Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bugfix] Use punycode for host part of resource query param when doing webfinger requests #3133

Merged
merged 5 commits into from
Jul 26, 2024
Merged

[bugfix] Use punycode for host part of resource query param when doing webfinger requests #3133

merged 5 commits into from
Jul 26, 2024

Conversation

tsmethurst
Copy link
Contributor

Description

If this is a code change, please include a summary of what you've coded, and link to the issue(s) it closes/implements.

If this is a documentation change, please briefly describe what you've changed and why.

This pull request fixes an issue where we were using url-escaped unicode for account domains in webfinger queries. According to the webfinger RFC, the resource value must be a valid URI, and according to the URI RFC, the host part of a URI must contain only ASCII (I know, I know...).

To support this change, the check for dereferenced final account / status URIs has been updated to account for passing in unicode search queries, as otherwise the status or account will be rejected.

Checklist

Please put an x inside each checkbox to indicate that you've read and followed it: [ ] -> [x]

If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want).

  • I/we have read the GoToSocial contribution guidelines.
  • I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat.
  • I/we have not leveraged AI to create the proposed changes.
  • I/we have performed a self-review of added code.
  • I/we have written code that is legible and maintainable by others.
  • I/we have commented the added code, particularly in hard-to-understand areas.
  • I/we have made any necessary changes to documentation.
  • I/we have added tests that cover new code.
  • I/we have run tests and they pass locally with the changes.
  • I/we have run go fmt ./... and golangci-lint run.

@tsmethurst
Copy link
Contributor Author

tsmethurst commented Jul 23, 2024
edited
Loading

Ah hang on, found one thing that still needs to change.

Hang that, I'll put it in a separate PR.

@tsmethurst
Copy link
Contributor Author

tsmethurst commented Jul 26, 2024
edited
Loading

I'm gonna squerge this one for now cuz I think it's fairly uncontroversial and fixes an immediate issue.

In a follow-up PR I wanna update the GetAccountByURI, GetAccountByURL, GetStatusByURI, and GetStatusByURL functions to also check in the database for both punycoded and unicoded URIs (preferring punycoded), but that doesn't belong here.

@tsmethurst
Copy link
Contributor Author

I think future work could also add a wrapper around punify to use a TTL cache holding a map of punicode vs unicode domains, just to prevent repeated operations on the same host values, but I can do this in a separate PR too.

@tsmethurst tsmethurst merged commit ecfea10 into main Jul 26, 2024
3 checks passed
@tsmethurst tsmethurst deleted the webfinger_punycode branch July 26, 2024 11:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tsmethurst