Merge branch 'main' into domain_permission_subscriptions

weeeeeee
mmmmmmmmmm, perms!!!
2024-11-22 19:56:39 +00:00 · 2024-10-26 14:04:56 +02:00 · 2024-10-26 14:04:40 +02:00 · 2024-10-23 16:53:48 +02:00
30 changed files with 281 additions and 723 deletions
--- a/go.mod
+++ b/go.mod
@ -12,7 +12,7 @@ require (
 	codeberg.org/gruf/go-debug v1.3.0
 	codeberg.org/gruf/go-errors/v2 v2.3.2
 	codeberg.org/gruf/go-fastcopy v1.1.3
-	codeberg.org/gruf/go-ffmpreg v0.4.2
+	codeberg.org/gruf/go-ffmpreg v0.3.1
 	codeberg.org/gruf/go-iotools v0.0.0-20240710125620-934ae9c654cf
 	codeberg.org/gruf/go-kv v1.6.5
 	codeberg.org/gruf/go-list v0.0.0-20240425093752-494db03d641f
@ -42,7 +42,7 @@ require (
 	github.com/k3a/html2text v1.2.1
 	github.com/microcosm-cc/bluemonday v1.0.27
 	github.com/miekg/dns v1.1.62
-	github.com/minio/minio-go/v7 v7.0.79
+	github.com/minio/minio-go/v7 v7.0.78
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/ncruces/go-sqlite3 v0.20.0
 	github.com/oklog/ulid v1.3.1
@ -53,7 +53,7 @@ require (
 	github.com/superseriousbusiness/activity v1.9.0-gts
 	github.com/superseriousbusiness/httpsig v1.2.0-SSB
 	github.com/superseriousbusiness/oauth2/v4 v4.3.2-SSB.0.20230227143000-f4900831d6c8
-	github.com/tdewolff/minify/v2 v2.21.1
+	github.com/tdewolff/minify/v2 v2.21.0
 	github.com/technologize/otel-go-contrib v1.1.1
 	github.com/tetratelabs/wazero v1.8.1
 	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
@ -197,7 +197,7 @@ require (
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/superseriousbusiness/go-jpeg-image-structure/v2 v2.0.0-20220321154430-d89a106fdabe // indirect
 	github.com/superseriousbusiness/go-png-image-structure/v2 v2.0.1-SSB // indirect
-	github.com/tdewolff/parse/v2 v2.7.18 // indirect
+	github.com/tdewolff/parse/v2 v2.7.17 // indirect
 	github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc // indirect
 	github.com/toqueteos/webbrowser v1.2.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -46,8 +46,8 @@ codeberg.org/gruf/go-fastcopy v1.1.3 h1:Jo9VTQjI6KYimlw25PPc7YLA3Xm+XMQhaHwKnM7x
 codeberg.org/gruf/go-fastcopy v1.1.3/go.mod h1:GDDYR0Cnb3U/AIfGM3983V/L+GN+vuwVMvrmVABo21s=
 codeberg.org/gruf/go-fastpath/v2 v2.0.0 h1:iAS9GZahFhyWEH0KLhFEJR+txx1ZhMXxYzu2q5Qo9c0=
 codeberg.org/gruf/go-fastpath/v2 v2.0.0/go.mod h1:3pPqu5nZjpbRrOqvLyAK7puS1OfEtQvjd6342Cwz56Q=
-codeberg.org/gruf/go-ffmpreg v0.4.2 h1:HKkPapm/PWkxsnUdjyQOGpwl5Qoa2EBrUQ09s4R4/FA=
-codeberg.org/gruf/go-ffmpreg v0.4.2/go.mod h1:Ar5nbt3tB2Wr0uoaqV3wDBNwAx+H+AB/mV7Kw7NlZTI=
+codeberg.org/gruf/go-ffmpreg v0.3.1 h1:5qE6sHQbLCbQ4RO7ZL4OKZBN4ViAYfDm9ExT8N0ZE7s=
+codeberg.org/gruf/go-ffmpreg v0.3.1/go.mod h1:Ar5nbt3tB2Wr0uoaqV3wDBNwAx+H+AB/mV7Kw7NlZTI=
 codeberg.org/gruf/go-iotools v0.0.0-20240710125620-934ae9c654cf h1:84s/ii8N6lYlskZjHH+DG6jyia8w2mXMZlRwFn8Gs3A=
 codeberg.org/gruf/go-iotools v0.0.0-20240710125620-934ae9c654cf/go.mod h1:zZAICsp5rY7+hxnws2V0ePrWxE0Z2Z/KXcN3p/RQCfk=
 codeberg.org/gruf/go-kv v1.6.5 h1:ttPf0NA8F79pDqBttSudPTVCZmGncumeNIxmeM9ztz0=
@ -413,8 +413,8 @@ github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
 github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.79 h1:SvJZpj3hT0RN+4KiuX/FxLfPZdsuegy6d/2PiemM/bM=
-github.com/minio/minio-go/v7 v7.0.79/go.mod h1:84gmIilaX4zcvAWWzJ5Z1WI5axN+hAbM5w25xf8xvC0=
+github.com/minio/minio-go/v7 v7.0.78 h1:LqW2zy52fxnI4gg8C2oZviTaKHcBV36scS+RzJnxUFs=
+github.com/minio/minio-go/v7 v7.0.78/go.mod h1:84gmIilaX4zcvAWWzJ5Z1WI5axN+hAbM5w25xf8xvC0=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
@ -539,10 +539,10 @@ github.com/superseriousbusiness/httpsig v1.2.0-SSB h1:BinBGKbf2LSuVT5+MuH0XynHN9
 github.com/superseriousbusiness/httpsig v1.2.0-SSB/go.mod h1:+rxfATjFaDoDIVaJOTSP0gj6UrbicaYPEptvCLC9F28=
 github.com/superseriousbusiness/oauth2/v4 v4.3.2-SSB.0.20230227143000-f4900831d6c8 h1:nTIhuP157oOFcscuoK1kCme1xTeGIzztSw70lX9NrDQ=
 github.com/superseriousbusiness/oauth2/v4 v4.3.2-SSB.0.20230227143000-f4900831d6c8/go.mod h1:uYC/W92oVRJ49Vh1GcvTqpeFqHi+Ovrl2sMllQWRAEo=
-github.com/tdewolff/minify/v2 v2.21.1 h1:AAf5iltw6+KlUvjRNPAPrANIXl3XEJNBBzuZom5iCAM=
-github.com/tdewolff/minify/v2 v2.21.1/go.mod h1:PoqFH8ugcuTUvKqVM9vOqXw4msxvuhL/DTmV5ZXhSCI=
-github.com/tdewolff/parse/v2 v2.7.18 h1:uSqjEMT2lwCj5oifBHDcWU2kN1pbLrRENgFWDJa57eI=
-github.com/tdewolff/parse/v2 v2.7.18/go.mod h1:3FbJWZp3XT9OWVN3Hmfp0p/a08v4h8J9W1aghka0soA=
+github.com/tdewolff/minify/v2 v2.21.0 h1:nAPP1UVx0aK1xsQh/JiG3xyEnnqWw+agPstn+V6Pkto=
+github.com/tdewolff/minify/v2 v2.21.0/go.mod h1:hGcthJ6Vj51NG+9QRIfN/DpWj5loHnY3bfhThzWWq08=
+github.com/tdewolff/parse/v2 v2.7.17 h1:uC10p6DaQQORDy72eaIyD+AvAkaIUOouQ0nWp4uD0D0=
+github.com/tdewolff/parse/v2 v2.7.17/go.mod h1:3FbJWZp3XT9OWVN3Hmfp0p/a08v4h8J9W1aghka0soA=
 github.com/tdewolff/test v1.0.11-0.20231101010635-f1265d231d52/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE=
 github.com/tdewolff/test v1.0.11-0.20240106005702-7de5f7df4739 h1:IkjBCtQOOjIn03u/dMQK9g+Iw9ewps4mCl1nB8Sscbo=
 github.com/tdewolff/test v1.0.11-0.20240106005702-7de5f7df4739/go.mod h1:XPuWBzvdUzhCuxWO1ojpXsyzsA5bFoS3tO/Q3kFuTG8=
--- a/internal/api/client/admin/domainpermissiondrafts.go
+++ b/internal/api/client/admin/domainpermissiondrafts.go
@ -18,21 +18,13 @@
 package admin

 import (
-	"errors"
-	"fmt"
-	"net/http"
-
 	"github.com/gin-gonic/gin"
-	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
-	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
-	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )

-// DomainPermissionDraftsGETHandler swagger:operation GET /api/v1/admin/domain_permission_drafts domainPermissionDraftsGet
+// DomainAllowDraftsGETHandler swagger:operation GET /api/v1/admin/domain_allow_drafts domainAllowDraftsGet
 //
-// View domain permission drafts.
+// View domain allow drafts.
 //
 // The drafts will be returned in descending chronological order (newest first), with sequential IDs (bigger = newer).
 //
@ -41,7 +33,7 @@
 // Example:
 //
 // ```
-// <https://example.org/api/v1/admin/domain_permission_drafts?limit=20&max_id=01FC0SKA48HNSVR6YKZCQGS2V8>; rel="next", <https://example.org/api/v1/admin/domain_permission_drafts?limit=20&min_id=01FC0SKW5JK2Q4EVAV2B462YY0>; rel="prev"
+// <https://example.org/api/v1/admin/domain_allow_drafts?limit=20&max_id=01FC0SKA48HNSVR6YKZCQGS2V8>; rel="next", <https://example.org/api/v1/admin/domain_allow_drafts?limit=20&min_id=01FC0SKW5JK2Q4EVAV2B462YY0>; rel="prev"
 // ````
 //
 //	---
@ -60,12 +52,7 @@
 //	-
 //		name: domain
 //		type: string
-//		description: Return only drafts that target the given domain.
-//		in: query
-//	-
-//		name: permission_type
-//		type: string
-//		description: Filter on "block" or "allow" type drafts.
+//		description: Return only drafts that pertain to the given domain.
 //		in: query
 //	-
 //		name: max_id
@ -103,7 +90,7 @@
 //
 //	responses:
 //		'200':
-//			description: Domain permission drafts.
+//			description: Domain allow drafts.
 //			schema:
 //				type: array
 //				items:
@ -124,61 +111,6 @@
 //			description: not acceptable
 //		'500':
 //			description: internal server error
-func (m *Module) DomainPermissionDraftsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
-		return
-	}
-
-	if !*authed.User.Admin {
-		err := fmt.Errorf("user %s not an admin", authed.User.ID)
-		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
-		return
-	}
-
-	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
-		return
-	}
-
-	permType := c.Query(apiutil.DomainPermissionPermTypeKey)
-	switch permType {
-	case "", "block", "allow":
-		// No problem.
-
-	default:
-		// Invalid.
-		text := fmt.Sprintf(
-			"permission_type %s not recognized, valid values are empty string, block, or allow",
-			permType,
-		)
-		errWithCode := gtserror.NewErrorBadRequest(errors.New(text), text)
-		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
-		return
-	}
-
-	page, errWithCode := paging.ParseIDPage(c, 1, 200, 20)
-	if errWithCode != nil {
-		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
-		return
-	}
-
-	resp, errWithCode := m.processor.Admin().DomainPermissionDraftsGet(
-		c.Request.Context(),
-		c.Query(apiutil.DomainPermissionSubscriptionIDKey),
-		c.Query(apiutil.DomainPermissionDomainKey),
-		gtsmodel.NewDomainPermissionType(permType),
-		page,
-	)
-	if errWithCode != nil {
-		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
-		return
-	}
-
-	if resp.LinkHeader != "" {
-		c.Header("Link", resp.LinkHeader)
-	}
-
-	apiutil.JSON(c, http.StatusOK, resp.Items)
+func (m *Module) DomainAllowDraftsGETHandler(c *gin.Context) {
+	m.getDomainPermissionDrafts(c, gtsmodel.DomainPermissionAllow)
 }
--- a/internal/api/client/admin/domainpermissiondraft.go
+++ b/internal/api/client/admin/domainpermissiondraft.go
@ -24,48 +24,64 @@
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )

-// DomainPermissionDraftGETHandler swagger:operation GET /api/v1/admin/domain_permission_drafts/{id} domainPermissionDraftGet
-//
-// Get domain permission draft with the given ID.
-//
-//	---
-//	tags:
-//	- admin
-//
-//	produces:
-//	- application/json
-//
-//	parameters:
-//	-
-//		name: id
-//		required: true
-//		in: path
-//		description: ID of the domain permission draft.
-//		type: string
-//
-//	security:
-//	- OAuth2 Bearer:
-//		- admin
-//
-//	responses:
-//		'200':
-//			description: Domain permission draft.
-//			schema:
-//				"$ref": "#/definitions/domainPermission"
-//		'401':
-//			description: unauthorized
-//		'403':
-//			description: forbidden
-//		'404':
-//			description: not found
-//		'406':
-//			description: not acceptable
-//		'500':
-//			description: internal server error
-func (m *Module) DomainPermissionDraftGETHandler(c *gin.Context) {
+// deleteDomainPermissionDraft deletes a single
+// domain permission draft (block or allow).
+func (m *Module) deleteDomainPermissionDraft(
+	c *gin.Context,
+	permType gtsmodel.DomainPermissionType,
+) {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if !*authed.User.Admin {
+		err := fmt.Errorf("user %s not an admin", authed.User.ID)
+		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
+	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	permDraftID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey))
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	domainPerm, _, errWithCode := m.processor.Admin().DomainPermissionDraftDelete(
+		c.Request.Context(),
+		permType,
+		authed.Account,
+		permDraftID,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	apiutil.JSON(c, http.StatusOK, domainPerm)
+}
+
+// getDomainPermissionDraft gets a single
+// domain permission draft (block or allow).
+func (m *Module) getDomainPermissionDraft(
+	c *gin.Context,
+	permType gtsmodel.DomainPermissionType,
+) {
 	authed, err := oauth.Authed(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
@ -83,17 +99,63 @@ func (m *Module) DomainPermissionDraftGETHandler(c *gin.Context) {
 		return
 	}

-	id, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey))
+	domainPermID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey))
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}

-	permDraft, errWithCode := m.processor.Admin().DomainPermissionDraftGet(c.Request.Context(), id)
+	domainPerm, errWithCode := m.processor.Admin().DomainPermissionDraftGet(
+		c.Request.Context(),
+		permType,
+		domainPermID,
+	)
 	if errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}

-	apiutil.JSON(c, http.StatusOK, permDraft)
+	apiutil.JSON(c, http.StatusOK, domainPerm)
+}
+
+// getDomainPermissionDrafts gets domain permission drafts of the given type (block, allow).
+func (m *Module) getDomainPermissionDrafts(
+	c *gin.Context,
+	permType gtsmodel.DomainPermissionType,
+) {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if !*authed.User.Admin {
+		err := fmt.Errorf("user %s not an admin", authed.User.ID)
+		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	export, errWithCode := apiutil.ParseDomainPermissionDraftExport(c.Query(apiutil.DomainPermissionDraftExportKey), false)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	domainPerm, errWithCode := m.processor.Admin().DomainPermissionDraftsGet(
+		c.Request.Context(),
+		permType,
+		authed.Account,
+		export,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	apiutil.JSON(c, http.StatusOK, domainPerm)
 }
--- a/internal/api/client/admin/domainpermissiondraftcreate.go
+++ b/internal/api/client/admin/domainpermissiondraftcreate.go
@ -1,173 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package admin
-
-import (
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
-	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
-	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
-)
-
-// DomainPermissionDraftsPOSTHandler swagger:operation POST /api/v1/admin/domain_permission_drafts domainPermissionDraftCreate
-//
-// Create a domain permission draft with the given parameters.
-//
-//	---
-//	tags:
-//	- admin
-//
-//	consumes:
-//	- multipart/form-data
-//
-//	produces:
-//	- application/json
-//
-//	parameters:
-//	-
-//		name: domain
-//		in: formData
-//		description: Domain to create the permission draft for.
-//		type: string
-//	-
-//		name: permission_type
-//		type: string
-//		description: Create a draft "allow" or a draft "block".
-//		in: query
-//	-
-//		name: obfuscate
-//		in: formData
-//		description: >-
-//			Obfuscate the name of the domain when serving it publicly.
-//			Eg., `example.org` becomes something like `ex***e.org`.
-//		type: boolean
-//	-
-//		name: public_comment
-//		in: formData
-//		description: >-
-//			Public comment about this domain permission.
-//			This will be displayed alongside the domain permission if you choose to share permissions.
-//		type: string
-//	-
-//		name: private_comment
-//		in: formData
-//		description: >-
-//			Private comment about this domain permission. Will only be shown to other admins, so this
-//			is a useful way of internally keeping track of why a certain domain ended up permissioned.
-//		type: string
-//
-//	security:
-//	- OAuth2 Bearer:
-//		- admin
-//
-//	responses:
-//		'200':
-//			description: The newly created domain permission draft.
-//			schema:
-//				"$ref": "#/definitions/domainPermission"
-//		'400':
-//			description: bad request
-//		'401':
-//			description: unauthorized
-//		'403':
-//			description: forbidden
-//		'406':
-//			description: not acceptable
-//		'500':
-//			description: internal server error
-func (m *Module) DomainPermissionDraftsPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
-	if err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
-		return
-	}
-
-	if !*authed.User.Admin {
-		err := fmt.Errorf("user %s not an admin", authed.User.ID)
-		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
-		return
-	}
-
-	if authed.Account.IsMoving() {
-		apiutil.ForbiddenAfterMove(c)
-		return
-	}
-
-	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
-		return
-	}
-
-	// Parse + validate form.
-	form := new(apimodel.DomainPermissionRequest)
-	if err := c.ShouldBind(form); err != nil {
-		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
-		return
-	}
-
-	if form.Domain == "" {
-		const errText = "domain must be set"
-		errWithCode := gtserror.NewErrorBadRequest(errors.New(errText), errText)
-		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
-		return
-	}
-
-	var (
-		permType gtsmodel.DomainPermissionType
-		errText  string
-	)
-
-	switch pt := form.PermissionType; pt {
-	case "block":
-		permType = gtsmodel.DomainPermissionBlock
-	case "allow":
-		permType = gtsmodel.DomainPermissionAllow
-	case "":
-		errText = "permission_type not set, must be one of block or allow"
-	default:
-		errText = fmt.Sprintf("permission_type %s not recognized, must be one of block or allow", pt)
-	}
-
-	if errText != "" {
-		errWithCode := gtserror.NewErrorBadRequest(errors.New(errText), errText)
-		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
-		return
-	}
-
-	permDraft, errWithCode := m.processor.Admin().DomainPermissionDraftCreate(
-		c.Request.Context(),
-		authed.Account,
-		form.Domain,
-		permType,
-		form.Obfuscate,
-		form.PublicComment,
-		form.PrivateComment,
-	)
-	if errWithCode != nil {
-		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
-		return
-	}
-
-	apiutil.JSON(c, http.StatusOK, permDraft)
-}
--- a/internal/api/model/domain.go
+++ b/internal/api/model/domain.go
@ -113,24 +113,22 @@ type DomainPermissionSubscription struct {
 type DomainPermissionRequest struct {
 	// A list of domains for which this permission request should apply.
 	// Only used if import=true is specified.
-	Domains *multipart.FileHeader `form:"domains" json:"domains"`
+	Domains *multipart.FileHeader `form:"domains" json:"domains" xml:"domains"`
 	// A single domain for which this permission request should apply.
 	// Only used if import=true is NOT specified or if import=false.
 	// example: example.org
-	Domain string `form:"domain" json:"domain"`
+	Domain string `form:"domain" json:"domain" xml:"domain"`
 	// Obfuscate the domain name when displaying this permission entry publicly.
 	// Ie., instead of 'example.org' show something like 'e**mpl*.or*'.
 	// example: false
-	Obfuscate bool `form:"obfuscate" json:"obfuscate"`
+	Obfuscate bool `form:"obfuscate" json:"obfuscate" xml:"obfuscate"`
 	// Private comment for other admins on why this permission entry was created.
 	// example: don't like 'em!!!!
-	PrivateComment string `form:"private_comment" json:"private_comment"`
+	PrivateComment string `form:"private_comment" json:"private_comment" xml:"private_comment"`
 	// Public comment on why this permission entry was created.
 	// Will be visible to requesters at /api/v1/instance/peers if this endpoint is exposed.
 	// example: foss dorks 😫
-	PublicComment string `form:"public_comment" json:"public_comment"`
-	// Permission type to create (only applies to domain permission drafts, not explicit blocks and allows).
-	PermissionType string `form:"permission_type" json:"permission_type"`
+	PublicComment string `form:"public_comment" json:"public_comment" xml:"public_comment"`
 }

 // DomainKeysExpireRequest is the form submitted as a POST to /api/v1/admin/domain_keys_expire to expire a domain's public keys.
@ -138,5 +136,5 @@ type DomainPermissionRequest struct {
 // swagger:parameters domainKeysExpire
 type DomainKeysExpireRequest struct {
 	// hostname/domain to expire keys for.
-	Domain string `form:"domain" json:"domain"`
+	Domain string `form:"domain" json:"domain" xml:"domain"`
 }
--- a/internal/api/util/parsequery.go
+++ b/internal/api/util/parsequery.go
@ -71,9 +71,6 @@

 	DomainPermissionExportKey = "export"
 	DomainPermissionImportKey = "import"
-	DomainPermissionSubscriptionIDKey = "subscription_id"
-	DomainPermissionPermTypeKey       = "permission_type"
-	DomainPermissionDomainKey         = "domain"

 	/* Admin query keys */

--- a/internal/db/bundb/domain.go
+++ b/internal/db/bundb/domain.go
@ -397,7 +397,7 @@ func(permDraft *gtsmodel.DomainPermissionDraft) error {

 func (d *domainDB) GetDomainPermissionDrafts(
 	ctx context.Context,
-	permType gtsmodel.DomainPermissionType,
+	permType *gtsmodel.DomainPermissionType,
 	permSubID string,
 	domain string,
 	page *paging.Page,
@ -447,12 +447,12 @@ func (d *domainDB) GetDomainPermissionDrafts(
 	}

 	// Return only items with
-	// given permission type.
-	if permType != gtsmodel.DomainPermissionUnknown {
+	// given subscription ID.
+	if permType != nil {
 		q = q.Where(
 			"? = ?",
 			bun.Ident("domain_permission_draft.permission_type"),
-			permType,
+			*permType,
 		)
 	}

--- a/internal/db/domain.go
+++ b/internal/db/domain.go
@ -91,7 +91,7 @@ type Domain interface {
 	// DomainPermissionDrafts using the given parameters.
 	GetDomainPermissionDrafts(
 		ctx context.Context,
-		permType gtsmodel.DomainPermissionType,
+		permType *gtsmodel.DomainPermissionType,
 		permSubID string,
 		domain string,
 		page *paging.Page,
--- a/internal/media/ffmpeg.go
+++ b/internal/media/ffmpeg.go
@ -392,31 +392,18 @@ func (res *result) GetFileType() (gtsmodel.FileType, string) {
 	case "matroska,webm":
 		switch {
 		case len(res.video) > 0:
-			var isWebm bool
-
 			switch res.video[0].codec {
 			case "vp8", "vp9", "av1":
+			default:
+				return gtsmodel.FileTypeVideo, "mkv"
+			}
 			if len(res.audio) > 0 {
 				switch res.audio[0].codec {
 				case "vorbis", "opus", "libopus":
-						// webm only supports [VP8/VP9/AV1] +
-						//                    [vorbis/opus]
-						isWebm = true
-					}
-				} else {
-					// no audio with correct
-					// video codec also fine.
-					isWebm = true
-				}
-			}
-
-			if isWebm {
-				// Check for valid webm codec config.
+					// webm only supports [VP8/VP9/AV1]+[vorbis/opus]
 					return gtsmodel.FileTypeVideo, "webm"
 				}
-
-			// All else falls under generic mkv.
-			return gtsmodel.FileTypeVideo, "mkv"
+			}
 		case len(res.audio) > 0:
 			return gtsmodel.FileTypeAudio, "mka"
 		}
--- a/internal/media/ffmpeg/wasm.go
+++ b/internal/media/ffmpeg/wasm.go
@ -27,8 +27,13 @@
 	ffprobelib "codeberg.org/gruf/go-ffmpreg/embed/ffprobe"
 	"codeberg.org/gruf/go-ffmpreg/wasm"
 	"github.com/tetratelabs/wazero"
+	"github.com/tetratelabs/wazero/imports/wasi_snapshot_preview1"
 )

+// Use all core features required by ffmpeg / ffprobe
+// (these should be the same but we OR just in case).
+const corefeatures = wasm.CoreFeatures
+
 var (
 	// shared WASM runtime instance.
 	runtime wazero.Runtime
@ -86,26 +91,38 @@ func compileFfprobe(ctx context.Context) error {

 // initRuntime initializes the global wazero.Runtime,
 // if already initialized this function is a no-op.
-func initRuntime(ctx context.Context) (err error) {
+func initRuntime(ctx context.Context) error {
 	if runtime != nil {
 		return nil
 	}

-	// Create new runtime config.
-	cfg := wazero.NewRuntimeConfig()
+	var cache wazero.CompilationCache

 	if dir := os.Getenv("GTS_WAZERO_COMPILATION_CACHE"); dir != "" {
+		var err error
+
 		// Use on-filesystem compilation cache given by env.
-		cache, err := wazero.NewCompilationCacheWithDir(dir)
+		cache, err = wazero.NewCompilationCacheWithDir(dir)
+		if err != nil {
+			return err
+		}
+	}
+
+	// Prepare config with cache.
+	cfg := wazero.NewRuntimeConfig()
+	cfg = cfg.WithCoreFeatures(corefeatures)
+	cfg = cfg.WithCompilationCache(cache)
+
+	// Instantiate runtime with prepared config.
+	rt := wazero.NewRuntimeWithConfig(ctx, cfg)
+
+	// Instantiate wasi snapshot preview features into runtime.
+	_, err := wasi_snapshot_preview1.Instantiate(ctx, rt)
 	if err != nil {
 		return err
 	}

-		// Update runtime config with cache.
-		cfg = cfg.WithCompilationCache(cache)
-	}
-
-	// Initialize new runtime from config.
-	runtime, err = wasm.NewRuntime(ctx, cfg)
-	return
+	// Set runtime.
+	runtime = rt
+	return nil
 }
--- a/internal/media/processingemoji.go
+++ b/internal/media/processingemoji.go
@ -158,7 +158,7 @@ func (p *ProcessingEmoji) store(ctx context.Context) error {
 	if err != nil && !isUnsupportedTypeErr(err) {
 		return gtserror.Newf("ffprobe error: %w", err)
 	} else if result == nil {
-		log.Warnf(ctx, "unsupported data type by ffprobe: %v", err)
+		log.Warn(ctx, "unsupported data type")
 		return nil
 	}

--- a/internal/media/processingmedia.go
+++ b/internal/media/processingmedia.go
@ -22,7 +22,6 @@
 	"os"

 	errorsv2 "codeberg.org/gruf/go-errors/v2"
-	"codeberg.org/gruf/go-kv"
 	"codeberg.org/gruf/go-runners"

 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
@ -167,7 +166,7 @@ func (p *ProcessingMedia) store(ctx context.Context) error {
 	if err != nil && !isUnsupportedTypeErr(err) {
 		return gtserror.Newf("ffprobe error: %w", err)
 	} else if result == nil {
-		log.Warnf(ctx, "unsupported data type by ffprobe: %v", err)
+		log.Warn(ctx, "unsupported data type")
 		return nil
 	}

@ -215,10 +214,7 @@ func (p *ProcessingMedia) store(ctx context.Context) error {
 		// metadata, in order to keep tags.

 	default:
-		log.WarnKVs(ctx, kv.Fields{
-			{K: "format", V: result.format},
-			{K: "msg", V: "unsupported data type"},
-		}...)
+		log.Warn(ctx, "unsupported data type: %s", result.format)
 		return nil
 	}

--- a/internal/processing/admin/domainpermission.go
+++ b/internal/processing/admin/domainpermission.go
@ -31,6 +31,23 @@
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )

+// apiDomainPerm is a cheeky shortcut for returning
+// the API version of the given domain permission,
+// or an appropriate error if something goes wrong.
+func (p *Processor) apiDomainPerm(
+	ctx context.Context,
+	domainPermission gtsmodel.DomainPermission,
+	export bool,
+) (*apimodel.DomainPermission, gtserror.WithCode) {
+	apiDomainPerm, err := p.converter.DomainPermToAPIDomainPerm(ctx, domainPermission, export)
+	if err != nil {
+		err := gtserror.NewfAt(3, "error converting domain permission to api model: %w", err)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return apiDomainPerm, nil
+}
+
 // DomainPermissionCreate creates an instance-level permission
 // targeting the given domain, and then processes any side
 // effects of the permission creation.
@ -43,7 +60,7 @@
 // from this call, and/or an error if something goes wrong.
 func (p *Processor) DomainPermissionCreate(
 	ctx context.Context,
-	permType gtsmodel.DomainPermissionType,
+	permissionType gtsmodel.DomainPermissionType,
 	adminAcct *gtsmodel.Account,
 	domain string,
 	obfuscate bool,
@ -51,7 +68,7 @@ func (p *Processor) DomainPermissionCreate(
 	privateComment string,
 	subscriptionID string,
 ) (*apimodel.DomainPermission, string, gtserror.WithCode) {
-	switch permType {
+	switch permissionType {

 	// Explicitly block a domain.
 	case gtsmodel.DomainPermissionBlock:
@ -79,7 +96,7 @@ func (p *Processor) DomainPermissionCreate(

 	// Weeping, roaring, red-faced.
 	default:
-		err := gtserror.Newf("unrecognized permission type %d", permType)
+		err := gtserror.Newf("unrecognized permission type %d", permissionType)
 		return nil, "", gtserror.NewErrorInternalError(err)
 	}
 }
@ -91,11 +108,11 @@ func (p *Processor) DomainPermissionCreate(
 // action resulting from this call, and/or an error if something goes wrong.
 func (p *Processor) DomainPermissionDelete(
 	ctx context.Context,
-	permType gtsmodel.DomainPermissionType,
+	permissionType gtsmodel.DomainPermissionType,
 	adminAcct *gtsmodel.Account,
 	domainBlockID string,
 ) (*apimodel.DomainPermission, string, gtserror.WithCode) {
-	switch permType {
+	switch permissionType {

 	// Delete explicit domain block.
 	case gtsmodel.DomainPermissionBlock:
@ -116,7 +133,7 @@ func (p *Processor) DomainPermissionDelete(
 	// You do the hokey-cokey and you turn
 	// around, that's what it's all about.
 	default:
-		err := gtserror.Newf("unrecognized permission type %d", permType)
+		err := gtserror.Newf("unrecognized permission type %d", permissionType)
 		return nil, "", gtserror.NewErrorInternalError(err)
 	}
 }
@ -134,14 +151,14 @@ func (p *Processor) DomainPermissionDelete(
 // as they wish.
 func (p *Processor) DomainPermissionsImport(
 	ctx context.Context,
-	permType gtsmodel.DomainPermissionType,
+	permissionType gtsmodel.DomainPermissionType,
 	account *gtsmodel.Account,
 	domainsF *multipart.FileHeader,
 ) (*apimodel.MultiStatus, gtserror.WithCode) {
 	// Ensure known permission type.
-	if permType != gtsmodel.DomainPermissionBlock &&
-		permType != gtsmodel.DomainPermissionAllow {
-		err := gtserror.Newf("unrecognized permission type %d", permType)
+	if permissionType != gtsmodel.DomainPermissionBlock &&
+		permissionType != gtsmodel.DomainPermissionAllow {
+		err := gtserror.Newf("unrecognized permission type %d", permissionType)
 		return nil, gtserror.NewErrorInternalError(err)
 	}

@ -183,7 +200,7 @@ func (p *Processor) DomainPermissionsImport(

 		domainPerm, _, errWithCode = p.DomainPermissionCreate(
 			ctx,
-			permType,
+			permissionType,
 			account,
 			domain,
 			obfuscate,
@ -222,7 +239,7 @@ func (p *Processor) DomainPermissionsImport(
 // to an export.
 func (p *Processor) DomainPermissionsGet(
 	ctx context.Context,
-	permType gtsmodel.DomainPermissionType,
+	permissionType gtsmodel.DomainPermissionType,
 	account *gtsmodel.Account,
 	export bool,
 ) ([]*apimodel.DomainPermission, gtserror.WithCode) {
@ -231,7 +248,7 @@ func (p *Processor) DomainPermissionsGet(
 		err         error
 	)

-	switch permType {
+	switch permissionType {
 	case gtsmodel.DomainPermissionBlock:
 		var blocks []*gtsmodel.DomainBlock

@ -261,7 +278,7 @@ func (p *Processor) DomainPermissionsGet(
 	}

 	if err != nil {
-		err := gtserror.Newf("error getting %ss: %w", permType.String(), err)
+		err := gtserror.Newf("error getting %ss: %w", permissionType.String(), err)
 		return nil, gtserror.NewErrorInternalError(err)
 	}

@ -285,7 +302,7 @@ func (p *Processor) DomainPermissionsGet(
 // suitable for writing out to an export.
 func (p *Processor) DomainPermissionGet(
 	ctx context.Context,
-	permType gtsmodel.DomainPermissionType,
+	permissionType gtsmodel.DomainPermissionType,
 	id string,
 	export bool,
 ) (*apimodel.DomainPermission, gtserror.WithCode) {
@ -294,7 +311,7 @@ func (p *Processor) DomainPermissionGet(
 		err        error
 	)

-	switch permType {
+	switch permissionType {
 	case gtsmodel.DomainPermissionBlock:
 		domainPerm, err = p.state.DB.GetDomainBlockByID(ctx, id)
 	case gtsmodel.DomainPermissionAllow:
@ -305,13 +322,38 @@ func (p *Processor) DomainPermissionGet(

 	if err != nil {
 		if errors.Is(err, db.ErrNoEntries) {
-			err = fmt.Errorf("no domain %s exists with id %s", permType.String(), id)
+			err = fmt.Errorf("no domain %s exists with id %s", permissionType.String(), id)
 			return nil, gtserror.NewErrorNotFound(err, err.Error())
 		}

-		err = gtserror.Newf("error getting domain %s with id %s: %w", permType.String(), id, err)
+		err = gtserror.Newf("error getting domain %s with id %s: %w", permissionType.String(), id, err)
 		return nil, gtserror.NewErrorInternalError(err)
 	}

 	return p.apiDomainPerm(ctx, domainPerm, export)
 }
+
+func (p *Processor) DomainPermissionDraftGet(
+	ctx context.Context,
+	permissionType gtsmodel.DomainPermissionType,
+	id string,
+) (*apimodel.DomainPermission, gtserror.WithCode) {
+	permDraft, err := p.state.DB.GetDomainPermissionDraftByID(ctx, id)
+	if err != nil && !errors.Is(err, db.ErrNoEntries) {
+		err = gtserror.Newf(
+			"db error getting domain %s draft %s: %w",
+			permissionType.String(), id, err,
+		)
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	if permDraft == nil {
+		err = fmt.Errorf(
+			"no domain %s draft exists with id %s",
+			permissionType.String(), id,
+		)
+		return nil, gtserror.NewErrorNotFound(err, err.Error())
+	}
+
+	return p.apiDomainPerm(ctx, permDraft, false)
+}
--- a/internal/processing/admin/domainpermission_test.go
+++ b/internal/processing/admin/domainpermission_test.go
@ -42,7 +42,7 @@ type domainPermAction struct {

 	// Type of permission
 	// to create or delete.
-	permType gtsmodel.DomainPermissionType
+	permissionType gtsmodel.DomainPermissionType

 	// Domain to target
 	// with the permission.
@ -89,9 +89,9 @@ func (suite *DomainBlockTestSuite) runDomainPermTest(t domainPermTest) {
 		var actionID string
 		switch action.createOrDelete {
 		case "create":
-			_, actionID = suite.createDomainPerm(action.permType, action.domain)
+			_, actionID = suite.createDomainPerm(action.permissionType, action.domain)
 		case "delete":
-			_, actionID = suite.deleteDomainPerm(action.permType, action.domain)
+			_, actionID = suite.deleteDomainPerm(action.permissionType, action.domain)
 		default:
 			panic("createOrDelete was not 'create' or 'delete'")
 		}
@ -118,16 +118,16 @@ func (suite *DomainBlockTestSuite) runDomainPermTest(t domainPermTest) {
 	}
 }

-// create given permType with default values.
+// create given permissionType with default values.
 func (suite *DomainBlockTestSuite) createDomainPerm(
-	permType gtsmodel.DomainPermissionType,
+	permissionType gtsmodel.DomainPermissionType,
 	domain string,
 ) (*apimodel.DomainPermission, string) {
 	ctx := context.Background()

 	apiPerm, actionID, errWithCode := suite.adminProcessor.DomainPermissionCreate(
 		ctx,
-		permType,
+		permissionType,
 		suite.testAccounts["admin_account"],
 		domain,
 		false,
@ -144,7 +144,7 @@ func (suite *DomainBlockTestSuite) createDomainPerm(

 // delete given permission type.
 func (suite *DomainBlockTestSuite) deleteDomainPerm(
-	permType gtsmodel.DomainPermissionType,
+	permissionType gtsmodel.DomainPermissionType,
 	domain string,
 ) (*apimodel.DomainPermission, string) {
 	var (
@ -154,7 +154,7 @@ func (suite *DomainBlockTestSuite) deleteDomainPerm(

 	// To delete the permission,
 	// first get it from the db.
-	switch permType {
+	switch permissionType {
 	case gtsmodel.DomainPermissionBlock:
 		domainPermission, _ = suite.db.GetDomainBlock(ctx, domain)
 	case gtsmodel.DomainPermissionAllow:
@ -170,7 +170,7 @@ func (suite *DomainBlockTestSuite) deleteDomainPerm(
 	// Now use the ID to delete it.
 	apiPerm, actionID, errWithCode := suite.adminProcessor.DomainPermissionDelete(
 		ctx,
-		permType,
+		permissionType,
 		suite.testAccounts["admin_account"],
 		domainPermission.GetID(),
 	)
@ -246,7 +246,7 @@ func (suite *DomainBlockTestSuite) TestBlockAndUnblockDomain() {
 		actions: []domainPermAction{
 			{
 				createOrDelete: "create",
-				permType:       gtsmodel.DomainPermissionBlock,
+				permissionType: gtsmodel.DomainPermissionBlock,
 				domain:         domain,
 				expected: func(_ context.Context, account *gtsmodel.Account) bool {
 					// Domain was blocked, so each
@ -256,7 +256,7 @@ func (suite *DomainBlockTestSuite) TestBlockAndUnblockDomain() {
 			},
 			{
 				createOrDelete: "delete",
-				permType:       gtsmodel.DomainPermissionBlock,
+				permissionType: gtsmodel.DomainPermissionBlock,
 				domain:         domain,
 				expected: func(_ context.Context, account *gtsmodel.Account) bool {
 					// Domain was unblocked, so each
@ -279,7 +279,7 @@ func (suite *DomainBlockTestSuite) TestBlockAndAllowDomain() {
 		actions: []domainPermAction{
 			{
 				createOrDelete: "create",
-				permType:       gtsmodel.DomainPermissionBlock,
+				permissionType: gtsmodel.DomainPermissionBlock,
 				domain:         domain,
 				expected: func(ctx context.Context, account *gtsmodel.Account) bool {
 					// Domain was blocked, so each
@ -316,7 +316,7 @@ func (suite *DomainBlockTestSuite) TestBlockAndAllowDomain() {
 			},
 			{
 				createOrDelete: "create",
-				permType:       gtsmodel.DomainPermissionAllow,
+				permissionType: gtsmodel.DomainPermissionAllow,
 				domain:         domain,
 				expected: func(ctx context.Context, account *gtsmodel.Account) bool {
 					// Domain was explicitly allowed, so each
@ -355,7 +355,7 @@ func (suite *DomainBlockTestSuite) TestBlockAndAllowDomain() {
 			},
 			{
 				createOrDelete: "delete",
-				permType:       gtsmodel.DomainPermissionAllow,
+				permissionType: gtsmodel.DomainPermissionAllow,
 				domain:         domain,
 				expected: func(ctx context.Context, account *gtsmodel.Account) bool {
 					// Deleting the allow now, while there's
@ -382,7 +382,7 @@ func (suite *DomainBlockTestSuite) TestBlockAndAllowDomain() {
 			},
 			{
 				createOrDelete: "delete",
-				permType:       gtsmodel.DomainPermissionBlock,
+				permissionType: gtsmodel.DomainPermissionBlock,
 				domain:         domain,
 				expected: func(ctx context.Context, account *gtsmodel.Account) bool {
 					// Deleting the block now should
@ -421,7 +421,7 @@ func (suite *DomainBlockTestSuite) TestAllowAndBlockDomain() {
 		actions: []domainPermAction{
 			{
 				createOrDelete: "create",
-				permType:       gtsmodel.DomainPermissionAllow,
+				permissionType: gtsmodel.DomainPermissionAllow,
 				domain:         domain,
 				expected: func(ctx context.Context, account *gtsmodel.Account) bool {
 					// Domain was explicitly allowed,
@ -458,7 +458,7 @@ func (suite *DomainBlockTestSuite) TestAllowAndBlockDomain() {
 			},
 			{
 				createOrDelete: "create",
-				permType:       gtsmodel.DomainPermissionBlock,
+				permissionType: gtsmodel.DomainPermissionBlock,
 				domain:         domain,
 				expected: func(ctx context.Context, account *gtsmodel.Account) bool {
 					// Create a block. An allow existed, so
@ -497,7 +497,7 @@ func (suite *DomainBlockTestSuite) TestAllowAndBlockDomain() {
 			},
 			{
 				createOrDelete: "delete",
-				permType:       gtsmodel.DomainPermissionAllow,
+				permissionType: gtsmodel.DomainPermissionAllow,
 				domain:         domain,
 				expected: func(ctx context.Context, account *gtsmodel.Account) bool {
 					// Deleting the allow now, while there's
--- a/internal/processing/admin/domainpermissiondraft.go
+++ b/internal/processing/admin/domainpermissiondraft.go
@ -1,149 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package admin
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/url"
-
-	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
-	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
-	"github.com/superseriousbusiness/gotosocial/internal/db"
-	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/id"
-	"github.com/superseriousbusiness/gotosocial/internal/paging"
-)
-
-// DomainPermissionDraftGet returns one
-// domain permission draft with the given id.
-func (p *Processor) DomainPermissionDraftGet(
-	ctx context.Context,
-	id string,
-) (*apimodel.DomainPermission, gtserror.WithCode) {
-	permDraft, err := p.state.DB.GetDomainPermissionDraftByID(ctx, id)
-	if err != nil && !errors.Is(err, db.ErrNoEntries) {
-		err = gtserror.Newf("db error getting domain permission draft %s: %w", id, err)
-		return nil, gtserror.NewErrorInternalError(err)
-	}
-
-	if permDraft == nil {
-		err = fmt.Errorf("domain permission draft %s not found", id)
-		return nil, gtserror.NewErrorNotFound(err, err.Error())
-	}
-
-	return p.apiDomainPerm(ctx, permDraft, false)
-}
-
-// DomainPermissionDraftsGet returns a page of
-// DomainPermissionDrafts with the given parameters.
-func (p *Processor) DomainPermissionDraftsGet(
-	ctx context.Context,
-	subscriptionID string,
-	domain string,
-	permType gtsmodel.DomainPermissionType,
-	page *paging.Page,
-) (*apimodel.PageableResponse, gtserror.WithCode) {
-	permDrafts, err := p.state.DB.GetDomainPermissionDrafts(
-		ctx,
-		permType,
-		subscriptionID,
-		domain,
-		page,
-	)
-	if err != nil && !errors.Is(err, db.ErrNoEntries) {
-		err := gtserror.Newf("db error: %w", err)
-		return nil, gtserror.NewErrorInternalError(err)
-	}
-
-	count := len(permDrafts)
-	if count == 0 {
-		return paging.EmptyResponse(), nil
-	}
-
-	// Get the lowest and highest
-	// ID values, used for paging.
-	lo := permDrafts[count-1].ID
-	hi := permDrafts[0].ID
-
-	// Convert each perm draft to API model.
-	items := make([]any, len(permDrafts))
-	for i, permDraft := range permDrafts {
-		apiPermDraft, err := p.apiDomainPerm(ctx, permDraft, false)
-		if err != nil {
-			return nil, gtserror.NewErrorInternalError(err)
-		}
-		items[i] = apiPermDraft
-	}
-
-	// Assemble next/prev page queries.
-	query := make(url.Values, 3)
-	if subscriptionID != "" {
-		query.Set(apiutil.DomainPermissionSubscriptionIDKey, subscriptionID)
-	}
-	if domain != "" {
-		query.Set(apiutil.DomainPermissionDomainKey, domain)
-	}
-	if permType != gtsmodel.DomainPermissionUnknown {
-		query.Set(apiutil.DomainPermissionPermTypeKey, permType.String())
-	}
-
-	return paging.PackageResponse(paging.ResponseParams{
-		Items: items,
-		Path:  "/api/v1/admin/domain_permission_drafts",
-		Next:  page.Next(lo, hi),
-		Prev:  page.Prev(lo, hi),
-		Query: query,
-	}), nil
-}
-
-func (p *Processor) DomainPermissionDraftCreate(
-	ctx context.Context,
-	acct *gtsmodel.Account,
-	domain string,
-	permType gtsmodel.DomainPermissionType,
-	obfuscate bool,
-	publicComment string,
-	privateComment string,
-) (*apimodel.DomainPermission, gtserror.WithCode) {
-	permDraft := &gtsmodel.DomainPermissionDraft{
-		ID:                 id.NewULID(),
-		PermissionType:     permType,
-		Domain:             domain,
-		CreatedByAccountID: acct.ID,
-		CreatedByAccount:   acct,
-		PrivateComment:     privateComment,
-		PublicComment:      publicComment,
-		Obfuscate:          &obfuscate,
-	}
-
-	if err := p.state.DB.PutDomainPermissionDraft(ctx, permDraft); err != nil {
-		if errors.Is(err, db.ErrAlreadyExists) {
-			const text = "a domain permission draft already exists with this permission type and domain"
-			return nil, gtserror.NewErrorConflict(errors.New(text), text)
-		}
-
-		// Real error.
-		err := gtserror.Newf("db error putting domain permission draft: %w", err)
-		return nil, gtserror.NewErrorInternalError(err)
-	}
-
-	return p.apiDomainPerm(ctx, permDraft, false)
-}
--- a/internal/processing/admin/util.go
+++ b/internal/processing/admin/util.go
@ -22,7 +22,6 @@
 	"errors"
 	"time"

-	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
@ -98,20 +97,3 @@ func (p *Processor) rangeDomainAccounts(
 		}
 	}
 }
-
-// apiDomainPerm is a cheeky shortcut for returning
-// the API version of the given domain permission,
-// or an appropriate error if something goes wrong.
-func (p *Processor) apiDomainPerm(
-	ctx context.Context,
-	domainPermission gtsmodel.DomainPermission,
-	export bool,
-) (*apimodel.DomainPermission, gtserror.WithCode) {
-	apiDomainPerm, err := p.converter.DomainPermToAPIDomainPerm(ctx, domainPermission, export)
-	if err != nil {
-		err := gtserror.NewfAt(3, "error converting domain permission to api model: %w", err)
-		return nil, gtserror.NewErrorInternalError(err)
-	}
-
-	return apiDomainPerm, nil
-}
--- a/vendor/codeberg.org/gruf/go-ffmpreg/embed/ffmpeg/ffmpeg.wasm
+++ b/vendor/codeberg.org/gruf/go-ffmpreg/embed/ffmpeg/ffmpeg.wasm
--- a/vendor/codeberg.org/gruf/go-ffmpreg/embed/ffprobe/ffprobe.wasm
+++ b/vendor/codeberg.org/gruf/go-ffmpreg/embed/ffprobe/ffprobe.wasm
--- a/vendor/codeberg.org/gruf/go-ffmpreg/wasm/funcs.go
+++ b/vendor/codeberg.org/gruf/go-ffmpreg/wasm/funcs.go
@ -1,74 +0,0 @@
-package wasm
-
-import (
-	"context"
-
-	"github.com/tetratelabs/wazero/api"
-	"github.com/tetratelabs/wazero/experimental"
-)
-
-type snapshotskey struct{}
-
-// withSetjmpLongjmp updates the context to contain wazero/experimental.Snapshotter{} support,
-// and embeds the necessary snapshots map required for later calls to Setjmp() / Longjmp().
-func withSetjmpLongjmp(ctx context.Context) context.Context {
-	snapshots := make(map[uint32]experimental.Snapshot, 10)
-	ctx = experimental.WithSnapshotter(ctx)
-	ctx = context.WithValue(ctx, snapshotskey{}, snapshots)
-	return ctx
-}
-
-func getSnapshots(ctx context.Context) map[uint32]experimental.Snapshot {
-	v, _ := ctx.Value(snapshotskey{}).(map[uint32]experimental.Snapshot)
-	return v
-}
-
-// setjmp implements the C function: setjmp(env jmp_buf)
-func setjmp(ctx context.Context, mod api.Module, stack []uint64) {
-
-	// Input arguments.
-	envptr := api.DecodeU32(stack[0])
-
-	// Take snapshot of current execution environment.
-	snapshotter := experimental.GetSnapshotter(ctx)
-	snapshot := snapshotter.Snapshot()
-
-	// Get stored snapshots map.
-	snapshots := getSnapshots(ctx)
-	if snapshots == nil {
-		panic("setjmp / longjmp not supported")
-	}
-
-	// Set latest snapshot in map.
-	snapshots[envptr] = snapshot
-
-	// Set return.
-	stack[0] = 0
-}
-
-// longjmp implements the C function: int longjmp(env jmp_buf, value int)
-func longjmp(ctx context.Context, mod api.Module, stack []uint64) {
-
-	// Input arguments.
-	envptr := api.DecodeU32(stack[0])
-	// val := stack[1]
-
-	// Get stored snapshots map.
-	snapshots := getSnapshots(ctx)
-	if snapshots == nil {
-		panic("setjmp / longjmp not supported")
-	}
-
-	// Get snapshot stored in map.
-	snapshot := snapshots[envptr]
-	if snapshot == nil {
-		panic("must first call setjmp")
-	}
-
-	// Set return.
-	stack[0] = 0
-
-	// Restore execution and
-	// return passed value arg.
-	snapshot.Restore(stack[1:])
-}
--- a/vendor/codeberg.org/gruf/go-ffmpreg/wasm/instance.go
+++ b/vendor/codeberg.org/gruf/go-ffmpreg/wasm/instance.go
@ -6,9 +6,19 @@
 	"unsafe"

 	"github.com/tetratelabs/wazero"
+	"github.com/tetratelabs/wazero/api"
 	"github.com/tetratelabs/wazero/sys"
 )

+// CoreFeatures are the WebAssembly Core specification
+// features our embedded binaries are compiled with.
+const CoreFeatures = api.CoreFeatureSIMD |
+	api.CoreFeatureBulkMemoryOperations |
+	api.CoreFeatureNonTrappingFloatToIntConversion |
+	api.CoreFeatureMutableGlobal |
+	api.CoreFeatureReferenceTypes |
+	api.CoreFeatureSignExtensionOps
+
 // Args encompasses a common set of
 // configuration options often passed to
 // wazero.Runtime on module instantiation.
@ -54,9 +64,6 @@ func Run(
 		modcfg = args.Config(modcfg)
 	}

-	// Enable setjmp longjmp.
-	ctx = withSetjmpLongjmp(ctx)
-
 	// Instantiate the module from precompiled wasm module data.
 	mod, err := runtime.InstantiateModule(ctx, module, modcfg)

--- a/vendor/codeberg.org/gruf/go-ffmpreg/wasm/runtime.go
+++ b/vendor/codeberg.org/gruf/go-ffmpreg/wasm/runtime.go
@ -1,67 +0,0 @@
-package wasm
-
-import (
-	"context"
-
-	"github.com/tetratelabs/wazero"
-	"github.com/tetratelabs/wazero/api"
-	"github.com/tetratelabs/wazero/imports/wasi_snapshot_preview1"
-)
-
-// CoreFeatures are the WebAssembly Core specification
-// features our embedded binaries are compiled with.
-const CoreFeatures = api.CoreFeatureSIMD |
-	api.CoreFeatureBulkMemoryOperations |
-	api.CoreFeatureNonTrappingFloatToIntConversion |
-	api.CoreFeatureMutableGlobal |
-	api.CoreFeatureReferenceTypes |
-	api.CoreFeatureSignExtensionOps
-
-// NewRuntime returns a new WebAssembly wazero.Runtime compatible with go-ffmpreg.
-func NewRuntime(ctx context.Context, cfg wazero.RuntimeConfig) (wazero.Runtime, error) {
-	var err error
-
-	if cfg == nil {
-		// Ensure runtime config is set.
-		cfg = wazero.NewRuntimeConfig()
-	}
-
-	// Set core features ffmpeg compiled with.
-	cfg = cfg.WithCoreFeatures(CoreFeatures)
-
-	// Instantiate runtime with prepared config.
-	rt := wazero.NewRuntimeWithConfig(ctx, cfg)
-
-	// Prepare default "env" host module.
-	env := rt.NewHostModuleBuilder("env")
-
-	// Register setjmp host function.
-	env = env.NewFunctionBuilder().
-		WithGoModuleFunction(
-			api.GoModuleFunc(setjmp),
-			[]api.ValueType{api.ValueTypeI32},
-			[]api.ValueType{api.ValueTypeI32},
-		).Export("setjmp")
-
-	// Register longjmp host function.
-	env = env.NewFunctionBuilder().
-		WithGoModuleFunction(
-			api.GoModuleFunc(longjmp),
-			[]api.ValueType{api.ValueTypeI32, api.ValueTypeI32},
-			[]api.ValueType{},
-		).Export("longjmp")
-
-	// Instantiate "env" module.
-	_, err = env.Instantiate(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	// Instantiate the wasi snapshot preview 1 in runtime.
-	_, err = wasi_snapshot_preview1.Instantiate(ctx, rt)
-	if err != nil {
-		return nil, err
-	}
-
-	return rt, nil
-}
--- a/vendor/github.com/minio/minio-go/v7/README.md
+++ b/vendor/github.com/minio/minio-go/v7/README.md
@ -253,7 +253,7 @@ The full API Reference is available here.

 * [setbucketencryption.go](https://github.com/minio/minio-go/blob/master/examples/s3/setbucketencryption.go)
 * [getbucketencryption.go](https://github.com/minio/minio-go/blob/master/examples/s3/getbucketencryption.go)
-* [removebucketencryption.go](https://github.com/minio/minio-go/blob/master/examples/s3/removebucketencryption.go)
+* [deletebucketencryption.go](https://github.com/minio/minio-go/blob/master/examples/s3/deletebucketencryption.go)

 ### Full Examples : Bucket replication Operations

--- a/vendor/github.com/minio/minio-go/v7/api-put-object-streaming.go
+++ b/vendor/github.com/minio/minio-go/v7/api-put-object-streaming.go
@ -52,7 +52,7 @@ func (c *Client) putObjectMultipartStream(ctx context.Context, bucketName, objec
 	} else {
 		info, err = c.putObjectMultipartStreamOptionalChecksum(ctx, bucketName, objectName, reader, size, opts)
 	}
-	if err != nil && s3utils.IsGoogleEndpoint(*c.endpointURL) {
+	if err != nil {
 		errResp := ToErrorResponse(err)
 		// Verify if multipart functionality is not available, if not
 		// fall back to single PutObject operation.
--- a/vendor/github.com/minio/minio-go/v7/api.go
+++ b/vendor/github.com/minio/minio-go/v7/api.go
@ -128,7 +128,7 @@ type Options struct {
 // Global constants.
 const (
 	libraryName    = "minio-go"
-	libraryVersion = "v7.0.79"
+	libraryVersion = "v7.0.78"
 )

 // User Agent should always following the below style.
--- a/vendor/github.com/tdewolff/minify/v2/README.md
+++ b/vendor/github.com/tdewolff/minify/v2/README.md
@ -702,7 +702,7 @@ func compileTemplates(filenames ...string) (*template.Template, error) {
 			tmpl = tmpl.New(name)
 		}

-		b, err := os.ReadFile(filename)
+		b, err := ioutil.ReadFile(filename)
 		if err != nil {
 			return nil, err
 		}
--- a/vendor/github.com/tdewolff/minify/v2/minify.go
+++ b/vendor/github.com/tdewolff/minify/v2/minify.go
@ -6,6 +6,7 @@
 	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"mime"
 	"net/http"
@ -68,14 +69,14 @@ func (c *cmdMinifier) Minify(_ *M, w io.Writer, r io.Reader, _ map[string]string
 		if j := strings.Index(arg, "$in"); j != -1 {
 			var err error
 			ext := cmdArgExtension.FindString(arg[j+3:])
-			if in, err = os.CreateTemp("", "minify-in-*"+ext); err != nil {
+			if in, err = ioutil.TempFile("", "minify-in-*"+ext); err != nil {
 				return err
 			}
 			cmd.Args[i] = arg[:j] + in.Name() + arg[j+3+len(ext):]
 		} else if j := strings.Index(arg, "$out"); j != -1 {
 			var err error
 			ext := cmdArgExtension.FindString(arg[j+4:])
-			if out, err = os.CreateTemp("", "minify-out-*"+ext); err != nil {
+			if out, err = ioutil.TempFile("", "minify-out-*"+ext); err != nil {
 				return err
 			}
 			cmd.Args[i] = arg[:j] + out.Name() + arg[j+4+len(ext):]
--- a/vendor/github.com/tdewolff/parse/v2/binary.go
+++ b/vendor/github.com/tdewolff/parse/v2/binary.go
@ -510,6 +510,14 @@ func NewBinaryReader2File(filename string) (*BinaryReader2, error) {
 	return NewBinaryReader2(f), nil
 }

+func NewBinaryReader2Mmap(filename string) (*BinaryReader2, error) {
+	f, err := newBinaryReaderMmap(filename)
+	if err != nil {
+		return nil, err
+	}
+	return NewBinaryReader2(f), nil
+}
+
 func (r *BinaryReader2) Err() error {
 	return r.err
 }
--- a/vendor/github.com/tdewolff/parse/v2/binary_unix.go
+++ b/vendor/github.com/tdewolff/parse/v2/binary_unix.go
@ -81,11 +81,3 @@ func (r *binaryReaderMmap) Bytes(n int, off int64) ([]byte, error) {
 	}
 	return r.data[off : off+int64(n) : off+int64(n)], nil
 }
-
-func NewBinaryReader2Mmap(filename string) (*BinaryReader2, error) {
-	f, err := newBinaryReaderMmap(filename)
-	if err != nil {
-		return nil, err
-	}
-	return NewBinaryReader2(f), nil
-}
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -24,7 +24,7 @@ codeberg.org/gruf/go-fastcopy
 # codeberg.org/gruf/go-fastpath/v2 v2.0.0
 ## explicit; go 1.14
 codeberg.org/gruf/go-fastpath/v2
-# codeberg.org/gruf/go-ffmpreg v0.4.2
+# codeberg.org/gruf/go-ffmpreg v0.3.1
 ## explicit; go 1.22.0
 codeberg.org/gruf/go-ffmpreg/embed/ffmpeg
 codeberg.org/gruf/go-ffmpreg/embed/ffprobe
@ -486,7 +486,7 @@ github.com/miekg/dns
 # github.com/minio/md5-simd v1.1.2
 ## explicit; go 1.14
 github.com/minio/md5-simd
-# github.com/minio/minio-go/v7 v7.0.79
+# github.com/minio/minio-go/v7 v7.0.78
 ## explicit; go 1.22
 github.com/minio/minio-go/v7
 github.com/minio/minio-go/v7/pkg/cors
@ -833,11 +833,11 @@ github.com/superseriousbusiness/oauth2/v4/generates
 github.com/superseriousbusiness/oauth2/v4/manage
 github.com/superseriousbusiness/oauth2/v4/models
 github.com/superseriousbusiness/oauth2/v4/server
-# github.com/tdewolff/minify/v2 v2.21.1
+# github.com/tdewolff/minify/v2 v2.21.0
 ## explicit; go 1.18
 github.com/tdewolff/minify/v2
 github.com/tdewolff/minify/v2/html
-# github.com/tdewolff/parse/v2 v2.7.18
+# github.com/tdewolff/parse/v2 v2.7.17
 ## explicit; go 1.13
 github.com/tdewolff/parse/v2
 github.com/tdewolff/parse/v2/buffer
Author	SHA1	Message	Date
tobi	6d8e864ab0	Merge branch 'main' into domain_permission_subscriptions	2024-10-26 14:04:56 +02:00
tobi	82d27319b1	weeeeeee	2024-10-26 14:04:40 +02:00
tobi	dc7b614909	mmmmmmmmmm, perms!!!	2024-10-23 16:53:48 +02:00