feat: Securityの設定を変更

2023-09-19 15:46:51 +09:00 · 2023-09-19 15:46:51 +09:00 · e05db6dd91
parent 4361fb2db5
commit e05db6dd91
4 changed files with 20 additions and 2 deletions
--- a/build.gradle.kts
+++ b/build.gradle.kts
@ -147,6 +147,8 @@ dependencies {
    implementation("org.springframework.data:spring-data-commons")
    implementation("org.springframework.boot:spring-boot-starter-jdbc")
    implementation("org.springframework.boot:spring-boot-starter-data-jdbc")
+    implementation("org.springframework.boot:spring-boot-starter-webflux")
+    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor")

    implementation("io.ktor:ktor-client-logging-jvm:$ktor_version")
    implementation("io.ktor:ktor-server-host-common-jvm:$ktor_version")
--- a/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/config/SecurityConfig.kt
@ -44,6 +44,9 @@ class SecurityConfig {
            .oauth2ResourceServer {
                it.jwt(Customizer.withDefaults())
            }
+            .csrf {
+                it.disable()
+            }
        return http.build()
    }

@ -52,10 +55,22 @@ class SecurityConfig {
    @Order(2)
    fun defaultSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
        http
+            .authorizeHttpRequests {
+                it.requestMatchers(
+                    "/inbox",
+                    "/users/*/inbox",
+                    "/outbox",
+                    "/users/*/outbox"
+                )
+                    .permitAll()
+            }
            .authorizeHttpRequests {
                it.anyRequest().authenticated()
            }
            .formLogin(Customizer.withDefaults())
+            .csrf {
+                it.disable()
+            }
        return http.build()
    }

--- a/src/main/kotlin/dev/usbharu/hideout/controller/InboxControllerImpl.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/controller/InboxControllerImpl.kt
@ -3,11 +3,12 @@ package dev.usbharu.hideout.controller
 import dev.usbharu.hideout.service.ap.APService
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.RequestBody
 import org.springframework.web.bind.annotation.RestController

@RestController
 class InboxControllerImpl(private val apService: APService) : InboxController {
-    override suspend fun inbox(string: String): ResponseEntity<Unit> {
+    override suspend fun inbox(@RequestBody string: String): ResponseEntity<Unit> {
        val parseActivity = apService.parseActivity(string)
        apService.processActivity(string, parseActivity)
        return ResponseEntity(HttpStatus.ACCEPTED)
--- a/src/main/resources/logback.xml
+++ b/src/main/resources/logback.xml
@ -4,7 +4,7 @@
            <pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
        </encoder>
    </appender>
-    <root level="INFO">
+    <root level="DEBUG">
        <appender-ref ref="STDOUT"/>
    </root>
    <logger name="org.eclipse.jetty" level="INFO"/>