From a9529d3b4b057eeb3b47943b271ad6605e22732d Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Sat, 15 Apr 2017 02:15:46 +0200
Subject: [PATCH] Allow running mastodon on a different domain as the one used
 for identifying users (#1267)

* Allow running mastodon on a different domain as the one used for identifying users

* Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing

* Compare to web_domain instead of local_domain when dealing with feeds/API

* Correctly identify mentions to local accounts

Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
---
 .env.production.sample                 | 4 ++++
 app/controllers/api/push_controller.rb | 2 +-
 app/lib/tag_manager.rb                 | 4 ++++
 app/services/process_feed_service.rb   | 2 +-
 config/initializers/ostatus.rb         | 8 +++++---
 5 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/.env.production.sample b/.env.production.sample
index fd2f71165..1125eedbf 100644
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -11,6 +11,10 @@ DB_PORT=5432
 LOCAL_DOMAIN=example.com
 LOCAL_HTTPS=true
 
+# Use this only if you need to run mastodon on a different domain than the one used for federation.
+# Do not use this unless you know exactly what you are doing.
+# WEB_DOMAIN=mastodon.example.com
+
 # Application secrets
 # Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
 PAPERCLIP_SECRET=
diff --git a/app/controllers/api/push_controller.rb b/app/controllers/api/push_controller.rb
index 78d4e36e6..f2ddfd969 100644
--- a/app/controllers/api/push_controller.rb
+++ b/app/controllers/api/push_controller.rb
@@ -30,7 +30,7 @@ class Api::PushController < ApiController
     params = Rails.application.routes.recognize_path(uri.path)
     domain = uri.host + (uri.port ? ":#{uri.port}" : '')
 
-    return unless TagManager.instance.local_domain?(domain) && params[:controller] == 'accounts' && params[:action] == 'show' && params[:format] == 'atom'
+    return unless TagManager.instance.web_domain?(domain) && params[:controller] == 'accounts' && params[:action] == 'show' && params[:format] == 'atom'
 
     Account.find_local(params[:username])
   end
diff --git a/app/lib/tag_manager.rb b/app/lib/tag_manager.rb
index 07b2fb91e..f26c943d2 100644
--- a/app/lib/tag_manager.rb
+++ b/app/lib/tag_manager.rb
@@ -56,6 +56,10 @@ class TagManager
     id.start_with?("tag:#{Rails.configuration.x.local_domain}")
   end
 
+  def web_domain?(domain)
+    domain.nil? || domain.gsub(/[\/]/, '').casecmp(Rails.configuration.x.web_domain).zero?
+  end
+
   def local_domain?(domain)
     domain.nil? || domain.gsub(/[\/]/, '').casecmp(Rails.configuration.x.local_domain).zero?
   end
diff --git a/app/services/process_feed_service.rb b/app/services/process_feed_service.rb
index a2def4535..321f53f22 100644
--- a/app/services/process_feed_service.rb
+++ b/app/services/process_feed_service.rb
@@ -163,7 +163,7 @@ class ProcessFeedService < BaseService
 
         url = Addressable::URI.parse(link['href'])
 
-        mentioned_account = if TagManager.instance.local_domain?(url.host)
+        mentioned_account = if TagManager.instance.web_domain?(url.host)
                               Account.find_local(url.path.gsub('/users/', ''))
                             else
                               Account.find_by(url: link['href']) || FetchRemoteAccountService.new.call(link['href'])
diff --git a/config/initializers/ostatus.rb b/config/initializers/ostatus.rb
index fb0b8b7fe..155d0a9f1 100644
--- a/config/initializers/ostatus.rb
+++ b/config/initializers/ostatus.rb
@@ -2,18 +2,20 @@
 
 port  = ENV.fetch('PORT') { 3000 }
 host  = ENV.fetch('LOCAL_DOMAIN') { "localhost:#{port}" }
+web_host = ENV.fetch('WEB_DOMAIN') { host }
 https = ENV['LOCAL_HTTPS'] == 'true'
 
 Rails.application.configure do
   config.x.local_domain = host
+  config.x.web_domain   = web_host
   config.x.use_https    = https
   config.x.use_s3       = ENV['S3_ENABLED'] == 'true'
 
-  config.action_mailer.default_url_options = { host: host, protocol: https ? 'https://' : 'http://', trailing_slash: false }
+  config.action_mailer.default_url_options = { host: web_host, protocol: https ? 'https://' : 'http://', trailing_slash: false }
   config.x.streaming_api_base_url          = 'http://localhost:4000'
 
   if Rails.env.production?
-    config.action_cable.allowed_request_origins = ["http#{https ? 's' : ''}://#{host}"]
-    config.x.streaming_api_base_url             = ENV.fetch('STREAMING_API_BASE_URL') { "http#{https ? 's' : ''}://#{host}" }
+    config.action_cable.allowed_request_origins = ["http#{https ? 's' : ''}://#{web_host}"]
+    config.x.streaming_api_base_url             = ENV.fetch('STREAMING_API_BASE_URL') { "http#{https ? 's' : ''}://#{web_host}" }
   end
 end