Add Accept header negotiation to relevant API endpoints (#337)

* start centralizing negotiation logic for API

* swagger document nodeinfo endpoint

* go fmt

* document negotiate function

* use content negotiation

* tidy up negotiation logic

* negotiate content throughout client api

* swagger

* remove attachment on Content

* add accept header to test requests
This commit is contained in:
tobi
2021-12-11 17:50:00 +01:00
committed by GitHub
parent 0884f89431
commit e2daf0f012
78 changed files with 752 additions and 72 deletions

View File

@@ -19,20 +19,42 @@
package nodeinfo
import (
"encoding/json"
"net/http"
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/api"
)
// NodeInfoGETHandler returns a compliant nodeinfo response to node info queries.
// See: https://nodeinfo.diaspora.software/
// NodeInfoGETHandler swagger:operation GET /nodeinfo/2.0 nodeInfoGet
//
// Returns a compliant nodeinfo response to node info queries.
//
// See: https://nodeinfo.diaspora.software/schema.html
//
// ---
// tags:
// - nodeinfo
//
// produces:
// - application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.0#"
//
// responses:
// '200':
// schema:
// "$ref": "#/definitions/nodeinfo"
func (m *Module) NodeInfoGETHandler(c *gin.Context) {
l := logrus.WithFields(logrus.Fields{
"func": "NodeInfoGETHandler",
"user-agent": c.Request.UserAgent(),
})
if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil {
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
ni, err := m.processor.GetNodeInfo(c.Request.Context(), c.Request)
if err != nil {
l.Debugf("error with get node info request: %s", err)
@@ -40,5 +62,10 @@ func (m *Module) NodeInfoGETHandler(c *gin.Context) {
return
}
c.JSON(http.StatusOK, ni)
b, jsonErr := json.Marshal(ni)
if jsonErr != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": jsonErr.Error()})
}
c.Data(http.StatusOK, `application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.0#"`, b)
}

View File

@@ -23,16 +23,37 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/api"
)
// NodeInfoWellKnownGETHandler returns a well known response to a query to /.well-known/nodeinfo,
// directing (but not redirecting...) callers to the NodeInfoGETHandler.
// NodeInfoWellKnownGETHandler swagger:operation GET /.well-known/nodeinfo nodeInfoWellKnownGet
//
// Directs callers to /nodeinfo/2.0.
//
// eg. `{"links":[{"rel":"http://nodeinfo.diaspora.software/ns/schema/2.0","href":"http://example.org/nodeinfo/2.0"}]}`
// See: https://nodeinfo.diaspora.software/protocol.html
//
// ---
// tags:
// - nodeinfo
//
// produces:
// - application/json
//
// responses:
// '200':
// schema:
// "$ref": "#/definitions/wellKnownResponse"
func (m *Module) NodeInfoWellKnownGETHandler(c *gin.Context) {
l := logrus.WithFields(logrus.Fields{
"func": "NodeInfoWellKnownGETHandler",
"user-agent": c.Request.UserAgent(),
"func": "NodeInfoWellKnownGETHandler",
})
if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil {
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
niRel, err := m.processor.GetNodeInfoRel(c.Request.Context(), c.Request)
if err != nil {
l.Debugf("error with get node info rel request: %s", err)

View File

@@ -20,19 +20,11 @@ package user
import (
"context"
"fmt"
"github.com/gin-gonic/gin"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
// ActivityPubAcceptHeaders represents the Accept headers mentioned here:
// https://www.w3.org/TR/activitypub/#retrieving-objects
var ActivityPubAcceptHeaders = []string{
`application/activity+json`,
`application/ld+json; profile="https://www.w3.org/ns/activitystreams"`,
}
// transferContext transfers the signature verifier and signature from the gin context to the request context
func transferContext(c *gin.Context) context.Context {
ctx := c.Request.Context()
@@ -50,14 +42,6 @@ func transferContext(c *gin.Context) context.Context {
return ctx
}
func negotiateFormat(c *gin.Context) (string, error) {
format := c.NegotiateFormat(ActivityPubAcceptHeaders...)
if format == "" {
return "", fmt.Errorf("no format can be offered for Accept headers %s", c.Request.Header.Get("Accept"))
}
return format, nil
}
// SwaggerCollection represents an activitypub collection.
// swagger:model swaggerCollection
type SwaggerCollection struct {

View File

@@ -25,6 +25,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/api"
)
// FollowersGETHandler returns a collection of URIs for followers of the target user, formatted so that other AP servers can understand it.
@@ -40,9 +41,9 @@ func (m *Module) FollowersGETHandler(c *gin.Context) {
return
}
format, err := negotiateFormat(c)
format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
if err != nil {
c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
l.Tracef("negotiated format: %s", format)

View File

@@ -25,6 +25,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/api"
)
// FollowingGETHandler returns a collection of URIs for accounts that the target user follows, formatted so that other AP servers can understand it.
@@ -40,9 +41,9 @@ func (m *Module) FollowingGETHandler(c *gin.Context) {
return
}
format, err := negotiateFormat(c)
format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
if err != nil {
c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
l.Tracef("negotiated format: %s", format)

View File

@@ -26,6 +26,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/api"
)
// OutboxGETHandler swagger:operation GET /users/{username}/outbox s2sOutboxGet
@@ -113,9 +114,9 @@ func (m *Module) OutboxGETHandler(c *gin.Context) {
maxID = maxIDString
}
format, err := negotiateFormat(c)
format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
if err != nil {
c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
l.Tracef("negotiated format: %s", format)

View File

@@ -54,6 +54,7 @@ func (suite *OutboxGetTestSuite) TestGetOutbox() {
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, targetAccount.OutboxURI, nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/activity+json")
ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
ctx.Request.Header.Set("Date", signedRequest.DateHeader)
@@ -108,6 +109,7 @@ func (suite *OutboxGetTestSuite) TestGetOutboxFirstPage() {
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, targetAccount.OutboxURI+"?page=true", nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/activity+json")
ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
ctx.Request.Header.Set("Date", signedRequest.DateHeader)
@@ -162,6 +164,7 @@ func (suite *OutboxGetTestSuite) TestGetOutboxNextPage() {
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, targetAccount.OutboxURI+"?page=true&max_id=01F8MHAMCHF6Y650WCRSCP4WMY", nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/activity+json")
ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
ctx.Request.Header.Set("Date", signedRequest.DateHeader)

View File

@@ -25,6 +25,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/api"
)
// PublicKeyGETHandler should be served at eg https://example.org/users/:username/main-key.
@@ -44,9 +45,9 @@ func (m *Module) PublicKeyGETHandler(c *gin.Context) {
return
}
format, err := negotiateFormat(c)
format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
if err != nil {
c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
l.Tracef("negotiated format: %s", format)

View File

@@ -26,6 +26,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/api"
)
// StatusRepliesGETHandler swagger:operation GET /users/{username}/statuses/{status}/replies s2sRepliesGet
@@ -131,9 +132,9 @@ func (m *Module) StatusRepliesGETHandler(c *gin.Context) {
minID = minIDString
}
format, err := negotiateFormat(c)
format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
if err != nil {
c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
l.Tracef("negotiated format: %s", format)

View File

@@ -57,6 +57,7 @@ func (suite *RepliesGetTestSuite) TestGetReplies() {
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, targetStatus.URI+"/replies", nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/activity+json")
ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
ctx.Request.Header.Set("Date", signedRequest.DateHeader)
@@ -117,6 +118,7 @@ func (suite *RepliesGetTestSuite) TestGetRepliesNext() {
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, targetStatus.URI+"/replies?only_other_accounts=false&page=true", nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/activity+json")
ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
ctx.Request.Header.Set("Date", signedRequest.DateHeader)
@@ -180,6 +182,7 @@ func (suite *RepliesGetTestSuite) TestGetRepliesLast() {
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, targetStatus.URI+"/replies?only_other_accounts=false&page=true&min_id=01FF25D5Q0DH7CHD57CTRS6WK0", nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/activity+json")
ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
ctx.Request.Header.Set("Date", signedRequest.DateHeader)

View File

@@ -25,6 +25,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/api"
)
// StatusGETHandler serves the target status as an activitystreams NOTE so that other AP servers can parse it.
@@ -46,9 +47,9 @@ func (m *Module) StatusGETHandler(c *gin.Context) {
return
}
format, err := negotiateFormat(c)
format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
if err != nil {
c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
l.Tracef("negotiated format: %s", format)

View File

@@ -25,6 +25,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/superseriousbusiness/gotosocial/internal/api"
)
// UsersGETHandler should be served at https://example.org/users/:username.
@@ -48,9 +49,9 @@ func (m *Module) UsersGETHandler(c *gin.Context) {
return
}
format, err := negotiateFormat(c)
format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
if err != nil {
c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
l.Tracef("negotiated format: %s", format)

View File

@@ -55,6 +55,7 @@ func (suite *UserGetTestSuite) TestGetUser() {
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, targetAccount.URI, nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/activity+json")
ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
ctx.Request.Header.Set("Date", signedRequest.DateHeader)

View File

@@ -27,26 +27,54 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/spf13/viper"
"github.com/superseriousbusiness/gotosocial/internal/api"
"github.com/superseriousbusiness/gotosocial/internal/config"
"github.com/superseriousbusiness/gotosocial/internal/util"
)
// WebfingerGETRequest handles requests to, for example, https://example.org/.well-known/webfinger?resource=acct:some_user@example.org
// WebfingerGETRequest swagger:operation GET /.well-known/webfinger webfingerGet
//
// Handles webfinger account lookup requests.
//
// For example, a GET to `https://goblin.technology/.well-known/webfinger?resource=acct:tobi@goblin.technology` would return:
//
// ```
// {"subject":"acct:tobi@goblin.technology","aliases":["https://goblin.technology/users/tobi","https://goblin.technology/@tobi"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"https://goblin.technology/@tobi"},{"rel":"self","type":"application/activity+json","href":"https://goblin.technology/users/tobi"}]}
// ```
//
// See: https://webfinger.net/
//
// ---
// tags:
// - webfinger
//
// produces:
// - application/json
//
// responses:
// '200':
// schema:
// "$ref": "#/definitions/wellKnownResponse"
func (m *Module) WebfingerGETRequest(c *gin.Context) {
l := logrus.WithFields(logrus.Fields{
"func": "WebfingerGETRequest",
"user-agent": c.Request.UserAgent(),
})
q, set := c.GetQuery("resource")
if !set || q == "" {
resourceQuery, set := c.GetQuery("resource")
if !set || resourceQuery == "" {
l.Debug("aborting request because no resource was set in query")
c.JSON(http.StatusBadRequest, gin.H{"error": "no 'resource' in request query"})
return
}
if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil {
c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
return
}
// remove the acct: prefix if it's present
trimAcct := strings.TrimPrefix(q, "acct:")
trimAcct := strings.TrimPrefix(resourceQuery, "acct:")
// remove the first @ in @whatever@example.org if it's present
namestring := strings.TrimPrefix(trimAcct, "@")

View File

@@ -50,6 +50,7 @@ func (suite *WebfingerGetTestSuite) TestFingerUser() {
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/json")
// trigger the function being tested
suite.webfingerModule.WebfingerGETRequest(ctx)
@@ -83,6 +84,7 @@ func (suite *WebfingerGetTestSuite) TestFingerUserWithDifferentAccountDomainByHo
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/json")
// trigger the function being tested
suite.webfingerModule.WebfingerGETRequest(ctx)
@@ -116,6 +118,7 @@ func (suite *WebfingerGetTestSuite) TestFingerUserWithDifferentAccountDomainByAc
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/json")
// trigger the function being tested
suite.webfingerModule.WebfingerGETRequest(ctx)
@@ -141,6 +144,7 @@ func (suite *WebfingerGetTestSuite) TestFingerUserWithoutAcct() {
recorder := httptest.NewRecorder()
ctx, _ := gin.CreateTestContext(recorder)
ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting
ctx.Request.Header.Set("accept", "application/json")
// trigger the function being tested
suite.webfingerModule.WebfingerGETRequest(ctx)