feat: discoverability (NodeInfo, hashtags) and moderation (domain/actor blocking)

- NodeInfo at /.well-known/nodeinfo + /nodeinfo/2.0 - Hashtags #MoviesDiary + #MovieTitle on review posts; /tags/{tag} redirect - Domain blocking: blocked_domains table, admin API + HTML, inbox enforcement - Per-actor blocking: blocked_actors table, user API + HTML, BlockActivity send/receive - Delivery filter excludes blocked actors and blocked-domain inboxes
2026-05-12 00:49:30 +02:00
parent 80f620c840
commit f0620f5aa1
40 changed files with 1410 additions and 543 deletions
--- a/crates/presentation/src/dtos.rs
+++ b/crates/presentation/src/dtos.rs
@@ -278,6 +278,29 @@ pub struct FollowerActionForm {
    pub csrf_token: String,
 }

+#[derive(Deserialize)]
+pub struct BlockDomainForm {
+    pub domain: String,
+    #[serde(default)]
+    pub reason: Option<String>,
+    #[serde(rename = "_csrf", default)]
+    pub csrf_token: String,
+}
+
+#[derive(Deserialize)]
+pub struct RemoveDomainForm {
+    pub domain: String,
+    #[serde(rename = "_csrf", default)]
+    pub csrf_token: String,
+}
+
+#[derive(Deserialize)]
+pub struct ActorUrlForm {
+    pub actor_url: String,
+    #[serde(rename = "_csrf", default)]
+    pub csrf_token: String,
+}
+
 #[derive(serde::Deserialize, Default)]
 pub struct ProfileQueryParams {
    pub view: Option<String>,
@@ -472,6 +495,27 @@ pub struct MovieDetailResponse {
    pub reviews: SocialFeedResponse,
 }

+#[derive(serde::Serialize)]
+pub struct BlockedDomainResponse {
+    pub domain: String,
+    pub reason: Option<String>,
+    pub blocked_at: String,
+}
+
+#[derive(serde::Deserialize)]
+pub struct AddBlockedDomainRequest {
+    pub domain: String,
+    pub reason: Option<String>,
+}
+
+#[derive(serde::Serialize)]
+pub struct BlockedActorResponse {
+    pub url: String,
+    pub handle: String,
+    pub display_name: Option<String>,
+    pub avatar_url: Option<String>,
+}
+
 #[cfg(test)]
 mod tests {
    use super::*;
--- a/crates/presentation/src/extractors.rs
+++ b/crates/presentation/src/extractors.rs
@@ -232,6 +232,9 @@ mod tests {
        ) -> Result<Paginated<FeedEntry>, DomainError> {
            panic!()
        }
+        async fn count_local_posts(&self) -> Result<u64, DomainError> {
+            panic!()
+        }
    }
    #[cfg(feature = "federation")]
    #[async_trait::async_trait]
@@ -440,6 +443,8 @@ mod tests {
        fn render_import_mapping_page(&self, _: application::ports::ImportMappingPageData) -> Result<String, String> { panic!() }
        fn render_import_preview_page(&self, _: application::ports::ImportPreviewPageData) -> Result<String, String> { panic!() }
        fn render_profile_settings_page(&self, _: application::ports::ProfileSettingsPageData) -> Result<String, String> { panic!() }
+        fn render_blocked_domains_page(&self, _: application::ports::BlockedDomainsPageData) -> Result<String, String> { panic!() }
+        fn render_blocked_actors_page(&self, _: application::ports::BlockedActorsPageData) -> Result<String, String> { panic!() }
    }
    impl crate::ports::RssFeedRenderer for Panic {
        fn render_feed(&self, _: &[DiaryEntry], _: &str) -> Result<String, String> {
--- a/crates/presentation/src/handlers/api.rs
+++ b/crates/presentation/src/handlers/api.rs
@@ -411,6 +411,97 @@ fn entry_to_dto(entry: &DiaryEntry) -> DiaryEntryDto {
    }
 }

+#[cfg(feature = "federation")]
+pub async fn get_blocked_domains_admin(
+    State(state): State<AppState>,
+    _admin: crate::extractors::AdminUser,
+) -> impl IntoResponse {
+    match state.ap_service.get_blocked_domains().await {
+        Ok(domains) => {
+            let response: Vec<crate::dtos::BlockedDomainResponse> = domains
+                .into_iter()
+                .map(|d| crate::dtos::BlockedDomainResponse {
+                    domain: d.domain,
+                    reason: d.reason,
+                    blocked_at: d.blocked_at,
+                })
+                .collect();
+            axum::Json(response).into_response()
+        }
+        Err(e) => ap_err(e).into_response(),
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn add_blocked_domain_admin(
+    State(state): State<AppState>,
+    _admin: crate::extractors::AdminUser,
+    axum::Json(body): axum::Json<crate::dtos::AddBlockedDomainRequest>,
+) -> impl IntoResponse {
+    match state.ap_service.add_blocked_domain(&body.domain, body.reason.as_deref()).await {
+        Ok(()) => StatusCode::CREATED.into_response(),
+        Err(e) => ap_err(e).into_response(),
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn remove_blocked_domain_admin(
+    State(state): State<AppState>,
+    _admin: crate::extractors::AdminUser,
+    axum::extract::Path(domain): axum::extract::Path<String>,
+) -> impl IntoResponse {
+    match state.ap_service.remove_blocked_domain(&domain).await {
+        Ok(()) => StatusCode::NO_CONTENT.into_response(),
+        Err(e) => ap_err(e).into_response(),
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn block_actor_api(
+    State(state): State<AppState>,
+    user: AuthenticatedUser,
+    axum::Json(body): axum::Json<ActorUrlRequest>,
+) -> impl IntoResponse {
+    match state.ap_service.block_actor(user.0.value(), &body.actor_url).await {
+        Ok(()) => StatusCode::NO_CONTENT.into_response(),
+        Err(e) => ap_err(e).into_response(),
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn unblock_actor_api(
+    State(state): State<AppState>,
+    user: AuthenticatedUser,
+    axum::Json(body): axum::Json<ActorUrlRequest>,
+) -> impl IntoResponse {
+    match state.ap_service.unblock_actor(user.0.value(), &body.actor_url).await {
+        Ok(()) => StatusCode::NO_CONTENT.into_response(),
+        Err(e) => ap_err(e).into_response(),
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn get_blocked_actors_api(
+    State(state): State<AppState>,
+    user: AuthenticatedUser,
+) -> impl IntoResponse {
+    match state.ap_service.get_blocked_actors(user.0.value()).await {
+        Ok(actors) => {
+            let response: Vec<crate::dtos::BlockedActorResponse> = actors
+                .into_iter()
+                .map(|a| crate::dtos::BlockedActorResponse {
+                    url: a.url,
+                    handle: a.handle,
+                    display_name: a.display_name,
+                    avatar_url: a.avatar_url,
+                })
+                .collect();
+            axum::Json(response).into_response()
+        }
+        Err(e) => ap_err(e).into_response(),
+    }
+}
+
 #[cfg(feature = "federation")]
 fn ap_err(e: anyhow::Error) -> impl IntoResponse {
    tracing::error!("ActivityPub error: {:?}", e);
--- a/crates/presentation/src/handlers/html.rs
+++ b/crates/presentation/src/handlers/html.rs
@@ -10,7 +10,10 @@ use chrono::Utc;
 use uuid::Uuid;

 #[cfg(feature = "federation")]
-use application::ports::{FollowersPageData, FollowingPageData};
+use application::ports::{
+    BlockedActorEntry, BlockedActorsPageData, BlockedDomainEntry, BlockedDomainsPageData,
+    FollowersPageData, FollowingPageData,
+};
 use application::{
    commands::{DeleteReviewCommand, ExportCommand, LoginCommand, RegisterCommand},
    ports::{
@@ -27,13 +30,13 @@ use domain::models::ExportFormat;
 use domain::{errors::DomainError, value_objects::UserId};

 #[cfg(feature = "federation")]
-use crate::dtos::{FollowForm, FollowerActionForm, UnfollowForm};
+use crate::dtos::{ActorUrlForm, BlockDomainForm, FollowForm, FollowerActionForm, RemoveDomainForm, UnfollowForm};
 use crate::{
    csrf::CsrfToken,
    dtos::{
        ErrorQuery, FeedQueryParams, LogReviewData, LogReviewForm, LoginForm, RegisterForm,
    },
-    extractors::{OptionalCookieUser, RequiredCookieUser},
+    extractors::{AdminUser, OptionalCookieUser, RequiredCookieUser},
    state::AppState,
 };

@@ -1019,6 +1022,160 @@ pub async fn get_profile_settings(
    }
 }

+pub async fn get_tag(Path(tag): Path<String>) -> impl IntoResponse {
+    if tag.eq_ignore_ascii_case("moviesdiary") {
+        Redirect::temporary("/")
+    } else {
+        Redirect::temporary(&format!("/?search={}", tag))
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn get_blocked_domains_page(
+    AdminUser(user_id): AdminUser,
+    State(state): State<AppState>,
+    Extension(csrf): Extension<CsrfToken>,
+) -> impl IntoResponse {
+    let mut ctx = build_page_context(&state, Some(user_id), csrf.0).await;
+    ctx.page_title = "Blocked Domains — Movies Diary".to_string();
+    ctx.canonical_url = format!("{}/admin/blocked-domains", state.app_ctx.config.base_url);
+    match state.ap_service.get_blocked_domains().await {
+        Ok(domains) => {
+            let data = BlockedDomainsPageData {
+                ctx,
+                domains: domains
+                    .into_iter()
+                    .map(|d| BlockedDomainEntry {
+                        domain: d.domain,
+                        reason: d.reason,
+                        blocked_at: d.blocked_at,
+                    })
+                    .collect(),
+            };
+            match state.html_renderer.render_blocked_domains_page(data) {
+                Ok(html) => Html(html).into_response(),
+                Err(e) => (StatusCode::INTERNAL_SERVER_ERROR, e).into_response(),
+            }
+        }
+        Err(e) => {
+            tracing::error!("get_blocked_domains error: {:?}", e);
+            (StatusCode::INTERNAL_SERVER_ERROR, "Failed to load blocked domains").into_response()
+        }
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn post_blocked_domain(
+    AdminUser(_): AdminUser,
+    State(state): State<AppState>,
+    Extension(csrf): Extension<CsrfToken>,
+    Form(form): Form<BlockDomainForm>,
+) -> impl IntoResponse {
+    if crate::csrf::mismatch(&csrf, &form.csrf_token) {
+        return StatusCode::FORBIDDEN.into_response();
+    }
+    let reason = form.reason.as_deref().filter(|s| !s.trim().is_empty());
+    match state.ap_service.add_blocked_domain(&form.domain, reason).await {
+        Ok(()) => Redirect::to("/admin/blocked-domains").into_response(),
+        Err(e) => {
+            tracing::error!("add_blocked_domain error: {:?}", e);
+            Redirect::to("/admin/blocked-domains").into_response()
+        }
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn post_remove_blocked_domain(
+    AdminUser(_): AdminUser,
+    State(state): State<AppState>,
+    Extension(csrf): Extension<CsrfToken>,
+    Form(form): Form<RemoveDomainForm>,
+) -> impl IntoResponse {
+    if crate::csrf::mismatch(&csrf, &form.csrf_token) {
+        return StatusCode::FORBIDDEN.into_response();
+    }
+    match state.ap_service.remove_blocked_domain(&form.domain).await {
+        Ok(()) => Redirect::to("/admin/blocked-domains").into_response(),
+        Err(e) => {
+            tracing::error!("remove_blocked_domain error: {:?}", e);
+            Redirect::to("/admin/blocked-domains").into_response()
+        }
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn get_blocked_actors_page(
+    RequiredCookieUser(user_id): RequiredCookieUser,
+    State(state): State<AppState>,
+    Extension(csrf): Extension<CsrfToken>,
+) -> impl IntoResponse {
+    let mut ctx = build_page_context(&state, Some(user_id.clone()), csrf.0).await;
+    ctx.page_title = "Blocked Users — Movies Diary".to_string();
+    ctx.canonical_url = format!("{}/social/blocked", state.app_ctx.config.base_url);
+    match state.ap_service.get_blocked_actors(user_id.value()).await {
+        Ok(actors) => {
+            let data = BlockedActorsPageData {
+                ctx,
+                actors: actors
+                    .into_iter()
+                    .map(|a| BlockedActorEntry {
+                        url: a.url,
+                        handle: a.handle,
+                        display_name: a.display_name,
+                        avatar_url: a.avatar_url,
+                    })
+                    .collect(),
+            };
+            match state.html_renderer.render_blocked_actors_page(data) {
+                Ok(html) => Html(html).into_response(),
+                Err(e) => (StatusCode::INTERNAL_SERVER_ERROR, e).into_response(),
+            }
+        }
+        Err(e) => {
+            tracing::error!("get_blocked_actors error: {:?}", e);
+            (StatusCode::INTERNAL_SERVER_ERROR, "Failed to load blocked users").into_response()
+        }
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn post_block_actor_html(
+    RequiredCookieUser(user_id): RequiredCookieUser,
+    State(state): State<AppState>,
+    Extension(csrf): Extension<CsrfToken>,
+    Form(form): Form<ActorUrlForm>,
+) -> impl IntoResponse {
+    if crate::csrf::mismatch(&csrf, &form.csrf_token) {
+        return StatusCode::FORBIDDEN.into_response();
+    }
+    match state.ap_service.block_actor(user_id.value(), &form.actor_url).await {
+        Ok(()) => Redirect::to("/social/blocked").into_response(),
+        Err(e) => {
+            tracing::error!("block_actor html error: {:?}", e);
+            Redirect::to("/social/blocked").into_response()
+        }
+    }
+}
+
+#[cfg(feature = "federation")]
+pub async fn post_unblock_actor(
+    RequiredCookieUser(user_id): RequiredCookieUser,
+    State(state): State<AppState>,
+    Extension(csrf): Extension<CsrfToken>,
+    Form(form): Form<ActorUrlForm>,
+) -> impl IntoResponse {
+    if crate::csrf::mismatch(&csrf, &form.csrf_token) {
+        return StatusCode::FORBIDDEN.into_response();
+    }
+    match state.ap_service.unblock_actor(user_id.value(), &form.actor_url).await {
+        Ok(()) => Redirect::to("/social/blocked").into_response(),
+        Err(e) => {
+            tracing::error!("unblock_actor error: {:?}", e);
+            Redirect::to("/social/blocked").into_response()
+        }
+    }
+}
+
 pub async fn post_profile_settings(
    RequiredCookieUser(user_id): RequiredCookieUser,
    State(state): State<AppState>,
--- a/crates/presentation/src/main.rs
+++ b/crates/presentation/src/main.rs
@@ -89,6 +89,7 @@ async fn wire_dependencies() -> anyhow::Result<(AppState, axum::Router)> {
            Arc::clone(&review_repository),
            Arc::clone(&diary_repository),
            app_config.base_url.clone(),
+            app_config.allow_registration,
        ).await?;
        let ap_router = ap.router;
        let ap_service_arc = ap.service;
--- a/crates/presentation/src/routes.rs
+++ b/crates/presentation/src/routes.rs
@@ -100,7 +100,8 @@ fn html_routes(rate_limit: u64) -> Router<AppState> {
            "/settings/profile",
            routing::get(handlers::html::get_profile_settings)
                .post(handlers::html::post_profile_settings),
-        );
+        )
+        .route("/tags/{tag}", routing::get(handlers::html::get_tag));

    #[cfg(feature = "federation")]
    let base = base.merge(federation_html_routes());
@@ -139,6 +140,21 @@ fn federation_html_routes() -> Router<AppState> {
            "/users/{id}/followers/remove",
            routing::post(handlers::html::remove_follower),
        )
+        .route(
+            "/admin/blocked-domains",
+            routing::get(handlers::html::get_blocked_domains_page)
+                .post(handlers::html::post_blocked_domain),
+        )
+        .route(
+            "/admin/blocked-domains/remove",
+            routing::post(handlers::html::post_remove_blocked_domain),
+        )
+        .route(
+            "/social/blocked",
+            routing::get(handlers::html::get_blocked_actors_page),
+        )
+        .route("/social/block", routing::post(handlers::html::post_block_actor_html))
+        .route("/social/unblock", routing::post(handlers::html::post_unblock_actor))
 }

 fn api_routes(rate_limit: u64) -> Router<AppState> {
@@ -220,4 +236,16 @@ fn federation_api_routes() -> Router<AppState> {
            "/social/followers/remove",
            routing::post(handlers::api::remove_follower),
        )
+        .route(
+            "/admin/blocked-domains",
+            routing::get(handlers::api::get_blocked_domains_admin)
+                .post(handlers::api::add_blocked_domain_admin),
+        )
+        .route(
+            "/admin/blocked-domains/{domain}",
+            routing::delete(handlers::api::remove_blocked_domain_admin),
+        )
+        .route("/social/block", routing::post(handlers::api::block_actor_api))
+        .route("/social/unblock", routing::post(handlers::api::unblock_actor_api))
+        .route("/social/blocked", routing::get(handlers::api::get_blocked_actors_api))
 }
--- a/crates/presentation/tests/api_test.rs
+++ b/crates/presentation/tests/api_test.rs
@@ -302,6 +302,38 @@ async fn get_api_movie_detail_returns_404_for_unknown_id() {
    assert_eq!(response.status(), StatusCode::NOT_FOUND);
 }

+#[tokio::test]
+async fn tags_moviesdiary_redirects_to_home() {
+    let app = test_app().await;
+    let response = app
+        .oneshot(with_ip(
+            Request::builder()
+                .uri("/tags/moviesdiary")
+                .body(Body::empty())
+                .unwrap(),
+        ))
+        .await
+        .unwrap();
+    assert_eq!(response.status(), StatusCode::TEMPORARY_REDIRECT);
+    assert_eq!(response.headers().get("location").unwrap(), "/");
+}
+
+#[tokio::test]
+async fn tags_other_redirects_to_search() {
+    let app = test_app().await;
+    let response = app
+        .oneshot(with_ip(
+            Request::builder()
+                .uri("/tags/batman")
+                .body(Body::empty())
+                .unwrap(),
+        ))
+        .await
+        .unwrap();
+    assert_eq!(response.status(), StatusCode::TEMPORARY_REDIRECT);
+    assert_eq!(response.headers().get("location").unwrap(), "/?search=batman");
+}
+
 #[tokio::test]
 async fn get_movie_detail_html_returns_404_for_unknown_id() {
    let app = test_app().await;