catstodon/app/controllers/well_known/webfinger_controller.rb
Claire 49219508bc
Fix anonymous access to outbox not being cached by the reverse proxy (#16458)
* Fix anonymous access to outbox not being cached by the reverse proxy

Up until now, anonymous access to outbox was marked as public, but with a
0 duration for caching, which means remote proxies would only serve from cache
when the server was completely overwhelmed.

Changed that cache duration to one minute, so that repeated anonymous access
to one account's outbox can be appropriately cached.

Also added `Signature` to the `Vary` header in case a page is requested, so
that authenticated fetches are never served from cache (which only contains
public toots).

* Remove Vary: Accept header from webfinger controller

Indeed, we have stopped returning xrd, and only ever return jrd, so the
Accept request header does not matter anymore.

* Cache negative webfinger hits for 3 minutes
2021-07-03 21:13:47 +02:00

54 lines
1.3 KiB
Ruby

# frozen_string_literal: true
module WellKnown
class WebfingerController < ActionController::Base
include RoutingHelper
before_action :set_account
before_action :check_account_suspension
rescue_from ActiveRecord::RecordNotFound, with: :not_found
rescue_from ActionController::ParameterMissing, WebfingerResource::InvalidRequest, with: :bad_request
def show
expires_in 3.days, public: true
render json: @account, serializer: WebfingerSerializer, content_type: 'application/jrd+json'
end
private
def set_account
@account = Account.find_local!(username_from_resource)
end
def username_from_resource
resource_user = resource_param
username, domain = resource_user.split('@')
resource_user = "#{username}@#{Rails.configuration.x.local_domain}" if Rails.configuration.x.alternate_domains.include?(domain)
WebfingerResource.new(resource_user).username
end
def resource_param
params.require(:resource)
end
def check_account_suspension
expires_in(3.minutes, public: true) && gone if @account.suspended_permanently?
end
def bad_request
expires_in(3.minutes, public: true)
head 400
end
def not_found
expires_in(3.minutes, public: true)
head 404
end
def gone
head 410
end
end
end