Timeline manager (#40)

* start messing about with timeline manager

* i have no idea what i'm doing

* i continue to not know what i'm doing

* it's coming along

* bit more progress

* update timeline with new posts as they come in

* lint and fmt

* Select accounts where empty string

* restructure a bunch, get unfaves working

* moving stuff around

* federate status deletes properly

* mention regex better but not 100% there

* fix regex

* some more hacking away at the timeline code phew

* fix up some little things

* i can't even

* more timeline stuff

* move to ulid

* fiddley

* some lil fixes for kibou compatibility

* timelines working pretty alright!

* tidy + lint
This commit is contained in:
Tobi Smethurst
2021-06-13 18:42:28 +02:00
committed by GitHub
parent 6ac6f8d614
commit b4288f3c47
96 changed files with 3458 additions and 1679 deletions

View File

@ -17,372 +17,3 @@
// */
package account_test
// import (
// "bytes"
// "encoding/json"
// "fmt"
// "io"
// "io/ioutil"
// "mime/multipart"
// "net/http"
// "net/http/httptest"
// "os"
// "testing"
// "github.com/gin-gonic/gin"
// "github.com/google/uuid"
// "github.com/stretchr/testify/assert"
// "github.com/stretchr/testify/suite"
// "github.com/superseriousbusiness/gotosocial/internal/api/client/account"
// "github.com/superseriousbusiness/gotosocial/internal/api/model"
// "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
// "github.com/superseriousbusiness/gotosocial/testrig"
// "github.com/superseriousbusiness/gotosocial/internal/oauth"
// "golang.org/x/crypto/bcrypt"
// )
// type AccountCreateTestSuite struct {
// AccountStandardTestSuite
// }
// func (suite *AccountCreateTestSuite) SetupSuite() {
// suite.testTokens = testrig.NewTestTokens()
// suite.testClients = testrig.NewTestClients()
// suite.testApplications = testrig.NewTestApplications()
// suite.testUsers = testrig.NewTestUsers()
// suite.testAccounts = testrig.NewTestAccounts()
// suite.testAttachments = testrig.NewTestAttachments()
// suite.testStatuses = testrig.NewTestStatuses()
// }
// func (suite *AccountCreateTestSuite) SetupTest() {
// suite.config = testrig.NewTestConfig()
// suite.db = testrig.NewTestDB()
// suite.storage = testrig.NewTestStorage()
// suite.log = testrig.NewTestLog()
// suite.federator = testrig.NewTestFederator(suite.db, testrig.NewTestTransportController(testrig.NewMockHTTPClient(nil)))
// suite.processor = testrig.NewTestProcessor(suite.db, suite.storage, suite.federator)
// suite.accountModule = account.New(suite.config, suite.processor, suite.log).(*account.Module)
// testrig.StandardDBSetup(suite.db)
// testrig.StandardStorageSetup(suite.storage, "../../../../testrig/media")
// }
// func (suite *AccountCreateTestSuite) TearDownTest() {
// testrig.StandardDBTeardown(suite.db)
// testrig.StandardStorageTeardown(suite.storage)
// }
// // TestAccountCreatePOSTHandlerSuccessful checks the happy path for an account creation request: all the fields provided are valid,
// // and at the end of it a new user and account should be added into the database.
// //
// // This is the handler served at /api/v1/accounts as POST
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerSuccessful() {
// t := suite.testTokens["local_account_1"]
// oauthToken := oauth.TokenToOauthToken(t)
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
// ctx.Set(oauth.SessionAuthorizedToken, oauthToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// // 1. we should have OK from our call to the function
// suite.EqualValues(http.StatusOK, recorder.Code)
// // 2. we should have a token in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// t := &model.Token{}
// err = json.Unmarshal(b, t)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), "we're authorized now!", t.AccessToken)
// // check new account
// // 1. we should be able to get the new account from the db
// acct := &gtsmodel.Account{}
// err = suite.db.GetLocalAccountByUsername("test_user", acct)
// assert.NoError(suite.T(), err)
// assert.NotNil(suite.T(), acct)
// // 2. reason should be set
// assert.Equal(suite.T(), suite.newUserFormHappyPath.Get("reason"), acct.Reason)
// // 3. display name should be equal to username by default
// assert.Equal(suite.T(), suite.newUserFormHappyPath.Get("username"), acct.DisplayName)
// // 4. domain should be nil because this is a local account
// assert.Nil(suite.T(), nil, acct.Domain)
// // 5. id should be set and parseable as a uuid
// assert.NotNil(suite.T(), acct.ID)
// _, err = uuid.Parse(acct.ID)
// assert.Nil(suite.T(), err)
// // 6. private and public key should be set
// assert.NotNil(suite.T(), acct.PrivateKey)
// assert.NotNil(suite.T(), acct.PublicKey)
// // check new user
// // 1. we should be able to get the new user from the db
// usr := &gtsmodel.User{}
// err = suite.db.GetWhere("unconfirmed_email", suite.newUserFormHappyPath.Get("email"), usr)
// assert.Nil(suite.T(), err)
// assert.NotNil(suite.T(), usr)
// // 2. user should have account id set to account we got above
// assert.Equal(suite.T(), acct.ID, usr.AccountID)
// // 3. id should be set and parseable as a uuid
// assert.NotNil(suite.T(), usr.ID)
// _, err = uuid.Parse(usr.ID)
// assert.Nil(suite.T(), err)
// // 4. locale should be equal to what we requested
// assert.Equal(suite.T(), suite.newUserFormHappyPath.Get("locale"), usr.Locale)
// // 5. created by application id should be equal to the app id
// assert.Equal(suite.T(), suite.testApplication.ID, usr.CreatedByApplicationID)
// // 6. password should be matcheable to what we set above
// err = bcrypt.CompareHashAndPassword([]byte(usr.EncryptedPassword), []byte(suite.newUserFormHappyPath.Get("password")))
// assert.Nil(suite.T(), err)
// }
// // TestAccountCreatePOSTHandlerNoAuth makes sure that the handler fails when no authorization is provided:
// // only registered applications can create accounts, and we don't provide one here.
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerNoAuth() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// // 1. we should have forbidden from our call to the function because we didn't auth
// suite.EqualValues(http.StatusForbidden, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"not authorized"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerNoAuth makes sure that the handler fails when no form is provided at all.
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerNoForm() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"missing one or more required form values"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerWeakPassword makes sure that the handler fails when a weak password is provided
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerWeakPassword() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// // set a weak password
// ctx.Request.Form.Set("password", "weak")
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"insecure password, try including more special characters, using uppercase letters, using numbers or using a longer password"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerWeirdLocale makes sure that the handler fails when a weird locale is provided
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerWeirdLocale() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// // set an invalid locale
// ctx.Request.Form.Set("locale", "neverneverland")
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"language: tag is not well-formed"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerRegistrationsClosed makes sure that the handler fails when registrations are closed
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerRegistrationsClosed() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// // close registrations
// suite.config.AccountsConfig.OpenRegistration = false
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"registration is not open for this server"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerReasonNotProvided makes sure that the handler fails when no reason is provided but one is required
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerReasonNotProvided() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// // remove reason
// ctx.Request.Form.Set("reason", "")
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"no reason provided"}`, string(b))
// }
// // TestAccountCreatePOSTHandlerReasonNotProvided makes sure that the handler fails when a crappy reason is presented but a good one is required
// func (suite *AccountCreateTestSuite) TestAccountCreatePOSTHandlerInsufficientReason() {
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplication)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:8080/%s", account.BasePath), nil) // the endpoint we're hitting
// ctx.Request.Form = suite.newUserFormHappyPath
// // remove reason
// ctx.Request.Form.Set("reason", "just cuz")
// suite.accountModule.AccountCreatePOSTHandler(ctx)
// // check response
// suite.EqualValues(http.StatusBadRequest, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// b, err := ioutil.ReadAll(result.Body)
// assert.NoError(suite.T(), err)
// assert.Equal(suite.T(), `{"error":"reason should be at least 40 chars but 'just cuz' was 8"}`, string(b))
// }
// /*
// TESTING: AccountUpdateCredentialsPATCHHandler
// */
// func (suite *AccountCreateTestSuite) TestAccountUpdateCredentialsPATCHHandler() {
// // put test local account in db
// err := suite.db.Put(suite.testAccountLocal)
// assert.NoError(suite.T(), err)
// // attach avatar to request
// aviFile, err := os.Open("../../media/test/test-jpeg.jpg")
// assert.NoError(suite.T(), err)
// body := &bytes.Buffer{}
// writer := multipart.NewWriter(body)
// part, err := writer.CreateFormFile("avatar", "test-jpeg.jpg")
// assert.NoError(suite.T(), err)
// _, err = io.Copy(part, aviFile)
// assert.NoError(suite.T(), err)
// err = aviFile.Close()
// assert.NoError(suite.T(), err)
// err = writer.Close()
// assert.NoError(suite.T(), err)
// // setup
// recorder := httptest.NewRecorder()
// ctx, _ := gin.CreateTestContext(recorder)
// ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccountLocal)
// ctx.Set(oauth.SessionAuthorizedToken, suite.testToken)
// ctx.Request = httptest.NewRequest(http.MethodPatch, fmt.Sprintf("http://localhost:8080/%s", account.UpdateCredentialsPath), body) // the endpoint we're hitting
// ctx.Request.Header.Set("Content-Type", writer.FormDataContentType())
// suite.accountModule.AccountUpdateCredentialsPATCHHandler(ctx)
// // check response
// // 1. we should have OK because our request was valid
// suite.EqualValues(http.StatusOK, recorder.Code)
// // 2. we should have an error message in the result body
// result := recorder.Result()
// defer result.Body.Close()
// // TODO: implement proper checks here
// //
// // b, err := ioutil.ReadAll(result.Body)
// // assert.NoError(suite.T(), err)
// // assert.Equal(suite.T(), `{"error":"not authorized"}`, string(b))
// }
// func TestAccountCreateTestSuite(t *testing.T) {
// suite.Run(t, new(AccountCreateTestSuite))
// }

View File

@ -74,7 +74,7 @@ func (m *Module) SignInPOSTHandler(c *gin.Context) {
// ValidatePassword takes an email address and a password.
// The goal is to authenticate the password against the one for that email
// address stored in the database. If OK, we return the userid (a uuid) for that user,
// address stored in the database. If OK, we return the userid (a ulid) for that user,
// so that it can be used in further Oauth flows to generate a token/retreieve an oauth client from the db.
func (m *Module) ValidatePassword(email string, password string) (userid string, err error) {
l := m.log.WithField("func", "ValidatePassword")

View File

@ -1,8 +1,12 @@
package emoji
import "github.com/gin-gonic/gin"
import (
"net/http"
"github.com/gin-gonic/gin"
)
// EmojisGETHandler returns a list of custom emojis enabled on the instance
func (m *Module) EmojisGETHandler(c *gin.Context) {
c.JSON(http.StatusOK, []string{})
}

View File

@ -32,7 +32,7 @@ import (
)
const (
// AccountIDKey is the url key for account id (an account uuid)
// AccountIDKey is the url key for account id (an account ulid)
AccountIDKey = "account_id"
// MediaTypeKey is the url key for media type (usually something like attachment or header etc)
MediaTypeKey = "media_type"

View File

@ -1,8 +1,12 @@
package filter
import "github.com/gin-gonic/gin"
import (
"net/http"
"github.com/gin-gonic/gin"
)
// FiltersGETHandler returns a list of filters set by/for the authed account
func (m *Module) FiltersGETHandler(c *gin.Context) {
c.JSON(http.StatusOK, []string{})
}

View File

@ -1,8 +1,12 @@
package list
import "github.com/gin-gonic/gin"
import (
"net/http"
"github.com/gin-gonic/gin"
)
// ListsGETHandler returns a list of lists created by/for the authed account
func (m *Module) ListsGETHandler(c *gin.Context) {
c.JSON(http.StatusOK, []string{})
}

View File

@ -56,5 +56,11 @@ func (m *Module) StatusDELETEHandler(c *gin.Context) {
return
}
// the status was already gone/never existed
if mastoStatus == nil {
c.JSON(http.StatusNotFound, gin.H{"error": "Record not found"})
return
}
c.JSON(http.StatusOK, mastoStatus)
}

View File

@ -87,12 +87,13 @@ func (m *Module) HomeTimelineGETHandler(c *gin.Context) {
local = i
}
statuses, errWithCode := m.processor.HomeTimelineGet(authed, maxID, sinceID, minID, limit, local)
resp, errWithCode := m.processor.HomeTimelineGet(authed, maxID, sinceID, minID, limit, local)
if errWithCode != nil {
l.Debugf("error from processor account statuses get: %s", errWithCode)
l.Debugf("error from processor HomeTimelineGet: %s", errWithCode)
c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()})
return
}
c.JSON(http.StatusOK, statuses)
c.Header("Link", resp.LinkHeader)
c.JSON(http.StatusOK, resp.Statuses)
}

View File

@ -0,0 +1,8 @@
package model
// StatusTimelineResponse wraps a slice of statuses, ready to be serialized, along with the Link
// header for the previous and next queries, to be returned to the client.
type StatusTimelineResponse struct {
Statuses []*Status
LinkHeader string
}

View File

@ -23,7 +23,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/processing"
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
)
// InboxPOSTHandler deals with incoming POST requests to an actor's inbox.
@ -42,17 +42,18 @@ func (m *Module) InboxPOSTHandler(c *gin.Context) {
posted, err := m.processor.InboxPost(c.Request.Context(), c.Writer, c.Request)
if err != nil {
if withCode, ok := err.(processing.ErrorWithCode); ok {
if withCode, ok := err.(gtserror.WithCode); ok {
l.Debug(withCode.Error())
c.JSON(withCode.Code(), withCode.Safe())
return
}
l.Debug(err)
l.Debugf("InboxPOSTHandler: error processing request: %s", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "unable to process request"})
return
}
if !posted {
l.Debugf("request could not be handled as an AP request; headers were: %+v", c.Request.Header)
c.JSON(http.StatusBadRequest, gin.H{"error": "unable to process request"})
}
}

View File

@ -24,42 +24,53 @@ import (
"strings"
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
)
// WebfingerGETRequest handles requests to, for example, https://example.org/.well-known/webfinger?resource=acct:some_user@example.org
func (m *Module) WebfingerGETRequest(c *gin.Context) {
l := m.log.WithFields(logrus.Fields{
"func": "WebfingerGETRequest",
"user-agent": c.Request.UserAgent(),
})
q, set := c.GetQuery("resource")
if !set || q == "" {
l.Debug("aborting request because no resource was set in query")
c.JSON(http.StatusBadRequest, gin.H{"error": "no 'resource' in request query"})
return
}
withAcct := strings.Split(q, "acct:")
if len(withAcct) != 2 {
l.Debugf("aborting request because resource query %s could not be split by 'acct:'", q)
c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"})
return
}
usernameDomain := strings.Split(withAcct[1], "@")
if len(usernameDomain) != 2 {
l.Debugf("aborting request because username and domain could not be parsed from %s", withAcct[1])
c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"})
return
}
username := strings.ToLower(usernameDomain[0])
domain := strings.ToLower(usernameDomain[1])
if username == "" || domain == "" {
l.Debug("aborting request because username or domain was empty")
c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"})
return
}
if domain != m.config.Host {
l.Debugf("aborting request because domain %s does not belong to this instance", domain)
c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("domain %s does not belong to this instance", domain)})
return
}
resp, err := m.processor.GetWebfingerAccount(username, c.Request)
if err != nil {
l.Debugf("aborting request with an error: %s", err.Error())
c.JSON(err.Code(), gin.H{"error": err.Safe()})
return
}

View File

@ -0,0 +1,17 @@
package security
import (
"net/http"
"github.com/gin-gonic/gin"
)
const robotsString = `User-agent: *
Disallow: /
`
// RobotsGETHandler returns the most restrictive possible robots.txt file in response to a call to /robots.txt.
// The response instructs bots with *any* user agent not to index the instance at all.
func (m *Module) RobotsGETHandler(c *gin.Context) {
c.String(http.StatusOK, robotsString)
}

View File

@ -19,12 +19,16 @@
package security
import (
"net/http"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/api"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/router"
)
const robotsPath = "/robots.txt"
// Module implements the ClientAPIModule interface for security middleware
type Module struct {
config *config.Config
@ -44,5 +48,6 @@ func (m *Module) Route(s router.Router) error {
s.AttachMiddleware(m.FlocBlock)
s.AttachMiddleware(m.ExtraHeaders)
s.AttachMiddleware(m.UserAgentBlock)
s.AttachHandler(http.MethodGet, robotsPath, m.RobotsGETHandler)
return nil
}

View File

@ -23,20 +23,24 @@ import (
"strings"
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
)
// UserAgentBlock is a middleware that prevents google chrome cohort tracking by
// writing the Permissions-Policy header after all other parts of the request have been completed.
// See: https://plausible.io/blog/google-floc
// UserAgentBlock blocks requests with undesired, empty, or invalid user-agent strings.
func (m *Module) UserAgentBlock(c *gin.Context) {
l := m.log.WithFields(logrus.Fields{
"func": "UserAgentBlock",
})
ua := c.Request.UserAgent()
if ua == "" {
l.Debug("aborting request because there's no user-agent set")
c.AbortWithStatus(http.StatusTeapot)
return
}
if strings.Contains(strings.ToLower(c.Request.UserAgent()), strings.ToLower("friendica")) {
if strings.Contains(strings.ToLower(ua), strings.ToLower("friendica")) {
l.Debugf("aborting request with user-agent %s because it contains 'friendica'", ua)
c.AbortWithStatus(http.StatusTeapot)
return
}