Johann150
c67ff44207
Some checks failed
ci/woodpecker/push/lint-backend Pipeline failed
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint-sw Pipeline failed
ci/woodpecker/push/lint-foundkey-js Pipeline was successful
ci/woodpecker/push/lint-client Pipeline failed
ci/woodpecker/push/test Pipeline failed
181 lines
4.9 KiB
TypeScript
181 lines
4.9 KiB
TypeScript
import Router from '@koa/router';
|
|
import { FindOptionsWhere, IsNull } from 'typeorm';
|
|
|
|
import config from '@/config/index.js';
|
|
import * as Acct from '@/misc/acct.js';
|
|
import { escapeAttribute, escapeValue } from '@/prelude/xml.js';
|
|
import { Users } from '@/models/index.js';
|
|
import { User } from '@/models/entities/user.js';
|
|
import { links } from './nodeinfo.js';
|
|
import { oauthMeta } from './oauth.js';
|
|
|
|
// Init router
|
|
const router = new Router();
|
|
|
|
const XRD = (...x: { element: string, value?: string, attributes?: Record<string, string> }[]) =>
|
|
`<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">${x.map(({ element, value, attributes }) =>
|
|
`<${
|
|
Object.entries(typeof attributes === 'object' && attributes || {}).reduce((a, [k, v]) => `${a} ${k}="${escapeAttribute(v)}"`, element)
|
|
}${
|
|
typeof value === 'string' ? `>${escapeValue(value)}</${element}` : '/'
|
|
}>`).reduce((a, c) => a + c, '')}</XRD>`;
|
|
|
|
const allPath = '/.well-known/(.*)';
|
|
const webFingerPath = '/.well-known/webfinger';
|
|
const jrd = 'application/jrd+json';
|
|
const xrd = 'application/xrd+xml';
|
|
|
|
router.use(allPath, async (ctx, next) => {
|
|
ctx.set({
|
|
'Access-Control-Allow-Headers': 'Accept',
|
|
'Access-Control-Allow-Methods': 'GET, OPTIONS',
|
|
'Access-Control-Allow-Origin': '*',
|
|
'Access-Control-Expose-Headers': 'Vary',
|
|
});
|
|
await next();
|
|
});
|
|
|
|
router.options(allPath, async ctx => {
|
|
ctx.status = 204;
|
|
});
|
|
|
|
router.get('/.well-known/host-meta', async ctx => {
|
|
ctx.set('Content-Type', xrd);
|
|
ctx.body = XRD({ element: 'Link', attributes: {
|
|
rel: 'lrdd',
|
|
type: xrd,
|
|
template: `${config.url}${webFingerPath}?resource={uri}`,
|
|
} });
|
|
});
|
|
|
|
router.get('/.well-known/host-meta.json', async ctx => {
|
|
ctx.set('Content-Type', jrd);
|
|
ctx.body = {
|
|
links: [{
|
|
rel: 'lrdd',
|
|
type: jrd,
|
|
template: `${config.url}${webFingerPath}?resource={uri}`,
|
|
}],
|
|
};
|
|
});
|
|
|
|
router.get('/.well-known/nodeinfo', async ctx => {
|
|
ctx.body = { links };
|
|
});
|
|
|
|
function oauth(ctx) {
|
|
ctx.body = oauthMeta;
|
|
ctx.type = 'application/json';
|
|
ctx.set('Cache-Control', 'max-age=31536000, immutable');
|
|
}
|
|
|
|
// implements RFC 8414
|
|
router.get('/.well-known/oauth-authorization-server', oauth);
|
|
// From the above RFC:
|
|
//> The identifiers "/.well-known/openid-configuration" [...] contain strings
|
|
//> referring to the OpenID Connect family of specifications [...]. Despite the reuse
|
|
//> of these identifiers that appear to be OpenID specific, their usage in this
|
|
//> specification is actually referring to general OAuth 2.0 features that are not
|
|
//> specific to OpenID Connect.
|
|
router.get('/.well-known/openid-configuration', oauth);
|
|
|
|
router.get(webFingerPath, async ctx => {
|
|
const fromAcct = (acct_str: string): FindOptionsWhere<User> | number => {
|
|
const acct = Acct.parse(acct_str);
|
|
if (!acct.host || acct.host === config.host.toLowerCase()) {
|
|
return {
|
|
usernameLower: acct.username,
|
|
host: IsNull(),
|
|
isSuspended: false,
|
|
};
|
|
} else {
|
|
return 422;
|
|
}
|
|
};
|
|
|
|
const generateQuery = (resource: string): FindOptionsWhere<User> | number => {
|
|
if (resource.startsWith(`${config.url.toLowerCase()}/users/`)) {
|
|
return {
|
|
id: resource.split('/').pop()!,
|
|
host: IsNull(),
|
|
isSuspended: false,
|
|
};
|
|
} else if (resource.startsWith(`${config.url.toLowerCase()}/@`)) {
|
|
return fromAcct(resource.split('/').pop()!);
|
|
} else if (resource.startsWith("acct:")) {
|
|
return fromAcct(resource.slice('acct:'.length));
|
|
}
|
|
return fromAcct(resource);
|
|
};
|
|
|
|
let resource = ctx.query.resource;
|
|
|
|
if (typeof resource !== 'string') {
|
|
ctx.status = 400;
|
|
return;
|
|
}
|
|
|
|
resource = resource.toLowerCase();
|
|
|
|
// Mastodon sometimes only checks for the domain name,
|
|
// which should be rewritten to the instance actor.
|
|
if (`https://${config.host}`.toLowerCase() === resource) {
|
|
resource = `acct:instance.actor@${config.host}`;
|
|
}
|
|
|
|
const query = generateQuery(resource);
|
|
|
|
if (typeof query === 'number') {
|
|
ctx.status = query;
|
|
return;
|
|
}
|
|
|
|
const user = await Users.findOneBy(query);
|
|
|
|
if (user == null) {
|
|
ctx.status = 404;
|
|
return;
|
|
}
|
|
|
|
const subject = `acct:${user.username}@${config.host}`;
|
|
const self = {
|
|
rel: 'self',
|
|
type: 'application/activity+json',
|
|
href: `${config.url}/users/${user.id}`,
|
|
};
|
|
const profilePage = {
|
|
rel: 'http://webfinger.net/rel/profile-page',
|
|
type: 'text/html',
|
|
href: `${config.url}/@${user.username}`,
|
|
};
|
|
const subscribe = {
|
|
rel: 'http://ostatus.org/schema/1.0/subscribe',
|
|
template: `${config.url}/authorize-follow?acct={uri}`,
|
|
};
|
|
|
|
if (ctx.accepts(jrd, xrd) === xrd) {
|
|
ctx.body = XRD(
|
|
{ element: 'Subject', value: subject },
|
|
{ element: 'Link', attributes: self },
|
|
{ element: 'Link', attributes: profilePage },
|
|
{ element: 'Link', attributes: subscribe });
|
|
ctx.type = xrd;
|
|
} else {
|
|
ctx.body = {
|
|
subject,
|
|
links: [self, profilePage, subscribe],
|
|
};
|
|
ctx.type = jrd;
|
|
}
|
|
|
|
ctx.vary('Accept');
|
|
ctx.set('Cache-Control', 'public, max-age=180');
|
|
});
|
|
|
|
// Return 404 for other .well-known
|
|
router.all(allPath, async ctx => {
|
|
ctx.status = 404;
|
|
});
|
|
|
|
export default router;
|