str4d.xyz / atproto-devtool
CLI app for developers prototyping atproto functionality
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

refactor(jwt): count compact-form segments explicitly

Change decode_compact from splitn(3, '.') to split('.') with explicit
segment count. The previous code had a dead branch: splitn(3, '.')
caps the iterator at 3 elements, so the subsequent parts.next() check
could never fire (always None). Collect segments into a Vec and check
the length explicitly to properly detect four-or-more segment tokens.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

authored by

Jack Grigg
Claude Haiku 4.5 and committed by
Tangled eba1dfed 8d117f82

+5 -5
+5 -5
src/common/jwt.rs
··· 148 148 /// is primarily for test round-tripping and for negative-test assertions 149 149 /// (e.g., "the minted token has the expected `alg` header"). 150 150 pub fn decode_compact(token: &str) -> Result<(JwtHeader, JwtClaims, Vec<u8>), JwtError> { 151 - let mut parts = token.splitn(3, '.'); 152 - let header_b64 = parts.next().ok_or(JwtError::MalformedCompact)?; 153 - let claims_b64 = parts.next().ok_or(JwtError::MalformedCompact)?; 154 - let sig_b64 = parts.next().ok_or(JwtError::MalformedCompact)?; 155 - if parts.next().is_some() { 151 + let parts: Vec<&str> = token.split('.').collect(); 152 + if parts.len() != 3 { 156 153 return Err(JwtError::MalformedCompact); 157 154 } 155 + let header_b64 = parts[0]; 156 + let claims_b64 = parts[1]; 157 + let sig_b64 = parts[2]; 158 158 let header_bytes = 159 159 URL_SAFE_NO_PAD 160 160 .decode(header_b64)