mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-12-01 08:02:45 +00:00
[bugfix] Don't try to update suspended accounts (#2348)
* [bugfix] Don't try to update suspended accounts * bail early if requesting account suspended
This commit is contained in:
parent
5fdc005061
commit
096c517cc3
|
@ -42,6 +42,11 @@
|
||||||
// accountUpToDate returns whether the given account model is both updateable (i.e.
|
// accountUpToDate returns whether the given account model is both updateable (i.e.
|
||||||
// non-instance remote account) and whether it needs an update based on `fetched_at`.
|
// non-instance remote account) and whether it needs an update based on `fetched_at`.
|
||||||
func accountUpToDate(account *gtsmodel.Account) bool {
|
func accountUpToDate(account *gtsmodel.Account) bool {
|
||||||
|
if !account.SuspendedAt.IsZero() {
|
||||||
|
// Can't update suspended accounts.
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
if account.IsLocal() {
|
if account.IsLocal() {
|
||||||
// Can't update local accounts.
|
// Can't update local accounts.
|
||||||
return true
|
return true
|
||||||
|
@ -254,12 +259,14 @@ func (d *deref) RefreshAccount(ctx context.Context, requestUser string, account
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// This account was updated, enqueue re-dereference featured posts.
|
if apubAcc != nil {
|
||||||
d.state.Workers.Federator.MustEnqueueCtx(ctx, func(ctx context.Context) {
|
// This account was updated, enqueue re-dereference featured posts.
|
||||||
if err := d.dereferenceAccountFeatured(ctx, requestUser, account); err != nil {
|
d.state.Workers.Federator.MustEnqueueCtx(ctx, func(ctx context.Context) {
|
||||||
log.Errorf(ctx, "error fetching account featured collection: %v", err)
|
if err := d.dereferenceAccountFeatured(ctx, requestUser, account); err != nil {
|
||||||
}
|
log.Errorf(ctx, "error fetching account featured collection: %v", err)
|
||||||
})
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
return latest, apubAcc, nil
|
return latest, apubAcc, nil
|
||||||
}
|
}
|
||||||
|
@ -280,21 +287,28 @@ func (d *deref) RefreshAccountAsync(ctx context.Context, requestUser string, acc
|
||||||
|
|
||||||
// Enqueue a worker function to enrich this account async.
|
// Enqueue a worker function to enrich this account async.
|
||||||
d.state.Workers.Federator.MustEnqueueCtx(ctx, func(ctx context.Context) {
|
d.state.Workers.Federator.MustEnqueueCtx(ctx, func(ctx context.Context) {
|
||||||
latest, _, err := d.enrichAccount(ctx, requestUser, uri, account, apubAcc)
|
latest, apubAcc, err := d.enrichAccount(ctx, requestUser, uri, account, apubAcc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf(ctx, "error enriching remote account: %v", err)
|
log.Errorf(ctx, "error enriching remote account: %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// This account was updated, re-dereference account featured posts.
|
if apubAcc != nil {
|
||||||
if err := d.dereferenceAccountFeatured(ctx, requestUser, latest); err != nil {
|
// This account was updated, re-dereference account featured posts.
|
||||||
log.Errorf(ctx, "error fetching account featured collection: %v", err)
|
if err := d.dereferenceAccountFeatured(ctx, requestUser, latest); err != nil {
|
||||||
|
log.Errorf(ctx, "error fetching account featured collection: %v", err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// enrichAccount will enrich the given account, whether a new barebones model, or existing model from the database. It handles necessary dereferencing, webfingering etc.
|
// enrichAccount will enrich the given account, whether a new barebones model, or existing model from the database. It handles necessary dereferencing, webfingering etc.
|
||||||
func (d *deref) enrichAccount(ctx context.Context, requestUser string, uri *url.URL, account *gtsmodel.Account, apubAcc ap.Accountable) (*gtsmodel.Account, ap.Accountable, error) {
|
func (d *deref) enrichAccount(ctx context.Context, requestUser string, uri *url.URL, account *gtsmodel.Account, apubAcc ap.Accountable) (*gtsmodel.Account, ap.Accountable, error) {
|
||||||
|
// Noop if account has been suspended.
|
||||||
|
if !account.SuspendedAt.IsZero() {
|
||||||
|
return account, nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
// Pre-fetch a transport for requesting username, used by later deref procedures.
|
// Pre-fetch a transport for requesting username, used by later deref procedures.
|
||||||
tsport, err := d.transportController.NewTransportForUsername(ctx, requestUser)
|
tsport, err := d.transportController.NewTransportForUsername(ctx, requestUser)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -288,6 +288,13 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
|
||||||
return nil, false, err
|
return nil, false, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !requestingAccount.SuspendedAt.IsZero() {
|
||||||
|
// Account was marked as suspended by a
|
||||||
|
// local admin action. Stop request early.
|
||||||
|
w.WriteHeader(http.StatusForbidden)
|
||||||
|
return ctx, false, nil
|
||||||
|
}
|
||||||
|
|
||||||
// We have everything we need now, set the requesting
|
// We have everything we need now, set the requesting
|
||||||
// and receiving accounts on the context for later use.
|
// and receiving accounts on the context for later use.
|
||||||
ctx = gtscontext.SetRequestingAccount(ctx, requestingAccount)
|
ctx = gtscontext.SetRequestingAccount(ctx, requestingAccount)
|
||||||
|
|
|
@ -63,6 +63,13 @@ func (p *Processor) authenticate(ctx context.Context, requestedUsername string)
|
||||||
return nil, nil, gtserror.NewErrorUnauthorized(err)
|
return nil, nil, gtserror.NewErrorUnauthorized(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !requestingAccount.SuspendedAt.IsZero() {
|
||||||
|
// Account was marked as suspended by a
|
||||||
|
// local admin action. Stop request early.
|
||||||
|
err = fmt.Errorf("account %s marked as suspended", requestingAccount.ID)
|
||||||
|
return nil, nil, gtserror.NewErrorForbidden(err)
|
||||||
|
}
|
||||||
|
|
||||||
// Ensure no block exists between requester + requested.
|
// Ensure no block exists between requester + requested.
|
||||||
blocked, err := p.state.DB.IsEitherBlocked(ctx, requestedAccount.ID, requestingAccount.ID)
|
blocked, err := p.state.DB.IsEitherBlocked(ctx, requestedAccount.ID, requestingAccount.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -72,7 +79,7 @@ func (p *Processor) authenticate(ctx context.Context, requestedUsername string)
|
||||||
|
|
||||||
if blocked {
|
if blocked {
|
||||||
err = fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID)
|
err = fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID)
|
||||||
return nil, nil, gtserror.NewErrorUnauthorized(err)
|
return nil, nil, gtserror.NewErrorForbidden(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return requestedAccount, requestingAccount, nil
|
return requestedAccount, requestingAccount, nil
|
||||||
|
|
|
@ -106,6 +106,13 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque
|
||||||
return nil, gtserror.NewErrorUnauthorized(err)
|
return nil, gtserror.NewErrorUnauthorized(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !requestingAccount.SuspendedAt.IsZero() {
|
||||||
|
// Account was marked as suspended by a
|
||||||
|
// local admin action. Stop request early.
|
||||||
|
err = fmt.Errorf("account %s marked as suspended", requestingAccount.ID)
|
||||||
|
return nil, gtserror.NewErrorForbidden(err)
|
||||||
|
}
|
||||||
|
|
||||||
blocked, err := p.state.DB.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID)
|
blocked, err := p.state.DB.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err := gtserror.Newf("error checking block from account %s to account %s: %w", requestedAccount.ID, requestingAccount.ID, err)
|
err := gtserror.Newf("error checking block from account %s to account %s: %w", requestedAccount.ID, requestingAccount.ID, err)
|
||||||
|
@ -114,7 +121,7 @@ func (p *Processor) UserGet(ctx context.Context, requestedUsername string, reque
|
||||||
|
|
||||||
if blocked {
|
if blocked {
|
||||||
err := fmt.Errorf("account %s blocks account %s", requestedAccount.ID, requestingAccount.ID)
|
err := fmt.Errorf("account %s blocks account %s", requestedAccount.ID, requestingAccount.ID)
|
||||||
return nil, gtserror.NewErrorUnauthorized(err)
|
return nil, gtserror.NewErrorForbidden(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return data(person)
|
return data(person)
|
||||||
|
|
Loading…
Reference in a new issue