A lexicon-driven AppView for ATProto. happyview.dev
backfill firehose jetstream atproto appview oauth lexicon
8
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix: use original auth scheme instead of hardcoded dpop

Trezy 86660457 791a6a83

+9 -5
+9 -5
src/auth/middleware.rs
··· 60 60 .and_then(|v| v.to_str().ok()) 61 61 .ok_or_else(|| AppError::Auth("missing Authorization header".into()))?; 62 62 63 - let token = header 64 - .strip_prefix("DPoP ") 65 - .or_else(|| header.strip_prefix("Bearer ")) 66 - .ok_or_else(|| AppError::Auth("invalid Authorization scheme".into()))?; 63 + let (scheme, token) = if let Some(t) = header.strip_prefix("DPoP ") { 64 + ("DPoP", t) 65 + } else if let Some(t) = header.strip_prefix("Bearer ") { 66 + ("Bearer", t) 67 + } else { 68 + return Err(AppError::Auth("invalid Authorization scheme".into())); 69 + }; 67 70 68 71 let dpop_proof = parts 69 72 .headers ··· 78 81 79 82 tracing::debug!( 80 83 url = %userinfo_url, 84 + scheme = %scheme, 81 85 has_dpop_proof = dpop_proof.is_some(), 82 86 "forwarding token to AIP userinfo" 83 87 ); ··· 85 89 let mut req = state 86 90 .http 87 91 .get(&userinfo_url) 88 - .header("authorization", format!("DPoP {token}")); 92 + .header("authorization", format!("{scheme} {token}")); 89 93 90 94 if let Some(ref proof) = dpop_proof { 91 95 req = req.header("dpop", proof);