Improved server detection

src/Console/Relay.php

@@ -91,8 +91,8 @@ HELP;
 
 		if ((count($this->args) == 1) && ($this->getArgument(0) == 'list')) {
 			$contacts = $this->dba->select('apcontact', ['url'],
-			["`type` = ? AND `url` IN (SELECT `url` FROM `contact` WHERE `uid` = ? AND `rel` = ?)",
-				'Application', 0, Contact::FRIEND]);
+			["`type` IN (?, ?) AND `url` IN (SELECT `url` FROM `contact` WHERE `uid` = ? AND `rel` = ?)",
+				'Application', 'Service', 0, Contact::FRIEND]);
 			while ($contact = $this->dba->fetch($contacts)) {
 				$this->out($contact['url']);
 			}
@@ -108,7 +108,7 @@ HELP;
 			$actor = $this->getArgument(1);
 
 			$apcontact = APContact::getByURL($actor);
-			if (empty($apcontact) || ($apcontact['type'] != 'Application')) {
+			if (empty($apcontact) || !in_array($apcontact['type'], ['Application', 'Service'])) {
 				$this->out($actor . ' is no relay actor');
 				return 1;
 			}

src/Core/Worker/Cron.php

@@ -25,9 +25,11 @@ use Friendica\Core\Logger;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Friendica\DI;
+use Friendica\Model\Contact;
 use Friendica\Model\Post;
 use Friendica\Protocol\ActivityPub;
 use Friendica\Util\DateTimeFormat;
+use Friendica\Util\Strings;
 
 /**
  * Contains the class for jobs that are executed in an interval
@@ -179,4 +181,24 @@ class Cron
 			}
 		}
 	}
+
+	/**
+	 * Add missing "intro" records.
+	 *
+	 * @return void
+	 */
+	private static function addIntros()
+	{
+		$contacts = DBA::p("SELECT `uid`, `id`, `created` FROM `contact` WHERE `rel` = ? AND `pending` AND NOT EXISTS (SELECT `id` FROM `intro` WHERE `contact-id` = `contact`.`id`)", Contact::FOLLOWER);
+		while ($contact = DBA::fetch($contacts)) {
+			$fields = [
+				'uid'        => $contact['uid'],
+				'contact-id' => $contact['id'],
+				'datetime'   => $contact['created'],
+				'hash'       => Strings::getRandomHex()
+			];
+			Logger::notice('Adding missing intro', ['fields' => $fields]);
+			DBA::insert('intro', $fields);
+		}
+	}
 }

src/Model/APContact.php

@@ -164,6 +164,8 @@ class APContact
 				return $fetched_contact;
 			}
 			$url = $apcontact['url'];
+		} elseif (empty(parse_url($url, PHP_URL_PATH))) {
+			$apcontact['baseurl'] = $url;
 		}
 
 		// Detect multiple fast repeating request to the same address

src/Module/Admin/Federation.php

@@ -40,12 +40,14 @@ class Federation extends BaseAdmin
 			'friendica'    => ['name' => 'Friendica', 'color' => '#ffc018'], // orange from the logo
 			'birdsitelive' => ['name' => 'BirdsiteLIVE', 'color' => '#1b6ec2'], // Color from the page
 			'bookwyrm'     => ['name' => 'BookWyrm', 'color' => '#00d1b2'], // Color from the page
+			'castopod'     => ['name' => 'Castopod', 'color' => '#00564a'], // Background color from the page
 			'diaspora'     => ['name' => 'Diaspora', 'color' => '#a1a1a1'], // logo is black and white, makes a gray
 			'funkwhale'    => ['name' => 'Funkwhale', 'color' => '#4082B4'], // From the homepage
 			'gnusocial'    => ['name' => 'GNU Social/Statusnet', 'color' => '#a22430'], // dark red from the logo
 			'gotosocial'   => ['name' => 'GoToSocial', 'color' => '#df8958'], // Some color from their mascot
 			'hometown'     => ['name' => 'Hometown', 'color' => '#1f70c1'], // Color from the Patreon page
 			'hubzilla'     => ['name' => 'Hubzilla/Red Matrix', 'color' => '#43488a'], // blue from the logo
+			'hugo'         => ['name' => 'Hugo', 'color' => '#0a1922'], // Color from the homepage background
 			'lemmy'        => ['name' => 'Lemmy', 'color' => '#00c853'], // Green from the page
 			'mastodon'     => ['name' => 'Mastodon', 'color' => '#1a9df9'], // blue from the Mastodon logo
 			'misskey'      => ['name' => 'Misskey', 'color' => '#ccfefd'], // Font color of the homepage

src/Module/Api/Mastodon/Instance/Peers.php

@@ -24,6 +24,7 @@ namespace Friendica\Module\Api\Mastodon\Instance;
 use Friendica\Core\Protocol;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
+use Friendica\Model\GServer;
 use Friendica\Module\BaseApi;
 use Friendica\Network\HTTPException;
 use Friendica\Util\Network;
@@ -41,7 +42,9 @@ class Peers extends BaseApi
 		$return = [];
 
 		// We only select for Friendica and ActivityPub servers, since it is expected to only deliver AP compatible systems here.
-		$instances = DBA::select('gserver', ['url'], ["`network` in (?, ?) AND NOT `failed`", Protocol::DFRN, Protocol::ACTIVITYPUB]);
+		$instances = DBA::select('gserver', ['url'], ["`network` in (?, ?) AND NOT `failed` AND NOT `detection-method` IN (?, ?, ?, ?)",
+			Protocol::DFRN, Protocol::ACTIVITYPUB,
+			GServer::DETECT_MANUAL, GServer::DETECT_HEADER, GServer::DETECT_BODY, GServer::DETECT_HOST_META]);
 		while ($instance = DBA::fetch($instances)) {
 			$urldata = parse_url($instance['url']);
 			unset($urldata['scheme']);

src/Util/Network.php

@@ -25,6 +25,7 @@ use Friendica\Core\Hook;
 use Friendica\Core\Logger;
 use Friendica\DI;
 use Friendica\Model\Contact;
+use Friendica\Network\HTTPClient\Client\HttpClientAccept;
 use Friendica\Network\HTTPException\NotModifiedException;
 use GuzzleHttp\Psr7\Uri;
 
@@ -66,14 +67,58 @@ class Network
 			$url = 'http://' . $url;
 		}
 
-		/// @TODO Really suppress function outcomes? Why not find them + debug them?
-		$h = @parse_url($url);
+		$xrd_timeout = DI::config()->get('system', 'xrd_timeout');
+		$host = parse_url($url, PHP_URL_HOST);
 
-		if (!empty($h['host']) && (@dns_get_record($h['host'], DNS_A + DNS_CNAME) || filter_var($h['host'], FILTER_VALIDATE_IP))) {
-			return $url;
+		if (empty($host) || !(@dns_get_record($host . '.', DNS_A + DNS_AAAA + DNS_CNAME) || filter_var($host, FILTER_VALIDATE_IP))) {
+			return false;
 		}
 
-		return false;
+		// Check if the certificate is valid for this hostname
+		if (parse_url($url, PHP_URL_SCHEME) == 'https') {
+			$port = parse_url($url, PHP_URL_PORT) ?? 443;
+
+			$context = stream_context_create(["ssl" => ['capture_peer_cert' => true]]);
+
+			$resource = @stream_socket_client('ssl://' . $host . ':' . $port, $errno, $errstr, $xrd_timeout, STREAM_CLIENT_CONNECT, $context);
+			if (empty($resource)) {
+				Logger::notice('Invalid certificate', ['host' => $host]);
+				return false;
+			}
+
+			$cert = stream_context_get_params($resource);
+			if (empty($cert)) {
+				Logger::notice('Invalid certificate params', ['host' => $host]);
+				return false;
+			}
+
+			$certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
+			if (empty($certinfo)) {
+				Logger::notice('Invalid certificate information', ['host' => $host]);
+				return false;
+			}
+
+			$valid_from = date(DATE_RFC2822,$certinfo['validFrom_time_t']);
+			$valid_to   = date(DATE_RFC2822,$certinfo['validTo_time_t']);
+
+			if ($certinfo['validFrom_time_t'] > time()) {
+				Logger::notice('Certificate validity starts after current date', ['host' => $host, 'from' => $valid_from, 'to' => $valid_to]);
+				return false;
+			}
+
+			if ($certinfo['validTo_time_t'] < time()) {
+				Logger::notice('Certificate validity ends before current date', ['host' => $host, 'from' => $valid_from, 'to' => $valid_to]);
+				return false;
+			}
+		}
+		if (in_array(parse_url($url, PHP_URL_SCHEME), ['https', 'http'])) {
+			if (!ParseUrl::getContentType($url, HttpClientAccept::DEFAULT, $xrd_timeout)) {
+				Logger::notice('Url not reachable', ['host' => $host, 'url' => $url]);
+				return false;
+			}
+		}
+
+		return $url;
 	}
 
 	/**
@@ -95,7 +140,7 @@ class Network
 		$h = substr($addr, strpos($addr, '@') + 1);
 
 		// Concerning the @ see here: https://stackoverflow.com/questions/36280957/dns-get-record-a-temporary-server-error-occurred
-		if ($h && (@dns_get_record($h, DNS_A + DNS_MX) || filter_var($h, FILTER_VALIDATE_IP))) {
+		if ($h && (@dns_get_record($h, DNS_A + DNS_AAAA + DNS_MX) || filter_var($h, FILTER_VALIDATE_IP))) {
 			return true;
 		}
 		if ($h && @dns_get_record($h, DNS_CNAME + DNS_MX)) {
@@ -577,8 +622,8 @@ class Network
 	/**
 	 * Check if the given URL is a local link
 	 *
-	 * @param string $url 
-	 * @return bool 
+	 * @param string $url
+	 * @return bool
 	 */
 	public static function isLocalLink(string $url)
 	{
@@ -588,8 +633,8 @@ class Network
 	/**
 	 * Check if the given URL is a valid HTTP/HTTPS URL
 	 *
-	 * @param string $url 
-	 * @return bool 
+	 * @param string $url
+	 * @return bool
 	 */
 	public static function isValidHttpUrl(string $url)
 	{

src/Util/ParseUrl.php

@@ -57,15 +57,22 @@ class ParseUrl
 	 * Fetch the content type of the given url
 	 * @param string $url    URL of the page
 	 * @param string $accept content-type to accept
+	 * @param int    $timeout
 	 * @return array content type
 	 */
-	public static function getContentType(string $url, string $accept = HttpClientAccept::DEFAULT)
+	public static function getContentType(string $url, string $accept = HttpClientAccept::DEFAULT, int $timeout = 0)
 	{
-		$curlResult = DI::httpClient()->head($url, [HttpClientOptions::ACCEPT_CONTENT => $accept]);
+		if (!empty($timeout)) {
+			$options = [HttpClientOptions::TIMEOUT => $timeout];
+		} else {
+			$options = [];
+		}
 
-		// Workaround for systems that can't handle a HEAD request
-		if (!$curlResult->isSuccess() && ($curlResult->getReturnCode() == 405)) {
-			$curlResult = DI::httpClient()->get($url, $accept, [HttpClientOptions::CONTENT_LENGTH => 1000000]);
+		$curlResult = DI::httpClient()->head($url, array_merge([HttpClientOptions::ACCEPT_CONTENT => $accept], $options));
+
+		// Workaround for systems that can't handle a HEAD request. Don't retry on timeouts.
+		if (!$curlResult->isSuccess() && ($curlResult->getReturnCode() >= 400) && !in_array($curlResult->getReturnCode(), [408, 504])) {
+			$curlResult = DI::httpClient()->get($url, $accept, array_merge([HttpClientOptions::CONTENT_LENGTH => 1000000], $options));
 		}
 
 		if (!$curlResult->isSuccess()) {