usbharu
/
Hideout
mirror of https://github.com/usbharu/Hideout.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

feat: セキュリティの設定を修正

This commit is contained in:
usbharu 2023-09-24 11:36:22 +09:00
parent e78f86e120
commit 3c5b2dfa66
Signed by: usbharu
GPG Key ID: 6556747BF94EEBC8
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
View File

@ -15,7 +15,6 @@ import org.springframework.core.annotation.Order
import org.springframework.security.config.Customizer import org.springframework.security.config.Customizer
import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
import org.springframework.security.core.Authentication import org.springframework.security.core.Authentication
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
import org.springframework.security.crypto.password.PasswordEncoder import org.springframework.security.crypto.password.PasswordEncoder
@ -35,7 +34,6 @@ import java.security.interfaces.RSAPublicKey
import java.util.* import java.util.*
@EnableWebSecurity(debug = true) @EnableWebSecurity(debug = true)
@EnableWebFluxSecurity()
@Configuration @Configuration
class SecurityConfig { class SecurityConfig {
@ -70,9 +68,11 @@ class SecurityConfig {
builder.pattern("/inbox"), builder.pattern("/inbox"),
builder.pattern("/api/v1/apps"), builder.pattern("/api/v1/apps"),
builder.pattern("/api/v1/instance/**"), builder.pattern("/api/v1/instance/**"),
builder.pattern("/.well-known/**") builder.pattern("/.well-known/**"),
builder.pattern("/error")
).permitAll() ).permitAll()
it.requestMatchers(builder.pattern("/api/v1/**")).hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts") it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials"))
.hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts")
it.anyRequest().denyAll() it.anyRequest().denyAll()
} }
http http