fix: reject instance domains with @ in them

This commit is contained in:
Sam 2023-04-18 02:15:45 +02:00
parent 5c8c6eed63
commit 6131884ba7
No known key found for this signature in database
GPG key ID: B4EF20DDE721CAA1

View file

@ -25,6 +25,11 @@ func (s *Server) getFediverseURL(w http.ResponseWriter, r *http.Request) error {
return server.APIError{Code: server.ErrBadRequest, Details: "Instance URL is empty"}
}
// Too many people tried using @username@fediverse.example despite the warning
if strings.Contains(instance, "@") {
return server.APIError{Code: server.ErrBadRequest, Details: "Instance URL should only be the base URL, without username"}
}
app, err := s.DB.FediverseApp(ctx, instance)
if err != nil {
return s.noAppFediverseURL(ctx, w, r, instance)