From f185a061dc6ee25f4b01713eca8c11b505063a27 Mon Sep 17 00:00:00 2001 From: Laura Hausmann Date: Fri, 19 Apr 2024 01:21:12 +0200 Subject: [PATCH] [backend/federation] Improve local instance detection in WebFingerService --- .../Core/Federation/WebFinger/WebFingerService.cs | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/Iceshrimp.Backend/Core/Federation/WebFinger/WebFingerService.cs b/Iceshrimp.Backend/Core/Federation/WebFinger/WebFingerService.cs index c3420f6f..4cc1766e 100644 --- a/Iceshrimp.Backend/Core/Federation/WebFinger/WebFingerService.cs +++ b/Iceshrimp.Backend/Core/Federation/WebFinger/WebFingerService.cs @@ -2,8 +2,10 @@ using System.Net; using System.Text.Encodings.Web; using System.Xml; using Iceshrimp.Backend.Controllers.Federation.Schemas; +using Iceshrimp.Backend.Core.Configuration; using Iceshrimp.Backend.Core.Middleware; using Iceshrimp.Backend.Core.Services; +using Microsoft.Extensions.Options; namespace Iceshrimp.Backend.Core.Federation.WebFinger; @@ -18,13 +20,20 @@ namespace Iceshrimp.Backend.Core.Federation.WebFinger; */ //FIXME: handle cursed person/group acct collisions like https://lemmy.ml/.well-known/webfinger?resource=acct:linux@lemmy.ml -//FIXME: also check if the query references the local instance in other ways (e.g. @user@{WebDomain}, @user@{AccountDomain}, https://{WebDomain}/..., etc) -public class WebFingerService(HttpClient client, HttpRequestService httpRqSvc, IHostApplicationLifetime appLifetime) +public class WebFingerService( + HttpClient client, + HttpRequestService httpRqSvc, + IHostApplicationLifetime appLifetime, + IOptions config +) { public async Task ResolveAsync(string query) { (query, var proto, var domain) = ParseQuery(query); + if (domain == config.Value.WebDomain || domain == config.Value.AccountDomain) + throw new GracefulException(HttpStatusCode.BadRequest, "Can't run WebFinger for local user"); + var webFingerUrl = await GetWebFingerUrlAsync(query, proto, domain); using var cts = CancellationTokenSource.CreateLinkedTokenSource(appLifetime.ApplicationStopping);