server/api/well-known/webfinger/index.ts

import { apiRoute, applyConfig, idValidator, webfingerMention } from "@/api";
import { createRoute } from "@hono/zod-openapi";
import { getLogger } from "@logtape/logtape";
import type { ResponseError } from "@versia/federation";
import { WebFinger } from "@versia/federation/schemas";
import { and, eq, isNull } from "drizzle-orm";
import { lookup } from "mime-types";
import { z } from "zod";
import { User } from "~/classes/database/user";
import { Users } from "~/drizzle/schema";
import { config } from "~/packages/config-manager";
import { ErrorSchema } from "~/types/api";

export const meta = applyConfig({
    auth: {
        required: false,
    },
    ratelimits: {
        duration: 60,
        max: 60,
    },
    route: "/.well-known/webfinger",
});

export const schemas = {
    query: z.object({
        resource: z
            .string()
            .trim()
            .min(1)
            .max(512)
            .startsWith("acct:")
            .regex(
                webfingerMention,
                "Invalid resource (should be acct:(id or username)@domain)",
            ),
    }),
};

const route = createRoute({
    method: "get",
    path: "/.well-known/webfinger",
    summary: "Get user information",
    request: {
        query: schemas.query,
    },
    responses: {
        200: {
            description: "User information",
            content: {
                "application/json": {
                    schema: WebFinger,
                },
            },
        },
        404: {
            description: "User not found",
            content: {
                "application/json": {
                    schema: ErrorSchema,
                },
            },
        },
    },
});

export default apiRoute((app) =>
    app.openapi(route, async (context) => {
        const { resource } = context.req.valid("query");

        const requestedUser = resource.split("acct:")[1];

        const host = new URL(config.http.base_url).host;

        // Check if user is a local user
        if (requestedUser.split("@")[1] !== host) {
            return context.json({ error: "User is a remote user" }, 404);
        }

        const isUuid = requestedUser.split("@")[0].match(idValidator);

        const user = await User.fromSql(
            and(
                eq(
                    isUuid ? Users.id : Users.username,
                    requestedUser.split("@")[0],
                ),
                isNull(Users.instanceId),
            ),
        );

        if (!user) {
            return context.json({ error: "User not found" }, 404);
        }

        let activityPubUrl = "";

        if (config.federation.bridge.enabled) {
            const manager = await User.getFederationRequester();

            try {
                activityPubUrl = await manager.webFinger(
                    user.data.username,
                    new URL(config.http.base_url).host,
                    "application/activity+json",
                    config.federation.bridge.url,
                );
            } catch (e) {
                const error = e as ResponseError;

                getLogger("federation")
                    .error`Error from bridge: ${await error.response.data}`;
            }
        }

        return context.json(
            {
                subject: `acct:${isUuid ? user.id : user.data.username}@${host}`,

                links: [
                    // Keep the ActivityPub link first, because Misskey only searches
                    // for the first link with rel="self" and doesn't check the type.
                    activityPubUrl
                        ? {
                              rel: "self",
                              type: "application/activity+json",
                              href: activityPubUrl,
                          }
                        : undefined,
                    {
                        rel: "self",
                        type: "application/json",
                        href: new URL(
                            `/users/${user.id}`,
                            config.http.base_url,
                        ).toString(),
                    },
                    {
                        rel: "avatar",
                        // TODO: don't... don't use the mime type from the file extension
                        type:
                            lookup(user.getAvatarUrl(config)) ||
                            "application/octet-stream",
                        href: user.getAvatarUrl(config),
                    },
                ].filter(Boolean) as {
                    rel: string;
                    type: string;
                    href: string;
                }[],
            },
            200,
        );
    }),
);
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`import { apiRoute, applyConfig, idValidator, webfingerMention } from "@/api";`
			`import { createRoute } from "@hono/zod-openapi";`
feat(federation): :sparkles: Add WebFinger forwarding to bridge for ActivityPub requests 2024-07-17 14:46:43 +02:00			`import { getLogger } from "@logtape/logtape";`
chore(federation): :alien: Initial Versia Working Draft 4.0 support 2024-08-26 19:06:49 +02:00			`import type { ResponseError } from "@versia/federation";`
fix: :ambulance: Patch federation library to work around a bug in Bun's bundling Fixes build failures 2024-09-23 10:00:06 +02:00			`import { WebFinger } from "@versia/federation/schemas";`
fix(federation): :bug: Make WebFinger always search for local users 2024-07-20 00:18:44 +02:00			`import { and, eq, isNull } from "drizzle-orm";`
feat(federation): :sparkles: Add avatar attribute to WebFinger 2024-04-19 19:55:32 +02:00			`import { lookup } from "mime-types";`
refactor(api): :art: Move User methods into their own class similar to Note 2024-04-25 05:40:27 +02:00			`import { z } from "zod";`
refactor(database): :truck: Move database ORM code to classes/database The old directory, packages/database-interface, was confusingly named so it was better to move it here 2024-10-24 16:28:38 +02:00			`import { User } from "~/classes/database/user";`
refactor: :truck: Add slash to typescript path shortcuts 2024-05-29 02:59:49 +02:00			`import { Users } from "~/drizzle/schema";`
			`import { config } from "~/packages/config-manager";`
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`import { ErrorSchema } from "~/types/api";`
Add more API route definitions 2023-10-16 19:39:41 +02:00
			`export const meta = applyConfig({`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00			`auth: {`
			`required: false,`
			`},`
			`ratelimits: {`
			`duration: 60,`
			`max: 60,`
			`},`
			`route: "/.well-known/webfinger",`
Add more API route definitions 2023-10-16 19:39:41 +02:00			`});`
Implement WebFinger, rework TS 2023-09-12 22:48:10 +02:00
refactor(api): :recycle: Move to Hono for HTTP 2024-05-06 09:16:33 +02:00			`export const schemas = {`
			`query: z.object({`
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`resource: z`
			`.string()`
			`.trim()`
			`.min(1)`
			`.max(512)`
			`.startsWith("acct:")`
			`.regex(`
			`webfingerMention,`
			`"Invalid resource (should be acct:(id or username)@domain)",`
			`),`
refactor(api): :recycle: Move to Hono for HTTP 2024-05-06 09:16:33 +02:00			`}),`
			`};`
Add WebFinger endpoints 2024-04-10 05:45:19 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`const route = createRoute({`
			`method: "get",`
			`path: "/.well-known/webfinger",`
			`summary: "Get user information",`
			`request: {`
			`query: schemas.query,`
			`},`
			`responses: {`
			`200: {`
			`description: "User information",`
			`content: {`
			`"application/json": {`
fix: :ambulance: Patch federation library to work around a bug in Bun's bundling Fixes build failures 2024-09-23 10:00:06 +02:00			`schema: WebFinger,`
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`},`
			`},`
			`},`
			`404: {`
			`description: "User not found",`
			`content: {`
			`"application/json": {`
			`schema: ErrorSchema,`
			`},`
			`},`
			`},`
			`},`
			`});`

refactor: :recycle: Use a typed wrapper for all API endpoints 2024-08-19 20:06:38 +02:00			`export default apiRoute((app) =>`
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`app.openapi(route, async (context) => {`
			`const { resource } = context.req.valid("query");`
Add WebFinger endpoints 2024-04-10 05:45:19 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`const requestedUser = resource.split("acct:")[1];`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`const host = new URL(config.http.base_url).host;`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`// Check if user is a local user`
			`if (requestedUser.split("@")[1] !== host) {`
			`return context.json({ error: "User is a remote user" }, 404);`
			`}`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`const isUuid = requestedUser.split("@")[0].match(idValidator);`
Modify WebFinger behaviour, add user searching 2024-04-10 06:22:57 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`const user = await User.fromSql(`
			`and(`
			`eq(`
			`isUuid ? Users.id : Users.username,`
			`requestedUser.split("@")[0],`
refactor(api): :recycle: Move to Hono for HTTP 2024-05-06 09:16:33 +02:00			`),`
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`isNull(Users.instanceId),`
			`),`
			`);`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`if (!user) {`
			`return context.json({ error: "User not found" }, 404);`
			`}`
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`let activityPubUrl = "";`
feat(federation): :sparkles: Add WebFinger forwarding to bridge for ActivityPub requests 2024-07-17 14:46:43 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`if (config.federation.bridge.enabled) {`
			`const manager = await User.getFederationRequester();`
feat(federation): :sparkles: Add WebFinger forwarding to bridge for ActivityPub requests 2024-07-17 14:46:43 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`try {`
			`activityPubUrl = await manager.webFinger(`
			`user.data.username,`
			`new URL(config.http.base_url).host,`
			`"application/activity+json",`
			`config.federation.bridge.url,`
			`);`
			`} catch (e) {`
			`const error = e as ResponseError;`
feat(federation): :sparkles: Add WebFinger forwarding to bridge for ActivityPub requests 2024-07-17 14:46:43 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`getLogger("federation")`
			.error`Error from bridge: ${await error.response.data}`;
feat(federation): :sparkles: Add WebFinger forwarding to bridge for ActivityPub requests 2024-07-17 14:46:43 +02:00			`}`
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`}`
feat(federation): :sparkles: Add WebFinger forwarding to bridge for ActivityPub requests 2024-07-17 14:46:43 +02:00
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`return context.json(`
			`{`
			subject: `acct:${isUuid ? user.id : user.data.username}@${host}`,
Replace eslint and prettier with Biome 2024-04-07 07:30:49 +02:00
refactor(api): :recycle: Move to Hono for HTTP 2024-05-06 09:16:33 +02:00			`links: [`
fix(federation): :bug: Put the ActivityPub link first in WebFinger to work around Misskey bug 2024-07-17 15:08:21 +02:00			`// Keep the ActivityPub link first, because Misskey only searches`
			`// for the first link with rel="self" and doesn't check the type.`
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`activityPubUrl`
			`? {`
			`rel: "self",`
			`type: "application/activity+json",`
			`href: activityPubUrl,`
			`}`
			`: undefined,`
refactor(api): :recycle: Move to Hono for HTTP 2024-05-06 09:16:33 +02:00			`{`
			`rel: "self",`
			`type: "application/json",`
			`href: new URL(`
			`/users/${user.id}`,
			`config.http.base_url,`
			`).toString(),`
			`},`
			`{`
			`rel: "avatar",`
fix(api): :bug: Fix false values not correctly falling back to generic mime type 2024-10-31 23:19:19 +01:00			`// TODO: don't... don't use the mime type from the file extension`
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`type:`
fix(api): :bug: Fix false values not correctly falling back to generic mime type 2024-10-31 23:19:19 +01:00			`lookup(user.getAvatarUrl(config)) \|\|`
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`"application/octet-stream",`
refactor(api): :recycle: Move to Hono for HTTP 2024-05-06 09:16:33 +02:00			`href: user.getAvatarUrl(config),`
			`},`
refactor(api): :recycle: More OpenAPI refactoring work 2024-09-16 15:29:09 +02:00			`].filter(Boolean) as {`
			`rel: string;`
			`type: string;`
			`href: string;`
			`}[],`
			`},`
			`200,`
			`);`
			`}),`
refactor: :recycle: Use a typed wrapper for all API endpoints 2024-08-19 20:06:38 +02:00			`);`