fix: OAuth2認証に失敗するようになっているのを修正

src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt

@@ -11,6 +11,7 @@ import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.Htt
 import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureUserDetailsService
 import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureVerifierComposite
 import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsImpl
+import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsServiceImpl
 import dev.usbharu.hideout.core.query.UserQueryService
 import dev.usbharu.hideout.util.RsaUtil
 import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner
@@ -31,6 +32,7 @@ import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter
 import org.springframework.security.authentication.AccountStatusUserDetailsChecker
 import org.springframework.security.authentication.AuthenticationManager
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider
 import org.springframework.security.config.Customizer
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
@@ -59,7 +61,7 @@ import java.security.interfaces.RSAPrivateKey
 import java.security.interfaces.RSAPublicKey
 import java.util.*
 
-@EnableWebSecurity(debug = false)
+@EnableWebSecurity(debug = true)
 @Configuration
 @Suppress("FunctionMaxLength", "TooManyFunctions")
 class SecurityConfig {
@@ -75,13 +77,12 @@ class SecurityConfig {
     @Order(1)
     fun httpSignatureFilterChain(
         http: HttpSecurity,
-        httpSignatureFilter: HttpSignatureFilter,
         introspector: HandlerMappingIntrospector
     ): SecurityFilterChain {
         val builder = MvcRequestMatcher.Builder(introspector)
         http
             .securityMatcher("/inbox", "/outbox", "/users/*/inbox", "/users/*/outbox", "/users/*/posts/*")
-            .addFilter(httpSignatureFilter)
+            .addFilter(getHttpSignatureFilter(http.getSharedObject(AuthenticationManager::class.java)))
             .addFilterBefore(
                 ExceptionTranslationFilter(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)),
                 HttpSignatureFilter::class.java
@@ -108,12 +109,11 @@ class SecurityConfig {
             .sessionManagement {
                 it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
             }
-
         return http.build()
     }
 
-    @Bean
+
-    fun getHttpSignatureFilter(authenticationManager: AuthenticationManager): HttpSignatureFilter {
+    fun getHttpSignatureFilter(authenticationManager: AuthenticationManager?): HttpSignatureFilter {
         val httpSignatureFilter = HttpSignatureFilter(DefaultSignatureHeaderParser())
         httpSignatureFilter.setAuthenticationManager(authenticationManager)
         httpSignatureFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false)
@@ -124,6 +124,13 @@ class SecurityConfig {
         return httpSignatureFilter
     }
 
+    @Bean
+    fun daoAuthenticationProvider(userDetailsServiceImpl: UserDetailsServiceImpl): DaoAuthenticationProvider {
+        val daoAuthenticationProvider = DaoAuthenticationProvider()
+        daoAuthenticationProvider.setUserDetailsService(userDetailsServiceImpl)
+        return daoAuthenticationProvider
+    }
+
     @Bean
     fun httpSignatureAuthenticationProvider(transaction: Transaction): PreAuthenticatedAuthenticationProvider {
         val provider = PreAuthenticatedAuthenticationProvider()
@@ -187,12 +194,18 @@ class SecurityConfig {
         }
         http.oauth2ResourceServer {
             it.jwt(Customizer.withDefaults())
-        }.passwordManagement { }.formLogin(Customizer.withDefaults()).csrf {
+        }
+            .passwordManagement { }
+            .formLogin {
+
+            }
+            .csrf {
                 it.ignoringRequestMatchers(builder.pattern("/users/*/inbox"))
                 it.ignoringRequestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/apps"))
                 it.ignoringRequestMatchers(builder.pattern("/inbox"))
                 it.ignoringRequestMatchers(PathRequest.toH2Console())
-        }.headers {
+            }
+            .headers {
                 it.frameOptions {
                     it.sameOrigin()
                 }

src/main/kotlin/dev/usbharu/hideout/mastodon/service/app/AppApiService.kt

@@ -60,7 +60,8 @@ class AppApiServiceImpl(
                 "invalid-vapid-key",
                 appsRequest.website,
                 id,
-                clientSecret
+                clientSecret,
+                appsRequest.redirectUris
             )
         }
     }

src/main/resources/application.yml

@@ -19,7 +19,7 @@ spring:
     default-property-inclusion: always
   datasource:
     driver-class-name: org.h2.Driver
-    url: "jdbc:h2:./test-dev4;MODE=POSTGRESQL;TRACE_LEVEL_FILE=4"
+    url: "jdbc:h2:./test-dev4;MODE=POSTGRESQL"
     username: ""
     password: ""
   #  data:

src/main/resources/logback.xml

@@ -4,7 +4,7 @@
             <pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level [%X{x-request-id}] %logger{36} - %msg%n</pattern>
         </encoder>
     </appender>
-    <root level="INFO">
+    <root level="TRACE">
         <appender-ref ref="STDOUT"/>
     </root>
     <logger name="org.eclipse.jetty" level="INFO"/>
@@ -12,7 +12,7 @@
     <logger name="kjob.core.internal.scheduler.JobServiceImpl" level="INFO"/>
     <logger name="Exposed" level="INFO"/>
     <logger name="io.ktor.server.plugins.contentnegotiation" level="INFO"/>
-    <logger name="org.springframework.web.filter.CommonsRequestLoggingFilter" level="INFO"/>
+    <logger name="org.springframework.web.filter.CommonsRequestLoggingFilter" level="DEBUG"/>
     <logger name="org.mongodb.driver.protocol.command" level="INFO"/>
     <logger name="dev.usbharu" level="TRACE"/>
 </configuration>