From a4d787331b26ae9c4265cf729de3678df770ace2 Mon Sep 17 00:00:00 2001 From: Laura Hausmann Date: Tue, 23 Jan 2024 01:43:07 +0100 Subject: [PATCH] Improve MediaTypeRouteFilterAttribute --- .../Controllers/ActivityPubController.cs | 7 +++++-- .../Attributes/MediaTypeRouteFilterAttribute.cs | 13 ++++++++----- .../Core/Federation/Cryptography/HttpSignature.cs | 1 + 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/Iceshrimp.Backend/Controllers/ActivityPubController.cs b/Iceshrimp.Backend/Controllers/ActivityPubController.cs index e990eda7..3cfeea1c 100644 --- a/Iceshrimp.Backend/Controllers/ActivityPubController.cs +++ b/Iceshrimp.Backend/Controllers/ActivityPubController.cs @@ -11,8 +11,11 @@ namespace Iceshrimp.Backend.Controllers; [ApiController] [MediaTypeRouteFilter("application/activity+json", "application/ld+json")] -[Produces("application/activity+json", "application/ld+json")] -public class ActivityPubController(ILogger logger, DatabaseContext db, APUserRenderer userRenderer) : Controller { +[Produces("application/activity+json", "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"")] +public class ActivityPubController( + ILogger logger, + DatabaseContext db, + APUserRenderer userRenderer) : Controller { /* [HttpGet("/notes/{id}")] [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(Note))] diff --git a/Iceshrimp.Backend/Controllers/Attributes/MediaTypeRouteFilterAttribute.cs b/Iceshrimp.Backend/Controllers/Attributes/MediaTypeRouteFilterAttribute.cs index 4f711a32..9e9b126e 100644 --- a/Iceshrimp.Backend/Controllers/Attributes/MediaTypeRouteFilterAttribute.cs +++ b/Iceshrimp.Backend/Controllers/Attributes/MediaTypeRouteFilterAttribute.cs @@ -1,3 +1,4 @@ +using System.Net.Http.Headers; using Microsoft.AspNetCore.Mvc.ActionConstraints; namespace Iceshrimp.Backend.Controllers.Attributes; @@ -5,12 +6,14 @@ namespace Iceshrimp.Backend.Controllers.Attributes; [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)] public class MediaTypeRouteFilterAttribute(params string[] mediaTypes) : Attribute, IActionConstraint { public bool Accept(ActionConstraintContext context) { - //TODO: this should parse the header properly, edge cases like profile=, charset=, q= are not currently handled. //TODO: this should set the correct content type for the response as well - return context.RouteContext.HttpContext.Request.Headers.ContainsKey("Accept") && - mediaTypes.Any(p => context.RouteContext.HttpContext.Request.Headers.Accept.ToString() == p || - context.RouteContext.HttpContext.Request.Headers.Accept.ToString() - .StartsWith(p + ";")); + if (!context.RouteContext.HttpContext.Request.Headers.ContainsKey("Accept")) return false; + + var accept = context.RouteContext.HttpContext.Request.Headers.Accept.ToString().Split(',') + .Select(MediaTypeWithQualityHeaderValue.Parse) + .Select(p => p.MediaType); + + return accept.Any(mediaTypes.Contains); } public int Order => HttpMethodActionConstraint.HttpMethodConstraintOrder + 1; diff --git a/Iceshrimp.Backend/Core/Federation/Cryptography/HttpSignature.cs b/Iceshrimp.Backend/Core/Federation/Cryptography/HttpSignature.cs index 93b73a94..04038a67 100644 --- a/Iceshrimp.Backend/Core/Federation/Cryptography/HttpSignature.cs +++ b/Iceshrimp.Backend/Core/Federation/Cryptography/HttpSignature.cs @@ -32,6 +32,7 @@ public static class HttpSignature { HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); } + //TODO: make this share code with the the regular Verify function public static bool VerifySign(this HttpRequestMessage request, string key) { var signatureHeader = request.Headers.GetValues("Signature").First(); var signature = Parse(signatureHeader);