Merge pull request #56 from interru/firefish_admin_check

feat: Add admin check using the provided username for firefish
Fediseer · Nov 4, 2023 · 364deba · 364deba
2 parents aca3d80 + 0395da0
commit 364deba
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/fediseer/apis/v1/whitelist.py b/fediseer/apis/v1/whitelist.py
@@ -98,11 +98,13 @@ def put(self, domain):
             guarantor_instance = database.find_instance_by_domain(self.args.guarantor)
             if not guarantor_instance:
                 raise e.BadRequest(f"Requested guarantor domain {self.args.guarantor} is not registered with the Fediseer yet!")
-        if self.args.admin not in instance_info.admin_usernames:
+
+        if not instance_info.is_admin(self.args.admin):
             if len(instance_info.admin_usernames) == 0:
                 raise e.Unauthorized(f"We could not discover any admins for this instance software. Please Ensure your software exposes this info. If it's exposed in a novel manner, consider sending us a PR to be able to retrieve this infomation.")
             else:
                 raise e.Forbidden(f"Only admins of that {instance.software} are allowed to claim it.")
+
         existing_claim = database.find_claim(f"@{self.args.admin}@{domain}")
         if existing_claim:
             raise e.Forbidden(f"You have already claimed this instance as this admin. Please use the PATCH method to reset your API key.")

diff --git a/fediseer/fediverse.py b/fediseer/fediverse.py
@@ -275,6 +275,20 @@ def parse_instance_info(self):
         else:
             software_map[self.software]()
 
+    def is_admin(self, user):
+        admin = user in self.admin_usernames
+
+        if not admin and self.software == "firefish":
+            payload = {
+                "username": user
+            }
+            user_info = requests.post(f"https://{self.domain}/api/users/show", timeout=self._req_timeout, json=payload).json()
+            admin = user_info.get('isAdmin', False)
+            if admin:
+                self.admin_usernames.add(user)
+
+        return admin
+
     @staticmethod
     def get_nodeinfo(domain, req_timeout=3):
         headers = {
@@ -323,4 +337,4 @@ def domain_exists(self):
 # else:
 #     logger.error("Domain does not exist")
 # import sys
-# sys.exit()
+# sys.exit()