GoToSocial/internal/api/s2s/webfinger/webfingerget.go

/*
   GoToSocial
   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.

   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package webfinger

import (
	"context"
	"fmt"
	"net/http"
	"strings"

	"github.com/gin-gonic/gin"
	"github.com/sirupsen/logrus"
	"github.com/spf13/viper"
	"github.com/superseriousbusiness/gotosocial/internal/api"
	"github.com/superseriousbusiness/gotosocial/internal/config"
	"github.com/superseriousbusiness/gotosocial/internal/util"
)

// WebfingerGETRequest swagger:operation GET /.well-known/webfinger webfingerGet
//
// Handles webfinger account lookup requests.
//
// For example, a GET to `https://goblin.technology/.well-known/webfinger?resource=acct:tobi@goblin.technology` would return:
//
// ```
//  {"subject":"acct:tobi@goblin.technology","aliases":["https://goblin.technology/users/tobi","https://goblin.technology/@tobi"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"https://goblin.technology/@tobi"},{"rel":"self","type":"application/activity+json","href":"https://goblin.technology/users/tobi"}]}
// ```
//
// See: https://webfinger.net/
//
// ---
// tags:
// - webfinger
//
// produces:
// - application/json
//
// responses:
//   '200':
//     schema:
//       "$ref": "#/definitions/wellKnownResponse"
func (m *Module) WebfingerGETRequest(c *gin.Context) {
	l := logrus.WithFields(logrus.Fields{
		"func":       "WebfingerGETRequest",
		"user-agent": c.Request.UserAgent(),
	})

	resourceQuery, set := c.GetQuery("resource")
	if !set || resourceQuery == "" {
		l.Debug("aborting request because no resource was set in query")
		c.JSON(http.StatusBadRequest, gin.H{"error": "no 'resource' in request query"})
		return
	}

	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil {
		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
		return
	}

	// remove the acct: prefix if it's present
	trimAcct := strings.TrimPrefix(resourceQuery, "acct:")
	// remove the first @ in @whatever@example.org if it's present
	namestring := strings.TrimPrefix(trimAcct, "@")

	// at this point we should have a string like some_user@example.org
	l.Debugf("got finger request for '%s'", namestring)

	usernameAndAccountDomain := strings.Split(namestring, "@")
	if len(usernameAndAccountDomain) != 2 {
		l.Debugf("aborting request because username and domain could not be parsed from %s", namestring)
		c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"})
		return
	}

	username := strings.ToLower(usernameAndAccountDomain[0])
	requestedAccountDomain := strings.ToLower(usernameAndAccountDomain[1])
	if username == "" || requestedAccountDomain == "" {
		l.Debug("aborting request because username or domain was empty")
		c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"})
		return
	}

	accountDomain := viper.GetString(config.Keys.AccountDomain)
	host := viper.GetString(config.Keys.Host)

	if requestedAccountDomain != accountDomain && requestedAccountDomain != host {
		l.Debugf("aborting request because accountDomain %s does not belong to this instance", requestedAccountDomain)
		c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("accountDomain %s does not belong to this instance", requestedAccountDomain)})
		return
	}

	// transfer the signature verifier from the gin context to the request context
	ctx := c.Request.Context()
	verifier, signed := c.Get(string(util.APRequestingPublicKeyVerifier))
	if signed {
		ctx = context.WithValue(ctx, util.APRequestingPublicKeyVerifier, verifier)
	}

	resp, err := m.processor.GetWebfingerAccount(ctx, username)
	if err != nil {
		l.Debugf("aborting request with an error: %s", err.Error())
		c.JSON(err.Code(), gin.H{"error": err.Safe()})
		return
	}

	c.JSON(http.StatusOK, resp)
}
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00			`/*`
			`GoToSocial`
			`Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU Affero General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU Affero General Public License for more details.`

			`You should have received a copy of the GNU Affero General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`package webfinger`

			`import (`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`"context"`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00			`"fmt"`
			`"net/http"`
			`"strings"`

			`"github.com/gin-gonic/gin"`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`"github.com/sirupsen/logrus"`
Implement Cobra CLI tooling, Viper config tooling (#336) * start pulling out + replacing urfave and config * replace many many instances of config * move more stuff => viper * properly remove urfave * move some flags to root command * add testrig commands to root * alias config file keys * start adding cli parsing tests * reorder viper init * remove config path alias * fmt * change config file keys to non-nested * we're more or less in business now * tidy up the common func * go fmt * get tests passing again * add note about the cliparsing tests * reorganize * update docs with changes * structure cmd dir better * rename + move some files around * fix dangling comma 2021-12-07 13:31:39 +01:00			`"github.com/spf13/viper"`
Add `Accept` header negotiation to relevant API endpoints (#337) * start centralizing negotiation logic for API * swagger document nodeinfo endpoint * go fmt * document negotiate function * use content negotiation * tidy up negotiation logic * negotiate content throughout client api * swagger * remove attachment on Content * add accept header to test requests 2021-12-11 17:50:00 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/api"`
Implement Cobra CLI tooling, Viper config tooling (#336) * start pulling out + replacing urfave and config * replace many many instances of config * move more stuff => viper * properly remove urfave * move some flags to root command * add testrig commands to root * alias config file keys * start adding cli parsing tests * reorder viper init * remove config path alias * fmt * change config file keys to non-nested * we're more or less in business now * tidy up the common func * go fmt * get tests passing again * add note about the cliparsing tests * reorganize * update docs with changes * structure cmd dir better * rename + move some files around * fix dangling comma 2021-12-07 13:31:39 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/config"`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`"github.com/superseriousbusiness/gotosocial/internal/util"`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00			`)`

Add `Accept` header negotiation to relevant API endpoints (#337) * start centralizing negotiation logic for API * swagger document nodeinfo endpoint * go fmt * document negotiate function * use content negotiation * tidy up negotiation logic * negotiate content throughout client api * swagger * remove attachment on Content * add accept header to test requests 2021-12-11 17:50:00 +01:00			`// WebfingerGETRequest swagger:operation GET /.well-known/webfinger webfingerGet`
			`//`
			`// Handles webfinger account lookup requests.`
			`//`
			// For example, a GET to `https://goblin.technology/.well-known/webfinger?resource=acct:tobi@goblin.technology` would return:
			`//`
			// ```
			`// {"subject":"acct:tobi@goblin.technology","aliases":["https://goblin.technology/users/tobi","https://goblin.technology/@tobi"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"https://goblin.technology/@tobi"},{"rel":"self","type":"application/activity+json","href":"https://goblin.technology/users/tobi"}]}`
			// ```
			`//`
			`// See: https://webfinger.net/`
			`//`
			`// ---`
			`// tags:`
			`// - webfinger`
			`//`
			`// produces:`
			`// - application/json`
			`//`
			`// responses:`
			`// '200':`
			`// schema:`
			`// "$ref": "#/definitions/wellKnownResponse"`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00			`func (m Module) WebfingerGETRequest(c gin.Context) {`
reference global logrus (#274) * reference logrus' global logger instead of passing and storing a logger reference everywhere * always directly use global logrus logger instead of referencing an instance * test suites should also directly use the global logrus logger * rename gin logging function to clarify that it's middleware * correct comments which erroneously referenced removed logger parameter * setting log level for tests now uses logrus' exported type instead of the string value, to guarantee error isn't possible 2021-10-11 14:37:33 +02:00			`l := logrus.WithFields(logrus.Fields{`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`"func": "WebfingerGETRequest",`
			`"user-agent": c.Request.UserAgent(),`
			`})`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00
Add `Accept` header negotiation to relevant API endpoints (#337) * start centralizing negotiation logic for API * swagger document nodeinfo endpoint * go fmt * document negotiate function * use content negotiation * tidy up negotiation logic * negotiate content throughout client api * swagger * remove attachment on Content * add accept header to test requests 2021-12-11 17:50:00 +01:00			`resourceQuery, set := c.GetQuery("resource")`
			`if !set \|\| resourceQuery == "" {`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`l.Debug("aborting request because no resource was set in query")`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00			`c.JSON(http.StatusBadRequest, gin.H{"error": "no 'resource' in request query"})`
			`return`
			`}`

Add `Accept` header negotiation to relevant API endpoints (#337) * start centralizing negotiation logic for API * swagger document nodeinfo endpoint * go fmt * document negotiate function * use content negotiation * tidy up negotiation logic * negotiate content throughout client api * swagger * remove attachment on Content * add accept header to test requests 2021-12-11 17:50:00 +01:00			`if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil {`
			`c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})`
			`return`
			`}`

Update webfingering a little, add tests (#236) * Update webfingering a little, add tests * fix broken tests oops 2021-09-20 16:46:45 +02:00			`// remove the acct: prefix if it's present`
Add `Accept` header negotiation to relevant API endpoints (#337) * start centralizing negotiation logic for API * swagger document nodeinfo endpoint * go fmt * document negotiate function * use content negotiation * tidy up negotiation logic * negotiate content throughout client api * swagger * remove attachment on Content * add accept header to test requests 2021-12-11 17:50:00 +01:00			`trimAcct := strings.TrimPrefix(resourceQuery, "acct:")`
Update webfingering a little, add tests (#236) * Update webfingering a little, add tests * fix broken tests oops 2021-09-20 16:46:45 +02:00			`// remove the first @ in @whatever@example.org if it's present`
			`namestring := strings.TrimPrefix(trimAcct, "@")`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00
Update webfingering a little, add tests (#236) * Update webfingering a little, add tests * fix broken tests oops 2021-09-20 16:46:45 +02:00			`// at this point we should have a string like some_user@example.org`
			`l.Debugf("got finger request for '%s'", namestring)`

			`usernameAndAccountDomain := strings.Split(namestring, "@")`
allow different host + accountDomain (#103) * allow different host + accountDomain * use accountDomain in tags 2021-07-19 18:42:08 +02:00			`if len(usernameAndAccountDomain) != 2 {`
Update webfingering a little, add tests (#236) * Update webfingering a little, add tests * fix broken tests oops 2021-09-20 16:46:45 +02:00			`l.Debugf("aborting request because username and domain could not be parsed from %s", namestring)`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00			`c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"})`
			`return`
			`}`
Update webfingering a little, add tests (#236) * Update webfingering a little, add tests * fix broken tests oops 2021-09-20 16:46:45 +02:00
allow different host + accountDomain (#103) * allow different host + accountDomain * use accountDomain in tags 2021-07-19 18:42:08 +02:00			`username := strings.ToLower(usernameAndAccountDomain[0])`
Implement Cobra CLI tooling, Viper config tooling (#336) * start pulling out + replacing urfave and config * replace many many instances of config * move more stuff => viper * properly remove urfave * move some flags to root command * add testrig commands to root * alias config file keys * start adding cli parsing tests * reorder viper init * remove config path alias * fmt * change config file keys to non-nested * we're more or less in business now * tidy up the common func * go fmt * get tests passing again * add note about the cliparsing tests * reorganize * update docs with changes * structure cmd dir better * rename + move some files around * fix dangling comma 2021-12-07 13:31:39 +01:00			`requestedAccountDomain := strings.ToLower(usernameAndAccountDomain[1])`
			`if username == "" \|\| requestedAccountDomain == "" {`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`l.Debug("aborting request because username or domain was empty")`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00			`c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"})`
			`return`
			`}`

Implement Cobra CLI tooling, Viper config tooling (#336) * start pulling out + replacing urfave and config * replace many many instances of config * move more stuff => viper * properly remove urfave * move some flags to root command * add testrig commands to root * alias config file keys * start adding cli parsing tests * reorder viper init * remove config path alias * fmt * change config file keys to non-nested * we're more or less in business now * tidy up the common func * go fmt * get tests passing again * add note about the cliparsing tests * reorganize * update docs with changes * structure cmd dir better * rename + move some files around * fix dangling comma 2021-12-07 13:31:39 +01:00			`accountDomain := viper.GetString(config.Keys.AccountDomain)`
			`host := viper.GetString(config.Keys.Host)`

			`if requestedAccountDomain != accountDomain && requestedAccountDomain != host {`
			`l.Debugf("aborting request because accountDomain %s does not belong to this instance", requestedAccountDomain)`
			`c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("accountDomain %s does not belong to this instance", requestedAccountDomain)})`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00			`return`
			`}`

Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`// transfer the signature verifier from the gin context to the request context`
			`ctx := c.Request.Context()`
			`verifier, signed := c.Get(string(util.APRequestingPublicKeyVerifier))`
			`if signed {`
			`ctx = context.WithValue(ctx, util.APRequestingPublicKeyVerifier, verifier)`
			`}`

Update webfingering a little, add tests (#236) * Update webfingering a little, add tests * fix broken tests oops 2021-09-20 16:46:45 +02:00			`resp, err := m.processor.GetWebfingerAccount(ctx, username)`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00			`if err != nil {`
Timeline manager (#40) * start messing about with timeline manager * i have no idea what i'm doing * i continue to not know what i'm doing * it's coming along * bit more progress * update timeline with new posts as they come in * lint and fmt * Select accounts where empty string * restructure a bunch, get unfaves working * moving stuff around * federate status deletes properly * mention regex better but not 100% there * fix regex * some more hacking away at the timeline code phew * fix up some little things * i can't even * more timeline stuff * move to ulid * fiddley * some lil fixes for kibou compatibility * timelines working pretty alright! * tidy + lint 2021-06-13 18:42:28 +02:00			`l.Debugf("aborting request with an error: %s", err.Error())`
Webfinger + Small fixes (#20) 2021-05-09 20:34:27 +02:00			`c.JSON(err.Code(), gin.H{"error": err.Safe()})`
			`return`
			`}`

			`c.JSON(http.StatusOK, resp)`
			`}`