Add Accept header negotiation to relevant API endpoints (#337)

* start centralizing negotiation logic for API * swagger document nodeinfo endpoint * go fmt * document negotiate function * use content negotiation * tidy up negotiation logic * negotiate content throughout client api * swagger * remove attachment on Content * add accept header to test requests
2025-06-05 21:59:39 +02:00 · 2021-12-11 17:50:00 +01:00
parent 0884f89431
commit e2daf0f012
78 changed files with 752 additions and 72 deletions
--- a/internal/api/client/auth/authorize.go
+++ b/internal/api/client/auth/authorize.go
@@ -21,14 +21,16 @@ package auth
 import (
 	"errors"
 	"fmt"
-	"github.com/sirupsen/logrus"
 	"net/http"
 	"net/url"
 	"strings"

+	"github.com/sirupsen/logrus"
+
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 	"github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
@@ -41,6 +43,11 @@ func (m *Module) AuthorizeGETHandler(c *gin.Context) {
 	l := logrus.WithField("func", "AuthorizeGETHandler")
 	s := sessions.Default(c)

+	if _, err := api.NegotiateAccept(c, api.HTMLAcceptHeaders...); err != nil {
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
+		return
+	}
+
 	// UserID will be set in the session by AuthorizePOSTHandler if the caller has already gone through the authentication flow
 	// If it's not set, then we don't know yet who the user is, so we need to redirect them to the sign in page.
 	userID, ok := s.Get(sessionUserID).(string)
--- a/internal/api/client/auth/signin.go
+++ b/internal/api/client/auth/signin.go
@@ -21,11 +21,13 @@ package auth
 import (
 	"context"
 	"errors"
-	"github.com/sirupsen/logrus"
 	"net/http"

+	"github.com/sirupsen/logrus"
+
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"golang.org/x/crypto/bcrypt"
@@ -43,6 +45,12 @@ type login struct {
 func (m *Module) SignInGETHandler(c *gin.Context) {
 	l := logrus.WithField("func", "SignInGETHandler")
 	l.Trace("entering sign in handler")
+
+	if _, err := api.NegotiateAccept(c, api.HTMLAcceptHeaders...); err != nil {
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
+		return
+	}
+
 	if m.idp != nil {
 		s := sessions.Default(c)

--- a/internal/api/client/auth/token.go
+++ b/internal/api/client/auth/token.go
@@ -19,10 +19,12 @@
 package auth

 import (
-	"github.com/sirupsen/logrus"
 	"net/http"
 	"net/url"

+	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
+
 	"github.com/gin-gonic/gin"
 )

@@ -41,6 +43,11 @@ func (m *Module) TokenPOSTHandler(c *gin.Context) {
 	l := logrus.WithField("func", "TokenPOSTHandler")
 	l.Trace("entered TokenPOSTHandler")

+	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil {
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
+		return
+	}
+
 	form := &tokenBody{}
 	if err := c.ShouldBind(form); err == nil {
 		c.Request.Form = url.Values{}