From f89836be11c5d3dd135adaee067865ca2c547923 Mon Sep 17 00:00:00 2001 From: usbharu <64310155+usbharu@users.noreply.github.com> Date: Tue, 26 Sep 2023 11:46:37 +0900 Subject: [PATCH 1/4] =?UTF-8?q?feat:=20=E3=83=A6=E3=83=BC=E3=82=B6?= =?UTF-8?q?=E3=83=BC=E4=BD=9C=E6=88=90=E3=82=A8=E3=83=B3=E3=83=89=E3=83=9D?= =?UTF-8?q?=E3=82=A4=E3=83=B3=E3=83=88=E5=AE=9A=E7=BE=A9=E3=82=92=E8=BF=BD?= =?UTF-8?q?=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/resources/openapi/mastodon.yaml | 49 ++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/main/resources/openapi/mastodon.yaml b/src/main/resources/openapi/mastodon.yaml index 9b10b266..3fdb22df 100644 --- a/src/main/resources/openapi/mastodon.yaml +++ b/src/main/resources/openapi/mastodon.yaml @@ -182,8 +182,57 @@ paths: schema: $ref: "#/components/schemas/CredentialAccount" + /api/v1/accounts: + post: + tags: + - account + security: + - OAuth2: + - "write:accounts" + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + $ref: "#/components/schemas/AccountsCreateRequest" + responses: + 200: + description: 成功 + content: + application/json: + schema: + $ref: "#/components/schemas/Token" + components: schemas: + AccountsCreateRequest: + type: object + properties: + username: + type: string + email: + type: string + password: + type: string + agreement: + type: boolean + locale: + type: boolean + reason: + type: string + + Token: + type: object + properties: + access_token: + type: string + token_type: + type: string + scope: + type: string + created_at: + type: integer + Account: type: object properties: From 60e189a596aa374abac36d4d5d4b9b1162e7fc7b Mon Sep 17 00:00:00 2001 From: usbharu <64310155+usbharu@users.noreply.github.com> Date: Tue, 26 Sep 2023 12:36:56 +0900 Subject: [PATCH 2/4] =?UTF-8?q?feat:=20=E3=83=A6=E3=83=BC=E3=82=B6?= =?UTF-8?q?=E3=83=BC=E4=BD=9C=E6=88=90=E3=81=A7=E3=81=8D=E3=82=8B=E3=82=88?= =?UTF-8?q?=E3=81=86=E3=81=AB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- build.gradle.kts | 1 + .../hideout/controller/AuthController.kt | 10 +++++++ .../mastodon/MastodonAccountApiController.kt | 26 ++++++++++++++++++- .../service/api/mastodon/AccountApiService.kt | 13 +++++++++- src/main/resources/openapi/mastodon.yaml | 8 +++--- src/main/resources/templates/sign_up.html | 15 +++++++++++ .../ap/APReceiveFollowServiceImplTest.kt | 7 ++++- 7 files changed, 73 insertions(+), 7 deletions(-) create mode 100644 src/main/kotlin/dev/usbharu/hideout/controller/AuthController.kt create mode 100644 src/main/resources/templates/sign_up.html diff --git a/build.gradle.kts b/build.gradle.kts index bf3eafb9..c27ebaf6 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -93,6 +93,7 @@ dependencies { implementation("org.springframework.boot:spring-boot-starter-web") implementation("org.springframework.boot:spring-boot-starter-security") + implementation("org.springframework.boot:spring-boot-starter-thymeleaf") implementation("org.springframework.boot:spring-boot-starter-oauth2-authorization-server") implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server") implementation("jakarta.validation:jakarta.validation-api") diff --git a/src/main/kotlin/dev/usbharu/hideout/controller/AuthController.kt b/src/main/kotlin/dev/usbharu/hideout/controller/AuthController.kt new file mode 100644 index 00000000..c91b1f34 --- /dev/null +++ b/src/main/kotlin/dev/usbharu/hideout/controller/AuthController.kt @@ -0,0 +1,10 @@ +package dev.usbharu.hideout.controller + +import org.springframework.stereotype.Controller +import org.springframework.web.bind.annotation.GetMapping + +@Controller +class AuthController { + @GetMapping("/auth/sign_up") + fun signUp(): String = "sign_up" +} diff --git a/src/main/kotlin/dev/usbharu/hideout/controller/mastodon/MastodonAccountApiController.kt b/src/main/kotlin/dev/usbharu/hideout/controller/mastodon/MastodonAccountApiController.kt index d6754a3d..290f2240 100644 --- a/src/main/kotlin/dev/usbharu/hideout/controller/mastodon/MastodonAccountApiController.kt +++ b/src/main/kotlin/dev/usbharu/hideout/controller/mastodon/MastodonAccountApiController.kt @@ -2,16 +2,23 @@ package dev.usbharu.hideout.controller.mastodon import dev.usbharu.hideout.controller.mastodon.generated.AccountApi import dev.usbharu.hideout.domain.mastodon.model.generated.CredentialAccount +import dev.usbharu.hideout.domain.model.hideout.dto.UserCreateDto import dev.usbharu.hideout.service.api.mastodon.AccountApiService +import dev.usbharu.hideout.service.core.Transaction import kotlinx.coroutines.runBlocking +import org.springframework.http.HttpHeaders import org.springframework.http.HttpStatus import org.springframework.http.ResponseEntity import org.springframework.security.core.context.SecurityContextHolder import org.springframework.security.oauth2.jwt.Jwt import org.springframework.stereotype.Controller +import java.net.URI @Controller -class MastodonAccountApiController(private val accountApiService: AccountApiService) : AccountApi { +class MastodonAccountApiController( + private val accountApiService: AccountApiService, + private val transaction: Transaction +) : AccountApi { override fun apiV1AccountsVerifyCredentialsGet(): ResponseEntity = runBlocking { val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt @@ -20,4 +27,21 @@ class MastodonAccountApiController(private val accountApiService: AccountApiServ HttpStatus.OK ) } + + override fun apiV1AccountsPost( + username: String, + password: String, + email: String?, + agreement: Boolean?, + locale: Boolean?, + reason: String? + ): ResponseEntity = runBlocking { + transaction.transaction { + + accountApiService.registerAccount(UserCreateDto(username, username, "", password)) + } + val httpHeaders = HttpHeaders() + httpHeaders.location = URI("/users/$username") + ResponseEntity(Unit, httpHeaders, HttpStatus.FOUND) + } } diff --git a/src/main/kotlin/dev/usbharu/hideout/service/api/mastodon/AccountApiService.kt b/src/main/kotlin/dev/usbharu/hideout/service/api/mastodon/AccountApiService.kt index 45df785d..2eece508 100644 --- a/src/main/kotlin/dev/usbharu/hideout/service/api/mastodon/AccountApiService.kt +++ b/src/main/kotlin/dev/usbharu/hideout/service/api/mastodon/AccountApiService.kt @@ -4,23 +4,34 @@ import dev.usbharu.hideout.domain.mastodon.model.generated.Account import dev.usbharu.hideout.domain.mastodon.model.generated.CredentialAccount import dev.usbharu.hideout.domain.mastodon.model.generated.CredentialAccountSource import dev.usbharu.hideout.domain.mastodon.model.generated.Role +import dev.usbharu.hideout.domain.model.hideout.dto.UserCreateDto import dev.usbharu.hideout.service.core.Transaction import dev.usbharu.hideout.service.mastodon.AccountService +import dev.usbharu.hideout.service.user.UserService import org.springframework.stereotype.Service @Service interface AccountApiService { suspend fun verifyCredentials(userid: Long): CredentialAccount + suspend fun registerAccount(userCreateDto: UserCreateDto): Unit } @Service -class AccountApiServiceImpl(private val accountService: AccountService, private val transaction: Transaction) : +class AccountApiServiceImpl( + private val accountService: AccountService, + private val transaction: Transaction, + private val userService: UserService +) : AccountApiService { override suspend fun verifyCredentials(userid: Long): CredentialAccount = transaction.transaction { val account = accountService.findById(userid) from(account) } + override suspend fun registerAccount(userCreateDto: UserCreateDto) { + userService.createLocalUser(UserCreateDto(userCreateDto.name, userCreateDto.name, "", userCreateDto.password)) + } + private fun from(account: Account): CredentialAccount { return CredentialAccount( id = account.id, diff --git a/src/main/resources/openapi/mastodon.yaml b/src/main/resources/openapi/mastodon.yaml index 3fdb22df..246a15a5 100644 --- a/src/main/resources/openapi/mastodon.yaml +++ b/src/main/resources/openapi/mastodon.yaml @@ -198,10 +198,6 @@ paths: responses: 200: description: 成功 - content: - application/json: - schema: - $ref: "#/components/schemas/Token" components: schemas: @@ -220,6 +216,9 @@ components: type: boolean reason: type: string + required: + - username + - password Token: type: object @@ -232,6 +231,7 @@ components: type: string created_at: type: integer + format: int64 Account: type: object diff --git a/src/main/resources/templates/sign_up.html b/src/main/resources/templates/sign_up.html new file mode 100644 index 00000000..04859dd3 --- /dev/null +++ b/src/main/resources/templates/sign_up.html @@ -0,0 +1,15 @@ + + + + + SignUp + + + +
+ + + +
+ + diff --git a/src/test/kotlin/dev/usbharu/hideout/service/ap/APReceiveFollowServiceImplTest.kt b/src/test/kotlin/dev/usbharu/hideout/service/ap/APReceiveFollowServiceImplTest.kt index 79c93816..9aebf1ee 100644 --- a/src/test/kotlin/dev/usbharu/hideout/service/ap/APReceiveFollowServiceImplTest.kt +++ b/src/test/kotlin/dev/usbharu/hideout/service/ap/APReceiveFollowServiceImplTest.kt @@ -36,7 +36,12 @@ class APReceiveFollowServiceImplTest { } val activityPubFollowService = APReceiveFollowServiceImpl( - jobQueueParentService, mock(), mock(), mock(), mock(), TestTransaction, + jobQueueParentService, + mock(), + mock(), + mock(), + mock(), + TestTransaction, objectMapper ) activityPubFollowService.receiveFollow( From 175e43830d04903936ef05618f0948047204a965 Mon Sep 17 00:00:00 2001 From: usbharu <64310155+usbharu@users.noreply.github.com> Date: Tue, 26 Sep 2023 12:55:48 +0900 Subject: [PATCH 3/4] =?UTF-8?q?fix:=20CSRF=E4=BF=9D=E8=AD=B7=E3=82=92?= =?UTF-8?q?=E6=9C=89=E5=8A=B9=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt b/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt index d4a8d4d1..95a2dc4c 100644 --- a/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt +++ b/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt @@ -72,6 +72,9 @@ class SecurityConfig { builder.pattern("/error"), builder.pattern("/nodeinfo/2.0") ).permitAll() + it.requestMatchers( + builder.pattern("/auth/**") + ).anonymous() it.requestMatchers(builder.pattern("/change-password")).authenticated() it.requestMatchers(builder.pattern("/api/v1/accounts/verify_credentials")) .hasAnyAuthority("SCOPE_read", "SCOPE_read:accounts") @@ -84,7 +87,6 @@ class SecurityConfig { .passwordManagement { } .formLogin(Customizer.withDefaults()) .csrf { - it.ignoringRequestMatchers(builder.pattern("/api/**")) it.ignoringRequestMatchers(builder.pattern("/users/*/inbox")) it.ignoringRequestMatchers(builder.pattern("/inbox")) it.ignoringRequestMatchers(PathRequest.toH2Console()) From 970d0ec062de502ecff35d27a97e9036a7fffe27 Mon Sep 17 00:00:00 2001 From: usbharu <64310155+usbharu@users.noreply.github.com> Date: Tue, 26 Sep 2023 13:01:17 +0900 Subject: [PATCH 4/4] =?UTF-8?q?fix:=20sign=5Fup=E3=81=AB=E5=AF=BE=E3=81=99?= =?UTF-8?q?=E3=82=8BCSRF=E4=BF=9D=E8=AD=B7=E3=82=92=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/resources/templates/sign_up.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/templates/sign_up.html b/src/main/resources/templates/sign_up.html index 04859dd3..079fdd7c 100644 --- a/src/main/resources/templates/sign_up.html +++ b/src/main/resources/templates/sign_up.html @@ -1,12 +1,12 @@ - + SignUp -
+