hyphacoop · RangerMauve · Nov 16, 2023 · Nov 14, 2023 · Nov 14, 2023 · Nov 15, 2023
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -1,4 +1,4 @@
-name: Lint 
+name: Lint & Test
 
 on: [ push, pull_request ]
 
@@ -17,4 +17,5 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
       - run: npm ci
-      - run: npm run lint
+      - run: npm run lint
+      - run: npm run test
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -46,6 +46,7 @@
     "env-paths": "^3.0.0",
     "express": "^4.17.1",
     "fast-jwt": "^2.0.2",
+    "fast-xml-parser": "^4.3.2",
     "fastify": "^4.10.2",
     "fastify-metrics": "^10.0.0",
     "fastify-plugin": "^4.4.0",

diff --git a/src/server/apsystem.test.ts b/src/server/apsystem.test.ts
@@ -133,6 +133,39 @@ test('getActor uses regular fetch when fromActor is not provided', async t => {
   }, 'getActor should use regular fetch when fromActor is not provided')
 })
 
+// Test for successful Webfinger fetch with fallback to Host-Meta
+test('mentionToActor fetches from Webfinger and falls back to Host-Meta on 404', async t => {
+  const mention = '@[email protected]'
+  const hostMetaXML = `<?xml version="1.0" encoding="UTF-8"?>
+<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
+  <Link rel="lrdd" template="https://domain.com/.well-known/webfinge/{uri}"/>
+</XRD>`
+
+  // Create a single stub for the fetch method
+  const fetchStub = sinon.stub(aps, 'fetch')
+
+  // Configure responses for different URLs
+  fetchStub
+    .withArgs(sinon.match(/webfinger/))
+    .returns(Promise.resolve(new Response(null, { status: 404 }))) // 404 for Webfinger
+
+  fetchStub
+    .withArgs(sinon.match(/host-meta/))
+    .returns(Promise.resolve(new Response(hostMetaXML, { status: 200 }))) // Success for Host-Meta
+
+  fetchStub
+    .withArgs(sinon.match(/webfinge/))
+    .returns(Promise.resolve(
+      new Response(JSON.stringify({
+        subject: 'acct:[email protected]',
+        links: [{ rel: 'self', href: 'http://actor.url' }]
+      }), { status: 200 })
+    )) // Success for the actual webmention URL
+
+  const result = await aps.mentionToActor(mention)
+  t.is(result, 'http://actor.url', 'should fetch from Webfinger and fallback to Host-Meta on 404')
+})
+
 // After all tests, restore all sinon mocks
 test.afterEach(() => {
   // Restore all sinon mocks

diff --git a/src/server/apsystem.ts b/src/server/apsystem.ts
@@ -3,6 +3,7 @@ import signatureParser from 'activitypub-http-signatures'
 import * as httpDigest from '@digitalbazaar/http-digest-header'
 import { nanoid } from 'nanoid'
 import HookSystem from './hooksystem.js'
+import { XMLParser } from 'fast-xml-parser'
 
 import type { FastifyRequest } from 'fastify'
 import {
@@ -23,6 +24,18 @@ export interface BasicFetchParams {
   body?: string
 }
 
+export interface HostMetaLink {
+  rel: string
+  template?: string
+  href?: string
+}
+
+export interface HostMeta {
+  XRD: {
+    Link: HostMetaLink[]
+  }
+}
+
 export type FetchLike = typeof globalThis.fetch
 
 export default class ActivityPubSystem {
@@ -257,37 +270,51 @@ export default class ActivityPubSystem {
 
   async mentionToActor (mention: string): Promise<string> {
     const { username, domain } = parseMention(mention)
-    const acct = `acct:${username}@${domain}`
-    // TODO: dynamically determine the parameter name from the host-meta file
-    const mentionURL = `https://${domain}/.well-known/webfinger?resource=${acct}`
+    let webfingerURL = `https://${domain}/.well-known/webfinger?resource=acct:${username}@${domain}`
 
-    const response = await this.fetch(mentionURL)
+    let response = await this.fetch(webfingerURL)
 
-    // throq if response not ok or if inbox isn't a string
-    if (!response.ok) {
-      throw new Error(`Cannot fetch webmention data from ${mentionURL}: http status ${response.status} - ${await response.text()}`)
+    if (!response.ok && response.status === 404) {
+      const hostMetaURL = `https://${domain}/.well-known/host-meta`
+      const hostMetaResponse = await this.signedFetch(this.publicURL, {
+        url: hostMetaURL,
+        method: 'GET',
+        headers: {}
+      })
+
+      if (!hostMetaResponse.ok) {
+        throw new Error(`Cannot fetch host-meta data from ${hostMetaURL}: http status ${hostMetaResponse.status}`)
+      }
+
+      const hostMetaText = await hostMetaResponse.text()
+      const parser = new XMLParser()
+      const hostMeta: HostMeta = parser.parse(hostMetaText)
+
+      const webfingerTemplate = hostMeta.XRD.Link.find((link: HostMetaLink) => link.rel === 'lrdd' && link.template)?.template
+
+      if (typeof webfingerTemplate !== 'string' || webfingerTemplate.length === 0) {
+        throw new Error(`Webfinger template not found in host-meta data at ${hostMetaURL}`)
+      }
+
+      webfingerURL = webfingerTemplate.replace('{uri}', `acct:${username}@${domain}`)
+      response = await this.fetch(webfingerURL)
     }
 
-    const { subject, links } = await response.json().catch((cause) => {
-      throw new Error(`Unable to parse webmention JSON at ${mentionURL}`, { cause })
-    })
-    if (subject !== acct) {
-      throw new Error(`Webmention endpoint returned invalid subject. Extepcted ${acct} at ${mentionURL}, got ${subject as string}`)
+    if (!response.ok) {
+      throw new Error(`Cannot fetch webmention data from ${webfingerURL}: http status ${response.status}`)
     }
 
-    if (!Array.isArray(links)) {
-      throw new Error(`Expected links array in webmention endpoint for ${mentionURL}`)
+    const { subject, links } = await response.json()
+    if (subject !== `acct:${username}@${domain}`) {
+      throw new Error(`Webmention endpoint returned invalid subject for ${webfingerURL}`)
     }
 
-    for (const { rel, type, href } of links) {
-      if (rel !== 'self') continue
-      // TODO: Throw an error?
-      if (typeof type !== 'string') continue
-      if (!type.includes('application/activity+json') && !type.includes('application/ld+json')) continue
-      return href
+    const actorLink = links.find((link: HostMetaLink) => link.rel === 'self')
+    if (typeof actorLink?.href !== 'string' || actorLink.href.trim().length === 0) {
+      throw new Error(`Unable to find actor link from webmention at ${webfingerURL}`)
     }
 
-    throw new Error(`Unable to find ActivityPub link from webmentions at ${mentionURL}`)
+    return actorLink.href
   }
 
   async ingestActivity (fromActor: string, activity: APActivity): Promise<void> {