`LookupWebFingerOptions.allowPrivateAddress` (beefd859) · Commits · sc07 / Fedify Patched

CHANGES.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -39,6 +39,8 @@ To be released.
		- `new Object()` constructor now accepts `emojiReactions` option.
		- `Object.clone()` method now accepts `emojiReactions` option.

		- Added `allowPrivateAddress` option to `LookupWebFingerOptions` interface.

		- Added `-t`/`--traverse` option to the `fedify lookup` subcommand. [[#195]]

		- Added `-S`/`--suppress-errors` option to the `fedify lookup` subcommand.

+2 −0

Original line number	Diff line number	Diff line
		@@ -182,6 +182,7 @@ export interface CreateFederationOptions {
		* Mostly useful for testing purposes. Do not use in production.
		*
		* Turned off by default.
		* @since 0.15.0
		*/
		allowPrivateAddress?: boolean;

		@@ -190,6 +191,7 @@ export interface CreateFederationOptions {
		* If a string is provided, it is used as the `User-Agent` header.
		* If an object is provided, it is passed to the {@link getUserAgent}
		* function.
		* @since 1.3.0
		*/
		userAgent?: GetUserAgentOptions \| string;

+1 −2

Original line number	Diff line number	Diff line
		@@ -147,9 +147,8 @@ async function lookupObjectInternal(
		const jrd = await lookupWebFinger(identifier, {
		userAgent: options.userAgent,
		tracerProvider: options.tracerProvider,
		// @ts-ignore: `allowPrivateAddress` is not in the type definition.
		allowPrivateAddress: "allowPrivateAddress" in options &&
		options.allowPrivateAddress,
		options.allowPrivateAddress === true,
		});
		if (jrd?.links == null) return null;
		for (const l of jrd.links) {

+34 −0

Original line number	Diff line number	Diff line
		@@ -75,6 +75,40 @@ test("lookupWebFinger()", async (t) => {
		assertEquals(await lookupWebFinger("acct:johndoe@example.com"), null);
		});

		mf.mock("GET@/.well-known/webfinger", (_req) => {
		return new Response(
		JSON.stringify({
		subject: "acct:test@localhost",
		links: [
		{
		rel: "self",
		type: "application/activity+json",
		href: "https://localhost/actor",
		},
		],
		}),
		);
		});

		await t.step("private address", async () => {
		assertEquals(await lookupWebFinger("acct:test@localhost"), null);
		assertEquals(
		await lookupWebFinger("acct:test@localhost", {
		allowPrivateAddress: true,
		}),
		{
		subject: "acct:test@localhost",
		links: [
		{
		rel: "self",
		type: "application/activity+json",
		href: "https://localhost/actor",
		},
		],
		},
		);
		});

		mf.mock(
		"GET@/.well-known/webfinger",
		(_) =>

+11 −1

Original line number	Diff line number	Diff line
		@@ -30,6 +30,16 @@ export interface LookupWebFingerOptions {
		*/
		userAgent?: GetUserAgentOptions \| string;

		/**
		* Whether to allow private IP addresses in the URL.
		*
		* Mostly useful for testing purposes. Do not use this in production.
		*
		* Turned off by default.
		* @since 1.4.0
		*/
		allowPrivateAddress?: boolean;

		/**
		* The OpenTelemetry tracer provider. If omitted, the global tracer provider
		* is used.
		@@ -109,7 +119,7 @@ async function lookupWebFingerInternal(
		{ url: url.href },
		);
		let response: Response;
		if (!("allowPrivateAddress" in options) \|\| !options.allowPrivateAddress) {
		if (options.allowPrivateAddress !== true) {
		try {
		await validatePublicUrl(url.href);
		} catch (e) {