From c9a64b16388d4c0e34f744dfea3c20a220ca8074 Mon Sep 17 00:00:00 2001 From: rebelonion <87634197+rebelonion@users.noreply.github.com> Date: Thu, 15 Feb 2024 18:28:03 -0600 Subject: [PATCH] feat: server-side auth --- app/proguard-rules.pro | 19 ++++++++++ .../connections/comments/CommentsAPI.kt | 36 +++---------------- .../media/comments/CommentsActivity.kt | 2 +- build.gradle | 1 - 4 files changed, 25 insertions(+), 33 deletions(-) diff --git a/app/proguard-rules.pro b/app/proguard-rules.pro index 8d6bcddf..7f171c72 100644 --- a/app/proguard-rules.pro +++ b/app/proguard-rules.pro @@ -43,6 +43,25 @@ public static <1> INSTANCE; kotlinx.serialization.KSerializer serializer(...); } +-keep class ani.dantotsu.** { *; } +-keep class ani.dantotsu.download.DownloadsManager { *; } +-keepattributes Signature +-keep class uy.kohesive.injekt.** { *; } +-keep class eu.kanade.tachiyomi.** { *; } +-keep class kotlin.** { *; } +-dontwarn kotlin.** +-keep class kotlinx.** { *; } +-keepclassmembers class uy.kohesive.injekt.api.FullTypeReference { + (...); +} +-keep class com.google.gson.** { *; } +-keepattributes *Annotation* +-keepattributes EnclosingMethod +-keep class com.google.gson.reflect.TypeToken { *; } +-keep class org.jsoup.** { *; } +-keepclassmembers class org.jsoup.nodes.Document { *; } + + # @Serializable and @Polymorphic are used at runtime for polymorphic serialization. -keepattributes RuntimeVisibleAnnotations,AnnotationDefault diff --git a/app/src/main/java/ani/dantotsu/connections/comments/CommentsAPI.kt b/app/src/main/java/ani/dantotsu/connections/comments/CommentsAPI.kt index ebd09f7a..464c7589 100644 --- a/app/src/main/java/ani/dantotsu/connections/comments/CommentsAPI.kt +++ b/app/src/main/java/ani/dantotsu/connections/comments/CommentsAPI.kt @@ -1,8 +1,6 @@ package ani.dantotsu.connections.comments -import android.annotation.SuppressLint -import android.security.keystore.KeyProperties -import ani.dantotsu.BuildConfig +import ani.dantotsu.Secrets import ani.dantotsu.connections.anilist.Anilist import ani.dantotsu.settings.saving.PrefManager import ani.dantotsu.settings.saving.PrefName @@ -21,12 +19,9 @@ import kotlinx.serialization.json.Json import okhttp3.FormBody import uy.kohesive.injekt.Injekt import uy.kohesive.injekt.api.get -import javax.crypto.Cipher -import javax.crypto.spec.SecretKeySpec object CommentsAPI { val address: String = "https://1224665.xyz:443" - val appSecret = BuildConfig.APP_SECRET var authToken: String? = null var userId: String? = null var isBanned: Boolean = false @@ -139,12 +134,9 @@ object CommentsAPI { suspend fun fetchAuthToken() { val url = "$address/authenticate" - userId = generateUserId() - val user = User(userId ?: return, Anilist.username ?: "") + val token = PrefManager.getVal(PrefName.AnilistToken, null as String?) ?: return val body: FormBody = FormBody.Builder() - .add("user_id", user.id) - .add("username", user.username) - .add("profile_picture_url", Anilist.avatar ?: "") + .add("token", token) .build() val request = requestBuilder() val json = request.post(url, requestBody = body) @@ -165,12 +157,12 @@ object CommentsAPI { private fun headerBuilder(): Map { return if (authToken != null) { mapOf( - "appauth" to appSecret, + "appauth" to BuildConfig.APP_SECRET, "Authorization" to authToken!! ) } else { mapOf( - "appauth" to appSecret, + "appauth" to BuildConfig.APP_SECRET, ) } } @@ -189,24 +181,6 @@ object CommentsAPI { } snackString("Error $code: ${reason ?: error}") } - - @SuppressLint("GetInstance") - private fun generateUserId(): String? { - val anilistId = PrefManager.getVal(PrefName.AnilistUserId, null as String?) - ?: if (Anilist.userid != null) { - PrefManager.setVal(PrefName.AnilistUserId, Anilist.userid.toString()) - Anilist.userid.toString() - } else { - return null - } - val userIdEncryptKey = BuildConfig.USER_ID_ENCRYPT_KEY - val keySpec = SecretKeySpec(userIdEncryptKey.toByteArray(), KeyProperties.KEY_ALGORITHM_AES) - val cipher = - Cipher.getInstance("${KeyProperties.KEY_ALGORITHM_AES}/ECB/${KeyProperties.ENCRYPTION_PADDING_PKCS7}") - cipher.init(Cipher.ENCRYPT_MODE, keySpec) - val encrypted = cipher.doFinal(anilistId.toByteArray()) - return encrypted.joinToString("") { "%02x".format(it) } - } } @Serializable diff --git a/app/src/main/java/ani/dantotsu/media/comments/CommentsActivity.kt b/app/src/main/java/ani/dantotsu/media/comments/CommentsActivity.kt index dd2e67db..4c0f65eb 100644 --- a/app/src/main/java/ani/dantotsu/media/comments/CommentsActivity.kt +++ b/app/src/main/java/ani/dantotsu/media/comments/CommentsActivity.kt @@ -301,7 +301,7 @@ class CommentsActivity : AppCompatActivity() { "2. No hate speech\n" + "3. No spam\n" + "4. No NSFW content\n" + - "6. No advertising\n" + + "6. ENGLISH ONLY\n" + "7. No self promotion\n" + "8. No impersonation\n" + "9. No harassment\n" + diff --git a/build.gradle b/build.gradle index 2aa991c5..b0d7cedb 100644 --- a/build.gradle +++ b/build.gradle @@ -17,7 +17,6 @@ buildscript { classpath "org.jetbrains.kotlin:kotlin-serialization:$kotlin_version" classpath "com.google.devtools.ksp:symbol-processing-api:$ksp_version" classpath "com.google.devtools.ksp:symbol-processing-gradle-plugin:$ksp_version" - classpath 'com.google.gms:google-services:4.4.0' classpath 'com.google.firebase:firebase-crashlytics-gradle:2.9.9' }