[chore] Deinterface processor and subprocessors (#1501)

* [chore] Deinterface processor and subprocessors * expose subprocessors via function calls * missing license header
2025-10-29 14:42:24 -05:00 · 2023-02-22 16:05:26 +01:00 · 2023-02-22 16:05:26 +01:00 · b6fbdc66c1
commit b6fbdc66c1
parent adb596600b
246 changed files with 2545 additions and 4549 deletions
--- a/internal/processing/fedi/collections.go
+++ b/internal/processing/fedi/collections.go
@ -0,0 +1,224 @@
+/*
+   GoToSocial
+   Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/superseriousbusiness/activity/streams"
+	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/transport"
+)
+
+// FollowersGet handles the getting of a fedi/activitypub representation of a user/account's followers, performing appropriate
+// authentication before returning a JSON serializable interface to the caller.
+func (p *Processor) FollowersGet(ctx context.Context, requestedUsername string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+	// get the account the request is referring to
+	requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+	if err != nil {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+	}
+
+	// authenticate the request
+	requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+	if errWithCode != nil {
+		return nil, errWithCode
+	}
+
+	requestingAccount, err := p.federator.GetAccountByURI(
+		transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+	)
+	if err != nil {
+		return nil, gtserror.NewErrorUnauthorized(err)
+	}
+
+	blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	if blocked {
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+	}
+
+	requestedAccountURI, err := url.Parse(requestedAccount.URI)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error parsing url %s: %s", requestedAccount.URI, err))
+	}
+
+	requestedFollowers, err := p.federator.FederatingDB().Followers(ctx, requestedAccountURI)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error fetching followers for uri %s: %s", requestedAccountURI.String(), err))
+	}
+
+	data, err := streams.Serialize(requestedFollowers)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return data, nil
+}
+
+// FollowingGet handles the getting of a fedi/activitypub representation of a user/account's following, performing appropriate
+// authentication before returning a JSON serializable interface to the caller.
+func (p *Processor) FollowingGet(ctx context.Context, requestedUsername string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+	// get the account the request is referring to
+	requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+	if err != nil {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+	}
+
+	// authenticate the request
+	requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+	if errWithCode != nil {
+		return nil, errWithCode
+	}
+
+	requestingAccount, err := p.federator.GetAccountByURI(
+		transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+	)
+	if err != nil {
+		return nil, gtserror.NewErrorUnauthorized(err)
+	}
+
+	blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	if blocked {
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+	}
+
+	requestedAccountURI, err := url.Parse(requestedAccount.URI)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error parsing url %s: %s", requestedAccount.URI, err))
+	}
+
+	requestedFollowing, err := p.federator.FederatingDB().Following(ctx, requestedAccountURI)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error fetching following for uri %s: %s", requestedAccountURI.String(), err))
+	}
+
+	data, err := streams.Serialize(requestedFollowing)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return data, nil
+}
+
+// OutboxGet returns the activitypub representation of a local user's outbox.
+// This contains links to PUBLIC posts made by this user.
+func (p *Processor) OutboxGet(ctx context.Context, requestedUsername string, page bool, maxID string, minID string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+	// get the account the request is referring to
+	requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+	if err != nil {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+	}
+
+	// authenticate the request
+	requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+	if errWithCode != nil {
+		return nil, errWithCode
+	}
+
+	requestingAccount, err := p.federator.GetAccountByURI(
+		transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+	)
+	if err != nil {
+		return nil, gtserror.NewErrorUnauthorized(err)
+	}
+
+	// authorize the request:
+	// 1. check if a block exists between the requester and the requestee
+	blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+	if blocked {
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+	}
+
+	var data map[string]interface{}
+	// now there are two scenarios:
+	// 1. we're asked for the whole collection and not a page -- we can just return the collection, with no items, but a link to 'first' page.
+	// 2. we're asked for a specific page; this can be either the first page or any other page
+
+	if !page {
+		/*
+			scenario 1: return the collection with no items
+			we want something that looks like this:
+			{
+				"@context": "https://www.w3.org/ns/activitystreams",
+				"id": "https://example.org/users/whatever/outbox",
+				"type": "OrderedCollection",
+				"first": "https://example.org/users/whatever/outbox?page=true",
+				"last": "https://example.org/users/whatever/outbox?min_id=0&page=true"
+			}
+		*/
+		collection, err := p.tc.OutboxToASCollection(ctx, requestedAccount.OutboxURI)
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+
+		data, err = streams.Serialize(collection)
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+
+		return data, nil
+	}
+
+	// scenario 2 -- get the requested page
+	// limit pages to 30 entries per page
+	publicStatuses, err := p.db.GetAccountStatuses(ctx, requestedAccount.ID, 30, true, true, maxID, minID, false, false, true)
+	if err != nil && err != db.ErrNoEntries {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	outboxPage, err := p.tc.StatusesToASOutboxPage(ctx, requestedAccount.OutboxURI, maxID, minID, publicStatuses)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+	data, err = streams.Serialize(outboxPage)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return data, nil
+}
+
+// InboxPost handles POST requests to a user's inbox for new activitypub messages.
+//
+// InboxPost returns true if the request was handled as an ActivityPub POST to an actor's inbox.
+// If false, the request was not an ActivityPub request and may still be handled by the caller in another way, such as serving a web page.
+//
+// If the error is nil, then the ResponseWriter's headers and response has already been written. If a non-nil error is returned, then no response has been written.
+//
+// If the Actor was constructed with the Federated Protocol enabled, side effects will occur.
+//
+// If the Federated Protocol is not enabled, writes the http.StatusMethodNotAllowed status code in the response. No side effects occur.
+func (p *Processor) InboxPost(ctx context.Context, w http.ResponseWriter, r *http.Request) (bool, error) {
+	return p.federator.FederatingActor().PostInbox(ctx, w, r)
+}
--- a/internal/processing/fedi/emoji.go
+++ b/internal/processing/fedi/emoji.go
@ -0,0 +1,60 @@
+/*
+   GoToSocial
+   Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"github.com/superseriousbusiness/activity/streams"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+)
+
+// EmojiGet handles the GET for a federated emoji originating from this instance.
+func (p *Processor) EmojiGet(ctx context.Context, requestedEmojiID string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+	if _, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, ""); errWithCode != nil {
+		return nil, errWithCode
+	}
+
+	requestedEmoji, err := p.db.GetEmojiByID(ctx, requestedEmojiID)
+	if err != nil {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting emoji with id %s: %s", requestedEmojiID, err))
+	}
+
+	if requestedEmoji.Domain != "" {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("emoji with id %s doesn't belong to this instance (domain %s)", requestedEmojiID, requestedEmoji.Domain))
+	}
+
+	if *requestedEmoji.Disabled {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("emoji with id %s has been disabled", requestedEmojiID))
+	}
+
+	apEmoji, err := p.tc.EmojiToAS(ctx, requestedEmoji)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error converting gtsmodel emoji with id %s to ap emoji: %s", requestedEmojiID, err))
+	}
+
+	data, err := streams.Serialize(apEmoji)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return data, nil
+}
--- a/internal/processing/fedi/fedi.go
+++ b/internal/processing/fedi/fedi.go
@ -0,0 +1,43 @@
+/*
+   GoToSocial
+   Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/federation"
+	"github.com/superseriousbusiness/gotosocial/internal/typeutils"
+	"github.com/superseriousbusiness/gotosocial/internal/visibility"
+)
+
+type Processor struct {
+	db        db.DB
+	federator federation.Federator
+	tc        typeutils.TypeConverter
+	filter    visibility.Filter
+}
+
+// New returns a new fedi processor.
+func New(db db.DB, tc typeutils.TypeConverter, federator federation.Federator) Processor {
+	return Processor{
+		db:        db,
+		federator: federator,
+		tc:        tc,
+		filter:    visibility.NewFilter(db),
+	}
+}
--- a/internal/processing/fedi/status.go
+++ b/internal/processing/fedi/status.go
@ -0,0 +1,231 @@
+/*
+   GoToSocial
+   Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"github.com/superseriousbusiness/activity/streams"
+	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/transport"
+)
+
+// StatusGet handles the getting of a fedi/activitypub representation of a particular status, performing appropriate
+// authentication before returning a JSON serializable interface to the caller.
+func (p *Processor) StatusGet(ctx context.Context, requestedUsername string, requestedStatusID string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+	// get the account the request is referring to
+	requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+	if err != nil {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+	}
+
+	// authenticate the request
+	requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+	if errWithCode != nil {
+		return nil, errWithCode
+	}
+
+	requestingAccount, err := p.federator.GetAccountByURI(
+		transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+	)
+	if err != nil {
+		return nil, gtserror.NewErrorUnauthorized(err)
+	}
+
+	// authorize the request:
+	// 1. check if a block exists between the requester and the requestee
+	blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	if blocked {
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+	}
+
+	// get the status out of the database here
+	s, err := p.db.GetStatusByID(ctx, requestedStatusID)
+	if err != nil {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting status with id %s and account id %s: %s", requestedStatusID, requestedAccount.ID, err))
+	}
+
+	if s.AccountID != requestedAccount.ID {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("status with id %s does not belong to account with id %s", s.ID, requestedAccount.ID))
+	}
+
+	visible, err := p.filter.StatusVisible(ctx, s, requestingAccount)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+	if !visible {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("status with id %s not visible to user with id %s", s.ID, requestingAccount.ID))
+	}
+
+	// requester is authorized to view the status, so convert it to AP representation and serialize it
+	asStatus, err := p.tc.StatusToAS(ctx, s)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	data, err := streams.Serialize(asStatus)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return data, nil
+}
+
+// GetStatus handles the getting of a fedi/activitypub representation of replies to a status, performing appropriate
+// authentication before returning a JSON serializable interface to the caller.
+func (p *Processor) StatusRepliesGet(ctx context.Context, requestedUsername string, requestedStatusID string, page bool, onlyOtherAccounts bool, minID string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+	// get the account the request is referring to
+	requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+	if err != nil {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+	}
+
+	// authenticate the request
+	requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+	if errWithCode != nil {
+		return nil, errWithCode
+	}
+
+	requestingAccount, err := p.federator.GetAccountByURI(
+		transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+	)
+	if err != nil {
+		return nil, gtserror.NewErrorUnauthorized(err)
+	}
+
+	// authorize the request:
+	// 1. check if a block exists between the requester and the requestee
+	blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	if blocked {
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+	}
+
+	// get the status out of the database here
+	s := &gtsmodel.Status{}
+	if err := p.db.GetWhere(ctx, []db.Where{
+		{Key: "id", Value: requestedStatusID},
+		{Key: "account_id", Value: requestedAccount.ID},
+	}, s); err != nil {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting status with id %s and account id %s: %s", requestedStatusID, requestedAccount.ID, err))
+	}
+
+	visible, err := p.filter.StatusVisible(ctx, s, requestingAccount)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+	if !visible {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("status with id %s not visible to user with id %s", s.ID, requestingAccount.ID))
+	}
+
+	var data map[string]interface{}
+
+	// now there are three scenarios:
+	// 1. we're asked for the whole collection and not a page -- we can just return the collection, with no items, but a link to 'first' page.
+	// 2. we're asked for a page but only_other_accounts has not been set in the query -- so we should just return the first page of the collection, with no items.
+	// 3. we're asked for a page, and only_other_accounts has been set, and min_id has optionally been set -- so we need to return some actual items!
+	switch {
+	case !page:
+		// scenario 1
+		// get the collection
+		collection, err := p.tc.StatusToASRepliesCollection(ctx, s, onlyOtherAccounts)
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+
+		data, err = streams.Serialize(collection)
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+	case page && requestURL.Query().Get("only_other_accounts") == "":
+		// scenario 2
+		// get the collection
+		collection, err := p.tc.StatusToASRepliesCollection(ctx, s, onlyOtherAccounts)
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+		// but only return the first page
+		data, err = streams.Serialize(collection.GetActivityStreamsFirst().GetActivityStreamsCollectionPage())
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+	default:
+		// scenario 3
+		// get immediate children
+		replies, err := p.db.GetStatusChildren(ctx, s, true, minID)
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+
+		// filter children and extract URIs
+		replyURIs := map[string]*url.URL{}
+		for _, r := range replies {
+			// only show public or unlocked statuses as replies
+			if r.Visibility != gtsmodel.VisibilityPublic && r.Visibility != gtsmodel.VisibilityUnlocked {
+				continue
+			}
+
+			// respect onlyOtherAccounts parameter
+			if onlyOtherAccounts && r.AccountID == requestedAccount.ID {
+				continue
+			}
+
+			// only show replies that the status owner can see
+			visibleToStatusOwner, err := p.filter.StatusVisible(ctx, r, requestedAccount)
+			if err != nil || !visibleToStatusOwner {
+				continue
+			}
+
+			// only show replies that the requester can see
+			visibleToRequester, err := p.filter.StatusVisible(ctx, r, requestingAccount)
+			if err != nil || !visibleToRequester {
+				continue
+			}
+
+			rURI, err := url.Parse(r.URI)
+			if err != nil {
+				continue
+			}
+
+			replyURIs[r.ID] = rURI
+		}
+
+		repliesPage, err := p.tc.StatusURIsToASRepliesPage(ctx, s, onlyOtherAccounts, minID, replyURIs)
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+		data, err = streams.Serialize(repliesPage)
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+	}
+
+	return data, nil
+}
--- a/internal/processing/fedi/user.go
+++ b/internal/processing/fedi/user.go
@ -0,0 +1,88 @@
+/*
+   GoToSocial
+   Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"github.com/superseriousbusiness/activity/streams"
+	"github.com/superseriousbusiness/activity/streams/vocab"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/transport"
+	"github.com/superseriousbusiness/gotosocial/internal/uris"
+)
+
+// UserGet handles the getting of a fedi/activitypub representation of a user/account, performing appropriate authentication
+// before returning a JSON serializable interface to the caller.
+func (p *Processor) UserGet(ctx context.Context, requestedUsername string, requestURL *url.URL) (interface{}, gtserror.WithCode) {
+	// Get the instance-local account the request is referring to.
+	requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+	if err != nil {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+	}
+
+	var requestedPerson vocab.ActivityStreamsPerson
+
+	if uris.IsPublicKeyPath(requestURL) {
+		// if it's a public key path, we don't need to authenticate but we'll only serve the bare minimum user profile needed for the public key
+		requestedPerson, err = p.tc.AccountToASMinimal(ctx, requestedAccount)
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+	} else {
+		// if it's any other path, we want to fully authenticate the request before we serve any data, and then we can serve a more complete profile
+		requestingAccountURI, errWithCode := p.federator.AuthenticateFederatedRequest(ctx, requestedUsername)
+		if errWithCode != nil {
+			return nil, errWithCode
+		}
+
+		// if we're not already handshaking/dereferencing a remote account, dereference it now
+		if !p.federator.Handshaking(requestedUsername, requestingAccountURI) {
+			requestingAccount, err := p.federator.GetAccountByURI(
+				transport.WithFastfail(ctx), requestedUsername, requestingAccountURI, false,
+			)
+			if err != nil {
+				return nil, gtserror.NewErrorUnauthorized(err)
+			}
+
+			blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
+			if err != nil {
+				return nil, gtserror.NewErrorInternalError(err)
+			}
+
+			if blocked {
+				return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+			}
+		}
+
+		requestedPerson, err = p.tc.AccountToAS(ctx, requestedAccount)
+		if err != nil {
+			return nil, gtserror.NewErrorInternalError(err)
+		}
+	}
+
+	data, err := streams.Serialize(requestedPerson)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return data, nil
+}
--- a/internal/processing/fedi/wellknown.go
+++ b/internal/processing/fedi/wellknown.go
@ -0,0 +1,126 @@
+/*
+   GoToSocial
+   Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fedi
+
+import (
+	"context"
+	"fmt"
+
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+)
+
+const (
+	nodeInfoVersion                 = "2.0"
+	nodeInfoSoftwareName            = "gotosocial"
+	nodeInfoRel                     = "http://nodeinfo.diaspora.software/ns/schema/" + nodeInfoVersion
+	webfingerProfilePage            = "http://webfinger.net/rel/profile-page"
+	webFingerProfilePageContentType = "text/html"
+	webfingerSelf                   = "self"
+	webFingerSelfContentType        = "application/activity+json"
+	webfingerAccount                = "acct"
+)
+
+var (
+	nodeInfoProtocols = []string{"activitypub"}
+	nodeInfoInbound   = []string{}
+	nodeInfoOutbound  = []string{}
+	nodeInfoMetadata  = make(map[string]interface{})
+)
+
+// NodeInfoRelGet returns a well known response giving the path to node info.
+func (p *Processor) NodeInfoRelGet(ctx context.Context) (*apimodel.WellKnownResponse, gtserror.WithCode) {
+	protocol := config.GetProtocol()
+	host := config.GetHost()
+
+	return &apimodel.WellKnownResponse{
+		Links: []apimodel.Link{
+			{
+				Rel:  nodeInfoRel,
+				Href: fmt.Sprintf("%s://%s/nodeinfo/%s", protocol, host, nodeInfoVersion),
+			},
+		},
+	}, nil
+}
+
+// NodeInfoGet returns a node info struct in response to a node info request.
+func (p *Processor) NodeInfoGet(ctx context.Context) (*apimodel.Nodeinfo, gtserror.WithCode) {
+	host := config.GetHost()
+
+	userCount, err := p.db.CountInstanceUsers(ctx, host)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	postCount, err := p.db.CountInstanceStatuses(ctx, host)
+	if err != nil {
+		return nil, gtserror.NewErrorInternalError(err)
+	}
+
+	return &apimodel.Nodeinfo{
+		Version: nodeInfoVersion,
+		Software: apimodel.NodeInfoSoftware{
+			Name:    nodeInfoSoftwareName,
+			Version: config.GetSoftwareVersion(),
+		},
+		Protocols: nodeInfoProtocols,
+		Services: apimodel.NodeInfoServices{
+			Inbound:  nodeInfoInbound,
+			Outbound: nodeInfoOutbound,
+		},
+		OpenRegistrations: config.GetAccountsRegistrationOpen(),
+		Usage: apimodel.NodeInfoUsage{
+			Users: apimodel.NodeInfoUsers{
+				Total: userCount,
+			},
+			LocalPosts: postCount,
+		},
+		Metadata: nodeInfoMetadata,
+	}, nil
+}
+
+// WebfingerGet handles the GET for a webfinger resource. Most commonly, it will be used for returning account lookups.
+func (p *Processor) WebfingerGet(ctx context.Context, requestedUsername string) (*apimodel.WellKnownResponse, gtserror.WithCode) {
+	// Get the local account the request is referring to.
+	requestedAccount, err := p.db.GetAccountByUsernameDomain(ctx, requestedUsername, "")
+	if err != nil {
+		return nil, gtserror.NewErrorNotFound(fmt.Errorf("database error getting account with username %s: %s", requestedUsername, err))
+	}
+
+	return &apimodel.WellKnownResponse{
+		Subject: webfingerAccount + ":" + requestedAccount.Username + "@" + config.GetAccountDomain(),
+		Aliases: []string{
+			requestedAccount.URI,
+			requestedAccount.URL,
+		},
+		Links: []apimodel.Link{
+			{
+				Rel:  webfingerProfilePage,
+				Type: webFingerProfilePageContentType,
+				Href: requestedAccount.URL,
+			},
+			{
+				Rel:  webfingerSelf,
+				Type: webFingerSelfContentType,
+				Href: requestedAccount.URI,
+			},
+		},
+	}, nil
+}