Add Accept header negotiation to relevant API endpoints (#337)

* start centralizing negotiation logic for API * swagger document nodeinfo endpoint * go fmt * document negotiate function * use content negotiation * tidy up negotiation logic * negotiate content throughout client api * swagger * remove attachment on Content * add accept header to test requests
2025-06-05 21:59:39 +02:00 · 2021-12-11 17:50:00 +01:00
parent 0884f89431
commit e2daf0f012
78 changed files with 752 additions and 72 deletions
--- a/internal/api/s2s/nodeinfo/nodeinfoget.go
+++ b/internal/api/s2s/nodeinfo/nodeinfoget.go
@@ -19,20 +19,42 @@
 package nodeinfo

 import (
+	"encoding/json"
 	"net/http"

 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 )

-// NodeInfoGETHandler returns a compliant nodeinfo response to node info queries.
-// See: https://nodeinfo.diaspora.software/
+// NodeInfoGETHandler swagger:operation GET /nodeinfo/2.0 nodeInfoGet
+//
+// Returns a compliant nodeinfo response to node info queries.
+//
+// See: https://nodeinfo.diaspora.software/schema.html
+//
+// ---
+// tags:
+// - nodeinfo
+//
+// produces:
+// - application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.0#"
+//
+// responses:
+//   '200':
+//     schema:
+//       "$ref": "#/definitions/nodeinfo"
 func (m *Module) NodeInfoGETHandler(c *gin.Context) {
 	l := logrus.WithFields(logrus.Fields{
 		"func":       "NodeInfoGETHandler",
 		"user-agent": c.Request.UserAgent(),
 	})

+	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil {
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
+		return
+	}
+
 	ni, err := m.processor.GetNodeInfo(c.Request.Context(), c.Request)
 	if err != nil {
 		l.Debugf("error with get node info request: %s", err)
@@ -40,5 +62,10 @@ func (m *Module) NodeInfoGETHandler(c *gin.Context) {
 		return
 	}

-	c.JSON(http.StatusOK, ni)
+	b, jsonErr := json.Marshal(ni)
+	if jsonErr != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": jsonErr.Error()})
+	}
+
+	c.Data(http.StatusOK, `application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.0#"`, b)
 }
--- a/internal/api/s2s/nodeinfo/wellknownget.go
+++ b/internal/api/s2s/nodeinfo/wellknownget.go
@@ -23,16 +23,37 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 )

-// NodeInfoWellKnownGETHandler returns a well known response to a query to /.well-known/nodeinfo,
-// directing (but not redirecting...) callers to the NodeInfoGETHandler.
+// NodeInfoWellKnownGETHandler swagger:operation GET /.well-known/nodeinfo nodeInfoWellKnownGet
+//
+// Directs callers to /nodeinfo/2.0.
+//
+// eg. `{"links":[{"rel":"http://nodeinfo.diaspora.software/ns/schema/2.0","href":"http://example.org/nodeinfo/2.0"}]}`
+// See: https://nodeinfo.diaspora.software/protocol.html
+//
+// ---
+// tags:
+// - nodeinfo
+//
+// produces:
+// - application/json
+//
+// responses:
+//   '200':
+//     schema:
+//       "$ref": "#/definitions/wellKnownResponse"
 func (m *Module) NodeInfoWellKnownGETHandler(c *gin.Context) {
 	l := logrus.WithFields(logrus.Fields{
-		"func":       "NodeInfoWellKnownGETHandler",
-		"user-agent": c.Request.UserAgent(),
+		"func": "NodeInfoWellKnownGETHandler",
 	})

+	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil {
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
+		return
+	}
+
 	niRel, err := m.processor.GetNodeInfoRel(c.Request.Context(), c.Request)
 	if err != nil {
 		l.Debugf("error with get node info rel request: %s", err)
--- a/internal/api/s2s/user/common.go
+++ b/internal/api/s2s/user/common.go
@@ -20,19 +20,11 @@ package user

 import (
 	"context"
-	"fmt"

 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )

-// ActivityPubAcceptHeaders represents the Accept headers mentioned here:
-// https://www.w3.org/TR/activitypub/#retrieving-objects
-var ActivityPubAcceptHeaders = []string{
-	`application/activity+json`,
-	`application/ld+json; profile="https://www.w3.org/ns/activitystreams"`,
-}
-
 // transferContext transfers the signature verifier and signature from the gin context to the request context
 func transferContext(c *gin.Context) context.Context {
 	ctx := c.Request.Context()
@@ -50,14 +42,6 @@ func transferContext(c *gin.Context) context.Context {
 	return ctx
 }

-func negotiateFormat(c *gin.Context) (string, error) {
-	format := c.NegotiateFormat(ActivityPubAcceptHeaders...)
-	if format == "" {
-		return "", fmt.Errorf("no format can be offered for Accept headers %s", c.Request.Header.Get("Accept"))
-	}
-	return format, nil
-}
-
 // SwaggerCollection represents an activitypub collection.
 // swagger:model swaggerCollection
 type SwaggerCollection struct {
--- a/internal/api/s2s/user/followers.go
+++ b/internal/api/s2s/user/followers.go
@@ -25,6 +25,7 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 )

 // FollowersGETHandler returns a collection of URIs for followers of the target user, formatted so that other AP servers can understand it.
@@ -40,9 +41,9 @@ func (m *Module) FollowersGETHandler(c *gin.Context) {
 		return
 	}

-	format, err := negotiateFormat(c)
+	format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
 	if err != nil {
-		c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
 		return
 	}
 	l.Tracef("negotiated format: %s", format)
--- a/internal/api/s2s/user/following.go
+++ b/internal/api/s2s/user/following.go
@@ -25,6 +25,7 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 )

 // FollowingGETHandler returns a collection of URIs for accounts that the target user follows, formatted so that other AP servers can understand it.
@@ -40,9 +41,9 @@ func (m *Module) FollowingGETHandler(c *gin.Context) {
 		return
 	}

-	format, err := negotiateFormat(c)
+	format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
 	if err != nil {
-		c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
 		return
 	}
 	l.Tracef("negotiated format: %s", format)
--- a/internal/api/s2s/user/outboxget.go
+++ b/internal/api/s2s/user/outboxget.go
@@ -26,6 +26,7 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 )

 // OutboxGETHandler swagger:operation GET /users/{username}/outbox s2sOutboxGet
@@ -113,9 +114,9 @@ func (m *Module) OutboxGETHandler(c *gin.Context) {
 		maxID = maxIDString
 	}

-	format, err := negotiateFormat(c)
+	format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
 	if err != nil {
-		c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
 		return
 	}
 	l.Tracef("negotiated format: %s", format)
--- a/internal/api/s2s/user/outboxget_test.go
+++ b/internal/api/s2s/user/outboxget_test.go
@@ -54,6 +54,7 @@ func (suite *OutboxGetTestSuite) TestGetOutbox() {
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, targetAccount.OutboxURI, nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/activity+json")
 	ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
 	ctx.Request.Header.Set("Date", signedRequest.DateHeader)

@@ -108,6 +109,7 @@ func (suite *OutboxGetTestSuite) TestGetOutboxFirstPage() {
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, targetAccount.OutboxURI+"?page=true", nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/activity+json")
 	ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
 	ctx.Request.Header.Set("Date", signedRequest.DateHeader)

@@ -162,6 +164,7 @@ func (suite *OutboxGetTestSuite) TestGetOutboxNextPage() {
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, targetAccount.OutboxURI+"?page=true&max_id=01F8MHAMCHF6Y650WCRSCP4WMY", nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/activity+json")
 	ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
 	ctx.Request.Header.Set("Date", signedRequest.DateHeader)

--- a/internal/api/s2s/user/publickeyget.go
+++ b/internal/api/s2s/user/publickeyget.go
@@ -25,6 +25,7 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 )

 // PublicKeyGETHandler should be served at eg https://example.org/users/:username/main-key.
@@ -44,9 +45,9 @@ func (m *Module) PublicKeyGETHandler(c *gin.Context) {
 		return
 	}

-	format, err := negotiateFormat(c)
+	format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
 	if err != nil {
-		c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
 		return
 	}
 	l.Tracef("negotiated format: %s", format)
--- a/internal/api/s2s/user/repliesget.go
+++ b/internal/api/s2s/user/repliesget.go
@@ -26,6 +26,7 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 )

 // StatusRepliesGETHandler swagger:operation GET /users/{username}/statuses/{status}/replies s2sRepliesGet
@@ -131,9 +132,9 @@ func (m *Module) StatusRepliesGETHandler(c *gin.Context) {
 		minID = minIDString
 	}

-	format, err := negotiateFormat(c)
+	format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
 	if err != nil {
-		c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
 		return
 	}
 	l.Tracef("negotiated format: %s", format)
--- a/internal/api/s2s/user/repliesget_test.go
+++ b/internal/api/s2s/user/repliesget_test.go
@@ -57,6 +57,7 @@ func (suite *RepliesGetTestSuite) TestGetReplies() {
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, targetStatus.URI+"/replies", nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/activity+json")
 	ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
 	ctx.Request.Header.Set("Date", signedRequest.DateHeader)

@@ -117,6 +118,7 @@ func (suite *RepliesGetTestSuite) TestGetRepliesNext() {
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, targetStatus.URI+"/replies?only_other_accounts=false&page=true", nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/activity+json")
 	ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
 	ctx.Request.Header.Set("Date", signedRequest.DateHeader)

@@ -180,6 +182,7 @@ func (suite *RepliesGetTestSuite) TestGetRepliesLast() {
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, targetStatus.URI+"/replies?only_other_accounts=false&page=true&min_id=01FF25D5Q0DH7CHD57CTRS6WK0", nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/activity+json")
 	ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
 	ctx.Request.Header.Set("Date", signedRequest.DateHeader)

--- a/internal/api/s2s/user/statusget.go
+++ b/internal/api/s2s/user/statusget.go
@@ -25,6 +25,7 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 )

 // StatusGETHandler serves the target status as an activitystreams NOTE so that other AP servers can parse it.
@@ -46,9 +47,9 @@ func (m *Module) StatusGETHandler(c *gin.Context) {
 		return
 	}

-	format, err := negotiateFormat(c)
+	format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
 	if err != nil {
-		c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
 		return
 	}
 	l.Tracef("negotiated format: %s", format)
--- a/internal/api/s2s/user/userget.go
+++ b/internal/api/s2s/user/userget.go
@@ -25,6 +25,7 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 )

 // UsersGETHandler should be served at https://example.org/users/:username.
@@ -48,9 +49,9 @@ func (m *Module) UsersGETHandler(c *gin.Context) {
 		return
 	}

-	format, err := negotiateFormat(c)
+	format, err := api.NegotiateAccept(c, api.ActivityPubAcceptHeaders...)
 	if err != nil {
-		c.JSON(http.StatusNotAcceptable, gin.H{"error": fmt.Sprintf("could not negotiate format with given Accept header(s): %s", err)})
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
 		return
 	}
 	l.Tracef("negotiated format: %s", format)
--- a/internal/api/s2s/user/userget_test.go
+++ b/internal/api/s2s/user/userget_test.go
@@ -55,6 +55,7 @@ func (suite *UserGetTestSuite) TestGetUser() {
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, targetAccount.URI, nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/activity+json")
 	ctx.Request.Header.Set("Signature", signedRequest.SignatureHeader)
 	ctx.Request.Header.Set("Date", signedRequest.DateHeader)

--- a/internal/api/s2s/webfinger/webfingerget.go
+++ b/internal/api/s2s/webfinger/webfingerget.go
@@ -27,26 +27,54 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
+	"github.com/superseriousbusiness/gotosocial/internal/api"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )

-// WebfingerGETRequest handles requests to, for example, https://example.org/.well-known/webfinger?resource=acct:some_user@example.org
+// WebfingerGETRequest swagger:operation GET /.well-known/webfinger webfingerGet
+//
+// Handles webfinger account lookup requests.
+//
+// For example, a GET to `https://goblin.technology/.well-known/webfinger?resource=acct:tobi@goblin.technology` would return:
+//
+// ```
+//  {"subject":"acct:tobi@goblin.technology","aliases":["https://goblin.technology/users/tobi","https://goblin.technology/@tobi"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"https://goblin.technology/@tobi"},{"rel":"self","type":"application/activity+json","href":"https://goblin.technology/users/tobi"}]}
+// ```
+//
+// See: https://webfinger.net/
+//
+// ---
+// tags:
+// - webfinger
+//
+// produces:
+// - application/json
+//
+// responses:
+//   '200':
+//     schema:
+//       "$ref": "#/definitions/wellKnownResponse"
 func (m *Module) WebfingerGETRequest(c *gin.Context) {
 	l := logrus.WithFields(logrus.Fields{
 		"func":       "WebfingerGETRequest",
 		"user-agent": c.Request.UserAgent(),
 	})

-	q, set := c.GetQuery("resource")
-	if !set || q == "" {
+	resourceQuery, set := c.GetQuery("resource")
+	if !set || resourceQuery == "" {
 		l.Debug("aborting request because no resource was set in query")
 		c.JSON(http.StatusBadRequest, gin.H{"error": "no 'resource' in request query"})
 		return
 	}

+	if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil {
+		c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()})
+		return
+	}
+
 	// remove the acct: prefix if it's present
-	trimAcct := strings.TrimPrefix(q, "acct:")
+	trimAcct := strings.TrimPrefix(resourceQuery, "acct:")
 	// remove the first @ in @whatever@example.org if it's present
 	namestring := strings.TrimPrefix(trimAcct, "@")

--- a/internal/api/s2s/webfinger/webfingerget_test.go
+++ b/internal/api/s2s/webfinger/webfingerget_test.go
@@ -50,6 +50,7 @@ func (suite *WebfingerGetTestSuite) TestFingerUser() {
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/json")

 	// trigger the function being tested
 	suite.webfingerModule.WebfingerGETRequest(ctx)
@@ -83,6 +84,7 @@ func (suite *WebfingerGetTestSuite) TestFingerUserWithDifferentAccountDomainByHo
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/json")

 	// trigger the function being tested
 	suite.webfingerModule.WebfingerGETRequest(ctx)
@@ -116,6 +118,7 @@ func (suite *WebfingerGetTestSuite) TestFingerUserWithDifferentAccountDomainByAc
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/json")

 	// trigger the function being tested
 	suite.webfingerModule.WebfingerGETRequest(ctx)
@@ -141,6 +144,7 @@ func (suite *WebfingerGetTestSuite) TestFingerUserWithoutAcct() {
 	recorder := httptest.NewRecorder()
 	ctx, _ := gin.CreateTestContext(recorder)
 	ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting
+	ctx.Request.Header.Set("accept", "application/json")

 	// trigger the function being tested
 	suite.webfingerModule.WebfingerGETRequest(ctx)