Merge pull request #56 from interru/firefish_admin_check

feat: Add admin check using the provided username for firefish
pull/61/head
Divided by Zer0 2023-11-04 23:55:41 +01:00 committed by GitHub
commit 364deba6b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 2 deletions

View File

@ -98,11 +98,13 @@ class WhitelistDomain(Resource):
guarantor_instance = database.find_instance_by_domain(self.args.guarantor) guarantor_instance = database.find_instance_by_domain(self.args.guarantor)
if not guarantor_instance: if not guarantor_instance:
raise e.BadRequest(f"Requested guarantor domain {self.args.guarantor} is not registered with the Fediseer yet!") raise e.BadRequest(f"Requested guarantor domain {self.args.guarantor} is not registered with the Fediseer yet!")
if self.args.admin not in instance_info.admin_usernames:
if not instance_info.is_admin(self.args.admin):
if len(instance_info.admin_usernames) == 0: if len(instance_info.admin_usernames) == 0:
raise e.Unauthorized(f"We could not discover any admins for this instance software. Please Ensure your software exposes this info. If it's exposed in a novel manner, consider sending us a PR to be able to retrieve this infomation.") raise e.Unauthorized(f"We could not discover any admins for this instance software. Please Ensure your software exposes this info. If it's exposed in a novel manner, consider sending us a PR to be able to retrieve this infomation.")
else: else:
raise e.Forbidden(f"Only admins of that {instance.software} are allowed to claim it.") raise e.Forbidden(f"Only admins of that {instance.software} are allowed to claim it.")
existing_claim = database.find_claim(f"@{self.args.admin}@{domain}") existing_claim = database.find_claim(f"@{self.args.admin}@{domain}")
if existing_claim: if existing_claim:
raise e.Forbidden(f"You have already claimed this instance as this admin. Please use the PATCH method to reset your API key.") raise e.Forbidden(f"You have already claimed this instance as this admin. Please use the PATCH method to reset your API key.")

View File

@ -275,6 +275,20 @@ class InstanceInfo():
else: else:
software_map[self.software]() software_map[self.software]()
def is_admin(self, user):
admin = user in self.admin_usernames
if not admin and self.software == "firefish":
payload = {
"username": user
}
user_info = requests.post(f"https://{self.domain}/api/users/show", timeout=self._req_timeout, json=payload).json()
admin = user_info.get('isAdmin', False)
if admin:
self.admin_usernames.add(user)
return admin
@staticmethod @staticmethod
def get_nodeinfo(domain, req_timeout=3): def get_nodeinfo(domain, req_timeout=3):
headers = { headers = {