-
-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] domain block wildcarding #1178
[feature] domain block wildcarding #1178
Conversation
Marking as draft as there's still some discussions to be had regarding
|
Thinking about this now... To help separate the logic, once the state PR #1078 has been merged, we could move this logic out of the database quite easily since the main part that holds it here right now is the access to |
This looks good so far, very neat implementation 😍 My only concern is that it adds a lot of database calls (up to three extras, right?) during authorization, which is a very hot path called on every incoming request. I know the cacheing will help a lot but this still makes me a little nervous. What do you think? |
what about reversing a domain and comparing it?
shouldn't matter how many domain parts there are then maybe there's even an |
This is helpful if we have the domain block to compare an incoming domain against. But how do we structure this as part of a database call and a hashmap (cache) lookup? |
I agree, it's definitely a work in progress. If you have any brainwaves on it let me know! I'm going to keep pondering on it myself 🤔 |
Just had a thought -- the caching side of things could be sped up with a custom lookup system using a radix-trie to do glob-base matching, similar to what I have here: https://codeberg.org/gruf/go-glob/src/branch/main/multi.go. Still need to figure out the database though. |
ab56549
to
ab0e0f0
Compare
I actually came up with quite a nice solution for this, not too complicated but should handle things well 😀 Only thing left is I need to write some tests for and properly comment the new |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking really nice :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great :) Just a comment on the comprehensibility of one of the functions (arguably the most important one) :P
Signed-off-by: kim <grufwub@gmail.com>
…ted domains to max of 5 subdomains Signed-off-by: kim <grufwub@gmail.com>
Signed-off-by: kim <grufwub@gmail.com>
Signed-off-by: kim <grufwub@gmail.com>
Signed-off-by: kim <grufwub@gmail.com>
… memory Signed-off-by: kim <grufwub@gmail.com>
Signed-off-by: kim <grufwub@gmail.com>
…domain block getter funcs Signed-off-by: kim <grufwub@gmail.com>
Signed-off-by: kim <grufwub@gmail.com>
Signed-off-by: kim <grufwub@gmail.com>
Signed-off-by: kim <grufwub@gmail.com>
706cacf
to
03a8468
Compare
Signed-off-by: kim <grufwub@gmail.com>
For domain blocks, it would now also block all subdomains under that given domain.
e.g. if you block
example.com
then the following would also be blockedgts.example.com
pleroma.example.com
gts.pleroma.example.com