Merge branch '945-well-known'

* 945-well-known: Add /.well-known/webfinger API to lookup user hrefs Add XRD+XML formatting for /.well-known/host-meta
2014-09-08 17:55:03 +01:00 · 2014-09-08 17:55:03 +01:00 · 8998300b98
commit 8998300b98
parent 1b4e199668 1bce996181
4 changed files with 156 additions and 39 deletions
--- a/mediagoblin/federation/routing.py
+++ b/mediagoblin/federation/routing.py
@ -72,8 +72,14 @@ add_route(
    "mediagoblin.federation.views:host_meta"
 )

+add_route(
+    "mediagoblin.webfinger.well-known.webfinger",
+    "/.well-known/webfinger",
+    "mediagoblin.federation.views:lrdd_lookup"
+)
+
 add_route(
    "mediagoblin.webfinger.whoami",
    "/api/whoami",
    "mediagoblin.federation.views:whoami"
-)
+)
--- a/mediagoblin/federation/views.py
+++ b/mediagoblin/federation/views.py
@ -23,7 +23,8 @@ from werkzeug.datastructures import FileStorage
 from mediagoblin.decorators import oauth_required
 from mediagoblin.federation.decorators import user_has_privilege
 from mediagoblin.db.models import User, MediaEntry, MediaComment
-from mediagoblin.tools.response import redirect, json_response, json_error
+from mediagoblin.tools.response import redirect, json_response, json_error, \
+                                       render_to_response
 from mediagoblin.meddleware.csrf import csrf_exempt
 from mediagoblin.submit.lib import new_upload_entry, api_upload_request, \
                                    api_add_to_feed
@ -70,14 +71,14 @@ def profile_endpoint(request):
 def user_endpoint(request):
    """ This is /api/user/<username> - This will get the user """
    user, user_profile = get_profile(request)
-    
+
    if user is None:
        username = request.matchdict["username"]
        return json_error(
            "No such 'user' with username '{0}'".format(username),
            status=404
        )
-    
+
    return json_response({
        "nickname": user.username,
        "updated": user.created.isoformat(),
@ -418,42 +419,129 @@ def object_comments(request):
    return json_response(comments)

 ##
-# Well known
+# RFC6415 - Web Host Metadata
 ##
 def host_meta(request):
-    """ /.well-known/host-meta - provide URLs to resources """
-    links = []
+    """
+    This provides the host-meta URL information that is outlined
+    in RFC6415. By default this should provide XRD+XML however
+    if the client accepts JSON we will provide that over XRD+XML.
+    The 'Accept' header is used to decude this.

-    links.append({
-        "ref": "registration_endpoint",
-        "href": request.urlgen(
-            "mediagoblin.oauth.client_register",
-            qualified=True
-        ),
-    })
-    links.append({
-        "ref": "http://apinamespace.org/oauth/request_token",
-        "href": request.urlgen(
-            "mediagoblin.oauth.request_token",
-            qualified=True
-        ),
-    })
-    links.append({
-        "ref": "http://apinamespace.org/oauth/authorize",
-        "href": request.urlgen(
-            "mediagoblin.oauth.authorize",
-            qualified=True
-        ),
-    })
-    links.append({
-        "ref": "http://apinamespace.org/oauth/access_token",
-        "href": request.urlgen(
-            "mediagoblin.oauth.access_token",
-            qualified=True
-        ),
-    })
+    A client should use this endpoint to determine what URLs to
+    use for OAuth endpoints.
+    """
+
+    links = [
+        {
+            "rel": "lrdd",
+            "type": "application/json",
+            "href": request.urlgen(
+                "mediagoblin.webfinger.well-known.webfinger",
+                qualified=True
+            )
+        },
+        {
+            "rel": "registration_endpoint",
+            "href": request.urlgen(
+                "mediagoblin.oauth.client_register",
+                qualified=True
+            ),
+        },
+        {
+            "rel": "http://apinamespace.org/oauth/request_token",
+            "href": request.urlgen(
+                "mediagoblin.oauth.request_token",
+                qualified=True
+            ),
+        },
+        {
+            "rel": "http://apinamespace.org/oauth/authorize",
+            "href": request.urlgen(
+                "mediagoblin.oauth.authorize",
+                qualified=True
+            ),
+        },
+        {
+            "rel": "http://apinamespace.org/oauth/access_token",
+            "href": request.urlgen(
+                "mediagoblin.oauth.access_token",
+                qualified=True
+            ),
+        },
+        {
+            "rel": "http://apinamespace.org/activitypub/whoami",
+            "href": request.urlgen(
+                "mediagoblin.webfinger.whoami",
+                qualified=True
+            ),
+        },
+    ]
+
+    if "application/json" in request.accept_mimetypes:
+        return json_response({"links": links})
+
+    # provide XML+XRD
+    return render_to_response(
+        request,
+        "mediagoblin/federation/host-meta.xml",
+        {"links": links},
+        mimetype="application/xrd+xml"
+    )
+
+def lrdd_lookup(request):
+    """
+    This is the lrdd endpoint which can lookup a user (or
+    other things such as activities). This is as specified by
+    RFC6415.
+
+    The cleint must provide a 'resource' as a GET parameter which
+    should be the query to be looked up.
+    """
+
+    if "resource" not in request.args:
+        return json_error("No resource parameter", status=400)
+
+    resource = request.args["resource"]
+
+    if "@" in resource:
+        # Lets pull out the username
+        resource = resource[5:] if resource.startswith("acct:") else resource
+        username, host = resource.split("@", 1)
+
+        # Now lookup the user
+        user = User.query.filter_by(username=username).first()
+
+        if user is None:
+            return json_error(
+                "Can't find 'user' with username '{0}'".format(username))
+
+        return json_response([
+            {
+                "rel": "http://webfinger.net/rel/profile-page",
+                "href": user.url_for_self(request.urlgen),
+                "type": "text/html"
+            },
+            {
+                "rel": "self",
+                "href": request.urlgen(
+                    "mediagoblin.federation.user",
+                    username=user.username,
+                    qualified=True
+                )
+            },
+            {
+                "rel": "activity-outbox",
+                "href": request.urlgen(
+                    "mediagoblin.federation.feed",
+                    username=user.username,
+                    qualified=True
+                )
+            }
+        ])
+    else:
+        return json_error("Unrecognized resource parameter", status=404)

-    return json_response({"links": links})

 def whoami(request):
    """ /api/whoami - HTTP redirect to API profile """
--- a/mediagoblin/templates/mediagoblin/federation/host-meta.xml
+++ b/mediagoblin/templates/mediagoblin/federation/host-meta.xml
@ -0,0 +1,22 @@
+{# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2014 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+-#}
+<?xml version='1.0' encoding='UTF-8'?>
+<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>
+  {% for link in links %}
+    <Link rel="{{ link.rel }}" href="{{ link.href }}" />
+  {% endfor %}
+</XRD>
--- a/mediagoblin/tools/response.py
+++ b/mediagoblin/tools/response.py
@ -29,11 +29,12 @@ class Response(wz_Response):
    default_mimetype = u'text/html'


-def render_to_response(request, template, context, status=200):
+def render_to_response(request, template, context, status=200, mimetype=None):
    """Much like Django's shortcut.render()"""
    return Response(
        render_template(request, template, context),
-        status=status)
+        status=status,
+        mimetype=mimetype)

 def render_error(request, status=500, title=_('Oops!'),
                 err_msg=_('An error occured')):
@ -164,7 +165,7 @@ def json_error(error_str, status=400, *args, **kwargs):
        code to 400.
    """
    return json_response({"error": error_str}, status=status, *args, **kwargs)
-    
+
 def form_response(data, *args, **kwargs):
    """
        Responds using application/x-www-form-urlencoded and returns a werkzeug