From c59988a0862e1acc2f5805b327db0bd00569d8e1 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 28 Dec 2022 03:08:20 +0300
Subject: webfinger: respond 404 on invalid resource request

---
 .../java/com/juick/www/api/webfinger/Resource.java   | 20 ++++++++++++--------
 .../java/com/juick/server/tests/ServerTests.java     |  2 ++
 2 files changed, 14 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/main/java/com/juick/www/api/webfinger/Resource.java b/src/main/java/com/juick/www/api/webfinger/Resource.java
index 570ceed3..c4e0d5ca 100644
--- a/src/main/java/com/juick/www/api/webfinger/Resource.java
+++ b/src/main/java/com/juick/www/api/webfinger/Resource.java
@@ -46,15 +46,19 @@ public class Resource {
     @GetMapping(value = "/.well-known/webfinger", produces = "application/jrd+json;charset=utf-8")
     public Account getWebResource(@RequestParam String resource) {
         if (resource.startsWith("acct:")) {
-            Jid account = Jid.of(resource.substring(5));
-            if (account.getDomain().equals(domain)) {
-                User user = userService.getUserByName(account.getLocal());
-                if (!user.isAnonymous()) {
-                    UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(baseUri);
-                    builder.path(String.format("/u/%s", user.getName()));
-                    Link blog = new Link("self", ACTIVITY_MEDIA_TYPE, builder.toUriString());
-                    return new Account(resource, List.of(blog));
+            try {
+                Jid account = Jid.of(resource.substring(5));
+                if (account.getDomain().equals(domain)) {
+                    User user = userService.getUserByName(account.getLocal());
+                    if (!user.isAnonymous()) {
+                        UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(baseUri);
+                        builder.path(String.format("/u/%s", user.getName()));
+                        Link blog = new Link("self", ACTIVITY_MEDIA_TYPE, builder.toUriString());
+                        return new Account(resource, List.of(blog));
+                    }
                 }
+            } catch (NullPointerException | IllegalArgumentException e) {
+                throw new HttpNotFoundException();
             }
         }
         throw new HttpNotFoundException();
diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java
index 7d0aa019..541c2fc1 100644
--- a/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/src/test/java/com/juick/server/tests/ServerTests.java
@@ -1748,6 +1748,8 @@ public class ServerTests {
                                 .andExpect(jsonPath("$.links[0].href", is("http://localhost:8080/u/ugnich")));
                 mockMvc.perform(get("/.well-known/webfinger?resource=acct:durov@localhost"))
                                 .andExpect(status().isNotFound());
+                mockMvc.perform(get("/.well-known/webfinger?resource=acct:@localhost"))
+                        .andExpect(status().isNotFound());
         }
 
         @Test
-- 
cgit v1.2.3