mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-10-31 14:12:26 -05:00
126 lines
4.1 KiB
Go
126 lines
4.1 KiB
Go
|
// GoToSocial
|
||
|
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
||
|
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
||
|
|
//
|
||
|
|
// This program is free software: you can redistribute it and/or modify
|
||
|
|
// it under the terms of the GNU Affero General Public License as published by
|
||
|
|
// the Free Software Foundation, either version 3 of the License, or
|
||
|
|
// (at your option) any later version.
|
||
|
|
//
|
||
|
|
// This program is distributed in the hope that it will be useful,
|
||
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
|
// GNU Affero General Public License for more details.
|
||
|
|
//
|
||
|
|
// You should have received a copy of the GNU Affero General Public License
|
||
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
|
|
|
||
|
|
package admin
|
||
|
|
|
||
|
|
import (
|
||
|
|
"context"
|
||
|
|
"io"
|
||
|
|
"net/http"
|
||
|
|
"net/url"
|
||
|
|
|
||
|
|
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
||
|
|
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
|
||
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
|
||
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
||
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
||
|
|
)
|
||
|
|
|
||
|
|
// DebugAPUrl performs a GET to the given url, using the
|
||
|
|
// signature of the given admin account. The GET will
|
||
|
|
// have Accept set to the ActivityPub content types.
|
||
|
|
//
|
||
|
|
// Only urls with schema http or https are allowed.
|
||
|
|
//
|
||
|
|
// Calls to blocked domains are not allowed, not only
|
||
|
|
// because it's unfair to call them when they can't
|
||
|
|
// call us, but because it probably won't work anyway
|
||
|
|
// if they try to dereference the calling account.
|
||
|
|
//
|
||
|
|
// Errors returned from this function should be fairly
|
||
|
|
// verbose, to help with debugging.
|
||
|
|
func (p *Processor) DebugAPUrl(
|
||
|
|
ctx context.Context,
|
||
|
|
adminAcct *gtsmodel.Account,
|
||
|
|
urlStr string,
|
||
|
|
) (*apimodel.DebugAPUrlResponse, gtserror.WithCode) {
|
||
|
|
// Validate URL.
|
||
|
|
if urlStr == "" {
|
||
|
|
err := gtserror.New("empty URL")
|
||
|
|
return nil, gtserror.NewErrorBadRequest(err, err.Error())
|
||
|
|
}
|
||
|
|
|
||
|
|
url, err := url.Parse(urlStr)
|
||
|
|
if err != nil {
|
||
|
|
err := gtserror.Newf("invalid URL: %w", err)
|
||
|
|
return nil, gtserror.NewErrorBadRequest(err, err.Error())
|
||
|
|
}
|
||
|
|
|
||
|
|
if url == nil || (url.Scheme != "http" && url.Scheme != "https") {
|
||
|
|
err = gtserror.New("invalid URL scheme, acceptable schemes are http or https")
|
||
|
|
return nil, gtserror.NewErrorBadRequest(err, err.Error())
|
||
|
|
}
|
||
|
|
|
||
|
|
// Ensure URL not blocked.
|
||
|
|
blocked, err := p.state.DB.IsDomainBlocked(ctx, url.Host)
|
||
|
|
if err != nil {
|
||
|
|
err = gtserror.Newf("db error checking for domain block: %w", err)
|
||
|
|
return nil, gtserror.NewErrorInternalError(err, err.Error())
|
||
|
|
}
|
||
|
|
|
||
|
|
if blocked {
|
||
|
|
err = gtserror.Newf("target domain %s is blocked", url.Host)
|
||
|
|
return nil, gtserror.NewErrorBadRequest(err, err.Error())
|
||
|
|
}
|
||
|
|
|
||
|
|
// All looks fine. Prepare the transport and (signed) GET request.
|
||
|
|
tsport, err := p.transportController.NewTransportForUsername(ctx, adminAcct.Username)
|
||
|
|
if err != nil {
|
||
|
|
err = gtserror.Newf("error creating transport: %w", err)
|
||
|
|
return nil, gtserror.NewErrorInternalError(err, err.Error())
|
||
|
|
}
|
||
|
|
|
||
|
|
req, err := http.NewRequestWithContext(
|
||
|
|
// Caller will want a snappy
|
||
|
|
// response so don't retry.
|
||
|
|
gtscontext.SetFastFail(ctx),
|
||
|
|
http.MethodGet, urlStr, nil,
|
||
|
|
)
|
||
|
|
if err != nil {
|
||
|
|
err = gtserror.Newf("error creating request: %w", err)
|
||
|
|
return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
|
||
|
|
}
|
||
|
|
|
||
|
|
req.Header.Add("Accept", string(apiutil.AppActivityLDJSON)+","+string(apiutil.AppActivityJSON))
|
||
|
|
req.Header.Add("Accept-Charset", "utf-8")
|
||
|
|
|
||
|
|
// Perform the HTTP request,
|
||
|
|
// and return everything.
|
||
|
|
rsp, err := tsport.GET(req)
|
||
|
|
if err != nil {
|
||
|
|
err = gtserror.Newf("error doing dereference: %w", err)
|
||
|
|
return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
|
||
|
|
}
|
||
|
|
defer rsp.Body.Close()
|
||
|
|
|
||
|
|
b, err := io.ReadAll(rsp.Body)
|
||
|
|
if err != nil {
|
||
|
|
err := gtserror.Newf("error reading response body bytes: %w", err)
|
||
|
|
return nil, gtserror.NewErrorUnprocessableEntity(err, err.Error())
|
||
|
|
}
|
||
|
|
|
||
|
|
debugResponse := &apimodel.DebugAPUrlResponse{
|
||
|
|
RequestURL: urlStr,
|
||
|
|
RequestHeaders: req.Header,
|
||
|
|
ResponseHeaders: rsp.Header,
|
||
|
|
ResponseCode: rsp.StatusCode,
|
||
|
|
ResponseBody: string(b),
|
||
|
|
}
|
||
|
|
|
||
|
|
return debugResponse, nil
|
||
|
|
}
|