
66 lines
1.9 KiB
Raw Normal View History

const webmentionReceiver = require('./../webmention/receive')
const config = require('./../config')
const parser = require("fast-xml-parser")
2021-04-05 17:44:27 +02:00
const log = require('pino')()
See https://www.hixie.ch/specs/pingback/pingback#refsXMLRPC
Sample XML:
<?xml version="1.0" encoding="UTF-8"?>
const isValidDomain = (url) => {
return config.allowedWebmentionSources.some(domain => {
return url.indexOf(domain) !== -1
2021-04-05 17:44:27 +02:00
function xmlparse(body) {
try {
return parser.parse(body)
} catch(e) {
log.error('%s %s', 'fast-xml-parser was unable to parse the following body:', body)
throw e
function validate(body) {
2021-04-05 17:44:27 +02:00
const xml = xmlparse(body)
if(!xml) return false
if(!xml.methodCall || xml.methodCall.methodName !== "pingback.ping") return false
if(!xml.methodCall.params || !xml.methodCall.params.param || xml.methodCall.params.param.length !== 2) return false
if(!xml.methodCall.params.param.every(param => param?.value?.string?.startsWith('http'))) return false
if(!isValidDomain(xml.methodCall.params.param[1].value.string)) return false
return true
// we treat a pingback as a webmention.
// Wordpress pingback processing source: https://developer.wordpress.org/reference/classes/wp_xmlrpc_server/pingback_ping/
async function receive(body) {
2021-04-05 17:44:27 +02:00
const xml = xmlparse(body)
const webmentionBody = {
source: xml.methodCall.params.param[0].value.string,
target: xml.methodCall.params.param[1].value.string
2021-04-05 17:44:27 +02:00
log.info('%s %o', 'OK: looks like a valid pingback', webmentionBody)
await webmentionReceiver.receive(webmentionBody)
module.exports = {