mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-11-08 09:25:43 +01:00
e91cabb704
* [bugfix] Fix NegotiateAccept with multi accept
There's a bug in Gin's NegotiateFormat that doesn't handle the presence
of multilpe accept headers. This lifts the code from the PR @tsmethurst
sent a year ago to Gin into our codebase to fix the issue.
* [bugfix] Concat accept header in webfinger
Some implementations bug out when there's multiple accept headers,
including Gin (see 7050112af1
). But things
seem to work reliably with a single accept header with multiple parts.
Fixes: #1793
174 lines
5.6 KiB
Go
174 lines
5.6 KiB
Go
// GoToSocial
|
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package web
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/superseriousbusiness/gotosocial/internal/ap"
|
|
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
|
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
|
|
"github.com/superseriousbusiness/gotosocial/internal/config"
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
|
"github.com/superseriousbusiness/gotosocial/internal/oauth"
|
|
)
|
|
|
|
const (
|
|
// MaxStatusIDKey is for specifying the maximum ID of the status to retrieve.
|
|
MaxStatusIDKey = "max_id"
|
|
)
|
|
|
|
func (m *Module) profileGETHandler(c *gin.Context) {
|
|
ctx := c.Request.Context()
|
|
|
|
authed, err := oauth.Authed(c, false, false, false, false)
|
|
if err != nil {
|
|
apiutil.WebErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
|
|
return
|
|
}
|
|
|
|
username := strings.ToLower(c.Param(usernameKey))
|
|
if username == "" {
|
|
err := errors.New("no account username specified")
|
|
apiutil.WebErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
|
|
return
|
|
}
|
|
|
|
instance, err := m.processor.InstanceGetV1(ctx)
|
|
if err != nil {
|
|
apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1)
|
|
return
|
|
}
|
|
|
|
instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) {
|
|
return instance, nil
|
|
}
|
|
|
|
account, errWithCode := m.processor.Account().GetLocalByUsername(ctx, authed.Account, username)
|
|
if errWithCode != nil {
|
|
apiutil.WebErrorHandler(c, errWithCode, instanceGet)
|
|
return
|
|
}
|
|
|
|
// if we're getting an AP request on this endpoint we
|
|
// should render the account's AP representation instead
|
|
accept := apiutil.NegotiateFormat(c, string(apiutil.TextHTML), string(apiutil.AppActivityJSON), string(apiutil.AppActivityLDJSON))
|
|
if accept == string(apiutil.AppActivityJSON) || accept == string(apiutil.AppActivityLDJSON) {
|
|
m.returnAPProfile(ctx, c, username, accept)
|
|
return
|
|
}
|
|
|
|
var rssFeed string
|
|
if account.EnableRSS {
|
|
rssFeed = "/@" + account.Username + "/feed.rss"
|
|
}
|
|
|
|
// only allow search engines / robots to view this page if account is discoverable
|
|
var robotsMeta string
|
|
if account.Discoverable {
|
|
robotsMeta = robotsMetaAllowSome
|
|
}
|
|
|
|
// We need to change our response slightly if the
|
|
// profile visitor is paging through statuses.
|
|
var (
|
|
paging bool
|
|
pinnedResp = &apimodel.PageableResponse{}
|
|
maxStatusID string
|
|
)
|
|
|
|
if maxStatusIDString := c.Query(MaxStatusIDKey); maxStatusIDString != "" {
|
|
maxStatusID = maxStatusIDString
|
|
paging = true
|
|
}
|
|
|
|
statusResp, errWithCode := m.processor.Account().WebStatusesGet(ctx, account.ID, maxStatusID)
|
|
if errWithCode != nil {
|
|
apiutil.WebErrorHandler(c, errWithCode, instanceGet)
|
|
return
|
|
}
|
|
|
|
// If we're not paging, then the profile visitor
|
|
// is currently just opening the bare profile, so
|
|
// load pinned statuses so we can show them at the
|
|
// top of the profile.
|
|
if !paging {
|
|
pinnedResp, errWithCode = m.processor.Account().StatusesGet(ctx, authed.Account, account.ID, 0, false, false, "", "", true, false, false)
|
|
if errWithCode != nil {
|
|
apiutil.WebErrorHandler(c, errWithCode, instanceGet)
|
|
return
|
|
}
|
|
}
|
|
|
|
stylesheets := []string{
|
|
assetsPathPrefix + "/Fork-Awesome/css/fork-awesome.min.css",
|
|
distPathPrefix + "/status.css",
|
|
distPathPrefix + "/profile.css",
|
|
}
|
|
if config.GetAccountsAllowCustomCSS() {
|
|
stylesheets = append(stylesheets, "/@"+account.Username+"/custom.css")
|
|
}
|
|
|
|
c.HTML(http.StatusOK, "profile.tmpl", gin.H{
|
|
"instance": instance,
|
|
"account": account,
|
|
"ogMeta": ogBase(instance).withAccount(account),
|
|
"rssFeed": rssFeed,
|
|
"robotsMeta": robotsMeta,
|
|
"statuses": statusResp.Items,
|
|
"statuses_next": statusResp.NextLink,
|
|
"pinned_statuses": pinnedResp.Items,
|
|
"show_back_to_top": paging,
|
|
"stylesheets": stylesheets,
|
|
"javascript": []string{distPathPrefix + "/frontend.js"},
|
|
})
|
|
}
|
|
|
|
func (m *Module) returnAPProfile(ctx context.Context, c *gin.Context, username string, accept string) {
|
|
verifier, signed := c.Get(string(ap.ContextRequestingPublicKeyVerifier))
|
|
if signed {
|
|
ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeyVerifier, verifier)
|
|
}
|
|
|
|
signature, signed := c.Get(string(ap.ContextRequestingPublicKeySignature))
|
|
if signed {
|
|
ctx = context.WithValue(ctx, ap.ContextRequestingPublicKeySignature, signature)
|
|
}
|
|
|
|
user, errWithCode := m.processor.Fedi().UserGet(ctx, username, c.Request.URL)
|
|
if errWithCode != nil {
|
|
apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) //nolint:contextcheck
|
|
return
|
|
}
|
|
|
|
b, mErr := json.Marshal(user)
|
|
if mErr != nil {
|
|
err := fmt.Errorf("could not marshal json: %s", mErr)
|
|
apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) //nolint:contextcheck
|
|
return
|
|
}
|
|
|
|
c.Data(http.StatusOK, accept, b)
|
|
}
|