Merge pull request #2614 from pixelfed/staging

Update webfinger util, fail on invalid webfinger url. Fixes #2613

CHANGELOG.md

@@ -25,6 +25,8 @@
 - Updated DiscoverComponent, add blurhash and like/comment counts. ([a8ebdd2e](https://github.com/pixelfed/pixelfed/commit/a8ebdd2e))
 - Updated DiscoverComponent, add spinner loaders and remove deprecated sections. ([34869247](https://github.com/pixelfed/pixelfed/commit/34869247))
 - Updated AccountController, add mutes and blocks endpoint to pixelfed api. ([1fb7e2b2](https://github.com/pixelfed/pixelfed/commit/1fb7e2b2))
+- Updated AccountService, cache object and observe changes. ([b299da93](https://github.com/pixelfed/pixelfed/commit/b299da93))
+- Updated webfinger util, fail on invalid webfinger url. Fixes ([#2613](https://github.com/pixelfed/pixelfed/issues/2613)) ([2d11317c](https://github.com/pixelfed/pixelfed/commit/2d11317c))
 -  ([](https://github.com/pixelfed/pixelfed/commit/))
 
 ## [v0.10.10 (2021-01-28)](https://github.com/pixelfed/pixelfed/compare/v0.10.9...v0.10.10)

app/Http/Controllers/FederationController.php

@@ -63,7 +63,7 @@ class FederationController extends Controller
         }
         $webfinger = (new Webfinger($profile))->generate();
 
-        return response()->json($webfinger, 200, [], JSON_PRETTY_PRINT)
+        return response()->json($webfinger, 200, [], JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES)
             ->header('Access-Control-Allow-Origin','*');
     }
 

app/Observers/AvatarObserver.php

@@ -5,6 +5,7 @@ namespace App\Observers;
 use App\Avatar;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Str;
+use App\Services\AccountService;
 
 class AvatarObserver
 {
@@ -27,7 +28,7 @@ class AvatarObserver
      */
     public function updated(Avatar $avatar)
     {
-        //
+        AccountService::del($avatar->profile_id);
     }
 
     /**
@@ -64,6 +65,7 @@ class AvatarObserver
                 $disk->delete($avatar->media_path);
             }
         }
+        AccountService::del($avatar->profile_id);
     }
 
     /**

app/Observers/ProfileObserver.php

@@ -0,0 +1,64 @@
+<?php
+
+namespace App\Observers;
+
+use App\Profile;
+use App\Services\AccountService;
+
+class ProfileObserver
+{
+    /**
+     * Handle the Profile "created" event.
+     *
+     * @param  \App\Profile  $profile
+     * @return void
+     */
+    public function created(Profile $profile)
+    {
+        //
+    }
+
+    /**
+     * Handle the Profile "updated" event.
+     *
+     * @param  \App\Profile  $profile
+     * @return void
+     */
+    public function updated(Profile $profile)
+    {
+        AccountService::del($profile->id);
+    }
+
+    /**
+     * Handle the Profile "deleted" event.
+     *
+     * @param  \App\Profile  $profile
+     * @return void
+     */
+    public function deleted(Profile $profile)
+    {
+        AccountService::del($profile->id);
+    }
+
+    /**
+     * Handle the Profile "restored" event.
+     *
+     * @param  \App\Profile  $profile
+     * @return void
+     */
+    public function restored(Profile $profile)
+    {
+        //
+    }
+
+    /**
+     * Handle the Profile "force deleted" event.
+     *
+     * @param  \App\Profile  $profile
+     * @return void
+     */
+    public function forceDeleted(Profile $profile)
+    {
+        //
+    }
+}

app/Providers/AppServiceProvider.php

@@ -6,6 +6,7 @@ use App\Observers\{
     AvatarObserver,
     NotificationObserver,
     ModLogObserver,
+    ProfileObserver,
     StatusHashtagObserver,
     UserObserver,
     UserFilterObserver,
@@ -14,6 +15,7 @@ use App\{
     Avatar,
     Notification,
     ModLog,
+    Profile,
     StatusHashtag,
     User,
     UserFilter
@@ -41,6 +43,7 @@ class AppServiceProvider extends ServiceProvider
         Avatar::observe(AvatarObserver::class);
         Notification::observe(NotificationObserver::class);
         ModLog::observe(ModLogObserver::class);
+        Profile::observe(ProfileObserver::class);
         StatusHashtag::observe(StatusHashtagObserver::class);
         User::observe(UserObserver::class);
         UserFilter::observe(UserFilterObserver::class);

app/Services/AccountService.php

@@ -14,16 +14,25 @@ class AccountService {
 
 	public static function get($id)
 	{
-		// $key = self::CACHE_KEY . ':' . $id;
-		// $ttl = now()->addSeconds(10);
-		// return Cache::remember($key, $ttl, function() use($id) {
-		// });
-		
-		$fractal = new Fractal\Manager();
-		$fractal->setSerializer(new ArraySerializer());
-		$profile = Profile::whereNull('status')->findOrFail($id);
-		$resource = new Fractal\Resource\Item($profile, new AccountTransformer());
-		return $fractal->createData($resource)->toArray();
+		if($id > PHP_INT_MAX || $id < 1) {
+			return [];
+		}
+
+		$key = self::CACHE_KEY . $id;
+		$ttl = now()->addMinutes(15);
+
+		return Cache::remember($key, $ttl, function() use($id) {
+			$fractal = new Fractal\Manager();
+			$fractal->setSerializer(new ArraySerializer());
+			$profile = Profile::whereNull('status')->findOrFail($id);
+			$resource = new Fractal\Resource\Item($profile, new AccountTransformer());
+			return $fractal->createData($resource)->toArray();
+		});	
+	}
+
+	public static function del($id)
+	{
+		return Cache::forget(self::CACHE_KEY . $id);
 	}
 
 }

app/Util/Lexer/Nickname.php

@@ -2,22 +2,35 @@
 
 namespace App\Util\Lexer;
 
+use Illuminate\Support\Str;
+
 class Nickname
 {
     public static function normalizeProfileUrl($url)
     {
-        if (starts_with($url, 'acct:')) {
+        if(!Str::of($url)->contains('@')) {
+            return;
+        }
+
+        if(Str::startsWith($url, 'acct:')) {
             $url = str_replace('acct:', '', $url);
         }
 
-        if(starts_with($url, '@')) {
+        if(Str::startsWith($url, '@')) {
             $url = substr($url, 1);
+
+            if(!Str::of($url)->contains('@')) {
+                return;
+            }
         }
 
         $parts = explode('@', $url);
         $username = $parts[0];
         $domain = $parts[1];
 
-        return ['domain' => $domain, 'username' => $username];
+        return [
+            'domain' => $domain, 
+            'username' => $username
+        ];
     }
 }