diff --git a/routers/web/web.go b/routers/web/web.go index 9faa61e56056..53304dac90ca 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -242,6 +242,7 @@ func RegisterRoutes(m *web.Route) { m.Get("/openid-configuration", auth.OIDCWellKnown) if setting.Federation.Enabled { m.Get("/nodeinfo", NodeInfoLinks) + m.Get("/webfinger", WebfingerQuery) } m.Get("/change-password", func(w http.ResponseWriter, req *http.Request) { http.Redirect(w, req, "/user/settings/account", http.StatusTemporaryRedirect) diff --git a/routers/web/webfinger.go b/routers/web/webfinger.go new file mode 100644 index 000000000000..22008765fabe --- /dev/null +++ b/routers/web/webfinger.go @@ -0,0 +1,112 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package web + +import ( + "fmt" + "net/http" + "net/url" + "regexp" + "strings" + + user_model "code.gitea.io/gitea/models/user" + "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/setting" +) + +var webfingerRessourcePattern = regexp.MustCompile(`(?i)\A([a-z^:]+):(.*)\z`) + +// https://datatracker.ietf.org/doc/html/draft-ietf-appsawg-webfinger-14#section-4.4 + +type webfingerJRD struct { + Subject string `json:"subject,omitempty"` + Aliases []string `json:"aliases,omitempty"` + Properties map[string]interface{} `json:"properties,omitempty"` + Links []*webfingerLink `json:"links,omitempty"` +} + +type webfingerLink struct { + Rel string `json:"rel,omitempty"` + Type string `json:"type,omitempty"` + Href string `json:"href,omitempty"` + Titles map[string]string `json:"titles,omitempty"` + Properties map[string]interface{} `json:"properties,omitempty"` +} + +// WebfingerQuery returns informations about a resource +// https://datatracker.ietf.org/doc/html/rfc7565 +func WebfingerQuery(ctx *context.Context) { + resource := ctx.FormTrim("resource") + + scheme := "acct" + uri := resource + + match := webfingerRessourcePattern.FindStringSubmatch(resource) + if match != nil { + scheme = match[1] + uri = match[2] + } + + appURL, _ := url.Parse(setting.AppURL) + + var u *user_model.User + var err error + + switch scheme { + case "acct": + // allow only the current host + parts := strings.SplitN(uri, "@", 2) + if len(parts) != 2 { + ctx.Error(http.StatusBadRequest) + return + } + if parts[1] != appURL.Host { + ctx.Error(http.StatusBadRequest) + return + } + + u, err = user_model.GetUserByNameCtx(ctx, parts[0]) + case "mailto": + u, err = user_model.GetUserByEmailContext(ctx, uri) + default: + ctx.Error(http.StatusBadRequest) + return + } + if err != nil { + if user_model.IsErrUserNotExist(err) { + ctx.Error(http.StatusNotFound) + } else { + log.Error("Error getting user: %v", err) + ctx.Error(http.StatusInternalServerError) + } + return + } + + // Should we check IsUserVisibleToViewer here? + + aliases := make([]string, 0, 1) + if !u.KeepEmailPrivate { + aliases = append(aliases, fmt.Sprintf("mailto:%s", u.Email)) + } + + links := []*webfingerLink{ + { + Rel: "http://webfinger.net/rel/profile-page", + Type: "text/html", + Href: u.HTMLURL(), + }, + { + Rel: "http://webfinger.net/rel/avatar", + Href: u.AvatarLink(), + }, + } + + ctx.JSON(http.StatusOK, &webfingerJRD{ + Subject: fmt.Sprintf("acct:%s@%s", url.QueryEscape(u.Name), appURL.Host), + Aliases: aliases, + Links: links, + }) +}