usbharu
/
Hideout
mirror of https://github.com/usbharu/Hideout.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Apply suggestions from code review 

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This commit is contained in:
usbharu 2023-10-20 12:01:47 +09:00 committed by GitHub
parent 888b650e23
commit 7b65458b2f
4 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
View File

@ -84,7 +84,6 @@ class SecurityConfig {
return http.build() return http.build()
} }
@Bean @Bean
fun getHttpSignatureFilter(authenticationManager: AuthenticationManager): HttpSignatureFilter { fun getHttpSignatureFilter(authenticationManager: AuthenticationManager): HttpSignatureFilter {
val httpSignatureFilter = HttpSignatureFilter(DefaultSignatureHeaderParser()) val httpSignatureFilter = HttpSignatureFilter(DefaultSignatureHeaderParser())
@ -97,14 +96,17 @@ class SecurityConfig {
val provider = PreAuthenticatedAuthenticationProvider() val provider = PreAuthenticatedAuthenticationProvider()
provider.setPreAuthenticatedUserDetailsService( provider.setPreAuthenticatedUserDetailsService(
HttpSignatureUserDetailsService( HttpSignatureUserDetailsService(
userQueryService, HttpSignatureVerifierComposite( userQueryService,
HttpSignatureVerifierComposite(
mapOf( mapOf(
"rsa-sha256" to RsaSha256HttpSignatureVerifier( "rsa-sha256" to RsaSha256HttpSignatureVerifier(
DefaultSignatureHeaderParser(), DefaultSignatureHeaderParser(),
RsaSha256HttpSignatureSigner() RsaSha256HttpSignatureSigner()
) )
), DefaultSignatureHeaderParser() ),
), transaction DefaultSignatureHeaderParser()
),
transaction
) )
) )
provider.setUserDetailsChecker(AccountStatusUserDetailsChecker()) provider.setUserDetailsChecker(AccountStatusUserDetailsChecker())

3
src/main/kotlin/dev/usbharu/hideout/service/signature/HttpSignatureFilter.kt
View File

@ -11,13 +11,11 @@ import java.net.URL
class HttpSignatureFilter(private val httpSignatureHeaderParser: SignatureHeaderParser) : class HttpSignatureFilter(private val httpSignatureHeaderParser: SignatureHeaderParser) :
AbstractPreAuthenticatedProcessingFilter() { AbstractPreAuthenticatedProcessingFilter() {
override fun getPreAuthenticatedPrincipal(request: HttpServletRequest?): Any { override fun getPreAuthenticatedPrincipal(request: HttpServletRequest?): Any {
val headersList = request?.headerNames?.toList().orEmpty() val headersList = request?.headerNames?.toList().orEmpty()
val headers = val headers =
headersList.associateWith { header -> request?.getHeaders(header)?.toList().orEmpty() } headersList.associateWith { header -> request?.getHeaders(header)?.toList().orEmpty() }
val signature = httpSignatureHeaderParser.parse(HttpHeaders(headers)) val signature = httpSignatureHeaderParser.parse(HttpHeaders(headers))
return signature.keyId return signature.keyId
} }
@ -45,5 +43,4 @@ class HttpSignatureFilter(private val httpSignatureHeaderParser: SignatureHeader
method method
) )
} }
} }

1
src/main/kotlin/dev/usbharu/hideout/service/signature/HttpSignatureUser.kt
View File

@ -23,5 +23,4 @@ class HttpSignatureUser(
@Serial @Serial
private const val serialVersionUID: Long = -3330552099960982997L private const val serialVersionUID: Long = -3330552099960982997L
} }
} }

2
src/main/kotlin/dev/usbharu/hideout/service/signature/HttpSignatureUserDetailsService.kt
View File

@ -23,8 +23,6 @@ class HttpSignatureUserDetailsService(
AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> { AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {
override fun loadUserDetails(token: PreAuthenticatedAuthenticationToken): UserDetails = runBlocking { override fun loadUserDetails(token: PreAuthenticatedAuthenticationToken): UserDetails = runBlocking {
transaction.transaction { transaction.transaction {
if (token.principal !is String) { if (token.principal !is String) {
throw IllegalStateException("Token is not String") throw IllegalStateException("Token is not String")
} }