New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] Process outgoing Move from clientAPI #2750
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did a quick first pass. Things look pretty sensible and the client API side looks a lot less complicated.
if err != nil { | ||
err := fmt.Errorf("invalid moved_to_uri provided in account Move request: %w", err) | ||
return gtserror.NewErrorBadRequest(err, err.Error()) | ||
} | ||
|
||
if movedToURI.Scheme != "https" && movedToURI.Scheme != "http" { | ||
if targetAcctURI.Scheme != "https" && targetAcctURI.Scheme != "http" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since you can't really move to an http
URL, as the whole fedi requires TLS, should we check it against config.GetProtocol
instead? In case you're running in test mode or something. GenerateURIForMove
also uses config.GetProtocol
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think doing this would actually break some of our tests (as we use a mix of http / https test domains).
honestly i don't think it's much of an attack vector (if any), and the check will be faster this way than going through a read mutex lock
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will leave this for now, but perhaps we can make a separate issue to better support http-only local testing, since similar discussions have happened elsewhere too.
Co-authored-by: Daenney <daenney@users.noreply.github.com>
…ss/gotosocial into process_outgoing_move
Description
This pull request implements actual processing functionality for accounts Moving via the GtS client API:
Relates to #130
Checklist
Please put an x inside each checkbox to indicate that you've read and followed it:
[ ]
->[x]
If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want).
go fmt ./...
andgolangci-lint run
.