only federate site bans originating from user's home instance

2025-02-27 08:06:42 +00:00 · 2022-02-07 17:53:27 +01:00 · 2022-02-07 17:53:27 +01:00 · 1b4998e396
commit 1b4998e396
parent 52ce279664
2 changed files with 30 additions and 21 deletions
--- a/crates/api/src/local_user.rs
+++ b/crates/api/src/local_user.rs
@ -478,26 +478,29 @@ impl Perform for BanPerson {
        .await??
        .into(),
    );
-    if ban {
-      BlockUser::send(
-        &site,
-        &person.into(),
-        &local_user_view.person.into(),
-        remove_data,
-        data.reason.clone(),
-        expires,
-        context,
-      )
-      .await?;
-    } else {
-      UndoBlockUser::send(
-        &site,
-        &person.into(),
-        &local_user_view.person.into(),
-        data.reason.clone(),
-        context,
-      )
-      .await?;
+    // if the action affects a local user, federate to other instances
+    if person.local {
+      if ban {
+        BlockUser::send(
+          &site,
+          &person.into(),
+          &local_user_view.person.into(),
+          remove_data,
+          data.reason.clone(),
+          expires,
+          context,
+        )
+        .await?;
+      } else {
+        UndoBlockUser::send(
+          &site,
+          &person.into(),
+          &local_user_view.person.into(),
+          data.reason.clone(),
+          context,
+        )
+        .await?;
+      }
    }

    let res = BanPersonResponse {
--- a/crates/apub/src/activities/block/block_user.rs
+++ b/crates/apub/src/activities/block/block_user.rs
@ -36,7 +36,7 @@ use lemmy_db_schema::{
  },
  traits::{Bannable, Crud, Followable},
 };
-use lemmy_utils::{utils::convert_datetime, LemmyError};
+use lemmy_utils::{settings::structs::Settings, utils::convert_datetime, LemmyError};
 use lemmy_websocket::LemmyContext;

 impl BlockUser {
@ -121,6 +121,12 @@ impl ActivityHandler for BlockUser {
      .await?
    {
      SiteOrCommunity::Site(site) => {
+        let domain = self.object.inner().domain().expect("url needs domain");
+        if Settings::get().hostname == domain {
+          return Err(
+            anyhow!("Site bans from remote instance can't affect user's home instance").into(),
+          );
+        }
        // site ban can only target a user who is on the same instance as the actor (admin)
        verify_domains_match(&site.actor_id(), self.actor.inner())?;
        verify_domains_match(&site.actor_id(), self.object.inner())?;