chore: Release v1.3.0-dev.6 [skip ci]

# [1.3.0-dev.6](https://github.com/ReVanced/revanced-api/compare/v1.3.0-dev.5...v1.3.0-dev.6) (2024-10-02)

### Bug Fixes

* Expose www-authenticate header to JS ([9ed724e](9ed724e161))

### Features

* Only allow requests from HTTPs ([a6d7da1](a6d7da1205))

.github/workflows/release.yml

@@ -12,7 +12,7 @@ jobs:
     name: Release
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
       packages: write
     steps:
       - name: Checkout
@@ -60,7 +60,7 @@ jobs:
           DOCKER_REGISTRY_USER: ${{ github.actor }}
           DOCKER_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_ACTOR: ${{ github.actor }}
-          GITHUB_TOKEN: ${{ secrets.REPOSITORY_PUSH_ACCESS }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: npm exec semantic-release
 
       - name: Set Portainer stack webhook URL based on branch

.releaserc

@@ -21,10 +21,10 @@
       "@semantic-release/git",
       {
         "assets": [
-          "README.md",
           "CHANGELOG.md",
           "gradle.properties"
-        ]
+        ],
+        "message": "chore: Release v${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
       }
     ],
     [

CHANGELOG.md

@@ -1,3 +1,51 @@
+# [1.3.0-dev.6](https://github.com/ReVanced/revanced-api/compare/v1.3.0-dev.5...v1.3.0-dev.6) (2024-10-02)
+
+
+### Bug Fixes
+
+* Expose www-authenticate header to JS ([9ed724e](https://github.com/ReVanced/revanced-api/commit/9ed724e161f9029967f67e4c2066f2fdf7be0a27))
+
+
+### Features
+
+* Only allow requests from HTTPs ([a6d7da1](https://github.com/ReVanced/revanced-api/commit/a6d7da1205ef7bc23eba0b1fca2480a4327def19))
+
+# [1.3.0-dev.5](https://github.com/ReVanced/revanced-api/compare/v1.3.0-dev.4...v1.3.0-dev.5) (2024-09-30)
+
+
+### Bug Fixes
+
+* Allow more necessary HTTP methods for CORS ([080e2e5](https://github.com/ReVanced/revanced-api/commit/080e2e582cb8ea97421c402a4cb82414e11fb1cf))
+
+# [1.3.0-dev.4](https://github.com/ReVanced/revanced-api/compare/v1.3.0-dev.3...v1.3.0-dev.4) (2024-09-29)
+
+
+### Bug Fixes
+
+* Configure CORS properly to allow authorization and content-type header ([6442757](https://github.com/ReVanced/revanced-api/commit/6442757927c0307c01b2793858d25df7e3fca122))
+
+# [1.3.0-dev.3](https://github.com/ReVanced/revanced-api/compare/v1.3.0-dev.2...v1.3.0-dev.3) (2024-09-29)
+
+
+### Bug Fixes
+
+* Add missing OK response to routes ([1181be1](https://github.com/ReVanced/revanced-api/commit/1181be12e2223b245019f64570bc8f7bef4e7dc2))
+* Respond with JSON when returning token ([1e3e46f](https://github.com/ReVanced/revanced-api/commit/1e3e46ff4f7c12569b88fcd1bc252aeb5a611b63))
+* Specify a validation function to fix authentication ([53c3600](https://github.com/ReVanced/revanced-api/commit/53c36002e9af89aa5fed71f831470b42d5d777c9))
+
+
+### Features
+
+* Customize logging level through environment variable ([8b17d88](https://github.com/ReVanced/revanced-api/commit/8b17d8894db8db4a168c30be50af91c04e173e14))
+* Improve response info description wording ([977d252](https://github.com/ReVanced/revanced-api/commit/977d25249738b24cb6a3530543349efe1d71a9ba))
+
+# [1.3.0-dev.2](https://github.com/ReVanced/revanced-api/compare/v1.3.0-dev.1...v1.3.0-dev.2) (2024-09-27)
+
+
+### Bug Fixes
+
+* Expire token relative to current date time instead of just time ([c26e129](https://github.com/ReVanced/revanced-api/commit/c26e129bda09345761f291917f026c13e89a2572))
+
 # [1.3.0-dev.1](https://github.com/ReVanced/revanced-api/compare/v1.2.0...v1.3.0-dev.1) (2024-09-11)
 
 

gradle.properties

@@ -1,4 +1,4 @@
 org.gradle.parallel = true
 org.gradle.caching = true
 kotlin.code.style = official
-version = 1.3.0-dev.1
+version = 1.3.0-dev.6

package.json

@@ -4,7 +4,7 @@
     "@saithodev/semantic-release-backmerge": "^4.0.1",
     "@semantic-release/changelog": "^6.0.3",
     "@semantic-release/git": "^10.0.1",
-    "gradle-semantic-release-plugin": "^1.9.2",
+    "gradle-semantic-release-plugin": "^1.10.1",
-    "semantic-release": "^24.0.0"
+    "semantic-release": "^24.1.2"
   }
 }

src/main/kotlin/app/revanced/api/command/StartAPICommand.kt

@@ -1,6 +1,7 @@
 package app.revanced.api.command
 
 import app.revanced.api.configuration.*
+import io.github.cdimascio.dotenv.Dotenv
 import io.ktor.server.engine.*
 import io.ktor.server.jetty.*
 import picocli.CommandLine
@@ -33,6 +34,8 @@ internal object StartAPICommand : Runnable {
     private var configFile = File("configuration.toml")
 
     override fun run() {
+        Dotenv.configure().systemProperties().load()
+
         embeddedServer(Jetty, port, host) {
             configureDependencies(configFile)
             configureHTTP()

src/main/kotlin/app/revanced/api/configuration/Dependencies.kt

@@ -7,12 +7,11 @@ import app.revanced.api.configuration.repository.GitHubBackendRepository
 import app.revanced.api.configuration.services.*
 import app.revanced.api.configuration.services.AnnouncementService
 import app.revanced.api.configuration.services.ApiService
-import app.revanced.api.configuration.services.AuthService
+import app.revanced.api.configuration.services.AuthenticationService
 import app.revanced.api.configuration.services.OldApiService
 import app.revanced.api.configuration.services.PatchesService
 import com.akuleshov7.ktoml.Toml
 import com.akuleshov7.ktoml.source.decodeFromStream
-import io.github.cdimascio.dotenv.Dotenv
 import io.ktor.client.*
 import io.ktor.client.engine.okhttp.*
 import io.ktor.client.plugins.*
@@ -38,11 +37,7 @@ import java.io.File
 fun Application.configureDependencies(
     configFile: File,
 ) {
-    val globalModule = module {
+    val miscModule = module {
-        single {
-            Dotenv.configure().load()
-        }
-
         factory { params ->
             val defaultRequestUri: String = params.get<String>()
             val configBlock = params.getOrNull<(HttpClientConfig<OkHttpConfig>.() -> Unit)>() ?: {}
@@ -72,7 +67,7 @@ fun Application.configureDependencies(
                             )
                         }
 
-                        get<Dotenv>()["BACKEND_API_TOKEN"]?.let {
+                        System.getProperty("BACKEND_API_TOKEN")?.let {
                             install(Auth) {
                                 bearer {
                                     loadTokens {
@@ -98,12 +93,10 @@ fun Application.configureDependencies(
         }
 
         single {
-            val dotenv = get<Dotenv>()
-
             TransactionManager.defaultDatabase = Database.connect(
-                url = dotenv["DB_URL"],
+                url = System.getProperty("DB_URL"),
-                user = dotenv["DB_USER"],
+                user = System.getProperty("DB_USER"),
-                password = dotenv["DB_PASSWORD"],
+                password = System.getProperty("DB_PASSWORD"),
             )
 
             AnnouncementRepository()
@@ -112,15 +105,13 @@ fun Application.configureDependencies(
 
     val serviceModule = module {
         single {
-            val dotenv = get<Dotenv>()
+            val jwtSecret = System.getProperty("JWT_SECRET")
+            val issuer = System.getProperty("JWT_ISSUER")
+            val validityInMin = System.getProperty("JWT_VALIDITY_IN_MIN").toLong()
 
-            val jwtSecret = dotenv["JWT_SECRET"]
+            val authSHA256DigestString = System.getProperty("AUTH_SHA256_DIGEST")
-            val issuer = dotenv["JWT_ISSUER"]
-            val validityInMin = dotenv["JWT_VALIDITY_IN_MIN"].toInt()
 
-            val authSHA256DigestString = dotenv["AUTH_SHA256_DIGEST"]
+            AuthenticationService(issuer, validityInMin, jwtSecret, authSHA256DigestString)
-
-            AuthService(issuer, validityInMin, jwtSecret, authSHA256DigestString)
         }
         single {
             val configuration = get<ConfigurationRepository>()
@@ -140,7 +131,7 @@ fun Application.configureDependencies(
 
     install(Koin) {
         modules(
-            globalModule,
+            miscModule,
             repositoryModule,
             serviceModule,
         )

src/main/kotlin/app/revanced/api/configuration/HTTP.kt

@@ -1,6 +1,7 @@
 package app.revanced.api.configuration
 
 import app.revanced.api.configuration.repository.ConfigurationRepository
+import io.ktor.http.*
 import io.ktor.server.application.*
 import io.ktor.server.plugins.*
 import io.ktor.server.plugins.cors.routing.*
@@ -13,11 +14,16 @@ fun Application.configureHTTP() {
     val configurationRepository = get<ConfigurationRepository>()
 
     install(CORS) {
+        HttpMethod.DefaultMethods.minus(HttpMethod.Options).forEach(::allowMethod)
+
+        allowHeader(HttpHeaders.ContentType)
+        allowHeader(HttpHeaders.Authorization)
+        exposeHeader(HttpHeaders.WWWAuthenticate)
+
+        allowCredentials = true
+
         configurationRepository.corsAllowedHosts.forEach { host ->
-            allowHost(
+            allowHost(host = host, schemes = listOf("https"))
-                host = host,
-                schemes = listOf("http", "https")
-            )
         }
     }
 

src/main/kotlin/app/revanced/api/configuration/Security.kt

@@ -1,9 +1,17 @@
 package app.revanced.api.configuration
 
-import app.revanced.api.configuration.services.AuthService
+import app.revanced.api.configuration.services.AuthenticationService
 import io.ktor.server.application.*
+import io.ktor.server.auth.*
 import org.koin.ktor.ext.get
 
 fun Application.configureSecurity() {
-    get<AuthService>().configureSecurity(this)
+    val authenticationService = get<AuthenticationService>()
+
+    install(Authentication) {
+        with(authenticationService) {
+            jwt()
+            digest()
+        }
+    }
 }

src/main/kotlin/app/revanced/api/configuration/routes/Announcements.kt

@@ -94,6 +94,8 @@ internal fun Route.announcementsRoute() = route("announcements") {
 
             post<APIAnnouncement> { announcement ->
                 announcementService.new(announcement)
+
+                call.respond(HttpStatusCode.OK)
             }
 
             route("{id}") {
@@ -103,12 +105,16 @@ internal fun Route.announcementsRoute() = route("announcements") {
                     val id: Int by call.parameters
 
                     announcementService.update(id, announcement)
+
+                    call.respond(HttpStatusCode.OK)
                 }
 
                 delete {
                     val id: Int by call.parameters
 
                     announcementService.delete(id)
+
+                    call.respond(HttpStatusCode.OK)
                 }
 
                 route("archive") {
@@ -119,6 +125,8 @@ internal fun Route.announcementsRoute() = route("announcements") {
                         val archivedAt = call.receiveNullable<APIAnnouncementArchivedAt>()?.archivedAt
 
                         announcementService.archive(id, archivedAt)
+
+                        call.respond(HttpStatusCode.OK)
                     }
                 }
 
@@ -129,6 +137,8 @@ internal fun Route.announcementsRoute() = route("announcements") {
                         val id: Int by call.parameters
 
                         announcementService.unarchive(id)
+
+                        call.respond(HttpStatusCode.OK)
                     }
                 }
             }
@@ -157,7 +167,7 @@ private fun Route.installAnnouncementRouteDocumentation() = installNotarizedRout
             description("The new announcement")
         }
         response {
-            description("When the announcement was created")
+            description("The announcement is created")
             responseCode(HttpStatusCode.OK)
             responseType<Unit>()
         }
@@ -255,7 +265,7 @@ private fun Route.installAnnouncementArchiveRouteDocumentation() = installNotari
         description("Archive an announcement")
         summary("Archive announcement")
         response {
-            description("When the announcement was archived")
+            description("The announcement is archived")
             responseCode(HttpStatusCode.OK)
             responseType<Unit>()
         }
@@ -281,7 +291,7 @@ private fun Route.installAnnouncementUnarchiveRouteDocumentation() = installNota
         description("Unarchive an announcement")
         summary("Unarchive announcement")
         response {
-            description("When announcement was unarchived")
+            description("The announcement is unarchived")
             responseCode(HttpStatusCode.OK)
             responseType<Unit>()
         }
@@ -311,7 +321,7 @@ private fun Route.installAnnouncementIdRouteDocumentation() = installNotarizedRo
             description("The new announcement")
         }
         response {
-            description("When announcement was updated")
+            description("The announcement is updated")
             responseCode(HttpStatusCode.OK)
             responseType<Unit>()
         }
@@ -322,7 +332,7 @@ private fun Route.installAnnouncementIdRouteDocumentation() = installNotarizedRo
         description("Delete an announcement")
         summary("Delete announcement")
         response {
-            description("When the announcement was deleted")
+            description("The announcement is deleted")
             responseCode(HttpStatusCode.OK)
             responseType<Unit>()
         }

src/main/kotlin/app/revanced/api/configuration/routes/ApiRoute.kt

@@ -6,12 +6,9 @@ import app.revanced.api.configuration.installNoCache
 import app.revanced.api.configuration.installNotarizedRoute
 import app.revanced.api.configuration.repository.ConfigurationRepository
 import app.revanced.api.configuration.respondOrNotFound
-import app.revanced.api.configuration.schema.APIAbout
+import app.revanced.api.configuration.schema.*
-import app.revanced.api.configuration.schema.APIContributable
-import app.revanced.api.configuration.schema.APIMember
-import app.revanced.api.configuration.schema.APIRateLimit
 import app.revanced.api.configuration.services.ApiService
-import app.revanced.api.configuration.services.AuthService
+import app.revanced.api.configuration.services.AuthenticationService
 import io.bkbn.kompendium.core.metadata.*
 import io.bkbn.kompendium.json.schema.definition.TypeDefinition
 import io.bkbn.kompendium.oas.payload.Parameter
@@ -21,13 +18,12 @@ import io.ktor.server.auth.*
 import io.ktor.server.plugins.ratelimit.*
 import io.ktor.server.response.*
 import io.ktor.server.routing.*
-import kotlinx.serialization.json.Json.Default.configuration
 import kotlin.time.Duration.Companion.days
 import org.koin.ktor.ext.get as koinGet
 
 internal fun Route.apiRoute() {
     val apiService = koinGet<ApiService>()
-    val authService = koinGet<AuthService>()
+    val authenticationService = koinGet<AuthenticationService>()
 
     rateLimit(RateLimitName("strong")) {
         authenticate("auth-digest") {
@@ -35,7 +31,7 @@ internal fun Route.apiRoute() {
                 installTokenRouteDocumentation()
 
                 get {
-                    call.respond(authService.newToken())
+                    call.respond(authenticationService.newToken())
                 }
             }
         }
@@ -199,7 +195,7 @@ private fun Route.installTokenRouteDocumentation() = installNotarizedRoute {
             description("The authorization token")
             mediaTypes("application/json")
             responseCode(HttpStatusCode.OK)
-            responseType<String>()
+            responseType<APIToken>()
         }
         canRespondUnauthorized()
     }

src/main/kotlin/app/revanced/api/configuration/schema/APISchema.kt

@@ -172,3 +172,6 @@ class APIAbout(
         val links: List<Link>?,
     )
 }
+
+@Serializable
+class APIToken(val token: String)

src/main/kotlin/app/revanced/api/configuration/services/AuthService.kt

@@ -1,49 +0,0 @@
-package app.revanced.api.configuration.services
-
-import com.auth0.jwt.JWT
-import com.auth0.jwt.algorithms.Algorithm
-import io.ktor.server.application.*
-import io.ktor.server.auth.*
-import io.ktor.server.auth.jwt.*
-import java.util.*
-import kotlin.text.HexFormat
-import kotlin.time.Duration.Companion.minutes
-
-internal class AuthService private constructor(
-    private val issuer: String,
-    private val validityInMin: Int,
-    private val jwtSecret: String,
-    private val authSHA256Digest: ByteArray,
-) {
-    @OptIn(ExperimentalStdlibApi::class)
-    constructor(issuer: String, validityInMin: Int, jwtSecret: String, authSHA256DigestString: String) : this(
-        issuer,
-        validityInMin,
-        jwtSecret,
-        authSHA256DigestString.hexToByteArray(HexFormat.Default),
-    )
-
-    val configureSecurity: Application.() -> Unit = {
-        install(Authentication) {
-            jwt("jwt") {
-                realm = "ReVanced"
-
-                verifier(JWT.require(Algorithm.HMAC256(jwtSecret)).withIssuer(issuer).build())
-            }
-
-            digest("auth-digest") {
-                realm = "ReVanced"
-                algorithmName = "SHA-256"
-
-                digestProvider { _, _ ->
-                    authSHA256Digest
-                }
-            }
-        }
-    }
-
-    fun newToken(): String = JWT.create()
-        .withIssuer(issuer)
-        .withExpiresAt(Date(System.currentTimeMillis() + validityInMin.minutes.inWholeMilliseconds))
-        .sign(Algorithm.HMAC256(jwtSecret))
-}

src/main/kotlin/app/revanced/api/configuration/services/AuthenticationService.kt

@@ -0,0 +1,52 @@
+package app.revanced.api.configuration.services
+
+import app.revanced.api.configuration.schema.APIToken
+import com.auth0.jwt.JWT
+import com.auth0.jwt.algorithms.Algorithm
+import io.ktor.server.auth.*
+import io.ktor.server.auth.jwt.*
+import java.time.Instant
+import java.time.temporal.ChronoUnit
+import kotlin.text.HexFormat
+
+internal class AuthenticationService private constructor(
+    private val issuer: String,
+    private val validityInMin: Long,
+    private val jwtSecret: String,
+    private val authSHA256Digest: ByteArray,
+) {
+    @OptIn(ExperimentalStdlibApi::class)
+    constructor(issuer: String, validityInMin: Long, jwtSecret: String, authSHA256DigestString: String) : this(
+        issuer,
+        validityInMin,
+        jwtSecret,
+        authSHA256DigestString.hexToByteArray(HexFormat.Default),
+    )
+
+    fun AuthenticationConfig.jwt() {
+        jwt("jwt") {
+            realm = "ReVanced"
+            verifier(JWT.require(Algorithm.HMAC256(jwtSecret)).withIssuer(issuer).build())
+            // This is required and not optional. Authentication will fail if this is not present.
+            validate { JWTPrincipal(it.payload) }
+        }
+    }
+
+    fun AuthenticationConfig.digest() {
+        digest("auth-digest") {
+            realm = "ReVanced"
+            algorithmName = "SHA-256"
+
+            digestProvider { _, _ ->
+                authSHA256Digest
+            }
+        }
+    }
+
+    fun newToken() = APIToken(
+        JWT.create()
+            .withIssuer(issuer)
+            .withExpiresAt(Instant.now().plus(validityInMin, ChronoUnit.MINUTES))
+            .sign(Algorithm.HMAC256(jwtSecret)),
+    )
+}

src/main/resources/logback.xml

@@ -4,7 +4,7 @@
             <pattern>%d{YYYY-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
         </encoder>
     </appender>
-    <root level="info">
+    <root level="\${LOG_LEVEL:-INFO}">
         <appender-ref ref="STDOUT"/>
     </root>
 </configuration>