mirror of
https://github.com/superseriousbusiness/gotosocial
synced 2025-06-05 21:59:39 +02:00
[feature] Add /api/v1/admin/debug/apurl endpoint (#2359)
This commit is contained in:
tobi
GitHub
126
internal/processing/admin/debug_apurl.go
Normal file
126
internal/processing/admin/debug_apurl.go
Normal file
@ -0,0 +1,126 @@
|
||||
// GoToSocial
|
||||
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
||||
// SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
package admin
|
||||
|
||||
import (
|
||||
"context"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
||||
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
||||
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
||||
)
|
||||
|
||||
// DebugAPUrl performs a GET to the given url, using the
|
||||
// signature of the given admin account. The GET will
|
||||
// have Accept set to the ActivityPub content types.
|
||||
//
|
||||
// Only urls with schema http or https are allowed.
|
||||
//
|
||||
// Calls to blocked domains are not allowed, not only
|
||||
// because it's unfair to call them when they can't
|
||||
// call us, but because it probably won't work anyway
|
||||
// if they try to dereference the calling account.
|
||||
//
|
||||
// Errors returned from this function should be fairly
|
||||
// verbose, to help with debugging.
|
||||
func (p *Processor) DebugAPUrl(
|
||||
ctx context.Context,
|
||||
adminAcct *gtsmodel.Account,
|
||||
urlStr string,
|
||||
) (*apimodel.DebugAPUrlResponse, gtserror.WithCode) {
|
||||
// Validate URL.
|
||||
if urlStr == "" {
|
||||
err := gtserror.New("empty URL")
|
||||
return nil, gtserror.NewErrorBadRequest(err, err.Error())
|
||||
}
|
||||
|
||||
url, err := url.Parse(urlStr)
|
||||
if err != nil {
|
||||
err := gtserror.Newf("invalid URL: %w", err)
|
||||
return nil, gtserror.NewErrorBadRequest(err, err.Error())
|
||||
}
|
||||
|
||||
if url == nil || (url.Scheme != "http" && url.Scheme != "https") {
|
||||
err = gtserror.New("invalid URL scheme, acceptable schemes are http or https")
|
||||
return nil, gtserror.NewErrorBadRequest(err, err.Error())
|
||||
}
|
||||
|
||||
// Ensure URL not blocked.
|
||||
blocked, err := p.state.DB.IsDomainBlocked(ctx, url.Host)
|
||||
if err != nil {
|
||||
err = gtserror.Newf("db error checking for domain block: %w", err)
|
||||
return nil, gtserror.NewErrorInternalError(err, err.Error())
|
||||
}
|
||||
|
||||
if blocked {
|
||||
err = gtserror.Newf("target domain %s is blocked", url.Host)
|
||||
return nil, gtserror.NewErrorBadRequest(err, err.Error())
|
||||
}
|
||||
|
||||
// All looks fine. Prepare the transport and (signed) GET request.
|
||||
tsport, err := p.transportController.NewTransportForUsername(ctx, adminAcct.Username)
|
||||
if err != nil {
|
||||
err = gtserror.Newf("error creating transport: %w", err)
|
||||
return nil, gtserror.NewErrorInternalError(err, err.Error())
|
||||
}
|
||||
|
||||
req, err := http.NewRequestWithContext(
|
||||
// Caller will want a snappy
|
||||
// response so don't retry.
|
||||
gtscontext.SetFastFail(ctx),
|
||||
http.MethodGet, urlStr, nil,
|
||||
)
|
||||
if err != nil {
|
||||
err = gtserror.Newf("error creating request: %w", err)
|
||||
return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
|
||||
}
|
||||
|
||||
req.Header.Add("Accept", string(apiutil.AppActivityLDJSON)+","+string(apiutil.AppActivityJSON))
|
||||
req.Header.Add("Accept-Charset", "utf-8")
|
||||
req.Header.Set("Host", url.Host)
|
||||
|
||||
// Perform the HTTP request,
|
||||
// and return everything.
|
||||
rsp, err := tsport.GET(req)
|
||||
if err != nil {
|
||||
err = gtserror.Newf("error doing dereference: %w", err)
|
||||
return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
|
||||
}
|
||||
defer rsp.Body.Close()
|
||||
|
||||
b, err := io.ReadAll(rsp.Body)
|
||||
if err != nil {
|
||||
err := gtserror.Newf("error reading response body bytes: %w", err)
|
||||
return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
|
||||
}
|
||||
|
||||
debugResponse := &apimodel.DebugAPUrlResponse{
|
||||
RequestURL: urlStr,
|
||||
RequestHeaders: req.Header,
|
||||
ResponseHeaders: rsp.Header,
|
||||
ResponseCode: rsp.StatusCode,
|
||||
ResponseBody: string(b),
|
||||
}
|
||||
|
||||
return debugResponse, nil
|
||||
}
|
||||
Reference in New Issue
Block a user