mirror of https://github.com/usbharu/Hideout.git
feat: Signatureヘッダーがない場合コントローラーの時点で401を返すように
This commit is contained in:
parent
631acc534e
commit
cc046393d6
|
|
@ -45,6 +45,7 @@ class InboxTest {
|
||||||
content = "{}"
|
content = "{}"
|
||||||
contentType = MediaType.APPLICATION_JSON
|
contentType = MediaType.APPLICATION_JSON
|
||||||
}
|
}
|
||||||
|
.asyncDispatch()
|
||||||
.andExpect { status { isUnauthorized() } }
|
.andExpect { status { isUnauthorized() } }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -68,6 +69,7 @@ class InboxTest {
|
||||||
content = "{}"
|
content = "{}"
|
||||||
contentType = MediaType.APPLICATION_JSON
|
contentType = MediaType.APPLICATION_JSON
|
||||||
}
|
}
|
||||||
|
.asyncDispatch()
|
||||||
.andExpect { status { isUnauthorized() } }
|
.andExpect { status { isUnauthorized() } }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ import dev.usbharu.httpsignature.common.HttpHeaders
|
||||||
import dev.usbharu.httpsignature.common.HttpMethod
|
import dev.usbharu.httpsignature.common.HttpMethod
|
||||||
import dev.usbharu.httpsignature.common.HttpRequest
|
import dev.usbharu.httpsignature.common.HttpRequest
|
||||||
import org.slf4j.LoggerFactory
|
import org.slf4j.LoggerFactory
|
||||||
|
import org.springframework.http.HttpHeaders.WWW_AUTHENTICATE
|
||||||
import org.springframework.http.HttpStatus
|
import org.springframework.http.HttpStatus
|
||||||
import org.springframework.http.ResponseEntity
|
import org.springframework.http.ResponseEntity
|
||||||
import org.springframework.web.bind.annotation.RequestBody
|
import org.springframework.web.bind.annotation.RequestBody
|
||||||
|
|
@ -21,6 +22,16 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
|
||||||
): ResponseEntity<Unit> {
|
): ResponseEntity<Unit> {
|
||||||
val request = (requireNotNull(RequestContextHolder.getRequestAttributes()) as ServletRequestAttributes).request
|
val request = (requireNotNull(RequestContextHolder.getRequestAttributes()) as ServletRequestAttributes).request
|
||||||
|
|
||||||
|
val headersList = request.headerNames?.toList().orEmpty()
|
||||||
|
if (headersList.contains("Signature").not()) {
|
||||||
|
return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
|
||||||
|
.header(
|
||||||
|
WWW_AUTHENTICATE,
|
||||||
|
"Signature realm=\"Example\",headers=\"(request-target) date host digest\""
|
||||||
|
)
|
||||||
|
.build()
|
||||||
|
}
|
||||||
|
|
||||||
val parseActivity = try {
|
val parseActivity = try {
|
||||||
apService.parseActivity(string)
|
apService.parseActivity(string)
|
||||||
} catch (e: Exception) {
|
} catch (e: Exception) {
|
||||||
|
|
@ -31,7 +42,7 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
|
||||||
try {
|
try {
|
||||||
val url = request.requestURL.toString()
|
val url = request.requestURL.toString()
|
||||||
|
|
||||||
val headersList = request.headerNames?.toList().orEmpty()
|
|
||||||
val headers =
|
val headers =
|
||||||
headersList.associateWith { header -> request.getHeaders(header)?.toList().orEmpty() }
|
headersList.associateWith { header -> request.getHeaders(header)?.toList().orEmpty() }
|
||||||
|
|
||||||
|
|
@ -43,8 +54,6 @@ class InboxControllerImpl(private val apService: APService) : InboxController {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
println(headers)
|
|
||||||
|
|
||||||
apService.processActivity(
|
apService.processActivity(
|
||||||
string,
|
string,
|
||||||
parseActivity,
|
parseActivity,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue