hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(nodeinfo): make sure we only process JSON content

Browse Source 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
2023-12-22 16:03:59 +01:00
parent 881695ca19
commit da3b074619
3 changed files with 65 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/federation/node_info.ex
View File

@@ -5,6 +5,7 @@ defmodule Mobilizon.Federation.NodeInfo do
alias Mobilizon.Service.HTTP.WebfingerClient
require Logger
import Mobilizon.Service.HTTP.Utils, only: [is_content_type?: 2]
@application_uri "https://www.w3.org/ns/activitystreams#Application"
@nodeinfo_rel_2_0 "http://nodeinfo.diaspora.software/ns/schema/2.0"
@@ -31,7 +32,9 @@ defmodule Mobilizon.Federation.NodeInfo do
with {:ok, endpoint} when is_binary(endpoint) <- fetch_nodeinfo_details(host),
:ok <- Logger.debug("Going to get NodeInfo information from URL #{endpoint}"),
{:ok, %{body: body, status: code}} when code in 200..299 <- WebfingerClient.get(endpoint) do
{:ok, %{body: body, status: code, headers: headers}} when code in 200..299 <-
WebfingerClient.get(endpoint),
{:ok, body} <- validate_json_response(body, headers) do
Logger.debug("Found nodeinfo information for domain #{host}")
{:ok, body}
else
@@ -58,8 +61,8 @@ defmodule Mobilizon.Federation.NodeInfo do
prefix = if @env !== :dev, do: "https", else: "http"
case WebfingerClient.get("#{prefix}://#{host}/.well-known/nodeinfo") do
{:ok, %{body: body, status: code}} when code in 200..299 ->
{:ok, body}
{:ok, %{body: body, status: code, headers: headers}} when code in 200..299 ->
validate_json_response(body, headers)
err ->
Logger.debug("Failed to fetch NodeInfo data #{inspect(err)}")
@@ -102,4 +105,19 @@ defmodule Mobilizon.Federation.NodeInfo do
rel == relation and is_binary(href)
end)
end
@spec validate_json_response(map() | String.t(), list()) ::
{:ok, String.t()} | {:error, :bad_content_type | :body_not_json}
defp validate_json_response(body, headers) do
cond do
!is_content_type?(headers, "application/json") ->
{:error, :bad_content_type}
!is_map(body) ->
{:error, :body_not_json}
true ->
{:ok, body}
end
end
end