gotosocial/internal/api/security/security.go

/*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.

   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package security

import (
	"net/http"

	"github.com/sirupsen/logrus"
	"github.com/superseriousbusiness/gotosocial/internal/api"
	"github.com/superseriousbusiness/gotosocial/internal/config"
	"github.com/superseriousbusiness/gotosocial/internal/db"
	"github.com/superseriousbusiness/gotosocial/internal/router"
)

const robotsPath = "/robots.txt"

// Module implements the ClientAPIModule interface for security middleware
type Module struct {
	config *config.Config
	log    *logrus.Logger
	db     db.DB
}

// New returns a new security module
func New(config *config.Config, db db.DB, log *logrus.Logger) api.ClientModule {
	return &Module{
		config: config,
		log:    log,
		db:     db,
	}
}

// Route attaches security middleware to the given router
func (m *Module) Route(s router.Router) error {
	s.AttachMiddleware(m.SignatureCheck)
	s.AttachMiddleware(m.FlocBlock)
	s.AttachMiddleware(m.ExtraHeaders)
	s.AttachMiddleware(m.UserAgentBlock)
	s.AttachHandler(http.MethodGet, robotsPath, m.RobotsGETHandler)
	return nil
}
bits n bobs 2021-03-01 14:41:43 +00:00			`/*`
			`GoToSocial`
			`Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU Affero General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU Affero General Public License for more details.`

			`You should have received a copy of the GNU Affero General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 18:42:19 +01:00			`package security`

			`import (`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 17:42:28 +01:00			`"net/http"`

Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 18:42:19 +01:00			`"github.com/sirupsen/logrus"`
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 13:25:55 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/api"`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 18:42:19 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/config"`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 12:23:03 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/db"`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 18:42:19 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/router"`
			`)`

Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 17:42:28 +01:00			`const robotsPath = "/robots.txt"`

linting + organizing 2021-04-20 17:14:23 +01:00			`// Module implements the ClientAPIModule interface for security middleware`
			`type Module struct {`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 18:42:19 +01:00			`config *config.Config`
			`log *logrus.Logger`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 12:23:03 +01:00			`db db.DB`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 18:42:19 +01:00			`}`

			`// New returns a new security module`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 12:23:03 +01:00			`func New(config config.Config, db db.DB, log logrus.Logger) api.ClientModule {`
linting + organizing 2021-04-20 17:14:23 +01:00			`return &Module{`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 18:42:19 +01:00			`config: config,`
			`log: log,`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 12:23:03 +01:00			`db: db,`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 18:42:19 +01:00			`}`
			`}`

linting + organizing 2021-04-20 17:14:23 +01:00			`// Route attaches security middleware to the given router`
			`func (m *Module) Route(s router.Router) error {`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 12:23:03 +01:00			`s.AttachMiddleware(m.SignatureCheck)`
linting + organizing 2021-04-20 17:14:23 +01:00			`s.AttachMiddleware(m.FlocBlock)`
Inbox post (#22) Inbox POST from federated servers now working for statuses and follow requests. Follow request client API added. Start work on federating outgoing messages. Other fixes and changes/tidying up. 2021-05-15 10:58:11 +01:00			`s.AttachMiddleware(m.ExtraHeaders)`
Follows and relationships (#27) * Follows -- create and undo, both remote and local * Statuses -- federate new posts, including media, attachments, CWs and image descriptions. 2021-05-21 14:48:26 +01:00			`s.AttachMiddleware(m.UserAgentBlock)`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 17:42:28 +01:00			`s.AttachHandler(http.MethodGet, robotsPath, m.RobotsGETHandler)`
Api/v1/statuses (#11) This PR adds: Statuses New status creation. View existing status Delete a status Fave a status Unfave a status See who's faved a status Media Upload media attachment and store/retrieve it Upload custom emoji and store/retrieve it Fileserver Serve files from storage Testing Test models, testrig -- run a GTS test instance and play around with it. 2021-04-19 18:42:19 +01:00			`return nil`
			`}`