Update Remote Auth feature, fix custom domain bug and enforce banned domains

This commit is contained in:
Daniel Supernault 2023-07-17 23:43:19 -06:00
parent 780e78f21a
commit acabf603f0
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
4 changed files with 65 additions and 5 deletions

View file

@ -7,6 +7,7 @@ use Illuminate\Http\Request;
use App\Services\Account\RemoteAuthService; use App\Services\Account\RemoteAuthService;
use App\Models\RemoteAuth; use App\Models\RemoteAuth;
use App\Profile; use App\Profile;
use App\Instance;
use App\User; use App\User;
use Purify; use Purify;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
@ -36,6 +37,8 @@ class RemoteAuthController extends Controller
public function getAuthDomains(Request $request) public function getAuthDomains(Request $request)
{ {
abort_unless(config_cache('pixelfed.open_registration') && config('remote-auth.mastodon.enabled'), 404);
if(config('remote-auth.mastodon.domains.only_custom')) { if(config('remote-auth.mastodon.domains.only_custom')) {
$res = config('remote-auth.mastodon.domains.custom'); $res = config('remote-auth.mastodon.domains.custom');
if(!$res || !strlen($res)) { if(!$res || !strlen($res)) {
@ -45,6 +48,19 @@ class RemoteAuthController extends Controller
return response()->json($res); return response()->json($res);
} }
if( config('remote-auth.mastodon.domains.custom') &&
!config('remote-auth.mastodon.domains.only_default') &&
strlen(config('remote-auth.mastodon.domains.custom')) > 3 &&
strpos(config('remote-auth.mastodon.domains.custom'), '.') > -1
) {
$res = config('remote-auth.mastodon.domains.custom');
if(!$res || !strlen($res)) {
return [];
}
$res = explode(',', $res);
return response()->json($res);
}
$res = config('remote-auth.mastodon.domains.default'); $res = config('remote-auth.mastodon.domains.default');
$res = explode(',', $res); $res = explode(',', $res);
@ -57,6 +73,27 @@ class RemoteAuthController extends Controller
$this->validate($request, ['domain' => 'required']); $this->validate($request, ['domain' => 'required']);
$domain = $request->input('domain'); $domain = $request->input('domain');
if(str_starts_with(strtolower($domain), 'http')) {
$res = [
'domain' => $domain,
'ready' => false,
'action' => 'incompatible_domain'
];
return response()->json($res);
}
$validateInstance = Helpers::validateUrl('https://' . $domain . '/?block-check=' . time());
if(!$validateInstance) {
$res = [
'domain' => $domain,
'ready' => false,
'action' => 'blocked_domain'
];
return response()->json($res);
}
$compatible = RemoteAuthService::isDomainCompatible($domain); $compatible = RemoteAuthService::isDomainCompatible($domain);
if(!$compatible) { if(!$compatible) {

View file

@ -12,6 +12,14 @@ class RemoteAuthService
{ {
const CACHE_KEY = 'pf:services:remoteauth:'; const CACHE_KEY = 'pf:services:remoteauth:';
public static function getConfig()
{
return json_encode([
'default_only' => config('remote-auth.mastodon.domains.only_default'),
'custom_only' => config('remote-auth.mastodon.domains.only_custom'),
]);
}
public static function getMastodonClient($domain) public static function getMastodonClient($domain)
{ {
if(RemoteAuthInstance::whereDomain($domain)->exists()) { if(RemoteAuthInstance::whereDomain($domain)->exists()) {

View file

@ -24,8 +24,8 @@
@click="handleRedirect(domain)"> @click="handleRedirect(domain)">
<span class="font-weight-bold">{{ domain }}</span> <span class="font-weight-bold">{{ domain }}</span>
</button> </button>
<hr> <hr v-if="!config.default_only && !config.custom_only">
<p class="text-center"> <p v-if="!config.default_only && !config.custom_only" class="text-center">
<button type="button" class="other-server-btn" @click="handleOther()">Sign-in with a different server</button> <button type="button" class="other-server-btn" @click="handleOther()">Sign-in with a different server</button>
</p> </p>
<div class="w-100"> <div class="w-100">
@ -43,6 +43,12 @@
<script type="text/javascript"> <script type="text/javascript">
export default { export default {
props: {
config: {
type: Object
}
},
data() { data() {
return { return {
loaded: false, loaded: false,
@ -79,6 +85,11 @@
return; return;
} }
if(res.data.hasOwnProperty('action') && res.data.action === 'blocked_domain') {
swal('Server Blocked', 'This server is blocked by admins and cannot be used, please try another server!', 'error');
return;
}
if(res.data.ready) { if(res.data.ready) {
window.location.href = '/auth/raw/mastodon/preflight?d=' + domain + '&dsh=' + res.data.dsh; window.location.href = '/auth/raw/mastodon/preflight?d=' + domain + '&dsh=' + res.data.dsh;
} }
@ -95,9 +106,13 @@
}, },
}) })
.then(domain => { .then(domain => {
if (!domain) throw null; if (!domain || domain.length < 2 || domain.indexOf('.') == -1) {
swal('Oops!', "Please enter a valid domain!", 'error');
return;
};
if(domain.startsWith('https://')) { if(domain.startsWith('http')) {
swal('Oops!', "The domain you enter should not start with http(s://)\nUse the domain format, like mastodon.social", 'error');
return; return;
} }

View file

@ -1,7 +1,7 @@
@extends('layouts.app') @extends('layouts.app')
@section('content') @section('content')
<remote-auth-start-component /> <remote-auth-start-component :config='{!!\App\Services\Account\RemoteAuthService::getConfig()!!}'/>
@endsection @endsection
@push('scripts') @push('scripts')