From 6bb5eff11b91ac803d86bb593e94aa3a18177f64 Mon Sep 17 00:00:00 2001 From: Iris Lightshard Date: Mon, 16 Dec 2024 20:50:05 -0700 Subject: [PATCH] add httpsig and fix webfinger lookups --- adapter/anonAp.go | 69 ++++++++++++++++++++++++++++------------------- go.mod | 2 ++ go.sum | 12 +++++++++ 3 files changed, 55 insertions(+), 28 deletions(-) diff --git a/adapter/anonAp.go b/adapter/anonAp.go index 4098efd..5da6eaa 100644 --- a/adapter/anonAp.go +++ b/adapter/anonAp.go @@ -10,6 +10,7 @@ import ( "time" "forge.lightcrystal.systems/nilix/underbbs/models" + _ "github.com/go-fed/httpsig" ) type anonAPAdapter struct { @@ -218,44 +219,56 @@ func (self *anonAPAdapter) toAuthor(actor apActor) *models.Author { return a } +func (self *anonAPAdapter) getHostForId(id string) string { + if strings.HasPrefix(id, "https://") { + idNoScheme := strings.Split(id, "https://")[1] + serverNoScheme := strings.Split(idNoScheme, "/")[0] + return "https://" + serverNoScheme + } else { + return "https://" + strings.Split(id, "@")[1] + } +} + +func (self *anonAPAdapter) normalizeActorId(id string) string { + if string([]byte{id[0]}) == "@" { + id = id[1:] + } + if !strings.Contains(id, "@") { + // if the id is not a URI, add local server to it + if !strings.HasPrefix(id, "https://") { + serverNoScheme := strings.Split(self.server, "https://")[1] + id = fmt.Sprintf("%s@%s", id, serverNoScheme) + } + } + return id +} + func (self *anonAPAdapter) Fetch(etype string, ids []string) error { for _, id := range ids { switch etype { case "author": // webfinger lookup on id - if string([]byte{id[0]}) == "@" { - id = id[1:] - } - reqHost := self.server - if strings.HasPrefix(id, "https://") || !strings.HasSuffix(id, strings.Split(self.server, "https://")[1]) { - if strings.Contains(id, "@") { - reqHost = "https://" + strings.Split(id, "@")[1] - id = strings.Split(id, "@")[0] - } else { - noScheme := strings.TrimPrefix(id, "https://") - domainOnly := strings.Split(noScheme, "/")[0] - reqHost = "https://" + domainOnly - idParts := strings.Split(id, "/") - id = idParts[len(idParts)-1] - } - } + normalizedId := self.normalizeActorId(id) + fmt.Println(normalizedId) + reqHost := self.getHostForId(normalizedId) + profile := normalizedId fmt.Println(reqHost) - res, err := http.Get(reqHost + "/.well-known/webfinger?resource=acct:" + id) + if !strings.HasPrefix(normalizedId, "https://") { + res, err := http.Get(reqHost + "/.well-known/webfinger?resource=acct:" + normalizedId) if err != nil { return err } - fmt.Printf("%d\n", res.StatusCode) data := getBodyJson(res) - fmt.Println(string(data)) wf := webFinger{} json.Unmarshal(data, &wf) - var profile string + for _, l := range wf.Links { if l.Rel == "self" { profile = l.Href break } } - res, err = self.makeApRequest("GET", profile, nil) + } + res, err := self.makeApRequest("GET", profile, nil) if err != nil { return err } @@ -267,25 +280,25 @@ func (self *anonAPAdapter) Fetch(etype string, ids []string) error { self.send(author) } case "byAuthor": - // get outbox - if string([]byte{id[0]}) == "@" { - id = id[1:] - } - res, err := http.Get(self.server + "/.well-known/webfinger?resource=acct:" + id) + normalizedId := self.normalizeActorId(id) + reqHost := self.getHostForId(normalizedId) + profile := normalizedId + if !strings.HasPrefix(normalizedId, "https://") { + res, err := http.Get(reqHost + "/.well-known/webfinger?resource=acct:" + normalizedId) if err != nil { return err } data := getBodyJson(res) wf := webFinger{} json.Unmarshal(data, &wf) - var profile string for _, l := range wf.Links { if l.Rel == "self" { profile = l.Href break } } - res, err = self.makeApRequest("GET", profile+"/outbox", nil) + } + res, err := self.makeApRequest("GET", profile+"/outbox", nil) if err != nil { return err } diff --git a/go.mod b/go.mod index b68e66f..4f3fff4 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.22.0 require ( forge.lightcrystal.systems/nilix/quartzgun v0.4.2 github.com/McKael/madon v2.3.0+incompatible + github.com/go-fed/httpsig v1.1.0 github.com/nbd-wtf/go-nostr v0.31.2 github.com/yitsushi/go-misskey v1.1.6 golang.org/x/time v0.5.0 @@ -29,6 +30,7 @@ require ( github.com/tidwall/gjson v1.14.4 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect + golang.org/x/crypto v0.23.0 // indirect golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 // indirect golang.org/x/net v0.25.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect diff --git a/go.sum b/go.sum index f9614ba..aedca46 100644 --- a/go.sum +++ b/go.sum @@ -13,6 +13,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.1 h1:7PltbUIQB7u/FfZ39+DGa/ShuMyJ5il github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= +github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= +github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU= github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM= github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og= @@ -49,16 +51,26 @@ github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 h1:5llv2sWeaMSnA3w2kS57ouQQ4pudlXrR0dCgw51QK9o= golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=