From 9b31a7b44b3d742ec68fd292a7f2f6f2a2d9bd69 Mon Sep 17 00:00:00 2001
From: Nutomic <me@nutomic.com>
Date: Fri, 8 Mar 2024 15:26:57 +0100
Subject: [PATCH] Get Mastodon signed fetch working (#98)

* debug signed fetch

* regex

* content-type

* no dbg

* clippy
---
 src/fetch/mod.rs       |  3 +++
 src/fetch/object_id.rs |  8 ++++----
 src/fetch/webfinger.rs | 10 +++++++++-
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/fetch/mod.rs b/src/fetch/mod.rs
index 71e1ce5..fbbe6b7 100644
--- a/src/fetch/mod.rs
+++ b/src/fetch/mod.rs
@@ -57,11 +57,14 @@ pub async fn fetch_object_http<T: Clone, Kind: DeserializeOwned>(
     static ALT_CONTENT_TYPE: HeaderValue = HeaderValue::from_static(
         r#"application/ld+json; profile="https://www.w3.org/ns/activitystreams""#,
     );
+    static ALT_CONTENT_TYPE_MASTODON: HeaderValue =
+        HeaderValue::from_static(r#"application/activity+json; charset=utf-8"#);
     let res = fetch_object_http_with_accept(url, data, &CONTENT_TYPE).await?;
 
     // Ensure correct content-type to prevent vulnerabilities.
     if res.content_type.as_ref() != Some(&CONTENT_TYPE)
         && res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE)
+        && res.content_type.as_ref() != Some(&ALT_CONTENT_TYPE_MASTODON)
     {
         return Err(Error::FetchInvalidContentType(res.url));
     }
diff --git a/src/fetch/object_id.rs b/src/fetch/object_id.rs
index 782900d..f3fa560 100644
--- a/src/fetch/object_id.rs
+++ b/src/fetch/object_id.rs
@@ -197,9 +197,9 @@ static ACTOR_REFETCH_INTERVAL_SECONDS_DEBUG: i64 = 20;
 fn should_refetch_object(last_refreshed: DateTime<Utc>) -> bool {
     let update_interval = if cfg!(debug_assertions) {
         // avoid infinite loop when fetching community outbox
-        ChronoDuration::seconds(ACTOR_REFETCH_INTERVAL_SECONDS_DEBUG)
+        ChronoDuration::try_seconds(ACTOR_REFETCH_INTERVAL_SECONDS_DEBUG).expect("valid duration")
     } else {
-        ChronoDuration::seconds(ACTOR_REFETCH_INTERVAL_SECONDS)
+        ChronoDuration::try_seconds(ACTOR_REFETCH_INTERVAL_SECONDS).expect("valid duration")
     };
     let refresh_limit = Utc::now() - update_interval;
     last_refreshed.lt(&refresh_limit)
@@ -362,10 +362,10 @@ pub mod tests {
 
     #[test]
     fn test_should_refetch_object() {
-        let one_second_ago = Utc::now() - ChronoDuration::seconds(1);
+        let one_second_ago = Utc::now() - ChronoDuration::try_seconds(1).unwrap();
         assert!(!should_refetch_object(one_second_ago));
 
-        let two_days_ago = Utc::now() - ChronoDuration::days(2);
+        let two_days_ago = Utc::now() - ChronoDuration::try_days(2).unwrap();
         assert!(should_refetch_object(two_days_ago));
     }
 }
diff --git a/src/fetch/webfinger.rs b/src/fetch/webfinger.rs
index 7da2fdf..f065618 100644
--- a/src/fetch/webfinger.rs
+++ b/src/fetch/webfinger.rs
@@ -121,7 +121,7 @@ where
     T: Clone,
 {
     static WEBFINGER_REGEX: Lazy<Regex> =
-        Lazy::new(|| Regex::new(r"^acct:([\p{L}0-9_]+)@(.*)$").expect("compile regex"));
+        Lazy::new(|| Regex::new(r"^acct:([\p{L}0-9_\.\-]+)@(.*)$").expect("compile regex"));
     // Regex to extract usernames from webfinger query. Supports different alphabets using `\p{L}`.
     // TODO: This should use a URL parser
     let captures = WEBFINGER_REGEX
@@ -288,6 +288,14 @@ mod tests {
             Ok("Владимир"),
             extract_webfinger_name("acct:Владимир@example.com", &data)
         );
+        assert_eq!(
+            Ok("example.com"),
+            extract_webfinger_name("acct:example.com@example.com", &data)
+        );
+        assert_eq!(
+            Ok("da-sh"),
+            extract_webfinger_name("acct:da-sh@example.com", &data)
+        );
         assert_eq!(
             Ok("تجريب"),
             extract_webfinger_name("acct:تجريب@example.com", &data)