gotosocial/internal/transport/finger.go

/*
   GoToSocial
   Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.

   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package transport

import (
	"context"
	"fmt"
	"io"
	"net/http"

	"github.com/superseriousbusiness/gotosocial/internal/api"
)

func (t *transport) Finger(ctx context.Context, targetUsername string, targetDomain string) ([]byte, error) {
	// Prepare URL string
	urlStr := "https://" +
		targetDomain +
		"/.well-known/webfinger?resource=acct:" +
		targetUsername + "@" + targetDomain

	// Generate new GET request from URL string
	req, err := http.NewRequestWithContext(ctx, "GET", urlStr, nil)
	if err != nil {
		return nil, err
	}
	req.Header.Add("Accept", string(api.AppJSON))
	req.Header.Add("Accept", "application/jrd+json")
	req.Header.Add("User-Agent", t.controller.userAgent)
	req.Header.Set("Host", req.URL.Host)

	// Perform the HTTP request
	rsp, err := t.GET(req)
	if err != nil {
		return nil, err
	}
	defer rsp.Body.Close()

	// Check for an expected status code
	if rsp.StatusCode != http.StatusOK {
		return nil, fmt.Errorf("GET request to %s failed (%d): %s", urlStr, rsp.StatusCode, rsp.Status)
	}

	return io.ReadAll(rsp.Body)
}
Pg to bun (#148) * start moving to bun * changing more stuff * more * and yet more * tests passing * seems stable now * more big changes * small fix * little fixes 2021-08-25 13:34:33 +00:00			`/*`
			`GoToSocial`
Extend license notices to 2022 (#354) 2021-12-20 17:42:19 +00:00			`Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org`
Pg to bun (#148) * start moving to bun * changing more stuff * more * and yet more * tests passing * seems stable now * more big changes * small fix * little fixes 2021-08-25 13:34:33 +00:00
			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU Affero General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU Affero General Public License for more details.`

			`You should have received a copy of the GNU Affero General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

Remote instance dereferencing (#70) Remote instances are now dereferenced when they post to an inbox on a GtS instance. Dereferencing will be done first by checking the /api/v1/instance endpoint of an instance. If that doesn't work, /.well-known/nodeinfo will be checked. If that doesn't work, only a minimal representation of the instance will be stored. A new field was added to the Instance database model. To create it: alter table instances add column contact_account_username text; 2021-06-27 14:52:18 +00:00			`package transport`

			`import (`
			`"context"`
			`"fmt"`
[chore] update dependencies, bump to Go 1.19.1 (#826) * update dependencies, bump Go version to 1.19 * bump test image Go version * update golangci-lint * update gotosocial-drone-build * sign * linting, go fmt * update swagger docs * update swagger docs * whitespace * update contributing.md * fuckin whoopsie doopsie * linterino, linteroni * fix followrequest test not starting processor * fix other api/client tests not starting processor * fix remaining tests where processor not started * bump go-runners version * don't check last-webfingered-at, processor may have updated this * update swagger command * update bun to latest version * fix embed to work the same as before with new bun Signed-off-by: kim <grufwub@gmail.com> Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com> 2022-09-28 17:30:40 +00:00			`"io"`
Remote instance dereferencing (#70) Remote instances are now dereferenced when they post to an inbox on a GtS instance. Dereferencing will be done first by checking the /api/v1/instance endpoint of an instance. If that doesn't work, /.well-known/nodeinfo will be checked. If that doesn't work, only a minimal representation of the instance will be stored. A new field was added to the Instance database model. To create it: alter table instances add column contact_account_username text; 2021-06-27 14:52:18 +00:00			`"net/http"`
[feature] More consistent API error handling (#637) * update templates * start reworking api error handling * update template * return AP status at web endpoint if negotiated * start making api error handling much more consistent * update account endpoints to new error handling * use new api error handling in admin endpoints * go fmt ./... * use api error logic in app * use generic error handling in auth * don't export generic error handler * don't defer clearing session * user nicer error handling on oidc callback handler * tidy up the sign in handler * tidy up the token handler * use nicer error handling in blocksget * auth emojis endpoint * fix up remaining api endpoints * fix whoopsie during login flow * regenerate swagger docs * change http error logging to debug 2022-06-08 18:38:03 +00:00
			`"github.com/superseriousbusiness/gotosocial/internal/api"`
Remote instance dereferencing (#70) Remote instances are now dereferenced when they post to an inbox on a GtS instance. Dereferencing will be done first by checking the /api/v1/instance endpoint of an instance. If that doesn't work, /.well-known/nodeinfo will be checked. If that doesn't work, only a minimal representation of the instance will be stored. A new field was added to the Instance database model. To create it: alter table instances add column contact_account_username text; 2021-06-27 14:52:18 +00:00			`)`

Pg to bun (#148) * start moving to bun * changing more stuff * more * and yet more * tests passing * seems stable now * more big changes * small fix * little fixes 2021-08-25 13:34:33 +00:00			`func (t *transport) Finger(ctx context.Context, targetUsername string, targetDomain string) ([]byte, error) {`
[security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) * cache transports in controller by privkey-generated pubkey, add retry logic to transport requests Signed-off-by: kim <grufwub@gmail.com> * update code comments, defer mutex unlocks Signed-off-by: kim <grufwub@gmail.com> * add count to 'performing request' log message Signed-off-by: kim <grufwub@gmail.com> * reduce repeated conversions of same url.URL object Signed-off-by: kim <grufwub@gmail.com> * move worker.Worker to concurrency subpackage, add WorkQueue type, limit transport http client use by WorkQueue Signed-off-by: kim <grufwub@gmail.com> * fix security advisories regarding max outgoing conns, max rsp body size - implemented by a new httpclient.Client{} that wraps an underlying client with a queue to limit connections, and limit reader wrapping a response body with a configured maximum size - update pub.HttpClient args passed around to be this new httpclient.Client{} Signed-off-by: kim <grufwub@gmail.com> * add httpclient tests, move ip validation to separate package + change mechanism Signed-off-by: kim <grufwub@gmail.com> * fix merge conflicts Signed-off-by: kim <grufwub@gmail.com> * use singular mutex in transport rather than separate signer mus Signed-off-by: kim <grufwub@gmail.com> * improved useragent string Signed-off-by: kim <grufwub@gmail.com> * add note regarding missing test Signed-off-by: kim <grufwub@gmail.com> * remove useragent field from transport (instead store in controller) Signed-off-by: kim <grufwub@gmail.com> * shutup linter Signed-off-by: kim <grufwub@gmail.com> * reset other signing headers on each loop iteration Signed-off-by: kim <grufwub@gmail.com> * respect request ctx during retry-backoff sleep period Signed-off-by: kim <grufwub@gmail.com> * use external pkg with docs explaining performance "hack" Signed-off-by: kim <grufwub@gmail.com> * use http package constants instead of string method literals Signed-off-by: kim <grufwub@gmail.com> * add license file headers Signed-off-by: kim <grufwub@gmail.com> * update code comment to match new func names Signed-off-by: kim <grufwub@gmail.com> * updates to user-agent string Signed-off-by: kim <grufwub@gmail.com> * update signed testrig models to fit with new transport logic (instead uses separate signer now) Signed-off-by: kim <grufwub@gmail.com> * fuck you linter Signed-off-by: kim <grufwub@gmail.com> 2022-05-15 09:16:43 +00:00			`// Prepare URL string`
			`urlStr := "https://" +`
			`targetDomain +`
			`"/.well-known/webfinger?resource=acct:" +`
			`targetUsername + "@" + targetDomain`

			`// Generate new GET request from URL string`
			`req, err := http.NewRequestWithContext(ctx, "GET", urlStr, nil)`
Remote instance dereferencing (#70) Remote instances are now dereferenced when they post to an inbox on a GtS instance. Dereferencing will be done first by checking the /api/v1/instance endpoint of an instance. If that doesn't work, /.well-known/nodeinfo will be checked. If that doesn't work, only a minimal representation of the instance will be stored. A new field was added to the Instance database model. To create it: alter table instances add column contact_account_username text; 2021-06-27 14:52:18 +00:00			`if err != nil {`
			`return nil, err`
			`}`
[feature] More consistent API error handling (#637) * update templates * start reworking api error handling * update template * return AP status at web endpoint if negotiated * start making api error handling much more consistent * update account endpoints to new error handling * use new api error handling in admin endpoints * go fmt ./... * use api error logic in app * use generic error handling in auth * don't export generic error handler * don't defer clearing session * user nicer error handling on oidc callback handler * tidy up the sign in handler * tidy up the token handler * use nicer error handling in blocksget * auth emojis endpoint * fix up remaining api endpoints * fix whoopsie during login flow * regenerate swagger docs * change http error logging to debug 2022-06-08 18:38:03 +00:00			`req.Header.Add("Accept", string(api.AppJSON))`
Remote instance dereferencing (#70) Remote instances are now dereferenced when they post to an inbox on a GtS instance. Dereferencing will be done first by checking the /api/v1/instance endpoint of an instance. If that doesn't work, /.well-known/nodeinfo will be checked. If that doesn't work, only a minimal representation of the instance will be stored. A new field was added to the Instance database model. To create it: alter table instances add column contact_account_username text; 2021-06-27 14:52:18 +00:00			`req.Header.Add("Accept", "application/jrd+json")`
[security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) * cache transports in controller by privkey-generated pubkey, add retry logic to transport requests Signed-off-by: kim <grufwub@gmail.com> * update code comments, defer mutex unlocks Signed-off-by: kim <grufwub@gmail.com> * add count to 'performing request' log message Signed-off-by: kim <grufwub@gmail.com> * reduce repeated conversions of same url.URL object Signed-off-by: kim <grufwub@gmail.com> * move worker.Worker to concurrency subpackage, add WorkQueue type, limit transport http client use by WorkQueue Signed-off-by: kim <grufwub@gmail.com> * fix security advisories regarding max outgoing conns, max rsp body size - implemented by a new httpclient.Client{} that wraps an underlying client with a queue to limit connections, and limit reader wrapping a response body with a configured maximum size - update pub.HttpClient args passed around to be this new httpclient.Client{} Signed-off-by: kim <grufwub@gmail.com> * add httpclient tests, move ip validation to separate package + change mechanism Signed-off-by: kim <grufwub@gmail.com> * fix merge conflicts Signed-off-by: kim <grufwub@gmail.com> * use singular mutex in transport rather than separate signer mus Signed-off-by: kim <grufwub@gmail.com> * improved useragent string Signed-off-by: kim <grufwub@gmail.com> * add note regarding missing test Signed-off-by: kim <grufwub@gmail.com> * remove useragent field from transport (instead store in controller) Signed-off-by: kim <grufwub@gmail.com> * shutup linter Signed-off-by: kim <grufwub@gmail.com> * reset other signing headers on each loop iteration Signed-off-by: kim <grufwub@gmail.com> * respect request ctx during retry-backoff sleep period Signed-off-by: kim <grufwub@gmail.com> * use external pkg with docs explaining performance "hack" Signed-off-by: kim <grufwub@gmail.com> * use http package constants instead of string method literals Signed-off-by: kim <grufwub@gmail.com> * add license file headers Signed-off-by: kim <grufwub@gmail.com> * update code comment to match new func names Signed-off-by: kim <grufwub@gmail.com> * updates to user-agent string Signed-off-by: kim <grufwub@gmail.com> * update signed testrig models to fit with new transport logic (instead uses separate signer now) Signed-off-by: kim <grufwub@gmail.com> * fuck you linter Signed-off-by: kim <grufwub@gmail.com> 2022-05-15 09:16:43 +00:00			`req.Header.Add("User-Agent", t.controller.userAgent)`
			`req.Header.Set("Host", req.URL.Host)`

			`// Perform the HTTP request`
			`rsp, err := t.GET(req)`
Remote instance dereferencing (#70) Remote instances are now dereferenced when they post to an inbox on a GtS instance. Dereferencing will be done first by checking the /api/v1/instance endpoint of an instance. If that doesn't work, /.well-known/nodeinfo will be checked. If that doesn't work, only a minimal representation of the instance will be stored. A new field was added to the Instance database model. To create it: alter table instances add column contact_account_username text; 2021-06-27 14:52:18 +00:00			`if err != nil {`
			`return nil, err`
			`}`
[security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) * cache transports in controller by privkey-generated pubkey, add retry logic to transport requests Signed-off-by: kim <grufwub@gmail.com> * update code comments, defer mutex unlocks Signed-off-by: kim <grufwub@gmail.com> * add count to 'performing request' log message Signed-off-by: kim <grufwub@gmail.com> * reduce repeated conversions of same url.URL object Signed-off-by: kim <grufwub@gmail.com> * move worker.Worker to concurrency subpackage, add WorkQueue type, limit transport http client use by WorkQueue Signed-off-by: kim <grufwub@gmail.com> * fix security advisories regarding max outgoing conns, max rsp body size - implemented by a new httpclient.Client{} that wraps an underlying client with a queue to limit connections, and limit reader wrapping a response body with a configured maximum size - update pub.HttpClient args passed around to be this new httpclient.Client{} Signed-off-by: kim <grufwub@gmail.com> * add httpclient tests, move ip validation to separate package + change mechanism Signed-off-by: kim <grufwub@gmail.com> * fix merge conflicts Signed-off-by: kim <grufwub@gmail.com> * use singular mutex in transport rather than separate signer mus Signed-off-by: kim <grufwub@gmail.com> * improved useragent string Signed-off-by: kim <grufwub@gmail.com> * add note regarding missing test Signed-off-by: kim <grufwub@gmail.com> * remove useragent field from transport (instead store in controller) Signed-off-by: kim <grufwub@gmail.com> * shutup linter Signed-off-by: kim <grufwub@gmail.com> * reset other signing headers on each loop iteration Signed-off-by: kim <grufwub@gmail.com> * respect request ctx during retry-backoff sleep period Signed-off-by: kim <grufwub@gmail.com> * use external pkg with docs explaining performance "hack" Signed-off-by: kim <grufwub@gmail.com> * use http package constants instead of string method literals Signed-off-by: kim <grufwub@gmail.com> * add license file headers Signed-off-by: kim <grufwub@gmail.com> * update code comment to match new func names Signed-off-by: kim <grufwub@gmail.com> * updates to user-agent string Signed-off-by: kim <grufwub@gmail.com> * update signed testrig models to fit with new transport logic (instead uses separate signer now) Signed-off-by: kim <grufwub@gmail.com> * fuck you linter Signed-off-by: kim <grufwub@gmail.com> 2022-05-15 09:16:43 +00:00			`defer rsp.Body.Close()`

			`// Check for an expected status code`
			`if rsp.StatusCode != http.StatusOK {`
			`return nil, fmt.Errorf("GET request to %s failed (%d): %s", urlStr, rsp.StatusCode, rsp.Status)`
Remote instance dereferencing (#70) Remote instances are now dereferenced when they post to an inbox on a GtS instance. Dereferencing will be done first by checking the /api/v1/instance endpoint of an instance. If that doesn't work, /.well-known/nodeinfo will be checked. If that doesn't work, only a minimal representation of the instance will be stored. A new field was added to the Instance database model. To create it: alter table instances add column contact_account_username text; 2021-06-27 14:52:18 +00:00			`}`
[security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) * cache transports in controller by privkey-generated pubkey, add retry logic to transport requests Signed-off-by: kim <grufwub@gmail.com> * update code comments, defer mutex unlocks Signed-off-by: kim <grufwub@gmail.com> * add count to 'performing request' log message Signed-off-by: kim <grufwub@gmail.com> * reduce repeated conversions of same url.URL object Signed-off-by: kim <grufwub@gmail.com> * move worker.Worker to concurrency subpackage, add WorkQueue type, limit transport http client use by WorkQueue Signed-off-by: kim <grufwub@gmail.com> * fix security advisories regarding max outgoing conns, max rsp body size - implemented by a new httpclient.Client{} that wraps an underlying client with a queue to limit connections, and limit reader wrapping a response body with a configured maximum size - update pub.HttpClient args passed around to be this new httpclient.Client{} Signed-off-by: kim <grufwub@gmail.com> * add httpclient tests, move ip validation to separate package + change mechanism Signed-off-by: kim <grufwub@gmail.com> * fix merge conflicts Signed-off-by: kim <grufwub@gmail.com> * use singular mutex in transport rather than separate signer mus Signed-off-by: kim <grufwub@gmail.com> * improved useragent string Signed-off-by: kim <grufwub@gmail.com> * add note regarding missing test Signed-off-by: kim <grufwub@gmail.com> * remove useragent field from transport (instead store in controller) Signed-off-by: kim <grufwub@gmail.com> * shutup linter Signed-off-by: kim <grufwub@gmail.com> * reset other signing headers on each loop iteration Signed-off-by: kim <grufwub@gmail.com> * respect request ctx during retry-backoff sleep period Signed-off-by: kim <grufwub@gmail.com> * use external pkg with docs explaining performance "hack" Signed-off-by: kim <grufwub@gmail.com> * use http package constants instead of string method literals Signed-off-by: kim <grufwub@gmail.com> * add license file headers Signed-off-by: kim <grufwub@gmail.com> * update code comment to match new func names Signed-off-by: kim <grufwub@gmail.com> * updates to user-agent string Signed-off-by: kim <grufwub@gmail.com> * update signed testrig models to fit with new transport logic (instead uses separate signer now) Signed-off-by: kim <grufwub@gmail.com> * fuck you linter Signed-off-by: kim <grufwub@gmail.com> 2022-05-15 09:16:43 +00:00
[chore] update dependencies, bump to Go 1.19.1 (#826) * update dependencies, bump Go version to 1.19 * bump test image Go version * update golangci-lint * update gotosocial-drone-build * sign * linting, go fmt * update swagger docs * update swagger docs * whitespace * update contributing.md * fuckin whoopsie doopsie * linterino, linteroni * fix followrequest test not starting processor * fix other api/client tests not starting processor * fix remaining tests where processor not started * bump go-runners version * don't check last-webfingered-at, processor may have updated this * update swagger command * update bun to latest version * fix embed to work the same as before with new bun Signed-off-by: kim <grufwub@gmail.com> Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com> 2022-09-28 17:30:40 +00:00			`return io.ReadAll(rsp.Body)`
Remote instance dereferencing (#70) Remote instances are now dereferenced when they post to an inbox on a GtS instance. Dereferencing will be done first by checking the /api/v1/instance endpoint of an instance. If that doesn't work, /.well-known/nodeinfo will be checked. If that doesn't work, only a minimal representation of the instance will be stored. A new field was added to the Instance database model. To create it: alter table instances add column contact_account_username text; 2021-06-27 14:52:18 +00:00			`}`