From 4a970162d39eedadd055a69f3f77010460c21fcc Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Wed, 22 Nov 2023 23:43:13 +0300 Subject: ActivityPub: disable signed GET requests in the local environment --- .../java/com/juick/service/ActivityPubService.java | 26 +++++++++++++++------- 1 file changed, 18 insertions(+), 8 deletions(-) (limited to 'src/main/java') diff --git a/src/main/java/com/juick/service/ActivityPubService.java b/src/main/java/com/juick/service/ActivityPubService.java index f89f3261..75a3b488 100644 --- a/src/main/java/com/juick/service/ActivityPubService.java +++ b/src/main/java/com/juick/service/ActivityPubService.java @@ -23,6 +23,7 @@ import com.juick.model.User; import com.juick.util.DateFormattersHolder; import com.juick.www.api.activity.model.Context; import com.juick.www.api.activity.model.objects.Actor; +import jakarta.annotation.PostConstruct; import okhttp3.MediaType; import okhttp3.OkHttpClient; import okhttp3.Request; @@ -70,6 +71,14 @@ public class ActivityPubService extends BaseJdbcService implements SocialService @Inject private ConversionService conversionService; + private boolean isPublic; + + @PostConstruct + public void init() { + UriComponents baseUriComponents = UriComponentsBuilder.fromUriString(baseUri).build(); + isPublic = baseUriComponents.getScheme().equals("https"); + logger.info("Signed GET requests enabled: {}", isPublic); + } @Transactional(readOnly = true) @Override public @Nonnull User getUserByAccountUri(String acct) { @@ -121,16 +130,17 @@ public class ActivityPubService extends BaseJdbcService implements SocialService : contextUri.getHost(); var from = conversionService.convert(serviceUser, Actor.class); try { - String signatureString = signatureService.addSignature(from, host, "get", contextUri.getPath(), requestDate, - ""); var request = new Request.Builder() .url(contextUri.toURL()) - .addHeader(HttpHeaders.DATE, requestDate) - .addHeader(HttpHeaders.HOST, host) - .addHeader("Signature", signatureString) - .addHeader(HttpHeaders.ACCEPT, Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE) - .build(); - try (var response = httpClient.newCall(request).execute()) { + .addHeader(HttpHeaders.ACCEPT, Context.ACTIVITYSTREAMS_PROFILE_MEDIA_TYPE); + if (isPublic) { + String signatureString = signatureService.addSignature(from, host, "get", contextUri.getPath(), requestDate, + ""); + request.addHeader(HttpHeaders.DATE, requestDate) + .addHeader(HttpHeaders.HOST, host) + .addHeader("Signature", signatureString); + } + try (var response = httpClient.newCall(request.build()).execute()) { if (response.isSuccessful() && response.body() != null) { var context = jsonMapper.readValue(response.body().string(), Context.class); return Optional.of(context); -- cgit v1.2.3