From 7a62e1be31a954e395241609a06413da09ecbab8 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Tue, 9 Jul 2024 05:31:25 +0300
Subject: [PATCH 1/6] implement fetching host-meta before the webfinger
endpoint
code ported from iceshrimp: https://iceshrimp.dev/iceshrimp/iceshrimp/src/commit/c3e685a925a89b4abc19684263e87691dd9f0c6d/packages/backend/src/remote/webfinger.ts
---
packages/backend/package.json | 1 +
packages/backend/src/core/WebfingerService.ts | 63 +++++++++++++++++--
pnpm-lock.yaml | 21 +++++--
3 files changed, 74 insertions(+), 11 deletions(-)
diff --git a/packages/backend/package.json b/packages/backend/package.json
index b05dc10c11..8e8d76bf23 100644
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@@ -112,6 +112,7 @@
"content-disposition": "0.5.4",
"date-fns": "2.30.0",
"deep-email-validator": "0.1.21",
+ "fast-xml-parser": "^4.4.0",
"fastify": "4.26.2",
"fastify-multer": "^2.0.3",
"fastify-raw-body": "4.3.0",
diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index 374536a741..ec03f9124a 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -5,7 +5,7 @@
import { URL } from 'node:url';
import { Injectable } from '@nestjs/common';
-import { query as urlQuery } from '@/misc/prelude/url.js';
+import { XMLParser } from 'fast-xml-parser';
import { HttpRequestService } from '@/core/HttpRequestService.js';
import { bindThis } from '@/decorators.js';
@@ -31,25 +31,76 @@ export class WebfingerService {
@bindThis
public async webfinger(query: string): Promise<IWebFinger> {
- const url = this.genUrl(query);
+ const hostMetaUrl = this.queryToHostMetaUrl(query);
+ const template = await this.fetchHostMeta(hostMetaUrl) ?? this.queryToWebFingerTemplate(query);
+ const url = this.genUrl(query, template);
return await this.httpRequestService.getJson<IWebFinger>(url, 'application/jrd+json, application/json');
}
@bindThis
- private genUrl(query: string): string {
+ private genUrl(query: string, template: string): string {
+ if (template.indexOf('{uri}') < 0) throw new Error(`Invalid webFingerUrl: ${template}`);
+
+ if (query.match(/^https?:\/\//)) {
+ return template.replace('{uri}', encodeURIComponent(query));
+ }
+
+ const m = query.match(/^([^@]+)@(.*)/);
+ if (m) {
+ return template.replace('{uri}', encodeURIComponent(`acct:${query}`));
+ }
+
+ throw new Error(`Invalid query (${query})`);
+ }
+
+ @bindThis
+ private queryToWebFingerTemplate(query: string): string {
+ if (query.match(/^https?:\/\//)) {
+ const u = new URL(query);
+ return `${u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
+ }
+
+ const m = query.match(/^([^@]+)@(.*)/);
+ if (m) {
+ const hostname = m[2];
+ return `https://${hostname}/.well-known/webfinger?resource={uri}`;
+ }
+
+ throw new Error(`Invalid query (${query})`);
+ }
+
+ @bindThis
+ private queryToHostMetaUrl(query: string): string {
if (query.match(urlRegex)) {
const u = new URL(query);
- return `${u.protocol}//${u.hostname}/.well-known/webfinger?` + urlQuery({ resource: query });
+ return `${u.protocol}//${u.hostname}/.well-known/host-meta`;
}
const m = query.match(mRegex);
if (m) {
const hostname = m[2];
- const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
- return `http${useHttp ? '' : 's'}://${hostname}/.well-known/webfinger?${urlQuery({ resource: `acct:${query}` })}`;
+ return `https://${hostname}/.well-known/host-meta`;
}
throw new Error(`Invalid query (${query})`);
}
+
+ @bindThis
+ private async fetchHostMeta(url: string): Promise<string | null> {
+ try {
+ const res = await this.httpRequestService.getHtml(url, 'application/xrd+xml');
+ const options = {
+ ignoreAttributes: false,
+ isArray: (_name: string, jpath: string) => jpath === 'XRD.Link',
+ };
+ const parser = new XMLParser(options);
+ const hostMeta = parser.parse(res);
+ const template = (hostMeta['XRD']['Link'] as Array<any>).filter(p => p['@_rel'] === 'lrdd')[0]['@_template'];
+ return template.indexOf('{uri}') < 0 ? null : template;
+ } catch (err) {
+ console.error(`error while request host-meta for ${url}`);
+ return null;
+ }
+ }
}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index a5ef08947c..1f3cd8216f 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -220,6 +220,9 @@ importers:
deep-email-validator:
specifier: 0.1.21
version: 0.1.21
+ fast-xml-parser:
+ specifier: ^4.4.0
+ version: 4.4.0
fastify:
specifier: 4.26.2
version: 4.26.2
@@ -6821,6 +6824,10 @@ packages:
resolution: {integrity: sha512-B9/wizE4WngqQftFPmdaMYlXoJlJOYxGQOanC77fq9k8+Z0v5dDSVh+3glErdIROP//s/jgb7ZuxKfB8nVyo0g==}
hasBin: true
+ fast-xml-parser@4.4.0:
+ resolution: {integrity: sha512-kLY3jFlwIYwBNDojclKsNAC12sfD6NwW74QB2CoNGPvtVxjliYehVunB3HYyNi+n4Tt1dAcgwYvmKF/Z18flqg==}
+ hasBin: true
+
fastify-multer@2.0.3:
resolution: {integrity: sha512-QnFqrRgxmUwWHTgX9uyQSu0C/hmVCfcxopqjApZ4uaZD5W9MJ+nHUlW4+9q7Yd3BRxDIuHvgiM5mjrh6XG8cAA==}
engines: {node: '>=10.17.0'}
@@ -11105,8 +11112,8 @@ packages:
vue-component-type-helpers@2.0.16:
resolution: {integrity: sha512-qisL/iAfdO++7w+SsfYQJVPj6QKvxp4i1MMxvsNO41z/8zu3KuAw9LkhKUfP/kcOWGDxESp+pQObWppXusejCA==}
- vue-component-type-helpers@2.0.19:
- resolution: {integrity: sha512-cN3f1aTxxKo4lzNeQAkVopswuImUrb5Iurll9Gaw5cqpnbTAxtEMM1mgi6ou4X79OCyqYv1U1mzBHJkzmiK82w==}
+ vue-component-type-helpers@2.0.26:
+ resolution: {integrity: sha512-sO9qQ8oC520SW6kqlls0iqDak53gsTVSrYylajgjmkt1c0vcgjsGSy1KzlDrbEx8pm02IEYhlUkU5hCYf8rwtg==}
vue-demi@0.14.7:
resolution: {integrity: sha512-EOG8KXDQNwkJILkx/gPcoL/7vH+hORoBaKgGe+6W7VFMvCYJfmF2dGbvgDroVnI8LU7/kTu8mbjRZGBU1z9NTA==}
@@ -15449,7 +15456,7 @@ snapshots:
ts-dedent: 2.2.0
type-fest: 2.19.0
vue: 3.4.26(typescript@5.4.5)
- vue-component-type-helpers: 2.0.19
+ vue-component-type-helpers: 2.0.26
transitivePeerDependencies:
- encoding
- supports-color
@@ -18827,6 +18834,10 @@ snapshots:
dependencies:
strnum: 1.0.5
+ fast-xml-parser@4.4.0:
+ dependencies:
+ strnum: 1.0.5
+
fastify-multer@2.0.3:
dependencies:
'@fastify/busboy': 1.2.1
@@ -19708,7 +19719,7 @@ snapshots:
is-svg@5.0.0:
dependencies:
- fast-xml-parser: 4.2.5
+ fast-xml-parser: 4.4.0
is-symbol@1.0.4:
dependencies:
@@ -23644,7 +23655,7 @@ snapshots:
vue-component-type-helpers@2.0.16: {}
- vue-component-type-helpers@2.0.19: {}
+ vue-component-type-helpers@2.0.26: {}
vue-demi@0.14.7(vue@3.4.26(typescript@5.4.5)):
dependencies:
From 0b6fb394c00d3eff77ae4e82e17887a397c7b932 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Fri, 12 Jul 2024 14:28:19 +0300
Subject: [PATCH 2/6] apply fixes from review
---
packages/backend/src/core/WebfingerService.ts | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index ec03f9124a..519eeb3764 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -42,11 +42,11 @@ export class WebfingerService {
private genUrl(query: string, template: string): string {
if (template.indexOf('{uri}') < 0) throw new Error(`Invalid webFingerUrl: ${template}`);
- if (query.match(/^https?:\/\//)) {
+ if (query.match(urlRegex)) {
return template.replace('{uri}', encodeURIComponent(query));
}
- const m = query.match(/^([^@]+)@(.*)/);
+ const m = query.match(mRegex);
if (m) {
return template.replace('{uri}', encodeURIComponent(`acct:${query}`));
}
@@ -56,12 +56,13 @@ export class WebfingerService {
@bindThis
private queryToWebFingerTemplate(query: string): string {
- if (query.match(/^https?:\/\//)) {
+ if (query.match(urlRegex)) {
const u = new URL(query);
- return `${u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
+ const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
+ return `${useHttp ? 'http' : u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
}
- const m = query.match(/^([^@]+)@(.*)/);
+ const m = query.match(mRegex);
if (m) {
const hostname = m[2];
return `https://${hostname}/.well-known/webfinger?resource={uri}`;
@@ -74,7 +75,8 @@ export class WebfingerService {
private queryToHostMetaUrl(query: string): string {
if (query.match(urlRegex)) {
const u = new URL(query);
- return `${u.protocol}//${u.hostname}/.well-known/host-meta`;
+ const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
+ return `${useHttp ? 'http' : u.protocol}//${u.hostname}/.well-known/host-meta`;
}
const m = query.match(mRegex);
From 6fa6f1ba4543c5e548722b6ff344aeff69d519a0 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Fri, 12 Jul 2024 15:28:05 +0300
Subject: [PATCH 3/6] i re-read the code several times but oh well
---
packages/backend/src/core/WebfingerService.ts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index 519eeb3764..334c5999af 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -56,16 +56,16 @@ export class WebfingerService {
@bindThis
private queryToWebFingerTemplate(query: string): string {
+ const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
if (query.match(urlRegex)) {
const u = new URL(query);
- const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
return `${useHttp ? 'http' : u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
}
const m = query.match(mRegex);
if (m) {
const hostname = m[2];
- return `https://${hostname}/.well-known/webfinger?resource={uri}`;
+ return `http${useHttp ? '' : 's'}//${hostname}/.well-known/webfinger?resource={uri}`;
}
throw new Error(`Invalid query (${query})`);
From d81aadfe232c5d4ec1f8551df75cfc7d8fa7a338 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Fri, 12 Jul 2024 15:46:23 +0300
Subject: [PATCH 4/6] replace useHttp with defaultProtocol
---
packages/backend/src/core/WebfingerService.ts | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index 334c5999af..12f2bba624 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -22,6 +22,8 @@ export type IWebFinger = {
const urlRegex = /^https?:\/\//;
const mRegex = /^([^@]+)@(.*)/;
+const defaultProtocol = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true' ? 'http' : 'https';
+
@Injectable()
export class WebfingerService {
constructor(
@@ -56,16 +58,15 @@ export class WebfingerService {
@bindThis
private queryToWebFingerTemplate(query: string): string {
- const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
if (query.match(urlRegex)) {
const u = new URL(query);
- return `${useHttp ? 'http' : u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
+ return `${u.protocol}//${u.hostname}/.well-known/webfinger?resource={uri}`;
}
const m = query.match(mRegex);
if (m) {
const hostname = m[2];
- return `http${useHttp ? '' : 's'}//${hostname}/.well-known/webfinger?resource={uri}`;
+ return `${defaultProtocol}//${hostname}/.well-known/webfinger?resource={uri}`;
}
throw new Error(`Invalid query (${query})`);
@@ -75,14 +76,13 @@ export class WebfingerService {
private queryToHostMetaUrl(query: string): string {
if (query.match(urlRegex)) {
const u = new URL(query);
- const useHttp = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true';
- return `${useHttp ? 'http' : u.protocol}//${u.hostname}/.well-known/host-meta`;
+ return `${u.protocol}//${u.hostname}/.well-known/host-meta`;
}
const m = query.match(mRegex);
if (m) {
const hostname = m[2];
- return `https://${hostname}/.well-known/host-meta`;
+ return `${defaultProtocol}://${hostname}/.well-known/host-meta`;
}
throw new Error(`Invalid query (${query})`);
From 1fa92ad76304e80aea2c3bcfed598a121c765d39 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Sun, 14 Jul 2024 16:11:02 +0300
Subject: [PATCH 5/6] rename fetchHostMeta to
fetchWebFingerTemplateFromHostMeta
---
packages/backend/src/core/WebfingerService.ts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index 12f2bba624..a242dc5d42 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -34,7 +34,7 @@ export class WebfingerService {
@bindThis
public async webfinger(query: string): Promise<IWebFinger> {
const hostMetaUrl = this.queryToHostMetaUrl(query);
- const template = await this.fetchHostMeta(hostMetaUrl) ?? this.queryToWebFingerTemplate(query);
+ const template = await this.fetchWebFingerTemplateFromHostMeta(hostMetaUrl) ?? this.queryToWebFingerTemplate(query);
const url = this.genUrl(query, template);
return await this.httpRequestService.getJson<IWebFinger>(url, 'application/jrd+json, application/json');
@@ -89,7 +89,7 @@ export class WebfingerService {
}
@bindThis
- private async fetchHostMeta(url: string): Promise<string | null> {
+ private async fetchWebFingerTemplateFromHostMeta(url: string): Promise<string | null> {
try {
const res = await this.httpRequestService.getHtml(url, 'application/xrd+xml');
const options = {
From 2232f65410ed9848324d6a04f48c758eb87885a1 Mon Sep 17 00:00:00 2001
From: slonkazoid <slonkazoid@slonk.ing>
Date: Sun, 14 Jul 2024 16:11:11 +0300
Subject: [PATCH 6/6] use more concise syntax for env var checking
---
packages/backend/src/core/WebfingerService.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/packages/backend/src/core/WebfingerService.ts b/packages/backend/src/core/WebfingerService.ts
index a242dc5d42..cbbac52cdb 100644
--- a/packages/backend/src/core/WebfingerService.ts
+++ b/packages/backend/src/core/WebfingerService.ts
@@ -22,7 +22,7 @@ export type IWebFinger = {
const urlRegex = /^https?:\/\//;
const mRegex = /^([^@]+)@(.*)/;
-const defaultProtocol = process.env.MISSKEY_WEBFINGER_USE_HTTP && process.env.MISSKEY_WEBFINGER_USE_HTTP.toLowerCase() === 'true' ? 'http' : 'https';
+const defaultProtocol = process.env.MISSKEY_WEBFINGER_USE_HTTP?.toLowerCase() === 'true' ? 'http' : 'https';
@Injectable()
export class WebfingerService {