Add private instance site column, and back end checks.

crates/api/src/site.rs

@@ -5,6 +5,7 @@ use diesel::NotFound;
 use lemmy_api_common::{
   blocking,
   build_federated_instances,
+  check_private_instance,
   get_local_user_view_from_jwt,
   get_local_user_view_from_jwt_opt,
   is_admin,
@@ -163,6 +164,8 @@ impl Perform for Search {
     let local_user_view =
       get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
+    check_private_instance(&local_user_view, context.pool()).await?;
+
     let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw);
     let show_bot_accounts = local_user_view
       .as_ref()
@@ -400,6 +403,8 @@ impl Perform for ResolveObject {
   ) -> Result<ResolveObjectResponse, LemmyError> {
     let local_user_view =
       get_local_user_view_from_jwt_opt(&self.auth, context.pool(), context.secret()).await?;
+    check_private_instance(&local_user_view, context.pool()).await?;
+
     let res = search_by_apub_id(&self.q, context)
       .await
       .map_err(|e| ApiError::err("couldnt_find_object", e))?;

crates/api_common/src/lib.rs

@@ -243,6 +243,19 @@ pub async fn check_downvotes_enabled(score: i16, pool: &DbPool) -> Result<(), Le
   Ok(())
 }
 
+pub async fn check_private_instance(
+  local_user_view: &Option<LocalUserView>,
+  pool: &DbPool,
+) -> Result<(), LemmyError> {
+  if local_user_view.is_none() {
+    let site = blocking(pool, Site::read_simple).await??;
+    if site.private_instance {
+      return Err(ApiError::err_plain("instance_is_private").into());
+    }
+  }
+  Ok(())
+}
+
 pub async fn build_federated_instances(
   pool: &DbPool,
   federation_config: &FederationConfig,

crates/api_common/src/site.rs

@@ -118,6 +118,7 @@ pub struct EditSite {
   pub require_email_verification: Option<bool>,
   pub require_application: Option<bool>,
   pub application_question: Option<String>,
+  pub private_instance: Option<bool>,
   pub auth: String,
 }
 

crates/api_crud/src/comment/read.rs

@@ -1,6 +1,11 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
-use lemmy_api_common::{blocking, comment::*, get_local_user_view_from_jwt_opt};
+use lemmy_api_common::{
+  blocking,
+  check_private_instance,
+  comment::*,
+  get_local_user_view_from_jwt_opt,
+};
 use lemmy_apub::{
   fetcher::webfinger::webfinger_resolve,
   objects::community::ApubCommunity,
@@ -29,6 +34,8 @@ impl PerformCrud for GetComment {
     let local_user_view =
       get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
+    check_private_instance(&local_user_view, context.pool()).await?;
+
     let person_id = local_user_view.map(|u| u.person.id);
     let id = data.id;
     let comment_view = blocking(context.pool(), move |conn| {
@@ -58,6 +65,8 @@ impl PerformCrud for GetComments {
     let local_user_view =
       get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
+    check_private_instance(&local_user_view, context.pool()).await?;
+
     let show_bot_accounts = local_user_view
       .as_ref()
       .map(|t| t.local_user.show_bot_accounts);

crates/api_crud/src/community/read.rs

@@ -1,6 +1,11 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
-use lemmy_api_common::{blocking, community::*, get_local_user_view_from_jwt_opt};
+use lemmy_api_common::{
+  blocking,
+  check_private_instance,
+  community::*,
+  get_local_user_view_from_jwt_opt,
+};
 use lemmy_apub::{
   fetcher::webfinger::webfinger_resolve,
   objects::community::ApubCommunity,
@@ -32,6 +37,9 @@ impl PerformCrud for GetCommunity {
     let data: &GetCommunity = self;
     let local_user_view =
       get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
+
+    check_private_instance(&local_user_view, context.pool()).await?;
+
     let person_id = local_user_view.map(|u| u.person.id);
 
     let community_id = match data.id {
@@ -98,6 +106,8 @@ impl PerformCrud for ListCommunities {
     let local_user_view =
       get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
+    check_private_instance(&local_user_view, context.pool()).await?;
+
     let person_id = local_user_view.to_owned().map(|l| l.person.id);
 
     // Don't show NSFW by default

crates/api_crud/src/post/read.rs

@@ -1,6 +1,12 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
-use lemmy_api_common::{blocking, get_local_user_view_from_jwt_opt, mark_post_as_read, post::*};
+use lemmy_api_common::{
+  blocking,
+  check_private_instance,
+  get_local_user_view_from_jwt_opt,
+  mark_post_as_read,
+  post::*,
+};
 use lemmy_apub::{
   fetcher::webfinger::webfinger_resolve,
   objects::community::ApubCommunity,
@@ -36,6 +42,8 @@ impl PerformCrud for GetPost {
     let local_user_view =
       get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
+    check_private_instance(&local_user_view, context.pool()).await?;
+
     let show_bot_accounts = local_user_view
       .as_ref()
       .map(|t| t.local_user.show_bot_accounts);
@@ -124,6 +132,8 @@ impl PerformCrud for GetPosts {
     let local_user_view =
       get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
+    check_private_instance(&local_user_view, context.pool()).await?;
+
     let person_id = local_user_view.to_owned().map(|l| l.person.id);
 
     let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw);

crates/api_crud/src/site/read.rs

@@ -138,6 +138,12 @@ impl PerformCrud for GetSite {
         person_blocks,
       })
     } else {
+      // If the site is setup, private, and there is no auth, return an error
+      if let Some(site_view) = site_view.to_owned() {
+        if site_view.site.private_instance {
+          return Err(ApiError::err_plain("instance_is_private").into());
+        }
+      }
       None
     };
 

crates/api_crud/src/site/update.rs

@@ -63,6 +63,7 @@ impl PerformCrud for EditSite {
       require_email_verification: data.require_email_verification,
       require_application: data.require_application,
       application_question,
+      private_instance: data.private_instance,
     };
 
     let update_site = move |conn: &'_ _| Site::update(conn, 1, &site_form);

crates/api_crud/src/user/read.rs

@@ -1,6 +1,11 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
-use lemmy_api_common::{blocking, get_local_user_view_from_jwt_opt, person::*};
+use lemmy_api_common::{
+  blocking,
+  check_private_instance,
+  get_local_user_view_from_jwt_opt,
+  person::*,
+};
 use lemmy_apub::{
   fetcher::webfinger::webfinger_resolve,
   objects::person::ApubPerson,
@@ -29,6 +34,8 @@ impl PerformCrud for GetPersonDetails {
     let local_user_view =
       get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
 
+    check_private_instance(&local_user_view, context.pool()).await?;
+
     let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw);
     let show_bot_accounts = local_user_view
       .as_ref()

crates/db_schema/src/aggregates/site_aggregates.rs

@@ -68,6 +68,7 @@ mod tests {
       require_email_verification: None,
       require_application: None,
       application_question: None,
+      private_instance: None,
     };
 
     Site::create(&conn, &site_form).unwrap();

crates/db_schema/src/schema.rs

@@ -452,6 +452,7 @@ table! {
         require_email_verification -> Bool,
         require_application -> Bool,
         application_question -> Nullable<Text>,
+        private_instance -> Bool,
     }
 }
 

crates/db_schema/src/source/site.rs

@@ -23,6 +23,7 @@ pub struct Site {
   pub require_email_verification: bool,
   pub require_application: bool,
   pub application_question: Option<String>,
+  pub private_instance: bool,
 }
 
 #[derive(Insertable, AsChangeset, Default)]
@@ -43,4 +44,5 @@ pub struct SiteForm {
   pub require_email_verification: Option<bool>,
   pub require_application: Option<bool>,
   pub application_question: Option<Option<String>>,
+  pub private_instance: Option<bool>,
 }

migrations/2021-11-23-153753_add_invite_only_columns/down.sql

@@ -1,6 +1,7 @@
 -- Add columns to site table
 alter table site drop column require_application;
 alter table site drop column application_question;
+alter table site drop column private_instance;
 
 -- Add pending to local_user
 alter table local_user drop column accepted_application;

migrations/2021-11-23-153753_add_invite_only_columns/up.sql

@@ -1,6 +1,7 @@
 -- Add columns to site table
 alter table site add column require_application boolean not null default false;
 alter table site add column application_question text;
+alter table site add column private_instance boolean not null default false;
 
 -- Add pending to local_user
 alter table local_user add column accepted_application boolean not null default false;