routers/web/webfinger.go

@@ -64,6 +64,19 @@ func WebfingerQuery(ctx *context.Context) {
 		if u != nil && u.KeepEmailPrivate {
 			err = user_model.ErrUserNotExist{}
 		}
+	case "https", "http":
+		if resource.Host != appURL.Host {
+			ctx.Error(http.StatusBadRequest)
+			return
+		}
+
+		parts := strings.Split(resource.Path, "/")
+		if len(parts) < 2 { // fragment[0] is empty space, fragment[1] may be username
+			ctx.Error(http.StatusBadRequest)
+			return
+		}
+
+		u, err = user_model.GetUserByName(ctx, parts[1])
 	default:
 		ctx.Error(http.StatusBadRequest)
 		return
@@ -112,6 +125,7 @@ func WebfingerQuery(ctx *context.Context) {
 		},
 	}
 
+	ctx.Resp.Header().Add("Content-Type", "application/jrd+json")
 	ctx.Resp.Header().Add("Access-Control-Allow-Origin", "*")
 	ctx.JSON(http.StatusOK, &webfingerJRD{
 		Subject: fmt.Sprintf("acct:%s@%s", url.QueryEscape(u.Name), appURL.Host),

tests/integration/webfinger_test.go

@@ -65,4 +65,17 @@ func TestWebfinger(t *testing.T) {
 
 	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=mailto:%s", user.Email))
 	MakeRequest(t, req, http.StatusNotFound)
+
+	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", appURL.Host, user.Name))
+	session.MakeRequest(t, req, http.StatusOK)
+
+	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=https://%s/%s", appURL.Host, user.Name))
+	session.MakeRequest(t, req, http.StatusOK)
+
+	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s", appURL.Host))
+	MakeRequest(t, req, http.StatusBadRequest)
+
+	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", "example.com", user.Name))
+	MakeRequest(t, req, http.StatusBadRequest)
+
 }