dunkirk.sh / indiko
my own indieAuth provider! indiko.dunkirk.sh/docs
indieauth oauth2-server
6
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat: use the user domain consistently

Kieran Klukas a5064627 c66febd2

+15 -3
+15 -3
src/routes/indieauth.ts
··· 1548 1548 // Look up authorization code 1549 1549 const authcode = db 1550 1550 .query( 1551 - "SELECT user_id, client_id, redirect_uri, scopes, code_challenge, expires_at, used FROM authcodes WHERE code = ?", 1551 + "SELECT user_id, client_id, redirect_uri, scopes, code_challenge, expires_at, used, me FROM authcodes WHERE code = ?", 1552 1552 ) 1553 1553 .get(code) as 1554 1554 | { ··· 1559 1559 code_challenge: string; 1560 1560 expires_at: number; 1561 1561 used: number; 1562 + me: string | null; 1562 1563 } 1563 1564 | undefined; 1564 1565 ··· 1679 1680 meValue = user.url; 1680 1681 } 1681 1682 1683 + // Validate that the user controls the requested me parameter 1684 + if (authcode.me && authcode.me !== meValue) { 1685 + return Response.json( 1686 + { 1687 + error: "invalid_grant", 1688 + error_description: "The requested identity does not match the user's verified domain", 1689 + }, 1690 + { status: 400 }, 1691 + ); 1692 + } 1693 + 1682 1694 const origin = process.env.ORIGIN || "http://localhost:3000"; 1683 1695 1684 1696 const response: Record<string, unknown> = { ··· 1773 1785 <meta property="og:type" content="profile" /> 1774 1786 <meta property="og:title" content="${user.name}" /> 1775 1787 <meta property="og:description" content="${user.name}'s profile on Indiko" /> 1776 - <meta property="og:url" content="${process.env.ORIGIN}/u/${user.username}" /> 1788 + <meta property="og:url" content="${user.url || `${process.env.ORIGIN}/u/${user.username}`}" /> 1777 1789 ${user.photo ? `<meta property="og:image" content="${user.photo}" />` : ""} 1778 1790 <meta property="profile:username" content="${user.username}" /> 1779 1791 ··· 1928 1940 ${user.email ? `<a class="u-email" rel="me" href="mailto:${user.email}">email</a>` : ""} 1929 1941 </div> 1930 1942 <div class="identity-info"> 1931 - IndieAuth identity: <code>${process.env.ORIGIN}/u/${user.username}</code> 1943 + IndieAuth identity: <code>${user.url || `${process.env.ORIGIN}/u/${user.username}`}</code> 1932 1944 </div> 1933 1945 </div> 1934 1946