Merge pull request #1026 from ceokot/sogs-auth

fix: Authenticate all Open Group API calls
2024-11-23 18:15:22 +00:00 · 2024-06-24 11:12:03 +10:00 · 2024-06-24 11:12:03 +10:00 · 1619277b4f
commit 1619277b4f
parent ba9f729d63 0d0a86831a
2 changed files with 64 additions and 65 deletions
--- a/libsession/src/main/java/org/session/libsession/messaging/jobs/BackgroundGroupAddJob.kt
+++ b/libsession/src/main/java/org/session/libsession/messaging/jobs/BackgroundGroupAddJob.kt
@ -37,6 +37,7 @@ class BackgroundGroupAddJob(val joinUrl: String): Job {
                delegate?.handleJobFailed(this, dispatcherName, DuplicateGroupException())
                return
            }
+
            storage.addOpenGroup(openGroup.joinUrl())
            storage.onOpenGroupAdded(openGroup.server, openGroup.room)
        } catch (e: Exception) {
--- a/libsession/src/main/java/org/session/libsession/messaging/open_groups/OpenGroupApi.kt
+++ b/libsession/src/main/java/org/session/libsession/messaging/open_groups/OpenGroupApi.kt
@ -273,7 +273,6 @@ object OpenGroupApi {
        val queryParameters: Map<String, String> = mapOf(),
        val parameters: Any? = null,
        val headers: Map<String, String> = mapOf(),
-        val isAuthRequired: Boolean = true,
        val body: ByteArray? = null,
        /**
         * Always `true` under normal circumstances. You might want to disable
@ -319,7 +318,7 @@ object OpenGroupApi {
                ?: return Promise.ofFail(Error.NoEd25519KeyPair)
            val urlRequest = urlBuilder.toString()
            val headers = request.headers.toMutableMap()
-            if (request.isAuthRequired) {
+
            val nonce = sodium.nonce(16)
            val timestamp = TimeUnit.MILLISECONDS.toSeconds(SnodeAPI.nowWithOffset)
            var pubKey = ""
@ -385,7 +384,6 @@ object OpenGroupApi {
            headers["X-SOGS-Timestamp"] = "$timestamp"
            headers["X-SOGS-Pubkey"] = pubKey
            headers["X-SOGS-Signature"] = encodeBytes(signature)
-            }

            val requestBuilder = okhttp3.Request.Builder()
                .url(urlRequest)
@ -927,7 +925,7 @@ object OpenGroupApi {
    }

    fun getCapabilities(server: String): Promise<Capabilities, Exception> {
-        val request = Request(verb = GET, room = null, server = server, endpoint = Endpoint.Capabilities, isAuthRequired = false)
+        val request = Request(verb = GET, room = null, server = server, endpoint = Endpoint.Capabilities)
        return getResponseBody(request).map { response ->
            JsonUtil.fromJson(response, Capabilities::class.java)
        }