consider opted out Web domains in ActivityPub.status, not is_blocklisted

follow-up to df321234c0

activitypub.py

@@ -8,7 +8,7 @@ from urllib.parse import quote_plus, urljoin, urlparse
 
 from flask import abort, g, redirect, request
 from google.cloud import ndb
-from google.cloud.ndb.query import OR
+from google.cloud.ndb.query import FilterNode, OR, Query
 from granary import as1, as2
 from httpsig import HeaderVerifier
 from httpsig.requests_auth import HTTPSignatureAuth
@@ -51,6 +51,10 @@ SECURITY_CONTEXT = 'https://w3id.org/security/v1'
 # https://seb.jambor.dev/posts/understanding-activitypub-part-4-threads/#the-instance-actor
 _INSTANCE_ACTOR = None
 
+# populated in User.status
+WEB_OPT_OUT_DOMAINS = None
+
+
 def instance_actor():
     global _INSTANCE_ACTOR
     if _INSTANCE_ACTOR is None:
@@ -103,6 +107,27 @@ class ActivityPub(User, Protocol):
 
         return as2.address(self.key.id())
 
+    @ndb.ComputedProperty
+    def status(self):
+        """Override :meth:`Model.status` and include Web opted out domains."""
+        global WEB_OPT_OUT_DOMAINS
+        if WEB_OPT_OUT_DOMAINS is None:
+            WEB_OPT_OUT_DOMAINS = {
+                key.id() for key in Query(
+                    'MagicKey',
+                    filters=FilterNode('manual_opt_out', '=', True)
+                ).fetch(keys_only=True)
+            }
+            logger.info(f'Loaded {len(WEB_OPT_OUT_DOMAINS)} manually opted out Web users')
+
+        status = super().status
+        if status:
+            return status
+
+        return util.domain_or_parent_in(util.domain_from_link(self.key.id()),
+                                        WEB_OPT_OUT_DOMAINS)
+
+
     @classmethod
     def owns_id(cls, id):
         """Returns None if ``id`` is an http(s) URL, False otherwise.

protocol.py

@@ -11,7 +11,6 @@ from flask import g, request
 from google.cloud import ndb
 from google.cloud.ndb import OR
 from google.cloud.ndb.model import _entity_to_protobuf
-from google.cloud.ndb.query import FilterNode, Query
 from granary import as1
 from oauth_dropins.webutil.flask_util import cloud_tasks_only
 from oauth_dropins.webutil import util
@@ -45,9 +44,6 @@ SUPPORTED_TYPES = (
 
 OBJECT_REFRESH_AGE = timedelta(days=30)
 
-# populated in Protocol.is_blocklisted
-WEB_DOMAIN_BLOCKLIST = None
-
 # activity ids that we've already handled and can now ignore.
 # used in Protocol.receive
 seen_ids = LRUCache(100000)
@@ -473,19 +469,8 @@ class Protocol:
 
         Returns: bool:
         """
-        global WEB_DOMAIN_BLOCKLIST
-        if WEB_DOMAIN_BLOCKLIST is None:
-            WEB_DOMAIN_BLOCKLIST = {
-                key.id() for key in Query(
-                    'MagicKey',
-                    filters=FilterNode('manual_opt_out', '=', True)
-                ).fetch(keys_only=True)
-            }
-            logger.info(f'Loaded {len(WEB_DOMAIN_BLOCKLIST)} manually opted out Web users')
-            WEB_DOMAIN_BLOCKLIST.update(DOMAIN_BLOCKLIST + DOMAINS)
-
         return util.domain_or_parent_in(util.domain_from_link(url),
-                                        WEB_DOMAIN_BLOCKLIST)
+                                        DOMAIN_BLOCKLIST + DOMAINS)
 
     @classmethod
     def translate_ids(to_cls, obj):