feat: Signatureヘッダーがない場合コントローラーの時点で401を返すように

2023-11-28 13:56:39 +09:00 · 2023-11-28 13:56:39 +09:00 · cc046393d6
parent 631acc534e
commit cc046393d6
2 changed files with 14 additions and 3 deletions
--- a/src/intTest/kotlin/activitypub/inbox/InboxTest.kt
+++ b/src/intTest/kotlin/activitypub/inbox/InboxTest.kt
@ -45,6 +45,7 @@ class InboxTest {
                content = "{}"
                contentType = MediaType.APPLICATION_JSON
            }
+            .asyncDispatch()
            .andExpect { status { isUnauthorized() } }
    }

@ -68,6 +69,7 @@ class InboxTest {
                content = "{}"
                contentType = MediaType.APPLICATION_JSON
            }
+            .asyncDispatch()
            .andExpect { status { isUnauthorized() } }
    }

--- a/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt
@ -5,6 +5,7 @@ import dev.usbharu.httpsignature.common.HttpHeaders
 import dev.usbharu.httpsignature.common.HttpMethod
 import dev.usbharu.httpsignature.common.HttpRequest
 import org.slf4j.LoggerFactory
+import org.springframework.http.HttpHeaders.WWW_AUTHENTICATE
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
 import org.springframework.web.bind.annotation.RequestBody
@ -21,6 +22,16 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
    ): ResponseEntity<Unit> {
        val request = (requireNotNull(RequestContextHolder.getRequestAttributes()) as ServletRequestAttributes).request

+        val headersList = request.headerNames?.toList().orEmpty()
+        if (headersList.contains("Signature").not()) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .header(
+                    WWW_AUTHENTICATE,
+                    "Signature realm=\"Example\",headers=\"(request-target) date host digest\""
+                )
+                .build()
+        }
+
        val parseActivity = try {
            apService.parseActivity(string)
        } catch (e: Exception) {
@ -31,7 +42,7 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
        try {
            val url = request.requestURL.toString()

-            val headersList = request.headerNames?.toList().orEmpty()
+
            val headers =
                headersList.associateWith { header -> request.getHeaders(header)?.toList().orEmpty() }

@ -43,8 +54,6 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
                }
            }

-            println(headers)
-
            apService.processActivity(
                string,
                parseActivity,