gsathecat
/
fediseer
mirror of https://github.com/Fediseer/fediseer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add admin check using the provided username for firefish

pull/56/head
interru 2023-11-04 21:43:18 +01:00
parent aca3d807ba
commit 0395da0285
No known key found for this signature in database
GPG Key ID: E01E350F5E2A884A
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fediseer/apis/v1/whitelist.py
View File

@ -98,11 +98,13 @@ class WhitelistDomain(Resource):
guarantor_instance = database.find_instance_by_domain(self.args.guarantor) guarantor_instance = database.find_instance_by_domain(self.args.guarantor)
if not guarantor_instance: if not guarantor_instance:
raise e.BadRequest(f"Requested guarantor domain {self.args.guarantor} is not registered with the Fediseer yet!") raise e.BadRequest(f"Requested guarantor domain {self.args.guarantor} is not registered with the Fediseer yet!")
if self.args.admin not in instance_info.admin_usernames:
if not instance_info.is_admin(self.args.admin):
if len(instance_info.admin_usernames) == 0: if len(instance_info.admin_usernames) == 0:
raise e.Unauthorized(f"We could not discover any admins for this instance software. Please Ensure your software exposes this info. If it's exposed in a novel manner, consider sending us a PR to be able to retrieve this infomation.") raise e.Unauthorized(f"We could not discover any admins for this instance software. Please Ensure your software exposes this info. If it's exposed in a novel manner, consider sending us a PR to be able to retrieve this infomation.")
else: else:
raise e.Forbidden(f"Only admins of that {instance.software} are allowed to claim it.") raise e.Forbidden(f"Only admins of that {instance.software} are allowed to claim it.")
existing_claim = database.find_claim(f"@{self.args.admin}@{domain}") existing_claim = database.find_claim(f"@{self.args.admin}@{domain}")
if existing_claim: if existing_claim:
raise e.Forbidden(f"You have already claimed this instance as this admin. Please use the PATCH method to reset your API key.") raise e.Forbidden(f"You have already claimed this instance as this admin. Please use the PATCH method to reset your API key.")

14
fediseer/fediverse.py
View File

@ -275,6 +275,20 @@ class InstanceInfo():
else: else:
software_map[self.software]() software_map[self.software]()
def is_admin(self, user):
admin = user in self.admin_usernames
if not admin and self.software == "firefish":
payload = {
"username": user
}
user_info = requests.post(f"https://{self.domain}/api/users/show", timeout=self._req_timeout, json=payload).json()
admin = user_info.get('isAdmin', False)
if admin:
self.admin_usernames.add(user)
return admin
@staticmethod @staticmethod
def get_nodeinfo(domain, req_timeout=3): def get_nodeinfo(domain, req_timeout=3):
headers = { headers = {