versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-13 22:09:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(api): 🔒 Replace bad webfinger regex with good one

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-05-12 16:27:40 -10:00
parent 9ad0f88ff2
commit 4f070c9b65
No known key found for this signature in database
3 changed files with 33 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

9
server/api/well-known/webfinger/index.ts
View file

@ -1,4 +1,9 @@
import { applyConfig, handleZodError, idValidator } from "@api";
import {
applyConfig,
handleZodError,
idValidator,
webfingerMention,
} from "@api";
import { zValidator } from "@hono/zod-validator";
import { errorResponse, jsonResponse } from "@response";
import { eq } from "drizzle-orm";
@ -36,7 +41,7 @@ export default (app: Hono) =>
const { resource } = context.req.valid("query");
// Check if resource is in the correct format (acct:uuid/username@domain)
if (!resource.match(/^acct:[a-zA-Z0-9-]+@[a-zA-Z0-9.-:]+$/)) {
if (!resource.match(webfingerMention)) {
return errorResponse(
"Invalid resource (should be acct:(id or username)@domain)",
400,