diff options
author | Vitaly Takmazov | 2018-10-04 14:25:53 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2018-10-04 14:25:53 +0300 |
commit | d7762b910be0a0ba9869bf19f5d7bfdf6d23601a (patch) | |
tree | 5994f2e0b73c97354598c2a859fca4bbae910e9b /juick-server | |
parent | 051fd4608ebd30e94eb847906571f5f221d3e952 (diff) |
Validate any Actities
Diffstat (limited to 'juick-server')
-rw-r--r-- | juick-server/src/main/java/com/juick/server/SignatureManager.java | 1 | ||||
-rw-r--r-- | juick-server/src/main/java/com/juick/server/api/activity/Profile.java | 65 |
2 files changed, 36 insertions, 30 deletions
diff --git a/juick-server/src/main/java/com/juick/server/SignatureManager.java b/juick-server/src/main/java/com/juick/server/SignatureManager.java index 268b6543..0c5ea512 100644 --- a/juick-server/src/main/java/com/juick/server/SignatureManager.java +++ b/juick-server/src/main/java/com/juick/server/SignatureManager.java @@ -59,7 +59,6 @@ public class SignatureManager { if (context instanceof Person) { Person person = (Person) context; Key key = KeystoreManager.publicKeyOf(person); - logger.info("data signed by person with key {}", key); Verifier verifier = new Verifier(key, Signature.fromString(signatureString)); try { boolean result = verifier.verify(method, path, headers); diff --git a/juick-server/src/main/java/com/juick/server/api/activity/Profile.java b/juick-server/src/main/java/com/juick/server/api/activity/Profile.java index 23cd74ce..622bb08b 100644 --- a/juick-server/src/main/java/com/juick/server/api/activity/Profile.java +++ b/juick-server/src/main/java/com/juick/server/api/activity/Profile.java @@ -55,7 +55,7 @@ public class Profile { @Value("${img_url:http://localhost:8080/i/}") private String baseImagesUri; - @GetMapping(value = "/u/{userName}", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + @GetMapping(value = "/u/{userName}", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public Person getUser(@PathVariable String userName) { User user = userService.getUserByName(userName); if (!user.isAnonymous()) { @@ -83,7 +83,8 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/blog/toc", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/blog/toc", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollection getOutbox(@PathVariable String userName) { User user = userService.getUserByName(userName); if (!user.isAnonymous()) { @@ -96,9 +97,10 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/blog", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/blog", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollectionPage getOutboxPage(@PathVariable String userName, - @RequestParam(required = false, defaultValue = "0") int before) { + @RequestParam(required = false, defaultValue = "0") int before) { User visitor = UserUtils.getCurrentUser(); User user = userService.getUserByName(userName); if (!user.isAnonymous()) { @@ -131,7 +133,8 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/followers/toc", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/followers/toc", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollection getFollowers(@PathVariable String userName) { User user = userService.getUserByName(userName); if (!user.isAnonymous()) { @@ -144,9 +147,10 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/followers", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/followers", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollectionPage getFollowersPage(@PathVariable String userName, - @RequestParam(required = false, defaultValue = "0") int page) { + @RequestParam(required = false, defaultValue = "0") int page) { User user = userService.getUserByName(userName); if (!user.isAnonymous()) { UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(baseUri); @@ -173,7 +177,8 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/following/toc", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/following/toc", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollection getFollowing(@PathVariable String userName) { User user = userService.getUserByName(userName); if (!user.isAnonymous()) { @@ -186,7 +191,8 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/following", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/following", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollectionPage getFollowingPage(@PathVariable String userName, @RequestParam(required = false, defaultValue = "0") int page) { User user = userService.getUserByName(userName); @@ -215,35 +221,36 @@ public class Profile { } throw new HttpNotFoundException(); } - @PostMapping(value = "/api/inbox", consumes = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) - public ResponseEntity<Void> processInbox(@RequestBody Context activity, + + @PostMapping(value = "/api/inbox", consumes = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) + public ResponseEntity<Void> processInbox(@RequestBody Activity activity, @RequestHeader(name = "Host") String host, @RequestHeader(name = "Date") String date, @RequestHeader(name = "Digest") String digest, @RequestHeader(name = "Content-Type") String contentType, @RequestHeader(name = "Signature") String signature) { - if (activity instanceof Follow) { - Follow followRequest = (Follow) activity; - UriComponents componentsBuilder = ServletUriComponentsBuilder.fromCurrentRequestUri().build(); - Map<String, String> headers = new HashMap<>(); - headers.put("host", host); - headers.put("date", date); - headers.put("digest", digest); - headers.put("content-type", contentType); - boolean valid = signatureManager.verifySignature(signature, URI.create(followRequest.getActor()), "POST", - componentsBuilder.getPath(), headers); - if (valid) { + UriComponents componentsBuilder = ServletUriComponentsBuilder.fromCurrentRequestUri().build(); + Map<String, String> headers = new HashMap<>(); + headers.put("host", host); + headers.put("date", date); + headers.put("digest", digest); + headers.put("content-type", contentType); + boolean valid = signatureManager.verifySignature(signature, URI.create(activity.getActor()), "POST", + componentsBuilder.getPath(), headers); + if (valid) { + if (activity instanceof Follow) { + Follow followRequest = (Follow) activity; applicationEventPublisher.publishEvent( new FollowEvent(this, followRequest)); return new ResponseEntity<>(HttpStatus.ACCEPTED); } - return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); - } - if (activity instanceof Undo) { - String follower = (String)((Map) ((Undo) activity).getObject()).get("object"); - applicationEventPublisher.publishEvent(new UndoFollowEvent(this, ((Undo) activity).getActor(), follower)); - return new ResponseEntity<>(HttpStatus.OK); + if (activity instanceof Undo) { + String follower = (String) ((Map) activity.getObject()).get("object"); + applicationEventPublisher.publishEvent(new UndoFollowEvent(this, activity.getActor(), follower)); + return new ResponseEntity<>(HttpStatus.OK); + } + return new ResponseEntity<>(HttpStatus.NOT_IMPLEMENTED); } - return new ResponseEntity<>(HttpStatus.BAD_REQUEST); + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } } |