diff --git a/CHANGES.md b/CHANGES.md index 77055c4..574cf96 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -39,6 +39,8 @@ To be released. - `new Object()` constructor now accepts `emojiReactions` option. - `Object.clone()` method now accepts `emojiReactions` option. + - Added `allowPrivateAddress` option to `LookupWebFingerOptions` interface. + - Added `-t`/`--traverse` option to the `fedify lookup` subcommand. [[#195]] - Added `-S`/`--suppress-errors` option to the `fedify lookup` subcommand. diff --git a/src/federation/middleware.ts b/src/federation/middleware.ts index 6f27193..4c8eea8 100644 --- a/src/federation/middleware.ts +++ b/src/federation/middleware.ts @@ -182,6 +182,7 @@ export interface CreateFederationOptions { * Mostly useful for testing purposes. *Do not use in production.* * * Turned off by default. + * @since 0.15.0 */ allowPrivateAddress?: boolean; @@ -190,6 +191,7 @@ export interface CreateFederationOptions { * If a string is provided, it is used as the `User-Agent` header. * If an object is provided, it is passed to the {@link getUserAgent} * function. + * @since 1.3.0 */ userAgent?: GetUserAgentOptions | string; diff --git a/src/vocab/lookup.ts b/src/vocab/lookup.ts index cbcd772..f1ee329 100644 --- a/src/vocab/lookup.ts +++ b/src/vocab/lookup.ts @@ -147,9 +147,8 @@ async function lookupObjectInternal( const jrd = await lookupWebFinger(identifier, { userAgent: options.userAgent, tracerProvider: options.tracerProvider, - // @ts-ignore: `allowPrivateAddress` is not in the type definition. allowPrivateAddress: "allowPrivateAddress" in options && - options.allowPrivateAddress, + options.allowPrivateAddress === true, }); if (jrd?.links == null) return null; for (const l of jrd.links) { diff --git a/src/webfinger/lookup.test.ts b/src/webfinger/lookup.test.ts index 1f098c3..84b804f 100644 --- a/src/webfinger/lookup.test.ts +++ b/src/webfinger/lookup.test.ts @@ -75,6 +75,40 @@ test("lookupWebFinger()", async (t) => { assertEquals(await lookupWebFinger("acct:johndoe@example.com"), null); }); + mf.mock("GET@/.well-known/webfinger", (_req) => { + return new Response( + JSON.stringify({ + subject: "acct:test@localhost", + links: [ + { + rel: "self", + type: "application/activity+json", + href: "https://localhost/actor", + }, + ], + }), + ); + }); + + await t.step("private address", async () => { + assertEquals(await lookupWebFinger("acct:test@localhost"), null); + assertEquals( + await lookupWebFinger("acct:test@localhost", { + allowPrivateAddress: true, + }), + { + subject: "acct:test@localhost", + links: [ + { + rel: "self", + type: "application/activity+json", + href: "https://localhost/actor", + }, + ], + }, + ); + }); + mf.mock( "GET@/.well-known/webfinger", (_) => diff --git a/src/webfinger/lookup.ts b/src/webfinger/lookup.ts index f1d0c72..d3a7c9b 100644 --- a/src/webfinger/lookup.ts +++ b/src/webfinger/lookup.ts @@ -30,6 +30,16 @@ export interface LookupWebFingerOptions { */ userAgent?: GetUserAgentOptions | string; + /** + * Whether to allow private IP addresses in the URL. + * + * Mostly useful for testing purposes. *Do not use this in production.* + * + * Turned off by default. + * @since 1.4.0 + */ + allowPrivateAddress?: boolean; + /** * The OpenTelemetry tracer provider. If omitted, the global tracer provider * is used. @@ -109,7 +119,7 @@ async function lookupWebFingerInternal( { url: url.href }, ); let response: Response; - if (!("allowPrivateAddress" in options) || !options.allowPrivateAddress) { + if (options.allowPrivateAddress !== true) { try { await validatePublicUrl(url.href); } catch (e) {