0
Meisam a7080a1fc1
validate response of federation APIs (#2408)
* validate json responses

* update deps

* tmp disable header check

* log all the webfinger fails

refactor and filter more malformed requests

* don't set incorrect serverURL strings

* test failing through admin api

* fix server url in fedi tests

* check response.text

* validate json/xml response of all apis

test Content-Type of api response and cleanup

* improve logs

* fix rebase

* cleanup json parser in api tests

* mark the api tests performed by admin

* Separate check for reading and format of serverURL

* test /federation/user/ with wrong username in ci
2022-12-10 21:10:10 -08:00

76 lines
2.3 KiB
Go

package controllers
import (
"encoding/json"
"net/http"
"strings"
"github.com/owncast/owncast/activitypub/apmodels"
"github.com/owncast/owncast/core/data"
"github.com/owncast/owncast/utils"
log "github.com/sirupsen/logrus"
)
// WebfingerHandler will handle webfinger lookup requests.
func WebfingerHandler(w http.ResponseWriter, r *http.Request) {
if !data.GetFederationEnabled() {
w.WriteHeader(http.StatusMethodNotAllowed)
log.Debugln("webfinger request rejected! Federation is not enabled")
return
}
instanceHostURL := data.GetServerURL()
if instanceHostURL == "" {
w.WriteHeader(http.StatusNotFound)
log.Warnln("webfinger request rejected! Federation is enabled but server URL is empty.")
return
}
instanceHostString := utils.GetHostnameFromURLString(instanceHostURL)
if instanceHostString == "" {
w.WriteHeader(http.StatusNotFound)
log.Warnln("webfinger request rejected! Federation is enabled but server URL is not set properly. data.GetServerURL(): " + data.GetServerURL())
return
}
resource := r.URL.Query().Get("resource")
preAcct, account, foundAcct := strings.Cut(resource, "acct:")
if !foundAcct || preAcct != "" {
w.WriteHeader(http.StatusBadRequest)
log.Debugln("webfinger request rejected! Malformed resource in query: " + resource)
return
}
userComponents := strings.Split(account, "@")
if len(userComponents) != 2 {
w.WriteHeader(http.StatusBadRequest)
log.Debugln("webfinger request rejected! Malformed account in query: " + account)
return
}
host := userComponents[1]
user := userComponents[0]
if _, valid := data.GetFederatedInboxMap()[user]; !valid {
w.WriteHeader(http.StatusNotFound)
log.Debugln("webfinger request rejected! Invalid user: " + user)
return
}
// If the webfinger request doesn't match our server then it
// should be rejected.
if instanceHostString != host {
w.WriteHeader(http.StatusNotImplemented)
log.Debugln("webfinger request rejected! Invalid query host: " + host + " instanceHostString: " + instanceHostString)
return
}
webfingerResponse := apmodels.MakeWebfingerResponse(user, user, host)
w.Header().Set("Content-Type", "application/jrd+json")
if err := json.NewEncoder(w).Encode(webfingerResponse); err != nil {
log.Errorln("unable to write webfinger response", err)
}
}