example.org` on their own instance. Because their instance is running in `blocklist` federation mode, [the explicit allow overrides the domain block entry](./federation_modes.md#in-blocklist-mode), and so the domain remains unblocked.
### 4. Subscribe directly to another instance's blocklist.
Because GoToSocial is able to fetch and parse JSON-formatted lists of domain permissions, it is possible to subscribe directly to another instance's list of blocked domains via their `/api/v1/instance/domain_blocks` (Mastodon) or `/api/v1/instance/peers?filter=suspended` (GoToSocial) endpoint (if exposed).
For example, the Mastodon instance `peepee.poopoo.example.org` exposes their block list publicly, and the owner of the GoToSocial instance `instance-h.example.org` decides they quite like the cut of the Mastodon moderator's jib. They create a domain permission subscription of type JSON, and set the URI to `https://peepee.poopoo.example.org/api/v1/instance/domain_blocks`. Every 24 hours, their instance will go fetch the blocklist JSON from the Mastodon instance, and create permissions based on entries discovered therein.
## Example lists per content type
Shown below are examples of the different permission list formats that GoToSocial is able to understand and parse.
Each list contains three domains, `bumfaces.net`, `peepee.poopoo`, and `nothanks.com`.
### CSV
CSV lists use content type `text/csv`.
Mastodon domain permission exports generally use this format.
```csv
#domain,#severity,#reject_media,#reject_reports,#public_comment,#obfuscate
bumfaces.net,suspend,false,false,big jerks,false
peepee.poopoo,suspend,false,false,harassment,false
nothanks.com,suspend,false,false,,false
```
### JSON (application/json)
JSON lists use content type `application/json`.
```json
[
{
"domain": "bumfaces.net",
"suspended_at": "2020-05-13T13:29:12.000Z",
"public_comment": "big jerks"
},
{
"domain": "peepee.poopoo",
"suspended_at": "2020-05-13T13:29:12.000Z",
"public_comment": "harassment"
},
{
"domain": "nothanks.com",
"suspended_at": "2020-05-13T13:29:12.000Z"
}
]
```
### Plaintext (text/plain)
Plaintext lists use content type `text/plain`.
Note that it is not possible to include any fields like "obfuscate" or "public comment" in plaintext lists, as they are simply a newline-separated list of domains.
```text
bumfaces.net
peepee.poopoo
nothanks.com
```

View file

@ -34,11 +34,11 @@ Clicking on the username of the reported account opens that account in the 'Acco
You can use this section to search for an account and perform moderation actions on it.
### Federation
### Domain Permissions
![List of suspended instances, with a field to filter/add new blocks. Below is a link to the bulk import/export interface](../public/admin-settings-federation.png)
In the federation section you can create, delete, and review explicit domain blocks and domain allows.
In the domain permissions section you can create, delete, and review domain blocks, domain allows, drafts, excludes, and subscriptions.
For more detail on federation settings, and specifically how domain allows and domain blocks work in combination, please see [the federation modes section](./federation_modes.md), and [the domain blocks section](./domain_blocks.md).
@ -46,20 +46,99 @@ For more detail on federation settings, and specifically how domain allows and d
You can enter a domain to suspend in the search field, which will filter the list to show you if you already have a block for it.
Clicking 'suspend' gives you a form to add a public and/or private comment, and submit to add the block. Adding a suspension will suspend all the currently known accounts on the instance, and prevent any new interactions with any user on the blocked instance.
Clicking 'suspend' gives you a form to add a public and/or private comment, and submit to add the block.
Adding a domain block will suspend all currently known accounts from that domain, and prevent any new interactions with the blocked domain.
#### Domain Allows
The domain allows section works much like the domain blocks section, described above, only for explicit domain allows rather than domain blocks.
#### Bulk import/export
#### Import/export
Through the link at the bottom of the Federation section (or going to `/settings/admin/federation/import-export`) you can do bulk import/export of blocklists and allowlists.
In this section you can do bulk import/export of domain permissions in JSON, CSV, or plaintext formats.
![List of domains included in an import, providing ways to select some or all of them, change their domains, and update the use of subdomains.](../public/admin-settings-federation-import-export.png)
Upon importing a list, either through the input field or from a file, you can review the entries in the list before importing a subset. You'll also be warned for entries that use subdomains, providing an easy way to change them to the main domain.
#### Drafts
In this section you can create, search through, accept, and reject domain permission drafts.
Domain permission drafts are domain permissions that have been proposed (either via manual creation or as an entry from a subscribed block / allow list), but have not yet come into force.
Until it is accepted, a domain permission draft will not have any effect on federation with the domain it targets. Upon acceptance, it will be converted into either a domain block or a domain allow, and start being enforced.
#### Excludes
In this section, you can create, search through, and remove domain permission excludes.
Domain permission excludes prevent permissions for a domain (and all subdomains) from being automatically managed by domain permission subscriptions.
For example, if you create an exclude entry for the domain `example.org`, then a blocklist or allowlist subscription will exclude entries for `example.org` and any of its subdomains (`sub.example.org`, `another.sub.example.org` etc.) when creating domain permission drafts and domain blocks/allows.
This functionality allows you to manually manage permissions for excluded domains, in cases where you know you definitely do or don't want to federate with a given domain, no matter what entries are contained in a domain permission subscription.
Note that by itself, creation of an exclude entry for a given domain does not affect federation with that domain at all, it is only useful in combination with permission subscriptions.
#### Subscriptions
In this section, you can create, search through, edit, test, and remove domain permission subscriptions.
Domain permission subscriptions allow you to specify a URL at which a permission list is hosted. Every 24hrs at 11pm (by default), your instance will fetch and parse each subscribed list, and create domain permissions (or domain permission drafts) based on entries in the lists.
##### Title
You can optionally use the title field to set a title for the subscription, as a reminder for yourself and other admins.
For example, you might subscribe to a list at `https://lists.example.org/baddies.csv` and set the title of the subscription to something that reflects the contents of that list, such as "Basic block list (worst of the worst)", or similar.
##### Subscription Priority
When you specify multiple domain permission subscriptions, they will be fetched and parsed in order of priority, from highest priority (255) to lowest priority (0).
Permissions discovered on lists higher up in the priority ranking will override permissions on lists lower down in the priority ranking.
For more information on priority, please see the separate [domain permission subscriptions](./domain_permission_subscriptions.md) document.
##### Permission Type
You can use this dropdown to select whether permissions discovered at the list URL should be created as domain blocks, or domain allows.
##### Content Type
You can use this dropdown to select the content type of the list at the subscribed URL.
Use CSV for Mastodon-style permission lists, plain for plaintext lists of domain names, or JSON for json-exported lists.
##### Basic Auth
Check this box to provide a basic auth username and/or password credential for the subscribed list, which will be sent along with each request to fetch the list.
##### Adopt Orphan Permissions
If you check this box, then any existing domain permissions will become managed by this subscription in the following circumstances:
1. They don't already have a subscription ID (ie., they're not managed by any domain permission subscription).
2. They match a domain permission included in the list at the URL of this subscription.
For more information on orphan permissions, please see the separate [domain permission subscriptions](./domain_permission_subscriptions.md) document.
##### Create Permissions as Drafts
With this box checked (default), any permissions created by this subscription will be created as **drafts** which require manual approval to come into force.
It is recommended to leave this box checked unless you absolutely trust the subscribed list, to avoid inadvertent blocking or allowing of domains you'd rather not block or allow.
##### Test a Subscription
To test whether a subscription can be successfully parsed, first create the subscription, then in the detailed view for that subscription, click on the "Test" button.
If your instance is able to fetch and parse permissions at the subscription URI, then you will see a list of these after clicking "Test". Otherwise, you will see an error message.
![Screenshot of the detailed view of a subscription, with arrows pointing to the test section near the bottom.](../public/admin-settings-federation-subscription-test.png)
## Administration
Instance administration settings.

View file

@ -6436,6 +6436,46 @@ paths:
summary: Remove a domain permission subscription.
tags:
- admin
/api/v1/admin/domain_permission_subscriptions/{id}/test:
post:
description: |-
The response body will be a list of domain permissions that *would* be created by this subscription, OR an error message.
This is useful in cases where you want to check that your instance can actually fetch + parse a list.
operationId: domainPermissionSubscriptionTest
parameters:
- description: ID of the domain permission draft.
in: path
name: id
required: true
type: string
produces:
- application/json
responses:
"200":
description: Either an array of domain permissions, OR an error message of the form `{"error":"[ERROR MESSAGE HERE]"}` indicating why the list could not be fetched.
schema:
items:
$ref: '#/definitions/domain'
type: array
"400":
description: bad request
"401":
description: unauthorized
"403":
description: forbidden
"406":
description: not acceptable
"409":
description: conflict
"500":
description: internal server error
security:
- OAuth2 Bearer:
- admin
summary: Test one domain permission subscription by making your instance fetch and parse it *without creating permissions*.
tags:
- admin
/api/v1/admin/domain_permission_subscriptions/preview:
get:
description: This view allows you to see the order in which domain permissions will actually be fetched and created.

Binary file not shown.

After

Width:  |  Height:  |  Size: 155 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 95 KiB

After

Width:  |  Height:  |  Size: 120 KiB

View file

@ -23,11 +23,12 @@
"sync"
"time"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/log"
"github.com/superseriousbusiness/gotosocial/internal/state"
"github.com/superseriousbusiness/gotosocial/internal/workers"
)
func errActionConflict(action *gtsmodel.AdminAction) gtserror.WithCode {
@ -42,15 +43,34 @@ func errActionConflict(action *gtsmodel.AdminAction) gtserror.WithCode {
}
type Actions struct {
r map[string]*gtsmodel.AdminAction
state *state.State
// Map of running actions.
running map[string]*gtsmodel.AdminAction
// Not embedded struct,
// to shield from access
// by outside packages.
// Lock for running admin actions.
//
// Not embedded struct, to shield
// from access by outside packages.
m sync.Mutex
// DB for storing, updating,
// deleting admin actions etc.
db db.DB
// Workers for queuing
// admin action side effects.
workers *workers.Workers
}
func New(db db.DB, workers *workers.Workers) *Actions {
return &Actions{
running: make(map[string]*gtsmodel.AdminAction),
db: db,
workers: workers,
}
}
type ActionF func(context.Context) gtserror.MultiError
// Run runs the given admin action by executing the supplied function.
//
// Run handles locking, action insertion and updating, so you don't have to!
@ -62,10 +82,10 @@ type Actions struct {
// will be updated on the provided admin action in the database.
func (a *Actions) Run(
ctx context.Context,
action *gtsmodel.AdminAction,
f func(context.Context) gtserror.MultiError,
adminAction *gtsmodel.AdminAction,
f ActionF,
) gtserror.WithCode {
actionKey := action.Key()
actionKey := adminAction.Key()
// LOCK THE MAP HERE, since we're
// going to do some operations on it.
@ -73,7 +93,7 @@ func (a *Actions) Run(
// Bail if an action with
// this key is already running.
running, ok := a.r[actionKey]
running, ok := a.running[actionKey]
if ok {
a.m.Unlock()
return errActionConflict(running)
@ -81,7 +101,7 @@ func (a *Actions) Run(
// Action with this key not
// yet running, create it.
if err := a.state.DB.PutAdminAction(ctx, action); err != nil {
if err := a.db.PutAdminAction(ctx, adminAction); err != nil {
err = gtserror.Newf("db error putting admin action %s: %w", actionKey, err)
// Don't store in map
@ -92,7 +112,7 @@ func (a *Actions) Run(
// Action was inserted,
// store in map.
a.r[actionKey] = action
a.running[actionKey] = adminAction
// UNLOCK THE MAP HERE, since
// we're done modifying it for now.
@ -104,22 +124,22 @@ func (a *Actions) Run(
// Run the thing and collect errors.
if errs := f(ctx); errs != nil {
action.Errors = make([]string, 0, len(errs))
adminAction.Errors = make([]string, 0, len(errs))
for _, err := range errs {
action.Errors = append(action.Errors, err.Error())
adminAction.Errors = append(adminAction.Errors, err.Error())
}
}
// Action is no longer running:
// remove from running map.
a.m.Lock()
delete(a.r, actionKey)
delete(a.running, actionKey)
a.m.Unlock()
// Mark as completed in the db,
// storing errors for later review.
action.CompletedAt = time.Now()
if err := a.state.DB.UpdateAdminAction(ctx, action, "completed_at", "errors"); err != nil {
adminAction.CompletedAt = time.Now()
if err := a.db.UpdateAdminAction(ctx, adminAction, "completed_at", "errors"); err != nil {
log.Errorf(ctx, "db error marking action %s as completed: %q", actionKey, err)
}
}()
@ -135,8 +155,8 @@ func (a *Actions) GetRunning() []*gtsmodel.AdminAction {
defer a.m.Unlock()
// Assemble all currently running actions.
running := make([]*gtsmodel.AdminAction, 0, len(a.r))
for _, action := range a.r {
running := make([]*gtsmodel.AdminAction, 0, len(a.running))
for _, action := range a.running {
running = append(running, action)
}
@ -166,5 +186,5 @@ func (a *Actions) TotalRunning() int {
a.m.Lock()
defer a.m.Unlock()
return len(a.r)
return len(a.running)
}

View file

@ -32,12 +32,26 @@
"github.com/superseriousbusiness/gotosocial/testrig"
)
const (
rMediaPath = "../../testrig/media"
rTemplatePath = "../../web/template"
)
type ActionsTestSuite struct {
AdminStandardTestSuite
suite.Suite
}
func (suite *ActionsTestSuite) SetupSuite() {
testrig.InitTestConfig()
testrig.InitTestLog()
}
func (suite *ActionsTestSuite) TestActionOverlap() {
ctx := context.Background()
var (
testStructs = testrig.SetupTestStructs(rMediaPath, rTemplatePath)
ctx = context.Background()
)
defer testrig.TearDownTestStructs(testStructs)
// Suspend account.
action1 := &gtsmodel.AdminAction{
@ -61,7 +75,7 @@ func (suite *ActionsTestSuite) TestActionOverlap() {
key2 := action2.Key()
suite.Equal("account/01H90S1CXQ97J9625C5YBXZWGT", key2)
errWithCode := suite.adminProcessor.Actions().Run(
errWithCode := testStructs.State.AdminActions.Run(
ctx,
action1,
func(ctx context.Context) gtserror.MultiError {
@ -74,7 +88,7 @@ func(ctx context.Context) gtserror.MultiError {
// While first action is sleeping, try to
// process another with the same key.
errWithCode = suite.adminProcessor.Actions().Run(
errWithCode = testStructs.State.AdminActions.Run(
ctx,
action2,
func(ctx context.Context) gtserror.MultiError {
@ -90,13 +104,13 @@ func(ctx context.Context) gtserror.MultiError {
// Wait for action to finish.
if !testrig.WaitFor(func() bool {
return suite.adminProcessor.Actions().TotalRunning() == 0
return testStructs.State.AdminActions.TotalRunning() == 0
}) {
suite.FailNow("timed out waiting for admin action(s) to finish")
}
// Try again.
errWithCode = suite.adminProcessor.Actions().Run(
errWithCode = testStructs.State.AdminActions.Run(
ctx,
action2,
func(ctx context.Context) gtserror.MultiError {
@ -107,14 +121,18 @@ func(ctx context.Context) gtserror.MultiError {
// Wait for action to finish.
if !testrig.WaitFor(func() bool {
return suite.adminProcessor.Actions().TotalRunning() == 0
return testStructs.State.AdminActions.TotalRunning() == 0
}) {
suite.FailNow("timed out waiting for admin action(s) to finish")
}
}
func (suite *ActionsTestSuite) TestActionWithErrors() {
ctx := context.Background()
var (
testStructs = testrig.SetupTestStructs(rMediaPath, rTemplatePath)
ctx = context.Background()
)
defer testrig.TearDownTestStructs(testStructs)
// Suspend a domain.
action := &gtsmodel.AdminAction{
@ -125,7 +143,7 @@ func (suite *ActionsTestSuite) TestActionWithErrors() {
AccountID: "01H90S1ZZXP4N74H4A9RVW1MRP",
}
errWithCode := suite.adminProcessor.Actions().Run(
errWithCode := testStructs.State.AdminActions.Run(
ctx,
action,
func(ctx context.Context) gtserror.MultiError {
@ -140,13 +158,13 @@ func(ctx context.Context) gtserror.MultiError {
// Wait for action to finish.
if !testrig.WaitFor(func() bool {
return suite.adminProcessor.Actions().TotalRunning() == 0
return testStructs.State.AdminActions.TotalRunning() == 0
}) {
suite.FailNow("timed out waiting for admin action(s) to finish")
}
// Get action from the db.
dbAction, err := suite.db.GetAdminAction(ctx, action.ID)
dbAction, err := testStructs.State.DB.GetAdminAction(ctx, action.ID)
if err != nil {
suite.FailNow(err.Error())
}

View file

@ -0,0 +1,51 @@
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package admin
import (
"context"
"time"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
)
func (a *Actions) DomainKeysExpireF(domain string) ActionF {
return func(ctx context.Context) gtserror.MultiError {
var (
expiresAt = time.Now()
errs gtserror.MultiError
)
// For each account on this domain, expire
// the public key and update the account.
if err := a.rangeDomainAccounts(ctx, domain, func(account *gtsmodel.Account) {
account.PublicKeyExpiresAt = expiresAt
if err := a.db.UpdateAccount(ctx,
account,
"public_key_expires_at",
); err != nil {
errs.Appendf("db error updating account: %w", err)
}
}); err != nil {
errs.Appendf("db error ranging through accounts: %w", err)
}
return errs
}
}

View file

@ -0,0 +1,387 @@
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package admin
import (
"context"
"errors"
"time"
"codeberg.org/gruf/go-kv"
"github.com/superseriousbusiness/gotosocial/internal/ap"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/log"
"github.com/superseriousbusiness/gotosocial/internal/messages"
)
// Returns an AdminActionF for
// domain allow side effects.
func (a *Actions) DomainAllowF(
actionID string,
domainAllow *gtsmodel.DomainAllow,
) ActionF {
return func(ctx context.Context) gtserror.MultiError {
l := log.
WithContext(ctx).
WithFields(kv.Fields{
{"action", "allow"},
{"actionID", actionID},
{"domain", domainAllow.Domain},
}...)
// Log start + finish.
l.Info("processing side effects")
errs := a.domainAllowSideEffects(ctx, domainAllow)
l.Info("finished processing side effects")
return errs
}
}
func (a *Actions) domainAllowSideEffects(
ctx context.Context,
allow *gtsmodel.DomainAllow,
) gtserror.MultiError {
if config.GetInstanceFederationMode() == config.InstanceFederationModeAllowlist {
// We're running in allowlist mode,
// so there are no side effects to
// process here.
return nil
}
// We're running in blocklist mode or
// some similar mode which necessitates
// domain allow side effects if a block
// was in place when the allow was created.
//
// So, check if there's a block.
block, err := a.db.GetDomainBlock(ctx, allow.Domain)
if err != nil && !errors.Is(err, db.ErrNoEntries) {
errs := gtserror.NewMultiError(1)
errs.Appendf("db error getting domain block %s: %w", allow.Domain, err)
return errs
}
if block == nil {
// No block?
// No problem!
return nil
}
// There was a block, over which the new
// allow ought to take precedence. To account
// for this, just run side effects as though
// the domain was being unblocked, while
// leaving the existing block in place.
//
// Any accounts that were suspended by
// the block will be unsuspended and be
// able to interact with the instance again.
return a.domainUnblockSideEffects(ctx, block)
}
// Returns an AdminActionF for
// domain unallow side effects.
func (a *Actions) DomainUnallowF(
actionID string,
domainAllow *gtsmodel.DomainAllow,
) ActionF {
return func(ctx context.Context) gtserror.MultiError {
l := log.
WithContext(ctx).
WithFields(kv.Fields{
{"action", "unallow"},
{"actionID", actionID},
{"domain", domainAllow.Domain},
}...)
// Log start + finish.
l.Info("processing side effects")
errs := a.domainUnallowSideEffects(ctx, domainAllow)
l.Info("finished processing side effects")
return errs
}
}
func (a *Actions) domainUnallowSideEffects(
ctx context.Context,
allow *gtsmodel.DomainAllow,
) gtserror.MultiError {
if config.GetInstanceFederationMode() == config.InstanceFederationModeAllowlist {
// We're running in allowlist mode,
// so there are no side effects to
// process here.
return nil
}
// We're running in blocklist mode or
// some similar mode which necessitates
// domain allow side effects if a block
// was in place when the allow was removed.
//
// So, check if there's a block.
block, err := a.db.GetDomainBlock(ctx, allow.Domain)
if err != nil && !errors.Is(err, db.ErrNoEntries) {
errs := gtserror.NewMultiError(1)
errs.Appendf("db error getting domain block %s: %w", allow.Domain, err)
return errs
}
if block == nil {
// No block?
// No problem!
return nil
}
// There was a block, over which the previous
// allow was taking precedence. Now that the
// allow has been removed, we should put the
// side effects of the block back in place.
//
// To do this, process the block side effects
// again as though the block were freshly
// created. This will mark all accounts from
// the blocked domain as suspended, and clean
// up their follows/following, media, etc.
return a.domainBlockSideEffects(ctx, block)
}
func (a *Actions) DomainBlockF(
actionID string,
domainBlock *gtsmodel.DomainBlock,
) ActionF {
return func(ctx context.Context) gtserror.MultiError {
l := log.
WithContext(ctx).
WithFields(kv.Fields{
{"action", "block"},
{"actionID", actionID},
{"domain", domainBlock.Domain},
}...)
skip, err := a.skipBlockSideEffects(ctx, domainBlock.Domain)
if err != nil {
return err
}
if skip != "" {
l.Infof("skipping side effects: %s", skip)
return nil
}
l.Info("processing side effects")
errs := a.domainBlockSideEffects(ctx, domainBlock)
l.Info("finished processing side effects")
return errs
}
}
// domainBlockSideEffects processes the side effects of a domain block:
//
// 1. Strip most info away from the instance entry for the domain.
// 2. Pass each account from the domain to the processor for deletion.
//
// It should be called asynchronously, since it can take a while when
// there are many accounts present on the given domain.
func (a *Actions) domainBlockSideEffects(
ctx context.Context,
block *gtsmodel.DomainBlock,
) gtserror.MultiError {
var errs gtserror.MultiError
// If we have an instance entry for this domain,
// update it with the new block ID and clear all fields
instance, err := a.db.GetInstance(ctx, block.Domain)
if err != nil && !errors.Is(err, db.ErrNoEntries) {
errs.Appendf("db error getting instance %s: %w", block.Domain, err)
return errs
}
if instance != nil {
// We had an entry for this domain.
columns := stubbifyInstance(instance, block.ID)
if err := a.db.UpdateInstance(ctx, instance, columns...); err != nil {
errs.Appendf("db error updating instance: %w", err)
return errs
}
}
// For each account that belongs to this domain,
// process an account delete message to remove
// that account's posts, media, etc.
if err := a.rangeDomainAccounts(ctx, block.Domain, func(account *gtsmodel.Account) {
if err := a.workers.Client.Process(ctx, &messages.FromClientAPI{
APObjectType: ap.ActorPerson,
APActivityType: ap.ActivityDelete,
GTSModel: block,
Origin: account,
Target: account,
}); err != nil {
errs.Append(err)
}
}); err != nil {
errs.Appendf("db error ranging through accounts: %w", err)
}
return errs
}
func (a *Actions) DomainUnblockF(
actionID string,
domainBlock *gtsmodel.DomainBlock,
) ActionF {
return func(ctx context.Context) gtserror.MultiError {
l := log.
WithContext(ctx).
WithFields(kv.Fields{
{"action", "unblock"},
{"actionID", actionID},
{"domain", domainBlock.Domain},
}...)
l.Info("processing side effects")
errs := a.domainUnblockSideEffects(ctx, domainBlock)
l.Info("finished processing side effects")
return errs
}
}
// domainUnblockSideEffects processes the side effects of undoing a
// domain block:
//
// 1. Mark instance entry as no longer suspended.
// 2. Mark each account from the domain as no longer suspended, if the
// suspension origin corresponds to the ID of the provided domain block.
//
// It should be called asynchronously, since it can take a while when
// there are many accounts present on the given domain.
func (a *Actions) domainUnblockSideEffects(
ctx context.Context,
block *gtsmodel.DomainBlock,
) gtserror.MultiError {
var errs gtserror.MultiError
// Update instance entry for this domain, if we have it.
instance, err := a.db.GetInstance(ctx, block.Domain)
if err != nil && !errors.Is(err, db.ErrNoEntries) {
errs.Appendf("db error getting instance %s: %w", block.Domain, err)
}
if instance != nil {
// We had an entry, update it to signal
// that it's no longer suspended.
instance.SuspendedAt = time.Time{}
instance.DomainBlockID = ""
if err := a.db.UpdateInstance(
ctx,
instance,
"suspended_at",
"domain_block_id",
); err != nil {
errs.Appendf("db error updating instance: %w", err)
return errs
}
}
// Unsuspend all accounts whose suspension origin was this domain block.
if err := a.rangeDomainAccounts(ctx, block.Domain, func(account *gtsmodel.Account) {
if account.SuspensionOrigin == "" || account.SuspendedAt.IsZero() {
// Account wasn't suspended, nothing to do.
return
}
if account.SuspensionOrigin != block.ID {
// Account was suspended, but not by
// this domain block, leave it alone.
return
}
// Account was suspended by this domain
// block, mark it as unsuspended.
account.SuspendedAt = time.Time{}
account.SuspensionOrigin = ""
if err := a.db.UpdateAccount(
ctx,
account,
"suspended_at",
"suspension_origin",
); err != nil {
errs.Appendf("db error updating account %s: %w", account.Username, err)
}
}); err != nil {
errs.Appendf("db error ranging through accounts: %w", err)
}
return errs
}
// skipBlockSideEffects checks if side effects of block creation
// should be skipped for the given domain, taking account of
// instance federation mode, and existence of any allows
// which ought to "shield" this domain from being blocked.
//
// If the caller should skip, the returned string will be non-zero
// and will be set to a reason why side effects should be skipped.
//
// - blocklist mode + allow exists: "..." (skip)
// - blocklist mode + no allow: "" (don't skip)
// - allowlist mode + allow exists: "" (don't skip)
// - allowlist mode + no allow: "" (don't skip)
func (a *Actions) skipBlockSideEffects(
ctx context.Context,
domain string,
) (string, gtserror.MultiError) {
var (
skip string // Assume "" (don't skip).
errs gtserror.MultiError
)
// Never skip block side effects in allowlist mode.
fediMode := config.GetInstanceFederationMode()
if fediMode == config.InstanceFederationModeAllowlist {
return skip, errs
}
// We know we're in blocklist mode.
//
// We want to skip domain block side
// effects if an allow is already
// in place which overrides the block.
// Check if an explicit allow exists for this domain.
domainAllow, err := a.db.GetDomainAllow(ctx, domain)
if err != nil && !errors.Is(err, db.ErrNoEntries) {
errs.Appendf("error getting domain allow: %w", err)
return skip, errs
}
if domainAllow != nil {
skip = "running in blocklist mode, and an explicit allow exists for this domain"
return skip, errs
}
return skip, errs
}

99
internal/admin/util.go Normal file
View file

@ -0,0 +1,99 @@
// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package admin
import (
"context"
"errors"
"time"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
)
// stubbifyInstance renders the given instance as a stub,
// removing most information from it and marking it as
// suspended.
//
// For caller's convenience, this function returns the db
// names of all columns that are updated by it.
func stubbifyInstance(instance *gtsmodel.Instance, domainBlockID string) []string {
instance.Title = ""
instance.SuspendedAt = time.Now()
instance.DomainBlockID = domainBlockID
instance.ShortDescription = ""
instance.Description = ""
instance.Terms = ""
instance.ContactEmail = ""
instance.ContactAccountUsername = ""
instance.ContactAccountID = ""
instance.Version = ""
return []string{
"title",
"suspended_at",
"domain_block_id",
"short_description",
"description",
"terms",
"contact_email",
"contact_account_username",
"contact_account_id",
"version",
}
}
// rangeDomainAccounts iterates through all accounts
// originating from the given domain, and calls the
// provided range function on each account.
//
// If an error is returned while selecting accounts,
// the loop will stop and return the error.
func (a *Actions) rangeDomainAccounts(
ctx context.Context,
domain string,
rangeF func(*gtsmodel.Account),
) error {
var (
limit = 50 // Limit selection to avoid spiking mem/cpu.
maxID string // Start with empty string to select from top.
)
for {
// Get (next) page of accounts.
accounts, err := a.db.GetInstanceAccounts(ctx, domain, maxID, limit)
if err != nil && !errors.Is(err, db.ErrNoEntries) {
// Real db error.
return gtserror.Newf("db error getting instance accounts: %w", err)
}
if len(accounts) == 0 {
// No accounts left, we're done.
return nil
}
// Set next max ID for paging down.
maxID = accounts[len(accounts)-1].ID
// Call provided range function.
for _, account := range accounts {
rangeF(account)
}
}
}

View file

@ -25,6 +25,7 @@
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/admin"
"github.com/superseriousbusiness/gotosocial/internal/api/activitypub/emoji"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/email"
@ -73,6 +74,7 @@ func (suite *EmojiGetTestSuite) SetupTest() {
suite.db = testrig.NewTestDB(&suite.state)
suite.state.DB = suite.db
suite.state.AdminActions = admin.New(suite.state.DB, &suite.state.Workers)
suite.storage = testrig.NewInMemoryStorage()
suite.state.Storage = suite.storage
suite.tc = typeutils.NewConverter(&suite.state)

View file

@ -20,6 +20,7 @@
import (
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/suite"
"github.com/superseriousbusiness/gotosocial/internal/admin"
"github.com/superseriousbusiness/gotosocial/internal/api/activitypub/users"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/email"
@ -84,6 +85,7 @@ func (suite *UserStandardTestSuite) SetupTest() {
suite.db = testrig.NewTestDB(&suite.state)
suite.state.DB = suite.db
suite.state.AdminActions = admin.New(suite.state.DB, &suite.state.Workers)
suite.tc = typeutils.NewConverter(&suite.state)
testrig.StartTimelines(