diff options
| author | Freya Murphy <freya@freyacat.org> | 2026-03-02 08:33:53 -0500 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2026-03-02 08:33:53 -0500 |
| commit | ce502876eb0057e35ef0bce108337988223c792e (patch) | |
| tree | b95e1dac6b08bd863888dc482c29b3bc6b26bd4b | |
| parent | merge: Release/2025.4.5 (!1258) (diff) | |
| download | sharkey-ce502876eb0057e35ef0bce108337988223c792e.tar.gz sharkey-ce502876eb0057e35ef0bce108337988223c792e.tar.bz2 sharkey-ce502876eb0057e35ef0bce108337988223c792e.zip | |
allow vanity urls
| -rw-r--r-- | packages/backend/src/config.ts | 17 | ||||
| -rw-r--r-- | packages/backend/src/server/WellKnownServerService.ts | 10 |
2 files changed, 24 insertions, 3 deletions
diff --git a/packages/backend/src/config.ts b/packages/backend/src/config.ts index c2e7efd456..9d82694a40 100644 --- a/packages/backend/src/config.ts +++ b/packages/backend/src/config.ts @@ -89,6 +89,8 @@ type Source = { allowedPrivateNetworks?: PrivateNetworkSource[]; disallowExternalApRedirect?: boolean; + allowedHosts?: string[]; + maxFileSize?: number; maxNoteLength?: number; maxCwLength?: number; @@ -202,6 +204,19 @@ export function parsePrivateNetworks(patterns: PrivateNetworkSource[] | undefine .filter(p => p != null); } +export function parseAllowedHosts(hosts: string[] | undefined): string[] { + if (!hosts) + return []; + + return hosts.map(host => { + try { + return (new URL(host)).origin.toLowerCase(); + } catch (e) { + return null; + } + }).filter(host => !!host); +} + function parseIpOrMask(ipOrMask: string): CIDR | null { if (ipaddr.isValidCIDR(ipOrMask)) { return ipaddr.parseCIDR(ipOrMask); @@ -253,6 +268,7 @@ export type Config = { proxySmtp: string | undefined; proxyBypassHosts: string[] | undefined; allowedPrivateNetworks: PrivateNetwork[] | undefined; + allowedHosts: string[]; disallowExternalApRedirect: boolean; maxFileSize: number; maxNoteLength: number; @@ -453,6 +469,7 @@ export function loadConfig(): Config { proxySmtp: config.proxySmtp, proxyBypassHosts: config.proxyBypassHosts, allowedPrivateNetworks: parsePrivateNetworks(config.allowedPrivateNetworks), + allowedHosts: parseAllowedHosts(config.allowedHosts), disallowExternalApRedirect: config.disallowExternalApRedirect ?? false, maxFileSize: config.maxFileSize ?? 262144000, maxNoteLength: config.maxNoteLength ?? 3000, diff --git a/packages/backend/src/server/WellKnownServerService.ts b/packages/backend/src/server/WellKnownServerService.ts index f48310c50f..5770aac73b 100644 --- a/packages/backend/src/server/WellKnownServerService.ts +++ b/packages/backend/src/server/WellKnownServerService.ts @@ -136,12 +136,16 @@ fastify.get('/.well-known/change-password', async (request, reply) => { resource.startsWith('acct:') ? resource.slice('acct:'.length) : resource)); - const fromAcct = (acct: Acct.Acct): FindOptionsWhere<MiUser> | number => - !acct.host || acct.host === this.config.host.toLowerCase() ? { + const fromAcct = (acct: Acct.Acct): FindOptionsWhere<MiUser> | number => { + if (acct.host && acct.host !== this.config.host.toLowerCase() && !this.config.allowedHosts.includes(acct.host)) + return 422; + + return { usernameLower: acct.username.toLowerCase(), host: IsNull(), isSuspended: false, - } : 422; + } + } if (typeof request.query.resource !== 'string') { reply.code(400); |