Update Remote Auth feature, fix custom domain bug and enforce banned domains

2023-07-17 23:43:19 -06:00 · 2023-07-17 23:43:19 -06:00 · acabf603f0
parent 780e78f21a
commit acabf603f0
4 changed files with 65 additions and 5 deletions
--- a/app/Http/Controllers/RemoteAuthController.php
+++ b/app/Http/Controllers/RemoteAuthController.php
@ -7,6 +7,7 @@ use Illuminate\Http\Request;
 use App\Services\Account\RemoteAuthService;
 use App\Models\RemoteAuth;
 use App\Profile;
+use App\Instance;
 use App\User;
 use Purify;
 use Illuminate\Support\Facades\Auth;
@ -36,6 +37,8 @@ class RemoteAuthController extends Controller

    public function getAuthDomains(Request $request)
    {
+        abort_unless(config_cache('pixelfed.open_registration') && config('remote-auth.mastodon.enabled'), 404);
+
        if(config('remote-auth.mastodon.domains.only_custom')) {
            $res = config('remote-auth.mastodon.domains.custom');
            if(!$res || !strlen($res)) {
@ -45,6 +48,19 @@ class RemoteAuthController extends Controller
            return response()->json($res);
        }

+        if( config('remote-auth.mastodon.domains.custom') &&
+            !config('remote-auth.mastodon.domains.only_default') &&
+            strlen(config('remote-auth.mastodon.domains.custom')) > 3 &&
+            strpos(config('remote-auth.mastodon.domains.custom'), '.') > -1
+        ) {
+            $res = config('remote-auth.mastodon.domains.custom');
+            if(!$res || !strlen($res)) {
+                return [];
+            }
+            $res = explode(',', $res);
+            return response()->json($res);
+        }
+
        $res = config('remote-auth.mastodon.domains.default');
        $res = explode(',', $res);

@ -57,6 +73,27 @@ class RemoteAuthController extends Controller
        $this->validate($request, ['domain' => 'required']);

        $domain = $request->input('domain');
+
+        if(str_starts_with(strtolower($domain), 'http')) {
+            $res = [
+                'domain' => $domain,
+                'ready' => false,
+                'action' => 'incompatible_domain'
+            ];
+            return response()->json($res);
+        }
+
+        $validateInstance = Helpers::validateUrl('https://' . $domain . '/?block-check=' . time());
+
+        if(!$validateInstance) {
+             $res = [
+                'domain' => $domain,
+                'ready' => false,
+                'action' => 'blocked_domain'
+            ];
+            return response()->json($res);
+        }
+
        $compatible = RemoteAuthService::isDomainCompatible($domain);

        if(!$compatible) {
--- a/app/Services/Account/RemoteAuthService.php
+++ b/app/Services/Account/RemoteAuthService.php
@ -12,6 +12,14 @@ class RemoteAuthService
 {
    const CACHE_KEY = 'pf:services:remoteauth:';

+    public static function getConfig()
+    {
+        return json_encode([
+            'default_only' => config('remote-auth.mastodon.domains.only_default'),
+            'custom_only' => config('remote-auth.mastodon.domains.only_custom'),
+        ]);
+    }
+
    public static function getMastodonClient($domain)
    {
        if(RemoteAuthInstance::whereDomain($domain)->exists()) {
--- a/resources/assets/components/remote-auth/StartComponent.vue
+++ b/resources/assets/components/remote-auth/StartComponent.vue
@ -24,8 +24,8 @@
                        @click="handleRedirect(domain)">
                        <span class="font-weight-bold">{{ domain }}</span>
                    </button>
-                    <hr>
-                    <p class="text-center">
+                    <hr v-if="!config.default_only && !config.custom_only">
+                    <p v-if="!config.default_only && !config.custom_only" class="text-center">
                        <button type="button" class="other-server-btn" @click="handleOther()">Sign-in with a different server</button>
                    </p>
                    <div class="w-100">
@ -43,6 +43,12 @@

 <script type="text/javascript">
    export default {
+        props: {
+            config: {
+                type: Object
+            }
+        },
+
        data() {
            return {
                loaded: false,
@ -79,6 +85,11 @@
                        return;
                    }

+                    if(res.data.hasOwnProperty('action') && res.data.action === 'blocked_domain') {
+                        swal('Server Blocked', 'This server is blocked by admins and cannot be used, please try another server!', 'error');
+                        return;
+                    }
+
                    if(res.data.ready) {
                        window.location.href = '/auth/raw/mastodon/preflight?d=' + domain + '&dsh=' + res.data.dsh;
                    }
@ -95,9 +106,13 @@
                  },
                })
                .then(domain => {
-                  if (!domain) throw null;
+                  if (!domain || domain.length < 2 || domain.indexOf('.') == -1) {
+                    swal('Oops!', "Please enter a valid domain!", 'error');
+                    return;
+                  };

-                  if(domain.startsWith('https://')) {
+                  if(domain.startsWith('http')) {
+                    swal('Oops!', "The domain you enter should not start with http(s://)\nUse the domain format, like mastodon.social", 'error');
                    return;
                  }

--- a/resources/views/auth/remote/start.blade.php
+++ b/resources/views/auth/remote/start.blade.php
@ -1,7 +1,7 @@
@extends('layouts.app')

@section('content')
-<remote-auth-start-component />
+<remote-auth-start-component :config='{!!\App\Services\Account\RemoteAuthService::getConfig()!!}'/>
@endsection

@push('scripts')