From fc31f145078e3c22d7a0aa9de2bca77f6d503469 Mon Sep 17 00:00:00 2001
From: Aravinth Manivannan <realaravinth@batsense.net>
Date: Sun, 24 Mar 2024 11:37:01 +0530
Subject: [PATCH 1/6] feat: extend webfinger to respond to profile page URIs

---
 routers/web/webfinger.go            | 13 +++++++++++++
 tests/integration/webfinger_test.go | 12 ++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/routers/web/webfinger.go b/routers/web/webfinger.go
index e4b2aacce8..c620059ec1 100644
--- a/routers/web/webfinger.go
+++ b/routers/web/webfinger.go
@@ -64,6 +64,19 @@ func WebfingerQuery(ctx *context.Context) {
 		if u != nil && u.KeepEmailPrivate {
 			err = user_model.ErrUserNotExist{}
 		}
+	case "https", "http":
+		if resource.Host != appURL.Host {
+			ctx.Error(http.StatusBadRequest)
+			return
+		}
+
+		parts := strings.Split(resource.Path, "/")
+		if len(parts) < 2 { // fragment[0] is empty space, fragment[1] may be username
+			ctx.Error(http.StatusBadRequest)
+			return
+		}
+
+		u, err = user_model.GetUserByName(ctx, parts[1])
 	default:
 		ctx.Error(http.StatusBadRequest)
 		return
diff --git a/tests/integration/webfinger_test.go b/tests/integration/webfinger_test.go
index 55fb211779..cdc7d94ebb 100644
--- a/tests/integration/webfinger_test.go
+++ b/tests/integration/webfinger_test.go
@@ -66,4 +66,16 @@ func TestWebfinger(t *testing.T) {
 
 	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=mailto:%s", user.Email))
 	MakeRequest(t, req, http.StatusNotFound)
+
+	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", appURL.Host, user.Name))
+	session.MakeRequest(t, req, http.StatusOK)
+
+	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=https://%s/%s", appURL.Host, user.Name))
+	session.MakeRequest(t, req, http.StatusOK)
+
+	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s", appURL.Host))
+	MakeRequest(t, req, http.StatusBadRequest)
+
+	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", "example.com", user.Name))
+	MakeRequest(t, req, http.StatusBadRequest)
 }

From 1cc6ed8fb69f7215876d5c8e0af47ed24f830f54 Mon Sep 17 00:00:00 2001
From: Aravinth Manivannan <realaravinth@batsense.net>
Date: Sat, 30 Mar 2024 19:22:29 +0530
Subject: [PATCH 2/6] chore: add trailing slash query test case for webfinger
 endpoint

---
 tests/integration/webfinger_test.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/integration/webfinger_test.go b/tests/integration/webfinger_test.go
index cdc7d94ebb..b789aae272 100644
--- a/tests/integration/webfinger_test.go
+++ b/tests/integration/webfinger_test.go
@@ -70,6 +70,9 @@ func TestWebfinger(t *testing.T) {
 	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", appURL.Host, user.Name))
 	session.MakeRequest(t, req, http.StatusOK)
 
+	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=https://%s/%s/", appURL.Host, user.Name))
+	session.MakeRequest(t, req, http.StatusOK)
+
 	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=https://%s/%s", appURL.Host, user.Name))
 	session.MakeRequest(t, req, http.StatusOK)
 

From 855d75d0bcda01280e257630e0ec2c4e11cc257c Mon Sep 17 00:00:00 2001
From: Aravinth Manivannan <realaravinth@batsense.net>
Date: Sat, 30 Mar 2024 20:55:53 +0530
Subject: [PATCH 3/6] fix: respond with 404 when webfingered with non-actor
 URIs

---
 tests/integration/webfinger_test.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/integration/webfinger_test.go b/tests/integration/webfinger_test.go
index b789aae272..825cffed7a 100644
--- a/tests/integration/webfinger_test.go
+++ b/tests/integration/webfinger_test.go
@@ -67,17 +67,17 @@ func TestWebfinger(t *testing.T) {
 	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=mailto:%s", user.Email))
 	MakeRequest(t, req, http.StatusNotFound)
 
-	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", appURL.Host, user.Name))
-	session.MakeRequest(t, req, http.StatusOK)
-
 	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=https://%s/%s/", appURL.Host, user.Name))
 	session.MakeRequest(t, req, http.StatusOK)
 
 	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=https://%s/%s", appURL.Host, user.Name))
 	session.MakeRequest(t, req, http.StatusOK)
 
+	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", appURL.Host, user.Name))
+	session.MakeRequest(t, req, http.StatusNotFound)
+
 	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s", appURL.Host))
-	MakeRequest(t, req, http.StatusBadRequest)
+	MakeRequest(t, req, http.StatusNotFound)
 
 	req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=http://%s/%s/foo", "example.com", user.Name))
 	MakeRequest(t, req, http.StatusBadRequest)

From 8273f8b756d6727b802bbb294e5494fb8b3e9ee3 Mon Sep 17 00:00:00 2001
From: Aravinth Manivannan <realaravinth@batsense.net>
Date: Mon, 1 Apr 2024 21:28:56 +0530
Subject: [PATCH 4/6] feat: improve URI parsing in webfinger endpoint

---
 routers/web/webfinger.go | 52 ++++++++++++++++++++++++++++++++++++----
 1 file changed, 48 insertions(+), 4 deletions(-)

diff --git a/routers/web/webfinger.go b/routers/web/webfinger.go
index c620059ec1..2eced4f05f 100644
--- a/routers/web/webfinger.go
+++ b/routers/web/webfinger.go
@@ -70,13 +70,57 @@ func WebfingerQuery(ctx *context.Context) {
 			return
 		}
 
-		parts := strings.Split(resource.Path, "/")
-		if len(parts) < 2 { // fragment[0] is empty space, fragment[1] may be username
-			ctx.Error(http.StatusBadRequest)
+		p, _ := strings.CutPrefix(resource.Path, "/")
+		p, _ = strings.CutSuffix(p, "/")
+		if len(p) == 0 {
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 
-		u, err = user_model.GetUserByName(ctx, parts[1])
+		parts := strings.Split(p, "/")
+
+		switch len(parts) {
+		case 1: // user
+			u, err = user_model.GetUserByName(ctx, parts[0])
+			//		case 2: // repository
+			//			ctx.Error(http.StatusNotFound)
+			//			return
+			//
+			//		case 3:
+			//			switch parts[2] {
+			//			case "issues":
+			//				ctx.Error(http.StatusNotFound)
+			//				return
+			//
+			//			case "pulls":
+			//				ctx.Error(http.StatusNotFound)
+			//				return
+			//
+			//			case "projects":
+			//				ctx.Error(http.StatusNotFound)
+			//				return
+			//
+			//			default:
+			//				ctx.Error(http.StatusNotFound)
+			//				return
+			//
+			//			}
+			//		case 4:
+			//			if parts[3] == "teams" {
+			//				ctx.Error(http.StatusNotFound)
+			//				return
+			//
+			//			} else {
+			//				ctx.Error(http.StatusNotFound)
+			//				return
+			//			}
+
+		default:
+			ctx.Error(http.StatusNotFound)
+			return
+
+		}
+
 	default:
 		ctx.Error(http.StatusBadRequest)
 		return

From f7ca56557cb8c8d606ed4640ae739f970ebbb609 Mon Sep 17 00:00:00 2001
From: Aravinth Manivannan <realaravinth@batsense.net>
Date: Tue, 2 Apr 2024 01:27:28 +0530
Subject: [PATCH 5/6] feat: parse for all ForgeFed actors

---
 routers/web/webfinger.go | 65 ++++++++++++++++++++--------------------
 1 file changed, 33 insertions(+), 32 deletions(-)

diff --git a/routers/web/webfinger.go b/routers/web/webfinger.go
index 2eced4f05f..65963cf379 100644
--- a/routers/web/webfinger.go
+++ b/routers/web/webfinger.go
@@ -82,38 +82,39 @@ func WebfingerQuery(ctx *context.Context) {
 		switch len(parts) {
 		case 1: // user
 			u, err = user_model.GetUserByName(ctx, parts[0])
-			//		case 2: // repository
-			//			ctx.Error(http.StatusNotFound)
-			//			return
-			//
-			//		case 3:
-			//			switch parts[2] {
-			//			case "issues":
-			//				ctx.Error(http.StatusNotFound)
-			//				return
-			//
-			//			case "pulls":
-			//				ctx.Error(http.StatusNotFound)
-			//				return
-			//
-			//			case "projects":
-			//				ctx.Error(http.StatusNotFound)
-			//				return
-			//
-			//			default:
-			//				ctx.Error(http.StatusNotFound)
-			//				return
-			//
-			//			}
-			//		case 4:
-			//			if parts[3] == "teams" {
-			//				ctx.Error(http.StatusNotFound)
-			//				return
-			//
-			//			} else {
-			//				ctx.Error(http.StatusNotFound)
-			//				return
-			//			}
+		case 2: // repository
+			ctx.Error(http.StatusNotFound)
+			return
+
+		case 3:
+			switch parts[2] {
+			case "issues":
+				ctx.Error(http.StatusNotFound)
+				return
+
+			case "pulls":
+				ctx.Error(http.StatusNotFound)
+				return
+
+			case "projects":
+				ctx.Error(http.StatusNotFound)
+				return
+
+			default:
+				ctx.Error(http.StatusNotFound)
+				return
+
+			}
+		case 4:
+			//nolint:gocritic
+			if parts[3] == "teams" {
+				ctx.Error(http.StatusNotFound)
+				return
+
+			} else {
+				ctx.Error(http.StatusNotFound)
+				return
+			}
 
 		default:
 			ctx.Error(http.StatusNotFound)

From fc3c944c160330148bc4daffad352aa1b062aaef Mon Sep 17 00:00:00 2001
From: Aravinth Manivannan <realaravinth@batsense.net>
Date: Thu, 4 Apr 2024 14:07:58 +0530
Subject: [PATCH 6/6] fix: cleanup webfinger URI parsing

---
 routers/web/webfinger.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/routers/web/webfinger.go b/routers/web/webfinger.go
index 65963cf379..099f6236a6 100644
--- a/routers/web/webfinger.go
+++ b/routers/web/webfinger.go
@@ -70,8 +70,7 @@ func WebfingerQuery(ctx *context.Context) {
 			return
 		}
 
-		p, _ := strings.CutPrefix(resource.Path, "/")
-		p, _ = strings.CutSuffix(p, "/")
+		p := strings.Trim(resource.Path, "/")
 		if len(p) == 0 {
 			ctx.Error(http.StatusNotFound)
 			return