some lil fixes for kibou compatibility

2021-06-12 16:40:11 +02:00
parent 6994859d03
commit d9d9a7a626
12 changed files with 102 additions and 36 deletions
--- a/internal/api/s2s/user/inboxpost.go
+++ b/internal/api/s2s/user/inboxpost.go
@ -47,12 +47,13 @@ func (m *Module) InboxPOSTHandler(c *gin.Context) {
 			c.JSON(withCode.Code(), withCode.Safe())
 			return
 		}
-		l.Debug(err)
+		l.Debugf("InboxPOSTHandler: error processing request: %s", err)
 		c.JSON(http.StatusBadRequest, gin.H{"error": "unable to process request"})
 		return
 	}

 	if !posted {
+		l.Debugf("request could not be handled as an AP request; headers were: %+v", c.Request.Header)
 		c.JSON(http.StatusBadRequest, gin.H{"error": "unable to process request"})
 	}
 }
--- a/internal/api/s2s/webfinger/webfingerget.go
+++ b/internal/api/s2s/webfinger/webfingerget.go
@ -24,42 +24,53 @@ import (
 	"strings"

 	"github.com/gin-gonic/gin"
+	"github.com/sirupsen/logrus"
 )

 // WebfingerGETRequest handles requests to, for example, https://example.org/.well-known/webfinger?resource=acct:some_user@example.org
 func (m *Module) WebfingerGETRequest(c *gin.Context) {
+	l := m.log.WithFields(logrus.Fields{
+		"func": "WebfingerGETRequest",
+		"user-agent": c.Request.UserAgent(),
+	})

 	q, set := c.GetQuery("resource")
 	if !set || q == "" {
+		l.Debug("aborting request because no resource was set in query")
 		c.JSON(http.StatusBadRequest, gin.H{"error": "no 'resource' in request query"})
 		return
 	}

 	withAcct := strings.Split(q, "acct:")
 	if len(withAcct) != 2 {
+		l.Debugf("aborting request because resource query %s could not be split by 'acct:'", q)
 		c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"})
 		return
 	}

 	usernameDomain := strings.Split(withAcct[1], "@")
 	if len(usernameDomain) != 2 {
+		l.Debugf("aborting request because username and domain could not be parsed from %s", withAcct[1])
 		c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"})
 		return
 	}
 	username := strings.ToLower(usernameDomain[0])
 	domain := strings.ToLower(usernameDomain[1])
 	if username == "" || domain == "" {
+		l.Debug("aborting request because username or domain was empty")
 		c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"})
 		return
 	}

 	if domain != m.config.Host {
+		l.Debug("aborting request because domain %s does not belong to this instance", domain)
 		c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("domain %s does not belong to this instance", domain)})
 		return
 	}

 	resp, err := m.processor.GetWebfingerAccount(username, c.Request)
 	if err != nil {
+		l.Debugf("aborting request with an error: %s", err.Error())
 		c.JSON(err.Code(), gin.H{"error": err.Safe()})
 		return
 	}
--- a/internal/api/security/robots.go
+++ b/internal/api/security/robots.go
@ -0,0 +1,17 @@
+package security
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+const robotsString = `User-agent: *
+Disallow: /
+`
+
+// RobotsGETHandler returns the most restrictive possible robots.txt file in response to a call to /robots.txt.
+// The response instructs bots with *any* user agent not to index the instance at all.
+func (m *Module) RobotsGETHandler(c *gin.Context) {
+	c.String(http.StatusOK, robotsString)
+}
--- a/internal/api/security/security.go
+++ b/internal/api/security/security.go
@ -19,12 +19,16 @@
 package security

 import (
+	"net/http"
+
 	"github.com/sirupsen/logrus"
 	"github.com/superseriousbusiness/gotosocial/internal/api"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/router"
 )

+const robotsPath = "/robots.txt"
+
 // Module implements the ClientAPIModule interface for security middleware
 type Module struct {
 	config *config.Config
@ -44,5 +48,6 @@ func (m *Module) Route(s router.Router) error {
 	s.AttachMiddleware(m.FlocBlock)
 	s.AttachMiddleware(m.ExtraHeaders)
 	s.AttachMiddleware(m.UserAgentBlock)
+	s.AttachHandler(http.MethodGet, robotsPath, m.RobotsGETHandler)
 	return nil
 }
--- a/internal/api/security/useragentblock.go
+++ b/internal/api/security/useragentblock.go
@ -23,20 +23,24 @@ import (
 	"strings"

 	"github.com/gin-gonic/gin"
+	"github.com/sirupsen/logrus"
 )

-// UserAgentBlock is a middleware that prevents google chrome cohort tracking by
-// writing the Permissions-Policy header after all other parts of the request have been completed.
-// See: https://plausible.io/blog/google-floc
+// UserAgentBlock blocks requests with undesired, empty, or invalid user-agent strings.
 func (m *Module) UserAgentBlock(c *gin.Context) {
+	l := m.log.WithFields(logrus.Fields{
+		"func": "UserAgentBlock",
+	})

 	ua := c.Request.UserAgent()
 	if ua == "" {
+		l.Debug("aborting request because there's no user-agent set")
 		c.AbortWithStatus(http.StatusTeapot)
 		return
 	}

-	if strings.Contains(strings.ToLower(c.Request.UserAgent()), strings.ToLower("friendica")) {
+	if strings.Contains(strings.ToLower(ua), strings.ToLower("friendica")) {
+		l.Debugf("aborting request with user-agent %s because it contains 'friendica'", ua)
 		c.AbortWithStatus(http.StatusTeapot)
 		return
 	}