feat: Securityの設定を変更

This commit is contained in:
usbharu 2023-09-19 15:46:51 +09:00
parent 4361fb2db5
commit e05db6dd91
4 changed files with 20 additions and 2 deletions

View File

@ -147,6 +147,8 @@ dependencies {
implementation("org.springframework.data:spring-data-commons") implementation("org.springframework.data:spring-data-commons")
implementation("org.springframework.boot:spring-boot-starter-jdbc") implementation("org.springframework.boot:spring-boot-starter-jdbc")
implementation("org.springframework.boot:spring-boot-starter-data-jdbc") implementation("org.springframework.boot:spring-boot-starter-data-jdbc")
implementation("org.springframework.boot:spring-boot-starter-webflux")
implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor")
implementation("io.ktor:ktor-client-logging-jvm:$ktor_version") implementation("io.ktor:ktor-client-logging-jvm:$ktor_version")
implementation("io.ktor:ktor-server-host-common-jvm:$ktor_version") implementation("io.ktor:ktor-server-host-common-jvm:$ktor_version")

View File

@ -44,6 +44,9 @@ class SecurityConfig {
.oauth2ResourceServer { .oauth2ResourceServer {
it.jwt(Customizer.withDefaults()) it.jwt(Customizer.withDefaults())
} }
.csrf {
it.disable()
}
return http.build() return http.build()
} }
@ -52,10 +55,22 @@ class SecurityConfig {
@Order(2) @Order(2)
fun defaultSecurityFilterChain(http: HttpSecurity): SecurityFilterChain { fun defaultSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
http http
.authorizeHttpRequests {
it.requestMatchers(
"/inbox",
"/users/*/inbox",
"/outbox",
"/users/*/outbox"
)
.permitAll()
}
.authorizeHttpRequests { .authorizeHttpRequests {
it.anyRequest().authenticated() it.anyRequest().authenticated()
} }
.formLogin(Customizer.withDefaults()) .formLogin(Customizer.withDefaults())
.csrf {
it.disable()
}
return http.build() return http.build()
} }

View File

@ -3,11 +3,12 @@ package dev.usbharu.hideout.controller
import dev.usbharu.hideout.service.ap.APService import dev.usbharu.hideout.service.ap.APService
import org.springframework.http.HttpStatus import org.springframework.http.HttpStatus
import org.springframework.http.ResponseEntity import org.springframework.http.ResponseEntity
import org.springframework.web.bind.annotation.RequestBody
import org.springframework.web.bind.annotation.RestController import org.springframework.web.bind.annotation.RestController
@RestController @RestController
class InboxControllerImpl(private val apService: APService) : InboxController { class InboxControllerImpl(private val apService: APService) : InboxController {
override suspend fun inbox(string: String): ResponseEntity<Unit> { override suspend fun inbox(@RequestBody string: String): ResponseEntity<Unit> {
val parseActivity = apService.parseActivity(string) val parseActivity = apService.parseActivity(string)
apService.processActivity(string, parseActivity) apService.processActivity(string, parseActivity)
return ResponseEntity(HttpStatus.ACCEPTED) return ResponseEntity(HttpStatus.ACCEPTED)

View File

@ -4,7 +4,7 @@
<pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern> <pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder> </encoder>
</appender> </appender>
<root level="INFO"> <root level="DEBUG">
<appender-ref ref="STDOUT"/> <appender-ref ref="STDOUT"/>
</root> </root>
<logger name="org.eclipse.jetty" level="INFO"/> <logger name="org.eclipse.jetty" level="INFO"/>