diff --git a/src/main/kotlin/dev/usbharu/hideout/core/infrastructure/springframework/security/LoginUserContextHolder.kt b/src/main/kotlin/dev/usbharu/hideout/core/infrastructure/springframework/security/LoginUserContextHolder.kt new file mode 100644 index 00000000..e86dc2b0 --- /dev/null +++ b/src/main/kotlin/dev/usbharu/hideout/core/infrastructure/springframework/security/LoginUserContextHolder.kt @@ -0,0 +1,5 @@ +package dev.usbharu.hideout.core.infrastructure.springframework.security + +interface LoginUserContextHolder { + fun getLoginUserId(): Long +} diff --git a/src/main/kotlin/dev/usbharu/hideout/core/infrastructure/springframework/security/OAuth2JwtLoginUserContextHolder.kt b/src/main/kotlin/dev/usbharu/hideout/core/infrastructure/springframework/security/OAuth2JwtLoginUserContextHolder.kt new file mode 100644 index 00000000..0369fda6 --- /dev/null +++ b/src/main/kotlin/dev/usbharu/hideout/core/infrastructure/springframework/security/OAuth2JwtLoginUserContextHolder.kt @@ -0,0 +1,14 @@ +package dev.usbharu.hideout.core.infrastructure.springframework.security + +import org.springframework.security.core.context.SecurityContextHolder +import org.springframework.security.oauth2.jwt.Jwt +import org.springframework.stereotype.Component + +@Component +class OAuth2JwtLoginUserContextHolder : LoginUserContextHolder { + override fun getLoginUserId(): Long { + val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt + + return principal.getClaim("uid").toLong() + } +} diff --git a/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/account/MastodonAccountApiController.kt b/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/account/MastodonAccountApiController.kt index d2066b68..463e1b06 100644 --- a/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/account/MastodonAccountApiController.kt +++ b/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/account/MastodonAccountApiController.kt @@ -2,6 +2,7 @@ package dev.usbharu.hideout.mastodon.interfaces.api.account import dev.usbharu.hideout.application.external.Transaction import dev.usbharu.hideout.controller.mastodon.generated.AccountApi +import dev.usbharu.hideout.core.infrastructure.springframework.security.LoginUserContextHolder import dev.usbharu.hideout.core.service.user.UserCreateDto import dev.usbharu.hideout.domain.mastodon.model.generated.* import dev.usbharu.hideout.mastodon.service.account.AccountApiService @@ -11,37 +12,32 @@ import kotlinx.coroutines.runBlocking import org.springframework.http.HttpHeaders import org.springframework.http.HttpStatus import org.springframework.http.ResponseEntity -import org.springframework.security.core.context.SecurityContextHolder -import org.springframework.security.oauth2.jwt.Jwt import org.springframework.stereotype.Controller import java.net.URI @Controller class MastodonAccountApiController( private val accountApiService: AccountApiService, - private val transaction: Transaction + private val transaction: Transaction, + private val loginUserContextHolder: LoginUserContextHolder ) : AccountApi { override suspend fun apiV1AccountsIdFollowPost( id: String, followRequestBody: FollowRequestBody? ): ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt + val userid = loginUserContextHolder.getLoginUserId() - return ResponseEntity.ok(accountApiService.follow(principal.getClaim("uid").toLong(), id.toLong())) + return ResponseEntity.ok(accountApiService.follow(userid, id.toLong())) } override suspend fun apiV1AccountsIdGet(id: String): ResponseEntity = ResponseEntity.ok(accountApiService.account(id.toLong())) - override suspend fun apiV1AccountsVerifyCredentialsGet(): ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - return ResponseEntity( - accountApiService.verifyCredentials(principal.getClaim("uid").toLong()), - HttpStatus.OK - ) - } + override suspend fun apiV1AccountsVerifyCredentialsGet(): ResponseEntity = ResponseEntity( + accountApiService.verifyCredentials(loginUserContextHolder.getLoginUserId()), + HttpStatus.OK + ) override suspend fun apiV1AccountsPost( username: String, @@ -71,9 +67,7 @@ class MastodonAccountApiController( pinned: Boolean, tagged: String? ): ResponseEntity> = runBlocking { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val statusFlow = accountApiService.accountsStatuses( userid = id.toLong(), maxId = maxId?.toLongOrNull(), @@ -94,9 +88,7 @@ class MastodonAccountApiController( id: List?, withSuspended: Boolean ): ResponseEntity> = runBlocking { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() ResponseEntity.ok( accountApiService.relationships(userid, id.orEmpty().mapNotNull { it.toLongOrNull() }, withSuspended) @@ -105,9 +97,7 @@ class MastodonAccountApiController( } override suspend fun apiV1AccountsIdBlockPost(id: String): ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val block = accountApiService.block(userid, id.toLong()) @@ -115,9 +105,7 @@ class MastodonAccountApiController( } override suspend fun apiV1AccountsIdUnblockPost(id: String): ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val unblock = accountApiService.unblock(userid, id.toLong()) @@ -125,9 +113,7 @@ class MastodonAccountApiController( } override suspend fun apiV1AccountsIdUnfollowPost(id: String): ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val unfollow = accountApiService.unfollow(userid, id.toLong()) @@ -135,9 +121,7 @@ class MastodonAccountApiController( } override suspend fun apiV1AccountsIdRemoveFromFollowersPost(id: String): ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val removeFromFollowers = accountApiService.removeFromFollowers(userid, id.toLong()) @@ -145,10 +129,8 @@ class MastodonAccountApiController( } override suspend fun apiV1AccountsUpdateCredentialsPatch(updateCredentials: UpdateCredentials?): - ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + ResponseEntity { + val userid = loginUserContextHolder.getLoginUserId() val removeFromFollowers = accountApiService.updateProfile(userid, updateCredentials) @@ -156,9 +138,7 @@ class MastodonAccountApiController( } override suspend fun apiV1FollowRequestsAccountIdAuthorizePost(accountId: String): ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val acceptFollowRequest = accountApiService.acceptFollowRequest(userid, accountId.toLong()) @@ -166,9 +146,7 @@ class MastodonAccountApiController( } override suspend fun apiV1FollowRequestsAccountIdRejectPost(accountId: String): ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val rejectFollowRequest = accountApiService.rejectFollowRequest(userid, accountId.toLong()) @@ -177,9 +155,7 @@ class MastodonAccountApiController( override fun apiV1FollowRequestsGet(maxId: String?, sinceId: String?, limit: Int?): ResponseEntity> = runBlocking { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val accountFlow = accountApiService.followRequests(userid, maxId?.toLong(), sinceId?.toLong(), limit ?: 20, false) @@ -188,9 +164,7 @@ class MastodonAccountApiController( } override suspend fun apiV1AccountsIdMutePost(id: String): ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val mute = accountApiService.mute(userid, id.toLong()) @@ -198,9 +172,7 @@ class MastodonAccountApiController( } override suspend fun apiV1AccountsIdUnmutePost(id: String): ResponseEntity { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val unmute = accountApiService.unmute(userid, id.toLong()) @@ -209,9 +181,7 @@ class MastodonAccountApiController( override fun apiV1MutesGet(maxId: String?, sinceId: String?, limit: Int?): ResponseEntity> = runBlocking { - val principal = SecurityContextHolder.getContext().getAuthentication().principal as Jwt - - val userid = principal.getClaim("uid").toLong() + val userid = loginUserContextHolder.getLoginUserId() val unmute = accountApiService.mutesAccount(userid, maxId?.toLong(), sinceId?.toLong(), limit ?: 20).asFlow() diff --git a/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/status/MastodonStatusesApiContoller.kt b/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/status/MastodonStatusesApiContoller.kt index cc6443ce..046518d7 100644 --- a/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/status/MastodonStatusesApiContoller.kt +++ b/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/status/MastodonStatusesApiContoller.kt @@ -1,25 +1,27 @@ package dev.usbharu.hideout.mastodon.interfaces.api.status import dev.usbharu.hideout.controller.mastodon.generated.StatusApi +import dev.usbharu.hideout.core.infrastructure.springframework.security.LoginUserContextHolder import dev.usbharu.hideout.domain.mastodon.model.generated.Status import dev.usbharu.hideout.mastodon.service.status.StatusesApiService import org.springframework.http.HttpStatus import org.springframework.http.ResponseEntity -import org.springframework.security.core.context.SecurityContextHolder -import org.springframework.security.oauth2.jwt.Jwt import org.springframework.stereotype.Controller @Controller -class MastodonStatusesApiContoller(private val statusesApiService: StatusesApiService) : StatusApi { +class MastodonStatusesApiContoller( + private val statusesApiService: StatusesApiService, + private val loginUserContextHolder: LoginUserContextHolder +) : StatusApi { override suspend fun apiV1StatusesPost( devUsbharuHideoutDomainModelMastodonStatusesRequest: StatusesRequest ): ResponseEntity { - val jwt = SecurityContextHolder.getContext().authentication.principal as Jwt + val userid = loginUserContextHolder.getLoginUserId() return ResponseEntity( statusesApiService.postStatus( devUsbharuHideoutDomainModelMastodonStatusesRequest, - jwt.getClaim("uid").toLong() + userid ), HttpStatus.OK ) @@ -27,14 +29,14 @@ class MastodonStatusesApiContoller(private val statusesApiService: StatusesApiSe override suspend fun apiV1StatusesIdEmojiReactionsEmojiDelete(id: String, emoji: String): ResponseEntity { val uid = - (SecurityContextHolder.getContext().authentication.principal as Jwt).getClaim("uid").toLong() + loginUserContextHolder.getLoginUserId() return ResponseEntity.ok(statusesApiService.removeEmojiReactions(id.toLong(), uid, emoji)) } override suspend fun apiV1StatusesIdEmojiReactionsEmojiPut(id: String, emoji: String): ResponseEntity { val uid = - (SecurityContextHolder.getContext().authentication.principal as Jwt).getClaim("uid").toLong() + loginUserContextHolder.getLoginUserId() return ResponseEntity.ok(statusesApiService.emojiReactions(id.toLong(), uid, emoji)) } diff --git a/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/timeline/MastodonTimelineApiController.kt b/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/timeline/MastodonTimelineApiController.kt index 41316f1e..b7ddddae 100644 --- a/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/timeline/MastodonTimelineApiController.kt +++ b/src/main/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/timeline/MastodonTimelineApiController.kt @@ -1,6 +1,7 @@ package dev.usbharu.hideout.mastodon.interfaces.api.timeline import dev.usbharu.hideout.controller.mastodon.generated.TimelineApi +import dev.usbharu.hideout.core.infrastructure.springframework.security.LoginUserContextHolder import dev.usbharu.hideout.domain.mastodon.model.generated.Status import dev.usbharu.hideout.mastodon.service.timeline.TimelineApiService import kotlinx.coroutines.flow.Flow @@ -8,21 +9,21 @@ import kotlinx.coroutines.flow.asFlow import kotlinx.coroutines.runBlocking import org.springframework.http.HttpStatus import org.springframework.http.ResponseEntity -import org.springframework.security.core.context.SecurityContextHolder -import org.springframework.security.oauth2.jwt.Jwt import org.springframework.stereotype.Controller @Controller -class MastodonTimelineApiController(private val timelineApiService: TimelineApiService) : TimelineApi { +class MastodonTimelineApiController( + private val timelineApiService: TimelineApiService, + private val loginUserContextHolder: LoginUserContextHolder +) : TimelineApi { override fun apiV1TimelinesHomeGet( maxId: String?, sinceId: String?, minId: String?, limit: Int? ): ResponseEntity> = runBlocking { - val jwt = SecurityContextHolder.getContext().authentication.principal as Jwt val homeTimeline = timelineApiService.homeTimeline( - userId = jwt.getClaim("uid").toLong(), + userId = loginUserContextHolder.getLoginUserId(), maxId = maxId?.toLongOrNull(), minId = minId?.toLongOrNull(), sinceId = sinceId?.toLongOrNull(), diff --git a/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/account/MastodonAccountApiControllerTest.kt b/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/account/MastodonAccountApiControllerTest.kt index 8356f17e..fd0b9fd4 100644 --- a/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/account/MastodonAccountApiControllerTest.kt +++ b/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/account/MastodonAccountApiControllerTest.kt @@ -1,6 +1,7 @@ package dev.usbharu.hideout.mastodon.interfaces.api.account import dev.usbharu.hideout.application.config.ActivityPubConfig +import dev.usbharu.hideout.core.infrastructure.springframework.security.OAuth2JwtLoginUserContextHolder import dev.usbharu.hideout.domain.mastodon.model.generated.AccountSource import dev.usbharu.hideout.domain.mastodon.model.generated.CredentialAccount import dev.usbharu.hideout.domain.mastodon.model.generated.Role @@ -31,6 +32,9 @@ class MastodonAccountApiControllerTest { private lateinit var mockMvc: MockMvc + @Spy + private val loginUserContextHolder = OAuth2JwtLoginUserContextHolder() + @Spy private lateinit var testTransaction: TestTransaction diff --git a/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/status/MastodonStatusesApiControllerTest.kt b/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/status/MastodonStatusesApiControllerTest.kt index 31cd3643..0477f5a0 100644 --- a/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/status/MastodonStatusesApiControllerTest.kt +++ b/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/status/MastodonStatusesApiControllerTest.kt @@ -1,6 +1,7 @@ package dev.usbharu.hideout.mastodon.interfaces.api.status import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper +import dev.usbharu.hideout.core.infrastructure.springframework.security.OAuth2JwtLoginUserContextHolder import dev.usbharu.hideout.domain.mastodon.model.generated.Account import dev.usbharu.hideout.domain.mastodon.model.generated.Status import dev.usbharu.hideout.generate.JsonOrFormModelMethodProcessor @@ -11,6 +12,7 @@ import org.junit.jupiter.api.Test import org.junit.jupiter.api.extension.ExtendWith import org.mockito.InjectMocks import org.mockito.Mock +import org.mockito.Spy import org.mockito.junit.jupiter.MockitoExtension import org.mockito.kotlin.doReturn import org.mockito.kotlin.eq @@ -30,6 +32,9 @@ import org.springframework.web.servlet.mvc.method.annotation.RequestResponseBody @ExtendWith(MockitoExtension::class) class MastodonStatusesApiControllerTest { + @Spy + private val loginUserContextHolder = OAuth2JwtLoginUserContextHolder() + @Mock private lateinit var statusesApiService: StatusesApiService diff --git a/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/timeline/MastodonTimelineApiControllerTest.kt b/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/timeline/MastodonTimelineApiControllerTest.kt index d3602e76..02d10533 100644 --- a/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/timeline/MastodonTimelineApiControllerTest.kt +++ b/src/test/kotlin/dev/usbharu/hideout/mastodon/interfaces/api/timeline/MastodonTimelineApiControllerTest.kt @@ -1,6 +1,7 @@ package dev.usbharu.hideout.mastodon.interfaces.api.timeline import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper +import dev.usbharu.hideout.core.infrastructure.springframework.security.OAuth2JwtLoginUserContextHolder import dev.usbharu.hideout.domain.mastodon.model.generated.Account import dev.usbharu.hideout.domain.mastodon.model.generated.Status import dev.usbharu.hideout.mastodon.service.timeline.TimelineApiService @@ -10,6 +11,7 @@ import org.junit.jupiter.api.Test import org.junit.jupiter.api.extension.ExtendWith import org.mockito.InjectMocks import org.mockito.Mock +import org.mockito.Spy import org.mockito.junit.jupiter.MockitoExtension import org.mockito.kotlin.* import org.springframework.security.core.context.SecurityContextHolder @@ -23,6 +25,9 @@ import org.springframework.test.web.servlet.setup.MockMvcBuilders @ExtendWith(MockitoExtension::class) class MastodonTimelineApiControllerTest { + @Spy + private val loginUserContextHolder = OAuth2JwtLoginUserContextHolder() + @Mock private lateinit var timelineApiService: TimelineApiService