From 04245f9dc175ac7751bcc68a9c3a15f1a9634e6d Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Wed, 30 Jul 2025 14:25:30 +0200
Subject: [PATCH] Revert "Upgrade webfinger lib to 2.8.1"

This reverts commit 1967546cab95d146e60af871d43e6a4990967996.
Another bug that must be fixed first: https://github.com/silverbucket/webfinger.js/issues/116
---
 package.json                                  |  2 +-
 .../core/lib/activitypub/actors/webfinger.ts  | 41 +++++++++++++++----
 yarn.lock                                     | 15 +++++--
 3 files changed, 44 insertions(+), 14 deletions(-)

diff --git a/package.json b/package.json
index 17ee4e7b4..0422102a8 100644
--- a/package.json
+++ b/package.json
@@ -192,7 +192,7 @@
     "tslib": "^2.0.0",
     "uuid": "^11.0.5",
     "validator": "^13.0.0",
-    "webfinger.js": "2.8.1",
+    "webfinger.js": "2.7.1",
     "winston": "3.17.0",
     "ws": "^8.0.0",
     "yauzl": "^3.1.0"
diff --git a/server/core/lib/activitypub/actors/webfinger.ts b/server/core/lib/activitypub/actors/webfinger.ts
index 0659e95c4..6fcc269db 100644
--- a/server/core/lib/activitypub/actors/webfinger.ts
+++ b/server/core/lib/activitypub/actors/webfinger.ts
@@ -1,18 +1,19 @@
+import WebFinger from 'webfinger.js'
+import { WebFingerData } from '@peertube/peertube-models'
 import { isProdInstance } from '@peertube/peertube-node-utils'
 import { isActivityPubUrlValid } from '@server/helpers/custom-validators/activitypub/misc.js'
 import { REQUEST_TIMEOUTS, WEBSERVER } from '@server/initializers/constants.js'
 import { ActorModel } from '@server/models/actor/actor.js'
 import { MActorFull } from '@server/types/models/index.js'
-import WebFinger from 'webfinger.js'
 
-// eslint-disable-next-line new-cap
 const webfinger = new WebFinger({
+  webfist_fallback: false,
   tls_only: isProdInstance(),
   uri_fallback: false,
   request_timeout: REQUEST_TIMEOUTS.DEFAULT
 })
 
-export async function loadActorUrlOrGetFromWebfinger (uriArg: string) {
+async function loadActorUrlOrGetFromWebfinger (uriArg: string) {
   // Handle strings like @toto@example.com
   const uri = uriArg.startsWith('@') ? uriArg.slice(1) : uriArg
 
@@ -30,15 +31,37 @@ export async function loadActorUrlOrGetFromWebfinger (uriArg: string) {
   return getUrlFromWebfinger(uri)
 }
 
-export async function getUrlFromWebfinger (uri: string) {
-  const { object } = await webfinger.lookup(uri)
+async function getUrlFromWebfinger (uri: string) {
+  const webfingerData: WebFingerData = await webfingerLookup(uri)
+  return getLinkOrThrow(webfingerData)
+}
 
-  if (Array.isArray(object.links) === false) throw new Error('WebFinger links is not an array.')
+// ---------------------------------------------------------------------------
 
-  const selfLink = object.links.find(l => l.rel === 'self')
-  if (selfLink === undefined || isActivityPubUrlValid(selfLink.href as string) === false) {
+export {
+  getUrlFromWebfinger,
+  loadActorUrlOrGetFromWebfinger
+}
+
+// ---------------------------------------------------------------------------
+
+function getLinkOrThrow (webfingerData: WebFingerData) {
+  if (Array.isArray(webfingerData.links) === false) throw new Error('WebFinger links is not an array.')
+
+  const selfLink = webfingerData.links.find(l => l.rel === 'self')
+  if (selfLink === undefined || isActivityPubUrlValid(selfLink.href) === false) {
     throw new Error('Cannot find self link or href is not a valid URL.')
   }
 
-  return selfLink.href as string
+  return selfLink.href
+}
+
+function webfingerLookup (handle: string) {
+  return new Promise<WebFingerData>((res, rej) => {
+    webfinger.lookup(handle, (err, p) => {
+      if (err) return rej(err)
+
+      return res(p.object)
+    })
+  })
 }
diff --git a/yarn.lock b/yarn.lock
index 3b21f832e..9ab3400e6 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -11830,10 +11830,12 @@ web-streams-polyfill@^3.0.3:
   resolved "https://registry.yarnpkg.com/web-streams-polyfill/-/web-streams-polyfill-3.3.3.tgz#2073b91a2fdb1fbfbd401e7de0ac9f8214cecb4b"
   integrity sha512-d2JWLCivmZYTSIoge9MsgFCZrt571BikcWGYkjC1khllbTeDlGqZ2D8vD8E/lJa8WGWbb7Plm8/XJYV7IJHZZw==
 
-webfinger.js@2.8.1:
-  version "2.8.1"
-  resolved "https://registry.yarnpkg.com/webfinger.js/-/webfinger.js-2.8.1.tgz#4cec56f8561694b25c1309126588fadcf7bccabf"
-  integrity sha512-mAVXZBuNWb4EtKWciKA59B8dBX8AS7ClZIJPZ0/SLY8PYEgq8pLgGFixSuzKWUJ0cNY7JDtVF5/BKlRM2FlCcw==
+webfinger.js@2.7.1:
+  version "2.7.1"
+  resolved "https://registry.yarnpkg.com/webfinger.js/-/webfinger.js-2.7.1.tgz#6a96ce1c4c36222f3664fe81b2641ceef771c4ea"
+  integrity sha512-H4RokaE4RC39N3uiRTcjKMmy6yYg06lUPORQHvv8DjowZ6I5SalxUeoqHbtTN3EVBmYP/XHQ8Ow6BLEIpe2DtA==
+  dependencies:
+    xhr2 "0.2.1"
 
 webidl-conversions@^3.0.0:
   version "3.0.1"
@@ -12143,6 +12145,11 @@ ws@~8.17.1:
   resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b"
   integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==
 
+xhr2@0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/xhr2/-/xhr2-0.2.1.tgz#4e73adc4f9cfec9cbd2157f73efdce3a5f108a93"
+  integrity sha512-sID0rrVCqkVNUn8t6xuv9+6FViXjUVXq8H5rWOH2rz9fDNQEd4g0EA2XlcEdJXRz5BMEn4O1pJFdT+z4YHhoWw==
+
 xhr@^2.0.1:
   version "2.6.0"
   resolved "https://registry.yarnpkg.com/xhr/-/xhr-2.6.0.tgz#b69d4395e792b4173d6b7df077f0fc5e4e2b249d"