Update getUncachedProfileData to check for an alternate version of webfinger responses

[ChrisW-B]

Hey, I recently switched to gotosocial and noticed that StreetPass was no longer working, so I did some digging.

From checking around between gotosocial, Pleroma, and Mastodon.

• gotosocial and Pleroma support formats like https://social.chriswb.dev/.well-known/webfinger?resource=acct:@chrisw_b@social.chriswb.dev. This seems to fit section 3.1 of the Webfinger spec, so I think it's intentional behavior.
• Mastodon does not, but does support https://mastodon.social/.well-known/webfinger?resource=https://mastodon.social/@tvler, which gotosocial and pleroma do not support at the moment

As a result, non-mastodon rel=me tags may get missed. This tries to add a second query as another check for any rel=me tags.

If your intention is only to support Mastodon, I completely understand why, I could absolutely see broadening to random implementations of rel=me and webfinger causing lots of problems. If you do want to use this though, let me know if there are any changes for error handling or formatting I need to make!

Thanks for the great extension!

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated
webfinger	✅ Ready (Inspect)	Visit Preview	💬 Add your feedback	Feb 23, 2023 at 3:27PM (UTC)

[tvler]

this is really great thanks for sharing! I'm going to consult how the mastodon web client works with federated interop. Because searching for your profile by pasting your profile link works as expected.

in a perfect world I'd want to make sure that the exact same profile resolution logic is running on streetpass just to make sure we're not dropping any edge cases :)

[tvler]

if you're free, it'd be awesome to find where this is happening in the mastodon repo! no worries if you're not familiar with ruby I can check it out this weekend

[ChrisW-B]

Sure, I can look into it tonight or tomorrow! Looking into what mastodon is doing is a better idea than just futzing around with endpoints

[tvler]

I mean I bet you’re not too far off with your implementation honestly lol. In the offchance there is a cleaner solution it would be worth it to find out

[ChrisW-B]

Ok I did some poking around in the mastodon repo and all the evidence I can find for tests does seem to expect webfinger queries to come through like https://mastodon.social/.well-known/webfinger?resource=acct:tvler@mastodon.social, which also works for gotosocial (https://social.chriswb.dev/.well-known/webfinger?resource=acct:chrisw_b@social.chriswb.dev) and Pleroma (https://blob.cat/.well-known/webfinger?resource=acct:blobcat@blob.cat). (pleroma seems to default to xml, but fetching and using result.json() still works)

I'm not sure how I screwed up before that I wasn't getting a response for mastodon, but it seems like updating to use constructOpenIDUrl might work everywhere.

I'm basing this mostly on reading through tests like this: https://github.com/mastodon/mastodon/blob/main/spec/services/resolve_account_service_spec.rb. I think the account resolution starts here: https://github.com/mastodon/mastodon/blob/main/app/services/resolve_account_service.rb#L18, which seems to be splitting the url into a domain and username and then using acct:user@domain. But Mastodon is a pretty big project and my ruby experience is on the lower end, so please check me haha

[tvler]

so cool thanks! you know I'm actually in the dev discord so maybe I'll ask there. this seems like the right path

[ChrisW-B]

Oh perfect, that sounds good!

[tvler]

looks like this is related too. will do more research later https://github.com/mastodon/mastodon/blob/main/app/services/activitypub/fetch_remote_actor_service.rb

[tvler]

this'll be in the next release. needed to work on cache invalidation for "notProfile" links first so that "notProfile" links which would now return "profile" would show up in people's StreetPass list https://mastodon.social/@tvler/110129790506615727

[ChrisW-B]

awesome! looking forward to it

[tvler]

Alright here's my rough plan for what I think we need to do to achieve this https://mastodon.social/@tvler/110146976011936688

• Add API endpoints to streetpass.social that returns profile photo, display name & handle for a given federated profile URL (or null if the link isn’t a federated profile)
• Set up signing keys etc on the backend to handle “secure mode” servers https://docs.joinmastodon.org/admin/config/#authorized_fetch
• Call this api in the browser extension

Luckily this eng work aligns with this other feature on the roadmap to display more social information in the StreetPass popup UI (https://mastodon.social/@tvler/110135445576666001), so I'm down to move forward w this approach! Need to query activitypub to get all this information anyways

[tvler]

The API directory that hosts streetpass.social is just a simple next.js app for now https://github.com/tvler/streetpass/tree/main/api

I'm gonna see how feasible it is to keep this and use next's APIs and caching for all the activitypub queries