From cc046393d6b62d4b6a4c06879e44bd5d4f941687 Mon Sep 17 00:00:00 2001
From: usbharu <64310155+usbharu@users.noreply.github.com>
Date: Tue, 28 Nov 2023 13:56:39 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20Signature=E3=83=98=E3=83=83=E3=83=80?=
 =?UTF-8?q?=E3=83=BC=E3=81=8C=E3=81=AA=E3=81=84=E5=A0=B4=E5=90=88=E3=82=B3?=
 =?UTF-8?q?=E3=83=B3=E3=83=88=E3=83=AD=E3=83=BC=E3=83=A9=E3=83=BC=E3=81=AE?=
 =?UTF-8?q?=E6=99=82=E7=82=B9=E3=81=A7401=E3=82=92=E8=BF=94=E3=81=99?=
 =?UTF-8?q?=E3=82=88=E3=81=86=E3=81=AB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/intTest/kotlin/activitypub/inbox/InboxTest.kt |  2 ++
 .../interfaces/api/inbox/InboxControllerImpl.kt   | 15 ++++++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/intTest/kotlin/activitypub/inbox/InboxTest.kt b/src/intTest/kotlin/activitypub/inbox/InboxTest.kt
index 92fe3aa2..4626772c 100644
--- a/src/intTest/kotlin/activitypub/inbox/InboxTest.kt
+++ b/src/intTest/kotlin/activitypub/inbox/InboxTest.kt
@@ -45,6 +45,7 @@ class InboxTest {
                 content = "{}"
                 contentType = MediaType.APPLICATION_JSON
             }
+            .asyncDispatch()
             .andExpect { status { isUnauthorized() } }
     }
 
@@ -68,6 +69,7 @@ class InboxTest {
                 content = "{}"
                 contentType = MediaType.APPLICATION_JSON
             }
+            .asyncDispatch()
             .andExpect { status { isUnauthorized() } }
     }
 
diff --git a/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt b/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt
index 1ad9062c..6c47a5b1 100644
--- a/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/activitypub/interfaces/api/inbox/InboxControllerImpl.kt
@@ -5,6 +5,7 @@ import dev.usbharu.httpsignature.common.HttpHeaders
 import dev.usbharu.httpsignature.common.HttpMethod
 import dev.usbharu.httpsignature.common.HttpRequest
 import org.slf4j.LoggerFactory
+import org.springframework.http.HttpHeaders.WWW_AUTHENTICATE
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
 import org.springframework.web.bind.annotation.RequestBody
@@ -21,6 +22,16 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
     ): ResponseEntity<Unit> {
         val request = (requireNotNull(RequestContextHolder.getRequestAttributes()) as ServletRequestAttributes).request
 
+        val headersList = request.headerNames?.toList().orEmpty()
+        if (headersList.contains("Signature").not()) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .header(
+                    WWW_AUTHENTICATE,
+                    "Signature realm=\"Example\",headers=\"(request-target) date host digest\""
+                )
+                .build()
+        }
+
         val parseActivity = try {
             apService.parseActivity(string)
         } catch (e: Exception) {
@@ -31,7 +42,7 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
         try {
             val url = request.requestURL.toString()
 
-            val headersList = request.headerNames?.toList().orEmpty()
+
             val headers =
                 headersList.associateWith { header -> request.getHeaders(header)?.toList().orEmpty() }
 
@@ -43,8 +54,6 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
                 }
             }
 
-            println(headers)
-
             apService.processActivity(
                 string,
                 parseActivity,