From b8dca2b71fe661f8b0bb442594810c67be1893b8 Mon Sep 17 00:00:00 2001
From: Andrew Godwin <andrew@aeracode.org>
Date: Sun, 18 Dec 2022 09:58:24 -0700
Subject: [PATCH] Do not allow posts from blocked domains in

Fixes #172
---
 activities/models/post.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/activities/models/post.py b/activities/models/post.py
index 63f618e..4cafcc2 100644
--- a/activities/models/post.py
+++ b/activities/models/post.py
@@ -712,7 +712,8 @@ class Post(StatorModel):
         Retrieves a Post instance by its ActivityPub JSON object.
 
         Optionally creates one if it's not present.
-        Raises KeyError if it's not found and create is False.
+        Raises DoesNotExist if it's not found and create is False,
+        or it's from a blocked domain.
         """
         # Do we have one with the right ID?
         created = False
@@ -724,6 +725,9 @@ class Post(StatorModel):
             if create:
                 # Resolve the author
                 author = Identity.by_actor_uri(data["attributedTo"], create=create)
+                # If the post is from a blocked domain, stop and drop
+                if author.domain.blocked:
+                    raise cls.DoesNotExist("Post is from a blocked domain")
                 post = cls.objects.create(
                     object_uri=data["id"],
                     author=author,