Update Remote Auth feature, fix custom domain bug and enforce banned domains

This commit is contained in:
Daniel Supernault 2023-07-17 23:43:19 -06:00
parent 780e78f21a
commit acabf603f0
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
4 changed files with 65 additions and 5 deletions

View file

@ -7,6 +7,7 @@ use Illuminate\Http\Request;
use App\Services\Account\RemoteAuthService;
use App\Models\RemoteAuth;
use App\Profile;
use App\Instance;
use App\User;
use Purify;
use Illuminate\Support\Facades\Auth;
@ -36,6 +37,8 @@ class RemoteAuthController extends Controller
public function getAuthDomains(Request $request)
{
abort_unless(config_cache('pixelfed.open_registration') && config('remote-auth.mastodon.enabled'), 404);
if(config('remote-auth.mastodon.domains.only_custom')) {
$res = config('remote-auth.mastodon.domains.custom');
if(!$res || !strlen($res)) {
@ -45,6 +48,19 @@ class RemoteAuthController extends Controller
return response()->json($res);
}
if( config('remote-auth.mastodon.domains.custom') &&
!config('remote-auth.mastodon.domains.only_default') &&
strlen(config('remote-auth.mastodon.domains.custom')) > 3 &&
strpos(config('remote-auth.mastodon.domains.custom'), '.') > -1
) {
$res = config('remote-auth.mastodon.domains.custom');
if(!$res || !strlen($res)) {
return [];
}
$res = explode(',', $res);
return response()->json($res);
}
$res = config('remote-auth.mastodon.domains.default');
$res = explode(',', $res);
@ -57,6 +73,27 @@ class RemoteAuthController extends Controller
$this->validate($request, ['domain' => 'required']);
$domain = $request->input('domain');
if(str_starts_with(strtolower($domain), 'http')) {
$res = [
'domain' => $domain,
'ready' => false,
'action' => 'incompatible_domain'
];
return response()->json($res);
}
$validateInstance = Helpers::validateUrl('https://' . $domain . '/?block-check=' . time());
if(!$validateInstance) {
$res = [
'domain' => $domain,
'ready' => false,
'action' => 'blocked_domain'
];
return response()->json($res);
}
$compatible = RemoteAuthService::isDomainCompatible($domain);
if(!$compatible) {

View file

@ -12,6 +12,14 @@ class RemoteAuthService
{
const CACHE_KEY = 'pf:services:remoteauth:';
public static function getConfig()
{
return json_encode([
'default_only' => config('remote-auth.mastodon.domains.only_default'),
'custom_only' => config('remote-auth.mastodon.domains.only_custom'),
]);
}
public static function getMastodonClient($domain)
{
if(RemoteAuthInstance::whereDomain($domain)->exists()) {

View file

@ -24,8 +24,8 @@
@click="handleRedirect(domain)">
<span class="font-weight-bold">{{ domain }}</span>
</button>
<hr>
<p class="text-center">
<hr v-if="!config.default_only && !config.custom_only">
<p v-if="!config.default_only && !config.custom_only" class="text-center">
<button type="button" class="other-server-btn" @click="handleOther()">Sign-in with a different server</button>
</p>
<div class="w-100">
@ -43,6 +43,12 @@
<script type="text/javascript">
export default {
props: {
config: {
type: Object
}
},
data() {
return {
loaded: false,
@ -79,6 +85,11 @@
return;
}
if(res.data.hasOwnProperty('action') && res.data.action === 'blocked_domain') {
swal('Server Blocked', 'This server is blocked by admins and cannot be used, please try another server!', 'error');
return;
}
if(res.data.ready) {
window.location.href = '/auth/raw/mastodon/preflight?d=' + domain + '&dsh=' + res.data.dsh;
}
@ -95,9 +106,13 @@
},
})
.then(domain => {
if (!domain) throw null;
if (!domain || domain.length < 2 || domain.indexOf('.') == -1) {
swal('Oops!', "Please enter a valid domain!", 'error');
return;
};
if(domain.startsWith('https://')) {
if(domain.startsWith('http')) {
swal('Oops!', "The domain you enter should not start with http(s://)\nUse the domain format, like mastodon.social", 'error');
return;
}

View file

@ -1,7 +1,7 @@
@extends('layouts.app')
@section('content')
<remote-auth-start-component />
<remote-auth-start-component :config='{!!\App\Services\Account\RemoteAuthService::getConfig()!!}'/>
@endsection
@push('scripts')