From 225a89c2afbbe53cf39ffa7ea0cd485095a1d5f5 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Thu, 21 Dec 2017 09:56:59 +0100
Subject: Sanitize url to not end with implicit ports

---
 server/helpers/core-utils.ts                  | 22 ++++++++++++++++++++++
 server/helpers/custom-validators/webfinger.ts |  5 +++--
 2 files changed, 25 insertions(+), 2 deletions(-)

(limited to 'server/helpers')

diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts
index 443115336..0c6c36d11 100644
--- a/server/helpers/core-utils.ts
+++ b/server/helpers/core-utils.ts
@@ -11,6 +11,26 @@ import * as mkdirp from 'mkdirp'
 import { join } from 'path'
 import * as pem from 'pem'
 import * as rimraf from 'rimraf'
+import { URL } from 'url'
+
+function sanitizeUrl (url: string) {
+  const urlObject = new URL(url)
+
+  if (urlObject.protocol === 'https:' && urlObject.port === '443') {
+    urlObject.port = ''
+  } else if (urlObject.protocol === 'http:' && urlObject.port === '80') {
+    urlObject.port = ''
+  }
+
+  return urlObject.href.replace(/\/$/, '')
+}
+
+// Don't import remote scheme from constants because we are in core utils
+function sanitizeHost (host: string, remoteScheme: string) {
+  let toRemove = remoteScheme === 'https' ? 443 : 80
+
+  return host.replace(new RegExp(`:${toRemove}$`), '')
+}
 
 function isTestInstance () {
   return process.env.NODE_ENV === 'test'
@@ -114,6 +134,8 @@ export {
   root,
   escapeHTML,
   pageToStartAndCount,
+  sanitizeUrl,
+  sanitizeHost,
 
   promisify0,
   promisify1,
diff --git a/server/helpers/custom-validators/webfinger.ts b/server/helpers/custom-validators/webfinger.ts
index 1b9aad444..46f1ac210 100644
--- a/server/helpers/custom-validators/webfinger.ts
+++ b/server/helpers/custom-validators/webfinger.ts
@@ -1,4 +1,5 @@
-import { CONFIG } from '../../initializers'
+import { CONFIG, REMOTE_SCHEME } from '../../initializers'
+import { sanitizeHost } from '../core-utils'
 import { exists } from './misc'
 
 function isWebfingerResourceValid (value: string) {
@@ -11,7 +12,7 @@ function isWebfingerResourceValid (value: string) {
 
   const host = actorParts[1]
 
-  return host === CONFIG.WEBSERVER.HOSTNAME || host === CONFIG.WEBSERVER.HOST
+  return sanitizeHost(host, REMOTE_SCHEME.HTTP) === CONFIG.WEBSERVER.HOSTNAME
 }
 
 // ---------------------------------------------------------------------------
-- 
cgit v1.2.3