Only allow primary domain for RS

Replace user addresses with usernames in the respective URLs
This commit is contained in:
Râu Cao
2023-11-01 21:46:38 +01:00
parent 5075fef616
commit 56c127ca0c
7 changed files with 65 additions and 43 deletions
+16 -13
View File
@@ -6,15 +6,19 @@ class WebfingerController < ApplicationController
def show
resource = params[:resource]
if resource && resource.match(/acct:\w+/)
useraddress = resource.split(":").last
username, org = useraddress.split("@")
username.downcase!
unless User.where(cn: username, ou: org).any?
if resource && @useraddress = resource.match(/acct:(.+)/)&.[](1)
@username, @org = @useraddress.split("@")
unless Rails.env.development?
# Allow different domains (e.g. localhost:3000) in development only
head 404 and return unless @org == Setting.primary_domain
end
unless User.where(cn: @username.downcase, ou: Setting.primary_domain).any?
head 404 and return
end
render json: webfinger(useraddress).to_json,
render json: webfinger.to_json,
content_type: "application/jrd+json"
else
head 422 and return
@@ -23,19 +27,18 @@ class WebfingerController < ApplicationController
private
def webfinger(useraddress)
def webfinger
links = [];
links << remotestorage_link(useraddress) if Setting.remotestorage_enabled
# TODO check if storage service is enabled for user, not just globally
links << remotestorage_link if Setting.remotestorage_enabled
{ "links" => links }
end
def remotestorage_link(useraddress)
# TODO use when OAuth routes are available
# auth_url = new_rs_oauth_url(useraddress)
auth_url = "https://example.com/rs/oauth"
storage_url = "#{Setting.rs_storage_url}/#{useraddress}"
def remotestorage_link
auth_url = new_rs_oauth_url("#{@username}@#{Setting.primary_domain}")
storage_url = "#{Setting.rs_storage_url}/#{@username}"
{
"rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",