Fediverse-based authentication (#1846)

* Able to authenticate user against IndieAuth. For #1273 * WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272 * Add migration to remove access tokens from user * Add authenticated bool to user for display purposes * Add indieauth modal and auth flair to display names. For #1273 * Validate URLs and display errors * Renames, cleanups * Handle relative auth endpoint paths. Add error handling for missing redirects. * Disallow using display names in use by registered users. Closes #1810 * Verify code verifier via code challenge on callback * Use relative path to authorization_endpoint * Post-rebase fixes * Use a timestamp instead of a bool for authenticated * Propertly handle and display error in modal * Use auth'ed timestamp to derive authenticated flag to display in chat * Fediverse chat auth via OTP * Increase validity time just in case * Add fediverse auth into auth modal * Text, validation, cleanup updates for fedi auth * Fix typo * Remove unused images * Remove unused file * Add chat display name to auth modal text
2025-11-03 13:01:46 +08:00 · 2022-04-22 17:23:14 -07:00
parent 8b7e2b945e
commit a082cf3a77
21 changed files with 855 additions and 81 deletions
--- a/controllers/remoteFollow.go
+++ b/controllers/remoteFollow.go
@ -7,6 +7,7 @@ import (
 	"net/url"
 	"strings"

+	"github.com/owncast/owncast/activitypub/webfinger"
 	"github.com/owncast/owncast/core/data"
 )

@ -35,7 +36,7 @@ func RemoteFollow(w http.ResponseWriter, r *http.Request) {
 	localActorPath, _ := url.Parse(data.GetServerURL())
 	localActorPath.Path = fmt.Sprintf("/federation/user/%s", data.GetDefaultFederationUsername())
 	var template string
-	links, err := getWebfingerLinks(request.Account)
+	links, err := webfinger.GetWebfingerLinks(request.Account)
 	if err != nil {
 		WriteSimpleResponse(w, false, err.Error())
 		return
@ -62,39 +63,3 @@ func RemoteFollow(w http.ResponseWriter, r *http.Request) {

 	WriteResponse(w, response)
 }
-
-func getWebfingerLinks(account string) ([]map[string]interface{}, error) {
-	type webfingerResponse struct {
-		Links []map[string]interface{} `json:"links"`
-	}
-
-	account = strings.TrimLeft(account, "@") // remove any leading @
-	accountComponents := strings.Split(account, "@")
-	fediverseServer := accountComponents[1]
-
-	// HTTPS is required.
-	requestURL, err := url.Parse("https://" + fediverseServer)
-	if err != nil {
-		return nil, fmt.Errorf("unable to parse fediverse server host %s", fediverseServer)
-	}
-
-	requestURL.Path = "/.well-known/webfinger"
-	query := requestURL.Query()
-	query.Add("resource", fmt.Sprintf("acct:%s", account))
-	requestURL.RawQuery = query.Encode()
-
-	response, err := http.DefaultClient.Get(requestURL.String())
-	if err != nil {
-		return nil, err
-	}
-
-	defer response.Body.Close()
-
-	var links webfingerResponse
-	decoder := json.NewDecoder(response.Body)
-	if err := decoder.Decode(&links); err != nil {
-		return nil, err
-	}
-
-	return links.Links, nil
-}