WIP: fix: webfinger before loading search results for /explore/users/ #10
2 changed files with 26 additions and 0 deletions
|
@ -64,6 +64,19 @@ func WebfingerQuery(ctx *context.Context) {
|
|||
if u != nil && u.KeepEmailPrivate {
|
||||
err = user_model.ErrUserNotExist{}
|
||||
}
|
||||
case "https", "http":
|
||||
if resource.Host != appURL.Host {
|
||||
ctx.Error(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
parts := strings.Split(resource.Path, "/")
|
||||
if len(parts) < 2 { // fragment[0] is empty space, fragment[1] may be username
|
||||
ctx.Error(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
u, err = user_model.GetUserByName(ctx, parts[1])
|
||||
default:
|
||||
ctx.Error(http.StatusBadRequest)
|
||||
return
|
||||
|
|
|
@ -65,4 +65,17 @@ func TestWebfinger(t *testing.T) {
|
|||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=mailto:%s", user.Email))
|
||||
MakeRequest(t, req, http.StatusNotFound)
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", appURL.Host, user.Name))
|
||||
session.MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=https://%s/%s", appURL.Host, user.Name))
|
||||
session.MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s", appURL.Host))
|
||||
MakeRequest(t, req, http.StatusBadRequest)
|
||||
|
||||
req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", "example.com", user.Name))
|
||||
MakeRequest(t, req, http.StatusBadRequest)
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue