fix: webfinger accepts full ids

thanks ari for helping me debug this! <3
This commit is contained in:
əlemi 2024-06-29 19:28:17 +02:00
parent 3fbff70933
commit a4df9f2fc0
Signed by: alemi
GPG key ID: A4895B84D311642C

View file

@ -3,6 +3,8 @@ use jrd::{JsonResourceDescriptor, JsonResourceDescriptorLink};
use sea_orm::{ColumnTrait, EntityTrait, PaginatorTrait, QueryFilter}; use sea_orm::{ColumnTrait, EntityTrait, PaginatorTrait, QueryFilter};
use upub::{model, Context}; use upub::{model, Context};
use crate::ApiError;
#[derive(serde::Serialize)] #[derive(serde::Serialize)]
pub struct NodeInfoDiscovery { pub struct NodeInfoDiscovery {
pub links: Vec<NodeInfoDiscoveryRel>, pub links: Vec<NodeInfoDiscoveryRel>,
@ -99,19 +101,36 @@ pub async fn webfinger(
State(ctx): State<Context>, State(ctx): State<Context>,
Query(query): Query<WebfingerQuery> Query(query): Query<WebfingerQuery>
) -> crate::ApiResult<JsonRD<JsonResourceDescriptor>> { ) -> crate::ApiResult<JsonRD<JsonResourceDescriptor>> {
let user =
if query.resource.starts_with("acct:") {
if let Some((user, domain)) = query if let Some((user, domain)) = query
.resource .resource
.replace("acct:", "") .replace("acct:", "")
.split_once('@') .split_once('@')
{ {
let usr = model::actor::Entity::find() model::actor::Entity::find()
.filter(model::actor::Column::PreferredUsername.eq(user)) .filter(model::actor::Column::PreferredUsername.eq(user))
.filter(model::actor::Column::Domain.eq(domain)) .filter(model::actor::Column::Domain.eq(domain))
.one(ctx.db()) .one(ctx.db())
.await? .await?
.ok_or_else(crate::ApiError::not_found)?; .ok_or_else(crate::ApiError::not_found)?
let expires = if domain == ctx.domain() { } else {
return Err(StatusCode::UNPROCESSABLE_ENTITY.into());
}
} else if query.resource.starts_with("http") {
match model::actor::Entity::find_by_ap_id(&query.resource)
.one(ctx.db())
.await?
{
Some(usr) => usr,
None => return Err(ApiError::not_found()),
}
} else {
return Err(StatusCode::UNPROCESSABLE_ENTITY.into());
};
let expires = if user.domain == ctx.domain() {
// TODO configurable webfinger TTL, also 30 days may be too much??? // TODO configurable webfinger TTL, also 30 days may be too much???
Some(chrono::Utc::now() + chrono::Duration::days(30)) Some(chrono::Utc::now() + chrono::Duration::days(30))
} else { } else {
@ -121,13 +140,13 @@ pub async fn webfinger(
}; };
Ok(JsonRD(JsonResourceDescriptor { Ok(JsonRD(JsonResourceDescriptor {
subject: format!("acct:{user}@{domain}"), subject: format!("acct:{}@{}", user.preferred_username, user.domain),
aliases: vec![usr.id.clone()], aliases: vec![user.id.clone()],
links: vec![ links: vec![
JsonResourceDescriptorLink { JsonResourceDescriptorLink {
rel: "self".to_string(), rel: "self".to_string(),
link_type: Some("application/ld+json".to_string()), link_type: Some("application/ld+json".to_string()),
href: Some(usr.id), href: Some(user.id),
properties: jrd::Map::default(), properties: jrd::Map::default(),
titles: jrd::Map::default(), titles: jrd::Map::default(),
}, },
@ -135,9 +154,6 @@ pub async fn webfinger(
properties: jrd::Map::default(), properties: jrd::Map::default(),
expires, expires,
})) }))
} else {
Err(StatusCode::UNPROCESSABLE_ENTITY.into())
}
} }
// i don't even want to bother with XML, im just returning a formatted xml string // i don't even want to bother with XML, im just returning a formatted xml string