2023-03-12 16:00:57 +01:00
|
|
|
// GoToSocial
|
|
|
|
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
|
|
|
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
|
//
|
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2021-05-21 15:48:26 +02:00
|
|
|
|
2023-01-02 13:10:50 +01:00
|
|
|
package middleware
|
2021-05-21 15:48:26 +02:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"net/http"
|
|
|
|
|
|
2025-04-26 15:34:10 +02:00
|
|
|
apiutil "code.superseriousbusiness.org/gotosocial/internal/api/util"
|
2025-09-16 15:11:45 +02:00
|
|
|
"code.superseriousbusiness.org/gotosocial/internal/config"
|
|
|
|
|
"code.superseriousbusiness.org/gotosocial/internal/log"
|
2021-05-21 15:48:26 +02:00
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
)
|
|
|
|
|
|
2025-09-16 15:11:45 +02:00
|
|
|
// UserAgentOrTeapot returns a gin middleware
|
|
|
|
|
// which aborts requests with empty user agent
|
|
|
|
|
// strings, returning code 418 - I'm a teapot.
|
|
|
|
|
//
|
2025-09-16 15:58:54 +02:00
|
|
|
// If `instance-allow-empty-user-agents` is
|
|
|
|
|
// true, it logs a debug msg instead of aborting.
|
2025-09-16 15:11:45 +02:00
|
|
|
func UserAgentOrTeapot() gin.HandlerFunc {
|
|
|
|
|
|
|
|
|
|
// Build variables outside the handler
|
|
|
|
|
// so they're not instantiated every
|
|
|
|
|
// time a request is processed.
|
|
|
|
|
var (
|
2025-09-16 16:23:37 +02:00
|
|
|
rsp = []byte(`{"error": "I'm a teapot: no user-agent sent with request"}`)
|
2025-09-16 15:58:54 +02:00
|
|
|
allowEmpty = config.GetInstanceAllowEmptyUserAgents()
|
2025-09-16 15:11:45 +02:00
|
|
|
)
|
|
|
|
|
|
2023-01-02 13:10:50 +01:00
|
|
|
return func(c *gin.Context) {
|
2025-09-16 15:11:45 +02:00
|
|
|
ua := c.Request.UserAgent()
|
|
|
|
|
if ua != "" {
|
|
|
|
|
// All good.
|
|
|
|
|
return
|
2023-01-02 13:10:50 +01:00
|
|
|
}
|
2025-09-16 15:11:45 +02:00
|
|
|
|
2025-09-16 15:58:54 +02:00
|
|
|
if allowEmpty {
|
2025-09-16 15:11:45 +02:00
|
|
|
// No user-agent was
|
|
|
|
|
// set but that's OK.
|
|
|
|
|
log.Debugf(
|
|
|
|
|
c.Request.Context(),
|
|
|
|
|
"allowing request with empty User-Agent from client %s",
|
|
|
|
|
c.ClientIP(),
|
|
|
|
|
)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// No user-agent set and that's not ok!
|
|
|
|
|
//
|
|
|
|
|
// Give them a taste of the ol' teapot.
|
|
|
|
|
apiutil.Data(c, http.StatusTeapot, apiutil.AppJSON, rsp)
|
|
|
|
|
c.Abort()
|
2021-05-21 15:48:26 +02:00
|
|
|
}
|
|
|
|
|
}
|
