yetangitu/funkwhale
1
0
Fork 0
mirror of https://code.eliotberriot.com/funkwhale/funkwhale.git synced 2025-10-05 06:19:24 +02:00
Code Issues Releases Wiki Activity

Now validate incoming webfinger

Browse source
This commit is contained in:
Eliot Berriot 2018-04-08 10:42:10 +02:00
parent 314587e2eb
commit b8c7e960c3
No known key found for this signature in database
GPG key ID: DD6965E2476E5C27
3 changed files with 64 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

19
api/funkwhale_api/federation/webfinger.py
View file

@ -2,8 +2,11 @@ from django import forms
from django.conf import settings
from django.urls import reverse
from funkwhale_api.common import session
from . import actors
from . import utils
from . import serializers
VALID_RESOURCE_TYPES = ['acct']
@ -23,13 +26,13 @@ def clean_resource(resource_string):
return resource_type, resource
def clean_acct(acct_string):
def clean_acct(acct_string, ensure_local=True):
try:
username, hostname = acct_string.split('@')
except ValueError:
raise forms.ValidationError('Invalid format')
if hostname.lower() != settings.FEDERATION_HOSTNAME:
if ensure_local and hostname.lower() != settings.FEDERATION_HOSTNAME:
raise forms.ValidationError(
'Invalid hostname {}'.format(hostname))
@ -37,3 +40,15 @@ def clean_acct(acct_string):
raise forms.ValidationError('Invalid username')
return username, hostname
def get_resource(resource_string):
resource_type, resource = clean_resource(resource_string)
username, hostname = clean_acct(resource, ensure_local=False)
url = 'https://{}/.well-known/webfinger?resource={}'.format(
hostname, resource_string)
response = session.get_session().get(url)
response.raise_for_status()
serializer = serializers.ActorWebfingerSerializer(data=response.json())
serializer.is_valid(raise_exception=True)
return serializer.validated_data