Slop/activitypub-federation-rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Dont allow redirect for webfinger

Browse source
This commit is contained in:
Felix Ableitner 2025-01-13 10:08:16 +01:00
parent e07a9c0075
commit 1208deafc8
2 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/fetch/webfinger.rs
View file

@ -26,6 +26,9 @@ pub enum WebFingerError {
/// The wefinger object did not contain any link to an activitypub item /// The wefinger object did not contain any link to an activitypub item
#[error("The webfinger object did not contain any link to an activitypub item")] #[error("The webfinger object did not contain any link to an activitypub item")]
NoValidLink, NoValidLink,
/// Webfinger request was redirected which is not allowed
#[error("Webfinger request was redirected which is not allowed")]
RedirectNotAllowed,
} }
impl WebFingerError { impl WebFingerError {
@ -68,16 +71,21 @@ where
format!("{protocol}://{domain}/.well-known/webfinger?resource=acct:{identifier}"); format!("{protocol}://{domain}/.well-known/webfinger?resource=acct:{identifier}");
debug!("Fetching webfinger url: {}", &fetch_url); debug!("Fetching webfinger url: {}", &fetch_url);
let res: Webfinger = fetch_object_http_with_accept( let res = fetch_object_http_with_accept(
&Url::parse(&fetch_url).map_err(Error::UrlParse)?, &Url::parse(&fetch_url).map_err(Error::UrlParse)?,
data, data,
&WEBFINGER_CONTENT_TYPE, &WEBFINGER_CONTENT_TYPE,
) )
.await? .await?;
.object; if res.url != fetch_url {
return Err(Error::WebfingerResolveFailed(
WebFingerError::RedirectNotAllowed,
));
}
debug_assert_eq!(res.subject, format!("acct:{identifier}")); debug_assert_eq!(res.object.subject, format!("acct:{identifier}"));
let links: Vec<Url> = res let links: Vec<Url> = res
.object
.links .links
.iter() .iter()
.filter(|link| { .filter(|link| {