From fc31f145078e3c22d7a0aa9de2bca77f6d503469 Mon Sep 17 00:00:00 2001 From: Aravinth Manivannan Date: Sun, 24 Mar 2024 11:37:01 +0530 Subject: [PATCH] feat: extend webfinger to respond to profile page URIs --- routers/web/webfinger.go | 13 +++++++++++++ tests/integration/webfinger_test.go | 12 ++++++++++++ 2 files changed, 25 insertions(+) diff --git a/routers/web/webfinger.go b/routers/web/webfinger.go index e4b2aacce..c620059ec 100644 --- a/routers/web/webfinger.go +++ b/routers/web/webfinger.go @@ -64,6 +64,19 @@ func WebfingerQuery(ctx *context.Context) { if u != nil && u.KeepEmailPrivate { err = user_model.ErrUserNotExist{} } + case "https", "http": + if resource.Host != appURL.Host { + ctx.Error(http.StatusBadRequest) + return + } + + parts := strings.Split(resource.Path, "/") + if len(parts) < 2 { // fragment[0] is empty space, fragment[1] may be username + ctx.Error(http.StatusBadRequest) + return + } + + u, err = user_model.GetUserByName(ctx, parts[1]) default: ctx.Error(http.StatusBadRequest) return diff --git a/tests/integration/webfinger_test.go b/tests/integration/webfinger_test.go index 55fb21177..cdc7d94eb 100644 --- a/tests/integration/webfinger_test.go +++ b/tests/integration/webfinger_test.go @@ -66,4 +66,16 @@ func TestWebfinger(t *testing.T) { req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=mailto:%s", user.Email)) MakeRequest(t, req, http.StatusNotFound) + + req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", appURL.Host, user.Name)) + session.MakeRequest(t, req, http.StatusOK) + + req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=https://%s/%s", appURL.Host, user.Name)) + session.MakeRequest(t, req, http.StatusOK) + + req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s", appURL.Host)) + MakeRequest(t, req, http.StatusBadRequest) + + req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", "example.com", user.Name)) + MakeRequest(t, req, http.StatusBadRequest) }