From 7dc620aff1e807c3535459a8f5d1034f2776f444 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sun, 16 Jun 2019 21:22:56 -0400
Subject: [PATCH] Check reader permissions on .well-known endpoints

(for private instances)

Ref T576
---
 handle.go | 28 ++++++++++++++++++++++++++++
 routes.go |  2 +-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/handle.go b/handle.go
index d296d93..3acfd08 100644
--- a/handle.go
+++ b/handle.go
@@ -795,6 +795,34 @@ func (h *Handler) LogHandlerFunc(f http.HandlerFunc) http.HandlerFunc {
 				log.Info("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, time.Since(start), r.UserAgent())
 			}()
 
+			if h.app.App().cfg.App.Private {
+				// This instance is private, so ensure it's being accessed by a valid user
+				// Check if authenticated with an access token
+				_, apiErr := optionalAPIAuth(h.app.App(), r)
+				if apiErr != nil {
+					if err, ok := apiErr.(impart.HTTPError); ok {
+						status = err.Status
+					} else {
+						status = 500
+					}
+
+					if apiErr == ErrNotLoggedIn {
+						// Fall back to web auth since there was no access token given
+						_, err := webAuth(h.app.App(), r)
+						if err != nil {
+							if err, ok := apiErr.(impart.HTTPError); ok {
+								status = err.Status
+							} else {
+								status = 500
+							}
+							return err
+						}
+					} else {
+						return apiErr
+					}
+				}
+			}
+
 			f(w, r)
 
 			return nil
diff --git a/routes.go b/routes.go
index a1f4439..8c0fbc8 100644
--- a/routes.go
+++ b/routes.go
@@ -61,7 +61,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 
 	// Federation endpoints
 	// host-meta
-	write.HandleFunc("/.well-known/host-meta", handler.Web(handleViewHostMeta, UserLevelOptional))
+	write.HandleFunc("/.well-known/host-meta", handler.Web(handleViewHostMeta, UserLevelReader))
 	// webfinger
 	write.HandleFunc(webfinger.WebFingerPath, handler.LogHandlerFunc(http.HandlerFunc(wf.Webfinger)))
 	// nodeinfo