From 5d1e1ed05df366ce6b634b76046807f90f4beef3 Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Tue, 29 Oct 2024 16:10:39 +0100
Subject: [PATCH] [backend/federation] Add extra guard clauses to UserService

This should be caught by WebFingerService, but more checks are always a good idea.
---
 Iceshrimp.Backend/Core/Services/UserService.cs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Iceshrimp.Backend/Core/Services/UserService.cs b/Iceshrimp.Backend/Core/Services/UserService.cs
index 21c9789f..4a96cc84 100644
--- a/Iceshrimp.Backend/Core/Services/UserService.cs
+++ b/Iceshrimp.Backend/Core/Services/UserService.cs
@@ -104,6 +104,8 @@ public class UserService(
 		logger.LogDebug("Creating user {acct} with uri {uri}", acct, uri);
 
 		var host = AcctToTuple(acct).Host ?? throw new Exception("Host must not be null at this stage");
+		if (host == instance.Value.WebDomain || host == instance.Value.AccountDomain)
+			throw GracefulException.UnprocessableEntity("Refusing to create remote user on local instance domain");
 		if (await fedCtrlSvc.ShouldBlockAsync(uri, host))
 			throw GracefulException.UnprocessableEntity("Refusing to create user on blocked instance");