add webfinger to proxy, return current host

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
owncloud · Jan 11, 2023 · 151ffc6 · 151ffc6
1 parent 760b01f
commit 151ffc6
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 31 deletions.
diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go
@@ -73,6 +73,11 @@ func DefaultPolicies() []config.Policy {
 					Service:     "com.owncloud.web.web",
 					Unprotected: true,
 				},
+				{
+					Endpoint:    "/.well-known/webfinger",
+					Service:     "com.owncloud.web.webfinger",
+					Unprotected: true,
+				},
 				{
 					Endpoint:    "/.well-known/",
 					Service:     "com.owncloud.web.idp",

diff --git a/services/webfinger/pkg/server/http/server.go b/services/webfinger/pkg/server/http/server.go
@@ -1,6 +1,7 @@
 package http
 
 import (
+	"context"
 	"net/http"
 
 	"github.com/go-chi/chi/v5"
@@ -66,6 +67,9 @@ func Server(opts ...Option) (ohttp.Service, error) {
 		r.Get("/.well-known/webfinger", func(w http.ResponseWriter, r *http.Request) {
 			ctx := r.Context()
 
+			// for now, put the url in the context so it can be used to fake a list
+			ctx = context.WithValue(ctx, "href", getHref(r))
+
 			// from https://www.rfc-editor.org/rfc/rfc7033#section-4.2
 			//
 			// If the "resource" parameter is a value for which the server has no
@@ -96,3 +100,15 @@ func Server(opts ...Option) (ohttp.Service, error) {
 	svc.Init()
 	return svc, nil
 }
+
+func getHref(r *http.Request) string {
+	proto := r.Header.Get("x-forwarded-proto")
+	host := r.Header.Get("x-forwarded-host")
+	port := r.Header.Get("x-forwarded-port")
+
+	if (proto == "http" && port != "80") || (proto == "https" && port != "443") {
+		host = host + ":" + port
+	}
+
+	return proto + "://" + host
+}
diff --git a/services/webfinger/pkg/service/v0/service.go b/services/webfinger/pkg/service/v0/service.go
@@ -72,51 +72,65 @@ func (s svc) Webfinger(ctx context.Context, resource, rel string) (webfinger.JSO
 	// TODO query ldap server here and fetch all instances the user has access to
 	// what is the domain for the instance?
 
+	href := ctx.Value("href").(string)
+
 	// TODO use another relation? more graph specific? nah
 	return webfinger.JSONResourceDescriptor{
 		Subject: resource,
 		Links: []webfinger.Link{
 			{
 				Rel:  OwnCloudInstanceRel,
-				Href: "https://instance.server...",
+				Href: href,
 				Titles: map[string]string{
-					"en": "Readable Instance name",
+					"en": "ownCloud Infinite Scale",
 				},
-			},
-			{
-				Rel:  OwnCloudInstanceRel,
-				Href: "https://otherinstance.server...",
-				Titles: map[string]string{
-					"en": "Other readable Instance name",
+				Properties: map[string]string{
+					OpenIDConnectRel: href,
 				},
 			},
-			// and we can return the OpenID Connect
-			{
-				Rel:  OpenIDConnectRel,
-				Href: "https://idp.server...",
-				Titles: map[string]string{
-					"en": "Readable Openid Connect IDP name",
+			/*
+				{
+					Rel:  OwnCloudInstanceRel,
+					Href: "https://instance.server...",
+					Titles: map[string]string{
+						"en": "Readable Instance name",
+					},
 				},
-			},
-			{
-				Rel:  OpenIDConnectRel,
-				Href: "https://otheridp.server...",
-				Titles: map[string]string{
-					"en": "Other readable Openid Connect IDP name",
+				{
+					Rel:  OwnCloudInstanceRel,
+					Href: "https://otherinstance.server...",
+					Titles: map[string]string{
+						"en": "Other readable Instance name",
+					},
 				},
-			},
-			// FIXME but now the clients have no way of knowing whic idp belongs to which instance
-			// we could mix like this:
-			{
-				Rel:  OwnCloudInstanceRel,
-				Href: "https://otherinstance.server...",
-				Titles: map[string]string{
-					"en": "Other readable Instance name",
+				// and we can return the OpenID Connect
+				{
+					Rel:  OpenIDConnectRel,
+					Href: "https://idp.server...",
+					Titles: map[string]string{
+						"en": "Readable Openid Connect IDP name",
+					},
 				},
-				Properties: map[string]string{
-					OpenIDConnectRel: "https://otheridp.server...",
+				{
+					Rel:  OpenIDConnectRel,
+					Href: "https://otheridp.server...",
+					Titles: map[string]string{
+						"en": "Other readable Openid Connect IDP name",
+					},
 				},
-			},
+				// FIXME but now the clients have no way of knowing which idp belongs to which instance
+				// we could mix like this:
+				{
+					Rel:  OwnCloudInstanceRel,
+					Href: "https://otherinstance.server...",
+					Titles: map[string]string{
+						"en": "Other readable Instance name",
+					},
+					Properties: map[string]string{
+						OpenIDConnectRel: "https://otheridp.server...",
+					},
+				},
+			*/
 		},
 	}, nil
 }