chore: simplified cloak proxy route

upub/routes/src/activitypub/application.rs

@@ -1,9 +1,7 @@
 use apb::{LD, ActorMut, BaseMut, ObjectMut, PublicKeyMut};
 use axum::{extract::{Path, Query, State}, http::HeaderMap, response::{IntoResponse, Redirect, Response}, Form};
-use hmac::{Hmac, Mac};
 use reqwest::Method;
-use base64::{engine::general_purpose::URL_SAFE, Engine as _};
-use upub::{traits::Fetcher, Context};
+use upub::{traits::{Cloaker, Fetcher}, Context};
 
 use crate::{builders::JsonLD, ApiError, AuthIdentity, Identity};
 
@@ -72,28 +70,14 @@ pub async fn proxy_form(
 	proxy(ctx, query, auth).await
 }
 
-pub async fn proxy_hmac(
+pub async fn proxy_cloak(
 	State(ctx): State<Context>,
 	AuthIdentity(auth): AuthIdentity,
 	Path(hmac): Path<String>,
 	Path(uri): Path<String>,
 ) -> crate::ApiResult<impl IntoResponse> {
-	let bytes = URL_SAFE.decode(hmac).map_err(|_| ApiError::bad_request())?;
-	let uri =
-		std::str::from_utf8(
-			&URL_SAFE.decode(uri).map_err(|_| ApiError::bad_request())?
-		)
-		.map_err(|_| ApiError::bad_request())?
-		.to_string();
-
-	type HmacSha256 = Hmac<sha2::Sha256>;
-	let mut mac = HmacSha256::new_from_slice(ctx.cfg().security.proxy_secret.as_bytes())
-		.map_err(|_| ApiError::internal_server_error())?;
-
-	mac.update(uri.as_bytes());
-	mac.verify_slice(&bytes)
-		.map_err(|_| ApiError::forbidden())?;
-
+	let uri = ctx.uncloak(&hmac, &uri)
+		.ok_or_else(ApiError::unauthorized)?;
 	proxy(ctx, uri, auth).await
 }
 

upub/routes/src/activitypub/mod.rs

@@ -25,7 +25,7 @@ impl ActivityPubRouter for Router<upub::Context> {
 			.route("/proxy", post(ap::application::proxy_form))
 			.route("/proxy", get(ap::application::proxy_get))
 			.route("/proxy/:uri", get(ap::application::proxy_path))
-			.route("/proxy/:hmac/:uri", get(ap::application::proxy_hmac))
+			.route("/proxy/:hmac/:uri", get(ap::application::proxy_cloak))
 			.route("/inbox", post(ap::inbox::post))
 			.route("/inbox", get(ap::inbox::get))
 			.route("/inbox/page", get(ap::inbox::page))