Fix internal integrity key retrieval

satiracode · satiracode · commit e1507a7566d6 · 2025-08-12T15:54:20.000+04:00
diff --git a/src/main/kotlin/org/exploit/keeper/controller/system/InternalIntegrityController.kt b/src/main/kotlin/org/exploit/keeper/controller/system/InternalIntegrityController.kt
@@ -1,13 +1,16 @@
 package org.exploit.keeper.controller.system
 
+import jakarta.ws.rs.GET
 import jakarta.ws.rs.Path
 import jakarta.ws.rs.Produces
+import org.exploit.keeper.model.RawPublicKeyDto
 import org.exploit.keeper.provider.MessagePackProvider
 import org.exploit.keeper.service.core.KeeperIntegrityService
 
 @Path("/v1/integrity")
 class InternalIntegrityController(private val integrity: KeeperIntegrityService) {
+    @GET
     @Path("/publicKey")
     @Produces(MessagePackProvider.MSGPACK_MIME)
-    fun integrity() = integrity.integrityKey()
+    fun integrity(): RawPublicKeyDto = integrity.integrityKey()
 }
diff --git a/src/main/kotlin/org/exploit/keeper/filter/KeeperAuthFilter.kt b/src/main/kotlin/org/exploit/keeper/filter/KeeperAuthFilter.kt
@@ -7,24 +7,23 @@ import jakarta.ws.rs.container.ContainerRequestContext
 import jakarta.ws.rs.container.ContainerRequestFilter
 import jakarta.ws.rs.ext.Provider
 import org.exploit.keeper.api.auth.KeeperAuthenticator
-import org.exploit.keeper.config.KeeperConfig
+import org.exploit.keeper.filter.matcher.AntPathMatcher
 import org.exploit.keeper.service.client.TKeeperClients
 
 @Provider
 @Priority(Priorities.AUTHENTICATION)
-class KeeperAuthFilter(
-    private val config: KeeperConfig,
-    private val clients: TKeeperClients
-) : ContainerRequestFilter {
+class KeeperAuthFilter(private val clients: TKeeperClients) : ContainerRequestFilter {
+    private val ignoreMatchers = listOf(
+        AntPathMatcher.of("/v1/keeper/**"),
+        AntPathMatcher.of("/v1/integrity/**")
+    )
 
     override fun filter(p0: ContainerRequestContext) {
         val path = p0.uriInfo.path
 
-        if (path.startsWith("/v1/keeper"))
-            return
-
-        if (config.auth().allowAnonymous())
+        if (ignoreMatchers.any { it.matches(path) }) {
             return
+        }
 
         val instanceId = p0.getHeaderString(KeeperAuthenticator.HEADER_INSTANCE_ID)
             ?.toIntOrNull()
@@ -40,8 +39,9 @@ class KeeperAuthFilter(
         try {
             val client = clients.find(instanceId)
 
-            if (!client.verifySignature(signature, path, timestamp))
+            if (!client.verifySignature(signature, path, timestamp)) {
                 throw NotAuthorizedException("Signature verification failed")
+            }
         } catch (e: Exception) {
             throw NotAuthorizedException("Signature verification failed")
         }
