mastodon/app/controllers/well_known/webfinger_controller.rb

# frozen_string_literal: true

module WellKnown
  class WebfingerController < ActionController::Base
    include RoutingHelper

    before_action :set_account
    before_action :check_account_suspension

    rescue_from ActiveRecord::RecordNotFound, with: :not_found
    rescue_from ActionController::ParameterMissing, WebfingerResource::InvalidRequest, with: :bad_request

    def show
      expires_in 3.days, public: true
      render json: @account, serializer: WebfingerSerializer, content_type: 'application/jrd+json'
    end

    private

    def set_account
      @account = Account.find_local!(username_from_resource)
    end

    def username_from_resource
      resource_user    = resource_param
      username, domain = resource_user.split('@')
      resource_user    = "#{username}@#{Rails.configuration.x.local_domain}" if Rails.configuration.x.alternate_domains.include?(domain)

      WebfingerResource.new(resource_user).username
    end

    def resource_param
      params.require(:resource)
    end

    def check_account_suspension
      expires_in(3.minutes, public: true) && gone if @account.suspended_permanently?
    end

    def bad_request
      expires_in(3.minutes, public: true)
      head 400
    end

    def not_found
      expires_in(3.minutes, public: true)
      head 404
    end

    def gone
      head 410
    end
  end
end
Clean up well-known routes/controllers (#1649) * Add request spec for host meta route returning xml * Add routing spec for xrd routes * Update well-known routes * Move webfinger and host-meta actions to their own controllers 2017-04-13 11:09:07 +00:00			`# frozen_string_literal: true`

			`module WellKnown`
Make host_meta/webfinger replies cacheable (fixes #6100) (#6101) * Make host_meta/webfinger replies cacheable (fixes #6100) Drop common code for handling users and sessions as webfinger queries are very basic, public APIs. Also explicitly mark results as cacheable with “expires_in”. * Add “Vary: Accept” header for caching since content-negociation is used 2017-12-27 17:21:12 +00:00			`class WebfingerController < ActionController::Base`
Ensure well_known controllers use WEB_DOMAIN by including RoutingHelper (#2388) This fixes #2375. 2017-06-02 20:21:36 +00:00			`include RoutingHelper`

Fix webfinger response not returning 410 when account is suspended (#11869) 2019-09-17 12:58:02 +00:00			`before_action :set_account`
			`before_action :check_account_suspension`
Make host_meta/webfinger replies cacheable (fixes #6100) (#6101) * Make host_meta/webfinger replies cacheable (fixes #6100) Drop common code for handling users and sessions as webfinger queries are very basic, public APIs. Also explicitly mark results as cacheable with “expires_in”. * Add “Vary: Accept” header for caching since content-negociation is used 2017-12-27 17:21:12 +00:00
Fix webfinger returning wrong status code on malformed or missing param (#13759) Fixes #13757 2020-05-14 21:28:06 +00:00			`rescue_from ActiveRecord::RecordNotFound, with: :not_found`
			`rescue_from ActionController::ParameterMissing, WebfingerResource::InvalidRequest, with: :bad_request`
Clean up well-known routes/controllers (#1649) * Add request spec for host meta route returning xml * Add routing spec for xrd routes * Update well-known routes * Move webfinger and host-meta actions to their own controllers 2017-04-13 11:09:07 +00:00
Fix webfinger response not returning 410 when account is suspended (#11869) 2019-09-17 12:58:02 +00:00			`def show`
Refactor controllers for statuses, accounts, and more (#11249) 2019-07-08 10:03:45 +00:00			`expires_in 3.days, public: true`
Remove XML version of Webfinger and remove links to Atom feeds (#11460) Fix #11453 2019-08-01 17:14:02 +00:00			`render json: @account, serializer: WebfingerSerializer, content_type: 'application/jrd+json'`
Clean up well-known routes/controllers (#1649) * Add request spec for host meta route returning xml * Add routing spec for xrd routes * Update well-known routes * Move webfinger and host-meta actions to their own controllers 2017-04-13 11:09:07 +00:00			`end`

			`private`

Fix webfinger response not returning 410 when account is suspended (#11869) 2019-09-17 12:58:02 +00:00			`def set_account`
			`@account = Account.find_local!(username_from_resource)`
			`end`

Clean up well-known routes/controllers (#1649) * Add request spec for host meta route returning xml * Add routing spec for xrd routes * Update well-known routes * Move webfinger and host-meta actions to their own controllers 2017-04-13 11:09:07 +00:00			`def username_from_resource`
Refactor controllers for statuses, accounts, and more (#11249) 2019-07-08 10:03:45 +00:00			`resource_user = resource_param`
Allow alternate domains for mastodon handlers (#3187) 2017-05-22 13:40:04 +00:00			`username, domain = resource_user.split('@')`
Refactor controllers for statuses, accounts, and more (#11249) 2019-07-08 10:03:45 +00:00			`resource_user = "#{username}@#{Rails.configuration.x.local_domain}" if Rails.configuration.x.alternate_domains.include?(domain)`
Allow alternate domains for mastodon handlers (#3187) 2017-05-22 13:40:04 +00:00
			`WebfingerResource.new(resource_user).username`
Clean up well-known routes/controllers (#1649) * Add request spec for host meta route returning xml * Add routing spec for xrd routes * Update well-known routes * Move webfinger and host-meta actions to their own controllers 2017-04-13 11:09:07 +00:00			`end`

			`def resource_param`
			`params.require(:resource)`
			`end`
Fix webfinger response not returning 410 when account is suspended (#11869) 2019-09-17 12:58:02 +00:00
			`def check_account_suspension`
Add support for reversible suspensions through ActivityPub (#14989) 2020-11-07 23:28:39 +00:00			`expires_in(3.minutes, public: true) && gone if @account.suspended_permanently?`
Fix webfinger response not returning 410 when account is suspended (#11869) 2019-09-17 12:58:02 +00:00			`end`

Fix webfinger returning wrong status code on malformed or missing param (#13759) Fixes #13757 2020-05-14 21:28:06 +00:00			`def bad_request`
Fix anonymous access to outbox not being cached by the reverse proxy (#16458) * Fix anonymous access to outbox not being cached by the reverse proxy Up until now, anonymous access to outbox was marked as public, but with a 0 duration for caching, which means remote proxies would only serve from cache when the server was completely overwhelmed. Changed that cache duration to one minute, so that repeated anonymous access to one account's outbox can be appropriately cached. Also added `Signature` to the `Vary` header in case a page is requested, so that authenticated fetches are never served from cache (which only contains public toots). * Remove Vary: Accept header from webfinger controller Indeed, we have stopped returning xrd, and only ever return jrd, so the Accept request header does not matter anymore. * Cache negative webfinger hits for 3 minutes 2021-07-03 19:13:47 +00:00			`expires_in(3.minutes, public: true)`
Fix webfinger returning wrong status code on malformed or missing param (#13759) Fixes #13757 2020-05-14 21:28:06 +00:00			`head 400`
			`end`

Fix webfinger response not returning 410 when account is suspended (#11869) 2019-09-17 12:58:02 +00:00			`def not_found`
Fix anonymous access to outbox not being cached by the reverse proxy (#16458) * Fix anonymous access to outbox not being cached by the reverse proxy Up until now, anonymous access to outbox was marked as public, but with a 0 duration for caching, which means remote proxies would only serve from cache when the server was completely overwhelmed. Changed that cache duration to one minute, so that repeated anonymous access to one account's outbox can be appropriately cached. Also added `Signature` to the `Vary` header in case a page is requested, so that authenticated fetches are never served from cache (which only contains public toots). * Remove Vary: Accept header from webfinger controller Indeed, we have stopped returning xrd, and only ever return jrd, so the Accept request header does not matter anymore. * Cache negative webfinger hits for 3 minutes 2021-07-03 19:13:47 +00:00			`expires_in(3.minutes, public: true)`
Fix webfinger response not returning 410 when account is suspended (#11869) 2019-09-17 12:58:02 +00:00			`head 404`
			`end`

			`def gone`
			`head 410`
			`end`
Clean up well-known routes/controllers (#1649) * Add request spec for host meta route returning xml * Add routing spec for xrd routes * Update well-known routes * Move webfinger and host-meta actions to their own controllers 2017-04-13 11:09:07 +00:00			`end`
			`end`