From a7898e8aa9449b5c66e447ea000459c20f54b38e Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Sun, 28 Apr 2024 18:51:37 +0200
Subject: [PATCH] [backend/federation] Enforce federation control in
 ActivityFetcherService

With this there should be no remaining ways for new activities from blocked instances to make it into the database.
---
 .../Federation/ActivityPub/ActivityFetcherService.cs     | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Iceshrimp.Backend/Core/Federation/ActivityPub/ActivityFetcherService.cs b/Iceshrimp.Backend/Core/Federation/ActivityPub/ActivityFetcherService.cs
index ba31f854..c52ca175 100644
--- a/Iceshrimp.Backend/Core/Federation/ActivityPub/ActivityFetcherService.cs
+++ b/Iceshrimp.Backend/Core/Federation/ActivityPub/ActivityFetcherService.cs
@@ -21,7 +21,8 @@ public class ActivityFetcherService(
 	HttpRequestService httpRqSvc,
 	SystemUserService systemUserSvc,
 	DatabaseContext db,
-	ILogger<ActivityFetcherService> logger
+	ILogger<ActivityFetcherService> logger,
+	FederationControlService fedCtrlSvc
 )
 {
 	private static readonly IReadOnlyCollection<string> AcceptableActivityTypes =
@@ -77,6 +78,12 @@ public class ActivityFetcherService(
 		var requestHost = new Uri(url).Host;
 		if (requestHost == config.Value.WebDomain || requestHost == config.Value.AccountDomain)
 			throw GracefulException.UnprocessableEntity("Refusing to fetch activity from local domain");
+		
+		if (await fedCtrlSvc.ShouldBlockAsync(requestHost))
+		{
+			logger.LogDebug("Refusing to fetch activity from blocked instance");
+			return (null, new Uri(url));
+		}
 
 		var request  = httpRqSvc.GetSigned(url, AcceptableActivityTypes, actor, keypair);
 		var response = await client.SendAsync(request);