diff options
Diffstat (limited to 'internal/api/s2s/webfinger')
| -rw-r--r-- | internal/api/s2s/webfinger/webfinger.go | 50 | ||||
| -rw-r--r-- | internal/api/s2s/webfinger/webfinger_test.go | 137 | ||||
| -rw-r--r-- | internal/api/s2s/webfinger/webfingerget.go | 102 | ||||
| -rw-r--r-- | internal/api/s2s/webfinger/webfingerget_test.go | 171 |
4 files changed, 0 insertions, 460 deletions
diff --git a/internal/api/s2s/webfinger/webfinger.go b/internal/api/s2s/webfinger/webfinger.go deleted file mode 100644 index c46ca7260..000000000 --- a/internal/api/s2s/webfinger/webfinger.go +++ /dev/null @@ -1,50 +0,0 @@ -/* - GoToSocial - Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -package webfinger - -import ( - "net/http" - - "github.com/superseriousbusiness/gotosocial/internal/api" - "github.com/superseriousbusiness/gotosocial/internal/processing" - "github.com/superseriousbusiness/gotosocial/internal/router" -) - -const ( - // WebfingerBasePath is the base path for serving webfinger lookup requests - WebfingerBasePath = ".well-known/webfinger" -) - -// Module implements the FederationModule interface -type Module struct { - processor processing.Processor -} - -// New returns a new webfinger module -func New(processor processing.Processor) api.FederationModule { - return &Module{ - processor: processor, - } -} - -// Route satisfies the FederationModule interface -func (m *Module) Route(s router.Router) error { - s.AttachHandler(http.MethodGet, WebfingerBasePath, m.WebfingerGETRequest) - return nil -} diff --git a/internal/api/s2s/webfinger/webfinger_test.go b/internal/api/s2s/webfinger/webfinger_test.go deleted file mode 100644 index e5d026d06..000000000 --- a/internal/api/s2s/webfinger/webfinger_test.go +++ /dev/null @@ -1,137 +0,0 @@ -/* - GoToSocial - Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -package webfinger_test - -import ( - "crypto/rand" - "crypto/rsa" - "time" - - "github.com/stretchr/testify/suite" - "github.com/superseriousbusiness/gotosocial/internal/ap" - "github.com/superseriousbusiness/gotosocial/internal/api/s2s/webfinger" - "github.com/superseriousbusiness/gotosocial/internal/api/security" - "github.com/superseriousbusiness/gotosocial/internal/concurrency" - "github.com/superseriousbusiness/gotosocial/internal/db" - "github.com/superseriousbusiness/gotosocial/internal/email" - "github.com/superseriousbusiness/gotosocial/internal/federation" - "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" - "github.com/superseriousbusiness/gotosocial/internal/media" - "github.com/superseriousbusiness/gotosocial/internal/messages" - "github.com/superseriousbusiness/gotosocial/internal/oauth" - "github.com/superseriousbusiness/gotosocial/internal/processing" - "github.com/superseriousbusiness/gotosocial/internal/storage" - "github.com/superseriousbusiness/gotosocial/internal/typeutils" - "github.com/superseriousbusiness/gotosocial/testrig" -) - -type WebfingerStandardTestSuite struct { - // standard suite interfaces - suite.Suite - db db.DB - tc typeutils.TypeConverter - mediaManager media.Manager - federator federation.Federator - emailSender email.Sender - processor processing.Processor - storage *storage.Driver - oauthServer oauth.Server - securityModule *security.Module - - // standard suite models - testTokens map[string]*gtsmodel.Token - testClients map[string]*gtsmodel.Client - testApplications map[string]*gtsmodel.Application - testUsers map[string]*gtsmodel.User - testAccounts map[string]*gtsmodel.Account - testAttachments map[string]*gtsmodel.MediaAttachment - testStatuses map[string]*gtsmodel.Status - - // module being tested - webfingerModule *webfinger.Module -} - -func (suite *WebfingerStandardTestSuite) SetupSuite() { - suite.testTokens = testrig.NewTestTokens() - suite.testClients = testrig.NewTestClients() - suite.testApplications = testrig.NewTestApplications() - suite.testUsers = testrig.NewTestUsers() - suite.testAccounts = testrig.NewTestAccounts() - suite.testAttachments = testrig.NewTestAttachments() - suite.testStatuses = testrig.NewTestStatuses() -} - -func (suite *WebfingerStandardTestSuite) SetupTest() { - testrig.InitTestLog() - testrig.InitTestConfig() - - clientWorker := concurrency.NewWorkerPool[messages.FromClientAPI](-1, -1) - fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1) - - suite.db = testrig.NewTestDB() - suite.tc = testrig.NewTestTypeConverter(suite.db) - suite.storage = testrig.NewInMemoryStorage() - suite.mediaManager = testrig.NewTestMediaManager(suite.db, suite.storage) - suite.federator = testrig.NewTestFederator(suite.db, testrig.NewTestTransportController(testrig.NewMockHTTPClient(nil, "../../../../testrig/media"), suite.db, fedWorker), suite.storage, suite.mediaManager, fedWorker) - suite.emailSender = testrig.NewEmailSender("../../../../web/template/", nil) - suite.processor = testrig.NewTestProcessor(suite.db, suite.storage, suite.federator, suite.emailSender, suite.mediaManager, clientWorker, fedWorker) - suite.webfingerModule = webfinger.New(suite.processor).(*webfinger.Module) - suite.oauthServer = testrig.NewTestOauthServer(suite.db) - suite.securityModule = security.New(suite.db, suite.oauthServer).(*security.Module) - testrig.StandardDBSetup(suite.db, suite.testAccounts) - testrig.StandardStorageSetup(suite.storage, "../../../../testrig/media") - - suite.NoError(suite.processor.Start()) -} - -func (suite *WebfingerStandardTestSuite) TearDownTest() { - testrig.StandardDBTeardown(suite.db) - testrig.StandardStorageTeardown(suite.storage) -} - -func accountDomainAccount() *gtsmodel.Account { - privateKey, err := rsa.GenerateKey(rand.Reader, 2048) - if err != nil { - panic(err) - } - publicKey := &privateKey.PublicKey - - acct := >smodel.Account{ - ID: "01FG1K8EA7SYHEC7V6XKVNC4ZA", - CreatedAt: time.Now(), - UpdatedAt: time.Now(), - Username: "aaaaa", - Domain: "", - Privacy: gtsmodel.VisibilityDefault, - Language: "en", - URI: "http://gts.example.org/users/aaaaa", - URL: "http://gts.example.org/@aaaaa", - InboxURI: "http://gts.example.org/users/aaaaa/inbox", - OutboxURI: "http://gts.example.org/users/aaaaa/outbox", - FollowingURI: "http://gts.example.org/users/aaaaa/following", - FollowersURI: "http://gts.example.org/users/aaaaa/followers", - FeaturedCollectionURI: "http://gts.example.org/users/aaaaa/collections/featured", - ActorType: ap.ActorPerson, - PrivateKey: privateKey, - PublicKey: publicKey, - PublicKeyURI: "http://gts.example.org/users/aaaaa/main-key", - } - - return acct -} diff --git a/internal/api/s2s/webfinger/webfingerget.go b/internal/api/s2s/webfinger/webfingerget.go deleted file mode 100644 index 9949140c1..000000000 --- a/internal/api/s2s/webfinger/webfingerget.go +++ /dev/null @@ -1,102 +0,0 @@ -/* - GoToSocial - Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -package webfinger - -import ( - "context" - "fmt" - "net/http" - - "codeberg.org/gruf/go-kv" - "github.com/gin-gonic/gin" - "github.com/superseriousbusiness/gotosocial/internal/ap" - "github.com/superseriousbusiness/gotosocial/internal/api" - "github.com/superseriousbusiness/gotosocial/internal/config" - "github.com/superseriousbusiness/gotosocial/internal/log" - "github.com/superseriousbusiness/gotosocial/internal/util" -) - -// WebfingerGETRequest swagger:operation GET /.well-known/webfinger webfingerGet -// -// Handles webfinger account lookup requests. -// -// For example, a GET to `https://goblin.technology/.well-known/webfinger?resource=acct:tobi@goblin.technology` would return: -// -// ``` -// -// {"subject":"acct:tobi@goblin.technology","aliases":["https://goblin.technology/users/tobi","https://goblin.technology/@tobi"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"https://goblin.technology/@tobi"},{"rel":"self","type":"application/activity+json","href":"https://goblin.technology/users/tobi"}]} -// -// ``` -// -// See: https://webfinger.net/ -// -// --- -// tags: -// - webfinger -// -// produces: -// - application/json -// -// responses: -// '200': -// schema: -// "$ref": "#/definitions/wellKnownResponse" -func (m *Module) WebfingerGETRequest(c *gin.Context) { - l := log.WithFields(kv.Fields{ - {K: "user-agent", V: c.Request.UserAgent()}, - }...) - - resourceQuery, set := c.GetQuery("resource") - if !set || resourceQuery == "" { - l.Debug("aborting request because no resource was set in query") - c.JSON(http.StatusBadRequest, gin.H{"error": "no 'resource' in request query"}) - return - } - - requestedUsername, requestedHost, err := util.ExtractWebfingerParts(resourceQuery) - if err != nil { - l.Debugf("bad webfinger request with resource query %s: %s", resourceQuery, err) - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("bad webfinger request with resource query %s", resourceQuery)}) - return - } - - accountDomain := config.GetAccountDomain() - host := config.GetHost() - - if requestedHost != host && requestedHost != accountDomain { - l.Debugf("aborting request because requestedHost %s does not belong to this instance", requestedHost) - c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("requested host %s does not belong to this instance", requestedHost)}) - return - } - - // transfer the signature verifier from the gin context to the request context - ctx := c.Request.Context() - verifier, signed := c.Get(string(ap.ContextRequestingPublicKeyVerifier)) - if signed { - ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeyVerifier, verifier) - } - - resp, errWithCode := m.processor.GetWebfingerAccount(ctx, requestedUsername) - if errWithCode != nil { - api.ErrorHandler(c, errWithCode, m.processor.InstanceGet) - return - } - - c.JSON(http.StatusOK, resp) -} diff --git a/internal/api/s2s/webfinger/webfingerget_test.go b/internal/api/s2s/webfinger/webfingerget_test.go deleted file mode 100644 index 3e91b8f6a..000000000 --- a/internal/api/s2s/webfinger/webfingerget_test.go +++ /dev/null @@ -1,171 +0,0 @@ -/* - GoToSocial - Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -package webfinger_test - -import ( - "context" - "fmt" - "io/ioutil" - "net/http" - "net/http/httptest" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/suite" - "github.com/superseriousbusiness/gotosocial/internal/api/s2s/webfinger" - "github.com/superseriousbusiness/gotosocial/internal/concurrency" - "github.com/superseriousbusiness/gotosocial/internal/config" - "github.com/superseriousbusiness/gotosocial/internal/messages" - "github.com/superseriousbusiness/gotosocial/internal/processing" - "github.com/superseriousbusiness/gotosocial/testrig" -) - -type WebfingerGetTestSuite struct { - WebfingerStandardTestSuite -} - -func (suite *WebfingerGetTestSuite) TestFingerUser() { - targetAccount := suite.testAccounts["local_account_1"] - - // setup request - host := config.GetHost() - requestPath := fmt.Sprintf("/%s?resource=acct:%s@%s", webfinger.WebfingerBasePath, targetAccount.Username, host) - - recorder := httptest.NewRecorder() - ctx, _ := testrig.CreateGinTestContext(recorder, nil) - ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting - ctx.Request.Header.Set("accept", "application/json") - - // trigger the function being tested - suite.webfingerModule.WebfingerGETRequest(ctx) - - // check response - suite.EqualValues(http.StatusOK, recorder.Code) - - result := recorder.Result() - defer result.Body.Close() - b, err := ioutil.ReadAll(result.Body) - assert.NoError(suite.T(), err) - - suite.Equal(`{"subject":"acct:the_mighty_zork@localhost:8080","aliases":["http://localhost:8080/users/the_mighty_zork","http://localhost:8080/@the_mighty_zork"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"http://localhost:8080/@the_mighty_zork"},{"rel":"self","type":"application/activity+json","href":"http://localhost:8080/users/the_mighty_zork"}]}`, string(b)) -} - -func (suite *WebfingerGetTestSuite) TestFingerUserWithDifferentAccountDomainByHost() { - config.SetHost("gts.example.org") - config.SetAccountDomain("example.org") - - clientWorker := concurrency.NewWorkerPool[messages.FromClientAPI](-1, -1) - fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1) - suite.processor = processing.NewProcessor(suite.tc, suite.federator, testrig.NewTestOauthServer(suite.db), testrig.NewTestMediaManager(suite.db, suite.storage), suite.storage, suite.db, suite.emailSender, clientWorker, fedWorker) - suite.webfingerModule = webfinger.New(suite.processor).(*webfinger.Module) - - targetAccount := accountDomainAccount() - if err := suite.db.Put(context.Background(), targetAccount); err != nil { - panic(err) - } - - // setup request - host := config.GetHost() - requestPath := fmt.Sprintf("/%s?resource=acct:%s@%s", webfinger.WebfingerBasePath, targetAccount.Username, host) - - recorder := httptest.NewRecorder() - ctx, _ := testrig.CreateGinTestContext(recorder, nil) - ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting - ctx.Request.Header.Set("accept", "application/json") - - // trigger the function being tested - suite.webfingerModule.WebfingerGETRequest(ctx) - - // check response - suite.EqualValues(http.StatusOK, recorder.Code) - - result := recorder.Result() - defer result.Body.Close() - b, err := ioutil.ReadAll(result.Body) - assert.NoError(suite.T(), err) - - suite.Equal(`{"subject":"acct:aaaaa@example.org","aliases":["http://gts.example.org/users/aaaaa","http://gts.example.org/@aaaaa"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"http://gts.example.org/@aaaaa"},{"rel":"self","type":"application/activity+json","href":"http://gts.example.org/users/aaaaa"}]}`, string(b)) -} - -func (suite *WebfingerGetTestSuite) TestFingerUserWithDifferentAccountDomainByAccountDomain() { - config.SetHost("gts.example.org") - config.SetAccountDomain("example.org") - - clientWorker := concurrency.NewWorkerPool[messages.FromClientAPI](-1, -1) - fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1) - suite.processor = processing.NewProcessor(suite.tc, suite.federator, testrig.NewTestOauthServer(suite.db), testrig.NewTestMediaManager(suite.db, suite.storage), suite.storage, suite.db, suite.emailSender, clientWorker, fedWorker) - suite.webfingerModule = webfinger.New(suite.processor).(*webfinger.Module) - - targetAccount := accountDomainAccount() - if err := suite.db.Put(context.Background(), targetAccount); err != nil { - panic(err) - } - - // setup request - accountDomain := config.GetAccountDomain() - requestPath := fmt.Sprintf("/%s?resource=acct:%s@%s", webfinger.WebfingerBasePath, targetAccount.Username, accountDomain) - - recorder := httptest.NewRecorder() - ctx, _ := testrig.CreateGinTestContext(recorder, nil) - ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting - ctx.Request.Header.Set("accept", "application/json") - - // trigger the function being tested - suite.webfingerModule.WebfingerGETRequest(ctx) - - // check response - suite.EqualValues(http.StatusOK, recorder.Code) - - result := recorder.Result() - defer result.Body.Close() - b, err := ioutil.ReadAll(result.Body) - assert.NoError(suite.T(), err) - - suite.Equal(`{"subject":"acct:aaaaa@example.org","aliases":["http://gts.example.org/users/aaaaa","http://gts.example.org/@aaaaa"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"http://gts.example.org/@aaaaa"},{"rel":"self","type":"application/activity+json","href":"http://gts.example.org/users/aaaaa"}]}`, string(b)) -} - -func (suite *WebfingerGetTestSuite) TestFingerUserWithoutAcct() { - targetAccount := suite.testAccounts["local_account_1"] - - // setup request -- leave out the 'acct:' prefix, which is prettymuch what pixelfed currently does - host := config.GetHost() - requestPath := fmt.Sprintf("/%s?resource=%s@%s", webfinger.WebfingerBasePath, targetAccount.Username, host) - - recorder := httptest.NewRecorder() - ctx, _ := testrig.CreateGinTestContext(recorder, nil) - ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting - ctx.Request.Header.Set("accept", "application/json") - - // trigger the function being tested - suite.webfingerModule.WebfingerGETRequest(ctx) - - // check response - suite.EqualValues(http.StatusOK, recorder.Code) - - result := recorder.Result() - defer result.Body.Close() - b, err := ioutil.ReadAll(result.Body) - assert.NoError(suite.T(), err) - - suite.Equal(`{"subject":"acct:the_mighty_zork@localhost:8080","aliases":["http://localhost:8080/users/the_mighty_zork","http://localhost:8080/@the_mighty_zork"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"http://localhost:8080/@the_mighty_zork"},{"rel":"self","type":"application/activity+json","href":"http://localhost:8080/users/the_mighty_zork"}]}`, string(b)) -} - -func TestWebfingerGetTestSuite(t *testing.T) { - suite.Run(t, new(WebfingerGetTestSuite)) -} |