refactor: refactor identifier-based account lookup and update JWT validation

+6 -6

go.mod

··· 29 29 github.com/joho/godotenv v1.5.1 30 30 github.com/lestrrat-go/jwx/v2 v2.1.6 31 31 github.com/lmittmann/tint v1.1.3 32 + github.com/multiformats/go-multicodec v0.10.0 32 33 github.com/multiformats/go-multihash v0.2.3 33 34 github.com/prometheus/client_golang v1.23.2 34 35 github.com/spf13/cobra v1.10.2 ··· 100 101 github.com/lestrrat-go/option v1.0.1 // indirect 101 102 github.com/libp2p/go-buffer-pool v0.1.0 // indirect 102 103 github.com/libp2p/go-cidranger v1.1.0 // indirect 103 - github.com/libp2p/go-libp2p v0.47.0 // indirect 104 + github.com/libp2p/go-libp2p v0.48.0 // indirect 104 105 github.com/libp2p/go-libp2p-asn-util v0.4.1 // indirect 105 - github.com/libp2p/go-libp2p-kad-dht v0.38.0 // indirect 106 + github.com/libp2p/go-libp2p-kad-dht v0.39.0 // indirect 106 107 github.com/libp2p/go-libp2p-kbucket v0.8.0 // indirect 107 108 github.com/libp2p/go-libp2p-record v0.3.1 // indirect 108 109 github.com/libp2p/go-libp2p-routing-helpers v0.7.5 // indirect ··· 119 120 github.com/multiformats/go-multiaddr v0.16.1 // indirect 120 121 github.com/multiformats/go-multiaddr-dns v0.5.0 // indirect 121 122 github.com/multiformats/go-multibase v0.2.0 // indirect 122 - github.com/multiformats/go-multicodec v0.10.0 // indirect 123 123 github.com/multiformats/go-multistream v0.6.1 // indirect 124 124 github.com/multiformats/go-varint v0.1.0 // indirect 125 125 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect ··· 155 155 go.uber.org/zap v1.27.1 // indirect 156 156 go.yaml.in/yaml/v2 v2.4.4 // indirect 157 157 go.yaml.in/yaml/v3 v3.0.4 // indirect 158 - golang.org/x/exp v0.0.0-20260212183809-81e46e3db34a // indirect 159 - golang.org/x/mod v0.33.0 // indirect 158 + golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 // indirect 159 + golang.org/x/mod v0.34.0 // indirect 160 160 golang.org/x/net v0.52.0 // indirect 161 161 golang.org/x/sync v0.20.0 // indirect 162 162 golang.org/x/sys v0.42.0 // indirect 163 163 golang.org/x/text v0.35.0 // indirect 164 164 golang.org/x/time v0.15.0 // indirect 165 - golang.org/x/tools v0.42.0 // indirect 165 + golang.org/x/tools v0.43.0 // indirect 166 166 golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect 167 167 gonum.org/v1/gonum v0.17.0 // indirect 168 168 google.golang.org/protobuf v1.36.11 // indirect

+24 -25

go.sum

··· 37 37 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= 38 38 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= 39 39 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= 40 + filippo.io/bigmod v0.1.1-0.20260103110540-f8a47775ebe5 h1:JA0fFr+kxpqTdxR9LOBiTWpGNchqmkcsgmdeJZRclZ0= 41 + filippo.io/bigmod v0.1.1-0.20260103110540-f8a47775ebe5/go.mod h1:OjOXDNlClLblvXdwgFFOQFJEocLhhtai8vGLy0JCZlI= 42 + filippo.io/keygen v0.0.0-20260114151900-8e2790ea4c5b h1:REI1FbdW71yO56Are4XAxD+OS/e+BQsB3gE4mZRQEXY= 43 + filippo.io/keygen v0.0.0-20260114151900-8e2790ea4c5b/go.mod h1:9nnw1SlYHYuPSo/3wjQzNjSbeHlq2NsKo5iEtfJPWP0= 40 44 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 41 45 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= 42 46 github.com/DataDog/zstd v1.5.7 h1:ybO8RBeh29qrxIhCA9E8gKY6xfONU9T6G6aP9DTKfLE= ··· 459 463 github.com/libp2p/go-doh-resolver v0.5.0/go.mod h1:aPDxfiD2hNURgd13+hfo29z9IC22fv30ee5iM31RzxU= 460 464 github.com/libp2p/go-flow-metrics v0.3.0 h1:q31zcHUvHnwDO0SHaukewPYgwOBSxtt830uJtUx6784= 461 465 github.com/libp2p/go-flow-metrics v0.3.0/go.mod h1:nuhlreIwEguM1IvHAew3ij7A8BMlyHQJ279ao24eZZo= 462 - github.com/libp2p/go-libp2p v0.47.0 h1:qQpBjSCWNQFF0hjBbKirMXE9RHLtSuzTDkTfr1rw0yc= 463 - github.com/libp2p/go-libp2p v0.47.0/go.mod h1:s8HPh7mMV933OtXzONaGFseCg/BE//m1V34p3x4EUOY= 466 + github.com/libp2p/go-libp2p v0.48.0 h1:h2BrLAgrj7X8bEN05K7qmrjpNHYA+6tnsGRdprjTnvo= 467 + github.com/libp2p/go-libp2p v0.48.0/go.mod h1:Q1fBZNdmC2Hf82husCTfkKJVfHm2we5zk+NWmOGEmWk= 464 468 github.com/libp2p/go-libp2p-asn-util v0.4.1 h1:xqL7++IKD9TBFMgnLPZR6/6iYhawHKHl950SO9L6n94= 465 469 github.com/libp2p/go-libp2p-asn-util v0.4.1/go.mod h1:d/NI6XZ9qxw67b4e+NgpQexCIiFYJjErASrYW4PFDN8= 466 - github.com/libp2p/go-libp2p-kad-dht v0.38.0 h1:NToFzwvICo6ghDfSwuTmROCtl9LDXSZT1VawEbm4NUs= 467 - github.com/libp2p/go-libp2p-kad-dht v0.38.0/go.mod h1:g/CefQilAnCMyUH52A6tUGbe17NgQ8q26MaZCA968iI= 470 + github.com/libp2p/go-libp2p-kad-dht v0.39.0 h1:mww38eBYiUvdsu+Xl/GLlBC0Aa8M+5HAwvafkFOygAM= 471 + github.com/libp2p/go-libp2p-kad-dht v0.39.0/go.mod h1:Po2JugFEkDq9Vig/JXtc153ntOi0q58o4j7IuITCOVs= 468 472 github.com/libp2p/go-libp2p-kbucket v0.8.0 h1:QAK7RzKJpYe+EuSEATAaaHYMYLkPDGC18m9jxPLnU8s= 469 473 github.com/libp2p/go-libp2p-kbucket v0.8.0/go.mod h1:JMlxqcEyKwO6ox716eyC0hmiduSWZZl6JY93mGaaqc4= 470 474 github.com/libp2p/go-libp2p-record v0.3.1 h1:cly48Xi5GjNw5Wq+7gmjfBiG9HCzQVkiZOUZ8kUl+Fg= ··· 558 562 github.com/petar/GoLLRB v0.0.0-20210522233825-ae3b015fd3e9/go.mod h1:x3N5drFsm2uilKKuuYo6LdyD8vZAW55sH/9w+pbo1sw= 559 563 github.com/pion/datachannel v1.5.10 h1:ly0Q26K1i6ZkGf42W7D4hQYR90pZwzFOjTq5AuCKk4o= 560 564 github.com/pion/datachannel v1.5.10/go.mod h1:p/jJfC9arb29W7WrxyKbepTU20CFgyx5oLo8Rs4Py/M= 561 - github.com/pion/dtls/v2 v2.2.12 h1:KP7H5/c1EiVAAKUmXyCzPiQe5+bCJrpOeKg/L05dunk= 562 - github.com/pion/dtls/v2 v2.2.12/go.mod h1:d9SYc9fch0CqK90mRk1dC7AkzzpwJj6u2GU3u+9pqFE= 563 - github.com/pion/dtls/v3 v3.1.1 h1:wSLMam9Kf7DL1A74hnqRvEb9OT+aXPAsQ5VS+BdXOJ0= 564 - github.com/pion/dtls/v3 v3.1.1/go.mod h1:7FGvVYpHsUV6+aywaFpG7aE4Vz8nBOx74odPRFue6cI= 565 + github.com/pion/dtls/v3 v3.1.2 h1:gqEdOUXLtCGW+afsBLO0LtDD8GnuBBjEy6HRtyofZTc= 566 + github.com/pion/dtls/v3 v3.1.2/go.mod h1:Hw/igcX4pdY69z1Hgv5x7wJFrUkdgHwAn/Q/uo7YHRo= 565 567 github.com/pion/ice/v4 v4.0.10 h1:P59w1iauC/wPk9PdY8Vjl4fOFL5B+USq1+xbDcN6gT4= 566 568 github.com/pion/ice/v4 v4.0.10/go.mod h1:y3M18aPhIxLlcO/4dn9X8LzLLSma84cx6emMSu14FGw= 567 569 github.com/pion/interceptor v0.1.40 h1:e0BjnPcGpr2CFQgKhrQisBU7V3GXK6wrfYrGYaU6Jq4= ··· 572 574 github.com/pion/mdns/v2 v2.0.7/go.mod h1:vAdSYNAT0Jy3Ru0zl2YiW3Rm/fJCwIeM0nToenfOJKA= 573 575 github.com/pion/randutil v0.1.0 h1:CFG1UdESneORglEsnimhUjf33Rwjubwj6xfiOXBa3mA= 574 576 github.com/pion/randutil v0.1.0/go.mod h1:XcJrSMMbbMRhASFVOlj/5hQial/Y8oH/HVo7TBZq+j8= 575 - github.com/pion/rtcp v1.2.15 h1:LZQi2JbdipLOj4eBjK4wlVoQWfrZbh3Q6eHtWtJBZBo= 576 - github.com/pion/rtcp v1.2.15/go.mod h1:jlGuAjHMEXwMUHK78RgX0UmEJFV4zUKOFHR7OP+D3D0= 577 + github.com/pion/rtcp v1.2.16 h1:fk1B1dNW4hsI78XUCljZJlC4kZOPk67mNRuQ0fcEkSo= 578 + github.com/pion/rtcp v1.2.16/go.mod h1:/as7VKfYbs5NIb4h6muQ35kQF/J0ZVNz2Z3xKoCBYOo= 577 579 github.com/pion/rtp v1.8.19 h1:jhdO/3XhL/aKm/wARFVmvTfq0lC/CvN1xwYKmduly3c= 578 580 github.com/pion/rtp v1.8.19/go.mod h1:bAu2UFKScgzyFqvUKmbvzSdPr+NGbZtv6UB2hesqXBk= 579 581 github.com/pion/sctp v1.8.39 h1:PJma40vRHa3UTO3C4MyeJDQ+KIobVYRZQZ0Nt7SjQnE= 580 582 github.com/pion/sctp v1.8.39/go.mod h1:cNiLdchXra8fHQwmIoqw0MbLLMs+f7uQ+dGMG2gWebE= 581 - github.com/pion/sdp/v3 v3.0.13 h1:uN3SS2b+QDZnWXgdr69SM8KB4EbcnPnPf2Laxhty/l4= 582 - github.com/pion/sdp/v3 v3.0.13/go.mod h1:88GMahN5xnScv1hIMTqLdu/cOcUkj6a9ytbncwMCq2E= 583 + github.com/pion/sdp/v3 v3.0.18 h1:l0bAXazKHpepazVdp+tPYnrsy9dfh7ZbT8DxesH5ZnI= 584 + github.com/pion/sdp/v3 v3.0.18/go.mod h1:ZREGo6A9ZygQ9XkqAj5xYCQtQpif0i6Pa81HOiAdqQ8= 583 585 github.com/pion/srtp/v3 v3.0.6 h1:E2gyj1f5X10sB/qILUGIkL4C2CqK269Xq167PbGCc/4= 584 586 github.com/pion/srtp/v3 v3.0.6/go.mod h1:BxvziG3v/armJHAaJ87euvkhHqWe9I7iiOy50K2QkhY= 585 587 github.com/pion/stun v0.6.1 h1:8lp6YejULeHBF8NmV8e2787BogQhduZugh5PdhDyyN4= 586 - github.com/pion/stun v0.6.1/go.mod h1:/hO7APkX4hZKu/D0f2lHzNyvdkTGtIy3NDmLR7kSz/8= 587 - github.com/pion/stun/v3 v3.0.0 h1:4h1gwhWLWuZWOJIJR9s2ferRO+W3zA/b6ijOI6mKzUw= 588 - github.com/pion/stun/v3 v3.0.0/go.mod h1:HvCN8txt8mwi4FBvS3EmDghW6aQJ24T+y+1TKjB5jyU= 589 - github.com/pion/transport/v2 v2.2.10 h1:ucLBLE8nuxiHfvkFKnkDQRYWYfp8ejf4YBOPfaQpw6Q= 590 - github.com/pion/transport/v2 v2.2.10/go.mod h1:sq1kSLWs+cHW9E+2fJP95QudkzbK7wscs8yYgQToO5E= 588 + github.com/pion/stun/v3 v3.1.1 h1:CkQxveJ4xGQjulGSROXbXq94TAWu8gIX2dT+ePhUkqw= 589 + github.com/pion/stun/v3 v3.1.1/go.mod h1:qC1DfmcCTQjl9PBaMa5wSn3x9IPmKxSdcCsxBcDBndM= 591 590 github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1o0= 592 591 github.com/pion/transport/v3 v3.0.7/go.mod h1:YleKiTZ4vqNxVwh77Z0zytYi7rXHl7j6uPLGhhz9rwo= 593 592 github.com/pion/transport/v4 v4.0.1 h1:sdROELU6BZ63Ab7FrOLn13M6YdJLY20wldXW2Cu2k8o= ··· 793 792 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 794 793 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= 795 794 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= 796 - golang.org/x/exp v0.0.0-20260212183809-81e46e3db34a h1:ovFr6Z0MNmU7nH8VaX5xqw+05ST2uO1exVfZPVqRC5o= 797 - golang.org/x/exp v0.0.0-20260212183809-81e46e3db34a/go.mod h1:K79w1Vqn7PoiZn+TkNpx3BUWUQksGO3JcVX6qIjytmA= 795 + golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 h1:jiDhWWeC7jfWqR9c/uplMOqJ0sbNlNWv0UkzE0vX1MA= 796 + golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90/go.mod h1:xE1HEv6b+1SCZ5/uscMRjUBKtIxworgEcEi+/n9NQDQ= 798 797 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= 799 798 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= 800 799 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= ··· 823 822 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= 824 823 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= 825 824 golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= 826 - golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= 827 - golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= 825 + golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= 826 + golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= 828 827 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 829 828 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 830 829 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= ··· 943 942 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 944 943 golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= 945 944 golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= 946 - golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4 h1:bTLqdHv7xrGlFbvf5/TXNxy/iUwwdkjhqQTJDjW7aj0= 947 - golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4/go.mod h1:g5NllXBEermZrmR51cJDQxmJUHUOfRAaNyWBM+R+548= 945 + golang.org/x/telemetry v0.0.0-20260311193753-579e4da9a98c h1:6a8FdnNk6bTXBjR4AGKFgUKuo+7GnR3FX5L7CbveeZc= 946 + golang.org/x/telemetry v0.0.0-20260311193753-579e4da9a98c/go.mod h1:TpUTTEp9frx7rTdLpC9gFG9kdI7zVLFTFFlqaH2Cncw= 948 947 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 949 948 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= 950 949 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= ··· 1023 1022 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= 1024 1023 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= 1025 1024 golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= 1026 - golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= 1027 - golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= 1025 + golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= 1026 + golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= 1028 1027 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 1029 1028 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 1030 1029 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

+5 -1

readme.md

··· 8 8 9 9 Vow is a Go PDS (Personal Data Server) for AT Protocol. 10 10 11 - ## Quick Start with Docker Compose 11 + ## Quick Start 12 + 13 + > [!NOTE] 14 + > Experiment with Vow using the following `DL7KM7UX-4LLQYELW` invite code on the test server [vowpds.srv.rbrt.fr](https://vowpds.srv.rbrt.fr). 15 + > The PDS accounts are cleared regularly. 12 16 13 17 ### Prerequisites 14 18

+56

server/common.go

··· 2 2 3 3 import ( 4 4 "context" 5 + "strings" 5 6 6 7 "gorm.io/gorm" 7 8 "pkg.rbrt.fr/vow/models" ··· 78 79 } 79 80 return &repo, nil 80 81 } 82 + 83 + func (s *Server) getRepoActorByIdentifier(ctx context.Context, identifier string) (*models.RepoActor, error) { 84 + var repo models.RepoActor 85 + var err error 86 + if strings.HasPrefix(identifier, "did:") { 87 + err = s.db.Raw(ctx, ` 88 + SELECT 89 + r.did, r.created_at, r.email, r.email_confirmed_at, r.email_verification_code, 90 + r.email_verification_code_expires_at, r.email_update_code, r.email_update_code_expires_at, 91 + r.password_reset_code, r.password_reset_code_expires_at, r.plc_operation_code, 92 + r.plc_operation_code_expires_at, r.account_delete_code, r.account_delete_code_expires_at, 93 + r.password, r.auth_public_key, r.signing_public_key, r.credential_id, r.compat_mode, 94 + r.rev, r.root, r.preferences, r.deactivated, 95 + a.handle 96 + FROM repos r 97 + LEFT JOIN actors a ON r.did = a.did 98 + WHERE r.did = ? 99 + `, nil, identifier).Scan(&repo).Error 100 + } else if strings.Contains(identifier, "@") { 101 + err = s.db.Raw(ctx, ` 102 + SELECT 103 + r.did, r.created_at, r.email, r.email_confirmed_at, r.email_verification_code, 104 + r.email_verification_code_expires_at, r.email_update_code, r.email_update_code_expires_at, 105 + r.password_reset_code, r.password_reset_code_expires_at, r.plc_operation_code, 106 + r.plc_operation_code_expires_at, r.account_delete_code, r.account_delete_code_expires_at, 107 + r.password, r.auth_public_key, r.signing_public_key, r.credential_id, r.compat_mode, 108 + r.rev, r.root, r.preferences, r.deactivated, 109 + a.handle 110 + FROM repos r 111 + LEFT JOIN actors a ON r.did = a.did 112 + WHERE r.email = ? 113 + `, nil, identifier).Scan(&repo).Error 114 + } else { 115 + err = s.db.Raw(ctx, ` 116 + SELECT 117 + r.did, r.created_at, r.email, r.email_confirmed_at, r.email_verification_code, 118 + r.email_verification_code_expires_at, r.email_update_code, r.email_update_code_expires_at, 119 + r.password_reset_code, r.password_reset_code_expires_at, r.plc_operation_code, 120 + r.plc_operation_code_expires_at, r.account_delete_code, r.account_delete_code_expires_at, 121 + r.password, r.auth_public_key, r.signing_public_key, r.credential_id, r.compat_mode, 122 + r.rev, r.root, r.preferences, r.deactivated, 123 + a.handle 124 + FROM repos r 125 + LEFT JOIN actors a ON r.did = a.did 126 + WHERE a.handle = ? 127 + `, nil, identifier).Scan(&repo).Error 128 + } 129 + if err != nil { 130 + return nil, err 131 + } 132 + if repo.Repo.Did == "" { 133 + return nil, gorm.ErrRecordNotFound 134 + } 135 + return &repo, nil 136 + }

+2 -20

server/handle_account_signin.go

··· 6 6 "net/http" 7 7 "strings" 8 8 9 - "github.com/bluesky-social/indigo/atproto/syntax" 10 9 "github.com/gorilla/sessions" 11 10 "golang.org/x/crypto/bcrypt" 12 11 "gorm.io/gorm" ··· 87 86 sess, _ := s.sessions.Get(r, s.config.SessionCookieKey) 88 87 89 88 req.Username = strings.ToLower(req.Username) 90 - var idtype string 91 - if _, err := syntax.ParseDID(req.Username); err == nil { 92 - idtype = "did" 93 - } else if _, err := syntax.ParseHandle(req.Username); err == nil { 94 - idtype = "handle" 95 - } else { 96 - idtype = "email" 97 - } 98 89 99 90 queryParams := "" 100 91 if req.QueryParams != "" { 101 92 queryParams = fmt.Sprintf("?%s", req.QueryParams) 102 93 } 103 94 104 - // TODO: extract this shared lookup into a helper. 105 - var repo models.RepoActor 106 - var err error 107 - switch idtype { 108 - case "did": 109 - err = s.db.Raw(ctx, "SELECT r.*, a.* FROM repos r LEFT JOIN actors a ON r.did = a.did WHERE r.did = ?", nil, req.Username).Scan(&repo).Error 110 - case "handle": 111 - err = s.db.Raw(ctx, "SELECT r.*, a.* FROM actors a LEFT JOIN repos r ON a.did = r.did WHERE a.handle = ?", nil, req.Username).Scan(&repo).Error 112 - case "email": 113 - err = s.db.Raw(ctx, "SELECT r.*, a.* FROM repos r LEFT JOIN actors a ON r.did = a.did WHERE r.email = ?", nil, req.Username).Scan(&repo).Error 114 - } 95 + // lookup the account by did, handle or email 96 + repo, err := s.getRepoActorByIdentifier(ctx, req.Username) 115 97 if err != nil { 116 98 if err == gorm.ErrRecordNotFound { 117 99 sess.AddFlash("Handle or password is incorrect", "error")

+19 -7

server/middleware.go

··· 119 119 } 120 120 121 121 tokenstr := pts[1] 122 - token, _, err := new(jwt.Parser).ParseUnverified(tokenstr, jwt.MapClaims{}) 122 + var token *jwt.Token 123 + var err error 124 + token, _, err = new(jwt.Parser).ParseUnverified(tokenstr, jwt.MapClaims{}) 125 + if err != nil { 126 + helpers.InvalidTokenError(w) 127 + return 128 + } 123 129 claims, ok := token.Claims.(jwt.MapClaims) 124 130 if !ok { 125 131 helpers.InvalidTokenError(w) ··· 147 153 } 148 154 did = maybeDid 149 155 150 - maybeRepo, err := s.getRepoActorByDid(ctx, did) 156 + var maybeRepo *models.RepoActor 157 + maybeRepo, err = s.getRepoActorByDid(ctx, did) 151 158 if err != nil { 152 159 logger.Error("error fetching repo", "error", err) 153 160 helpers.ServerError(w, nil) ··· 204 211 token, err = new(jwt.Parser).Parse(tokenstr, func(t *jwt.Token) (any, error) { 205 212 return key, nil 206 213 }) 214 + if err != nil { 215 + logger.Error("error parsing jwt", "error", err) 216 + helpers.ExpiredTokenError(w) 217 + return 218 + } 207 219 } else { 208 220 // Non-compat mode or regular access/refresh tokens: use PDS server key (ES256) 209 221 token, err = new(jwt.Parser).Parse(tokenstr, func(t *jwt.Token) (any, error) { ··· 212 224 } 213 225 return &s.privateKey.PublicKey, nil 214 226 }) 215 - } 216 - if err != nil { 217 - logger.Error("error parsing jwt", "error", err) 218 - helpers.ExpiredTokenError(w) 219 - return 227 + if err != nil { 228 + logger.Error("error parsing jwt", "error", err) 229 + helpers.ExpiredTokenError(w) 230 + return 231 + } 220 232 } 221 233 222 234 if !token.Valid {

+13 -8

server/repo.go

··· 169 169 }, nil 170 170 } 171 171 172 - // revSetter is implemented by blockstores that can be told the current repo 173 - // revision before blocks are written (so the Rev column is stamped correctly). 174 - type revSetter interface { 175 - SetRev(rev string) 176 - } 177 - 178 172 // unsignedCommit is the intermediate product of buildUnsignedCommit. It holds 179 173 // the serialised commit CBOR (without a sig field) plus the rev string, ready 180 174 // for the user to sign. Once the signature arrives, finaliseCommit uses this ··· 975 969 switch val := item.(type) { 976 970 case map[string]any: 977 971 if val["$type"] == "blob" { 978 - if ref, ok := val["ref"].(string); ok { 979 - c, err := cid.Parse(ref) 972 + var c cid.Cid 973 + switch ref := val["ref"].(type) { 974 + case string: 975 + var err error 976 + c, err = cid.Parse(ref) 980 977 if err != nil { 981 978 return err 982 979 } 980 + case lexutil.LexLink: 981 + c = cid.Cid(ref) 982 + case cid.Cid: 983 + c = ref 984 + } 985 + 986 + if c.Defined() { 983 987 cids = append(cids, c) 984 988 } 989 + 985 990 for _, v := range val { 986 991 return deepiter(v) 987 992 }

Configure Feed

Configure Feed