[feature] domain block wildcarding

[NyaaaWhatsUpDoc]

For domain blocks, it would now also block all subdomains under that given domain.

e.g. if you block example.com then the following would also be blocked

• gts.example.com
• pleroma.example.com
• gts.pleroma.example.com

[NyaaaWhatsUpDoc]

Marking as draft as there's still some discussions to be had regarding

• separation of logic, putting this in the database feels like putting too much into the database itself
• how many max subdomain parts is a reasonable amount?

[NyaaaWhatsUpDoc]

Thinking about this now... To help separate the logic, once the state PR #1078 has been merged, we could move this logic out of the database quite easily since the main part that holds it here right now is the access to cache.Has(...)

[tsmethurst]

This looks good so far, very neat implementation 😍 My only concern is that it adds a lot of database calls (up to three extras, right?) during authorization, which is a very hot path called on every incoming request. I know the cacheing will help a lot but this still makes me a little nervous. What do you think?

[igalic]

what about reversing a domain and comparing it?

reverse('gts.example.com').startsWith(reverse('example.com') +  '.')

shouldn't matter how many domain parts there are then

maybe there's even an endsWith() function, so you don't need to reverse it

[NyaaaWhatsUpDoc]

what about reversing a domain and comparing it?

reverse('gts.example.com').startsWith(reverse('example.com') +  '.')

shouldn't matter how many domain parts there are then

maybe there's even an endsWith() function, so you don't need to reverse it

This is helpful if we have the domain block to compare an incoming domain against. But how do we structure this as part of a database call and a hashmap (cache) lookup?

[NyaaaWhatsUpDoc]

This looks good so far, very neat implementation heart_eyes My only concern is that it adds a lot of database calls (up to three extras, right?) during authorization, which is a very hot path called on every incoming request. I know the cacheing will help a lot but this still makes me a little nervous. What do you think?

I agree, it's definitely a work in progress. If you have any brainwaves on it let me know! I'm going to keep pondering on it myself 🤔

[NyaaaWhatsUpDoc]

Just had a thought -- the caching side of things could be sped up with a custom lookup system using a radix-trie to do glob-base matching, similar to what I have here: https://codeberg.org/gruf/go-glob/src/branch/main/multi.go.

Still need to figure out the database though.

[NyaaaWhatsUpDoc]

I actually came up with quite a nice solution for this, not too complicated but should handle things well 😀

Only thing left is I need to write some tests for and properly comment the new domain.BlockCache{} type!

[tsmethurst]

This is looking really nice :)

[tsmethurst]

Looks great :) Just a comment on the comprehensibility of one of the functions (arguably the most important one) :P