Merge pull request #56 from interru/firefish_admin_check

feat: Add admin check using the provided username for firefish
2023-11-04 23:55:41 +01:00 · 2023-11-04 23:55:41 +01:00 · 364deba6b7
parent aca3d807ba 0395da0285
commit 364deba6b7
2 changed files with 18 additions and 2 deletions
--- a/fediseer/apis/v1/whitelist.py
+++ b/fediseer/apis/v1/whitelist.py
@ -98,11 +98,13 @@ class WhitelistDomain(Resource):
            guarantor_instance = database.find_instance_by_domain(self.args.guarantor)
            if not guarantor_instance:
                raise e.BadRequest(f"Requested guarantor domain {self.args.guarantor} is not registered with the Fediseer yet!")
-        if self.args.admin not in instance_info.admin_usernames:
+
+        if not instance_info.is_admin(self.args.admin):
            if len(instance_info.admin_usernames) == 0:
                raise e.Unauthorized(f"We could not discover any admins for this instance software. Please Ensure your software exposes this info. If it's exposed in a novel manner, consider sending us a PR to be able to retrieve this infomation.")
            else:
                raise e.Forbidden(f"Only admins of that {instance.software} are allowed to claim it.")
+
        existing_claim = database.find_claim(f"@{self.args.admin}@{domain}")
        if existing_claim:
            raise e.Forbidden(f"You have already claimed this instance as this admin. Please use the PATCH method to reset your API key.")
--- a/fediseer/fediverse.py
+++ b/fediseer/fediverse.py
@ -275,6 +275,20 @@ class InstanceInfo():
        else:
            software_map[self.software]()

+    def is_admin(self, user):
+        admin = user in self.admin_usernames
+
+        if not admin and self.software == "firefish":
+            payload = {
+                "username": user
+            }
+            user_info = requests.post(f"https://{self.domain}/api/users/show", timeout=self._req_timeout, json=payload).json()
+            admin = user_info.get('isAdmin', False)
+            if admin:
+                self.admin_usernames.add(user)
+
+        return admin
+
    @staticmethod
    def get_nodeinfo(domain, req_timeout=3):
        headers = {
@ -323,4 +337,4 @@ class InstanceInfo():
 # else:
 #     logger.error("Domain does not exist")
 # import sys
-# sys.exit()
+# sys.exit()