BYOK Personal Data Server (PDS) written in Go
ipfs vow atproto pds go
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

refactor: simplify header handling

+35 -25
+31
internal/helpers/http.go
··· 1 + package helpers 2 + 3 + import ( 4 + "net/http" 5 + ) 6 + 7 + // RequestHost determines the correct host for the given HTTP request, 8 + // prioritizing the X-Forwarded-Host header. 9 + func RequestHost(r *http.Request) string { 10 + if fwdHost := r.Header.Get("X-Forwarded-Host"); fwdHost != "" { 11 + return fwdHost 12 + } 13 + return r.Host 14 + } 15 + 16 + // RequestScheme determines the correct scheme for the given HTTP request, 17 + // prioritizing the X-Forwarded-Proto header. 18 + func RequestScheme(r *http.Request) string { 19 + if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" { 20 + return proto 21 + } 22 + if r.TLS == nil { 23 + return "http" 24 + } 25 + return "https" 26 + } 27 + 28 + // RequestURL reconstructs the full URL from an HTTP request. 29 + func RequestURL(r *http.Request) string { 30 + return RequestScheme(r) + "://" + RequestHost(r) + r.URL.String() 31 + }
+1 -11
server/handle_oauth_par.go
··· 62 62 return 63 63 } 64 64 65 - scheme := "https" 66 - if r.TLS == nil && r.Header.Get("X-Forwarded-Proto") == "" { 67 - scheme = "http" 68 - } else if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" { 69 - scheme = proto 70 - } 71 - host := r.Host 72 - if fwdHost := r.Header.Get("X-Forwarded-Host"); fwdHost != "" { 73 - host = fwdHost 74 - } 75 - dpopProof, err := s.oauthProvider.DpopManager.CheckProof(r.Method, scheme+"://"+host+r.URL.String(), r.Header, nil) 65 + dpopProof, err := s.oauthProvider.DpopManager.CheckProof(r.Method, helpers.RequestURL(r), r.Header, nil) 76 66 if err != nil { 77 67 if errors.Is(err, dpop.ErrUseDpopNonce) { 78 68 nonce := s.oauthProvider.NextNonce()
+1 -11
server/handle_oauth_token.go
··· 73 73 ClientAssertion: req.ClientAssertion, 74 74 } 75 75 76 - scheme := "https" 77 - if r.TLS == nil && r.Header.Get("X-Forwarded-Proto") == "" { 78 - scheme = "http" 79 - } else if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" { 80 - scheme = proto 81 - } 82 - host := r.Host 83 - if fwdHost := r.Header.Get("X-Forwarded-Host"); fwdHost != "" { 84 - host = fwdHost 85 - } 86 - proof, err := s.oauthProvider.DpopManager.CheckProof(r.Method, scheme+"://"+host+r.URL.String(), r.Header, nil) 76 + proof, err := s.oauthProvider.DpopManager.CheckProof(r.Method, helpers.RequestURL(r), r.Header, nil) 87 77 if err != nil { 88 78 if errors.Is(err, dpop.ErrUseDpopNonce) { 89 79 nonce := s.oauthProvider.NextNonce()
+1 -2
server/handle_well_known.go
··· 69 69 ctx := r.Context() 70 70 logger := s.logger.With("name", "handleAtprotoDid") 71 71 72 - // Use X-Forwarded-Host header if present (for reverse proxy setups), otherwise fall back to configured hostname 73 - host := r.Header.Get("X-Forwarded-Host") 72 + host := helpers.RequestHost(r) 74 73 if host == "" { 75 74 host = s.config.Hostname 76 75 }
+1 -1
server/middleware.go
··· 323 323 w.Header().Add("access-control-expose-headers", "DPoP-Nonce") 324 324 } 325 325 326 - proof, err := s.oauthProvider.DpopManager.CheckProof(r.Method, "https://"+s.config.Hostname+r.URL.String(), r.Header, new(accessToken)) 326 + proof, err := s.oauthProvider.DpopManager.CheckProof(r.Method, helpers.RequestURL(r), r.Header, new(accessToken)) 327 327 if err != nil { 328 328 if errors.Is(err, dpop.ErrUseDpopNonce) { 329 329 w.Header().Set("WWW-Authenticate", `DPoP error="use_dpop_nonce"`)