From d7762b910be0a0ba9869bf19f5d7bfdf6d23601a Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 4 Oct 2018 14:25:53 +0300 Subject: Validate any Actities --- .../java/com/juick/server/SignatureManager.java | 1 - .../com/juick/server/api/activity/Profile.java | 65 ++++++++++++---------- 2 files changed, 36 insertions(+), 30 deletions(-) (limited to 'juick-server') diff --git a/juick-server/src/main/java/com/juick/server/SignatureManager.java b/juick-server/src/main/java/com/juick/server/SignatureManager.java index 268b6543..0c5ea512 100644 --- a/juick-server/src/main/java/com/juick/server/SignatureManager.java +++ b/juick-server/src/main/java/com/juick/server/SignatureManager.java @@ -59,7 +59,6 @@ public class SignatureManager { if (context instanceof Person) { Person person = (Person) context; Key key = KeystoreManager.publicKeyOf(person); - logger.info("data signed by person with key {}", key); Verifier verifier = new Verifier(key, Signature.fromString(signatureString)); try { boolean result = verifier.verify(method, path, headers); diff --git a/juick-server/src/main/java/com/juick/server/api/activity/Profile.java b/juick-server/src/main/java/com/juick/server/api/activity/Profile.java index 23cd74ce..622bb08b 100644 --- a/juick-server/src/main/java/com/juick/server/api/activity/Profile.java +++ b/juick-server/src/main/java/com/juick/server/api/activity/Profile.java @@ -55,7 +55,7 @@ public class Profile { @Value("${img_url:http://localhost:8080/i/}") private String baseImagesUri; - @GetMapping(value = "/u/{userName}", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + @GetMapping(value = "/u/{userName}", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public Person getUser(@PathVariable String userName) { User user = userService.getUserByName(userName); if (!user.isAnonymous()) { @@ -83,7 +83,8 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/blog/toc", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/blog/toc", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollection getOutbox(@PathVariable String userName) { User user = userService.getUserByName(userName); if (!user.isAnonymous()) { @@ -96,9 +97,10 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/blog", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/blog", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollectionPage getOutboxPage(@PathVariable String userName, - @RequestParam(required = false, defaultValue = "0") int before) { + @RequestParam(required = false, defaultValue = "0") int before) { User visitor = UserUtils.getCurrentUser(); User user = userService.getUserByName(userName); if (!user.isAnonymous()) { @@ -131,7 +133,8 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/followers/toc", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/followers/toc", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollection getFollowers(@PathVariable String userName) { User user = userService.getUserByName(userName); if (!user.isAnonymous()) { @@ -144,9 +147,10 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/followers", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/followers", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollectionPage getFollowersPage(@PathVariable String userName, - @RequestParam(required = false, defaultValue = "0") int page) { + @RequestParam(required = false, defaultValue = "0") int page) { User user = userService.getUserByName(userName); if (!user.isAnonymous()) { UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(baseUri); @@ -173,7 +177,8 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/following/toc", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/following/toc", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollection getFollowing(@PathVariable String userName) { User user = userService.getUserByName(userName); if (!user.isAnonymous()) { @@ -186,7 +191,8 @@ public class Profile { } throw new HttpNotFoundException(); } - @GetMapping(value = "/u/{userName}/following", produces = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) + + @GetMapping(value = "/u/{userName}/following", produces = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) public OrderedCollectionPage getFollowingPage(@PathVariable String userName, @RequestParam(required = false, defaultValue = "0") int page) { User user = userService.getUserByName(userName); @@ -215,35 +221,36 @@ public class Profile { } throw new HttpNotFoundException(); } - @PostMapping(value = "/api/inbox", consumes = { Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE }) - public ResponseEntity processInbox(@RequestBody Context activity, + + @PostMapping(value = "/api/inbox", consumes = {Context.LD_JSON_MEDIA_TYPE, Context.ACTIVITY_JSON_MEDIA_TYPE}) + public ResponseEntity processInbox(@RequestBody Activity activity, @RequestHeader(name = "Host") String host, @RequestHeader(name = "Date") String date, @RequestHeader(name = "Digest") String digest, @RequestHeader(name = "Content-Type") String contentType, @RequestHeader(name = "Signature") String signature) { - if (activity instanceof Follow) { - Follow followRequest = (Follow) activity; - UriComponents componentsBuilder = ServletUriComponentsBuilder.fromCurrentRequestUri().build(); - Map headers = new HashMap<>(); - headers.put("host", host); - headers.put("date", date); - headers.put("digest", digest); - headers.put("content-type", contentType); - boolean valid = signatureManager.verifySignature(signature, URI.create(followRequest.getActor()), "POST", - componentsBuilder.getPath(), headers); - if (valid) { + UriComponents componentsBuilder = ServletUriComponentsBuilder.fromCurrentRequestUri().build(); + Map headers = new HashMap<>(); + headers.put("host", host); + headers.put("date", date); + headers.put("digest", digest); + headers.put("content-type", contentType); + boolean valid = signatureManager.verifySignature(signature, URI.create(activity.getActor()), "POST", + componentsBuilder.getPath(), headers); + if (valid) { + if (activity instanceof Follow) { + Follow followRequest = (Follow) activity; applicationEventPublisher.publishEvent( new FollowEvent(this, followRequest)); return new ResponseEntity<>(HttpStatus.ACCEPTED); } - return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); - } - if (activity instanceof Undo) { - String follower = (String)((Map) ((Undo) activity).getObject()).get("object"); - applicationEventPublisher.publishEvent(new UndoFollowEvent(this, ((Undo) activity).getActor(), follower)); - return new ResponseEntity<>(HttpStatus.OK); + if (activity instanceof Undo) { + String follower = (String) ((Map) activity.getObject()).get("object"); + applicationEventPublisher.publishEvent(new UndoFollowEvent(this, activity.getActor(), follower)); + return new ResponseEntity<>(HttpStatus.OK); + } + return new ResponseEntity<>(HttpStatus.NOT_IMPLEMENTED); } - return new ResponseEntity<>(HttpStatus.BAD_REQUEST); + return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } } -- cgit v1.2.3