0
Meisam 43560cc65b
fix webfinger responses according to the specs (#2397)
* webfinger query with no resource should get 400

* check valid webfinger query

* test webfinger query

... without acct: or with wrong server

* add test for invalid user query from webfinger

* reorder the tests to decouple from state

cleanup
2022-12-07 16:26:06 -08:00

68 lines
1.7 KiB
Go

package controllers
import (
"encoding/json"
"net/http"
"strings"
"github.com/owncast/owncast/activitypub/apmodels"
"github.com/owncast/owncast/core/data"
"github.com/owncast/owncast/utils"
log "github.com/sirupsen/logrus"
)
// WebfingerHandler will handle webfinger lookup requests.
func WebfingerHandler(w http.ResponseWriter, r *http.Request) {
if !data.GetFederationEnabled() {
w.WriteHeader(http.StatusMethodNotAllowed)
return
}
resource := r.URL.Query().Get("resource")
resourceComponents := strings.Split(resource, ":")
var account string
if len(resourceComponents) == 2 {
account = resourceComponents[1]
} else {
account = resourceComponents[0]
}
userComponents := strings.Split(account, "@")
if len(userComponents) < 2 {
w.WriteHeader(http.StatusBadRequest)
return
}
host := userComponents[1]
user := userComponents[0]
if _, valid := data.GetFederatedInboxMap()[user]; !valid {
// User is not valid
w.WriteHeader(http.StatusNotFound)
log.Debugln("webfinger request rejected")
return
}
// If the webfinger request doesn't match our server then it
// should be rejected.
instanceHostString := data.GetServerURL()
if instanceHostString == "" {
w.WriteHeader(http.StatusNotFound)
return
}
instanceHostString = utils.GetHostnameFromURLString(instanceHostString)
if instanceHostString == "" || instanceHostString != host {
w.WriteHeader(http.StatusNotImplemented)
return
}
webfingerResponse := apmodels.MakeWebfingerResponse(user, user, host)
w.Header().Set("Content-Type", "application/jrd+json")
if err := json.NewEncoder(w).Encode(webfingerResponse); err != nil {
log.Errorln("unable to write webfinger response", err)
}
}