From 7a62e1be31a954e395241609a06413da09ecbab8 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Tue, 9 Jul 2024 05:31:25 +0300
Subject: [PATCH 1/6] implement fetching host-meta before the webfinger
 endpoint

code ported from iceshrimp: https://iceshrimp.dev/iceshrimp/iceshrimp/src/commit/c3e685a925a89b4abc19684263e87691dd9f0c6d/packages/backend/src/remote/webfinger.ts
---
 packages/backend/package.json                 |  1 +
 packages/backend/src/core/WebfingerService.ts | 63 +++++++++++++++++--
 pnpm-lock.yaml                                | 21 +++++--
 3 files changed, 74 insertions(+), 11 deletions(-)

diff --git a/packages/backend/package.json b/packages/backend/package.json
index b05dc10c11..8e8d76bf23 100644
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@@ -112,6 +112,7 @@
 		"content-disposition": "0.5.4",
 		"date-fns": "2.30.0",
 		"deep-email-validator": "0.1.21",
+		"fast-xml-parser": "^4.4.0",
 		"fastify": "4.26.2",
 		"fastify-multer": "^2.0.3",
 		"fastify-raw-body": "4.3.0",
diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index 374536a741..ec03f9124a 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -5,7 +5,7 @@
 
 import { URL } from 'node:url';
 import { Injectable } from '@nestjs/common';
-import { query as urlQuery } from '@/misc/prelude/url.js';
+import { XMLParser } from 'fast-xml-parser';
 import { HttpRequestService } from '@/core/HttpRequestService.js';
 import { bindThis } from '@/decorators.js';
 
@@ -31,25 +31,76 @@ export class WebfingerService {
 
 	@bindThis
 	public async webfinger(query: string): Promise<IWebFinger> {
-		const url = this.genUrl(query);
+		const hostMetaUrl = this.queryToHostMetaUrl(query);
+		const template = await this.fetchHostMeta(hostMetaUrl) ?? this.queryToWebFingerTemplate(query);
+		const url = this.genUrl(query, template);
 
 		return await this.httpRequestService.getJson<IWebFinger>(url, 'application/jrd+json, application/json');
 	}
 
 	@bindThis
-	private genUrl(query: string): string {
+	private genUrl(query: string, template: string): string {
+		if (template.indexOf('{uri}') < 0) throw new Error(`Invalid webFingerUrl: ${template}`);
+
+		if (query.match(/^https?:\/\//)) {
+			return template.replace('{uri}', encodeURIComponent(query));
+		}
+
+		const m = query.match(/^([^@]+)@(.*)/);
+		if (m) {
+			return template.replace('{uri}', encodeURIComponent(`acct:${query}`));
+		}
+
+		throw new Error(`Invalid query (${query})`);
+	}
+
+	@bindThis
+	private queryToWebFingerTemplate(query: string): string {
+		if (query.match(/^https?:\/\//)) {
+			const u = new URL(query);
+			return `${u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
+		}
+
+		const m = query.match(/^([^@]+)@(.*)/);
+		if (m) {
+			const hostname = m[2];
+			return `https://${hostname}/.well-known/webfinger?resource={uri}`;
+		}
+
+		throw new Error(`Invalid query (${query})`);
+	}
+
+	@bindThis
+	private queryToHostMetaUrl(query: string): string {
 		if (query.match(urlRegex)) {
 			const u = new URL(query);
-			return `${u.protocol}//${u.hostname}/.well-known/webfinger?` + urlQuery({ resource: query });
+			return `${u.protocol}//${u.hostname}/.well-known/host-meta`;
 		}
 
 		const m = query.match(mRegex);
 		if (m) {
 			const hostname = m[2];
-			const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
-			return `http${useHttp ? '' : 's'}://${hostname}/.well-known/webfinger?${urlQuery({ resource: `acct:${query}` })}`;
+			return `https://${hostname}/.well-known/host-meta`;
 		}
 
 		throw new Error(`Invalid query (${query})`);
 	}
+
+	@bindThis
+	private async fetchHostMeta(url: string): Promise<string | null> {
+		try {
+			const res = await this.httpRequestService.getHtml(url, 'application/xrd+xml');
+			const options = {
+				ignoreAttributes: false,
+				isArray: (_name: string, jpath: string) => jpath === 'XRD.Link',
+			};
+			const parser = new XMLParser(options);
+			const hostMeta = parser.parse(res);
+			const template = (hostMeta['XRD']['Link'] as Array<any>).filter(p => p['@_rel'] === 'lrdd')[0]['@_template'];
+			return template.indexOf('{uri}') < 0 ? null : template;
+		} catch (err) {
+			console.error(`error while request host-meta for ${url}`);
+			return null;
+		}
+	}
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index a5ef08947c..1f3cd8216f 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -220,6 +220,9 @@ importers:
       deep-email-validator:
         specifier: 0.1.21
         version: 0.1.21
+      fast-xml-parser:
+        specifier: ^4.4.0
+        version: 4.4.0
       fastify:
         specifier: 4.26.2
         version: 4.26.2
@@ -6821,6 +6824,10 @@ packages:
     resolution: {integrity: sha512-B9/wizE4WngqQftFPmdaMYlXoJlJOYxGQOanC77fq9k8+Z0v5dDSVh+3glErdIROP//s/jgb7ZuxKfB8nVyo0g==}
     hasBin: true
 
+  fast-xml-parser@4.4.0:
+    resolution: {integrity: sha512-kLY3jFlwIYwBNDojclKsNAC12sfD6NwW74QB2CoNGPvtVxjliYehVunB3HYyNi+n4Tt1dAcgwYvmKF/Z18flqg==}
+    hasBin: true
+
   fastify-multer@2.0.3:
     resolution: {integrity: sha512-QnFqrRgxmUwWHTgX9uyQSu0C/hmVCfcxopqjApZ4uaZD5W9MJ+nHUlW4+9q7Yd3BRxDIuHvgiM5mjrh6XG8cAA==}
     engines: {node: '>=10.17.0'}
@@ -11105,8 +11112,8 @@ packages:
   vue-component-type-helpers@2.0.16:
     resolution: {integrity: sha512-qisL/iAfdO++7w+SsfYQJVPj6QKvxp4i1MMxvsNO41z/8zu3KuAw9LkhKUfP/kcOWGDxESp+pQObWppXusejCA==}
 
-  vue-component-type-helpers@2.0.19:
-    resolution: {integrity: sha512-cN3f1aTxxKo4lzNeQAkVopswuImUrb5Iurll9Gaw5cqpnbTAxtEMM1mgi6ou4X79OCyqYv1U1mzBHJkzmiK82w==}
+  vue-component-type-helpers@2.0.26:
+    resolution: {integrity: sha512-sO9qQ8oC520SW6kqlls0iqDak53gsTVSrYylajgjmkt1c0vcgjsGSy1KzlDrbEx8pm02IEYhlUkU5hCYf8rwtg==}
 
   vue-demi@0.14.7:
     resolution: {integrity: sha512-EOG8KXDQNwkJILkx/gPcoL/7vH+hORoBaKgGe+6W7VFMvCYJfmF2dGbvgDroVnI8LU7/kTu8mbjRZGBU1z9NTA==}
@@ -15449,7 +15456,7 @@ snapshots:
       ts-dedent: 2.2.0
       type-fest: 2.19.0
       vue: 3.4.26(typescript@5.4.5)
-      vue-component-type-helpers: 2.0.19
+      vue-component-type-helpers: 2.0.26
     transitivePeerDependencies:
       - encoding
       - supports-color
@@ -18827,6 +18834,10 @@ snapshots:
     dependencies:
       strnum: 1.0.5
 
+  fast-xml-parser@4.4.0:
+    dependencies:
+      strnum: 1.0.5
+
   fastify-multer@2.0.3:
     dependencies:
       '@fastify/busboy': 1.2.1
@@ -19708,7 +19719,7 @@ snapshots:
 
   is-svg@5.0.0:
     dependencies:
-      fast-xml-parser: 4.2.5
+      fast-xml-parser: 4.4.0
 
   is-symbol@1.0.4:
     dependencies:
@@ -23644,7 +23655,7 @@ snapshots:
 
   vue-component-type-helpers@2.0.16: {}
 
-  vue-component-type-helpers@2.0.19: {}
+  vue-component-type-helpers@2.0.26: {}
 
   vue-demi@0.14.7(vue@3.4.26(typescript@5.4.5)):
     dependencies:

From 0b6fb394c00d3eff77ae4e82e17887a397c7b932 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Fri, 12 Jul 2024 14:28:19 +0300
Subject: [PATCH 2/6] apply fixes from review

---
 packages/backend/src/core/WebfingerService.ts | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index ec03f9124a..519eeb3764 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -42,11 +42,11 @@ export class WebfingerService {
 	private genUrl(query: string, template: string): string {
 		if (template.indexOf('{uri}') < 0) throw new Error(`Invalid webFingerUrl: ${template}`);
 
-		if (query.match(/^https?:\/\//)) {
+		if (query.match(urlRegex)) {
 			return template.replace('{uri}', encodeURIComponent(query));
 		}
 
-		const m = query.match(/^([^@]+)@(.*)/);
+		const m = query.match(mRegex);
 		if (m) {
 			return template.replace('{uri}', encodeURIComponent(`acct:${query}`));
 		}
@@ -56,12 +56,13 @@ export class WebfingerService {
 
 	@bindThis
 	private queryToWebFingerTemplate(query: string): string {
-		if (query.match(/^https?:\/\//)) {
+		if (query.match(urlRegex)) {
 			const u = new URL(query);
-			return `${u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
+			const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
+			return `${useHttp ? 'http' : u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
 		}
 
-		const m = query.match(/^([^@]+)@(.*)/);
+		const m = query.match(mRegex);
 		if (m) {
 			const hostname = m[2];
 			return `https://${hostname}/.well-known/webfinger?resource={uri}`;
@@ -74,7 +75,8 @@ export class WebfingerService {
 	private queryToHostMetaUrl(query: string): string {
 		if (query.match(urlRegex)) {
 			const u = new URL(query);
-			return `${u.protocol}//${u.hostname}/.well-known/host-meta`;
+			const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
+			return `${useHttp ? 'http' : u.protocol}//${u.hostname}/.well-known/host-meta`;
 		}
 
 		const m = query.match(mRegex);

From 6fa6f1ba4543c5e548722b6ff344aeff69d519a0 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Fri, 12 Jul 2024 15:28:05 +0300
Subject: [PATCH 3/6] i re-read the code several times but oh well

---
 packages/backend/src/core/WebfingerService.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index 519eeb3764..334c5999af 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -56,16 +56,16 @@ export class WebfingerService {
 
 	@bindThis
 	private queryToWebFingerTemplate(query: string): string {
+		const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
 		if (query.match(urlRegex)) {
 			const u = new URL(query);
-			const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
 			return `${useHttp ? 'http' : u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
 		}
 
 		const m = query.match(mRegex);
 		if (m) {
 			const hostname = m[2];
-			return `https://${hostname}/.well-known/webfinger?resource={uri}`;
+			return `http${useHttp ? '' : 's'}//${hostname}/.well-known/webfinger?resource={uri}`;
 		}
 
 		throw new Error(`Invalid query (${query})`);

From d81aadfe232c5d4ec1f8551df75cfc7d8fa7a338 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Fri, 12 Jul 2024 15:46:23 +0300
Subject: [PATCH 4/6] replace useHttp with defaultProtocol

---
 packages/backend/src/core/WebfingerService.ts | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index 334c5999af..12f2bba624 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -22,6 +22,8 @@ export type IWebFinger = {
 const urlRegex = /^https?:\/\//;
 const mRegex = /^([^@]+)@(.*)/;
 
+const defaultProtocol = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true' ? 'http' : 'https';
+
 @Injectable()
 export class WebfingerService {
 	constructor(
@@ -56,16 +58,15 @@ export class WebfingerService {
 
 	@bindThis
 	private queryToWebFingerTemplate(query: string): string {
-		const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
 		if (query.match(urlRegex)) {
 			const u = new URL(query);
-			return `${useHttp ? 'http' : u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
+			return `${u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
 		}
 
 		const m = query.match(mRegex);
 		if (m) {
 			const hostname = m[2];
-			return `http${useHttp ? '' : 's'}//${hostname}/.well-known/webfinger?resource={uri}`;
+			return `${defaultProtocol}//${hostname}/.well-known/webfinger?resource={uri}`;
 		}
 
 		throw new Error(`Invalid query (${query})`);
@@ -75,14 +76,13 @@ export class WebfingerService {
 	private queryToHostMetaUrl(query: string): string {
 		if (query.match(urlRegex)) {
 			const u = new URL(query);
-			const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
-			return `${useHttp ? 'http' : u.protocol}//${u.hostname}/.well-known/host-meta`;
+			return `${u.protocol}//${u.hostname}/.well-known/host-meta`;
 		}
 
 		const m = query.match(mRegex);
 		if (m) {
 			const hostname = m[2];
-			return `https://${hostname}/.well-known/host-meta`;
+			return `${defaultProtocol}://${hostname}/.well-known/host-meta`;
 		}
 
 		throw new Error(`Invalid query (${query})`);

From 1fa92ad76304e80aea2c3bcfed598a121c765d39 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Sun, 14 Jul 2024 16:11:02 +0300
Subject: [PATCH 5/6] rename fetchHostMeta to
 fetchWebFingerTemplateFromHostMeta

---
 packages/backend/src/core/WebfingerService.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index 12f2bba624..a242dc5d42 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -34,7 +34,7 @@ export class WebfingerService {
 	@bindThis
 	public async webfinger(query: string): Promise<IWebFinger> {
 		const hostMetaUrl = this.queryToHostMetaUrl(query);
-		const template = await this.fetchHostMeta(hostMetaUrl) ?? this.queryToWebFingerTemplate(query);
+		const template = await this.fetchWebFingerTemplateFromHostMeta(hostMetaUrl) ?? this.queryToWebFingerTemplate(query);
 		const url = this.genUrl(query, template);
 
 		return await this.httpRequestService.getJson<IWebFinger>(url, 'application/jrd+json, application/json');
@@ -89,7 +89,7 @@ export class WebfingerService {
 	}
 
 	@bindThis
-	private async fetchHostMeta(url: string): Promise<string | null> {
+	private async fetchWebFingerTemplateFromHostMeta(url: string): Promise<string | null> {
 		try {
 			const res = await this.httpRequestService.getHtml(url, 'application/xrd+xml');
 			const options = {

From 2232f65410ed9848324d6a04f48c758eb87885a1 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Sun, 14 Jul 2024 16:11:11 +0300
Subject: [PATCH 6/6] use more concise syntax for env var checking

---
 packages/backend/src/core/WebfingerService.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index a242dc5d42..cbbac52cdb 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -22,7 +22,7 @@ export type IWebFinger = {
 const urlRegex = /^https?:\/\//;
 const mRegex = /^([^@]+)@(.*)/;
 
-const defaultProtocol = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true' ? 'http' : 'https';
+const defaultProtocol = process.env.MISSKEY_WEBFINGER_USE_HTTP?.toLowerCase() === 'true' ? 'http' : 'https';
 
 @Injectable()
 export class WebfingerService {