BYOK Personal Data Server (PDS) written in Go
ipfs vow atproto pds go
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix: Fix DPoP validation logic

+14 -7
-4
oauth/dpop/manager.go
··· 70 70 return nil, errors.New("HTTP method is required") 71 71 } 72 72 73 - if !strings.HasPrefix(reqUrl, "https://") { 74 - reqUrl = "https://" + dm.hostname + reqUrl 75 - } 76 - 77 73 proof := extractProof(headers) 78 74 if proof == "" { 79 75 return nil, nil
+9 -3
server/handle_oauth_token.go
··· 260 260 return 261 261 } 262 262 263 - if *oauthToken.Parameters.DpopJkt != proof.JKT { 264 - helpers.InputError(w, new("dpop proof does not match expected jkt")) 265 - return 263 + if oauthToken.Parameters.DpopJkt != nil { 264 + if proof == nil { 265 + helpers.InputError(w, new("dpop proof is required")) 266 + return 267 + } 268 + if *oauthToken.Parameters.DpopJkt != proof.JKT { 269 + helpers.InputError(w, new("dpop proof does not match expected jkt")) 270 + return 271 + } 266 272 } 267 273 268 274 ageRes := oauth.GetSessionAgeFromToken(oauthToken)
+5
server/middleware.go
··· 337 337 helpers.InputError(w, nil) 338 338 return 339 339 } 340 + if proof == nil { 341 + logger.Error("missing dpop proof") 342 + helpers.InputError(w, new("missing dpop proof")) 343 + return 344 + } 340 345 341 346 var oauthToken provider.OauthToken 342 347 if err := s.db.Raw(ctx, "SELECT * FROM oauth_tokens WHERE token = ?", nil, accessToken).Scan(&oauthToken).Error; err != nil {