search

sinaatalay / rendercv

A LaTeX CV/Resume Framework
http://docs.rendercv.com
MIT License
1.67k stars 108 forks source link

Adds Mastodon social network #10

Closed jpgoldberg closed 7 months ago

jpgoldberg commented 9 months ago

The purpose of this PR is to add Mastodon as a social network, resolving issue #11.

Unlike the other social networks supported, there is no fixed hostname for the URL. Instead the hostname for the URL must be constructed from the full Mastodon address.

That is, a mastodon address may look like "a_tooter@social.example" which should then have the associated url be "https://social.example/@a_tooter"

Why is this PR more complicated than one might expect?

This really seems like it would be a simple fix.

Mastodon specs and DNS hostnames

Unfortunately there is no formal specification for these things. I am grateful @ThisIsMissEm for pointing me to the relevant lines of Mastodon reference implementation.

Unfortunately, what I glean from that would allow syntactically invalid hostnames. And so I included stricter validation of hostnames. Perhaps I failed to understand the Pydantic and dnspython documentation packages, but I found no obvious way to validate hostnames properly. So I resorted to a stack exchange answer.

I wasn't sure where to put my Mastodon address handling methods, so they are static methods in data_model.Connections.

Getting things to run

I need to tinker with pyproject.toml to get even the original to build on my system. I do not believe that I've done any harm, but testers should make sure that I haven't messed up build or packaging process.

I also added tests, and to make it easier for me to run tests tinkered with tests/test_data_model.py. Again, I don't think I did anything that should interfere with other testing.

sinaatalay commented 9 months ago

Thank you! I will review it thoroughly this weekend.

ThisIsMissEm commented 9 months ago

Whilst I cannot review this, @jpgoldberg I think what you'll actually want to do is make a webfinger request:

https://host.example/.well-known/webfinger?resource=acct:username@host.example

this'll either succeed or fail, and gives the URLs to any such profile.

e.g., mine:

{
  "subject" : "acct:thisismissem@hachyderm.io",
  "aliases" : [
    "https://hachyderm.io/@thisismissem",
    "https://hachyderm.io/users/thisismissem"
  ],
  "links" : [
    {
      "rel" : "http://webfinger.net/rel/profile-page",
      "type" : "text/html",
      "href" : "https://hachyderm.io/@thisismissem"
    },
    {
      "rel" : "self",
      "type" : "application/activity+json",
      "href" : "https://hachyderm.io/users/thisismissem"
    },
    {
      "rel" : "http://ostatus.org/schema/1.0/subscribe",
      "template" : "https://hachyderm.io/authorize_interaction?uri={uri}"
    },
    {
      "rel" : "http://webfinger.net/rel/avatar",
      "type" : "image/jpeg",
      "href" : "https://media.hachyderm.io/accounts/avatars/109/296/581/037/186/439/original/b55ac3f3a27e171e.jpeg"
    }
  ]
}
jpgoldberg commented 8 months ago

Whilst I cannot review this, @jpgoldberg I think what you'll actually want to do is make a webfinger request:

https://host.example/.well-known/webfinger?resource=acct:username@host.example

Oh, that is a very cool thing. I did not know about it. (As you see, I really know very little about the protocols associated with Mastodon.)

But I do not want to take that approach for two (related) reasons

  1. I do not want to make a query to https://host.example/ before knowing that "host.example is syntactically valid. Attempting to use malformed data to see if it breaks as a way to test for its validity is the road to many security bugs. Instead, we should always check that something is syntactically valid before attempting to use it. Making a network call with potentially malformed data is a use, even if the use is intended as a validity check.

  2. I would like to be able to construct the CV without a network connection. The CV should build off-line.

I really am a stickler for checking syntactic validity before any use. And, as you see, I do not pass up the opportunity to rant/lecture about it. Checking strict syntactic validity before any use is a really good habit to get into, and it prevents security issues that might otherwise arise years later.

sinaatalay commented 7 months ago

Hello, if you're not working on this PR, I would like to merge it as it is.