From 4a970162d39eedadd055a69f3f77010460c21fcc Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 22 Nov 2023 23:43:13 +0300
Subject: ActivityPub: disable signed GET requests in the local environment

---
 .../java/com/juick/service/ActivityPubService.java | 26 +++++++++++++++-------
 1 file changed, 18 insertions(+), 8 deletions(-)

(limited to 'src/main/java')

diff --git a/src/main/java/com/juick/service/ActivityPubService.java b/src/main/java/com/juick/service/ActivityPubService.java
index f89f3261..75a3b488 100644
--- a/src/main/java/com/juick/service/ActivityPubService.java
+++ b/src/main/java/com/juick/service/ActivityPubService.java
@@ -23,6 +23,7 @@ import com.juick.model.User;
 import com.juick.util.DateFormattersHolder;
 import com.juick.www.api.activity.model.Context;
 import com.juick.www.api.activity.model.objects.Actor;
+import jakarta.annotation.PostConstruct;
 import okhttp3.MediaType;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
@@ -70,6 +71,14 @@ public class ActivityPubService extends BaseJdbcService implements SocialService
     @Inject
     private ConversionService conversionService;
 
+    private boolean isPublic;
+
+    @PostConstruct
+    public void init() {
+        UriComponents baseUriComponents = UriComponentsBuilder.fromUriString(baseUri).build();
+        isPublic = baseUriComponents.getScheme().equals("https");
+        logger.info("Signed GET requests enabled: {}", isPublic);
+    }
     @Transactional(readOnly = true)
     @Override
     public @Nonnull User getUserByAccountUri(String acct) {
@@ -121,16 +130,17 @@ public class ActivityPubService extends BaseJdbcService implements SocialService
                 : contextUri.getHost();
         var from = conversionService.convert(serviceUser, Actor.class);
         try {
-            String signatureString = signatureService.addSignature(from, host, "get", contextUri.getPath(), requestDate,
-                    "");
             var request = new Request.Builder()
                     .url(contextUri.toURL())
-                    .addHeader(HttpHeaders.DATE, requestDate)
-                    .addHeader(HttpHeaders.HOST, host)
-                    .addHeader("Signature", signatureString)
-                    .addHeader(HttpHeaders.ACCEPT, Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE)
-                    .build();
-            try (var response = httpClient.newCall(request).execute()) {
+                    .addHeader(HttpHeaders.ACCEPT, Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE);
+            if (isPublic) {
+                String signatureString = signatureService.addSignature(from, host, "get", contextUri.getPath(), requestDate,
+                        "");
+                request.addHeader(HttpHeaders.DATE, requestDate)
+                        .addHeader(HttpHeaders.HOST, host)
+                        .addHeader("Signature", signatureString);
+            }
+            try (var response = httpClient.newCall(request.build()).execute()) {
                 if (response.isSuccessful() && response.body() != null) {
                     var context = jsonMapper.readValue(response.body().string(), Context.class);
                     return Optional.of(context);
-- 
cgit v1.2.3