feat: server-side auth

2024-02-15 18:28:03 -06:00 · 2024-02-15 18:28:03 -06:00 · c9a64b1638
commit c9a64b1638
parent ee7cff0fea
4 changed files with 25 additions and 33 deletions
--- a/app/proguard-rules.pro
+++ b/app/proguard-rules.pro
@ -43,6 +43,25 @@
    public static <1> INSTANCE;
    kotlinx.serialization.KSerializer serializer(...);
 }
+-keep class ani.dantotsu.** { *; }
+-keep class ani.dantotsu.download.DownloadsManager { *; }
+-keepattributes Signature
+-keep class uy.kohesive.injekt.** { *; }
+-keep class eu.kanade.tachiyomi.** { *; }
+-keep class kotlin.** { *; }
+-dontwarn kotlin.**
+-keep class kotlinx.** { *; }
+-keepclassmembers class uy.kohesive.injekt.api.FullTypeReference {
+    <init>(...);
+}
+-keep class com.google.gson.** { *; }
+-keepattributes *Annotation*
+-keepattributes EnclosingMethod
+-keep class com.google.gson.reflect.TypeToken { *; }
+-keep class org.jsoup.** { *; }
+-keepclassmembers class org.jsoup.nodes.Document { *; }
+
+

 # @Serializable and @Polymorphic are used at runtime for polymorphic serialization.
 -keepattributes RuntimeVisibleAnnotations,AnnotationDefault
--- a/app/src/main/java/ani/dantotsu/connections/comments/CommentsAPI.kt
+++ b/app/src/main/java/ani/dantotsu/connections/comments/CommentsAPI.kt
@ -1,8 +1,6 @@
 package ani.dantotsu.connections.comments

-import android.annotation.SuppressLint
-import android.security.keystore.KeyProperties
-import ani.dantotsu.BuildConfig
+import ani.dantotsu.Secrets
 import ani.dantotsu.connections.anilist.Anilist
 import ani.dantotsu.settings.saving.PrefManager
 import ani.dantotsu.settings.saving.PrefName
@ -21,12 +19,9 @@ import kotlinx.serialization.json.Json
 import okhttp3.FormBody
 import uy.kohesive.injekt.Injekt
 import uy.kohesive.injekt.api.get
-import javax.crypto.Cipher
-import javax.crypto.spec.SecretKeySpec

 object CommentsAPI {
    val address: String = "https://1224665.xyz:443"
-    val appSecret = BuildConfig.APP_SECRET
    var authToken: String? = null
    var userId: String? = null
    var isBanned: Boolean = false
@ -139,12 +134,9 @@ object CommentsAPI {

    suspend fun fetchAuthToken() {
        val url = "$address/authenticate"
-        userId = generateUserId()
-        val user = User(userId ?: return, Anilist.username ?: "")
+        val token = PrefManager.getVal(PrefName.AnilistToken, null as String?) ?: return
        val body: FormBody = FormBody.Builder()
-            .add("user_id", user.id)
-            .add("username", user.username)
-            .add("profile_picture_url", Anilist.avatar ?: "")
+            .add("token", token)
            .build()
        val request = requestBuilder()
        val json = request.post(url, requestBody = body)
@ -165,12 +157,12 @@ object CommentsAPI {
    private fun headerBuilder(): Map<String, String> {
        return if (authToken != null) {
            mapOf(
-                "appauth" to appSecret,
+                "appauth" to BuildConfig.APP_SECRET,
                "Authorization" to authToken!!
            )
        } else {
            mapOf(
-                "appauth" to appSecret,
+                "appauth" to BuildConfig.APP_SECRET,
            )
        }
    }
@ -189,24 +181,6 @@ object CommentsAPI {
        }
        snackString("Error $code: ${reason ?: error}")
    }
-
-    @SuppressLint("GetInstance")
-    private fun generateUserId(): String? {
-        val anilistId = PrefManager.getVal(PrefName.AnilistUserId, null as String?)
-            ?: if (Anilist.userid != null) {
-                PrefManager.setVal(PrefName.AnilistUserId, Anilist.userid.toString())
-                Anilist.userid.toString()
-            } else {
-                return null
-            }
-        val userIdEncryptKey = BuildConfig.USER_ID_ENCRYPT_KEY
-        val keySpec = SecretKeySpec(userIdEncryptKey.toByteArray(), KeyProperties.KEY_ALGORITHM_AES)
-        val cipher =
-            Cipher.getInstance("${KeyProperties.KEY_ALGORITHM_AES}/ECB/${KeyProperties.ENCRYPTION_PADDING_PKCS7}")
-        cipher.init(Cipher.ENCRYPT_MODE, keySpec)
-        val encrypted = cipher.doFinal(anilistId.toByteArray())
-        return encrypted.joinToString("") { "%02x".format(it) }
-    }
 }

@Serializable
--- a/app/src/main/java/ani/dantotsu/media/comments/CommentsActivity.kt
+++ b/app/src/main/java/ani/dantotsu/media/comments/CommentsActivity.kt
@ -301,7 +301,7 @@ class CommentsActivity : AppCompatActivity() {
                                "2. No hate speech\n" +
                                "3. No spam\n" +
                                "4. No NSFW content\n" +
-                                "6. No advertising\n" +
+                                "6. ENGLISH ONLY\n" +
                                "7. No self promotion\n" +
                                "8. No impersonation\n" +
                                "9. No harassment\n" +
--- a/build.gradle
+++ b/build.gradle
@ -17,7 +17,6 @@ buildscript {
        classpath "org.jetbrains.kotlin:kotlin-serialization:$kotlin_version"
        classpath "com.google.devtools.ksp:symbol-processing-api:$ksp_version"
        classpath "com.google.devtools.ksp:symbol-processing-gradle-plugin:$ksp_version"
-
        classpath 'com.google.gms:google-services:4.4.0'
        classpath 'com.google.firebase:firebase-crashlytics-gradle:2.9.9'
    }