From e8a65b96752108cfc149dfbb8041d8b5a640cef8 Mon Sep 17 00:00:00 2001 From: tsmethurst Date: Tue, 31 May 2022 12:26:40 +0200 Subject: [PATCH] rework webfingerget --- internal/api/s2s/webfinger/webfingerget.go | 38 +++++++--------------- 1 file changed, 11 insertions(+), 27 deletions(-) diff --git a/internal/api/s2s/webfinger/webfingerget.go b/internal/api/s2s/webfinger/webfingerget.go index a271c031b..e7bf07b87 100644 --- a/internal/api/s2s/webfinger/webfingerget.go +++ b/internal/api/s2s/webfinger/webfingerget.go @@ -22,12 +22,12 @@ "context" "fmt" "net/http" - "strings" "github.com/gin-gonic/gin" "github.com/sirupsen/logrus" "github.com/superseriousbusiness/gotosocial/internal/ap" "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/util" ) // WebfingerGETRequest swagger:operation GET /.well-known/webfinger webfingerGet @@ -66,35 +66,19 @@ func (m *Module) WebfingerGETRequest(c *gin.Context) { return } - // remove the acct: prefix if it's present - trimAcct := strings.TrimPrefix(resourceQuery, "acct:") - // remove the first @ in @whatever@example.org if it's present - namestring := strings.TrimPrefix(trimAcct, "@") - - // at this point we should have a string like some_user@example.org - l.Debugf("got finger request for '%s'", namestring) - - usernameAndAccountDomain := strings.Split(namestring, "@") - if len(usernameAndAccountDomain) != 2 { - l.Debugf("aborting request because username and domain could not be parsed from %s", namestring) - c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"}) - return - } - - username := strings.ToLower(usernameAndAccountDomain[0]) - requestedAccountDomain := strings.ToLower(usernameAndAccountDomain[1]) - if username == "" || requestedAccountDomain == "" { - l.Debug("aborting request because username or domain was empty") - c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"}) + requestedUsername, requestedHost, err := util.ExtractWebfingerParts(resourceQuery) + if err != nil { + l.Debug("bad webfinger request with resource query %s: %s", resourceQuery, err) + c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("bad webfinger request with resource query %s", resourceQuery)}) return } accountDomain := config.GetAccountDomain() host := config.GetHost() - if requestedAccountDomain != accountDomain && requestedAccountDomain != host { - l.Debugf("aborting request because accountDomain %s does not belong to this instance", requestedAccountDomain) - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("accountDomain %s does not belong to this instance", requestedAccountDomain)}) + if requestedHost != host && requestedHost != accountDomain { + l.Debugf("aborting request because requestedHost %s does not belong to this instance", requestedHost) + c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("requested host %s does not belong to this instance", requestedHost)}) return } @@ -105,10 +89,10 @@ func (m *Module) WebfingerGETRequest(c *gin.Context) { ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeyVerifier, verifier) } - resp, err := m.processor.GetWebfingerAccount(ctx, username) - if err != nil { + resp, errWithCode := m.processor.GetWebfingerAccount(ctx, requestedUsername) + if errWithCode != nil { l.Debugf("aborting request with an error: %s", err.Error()) - c.JSON(err.Code(), gin.H{"error": err.Safe()}) + c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()}) return }