mirror of
https://github.com/owncast/owncast.git
synced 2024-11-24 05:38:58 +03:00
a7080a1fc1
* validate json responses * update deps * tmp disable header check * log all the webfinger fails refactor and filter more malformed requests * don't set incorrect serverURL strings * test failing through admin api * fix server url in fedi tests * check response.text * validate json/xml response of all apis test Content-Type of api response and cleanup * improve logs * fix rebase * cleanup json parser in api tests * mark the api tests performed by admin * Separate check for reading and format of serverURL * test /federation/user/ with wrong username in ci
75 lines
2.3 KiB
Go
75 lines
2.3 KiB
Go
package controllers
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/owncast/owncast/activitypub/apmodels"
|
|
"github.com/owncast/owncast/core/data"
|
|
"github.com/owncast/owncast/utils"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// WebfingerHandler will handle webfinger lookup requests.
|
|
func WebfingerHandler(w http.ResponseWriter, r *http.Request) {
|
|
if !data.GetFederationEnabled() {
|
|
w.WriteHeader(http.StatusMethodNotAllowed)
|
|
log.Debugln("webfinger request rejected! Federation is not enabled")
|
|
return
|
|
}
|
|
|
|
instanceHostURL := data.GetServerURL()
|
|
if instanceHostURL == "" {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
log.Warnln("webfinger request rejected! Federation is enabled but server URL is empty.")
|
|
return
|
|
}
|
|
|
|
instanceHostString := utils.GetHostnameFromURLString(instanceHostURL)
|
|
if instanceHostString == "" {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
log.Warnln("webfinger request rejected! Federation is enabled but server URL is not set properly. data.GetServerURL(): " + data.GetServerURL())
|
|
return
|
|
}
|
|
|
|
resource := r.URL.Query().Get("resource")
|
|
preAcct, account, foundAcct := strings.Cut(resource, "acct:")
|
|
|
|
if !foundAcct || preAcct != "" {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
log.Debugln("webfinger request rejected! Malformed resource in query: " + resource)
|
|
return
|
|
}
|
|
|
|
userComponents := strings.Split(account, "@")
|
|
if len(userComponents) != 2 {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
log.Debugln("webfinger request rejected! Malformed account in query: " + account)
|
|
return
|
|
}
|
|
host := userComponents[1]
|
|
user := userComponents[0]
|
|
|
|
if _, valid := data.GetFederatedInboxMap()[user]; !valid {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
log.Debugln("webfinger request rejected! Invalid user: " + user)
|
|
return
|
|
}
|
|
|
|
// If the webfinger request doesn't match our server then it
|
|
// should be rejected.
|
|
if instanceHostString != host {
|
|
w.WriteHeader(http.StatusNotImplemented)
|
|
log.Debugln("webfinger request rejected! Invalid query host: " + host + " instanceHostString: " + instanceHostString)
|
|
return
|
|
}
|
|
|
|
webfingerResponse := apmodels.MakeWebfingerResponse(user, user, host)
|
|
|
|
w.Header().Set("Content-Type", "application/jrd+json")
|
|
|
|
if err := json.NewEncoder(w).Encode(webfingerResponse); err != nil {
|
|
log.Errorln("unable to write webfinger response", err)
|
|
}
|
|
}
|