aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com/juick/server
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2018-10-04 14:25:53 +0300
committerGravatar Vitaly Takmazov2018-10-04 14:25:53 +0300
commitd7762b910be0a0ba9869bf19f5d7bfdf6d23601a (patch)
tree5994f2e0b73c97354598c2a859fca4bbae910e9b /juick-server/src/main/java/com/juick/server
parent051fd4608ebd30e94eb847906571f5f221d3e952 (diff)
Validate any Actities
Diffstat (limited to 'juick-server/src/main/java/com/juick/server')
-rw-r--r--juick-server/src/main/java/com/juick/server/SignatureManager.java1
-rw-r--r--juick-server/src/main/java/com/juick/server/api/activity/Profile.java65
2 files changed, 36 insertions, 30 deletions
diff --git a/juick-server/src/main/java/com/juick/server/SignatureManager.java b/juick-server/src/main/java/com/juick/server/SignatureManager.java
index 268b6543..0c5ea512 100644
--- a/juick-server/src/main/java/com/juick/server/SignatureManager.java
+++ b/juick-server/src/main/java/com/juick/server/SignatureManager.java
@@ -59,7 +59,6 @@ public class SignatureManager {
if (context instanceof Person) {
Person person = (Person) context;
Key key = KeystoreManager.publicKeyOf(person);
- logger.info("data signed by person with key {}", key);
Verifier verifier = new Verifier(key, Signature.fromString(signatureString));
try {
boolean result = verifier.verify(method, path, headers);
diff --git a/juick-server/src/main/java/com/juick/server/api/activity/Profile.java b/juick-server/src/main/java/com/juick/server/api/activity/Profile.java
index 23cd74ce..622bb08b 100644
--- a/juick-server/src/main/java/com/juick/server/api/activity/Profile.java
+++ b/juick-server/src/main/java/com/juick/server/api/activity/Profile.java
@@ -55,7 +55,7 @@ public class Profile {
@Value("${img_url:http://localhost:8080/i/}")
private String baseImagesUri;
- @GetMapping(value = "/u/{userName}", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE })
+ @GetMapping(value = "/u/{userName}", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE})
public Person getUser(@PathVariable String userName) {
User user = userService.getUserByName(userName);
if (!user.isAnonymous()) {
@@ -83,7 +83,8 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/blog/toc", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE })
+
+ @GetMapping(value = "/u/{userName}/blog/toc", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE})
public OrderedCollection getOutbox(@PathVariable String userName) {
User user = userService.getUserByName(userName);
if (!user.isAnonymous()) {
@@ -96,9 +97,10 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/blog", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE })
+
+ @GetMapping(value = "/u/{userName}/blog", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE})
public OrderedCollectionPage getOutboxPage(@PathVariable String userName,
- @RequestParam(required = false, defaultValue = "0") int before) {
+ @RequestParam(required = false, defaultValue = "0") int before) {
User visitor = UserUtils.getCurrentUser();
User user = userService.getUserByName(userName);
if (!user.isAnonymous()) {
@@ -131,7 +133,8 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/followers/toc", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE })
+
+ @GetMapping(value = "/u/{userName}/followers/toc", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE})
public OrderedCollection getFollowers(@PathVariable String userName) {
User user = userService.getUserByName(userName);
if (!user.isAnonymous()) {
@@ -144,9 +147,10 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/followers", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE })
+
+ @GetMapping(value = "/u/{userName}/followers", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE})
public OrderedCollectionPage getFollowersPage(@PathVariable String userName,
- @RequestParam(required = false, defaultValue = "0") int page) {
+ @RequestParam(required = false, defaultValue = "0") int page) {
User user = userService.getUserByName(userName);
if (!user.isAnonymous()) {
UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(baseUri);
@@ -173,7 +177,8 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/following/toc", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE })
+
+ @GetMapping(value = "/u/{userName}/following/toc", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE})
public OrderedCollection getFollowing(@PathVariable String userName) {
User user = userService.getUserByName(userName);
if (!user.isAnonymous()) {
@@ -186,7 +191,8 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @GetMapping(value = "/u/{userName}/following", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE })
+
+ @GetMapping(value = "/u/{userName}/following", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE})
public OrderedCollectionPage getFollowingPage(@PathVariable String userName,
@RequestParam(required = false, defaultValue = "0") int page) {
User user = userService.getUserByName(userName);
@@ -215,35 +221,36 @@ public class Profile {
}
throw new HttpNotFoundException();
}
- @PostMapping(value = "/api/inbox", consumes = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE })
- public ResponseEntity<Void> processInbox(@RequestBody Context activity,
+
+ @PostMapping(value = "/api/inbox", consumes = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE})
+ public ResponseEntity<Void> processInbox(@RequestBody Activity activity,
@RequestHeader(name = "Host") String host,
@RequestHeader(name = "Date") String date,
@RequestHeader(name = "Digest") String digest,
@RequestHeader(name = "Content-Type") String contentType,
@RequestHeader(name = "Signature") String signature) {
- if (activity instanceof Follow) {
- Follow followRequest = (Follow) activity;
- UriComponents componentsBuilder = ServletUriComponentsBuilder.fromCurrentRequestUri().build();
- Map<String, String> headers = new HashMap<>();
- headers.put("host", host);
- headers.put("date", date);
- headers.put("digest", digest);
- headers.put("content-type", contentType);
- boolean valid = signatureManager.verifySignature(signature, URI.create(followRequest.getActor()), "POST",
- componentsBuilder.getPath(), headers);
- if (valid) {
+ UriComponents componentsBuilder = ServletUriComponentsBuilder.fromCurrentRequestUri().build();
+ Map<String, String> headers = new HashMap<>();
+ headers.put("host", host);
+ headers.put("date", date);
+ headers.put("digest", digest);
+ headers.put("content-type", contentType);
+ boolean valid = signatureManager.verifySignature(signature, URI.create(activity.getActor()), "POST",
+ componentsBuilder.getPath(), headers);
+ if (valid) {
+ if (activity instanceof Follow) {
+ Follow followRequest = (Follow) activity;
applicationEventPublisher.publishEvent(
new FollowEvent(this, followRequest));
return new ResponseEntity<>(HttpStatus.ACCEPTED);
}
- return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
- }
- if (activity instanceof Undo) {
- String follower = (String)((Map) ((Undo) activity).getObject()).get("object");
- applicationEventPublisher.publishEvent(new UndoFollowEvent(this, ((Undo) activity).getActor(), follower));
- return new ResponseEntity<>(HttpStatus.OK);
+ if (activity instanceof Undo) {
+ String follower = (String) ((Map) activity.getObject()).get("object");
+ applicationEventPublisher.publishEvent(new UndoFollowEvent(this, activity.getActor(), follower));
+ return new ResponseEntity<>(HttpStatus.OK);
+ }
+ return new ResponseEntity<>(HttpStatus.NOT_IMPLEMENTED);
}
- return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+ return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
}
}