diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/helpers/webfinger_helper.rb | 19 | ||||
| -rw-r--r-- | app/models/remote_follow.rb | 3 | ||||
| -rw-r--r-- | app/services/activitypub/fetch_remote_account_service.rb | 5 | ||||
| -rw-r--r-- | app/services/resolve_account_service.rb | 3 |
4 files changed, 26 insertions, 4 deletions
diff --git a/app/helpers/webfinger_helper.rb b/app/helpers/webfinger_helper.rb new file mode 100644 index 000000000..70c493210 --- /dev/null +++ b/app/helpers/webfinger_helper.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +module WebfingerHelper + def webfinger!(uri) + hidden_service_uri = /\.(onion|i2p)(:\d+)?$/.match(uri) + + raise Mastodon::HostValidationError, 'Instance does not support hidden service connections' if !Rails.configuration.x.access_to_hidden_service && hidden_service_uri + + opts = { + ssl: !hidden_service_uri, + + headers: { + 'User-Agent': Mastodon::Version.user_agent, + }, + } + + Goldfinger::Client.new(uri, opts.merge(Rails.configuration.x.http_client_proxy)).finger + end +end diff --git a/app/models/remote_follow.rb b/app/models/remote_follow.rb index 5ea535287..30b84f7d5 100644 --- a/app/models/remote_follow.rb +++ b/app/models/remote_follow.rb @@ -3,6 +3,7 @@ class RemoteFollow include ActiveModel::Validations include RoutingHelper + include WebfingerHelper attr_accessor :acct, :addressable_template @@ -71,7 +72,7 @@ class RemoteFollow end def acct_resource - @acct_resource ||= Goldfinger.finger("acct:#{acct}") + @acct_resource ||= webfinger!("acct:#{acct}") rescue Goldfinger::Error, HTTP::ConnectionError nil end diff --git a/app/services/activitypub/fetch_remote_account_service.rb b/app/services/activitypub/fetch_remote_account_service.rb index d65c8f951..83fbf6d07 100644 --- a/app/services/activitypub/fetch_remote_account_service.rb +++ b/app/services/activitypub/fetch_remote_account_service.rb @@ -3,6 +3,7 @@ class ActivityPub::FetchRemoteAccountService < BaseService include JsonLdHelper include DomainControlHelper + include WebfingerHelper SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze @@ -35,12 +36,12 @@ class ActivityPub::FetchRemoteAccountService < BaseService private def verified_webfinger? - webfinger = Goldfinger.finger("acct:#{@username}@#{@domain}") + webfinger = webfinger!("acct:#{@username}@#{@domain}") confirmed_username, confirmed_domain = split_acct(webfinger.subject) return webfinger.link('self')&.href == @uri if @username.casecmp(confirmed_username).zero? && @domain.casecmp(confirmed_domain).zero? - webfinger = Goldfinger.finger("acct:#{confirmed_username}@#{confirmed_domain}") + webfinger = webfinger!("acct:#{confirmed_username}@#{confirmed_domain}") @username, @domain = split_acct(webfinger.subject) self_reference = webfinger.link('self') diff --git a/app/services/resolve_account_service.rb b/app/services/resolve_account_service.rb index 1ad9ed407..17ace100c 100644 --- a/app/services/resolve_account_service.rb +++ b/app/services/resolve_account_service.rb @@ -3,6 +3,7 @@ class ResolveAccountService < BaseService include JsonLdHelper include DomainControlHelper + include WebfingerHelper class WebfingerRedirectError < StandardError; end @@ -76,7 +77,7 @@ class ResolveAccountService < BaseService end def process_webfinger!(uri, redirected = false) - @webfinger = Goldfinger.finger("acct:#{uri}") + @webfinger = webfinger!("acct:#{uri}") confirmed_username, confirmed_domain = @webfinger.subject.gsub(/\Aacct:/, '').split('@') if confirmed_username.casecmp(@username).zero? && confirmed_domain.casecmp(@domain).zero? |