Merge branch 'develop' into feature/mastodon-api-int-test

2023-11-29 17:03:42 +09:00 · 2023-11-29 17:03:42 +09:00 · 0efd92a371
parent 8746258104 d6cf0246d1
commit 0efd92a371
11 changed files with 74 additions and 44 deletions
--- a/.github/workflows/integration-test.yml
+++ b/.github/workflows/integration-test.yml
@ -64,4 +64,4 @@ jobs:
        uses: mikepenz/action-junit-report@v2
        if: always()
        with:
-          report_paths: '**/build/test-results/test/TEST-*.xml'
+          report_paths: '**/build/test-results/integrationTest/TEST-*.xml'
--- a/src/intTest/kotlin/activitypub/inbox/InboxTest.kt
+++ b/src/intTest/kotlin/activitypub/inbox/InboxTest.kt
@ -45,6 +45,7 @@ class InboxTest {
                content = "{}"
                contentType = MediaType.APPLICATION_JSON
            }
            .asyncDispatch()
            .andExpect { status { isUnauthorized() } }
    }
@ -55,6 +56,7 @@ class InboxTest {
            .post("/inbox") {
                content = "{}"
                contentType = MediaType.APPLICATION_JSON
                header("Signature", "")
            }
            .asyncDispatch()
            .andExpect { status { isAccepted() } }
@ -68,6 +70,7 @@ class InboxTest {
                content = "{}"
                contentType = MediaType.APPLICATION_JSON
            }
            .asyncDispatch()
            .andExpect { status { isUnauthorized() } }
    }
@ -78,6 +81,7 @@ class InboxTest {
            .post("/users/hoge/inbox") {
                content = "{}"
                contentType = MediaType.APPLICATION_JSON
                header("Signature", "")
            }
            .asyncDispatch()
            .andExpect { status { isAccepted() } }
--- a/src/main/kotlin/dev/usbharu/hideout/activitypub/domain/model/Delete.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/activitypub/domain/model/Delete.kt
@ -43,8 +43,8 @@ open class Delete : Object, HasId, HasActor {
    override fun hashCode(): Int {
        var result = super.hashCode()
-        result = 31 * result + (apObject?.hashCode() ?: 0)
+        result = 31 * result + apObject.hashCode()
-        result = 31 * result + (published?.hashCode() ?: 0)
+        result = 31 * result + published.hashCode()
        result = 31 * result + actor.hashCode()
        result = 31 * result + id.hashCode()
        return result
--- a/src/main/kotlin/dev/usbharu/hideout/activitypub/domain/model/Undo.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/activitypub/domain/model/Undo.kt
@ -30,14 +30,13 @@ open class Undo(
    override fun hashCode(): Int {
        var result = super.hashCode()
-        result = 31 * result + (`object`?.hashCode() ?: 0)
+        result = 31 * result + `object`.hashCode()
-        result = 31 * result + (published?.hashCode() ?: 0)
+        result = 31 * result + published.hashCode()
        result = 31 * result + actor.hashCode()
        result = 31 * result + id.hashCode()
        return result
    }
-    override fun toString(): String {
+    override fun toString(): String =
-        return "Undo(`object`=$`object`, published=$published, actor='$actor', id='$id') ${super.toString()}"
+        "Undo(`object`=$`object`, published=$published, actor='$actor', id='$id') ${super.toString()}"
    }
 }
--- a/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt
@ -5,6 +5,7 @@ import dev.usbharu.httpsignature.common.HttpHeaders
 import dev.usbharu.httpsignature.common.HttpMethod
 import dev.usbharu.httpsignature.common.HttpRequest
 import org.slf4j.LoggerFactory
 import org.springframework.http.HttpHeaders.WWW_AUTHENTICATE
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
 import org.springframework.web.bind.annotation.RequestBody
@ -21,6 +22,16 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
    ): ResponseEntity<Unit> {
        val request = (requireNotNull(RequestContextHolder.getRequestAttributes()) as ServletRequestAttributes).request
        val headersList = request.headerNames?.toList().orEmpty()
        if (headersList.contains("Signature").not()) {
            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
                .header(
                    WWW_AUTHENTICATE,
                    "Signature realm=\"Example\",headers=\"(request-target) date host digest\""
                )
                .build()
        }
        val parseActivity = try {
            apService.parseActivity(string)
        } catch (e: Exception) {
@ -31,7 +42,6 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
        try {
            val url = request.requestURL.toString()
            val headersList = request.headerNames?.toList().orEmpty()
            val headers =
                headersList.associateWith { header -> request.getHeaders(header)?.toList().orEmpty() }
@ -43,8 +53,6 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
                }
            }
            println(headers)
            apService.processActivity(
                string,
                parseActivity,
--- a/src/main/kotlin/dev/usbharu/hideout/activitypub/service/inbox/InboxJobProcessor.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/activitypub/service/inbox/InboxJobProcessor.kt
@ -14,6 +14,7 @@ import dev.usbharu.hideout.core.query.UserQueryService
 import dev.usbharu.hideout.core.service.job.JobProcessor
 import dev.usbharu.hideout.util.RsaUtil
 import dev.usbharu.httpsignature.common.HttpHeaders
 import dev.usbharu.httpsignature.common.HttpMethod
 import dev.usbharu.httpsignature.common.HttpRequest
 import dev.usbharu.httpsignature.common.PublicKey
 import dev.usbharu.httpsignature.verify.HttpSignatureVerifier
@ -34,6 +35,14 @@ class InboxJobProcessor(
 ) : JobProcessor<InboxJobParam, InboxJob> {
    private suspend fun verifyHttpSignature(httpRequest: HttpRequest, signature: Signature): Boolean {
        val requiredHeaders = when (httpRequest.method) {
            HttpMethod.GET -> getRequiredHeaders
            HttpMethod.POST -> postRequiredHeaders
        }
        if (signature.headers.containsAll(requiredHeaders).not()) {
            return false
        }
        val user = try {
            userQueryService.findByKeyId(signature.keyId)
        } catch (_: FailedToGetResourcesException) {
@ -96,5 +105,7 @@ class InboxJobProcessor(
    companion object {
        private val logger = LoggerFactory.getLogger(InboxJobProcessor::class.java)
        private val postRequiredHeaders = listOf("(request-target)", "date", "host", "digest")
        private val getRequiredHeaders = listOf("(request-target)", "date", "host")
    }
 }
--- a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
@ -6,7 +6,6 @@ import com.nimbusds.jose.jwk.RSAKey
 import com.nimbusds.jose.jwk.source.ImmutableJWKSet
 import com.nimbusds.jose.jwk.source.JWKSource
 import com.nimbusds.jose.proc.SecurityContext
 import dev.usbharu.hideout.activitypub.service.objects.user.APUserService
 import dev.usbharu.hideout.application.external.Transaction
 import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureFilter
 import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureUserDetailsService
@ -81,7 +80,7 @@ class SecurityConfig {
    ): SecurityFilterChain {
        val builder = MvcRequestMatcher.Builder(introspector)
        http
-            .securityMatcher("/inbox", "/outbox", "/users/*/inbox", "/users/*/outbox", "/users/*/posts/*")
+            .securityMatcher("/users/*/posts/*")
            .addFilter(httpSignatureFilter)
            .addFilterBefore(
                ExceptionTranslationFilter(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)),
@ -116,12 +115,9 @@ class SecurityConfig {
    @Bean
    fun getHttpSignatureFilter(
        authenticationManager: AuthenticationManager,
        transaction: Transaction,
        apUserService: APUserService,
        userQueryService: UserQueryService
    ): HttpSignatureFilter {
        val httpSignatureFilter =
-            HttpSignatureFilter(DefaultSignatureHeaderParser(), transaction, apUserService, userQueryService)
+            HttpSignatureFilter(DefaultSignatureHeaderParser())
        httpSignatureFilter.setAuthenticationManager(authenticationManager)
        httpSignatureFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false)
        val authenticationEntryPointFailureHandler =
@ -134,18 +130,20 @@ class SecurityConfig {
    @Bean
    fun httpSignatureAuthenticationProvider(transaction: Transaction): PreAuthenticatedAuthenticationProvider {
        val provider = PreAuthenticatedAuthenticationProvider()
        val signatureHeaderParser = DefaultSignatureHeaderParser()
        provider.setPreAuthenticatedUserDetailsService(
            HttpSignatureUserDetailsService(
                userQueryService,
                HttpSignatureVerifierComposite(
                    mapOf(
                        "rsa-sha256" to RsaSha256HttpSignatureVerifier(
-                            DefaultSignatureHeaderParser(), RsaSha256HttpSignatureSigner()
+                            signatureHeaderParser, RsaSha256HttpSignatureSigner()
                        )
                    ),
-                    DefaultSignatureHeaderParser()
+                    signatureHeaderParser
                ),
-                transaction
+                transaction,
                signatureHeaderParser
            )
        )
        provider.setUserDetailsChecker(AccountStatusUserDetailsChecker())
--- a/src/main/kotlin/dev/usbharu/hideout/core/domain/model/instance/Nodeinfo2_0.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/core/domain/model/instance/Nodeinfo2_0.kt
@ -3,17 +3,17 @@
 package dev.usbharu.hideout.core.domain.model.instance
@Suppress("ClassNaming")
-class Nodeinfo2_0() {
+class Nodeinfo2_0 {
    var metadata: Metadata? = null
    var software: Software? = null
 }
-class Metadata() {
+class Metadata {
    var nodeName: String? = null
    var nodeDescription: String? = null
 }
-class Software() {
+class Software {
    var name: String? = null
    var version: String? = null
 }
--- a/src/main/kotlin/dev/usbharu/hideout/core/infrastructure/springframework/httpsignature/HttpSignatureFilter.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/core/infrastructure/springframework/httpsignature/HttpSignatureFilter.kt
@ -1,23 +1,15 @@
 package dev.usbharu.hideout.core.infrastructure.springframework.httpsignature
 import dev.usbharu.hideout.activitypub.service.objects.user.APUserService
 import dev.usbharu.hideout.application.external.Transaction
 import dev.usbharu.hideout.core.domain.exception.FailedToGetResourcesException
 import dev.usbharu.hideout.core.query.UserQueryService
 import dev.usbharu.httpsignature.common.HttpHeaders
 import dev.usbharu.httpsignature.common.HttpMethod
 import dev.usbharu.httpsignature.common.HttpRequest
 import dev.usbharu.httpsignature.verify.SignatureHeaderParser
 import jakarta.servlet.http.HttpServletRequest
 import kotlinx.coroutines.runBlocking
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
 import java.net.URL
 class HttpSignatureFilter(
-    private val httpSignatureHeaderParser: SignatureHeaderParser,
+    private val httpSignatureHeaderParser: SignatureHeaderParser
    private val transaction: Transaction,
    private val apUserService: APUserService,
    private val userQueryService: UserQueryService
 ) :
    AbstractPreAuthenticatedProcessingFilter() {
    override fun getPreAuthenticatedPrincipal(request: HttpServletRequest?): Any? {
@ -33,15 +25,6 @@ class HttpSignatureFilter(
        } catch (_: RuntimeException) {
            return ""
        }
        runBlocking {
            transaction.transaction {
                try {
                    userQueryService.findByKeyId(signature.keyId)
                } catch (_: FailedToGetResourcesException) {
                    apUserService.fetchPerson(signature.keyId)
                }
            }
        }
        return signature.keyId
    }
--- a/src/main/kotlin/dev/usbharu/hideout/core/infrastructure/springframework/httpsignature/HttpSignatureUserDetailsService.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/core/infrastructure/springframework/httpsignature/HttpSignatureUserDetailsService.kt
@ -5,10 +5,12 @@ import dev.usbharu.hideout.core.domain.exception.FailedToGetResourcesException
 import dev.usbharu.hideout.core.domain.exception.HttpSignatureVerifyException
 import dev.usbharu.hideout.core.query.UserQueryService
 import dev.usbharu.hideout.util.RsaUtil
 import dev.usbharu.httpsignature.common.HttpMethod
 import dev.usbharu.httpsignature.common.HttpRequest
 import dev.usbharu.httpsignature.common.PublicKey
 import dev.usbharu.httpsignature.verify.FailedVerification
 import dev.usbharu.httpsignature.verify.HttpSignatureVerifier
 import dev.usbharu.httpsignature.verify.SignatureHeaderParser
 import kotlinx.coroutines.runBlocking
 import org.slf4j.LoggerFactory
 import org.springframework.security.authentication.BadCredentialsException
@ -20,14 +22,16 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
 class HttpSignatureUserDetailsService(
    private val userQueryService: UserQueryService,
    private val httpSignatureVerifier: HttpSignatureVerifier,
-    private val transaction: Transaction
+    private val transaction: Transaction,
    private val httpSignatureHeaderParser: SignatureHeaderParser
 ) :
    AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {
    override fun loadUserDetails(token: PreAuthenticatedAuthenticationToken): UserDetails = runBlocking {
        if (token.principal !is String) {
            throw IllegalStateException("Token is not String")
        }
-        if (token.credentials !is HttpRequest) {
+        val credentials = token.credentials
        if (credentials !is HttpRequest) {
            throw IllegalStateException("Credentials is not HttpRequest")
        }
@ -40,10 +44,25 @@ class HttpSignatureUserDetailsService(
            }
        }
        val signature = httpSignatureHeaderParser.parse(credentials.headers)
        val requiredHeaders = when (credentials.method) {
            HttpMethod.GET -> getRequiredHeaders
            HttpMethod.POST -> postRequiredHeaders
        }
        if (signature.headers.containsAll(requiredHeaders).not()) {
            logger.warn(
                "FAILED Verify HTTP Signature. required headers: {} but actual: {}",
                requiredHeaders,
                signature.headers
            )
            throw BadCredentialsException("HTTP Signature. required headers: $requiredHeaders")
        }
        @Suppress("TooGenericExceptionCaught")
        val verify = try {
            httpSignatureVerifier.verify(
-                token.credentials as HttpRequest,
+                credentials,
                PublicKey(RsaUtil.decodeRsaPublicKeyPem(findByKeyId.publicKey), keyId)
            )
        } catch (e: RuntimeException) {
@ -67,5 +86,7 @@ class HttpSignatureUserDetailsService(
    companion object {
        private val logger = LoggerFactory.getLogger(HttpSignatureUserDetailsService::class.java)
        private val postRequiredHeaders = listOf("(request-target)", "date", "host", "digest")
        private val getRequiredHeaders = listOf("(request-target)", "date", "host")
    }
 }
--- a/src/test/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImplTest.kt
+++ b/src/test/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImplTest.kt
@ -54,6 +54,7 @@ class InboxControllerImplTest {
            .post("/inbox") {
                content = json
                contentType = MediaType.APPLICATION_JSON
                header("Signature", "")
            }
            .asyncDispatch()
            .andExpect {
@ -71,6 +72,7 @@ class InboxControllerImplTest {
            .post("/inbox") {
                content = json
                contentType = MediaType.APPLICATION_JSON
                header("Signature", "")
            }
            .asyncDispatch()
            .andExpect {
@ -96,6 +98,7 @@ class InboxControllerImplTest {
            .post("/inbox") {
                content = json
                contentType = MediaType.APPLICATION_JSON
                header("Signature", "")
            }
            .asyncDispatch()
            .andExpect {
@ -123,6 +126,7 @@ class InboxControllerImplTest {
            .post("/users/hoge/inbox") {
                content = json
                contentType = MediaType.APPLICATION_JSON
                header("Signature", "")
            }
            .asyncDispatch()
            .andExpect {
@ -140,6 +144,7 @@ class InboxControllerImplTest {
            .post("/users/hoge/inbox") {
                content = json
                contentType = MediaType.APPLICATION_JSON
                header("Signature", "")
            }
            .asyncDispatch()
            .andExpect {
@ -165,6 +170,7 @@ class InboxControllerImplTest {
            .post("/users/hoge/inbox") {
                content = json
                contentType = MediaType.APPLICATION_JSON
                header("Signature", "")
            }
            .asyncDispatch()
            .andExpect {