gotosocial/internal/db/bundb/domain.go
kim 69dd5fed2c
[feature] domain block wildcarding (#1178)
* for domain block lookups, lookup along subdomain parts

Signed-off-by: kim <grufwub@gmail.com>

* only lookup up to a max of 5 domain parts to prevent DOS, limit inserted domains to max of 5 subdomains

Signed-off-by: kim <grufwub@gmail.com>

* add test for domain block wildcarding

Signed-off-by: kim <grufwub@gmail.com>

* check cached status first, increase cached domain time

Signed-off-by: kim <grufwub@gmail.com>

* fix domain wildcard part building logic

Signed-off-by: kim <grufwub@gmail.com>

* create separate domain.BlockCache{} type to hold all domain blocks in memory

Signed-off-by: kim <grufwub@gmail.com>

* remove unused variable

Signed-off-by: kim <grufwub@gmail.com>

* add docs and test to domain block cache, check for domain == host in domain block getter funcs

Signed-off-by: kim <grufwub@gmail.com>

* add license text

Signed-off-by: kim <grufwub@gmail.com>

* check order in which we check primary cache

Signed-off-by: kim <grufwub@gmail.com>

* add better documentation of how domain block checking is performed

Signed-off-by: kim <grufwub@gmail.com>

* change

Signed-off-by: kim <grufwub@gmail.com>

Signed-off-by: kim <grufwub@gmail.com>
2022-12-14 10:55:36 +01:00

176 lines
4.6 KiB
Go

/*
GoToSocial
Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package bundb
import (
"context"
"net/url"
"strings"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/db"
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
"github.com/superseriousbusiness/gotosocial/internal/state"
"github.com/uptrace/bun"
"golang.org/x/net/idna"
)
type domainDB struct {
conn *DBConn
state *state.State
}
// normalizeDomain converts the given domain to lowercase
// then to punycode (for international domain names).
//
// Returns the resulting domain or an error if the
// punycode conversion fails.
func normalizeDomain(domain string) (out string, err error) {
out = strings.ToLower(domain)
out, err = idna.ToASCII(out)
return out, err
}
func (d *domainDB) CreateDomainBlock(ctx context.Context, block *gtsmodel.DomainBlock) db.Error {
var err error
// Normalize the domain as punycode
block.Domain, err = normalizeDomain(block.Domain)
if err != nil {
return err
}
// Attempt to store domain in DB
if _, err := d.conn.NewInsert().
Model(block).
Exec(ctx); err != nil {
return d.conn.ProcessError(err)
}
// Clear the domain block cache (for later reload)
d.state.Caches.GTS.DomainBlock().Clear()
return nil
}
func (d *domainDB) GetDomainBlock(ctx context.Context, domain string) (*gtsmodel.DomainBlock, db.Error) {
var err error
// Normalize the domain as punycode
domain, err = normalizeDomain(domain)
if err != nil {
return nil, err
}
// Check for easy case, domain referencing *us*
if domain == "" || domain == config.GetAccountDomain() ||
domain == config.GetHost() {
return nil, db.ErrNoEntries
}
var block gtsmodel.DomainBlock
// Look for block matching domain in DB
q := d.conn.
NewSelect().
Model(&block).
Where("? = ?", bun.Ident("domain_block.domain"), domain)
if err := q.Scan(ctx); err != nil {
return nil, d.conn.ProcessError(err)
}
return &block, nil
}
func (d *domainDB) DeleteDomainBlock(ctx context.Context, domain string) db.Error {
var err error
domain, err = normalizeDomain(domain)
if err != nil {
return err
}
// Attempt to delete domain block
if _, err := d.conn.NewDelete().
Model((*gtsmodel.DomainBlock)(nil)).
Where("? = ?", bun.Ident("domain_block.domain"), domain).
Exec(ctx); err != nil {
return d.conn.ProcessError(err)
}
// Clear the domain block cache (for later reload)
d.state.Caches.GTS.DomainBlock().Clear()
return nil
}
func (d *domainDB) IsDomainBlocked(ctx context.Context, domain string) (bool, db.Error) {
// Normalize the domain as punycode
domain, err := normalizeDomain(domain)
if err != nil {
return false, err
}
// Check for easy case, domain referencing *us*
if domain == "" || domain == config.GetAccountDomain() ||
domain == config.GetHost() {
return false, nil
}
// Check the cache for a domain block (hydrating the cache with callback if necessary)
return d.state.Caches.GTS.DomainBlock().IsBlocked(domain, func() ([]string, error) {
var domains []string
// Scan list of all blocked domains from DB
q := d.conn.NewSelect().
Table("domain_blocks").
Column("domain")
if err := q.Scan(ctx, &domains); err != nil {
return nil, d.conn.ProcessError(err)
}
return domains, nil
})
}
func (d *domainDB) AreDomainsBlocked(ctx context.Context, domains []string) (bool, db.Error) {
for _, domain := range domains {
if blocked, err := d.IsDomainBlocked(ctx, domain); err != nil {
return false, err
} else if blocked {
return blocked, nil
}
}
return false, nil
}
func (d *domainDB) IsURIBlocked(ctx context.Context, uri *url.URL) (bool, db.Error) {
return d.IsDomainBlocked(ctx, uri.Hostname())
}
func (d *domainDB) AreURIsBlocked(ctx context.Context, uris []*url.URL) (bool, db.Error) {
for _, uri := range uris {
if blocked, err := d.IsDomainBlocked(ctx, uri.Hostname()); err != nil {
return false, err
} else if blocked {
return blocked, nil
}
}
return false, nil
}