From cdd03aa64548810591e043fb59a287a1b36c92ba Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 5 Jan 2023 11:00:50 +0300 Subject: ActivityPub: signed GET requests, fix Signature verification --- src/main/java/com/juick/www/api/Users.java | 7 +------ src/main/java/com/juick/www/controllers/Compat.java | 16 +++++++++++----- 2 files changed, 12 insertions(+), 11 deletions(-) (limited to 'src/main/java/com/juick/www') diff --git a/src/main/java/com/juick/www/api/Users.java b/src/main/java/com/juick/www/api/Users.java index f7c24d8d..124632d0 100644 --- a/src/main/java/com/juick/www/api/Users.java +++ b/src/main/java/com/juick/www/api/Users.java @@ -72,11 +72,6 @@ public class Users { @Inject private ApplicationEventPublisher applicationEventPublisher; - @RequestMapping(value = "/api/auth", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) - public String getAuthToken(@ModelAttribute User visitor) { - return userService.getHashByUID(visitor.getUid()); - } - @RequestMapping(value = "/api/users", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public List doGetUsers( @ModelAttribute User visitor, @@ -105,7 +100,7 @@ public class Users { SecureUser me = new SecureUser(); me.setUid(visitor.getUid()); me.setName(visitor.getName()); - me.setAuthHash(getAuthToken(visitor)); + me.setAuthHash(userService.getHashByUID(visitor.getUid())); List unread = messagesService.getUnread(visitor); me.setUnread(unread); me.setUnreadCount(unread.size()); diff --git a/src/main/java/com/juick/www/controllers/Compat.java b/src/main/java/com/juick/www/controllers/Compat.java index 936a8e5c..300a0855 100644 --- a/src/main/java/com/juick/www/controllers/Compat.java +++ b/src/main/java/com/juick/www/controllers/Compat.java @@ -17,8 +17,11 @@ package com.juick.www.controllers; -import com.juick.SignatureManager; +import com.juick.service.ActivityPubService; +import com.juick.service.WebfingerService; import com.juick.util.HttpNotFoundException; +import com.juick.www.api.activity.model.Context; +import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -30,7 +33,9 @@ import javax.inject.Inject; @Controller public class Compat { @Inject - private SignatureManager signatureManager; + private WebfingerService webfingerService; + @Inject + private ActivityPubService activityPubService; @GetMapping("/share") public RedirectView share(@RequestParam String text, RedirectAttributes attributes) { attributes.addAttribute("body", text); @@ -38,9 +43,10 @@ public class Compat { } @GetMapping("/mention") public RedirectView mention(@RequestParam String username) { - var profile = signatureManager.discoverPerson(username); - if (profile.isPresent()) { - return new RedirectView(profile.get().getUrl()); + var uri = webfingerService.discoverAccountURI(username, MediaType.valueOf(Context.ACTIVITY_MEDIA_TYPE)); + if (!uri.toASCIIString().isEmpty()) { + var context = activityPubService.get(uri).orElseThrow(HttpNotFoundException::new); + return new RedirectView(context.getUrl()); } throw new HttpNotFoundException(); } -- cgit v1.2.3