From 28066784f27c7ba49fcc9e08c70ba9c5ae4d7b4e Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Wed, 24 Jan 2024 03:16:09 +0100
Subject: [PATCH] Actually use authorized fetch middleware

---
 .../Controllers/InboxController.cs            | 23 +++++--------------
 .../Core/Configuration/Config.cs              |  2 +-
 .../Core/Extensions/ServiceExtensions.cs      |  1 +
 3 files changed, 8 insertions(+), 18 deletions(-)

diff --git a/Iceshrimp.Backend/Controllers/InboxController.cs b/Iceshrimp.Backend/Controllers/InboxController.cs
index 304acc11..a1e8d7cb 100644
--- a/Iceshrimp.Backend/Controllers/InboxController.cs
+++ b/Iceshrimp.Backend/Controllers/InboxController.cs
@@ -1,10 +1,7 @@
-using System.Data;
 using System.Net.Mime;
-using Iceshrimp.Backend.Core.Database;
-using Iceshrimp.Backend.Core.Federation.Cryptography;
+using Iceshrimp.Backend.Controllers.Attributes;
 using Iceshrimp.Backend.Core.Middleware;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.EntityFrameworkCore;
 using Newtonsoft.Json.Linq;
 
 namespace Iceshrimp.Backend.Controllers;
@@ -14,21 +11,13 @@ namespace Iceshrimp.Backend.Controllers;
 [Route("/users/{id}/inbox")]
 [AuthorizedFetch(true)]
 [Produces("application/json")]
+[UseNewtonsoftJson]
 [EnableRequestBuffering(1024 * 1024)]
-public class InboxController(ILogger<InboxController> logger, DatabaseContext db) : Controller {
+public class InboxController(ILogger<InboxController> logger) : Controller {
 	[HttpPost]
 	[Consumes(MediaTypeNames.Application.Json)]
-	public async Task<IActionResult> Inbox([FromBody] JToken content) {
-		if (!Request.Headers.TryGetValue("signature", out var sigHeader))
-			throw new ConstraintException("Request is missing the signature header");
-
-		var sig = HttpSignature.Parse(sigHeader.ToString());
-		var key = await db.UserPublickeys.SingleOrDefaultAsync(p => p.KeyId == sig.KeyId);
-		var verified = key != null &&
-		               await HttpSignature.Verify(Request, sig, ["(request-target)", "digest", "host", "date"],
-		                                          key.KeyPem);
-
-		logger.LogDebug("HttpSignature.Verify returned {result} for key {keyId}", verified, sig.KeyId);
-		return verified ? Ok() : StatusCode(StatusCodes.Status403Forbidden);
+	public IActionResult Inbox([FromBody] JToken content) {
+		logger.LogDebug("{count}", content.Count());
+		return Ok();
 	}
 }
\ No newline at end of file
diff --git a/Iceshrimp.Backend/Core/Configuration/Config.cs b/Iceshrimp.Backend/Core/Configuration/Config.cs
index 258acf6b..91fbb378 100644
--- a/Iceshrimp.Backend/Core/Configuration/Config.cs
+++ b/Iceshrimp.Backend/Core/Configuration/Config.cs
@@ -34,7 +34,7 @@ public sealed class Config {
 	}
 
 	public sealed class SecuritySection {
-		public required bool AuthorizedFetch { get; set; }
+		public required bool AuthorizedFetch { get; init; }
 	}
 
 	public sealed class DatabaseSection {
diff --git a/Iceshrimp.Backend/Core/Extensions/ServiceExtensions.cs b/Iceshrimp.Backend/Core/Extensions/ServiceExtensions.cs
index 54ad3985..88d5019d 100644
--- a/Iceshrimp.Backend/Core/Extensions/ServiceExtensions.cs
+++ b/Iceshrimp.Backend/Core/Extensions/ServiceExtensions.cs
@@ -29,6 +29,7 @@ public static class ServiceExtensions {
 		//TODO: fail if config doesn't parse correctly / required things are missing
 		services.Configure<Config>(configuration);
 		services.Configure<Config.InstanceSection>(configuration.GetSection("Instance"));
+		services.Configure<Config.SecuritySection>(configuration.GetSection("Security"));
 		services.Configure<Config.DatabaseSection>(configuration.GetSection("Database"));
 	}
 }
\ No newline at end of file