From 0c5ce67d4ec2fa8b8d8628af28998313bcbb9ff0 Mon Sep 17 00:00:00 2001 From: Thomas Sileo Date: Sun, 13 Nov 2022 17:37:19 +0100 Subject: [PATCH] Tweak remote instance redirection --- app/main.py | 44 +++++++++++-------- app/templates.py | 2 + .../redirect_to_remote_instance.html | 15 +++++++ 3 files changed, 43 insertions(+), 18 deletions(-) create mode 100644 app/templates/redirect_to_remote_instance.html diff --git a/app/main.py b/app/main.py index e25cc9d..115e3a3 100644 --- a/app/main.py +++ b/app/main.py @@ -1,5 +1,4 @@ import base64 -import html import os import sys import time @@ -39,7 +38,6 @@ from starlette.background import BackgroundTask from starlette.datastructures import Headers from starlette.datastructures import MutableHeaders from starlette.exceptions import HTTPException as StarletteHTTPException -from starlette.responses import HTMLResponse from starlette.responses import JSONResponse from starlette.types import Message from uvicorn.middleware.proxy_headers import ProxyHeadersMiddleware # type: ignore @@ -256,7 +254,11 @@ class ActivityPubResponse(JSONResponse): media_type = "application/activity+json" -class HTMLRedirectResponse(HTMLResponse): +async def redirect_to_remote_instance( + request: Request, + db_session: AsyncSession, + url: str, +) -> templates.TemplateResponse: """ Similar to RedirectResponse, but uses a 200 response with HTML. @@ -264,15 +266,16 @@ class HTMLRedirectResponse(HTMLResponse): since our CSP policy disallows remote form submission. https://github.com/w3c/webappsec-csp/issues/8#issuecomment-810108984 """ - - def __init__( - self, - url: str, - ) -> None: - super().__init__( - content=f'Continue to remote resource', - headers={"Refresh": "0;url=" + url}, - ) + return await templates.render_template( + db_session, + request, + "redirect_to_remote_instance.html", + { + "request": request, + "url": url, + }, + headers={"Refresh": "0;url=" + url}, + ) @app.get(config.NavBarItems.NOTES_PATH) @@ -980,9 +983,10 @@ async def get_remote_follow( @app.post("/remote_follow") async def post_remote_follow( request: Request, + db_session: AsyncSession = Depends(get_db_session), csrf_check: None = Depends(verify_csrf_token), profile: str = Form(), -) -> HTMLRedirectResponse: +) -> templates.TemplateResponse: if not profile.startswith("@"): profile = f"@{profile}" @@ -991,7 +995,9 @@ async def post_remote_follow( # TODO(ts): error message to user raise HTTPException(status_code=404) - return HTMLRedirectResponse( + return await redirect_to_remote_instance( + request, + db_session, remote_follow_template.format(uri=ID), ) @@ -1020,10 +1026,11 @@ async def remote_interaction( @app.post("/remote_interaction") async def post_remote_interaction( request: Request, + db_session: AsyncSession = Depends(get_db_session), csrf_check: None = Depends(verify_csrf_token), profile: str = Form(), ap_id: str = Form(), -) -> RedirectResponse: +) -> templates.TemplateResponse: if not profile.startswith("@"): profile = f"@{profile}" @@ -1032,9 +1039,10 @@ async def post_remote_interaction( # TODO(ts): error message to user raise HTTPException(status_code=404) - return RedirectResponse( - remote_follow_template.format(uri=ap_id), - status_code=302, + return await redirect_to_remote_instance( + request, + db_session, + remote_follow_template.format(uri=ID), ) diff --git a/app/templates.py b/app/templates.py index 7b3be79..c850622 100644 --- a/app/templates.py +++ b/app/templates.py @@ -85,6 +85,7 @@ async def render_template( template: str, template_args: dict[str, Any] | None = None, status_code: int = 200, + headers: dict[str, str] | None = None, ) -> TemplateResponse: if template_args is None: template_args = {} @@ -129,6 +130,7 @@ async def render_template( **template_args, }, status_code=status_code, + headers=headers, ) diff --git a/app/templates/redirect_to_remote_instance.html b/app/templates/redirect_to_remote_instance.html new file mode 100644 index 0000000..f814777 --- /dev/null +++ b/app/templates/redirect_to_remote_instance.html @@ -0,0 +1,15 @@ +{%- import "utils.html" as utils with context -%} +{% extends "layout.html" %} + +{% block head %} +{{ local_actor.display_name }}'s microblog - Redirect +{% endblock %} + +{% block content %} +{% include "header.html" %} + +
+

You are being redirected to your instance: {{ url }}

+
+ +{% endblock %}