From b9b49df009109a2a0643541aa997cc07ae5f9efc Mon Sep 17 00:00:00 2001
From: alemi <me@alemi.dev>
Date: Mon, 15 Jul 2024 03:05:27 +0200
Subject: [PATCH] chore: simplified cloak proxy route

---
 upub/routes/src/activitypub/application.rs | 24 ++++------------------
 upub/routes/src/activitypub/mod.rs         |  2 +-
 2 files changed, 5 insertions(+), 21 deletions(-)

diff --git a/upub/routes/src/activitypub/application.rs b/upub/routes/src/activitypub/application.rs
index b314d75..8ee11b3 100644
--- a/upub/routes/src/activitypub/application.rs
+++ b/upub/routes/src/activitypub/application.rs
@@ -1,9 +1,7 @@
 use apb::{LD, ActorMut, BaseMut, ObjectMut, PublicKeyMut};
 use axum::{extract::{Path, Query, State}, http::HeaderMap, response::{IntoResponse, Redirect, Response}, Form};
-use hmac::{Hmac, Mac};
 use reqwest::Method;
-use base64::{engine::general_purpose::URL_SAFE, Engine as _};
-use upub::{traits::Fetcher, Context};
+use upub::{traits::{Cloaker, Fetcher}, Context};
 
 use crate::{builders::JsonLD, ApiError, AuthIdentity, Identity};
 
@@ -72,28 +70,14 @@ pub async fn proxy_form(
 	proxy(ctx, query, auth).await
 }
 
-pub async fn proxy_hmac(
+pub async fn proxy_cloak(
 	State(ctx): State<Context>,
 	AuthIdentity(auth): AuthIdentity,
 	Path(hmac): Path<String>,
 	Path(uri): Path<String>,
 ) -> crate::ApiResult<impl IntoResponse> {
-	let bytes = URL_SAFE.decode(hmac).map_err(|_| ApiError::bad_request())?;
-	let uri =
-		std::str::from_utf8(
-			&URL_SAFE.decode(uri).map_err(|_| ApiError::bad_request())?
-		)
-		.map_err(|_| ApiError::bad_request())?
-		.to_string();
-
-	type HmacSha256 = Hmac<sha2::Sha256>;
-	let mut mac = HmacSha256::new_from_slice(ctx.cfg().security.proxy_secret.as_bytes())
-		.map_err(|_| ApiError::internal_server_error())?;
-
-	mac.update(uri.as_bytes());
-	mac.verify_slice(&bytes)
-		.map_err(|_| ApiError::forbidden())?;
-
+	let uri = ctx.uncloak(&hmac, &uri)
+		.ok_or_else(ApiError::unauthorized)?;
 	proxy(ctx, uri, auth).await
 }
 
diff --git a/upub/routes/src/activitypub/mod.rs b/upub/routes/src/activitypub/mod.rs
index f723aed..629f27d 100644
--- a/upub/routes/src/activitypub/mod.rs
+++ b/upub/routes/src/activitypub/mod.rs
@@ -25,7 +25,7 @@ impl ActivityPubRouter for Router<upub::Context> {
 			.route("/proxy", post(ap::application::proxy_form))
 			.route("/proxy", get(ap::application::proxy_get))
 			.route("/proxy/:uri", get(ap::application::proxy_path))
-			.route("/proxy/:hmac/:uri", get(ap::application::proxy_hmac))
+			.route("/proxy/:hmac/:uri", get(ap::application::proxy_cloak))
 			.route("/inbox", post(ap::inbox::post))
 			.route("/inbox", get(ap::inbox::get))
 			.route("/inbox/page", get(ap::inbox::page))