Fix split-origin WebFinger subjects#921
Conversation
Return the canonical handle-host acct URI as the WebFinger subject when a local actor is resolved through a server-origin acct alias. Keep the queried acct alias in the aliases list so reciprocal checks can still relate the two identities. Fixes fedify-dev#920 Assisted-by: Codex:gpt-5.5
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@codex review |
There was a problem hiding this comment.
Code Review
This pull request fixes split-origin WebFinger responses for acct: aliases on the web origin host. When a local actor is queried through the server-origin acct: alias, Fedify now returns the canonical handle-host acct: URI as the JRD subject and keeps the queried acct: URI in aliases. The review feedback suggests also including the canonical acct: URI on the web origin in the aliases list when the actor's preferredUsername differs from the queried username to ensure consistency.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
Codex Review: Didn't find any major issues. Bravo. Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/fedify/src/federation/webfinger.ts (1)
253-261: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick winFallback
usernamere-derivation may diverge from the original queried username due to URL percent-encoding.
usernameis recomputed by strippingresourceUrl.hrefrather than reusing the rawmatch[1]captured earlier (line 188-189). Sinceacct:is a non-special URI scheme,new URL()percent-encodes reserved characters (e.g. spaces) in the opaque path whenresourceUrlwas constructed. Ifactor.preferredUsernameisnull, the fallbacksubjectwould use this percent-encoded username instead of the original raw one, producing an inconsistentsubjectfor usernames containing characters needing encoding.Consider hoisting the original username into an outer-scoped variable when
resourceUrlis reconstructed (around line 189) and reusing it here instead of re-parsinghref.♻️ Suggested approach
- let identifier: string | null = null; + let identifier: string | null = null; + let queriedUsername: string | null = null; const uriParsed = context.parseUri(resourceUrl); ... } else { ... identifier = await mapUsernameToIdentifier(match[1]); resourceUrl = new URL(`acct:${match[1]}@${normalizedHost}`); + queriedUsername = match[1]; } ... - const username = resourceUrl.href.replace(/^acct:/, "").replace(/@.*$/, ""); - subject = `acct:${actor.preferredUsername ?? username}@${host}`; + subject = `acct:${actor.preferredUsername ?? queriedUsername}@${host}`;🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/fedify/src/federation/webfinger.ts` around lines 253 - 261, The fallback subject in webfinger handling is re-deriving the username from resourceUrl.href, which can pick up percent-encoding and diverge from the originally queried acct username. Hoist the raw username captured during the initial acct: parsing in federation/webfinger.ts into an outer-scoped variable, then reuse that original value when building subject in this fallback block instead of re-parsing resourceUrl.href. Keep the existing host and actor.preferredUsername logic intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In `@packages/fedify/src/federation/webfinger.ts`:
- Around line 253-261: The fallback subject in webfinger handling is re-deriving
the username from resourceUrl.href, which can pick up percent-encoding and
diverge from the originally queried acct username. Hoist the raw username
captured during the initial acct: parsing in federation/webfinger.ts into an
outer-scoped variable, then reuse that original value when building subject in
this fallback block instead of re-parsing resourceUrl.href. Keep the existing
host and actor.preferredUsername logic intact.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 6262805e-9906-432a-b979-6dffd319eab2
📒 Files selected for processing (3)
CHANGES.mdpackages/fedify/src/federation/webfinger.test.tspackages/fedify/src/federation/webfinger.ts
Codecov Report✅ All modified and coverable lines are covered by tests.
... and 1 file with indirect coverage changes 🚀 New features to boost your workflow:
|
Keep the original username captured while parsing an acct WebFinger query and reuse it when building the split-origin fallback subject. This avoids deriving the subject from the URL-serialized resource, which may have changed escaping. fedify-dev#921 (review) Assisted-by: Codex:gpt-5.5
When a split-origin acct lookup uses a non-canonical username, include the preferred username on the web-origin host in aliases. This keeps the fallback acct response consistent with actor URI lookups while preserving the queried alias. fedify-dev#921 (comment) Assisted-by: Codex:gpt-5.5
|
/gemini review |
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ff302a1bc0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Move subject and alias construction into a helper so split-origin handling shares the same actor username and host inputs without repeating the surrounding calculations. fedify-dev#921 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
|
/gemini review |
|
Codex Review: Didn't find any major issues. Already looking forward to the next diff. Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
Fixes #920.
Why this change is needed
In split-origin deployments, the public fediverse handle and the ActivityPub server can live on different hosts. A server may receive a WebFinger request for an
acct:URI on the server origin after a remote implementation starts from an actor URL and checks the reciprocal account identity.Fedify already accepted that server-origin
acct:URI as an alias when the actor was local. The response still used the queried alias assubject, though, which made the alias look canonical to clients that stop at the WebFinger subject. The canonical handle-host identity was present only inaliases, too late for that lookup path.How this fixes it
The handler in packages/fedify/src/federation/webfinger.ts now keeps the normalized query URI separate from the JRD subject. For an
acct:query on the web-origin host, it returns the handle-hostacct:URI assubjectand keeps the queried server-originacct:URI inaliases. Canonical handle-host queries and actor-URI queries keep their existing behavior.The regression test in packages/fedify/src/federation/webfinger.test.ts uses the split-origin shape directly:
ap.example.comfor the web origin andexample.comfor the handle host. That makes the expected subject unambiguous:acct:someone@example.com, withacct:someone@ap.example.comretained as an alias.CHANGES.md documents the behavior change for 2.0.22.