Fix webfinger response not returning 410 when account is suspended (mastodon#11869)

Gargron · hiyuki2578 · commit 7c1722b3347b · 2019-10-02T10:38:35.000+09:00
diff --git a/app/controllers/well_known/webfinger_controller.rb b/app/controllers/well_known/webfinger_controller.rb
@@ -5,18 +5,22 @@ class WebfingerController < ActionController::Base
     include RoutingHelper
 
     before_action { response.headers['Vary'] = 'Accept' }
+    before_action :set_account
+    before_action :check_account_suspension
 
-    def show
-      @account = Account.find_local!(username_from_resource)
+    rescue_from ActiveRecord::RecordNotFound, ActionController::ParameterMissing, with: :not_found
 
+    def show
       expires_in 3.days, public: true
       render json: @account, serializer: WebfingerSerializer, content_type: 'application/jrd+json'
-    rescue ActiveRecord::RecordNotFound, ActionController::ParameterMissing
-      head 404
     end
 
     private
 
+    def set_account
+      @account = Account.find_local!(username_from_resource)
+    end
+
     def username_from_resource
       resource_user    = resource_param
       username, domain = resource_user.split('@')
@@ -28,5 +32,17 @@ def username_from_resource
     def resource_param
       params.require(:resource)
     end
+
+    def check_account_suspension
+      expires_in(3.minutes, public: true) && gone if @account.suspended?
+    end
+
+    def not_found
+      head 404
+    end
+
+    def gone
+      head 410
+    end
   end
 end
