1
0
Fork
You've already forked littlewebfinger
0
A compact WebFinger gateway written in Rust with Axum
  • Rust 96.7%
  • Nix 2.7%
  • Dockerfile 0.6%
Élyvi 101e0957c2
All checks were successful
ci/woodpecker/release/release Pipeline was successful
feat: CORS for GET
2025年07月24日 07:54:12 +02:00
.sqlx feat: support static files, tests, remote-cli 2025年07月23日 22:13:48 +02:00
.woodpecker feat: support static files, tests, remote-cli 2025年07月23日 22:13:48 +02:00
migrations feat: support static files, tests, remote-cli 2025年07月23日 22:13:48 +02:00
src feat: CORS for GET 2025年07月24日 07:54:12 +02:00
tests feat: CORS for GET 2025年07月24日 07:54:12 +02:00
.dockerignore init: base littlewebfinger project 2025年07月21日 18:58:45 +02:00
.gitignore init: base littlewebfinger project 2025年07月21日 18:58:45 +02:00
Cargo.lock feat: CORS for GET 2025年07月24日 07:54:12 +02:00
Cargo.toml feat: CORS for GET 2025年07月24日 07:54:12 +02:00
Containerfile init: base littlewebfinger project 2025年07月21日 18:58:45 +02:00
entrypoint.sh init: base littlewebfinger project 2025年07月21日 18:58:45 +02:00
flake.lock init: base littlewebfinger project 2025年07月21日 18:58:45 +02:00
flake.nix init: base littlewebfinger project 2025年07月21日 18:58:45 +02:00
LICENSE init: base littlewebfinger project 2025年07月21日 18:58:45 +02:00
README.md feat: support static files, tests, remote-cli 2025年07月23日 22:13:48 +02:00

LittleWebFinger

LittleWebFinger is a compact WebFinger gateway written in Rust with Axum. It stores each account in a small SQLite database and exposes a single endpoint at /.well-known/webfinger.

A GET request returns a JRD for the requested subject. A POST request creates or updates an entry. A DELETE request removes an entry. POST and DELETE require a static bearer token that you set in the configuration file or environment. If no secret is set, those endpoints are disabled and you use a CLI to add/update/remove resources from your database.

It can also handles static files for /.well-known paths, this features have been added in v0.3.0. It allows to easily set the mime-type so you can have 2 different files on the same URL served depending on the accept header of the request.

The project is intended for private projects, small laboratories, or personal domains. It is not tuned for very large installations but it can serve a handful of accounts without issue.

Building and running locally

Clone the repository. Install Rust and a recent SQLite development package. Run LWF_SECRET=mypasswd cargo run -- serve to start the server. By default it listens on port 8080 and reads lwf.toml from the working directory.

Create or update an entry with:

$ cat contact-example-com.json
{"subject":"acct:contact@example.com","links":[{"rel":"http://openid.net/specs/connect/1.0/issuer","href":"https://codeberg.org/"}]
$ cargo run -- remote webfinger-add https://example.com/.well-known/webfinger mypasswd @contact-example-com.json

Delete it with:

$ cargo run -- remote webfinger-delete https://example.com/.well-known/webfinger mypasswd acct:contact@example.com

Fetch it with:

curl "http://localhost:8080/.well-known/webfinger?resource=acct:alice@example.com"

Same goes for static well-known files.

Command line helper

The binary also provides a small helper CLI that can be used if you disable the protected routes. Use littlewebfinger (webfinger|static) (get|add|delete), the command lines provides a contextual help for each subcommands.

When starting as a container, use docker exec littlewebfinger /littlewebfinger get <subject> directly.

Docker image

A prebuilt image is published to the Codeberg image registry. Pull it with docker pull codeberg.org/Elyvi/littlewebfinger:latest and pass a mounted volume for the database and configuration.

Configuration

This projects can be configured by either passing a TOML file to the command line with the -c flag or using environement variables (easier when using docker):

docker run -e LWF_SECRET=helloworld -e LWF_DATABASE=/data/db.sqlite -v $PWD/lwf:/data codeberg.org/Elyvi/littlewebfinger:latest

Running behind a reverse proxy (Caddy)

Here is an exemple Caddyfile to forward the endpoint to littlewebfinger:

example.com {
	root * /srv/example.com
	file_server
	@littlewebfinger path /.well-known/*
	handle @littlewebfinger {
		reverse_proxy 127.0.0.1:8080
	}
}

Status

LittleWebFinger is a toy reference that I use on my private domain for OAuth. You can find more information on the motivation behind this project on my personal blog.