mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-01-10 16:40:12 +00:00
1d51e3c8d6
* update activity library so dereferencer returns full response and checks *final* link to allow for redirects * temporarily add bodged fixed library * remove unused code * update getAccountFeatured() to use dereferenceCollectionPage() * make sure to release map * perform a 2nd decode to ensure reader is empty after primary decode * add comment explaining choice of using Decode() instead of Unmarshal() * update embedded activity library to latest matching https://github.com/superseriousbusiness/activity/pull/21 * add checks to look for changed URI and re-check database if redirected * update max iteration count to 512, add checks during dereferenceAncestors() for indirect URLs * remove doubled-up code * fix use of status instead of current * use URIs for checking equality for security * use the latest known URI for boost_of_uri in case original was an indirect * add dereferenceCollection() function for dereferenceAccountFeatured() * pull in latest github.com/superseriousbusiness/activity version (and remove the bodge!!) * fix typo in code comments * update decodeType() to accept a readcloser and handle body closing * switch to checking using BoostOfID and add note why not using BoostOfURI * ensure InReplyTo gets unset when deleting status parent in case currently stubbed * add tests for Collection and CollectionPage iterators
81 lines
2.6 KiB
Go
81 lines
2.6 KiB
Go
// GoToSocial
|
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package transport
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"net/url"
|
|
|
|
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
|
|
"github.com/superseriousbusiness/gotosocial/internal/config"
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
|
"github.com/superseriousbusiness/gotosocial/internal/uris"
|
|
)
|
|
|
|
func (t *transport) Dereference(ctx context.Context, iri *url.URL) (*http.Response, error) {
|
|
// if the request is to us, we can shortcut for certain URIs rather than going through
|
|
// the normal request flow, thereby saving time and energy
|
|
if iri.Host == config.GetHost() {
|
|
if uris.IsFollowersPath(iri) {
|
|
// the request is for followers of one of our accounts, which we can shortcut
|
|
return t.controller.dereferenceLocalFollowers(ctx, iri)
|
|
}
|
|
|
|
if uris.IsUserPath(iri) {
|
|
// the request is for one of our accounts, which we can shortcut
|
|
return t.controller.dereferenceLocalUser(ctx, iri)
|
|
}
|
|
}
|
|
|
|
// Build IRI just once
|
|
iriStr := iri.String()
|
|
|
|
// Prepare new HTTP request to endpoint
|
|
req, err := http.NewRequestWithContext(ctx, "GET", iriStr, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
req.Header.Add("Accept", string(apiutil.AppActivityLDJSON)+","+string(apiutil.AppActivityJSON))
|
|
req.Header.Add("Accept-Charset", "utf-8")
|
|
req.Header.Set("Host", iri.Host)
|
|
|
|
// Perform the HTTP request
|
|
rsp, err := t.GET(req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Ensure a non-error status response.
|
|
if rsp.StatusCode != http.StatusOK {
|
|
err := gtserror.NewFromResponse(rsp)
|
|
_ = rsp.Body.Close() // done with body
|
|
return nil, err
|
|
}
|
|
|
|
// Ensure that the incoming request content-type is expected.
|
|
if ct := rsp.Header.Get("Content-Type"); !apiutil.ASContentType(ct) {
|
|
err := gtserror.Newf("non activity streams response: %s", ct)
|
|
_ = rsp.Body.Close() // done with body
|
|
return nil, gtserror.SetMalformed(err)
|
|
}
|
|
|
|
return rsp, nil
|
|
}
|