diff options
| author | lain <lain@soykaf.club> | 2024-05-22 15:17:36 +0000 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2024-05-22 15:17:36 +0000 |
| commit | 7566b4a348c66fcea45bcb017979ece9c7b45b3a (patch) | |
| tree | dd82baba06f64002e1b2a25f867daa0bd12a3f82 /lib | |
| parent | fb4aa9f7250ecfcbd506f70cf8ac6732564a6b26 (diff) | |
| parent | 53a3176d2414bf4af523f1d9d13fc082fd23ea43 (diff) | |
| download | pleroma-7566b4a348c66fcea45bcb017979ece9c7b45b3a.tar.gz pleroma-7566b4a348c66fcea45bcb017979ece9c7b45b3a.zip | |
Merge branch 'release-2.6.3' into 'stable'
Release 2.6.3
See merge request pleroma/pleroma!4115
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/application.ex | 3 | ||||
| -rw-r--r-- | lib/pleroma/web/web_finger.ex | 38 |
2 files changed, 36 insertions, 5 deletions
diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index e68a3c57e..385e3872d 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -210,7 +210,8 @@ defmodule Pleroma.Application do expiration: chat_message_id_idempotency_key_expiration(), limit: 500_000 ), - build_cachex("rel_me", limit: 2500) + build_cachex("rel_me", limit: 2500), + build_cachex("host_meta", default_ttl: :timer.minutes(120), limit: 5000) ] end diff --git a/lib/pleroma/web/web_finger.ex b/lib/pleroma/web/web_finger.ex index f95dc2458..398742200 100644 --- a/lib/pleroma/web/web_finger.ex +++ b/lib/pleroma/web/web_finger.ex @@ -155,7 +155,16 @@ defmodule Pleroma.Web.WebFinger do end end + @cachex Pleroma.Config.get([:cachex, :provider], Cachex) def find_lrdd_template(domain) do + @cachex.fetch!(:host_meta_cache, domain, fn _ -> + {:commit, fetch_lrdd_template(domain)} + end) + rescue + e -> {:error, "Cachex error: #{inspect(e)}"} + end + + defp fetch_lrdd_template(domain) do # WebFinger is restricted to HTTPS - https://tools.ietf.org/html/rfc7033#section-9.1 meta_url = "https://#{domain}/.well-known/host-meta" @@ -168,7 +177,7 @@ defmodule Pleroma.Web.WebFinger do end end - defp get_address_from_domain(domain, encoded_account) when is_binary(domain) do + defp get_address_from_domain(domain, "acct:" <> _ = encoded_account) when is_binary(domain) do case find_lrdd_template(domain) do {:ok, template} -> String.replace(template, "{uri}", encoded_account) @@ -178,6 +187,11 @@ defmodule Pleroma.Web.WebFinger do end end + defp get_address_from_domain(domain, account) when is_binary(domain) do + encoded_account = URI.encode("acct:#{account}") + get_address_from_domain(domain, encoded_account) + end + defp get_address_from_domain(_, _), do: {:error, :webfinger_no_domain} @spec finger(String.t()) :: {:ok, map()} | {:error, any()} @@ -192,9 +206,7 @@ defmodule Pleroma.Web.WebFinger do URI.parse(account).host end - encoded_account = URI.encode("acct:#{account}") - - with address when is_binary(address) <- get_address_from_domain(domain, encoded_account), + with address when is_binary(address) <- get_address_from_domain(domain, account), {:ok, %{status: status, body: body, headers: headers}} when status in 200..299 <- HTTP.get( address, @@ -216,10 +228,28 @@ defmodule Pleroma.Web.WebFinger do _ -> {:error, {:content_type, nil}} end + |> case do + {:ok, data} -> validate_webfinger(address, data) + error -> error + end else error -> Logger.debug("Couldn't finger #{account}: #{inspect(error)}") error end end + + defp validate_webfinger(request_url, %{"subject" => "acct:" <> acct = subject} = data) do + with [_name, acct_host] <- String.split(acct, "@"), + {_, url} <- {:address, get_address_from_domain(acct_host, subject)}, + %URI{host: request_host} <- URI.parse(request_url), + %URI{host: acct_host} <- URI.parse(url), + {_, true} <- {:hosts_match, acct_host == request_host} do + {:ok, data} + else + _ -> {:error, {:webfinger_invalid, request_url, data}} + end + end + + defp validate_webfinger(url, data), do: {:error, {:webfinger_invalid, url, data}} end |