diff --git a/build.gradle.kts b/build.gradle.kts index e3482bc4..5b6bc454 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -147,6 +147,8 @@ dependencies { implementation("org.springframework.data:spring-data-commons") implementation("org.springframework.boot:spring-boot-starter-jdbc") implementation("org.springframework.boot:spring-boot-starter-data-jdbc") + implementation("org.springframework.boot:spring-boot-starter-webflux") + implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor") implementation("io.ktor:ktor-client-logging-jvm:$ktor_version") implementation("io.ktor:ktor-server-host-common-jvm:$ktor_version") diff --git a/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt b/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt index 92fd756f..3217acea 100644 --- a/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt +++ b/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt @@ -44,6 +44,9 @@ class SecurityConfig { .oauth2ResourceServer { it.jwt(Customizer.withDefaults()) } + .csrf { + it.disable() + } return http.build() } @@ -52,10 +55,22 @@ class SecurityConfig { @Order(2) fun defaultSecurityFilterChain(http: HttpSecurity): SecurityFilterChain { http + .authorizeHttpRequests { + it.requestMatchers( + "/inbox", + "/users/*/inbox", + "/outbox", + "/users/*/outbox" + ) + .permitAll() + } .authorizeHttpRequests { it.anyRequest().authenticated() } .formLogin(Customizer.withDefaults()) + .csrf { + it.disable() + } return http.build() } diff --git a/src/main/kotlin/dev/usbharu/hideout/controller/InboxControllerImpl.kt b/src/main/kotlin/dev/usbharu/hideout/controller/InboxControllerImpl.kt index 002dee31..fb47a3f0 100644 --- a/src/main/kotlin/dev/usbharu/hideout/controller/InboxControllerImpl.kt +++ b/src/main/kotlin/dev/usbharu/hideout/controller/InboxControllerImpl.kt @@ -3,11 +3,12 @@ package dev.usbharu.hideout.controller import dev.usbharu.hideout.service.ap.APService import org.springframework.http.HttpStatus import org.springframework.http.ResponseEntity +import org.springframework.web.bind.annotation.RequestBody import org.springframework.web.bind.annotation.RestController @RestController class InboxControllerImpl(private val apService: APService) : InboxController { - override suspend fun inbox(string: String): ResponseEntity { + override suspend fun inbox(@RequestBody string: String): ResponseEntity { val parseActivity = apService.parseActivity(string) apService.processActivity(string, parseActivity) return ResponseEntity(HttpStatus.ACCEPTED) diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml index 9129b1b2..4593b633 100644 --- a/src/main/resources/logback.xml +++ b/src/main/resources/logback.xml @@ -4,7 +4,7 @@ %d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n - +