A lexicon-driven AppView for ATProto.
happyview.dev
backfill
firehose
jetstream
atproto
appview
oauth
lexicon
fix: use original auth scheme instead of hardcoded dpop
+9
-5
+9
-5
src/auth/middleware.rs
+9
-5
src/auth/middleware.rs
···
60
60
.and_then(|v| v.to_str().ok())
61
61
.ok_or_else(|| AppError::Auth("missing Authorization header".into()))?;
62
62
63
-
let token = header
64
-
.strip_prefix("DPoP ")
65
-
.or_else(|| header.strip_prefix("Bearer "))
66
-
.ok_or_else(|| AppError::Auth("invalid Authorization scheme".into()))?;
63
+
let (scheme, token) = if let Some(t) = header.strip_prefix("DPoP ") {
64
+
("DPoP", t)
65
+
} else if let Some(t) = header.strip_prefix("Bearer ") {
66
+
("Bearer", t)
67
+
} else {
68
+
return Err(AppError::Auth("invalid Authorization scheme".into()));
69
+
};
67
70
68
71
let dpop_proof = parts
69
72
.headers
···
78
81
79
82
tracing::debug!(
80
83
url = %userinfo_url,
84
+
scheme = %scheme,
81
85
has_dpop_proof = dpop_proof.is_some(),
82
86
"forwarding token to AIP userinfo"
83
87
);
···
85
89
let mut req = state
86
90
.http
87
91
.get(&userinfo_url)
88
-
.header("authorization", format!("DPoP {token}"));
92
+
.header("authorization", format!("{scheme} {token}"));
89
93
90
94
if let Some(ref proof) = dpop_proof {
91
95
req = req.header("dpop", proof);