usbharu
/
Hideout
mirror of https://github.com/usbharu/Hideout.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

fix: OAuth2認証に失敗するようになっているのを修正

This commit is contained in:
usbharu 2023-11-21 12:38:41 +09:00
parent 44563e2251
commit f232183679
4 changed files with 33 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
View File

@ -11,6 +11,7 @@ import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.Htt
import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureUserDetailsService import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureUserDetailsService
import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureVerifierComposite import dev.usbharu.hideout.core.infrastructure.springframework.httpsignature.HttpSignatureVerifierComposite
import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsImpl import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsImpl
import dev.usbharu.hideout.core.infrastructure.springframework.oauth2.UserDetailsServiceImpl
import dev.usbharu.hideout.core.query.UserQueryService import dev.usbharu.hideout.core.query.UserQueryService
import dev.usbharu.hideout.util.RsaUtil import dev.usbharu.hideout.util.RsaUtil
import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner
@ -31,6 +32,7 @@ import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter
import org.springframework.security.authentication.AccountStatusUserDetailsChecker import org.springframework.security.authentication.AccountStatusUserDetailsChecker
import org.springframework.security.authentication.AuthenticationManager import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.authentication.dao.DaoAuthenticationProvider
import org.springframework.security.config.Customizer import org.springframework.security.config.Customizer
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity
@ -59,7 +61,7 @@ import java.security.interfaces.RSAPrivateKey
import java.security.interfaces.RSAPublicKey import java.security.interfaces.RSAPublicKey
import java.util.* import java.util.*
@EnableWebSecurity(debug = false) @EnableWebSecurity(debug = true)
@Configuration @Configuration
@Suppress("FunctionMaxLength", "TooManyFunctions") @Suppress("FunctionMaxLength", "TooManyFunctions")
class SecurityConfig { class SecurityConfig {
@ -75,13 +77,12 @@ class SecurityConfig {
@Order(1) @Order(1)
fun httpSignatureFilterChain( fun httpSignatureFilterChain(
http: HttpSecurity, http: HttpSecurity,
httpSignatureFilter: HttpSignatureFilter,
introspector: HandlerMappingIntrospector introspector: HandlerMappingIntrospector
): SecurityFilterChain { ): SecurityFilterChain {
val builder = MvcRequestMatcher.Builder(introspector) val builder = MvcRequestMatcher.Builder(introspector)
http http
.securityMatcher("/inbox", "/outbox", "/users/*/inbox", "/users/*/outbox", "/users/*/posts/*") .securityMatcher("/inbox", "/outbox", "/users/*/inbox", "/users/*/outbox", "/users/*/posts/*")
.addFilter(httpSignatureFilter) .addFilter(getHttpSignatureFilter(http.getSharedObject(AuthenticationManager::class.java)))
.addFilterBefore( .addFilterBefore(
ExceptionTranslationFilter(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)), ExceptionTranslationFilter(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)),
HttpSignatureFilter::class.java HttpSignatureFilter::class.java
@ -108,12 +109,11 @@ class SecurityConfig {
.sessionManagement { .sessionManagement {
it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
} }
return http.build() return http.build()
} }
@Bean
fun getHttpSignatureFilter(authenticationManager: AuthenticationManager): HttpSignatureFilter { fun getHttpSignatureFilter(authenticationManager: AuthenticationManager?): HttpSignatureFilter {
val httpSignatureFilter = HttpSignatureFilter(DefaultSignatureHeaderParser()) val httpSignatureFilter = HttpSignatureFilter(DefaultSignatureHeaderParser())
httpSignatureFilter.setAuthenticationManager(authenticationManager) httpSignatureFilter.setAuthenticationManager(authenticationManager)
httpSignatureFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false) httpSignatureFilter.setContinueFilterChainOnUnsuccessfulAuthentication(false)
@ -124,6 +124,13 @@ class SecurityConfig {
return httpSignatureFilter return httpSignatureFilter
} }
@Bean
fun daoAuthenticationProvider(userDetailsServiceImpl: UserDetailsServiceImpl): DaoAuthenticationProvider {
val daoAuthenticationProvider = DaoAuthenticationProvider()
daoAuthenticationProvider.setUserDetailsService(userDetailsServiceImpl)
return daoAuthenticationProvider
}
@Bean @Bean
fun httpSignatureAuthenticationProvider(transaction: Transaction): PreAuthenticatedAuthenticationProvider { fun httpSignatureAuthenticationProvider(transaction: Transaction): PreAuthenticatedAuthenticationProvider {
val provider = PreAuthenticatedAuthenticationProvider() val provider = PreAuthenticatedAuthenticationProvider()
@ -187,16 +194,22 @@ class SecurityConfig {
} }
http.oauth2ResourceServer { http.oauth2ResourceServer {
it.jwt(Customizer.withDefaults()) it.jwt(Customizer.withDefaults())
}.passwordManagement { }.formLogin(Customizer.withDefaults()).csrf {
it.ignoringRequestMatchers(builder.pattern("/users/*/inbox"))
it.ignoringRequestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/apps"))
it.ignoringRequestMatchers(builder.pattern("/inbox"))
it.ignoringRequestMatchers(PathRequest.toH2Console())
}.headers {
it.frameOptions {
it.sameOrigin()
}
} }
.passwordManagement { }
.formLogin {
}
.csrf {
it.ignoringRequestMatchers(builder.pattern("/users/*/inbox"))
it.ignoringRequestMatchers(builder.pattern(HttpMethod.POST, "/api/v1/apps"))
it.ignoringRequestMatchers(builder.pattern("/inbox"))
it.ignoringRequestMatchers(PathRequest.toH2Console())
}
.headers {
it.frameOptions {
it.sameOrigin()
}
}
return http.build() return http.build()
} }

3
src/main/kotlin/dev/usbharu/hideout/mastodon/service/app/AppApiService.kt
View File

@ -60,7 +60,8 @@ class AppApiServiceImpl(
"invalid-vapid-key", "invalid-vapid-key",
appsRequest.website, appsRequest.website,
id, id,
clientSecret clientSecret,
appsRequest.redirectUris
) )
} }
} }

2
src/main/resources/application.yml
View File

@ -19,7 +19,7 @@ spring:
default-property-inclusion: always default-property-inclusion: always
datasource: datasource:
driver-class-name: org.h2.Driver driver-class-name: org.h2.Driver
url: "jdbc:h2:./test-dev4;MODE=POSTGRESQL;TRACE_LEVEL_FILE=4" url: "jdbc:h2:./test-dev4;MODE=POSTGRESQL"
username: "" username: ""
password: "" password: ""
# data: # data:

4
src/main/resources/logback.xml
View File

@ -4,7 +4,7 @@
<pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level [%X{x-request-id}] %logger{36} - %msg%n</pattern> <pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level [%X{x-request-id}] %logger{36} - %msg%n</pattern>
</encoder> </encoder>
</appender> </appender>
<root level="INFO"> <root level="TRACE">
<appender-ref ref="STDOUT"/> <appender-ref ref="STDOUT"/>
</root> </root>
<logger name="org.eclipse.jetty" level="INFO"/> <logger name="org.eclipse.jetty" level="INFO"/>
@ -12,7 +12,7 @@
<logger name="kjob.core.internal.scheduler.JobServiceImpl" level="INFO"/> <logger name="kjob.core.internal.scheduler.JobServiceImpl" level="INFO"/>
<logger name="Exposed" level="INFO"/> <logger name="Exposed" level="INFO"/>
<logger name="io.ktor.server.plugins.contentnegotiation" level="INFO"/> <logger name="io.ktor.server.plugins.contentnegotiation" level="INFO"/>
<logger name="org.springframework.web.filter.CommonsRequestLoggingFilter" level="INFO"/> <logger name="org.springframework.web.filter.CommonsRequestLoggingFilter" level="DEBUG"/>
<logger name="org.mongodb.driver.protocol.command" level="INFO"/> <logger name="org.mongodb.driver.protocol.command" level="INFO"/>
<logger name="dev.usbharu" level="TRACE"/> <logger name="dev.usbharu" level="TRACE"/>
</configuration> </configuration>