ActivityPub: disable signed GET requests in the local environment

author: Vitaly Takmazov 2023-11-22 23:43:13 +0300
committer: Vitaly Takmazov 2023-11-22 23:43:23 +0300
commit: 4a970162d39eedadd055a69f3f77010460c21fcc (patch)
tree: a9b69aba4db4bb506c2898e18ce6504a22d2a3a5 /src
parent: db35e0ffa2836ccd4186d2d3518c7f8080d258ea (diff)
1 files changed, 18 insertions, 8 deletions
diff --git a/src/main/java/com/juick/service/ActivityPubService.java b/src/main/java/com/juick/service/ActivityPubService.java
index f89f3261..75a3b488 100644
--- a/src/main/java/com/juick/service/ActivityPubService.java
+++ b/src/main/java/com/juick/service/ActivityPubService.java
@@ -23,6 +23,7 @@ import com.juick.model.User;
 import com.juick.util.DateFormattersHolder;
 import com.juick.www.api.activity.model.Context;
 import com.juick.www.api.activity.model.objects.Actor;
+import jakarta.annotation.PostConstruct;
 import okhttp3.MediaType;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
@@ -70,6 +71,14 @@ public class ActivityPubService extends BaseJdbcService implements SocialService
     @Inject
     private ConversionService conversionService;
 
+    private boolean isPublic;
+
+    @PostConstruct
+    public void init() {
+        UriComponents baseUriComponents = UriComponentsBuilder.fromUriString(baseUri).build();
+        isPublic = baseUriComponents.getScheme().equals("https");
+        logger.info("Signed GET requests enabled: {}", isPublic);
+    }
     @Transactional(readOnly = true)
     @Override
     public @Nonnull User getUserByAccountUri(String acct) {
@@ -121,16 +130,17 @@ public class ActivityPubService extends BaseJdbcService implements SocialService
                 : contextUri.getHost();
         var from = conversionService.convert(serviceUser, Actor.class);
         try {
-            String signatureString = signatureService.addSignature(from, host, "get", contextUri.getPath(), requestDate,
-                    "");
             var request = new Request.Builder()
                     .url(contextUri.toURL())
-                    .addHeader(HttpHeaders.DATE, requestDate)
-                    .addHeader(HttpHeaders.HOST, host)
-                    .addHeader("Signature", signatureString)
-                    .addHeader(HttpHeaders.ACCEPT, Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE)
-                    .build();
-            try (var response = httpClient.newCall(request).execute()) {
+                    .addHeader(HttpHeaders.ACCEPT, Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE);
+            if (isPublic) {
+                String signatureString = signatureService.addSignature(from, host, "get", contextUri.getPath(), requestDate,
+                        "");
+                request.addHeader(HttpHeaders.DATE, requestDate)
+                        .addHeader(HttpHeaders.HOST, host)
+                        .addHeader("Signature", signatureString);
+            }
+            try (var response = httpClient.newCall(request.build()).execute()) {
                 if (response.isSuccessful() && response.body() != null) {
                     var context = jsonMapper.readValue(response.body().string(), Context.class);
                     return Optional.of(context);
author	Vitaly Takmazov	2023-11-22 23:43:13 +0300
committer	Vitaly Takmazov	2023-11-22 23:43:23 +0300
commit	4a970162d39eedadd055a69f3f77010460c21fcc (patch)
tree	a9b69aba4db4bb506c2898e18ce6504a22d2a3a5 /src
parent	db35e0ffa2836ccd4186d2d3518c7f8080d258ea (diff)