alice.mosphere.at / indigo
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

tweaks from review (thanks DavidBuchanan314)

bryan newbold 004751b3 1372d64b

+12 -11
+1 -1
atproto/auth/oauth/jwt_signing.go
··· 55 55 return jwt.ErrTokenSignatureInvalid 56 56 } 57 57 58 - // NOTE: important to use using "lenient" variant here 58 + // NOTE: important to use using "lenient" variant here. atproto cryptography is strict about details like low-S elliptic curve signatures, but OAuth cryptography is not, and we want to be interoperable with general purpose OAuth implementations 59 59 return pub.HashAndVerifyLenient([]byte(signingString), sig) 60 60 } 61 61
+8 -8
atproto/auth/oauth/oauth.go
··· 509 509 return &tokenResp, nil 510 510 } 511 511 512 - func (app *ClientApp) StartAuthFlow(ctx context.Context, username string) (string, error) { 512 + func (app *ClientApp) StartAuthFlow(ctx context.Context, identifier string) (string, error) { 513 513 514 514 var authserverURL string 515 515 var accountDID syntax.DID 516 516 517 - if strings.HasPrefix(username, "https://") { 518 - authserverURL = username 519 - username = "" 517 + if strings.HasPrefix(identifier, "https://") { 518 + authserverURL = identifier 519 + identifier = "" 520 520 } else { 521 - atid, err := syntax.ParseAtIdentifier(username) 521 + atid, err := syntax.ParseAtIdentifier(identifier) 522 522 if err != nil { 523 - return "", fmt.Errorf("not a valid account identifier (%s): %w", username, err) 523 + return "", fmt.Errorf("not a valid account identifier (%s): %w", identifier, err) 524 524 } 525 525 ident, err := app.Dir.Lookup(ctx, *atid) 526 526 if err != nil { 527 - return "", fmt.Errorf("failed to resolve username (%s): %w", username, err) 527 + return "", fmt.Errorf("failed to resolve username (%s): %w", identifier, err) 528 528 } 529 529 host := ident.PDSEndpoint() 530 530 if host == "" { ··· 546 546 } 547 547 548 548 scope := scopeStr(app.Config.Scopes) 549 - info, err := app.SendAuthRequest(ctx, authserverMeta, scope, username) 549 + info, err := app.SendAuthRequest(ctx, authserverMeta, scope, identifier) 550 550 if err != nil { 551 551 return "", fmt.Errorf("auth request failed: %w", err) 552 552 }
+2
atproto/auth/oauth/store.go
··· 8 8 9 9 // Interface for persisting session data and auth request data, required as part of an OAuth client app. 10 10 // 11 + // Note that this interface assumes that there is only a single session per account (by DID). 12 + // 11 13 // Implementations should allow for concurrent access. 12 14 type ClientAuthStore interface { 13 15 GetSession(ctx context.Context, did syntax.DID) (*ClientSessionData, error)
+1 -2
atproto/auth/oauth/util.go
··· 1 1 package oauth 2 2 3 3 import ( 4 + "crypto/rand" 4 5 "crypto/sha256" 5 6 "encoding/base64" 6 - "math/rand" 7 7 ) 8 8 9 9 // this generates pseudo-unique nonces to prevent token (JWT) replay. these do not need to be cryptographically resilient 10 10 func randomNonce() string { 11 - // TODO: make this longer? 12 11 buf := make([]byte, 16) 13 12 rand.Read(buf) 14 13 return base64.RawURLEncoding.EncodeToString(buf)