feat: server-side auth

app/proguard-rules.pro

@@ -43,6 +43,25 @@
     public static <1> INSTANCE;
     kotlinx.serialization.KSerializer serializer(...);
 }
+-keep class ani.dantotsu.** { *; }
+-keep class ani.dantotsu.download.DownloadsManager { *; }
+-keepattributes Signature
+-keep class uy.kohesive.injekt.** { *; }
+-keep class eu.kanade.tachiyomi.** { *; }
+-keep class kotlin.** { *; }
+-dontwarn kotlin.**
+-keep class kotlinx.** { *; }
+-keepclassmembers class uy.kohesive.injekt.api.FullTypeReference {
+    <init>(...);
+}
+-keep class com.google.gson.** { *; }
+-keepattributes *Annotation*
+-keepattributes EnclosingMethod
+-keep class com.google.gson.reflect.TypeToken { *; }
+-keep class org.jsoup.** { *; }
+-keepclassmembers class org.jsoup.nodes.Document { *; }
+
+
 
 # @Serializable and @Polymorphic are used at runtime for polymorphic serialization.
 -keepattributes RuntimeVisibleAnnotations,AnnotationDefault

app/src/main/java/ani/dantotsu/connections/comments/CommentsAPI.kt

@@ -1,8 +1,6 @@
 package ani.dantotsu.connections.comments
 
-import android.annotation.SuppressLint
+import ani.dantotsu.Secrets
-import android.security.keystore.KeyProperties
-import ani.dantotsu.BuildConfig
 import ani.dantotsu.connections.anilist.Anilist
 import ani.dantotsu.settings.saving.PrefManager
 import ani.dantotsu.settings.saving.PrefName
@@ -21,12 +19,9 @@ import kotlinx.serialization.json.Json
 import okhttp3.FormBody
 import uy.kohesive.injekt.Injekt
 import uy.kohesive.injekt.api.get
-import javax.crypto.Cipher
-import javax.crypto.spec.SecretKeySpec
 
 object CommentsAPI {
     val address: String = "https://1224665.xyz:443"
-    val appSecret = BuildConfig.APP_SECRET
     var authToken: String? = null
     var userId: String? = null
     var isBanned: Boolean = false
@@ -139,12 +134,9 @@ object CommentsAPI {
 
     suspend fun fetchAuthToken() {
         val url = "$address/authenticate"
-        userId = generateUserId()
+        val token = PrefManager.getVal(PrefName.AnilistToken, null as String?) ?: return
-        val user = User(userId ?: return, Anilist.username ?: "")
         val body: FormBody = FormBody.Builder()
-            .add("user_id", user.id)
+            .add("token", token)
-            .add("username", user.username)
-            .add("profile_picture_url", Anilist.avatar ?: "")
             .build()
         val request = requestBuilder()
         val json = request.post(url, requestBody = body)
@@ -165,12 +157,12 @@ object CommentsAPI {
     private fun headerBuilder(): Map<String, String> {
         return if (authToken != null) {
             mapOf(
-                "appauth" to appSecret,
+                "appauth" to BuildConfig.APP_SECRET,
                 "Authorization" to authToken!!
             )
         } else {
             mapOf(
-                "appauth" to appSecret,
+                "appauth" to BuildConfig.APP_SECRET,
             )
         }
     }
@@ -189,24 +181,6 @@ object CommentsAPI {
         }
         snackString("Error $code: ${reason ?: error}")
     }
-
-    @SuppressLint("GetInstance")
-    private fun generateUserId(): String? {
-        val anilistId = PrefManager.getVal(PrefName.AnilistUserId, null as String?)
-            ?: if (Anilist.userid != null) {
-                PrefManager.setVal(PrefName.AnilistUserId, Anilist.userid.toString())
-                Anilist.userid.toString()
-            } else {
-                return null
-            }
-        val userIdEncryptKey = BuildConfig.USER_ID_ENCRYPT_KEY
-        val keySpec = SecretKeySpec(userIdEncryptKey.toByteArray(), KeyProperties.KEY_ALGORITHM_AES)
-        val cipher =
-            Cipher.getInstance("${KeyProperties.KEY_ALGORITHM_AES}/ECB/${KeyProperties.ENCRYPTION_PADDING_PKCS7}")
-        cipher.init(Cipher.ENCRYPT_MODE, keySpec)
-        val encrypted = cipher.doFinal(anilistId.toByteArray())
-        return encrypted.joinToString("") { "%02x".format(it) }
-    }
 }
 
 @Serializable

app/src/main/java/ani/dantotsu/media/comments/CommentsActivity.kt

@@ -301,7 +301,7 @@ class CommentsActivity : AppCompatActivity() {
                                 "2. No hate speech\n" +
                                 "3. No spam\n" +
                                 "4. No NSFW content\n" +
-                                "6. No advertising\n" +
+                                "6. ENGLISH ONLY\n" +
                                 "7. No self promotion\n" +
                                 "8. No impersonation\n" +
                                 "9. No harassment\n" +

build.gradle

@@ -17,7 +17,6 @@ buildscript {
         classpath "org.jetbrains.kotlin:kotlin-serialization:$kotlin_version"
         classpath "com.google.devtools.ksp:symbol-processing-api:$ksp_version"
         classpath "com.google.devtools.ksp:symbol-processing-gradle-plugin:$ksp_version"
-
         classpath 'com.google.gms:google-services:4.4.0'
         classpath 'com.google.firebase:firebase-crashlytics-gradle:2.9.9'
     }