Improve /@username URLs (#1390)

pfefferle · web-flow · commit b32dd859fc30 · 2025-03-03T15:32:59.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Use a later hook for Posts to get published to the Outbox, to get sure all `post_meta`s and `taxonomy`s are set stored properly.
 * Use webfinger as author email for comments from the Fediverse.
 
+### Fixed
+
+* Do not redirect `/@username` URLs to the API any more, to improve `AUTHORIZED_FETCH` handling.
+
 ## [5.3.2] - 2025-02-27
 
 ### Fixed
diff --git a/includes/class-activitypub.php b/includes/class-activitypub.php
@@ -8,6 +8,7 @@
 namespace Activitypub;
 
 use Exception;
+use Activitypub\Collection\Actors;
 use Activitypub\Collection\Outbox;
 use Activitypub\Collection\Followers;
 use Activitypub\Collection\Extra_Fields;
@@ -248,29 +249,50 @@ public static function redirect_canonical( $redirect_url, $requested_url ) {
 	 * @return void
 	 */
 	public static function template_redirect() {
+		global $wp_query;
+
 		$comment_id = get_query_var( 'c', null );
 
 		// Check if it seems to be a comment.
-		if ( ! $comment_id ) {
-			return;
-		}
+		if ( $comment_id ) {
+			$comment = get_comment( $comment_id );
 
-		$comment = get_comment( $comment_id );
+			// Load a 404-page if `c` is set but not valid.
+			if ( ! $comment ) {
+				$wp_query->set_404();
+				return;
+			}
 
-		// Load a 404-page if `c` is set but not valid.
-		if ( ! $comment ) {
-			global $wp_query;
-			$wp_query->set_404();
-			return;
-		}
+			// Stop if it's not an ActivityPub comment.
+			if ( is_activitypub_request() && ! is_local_comment( $comment ) ) {
+				return;
+			}
 
-		// Stop if it's not an ActivityPub comment.
-		if ( is_activitypub_request() && ! is_local_comment( $comment ) ) {
-			return;
+			wp_safe_redirect( get_comment_link( $comment ) );
+			exit;
 		}
 
-		wp_safe_redirect( get_comment_link( $comment ) );
-		exit;
+		$actor = get_query_var( 'actor', null );
+		if ( $actor ) {
+			$actor = Actors::get_by_username( $actor );
+			if ( ! $actor || \is_wp_error( $actor ) ) {
+				$wp_query->set_404();
+				return;
+			}
+
+			if ( is_activitypub_request() ) {
+				return;
+			}
+
+			if ( $actor->get__id() > 0 ) {
+				$redirect_url = $actor->get_url();
+			} else {
+				$redirect_url = get_bloginfo( 'url' );
+			}
+
+			wp_safe_redirect( $redirect_url, 301 );
+			exit;
+		}
 	}
 
 	/**
@@ -284,6 +306,7 @@ public static function add_query_vars( $vars ) {
 		$vars[] = 'activitypub';
 		$vars[] = 'preview';
 		$vars[] = 'author';
+		$vars[] = 'actor';
 		$vars[] = 'c';
 		$vars[] = 'p';
 
@@ -405,12 +428,7 @@ public static function add_rewrite_rules() {
 			);
 		}
 
-		\add_rewrite_rule(
-			'^@([\w\-\.]+)$',
-			'index.php?rest_route=/' . ACTIVITYPUB_REST_NAMESPACE . '/actors/$matches[1]',
-			'top'
-		);
-
+		\add_rewrite_rule( '^@([\w\-\.]+)\/?$', 'index.php?actor=$matches[1]', 'top' );
 		\add_rewrite_endpoint( 'activitypub', EP_AUTHORS | EP_PERMALINK | EP_PAGES );
 	}
 
diff --git a/includes/class-migration.php b/includes/class-migration.php
@@ -182,12 +182,10 @@ public static function maybe_migrate() {
 		if ( \version_compare( $version_from_db, '5.2.0', '<' ) ) {
 			Scheduler::register_schedules();
 		}
-		if ( \version_compare( $version_from_db, '5.3.0', '<' ) ) {
-			add_action( 'init', 'flush_rewrite_rules', 20 );
-		}
 		if ( \version_compare( $version_from_db, 'unreleased', '<' ) ) {
 			\wp_schedule_single_event( \time(), 'activitypub_upgrade', array( 'update_actor_json_slashing' ) );
 			\wp_schedule_single_event( \time(), 'activitypub_upgrade', array( 'update_comment_author_emails' ) );
+			\add_action( 'init', 'flush_rewrite_rules', 20 );
 		}
 
 		/*
diff --git a/includes/class-query.php b/includes/class-query.php
@@ -205,10 +205,10 @@ protected function maybe_get_virtual_object() {
 		$author_id = url_to_authorid( $url );
 
 		if ( ! is_numeric( $author_id ) ) {
-			return null;
+			$author_id = $url;
 		}
 
-		$user = Actors::get_by_id( $author_id );
+		$user = Actors::get_by_various( $author_id );
 
 		if ( \is_wp_error( $user ) || ! $user ) {
 			return null;
diff --git a/includes/rest/class-actors-controller.php b/includes/rest/class-actors-controller.php
@@ -101,15 +101,6 @@ public function get_item( $request ) {
 			return $user;
 		}
 
-		$link_header = \sprintf( '<%1$s>; rel="alternate"; type="application/activity+json"', $user->get_id() );
-
-		// Redirect to canonical URL if it is not an ActivityPub request.
-		if ( ! is_activitypub_request() ) {
-			\header( 'Link: ' . $link_header );
-			\header( 'Location: ' . $user->get_canonical_url(), true, 301 );
-			exit;
-		}
-
 		/**
 		 * Action triggered prior to the ActivityPub profile being created and sent to the client.
 		 */
@@ -119,7 +110,7 @@ public function get_item( $request ) {
 
 		$response = \rest_ensure_response( $data );
 		$response->header( 'Content-Type', 'application/activity+json; charset=' . \get_option( 'blog_charset' ) );
-		$response->header( 'Link', $link_header );
+		$response->header( 'Link', \sprintf( '<%1$s>; rel="alternate"; type="application/activity+json"', $user->get_id() ) );
 
 		return $response;
 	}
diff --git a/readme.txt b/readme.txt
@@ -136,6 +136,7 @@ For reasons of data protection, it is not possible to see the followers of other
 * Changed: Bumped minimum required WordPress version to 6.4.
 * Changed: Use a later hook for Posts to get published to the Outbox, to get sure all `post_meta`s and `taxonomy`s are set stored properly.
 * Changed: Use webfinger as author email for comments from the Fediverse.
+* Fixed: Do not redirect `/@username` URLs to the API any more, to improve `AUTHORIZED_FETCH` handling.
 
 = 5.3.2 =
 
diff --git a/tests/includes/class-test-query.php b/tests/includes/class-test-query.php
@@ -265,6 +265,29 @@ public function test_comment_activitypub_object() {
 		$this->assertNull( Query::get_instance()->get_activitypub_object() );
 	}
 
+	/**
+	 * Test user at URL activity object.
+	 *
+	 * @covers ::get_activitypub_object
+	 */
+	public function test_user_at_url_activity_object() {
+		$user_id = self::factory()->user->create(
+			array(
+				'user_login' => 'testuser',
+				'role'       => 'author',
+			)
+		);
+
+		Query::get_instance()->__destruct();
+		$user   = get_user_by( 'id', $user_id );
+		$at_url = home_url( '/@' . $user->user_login . '/?activitypub' );
+
+		$this->go_to( $at_url );
+		$this->assertNotNull( Query::get_instance()->get_activitypub_object() );
+
+		\wp_delete_user( $user_id );
+	}
+
 	/**
 	 * Test user activitypub object.
 	 *

Original file line number	Diff line number	Diff line change
`@@ -182,12 +182,10 @@ public static function maybe_migrate() {`
`182`	`182`	`if ( \version_compare( $version_from_db, '5.2.0', '<' ) ) {`
`183`	`183`	`Scheduler::register_schedules();`
`184`	`184`	`}`
`185`		`- if ( \version_compare( $version_from_db, '5.3.0', '<' ) ) {`
`186`		`- add_action( 'init', 'flush_rewrite_rules', 20 );`
`187`		`- }`
`188`	`185`	`if ( \version_compare( $version_from_db, 'unreleased', '<' ) ) {`
`189`	`186`	`\wp_schedule_single_event( \time(), 'activitypub_upgrade', array( 'update_actor_json_slashing' ) );`
`190`	`187`	`\wp_schedule_single_event( \time(), 'activitypub_upgrade', array( 'update_comment_author_emails' ) );`
	`188`	`+ \add_action( 'init', 'flush_rewrite_rules', 20 );`
`191`	`189`	`}`
`192`	`190`
`193`	`191`	`/*`