61 lines
1.8 KiB
Ruby
61 lines
1.8 KiB
Ruby
class WebfingerController < ApplicationController
|
|
before_action :allow_cross_origin_requests, only: [:show]
|
|
|
|
layout false
|
|
|
|
def show
|
|
resource = params[:resource]
|
|
|
|
if resource && @useraddress = resource.match(/acct:(.+)/)&.[](1)
|
|
@username, @org = @useraddress.split("@")
|
|
|
|
unless Rails.env.development?
|
|
# Allow different domains (e.g. localhost:3000) in development only
|
|
head 404 and return unless @org == Setting.primary_domain
|
|
end
|
|
|
|
unless User.where(cn: @username.downcase, ou: Setting.primary_domain).any?
|
|
head 404 and return
|
|
end
|
|
|
|
render json: webfinger.to_json,
|
|
content_type: "application/jrd+json"
|
|
else
|
|
head 422 and return
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def webfinger
|
|
links = [];
|
|
|
|
# TODO check if storage service is enabled for user, not just globally
|
|
links << remotestorage_link if Setting.remotestorage_enabled
|
|
|
|
{ "links" => links }
|
|
end
|
|
|
|
def remotestorage_link
|
|
auth_url = new_rs_oauth_url("#{@username}@#{Setting.primary_domain}")
|
|
storage_url = "#{Setting.rs_storage_url}/#{@username}"
|
|
|
|
{
|
|
"rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",
|
|
"href" => storage_url,
|
|
"properties" => {
|
|
"http://remotestorage.io/spec/version" => "draft-dejong-remotestorage-13",
|
|
"http://tools.ietf.org/html/rfc6749#section-4.2" => auth_url,
|
|
"http://tools.ietf.org/html/rfc6750#section-2.3" => nil, # access token via a HTTP query parameter
|
|
"http://tools.ietf.org/html/rfc7233": "GET", # content range requests
|
|
"http://remotestorage.io/spec/web-authoring": nil
|
|
}
|
|
}
|
|
end
|
|
|
|
def allow_cross_origin_requests
|
|
headers['Access-Control-Allow-Origin'] = '*'
|
|
headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
|
|
end
|
|
end
|