mirror of
https://github.com/superseriousbusiness/gotosocial
synced 2025-06-05 21:59:39 +02:00
[bugfix] Reorder web view logic, other small fixes (#1954)
This commit is contained in:
tobi
GitHub
@@ -19,65 +19,110 @@ package fedi
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/url"
|
||||
|
||||
"github.com/superseriousbusiness/activity/streams/vocab"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/ap"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/db"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/uris"
|
||||
)
|
||||
|
||||
// UserGet handles the getting of a fedi/activitypub representation of a user/account, performing appropriate authentication
|
||||
// before returning a JSON serializable interface to the caller.
|
||||
// UserGet handles the getting of a fedi/activitypub representation of a user/account,
|
||||
// performing authentication before returning a JSON serializable interface to the caller.
|
||||
func (p *Processor) UserGet(ctx context.Context, requestedUsername string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
|
||||
// Get the instance-local account the request is referring to.
|
||||
// (Try to) get the requested local account from the db.
|
||||
requestedAccount, err := p.state.DB.GetAccountByUsernameDomain(ctx, requestedUsername, "")
|
||||
if err != nil {
|
||||
return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
|
||||
}
|
||||
if errors.Is(err, db.ErrNoEntries) {
|
||||
// Account just not found w/ this username.
|
||||
err := fmt.Errorf("account with username %s not found in the db", requestedUsername)
|
||||
return nil, gtserror.NewErrorNotFound(err)
|
||||
}
|
||||
|
||||
var requestedPerson vocab.ActivityStreamsPerson
|
||||
// Real db error.
|
||||
err := fmt.Errorf("db error getting account with username %s: %w", requestedUsername, err)
|
||||
return nil, gtserror.NewErrorInternalError(err)
|
||||
}
|
||||
|
||||
if uris.IsPublicKeyPath(requestURL) {
|
||||
// if it's a public key path, we don't need to authenticate but we'll only serve the bare minimum user profile needed for the public key
|
||||
requestedPerson, err = p.tc.AccountToASMinimal(ctx, requestedAccount)
|
||||
// If request is on a public key path, we don't need to
|
||||
// authenticate this request. However, we'll only serve
|
||||
// the bare minimum user profile needed for the pubkey.
|
||||
//
|
||||
// TODO: https://github.com/superseriousbusiness/gotosocial/issues/1186
|
||||
minimalPerson, err := p.tc.AccountToASMinimal(ctx, requestedAccount)
|
||||
if err != nil {
|
||||
return nil, gtserror.NewErrorInternalError(err)
|
||||
}
|
||||
} else {
|
||||
// if it's any other path, we want to fully authenticate the request before we serve any data, and then we can serve a more complete profile
|
||||
requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
|
||||
if errWithCode != nil {
|
||||
return nil, errWithCode
|
||||
}
|
||||
|
||||
// if we're not already handshaking/dereferencing a remote account, dereference it now
|
||||
if !p.federator.Handshaking(requestedUsername, requestingAccountURI) {
|
||||
requestingAccount, _, err := p.federator.GetAccountByURI(gtscontext.SetFastFail(ctx), requestedUsername, requestingAccountURI)
|
||||
if err != nil {
|
||||
return nil, gtserror.NewErrorUnauthorized(err)
|
||||
}
|
||||
|
||||
blocked, err := p.state.DB.IsEitherBlocked(ctx, requestedAccount.ID, requestingAccount.ID)
|
||||
if err != nil {
|
||||
return nil, gtserror.NewErrorInternalError(err)
|
||||
}
|
||||
|
||||
if blocked {
|
||||
return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
|
||||
}
|
||||
}
|
||||
|
||||
requestedPerson, err = p.tc.AccountToAS(ctx, requestedAccount)
|
||||
if err != nil {
|
||||
return nil, gtserror.NewErrorInternalError(err)
|
||||
}
|
||||
// Return early with bare minimum data.
|
||||
return data(minimalPerson)
|
||||
}
|
||||
|
||||
// If the request is not on a public key path, we want to
|
||||
// try to authenticate it before we serve any data, so that
|
||||
// we can serve a more complete profile.
|
||||
requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
|
||||
if errWithCode != nil {
|
||||
return nil, errWithCode // likely 401
|
||||
}
|
||||
|
||||
// Auth passed, generate the proper AP representation.
|
||||
person, err := p.tc.AccountToAS(ctx, requestedAccount)
|
||||
if err != nil {
|
||||
return nil, gtserror.NewErrorInternalError(err)
|
||||
}
|
||||
|
||||
// If we are currently handshaking with the remote account
|
||||
// making the request, then don't be coy: just serve the AP
|
||||
// representation of the target account.
|
||||
//
|
||||
// This handshake check ensures that we don't get stuck in
|
||||
// a loop with another GtS instance, where each instance is
|
||||
// trying repeatedly to dereference the other account that's
|
||||
// making the request before it will reveal its own account.
|
||||
//
|
||||
// Instead, we end up in an 'I'll show you mine if you show me
|
||||
// yours' situation, where we sort of agree to reveal each
|
||||
// other's profiles at the same time.
|
||||
if p.federator.Handshaking(requestedUsername, requestingAccountURI) {
|
||||
return data(person)
|
||||
}
|
||||
|
||||
// We're not currently handshaking with the requestingAccountURI,
|
||||
// so fetch its details and ensure it's up to date + not blocked.
|
||||
requestingAccount, _, err := p.federator.GetAccountByURI(
|
||||
// On a hot path so fail quickly.
|
||||
gtscontext.SetFastFail(ctx),
|
||||
requestedUsername, requestingAccountURI,
|
||||
)
|
||||
if err != nil {
|
||||
err := gtserror.Newf("error getting account %s: %w", requestingAccountURI, err)
|
||||
return nil, gtserror.NewErrorUnauthorized(err)
|
||||
}
|
||||
|
||||
blocked, err := p.state.DB.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID)
|
||||
if err != nil {
|
||||
err := gtserror.Newf("error checking block from account %s to account %s: %w", requestedAccount.ID, requestingAccount.ID, err)
|
||||
return nil, gtserror.NewErrorInternalError(err)
|
||||
}
|
||||
|
||||
if blocked {
|
||||
err := fmt.Errorf("account %s blocks account %s", requestedAccount.ID, requestingAccount.ID)
|
||||
return nil, gtserror.NewErrorUnauthorized(err)
|
||||
}
|
||||
|
||||
return data(person)
|
||||
}
|
||||
|
||||
func data(requestedPerson vocab.ActivityStreamsPerson) (interface{}, gtserror.WithCode) {
|
||||
data, err := ap.Serialize(requestedPerson)
|
||||
if err != nil {
|
||||
err := gtserror.Newf("error serializing person: %w", err)
|
||||
return nil, gtserror.NewErrorInternalError(err)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user