diff --git a/app/controllers/authorize_interactions_controller.rb b/app/controllers/authorize_interactions_controller.rb index 99eed018b070ed..1efd4de2d07b87 100644 --- a/app/controllers/authorize_interactions_controller.rb +++ b/app/controllers/authorize_interactions_controller.rb @@ -3,7 +3,7 @@ class AuthorizeInteractionsController < ApplicationController include Authorization - before_action :authenticate_user! + before_action :authenticate_user_if_remote! before_action :set_resource def show @@ -18,6 +18,11 @@ def show private + def authenticate_user_if_remote! + return if uri_param_is_url? && Rails.configuration.x.local_domain == parsed_uri.host + authenticate_user! + end + def set_resource @resource = located_resource authorize(@resource, :show?) if @resource.is_a?(Status) diff --git a/app/controllers/well_known/protocol_handler_controller.rb b/app/controllers/well_known/protocol_handler_controller.rb new file mode 100644 index 00000000000000..6db65a0c3d5c7c --- /dev/null +++ b/app/controllers/well_known/protocol_handler_controller.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +module WellKnown + class ProtocolHandlerController < ActionController::Base # rubocop:disable Rails/ApplicationController + + before_action :set_target + before_action :target_acceptable? + + rescue_from ActionController::ParameterMissing, with: :bad_request + + def show + redirect_to authorize_interaction_path(uri: @target.sub("web+ap", "https")) + end + + private + + def set_target + @target = target_param + end + + # NOTE: supports "probing" + def target_acceptable? + # FIXME: this should be web+ap: but doing it this way avoids issues in + # the short term... revisit this once web+ap:foo... is being used in + # addition to web+ap://example/... + return if @target.starts_with? "web+ap://" + not_found + end + + def target_param + params.require(:target) + end + + def bad_request + expires_in(3.minutes, public: true) + head 400 + end + + def not_found + expires_in(3.minutes, public: true) + head 404 + end + end +end diff --git a/config/routes.rb b/config/routes.rb index 25f8a4949e287b..01cf6c7607138a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -69,6 +69,8 @@ def redirect_with_vary(path) get '.well-known/webfinger', to: 'well_known/webfinger#show', as: :webfinger get '.well-known/change-password', to: redirect('/auth/edit') get '.well-known/proxy', to: redirect { |_, request| "/authorize_interaction?#{request.params.to_query}" } + get '.well-known/protocol-handler', to: 'well_known/protocol_handler#show', as: :protocol_handler + get '/nodeinfo/2.0', to: 'well_known/node_info#show', as: :nodeinfo_schema