+51 -2

auth.go

reviewed

··· 2 2 3 3 import ( 4 4 "fmt" 5 5 + "net/http" 6 6 + "strings" 5 7 8 8 + "github.com/bluesky-social/indigo/atproto/crypto" 9 9 + "github.com/bluesky-social/indigo/atproto/identity" 10 10 + "github.com/bluesky-social/indigo/atproto/syntax" 6 11 "github.com/golang-jwt/jwt/v5" 7 12 ) 8 13 ··· 23 28 } 24 29 25 30 func (m *AtProtoSigningMethod) Verify(signingString string, signature []byte, key interface{}) error { 26 26 - // return key.(crypto.PublicKey).HashAndVerifyLenient([]byte(signingString), signature) 27 27 - return nil 31 31 + return key.(crypto.PublicKey).HashAndVerifyLenient([]byte(signingString), signature) 28 32 } 29 33 30 34 func (m *AtProtoSigningMethod) Sign(signingString string, key interface{}) ([]byte, error) { ··· 42 46 return &ES256 43 47 }) 44 48 } 49 49 + 50 50 + 51 51 + var directory = identity.DefaultDirectory() 52 52 + 53 53 + func getRequestUserDID(r *http.Request) (string, error) { 54 54 + headerValues := r.Header["Authorization"] 55 55 + 56 56 + if len(headerValues) != 1 { 57 57 + return "", fmt.Errorf("missing authorization header") 58 58 + } 59 59 + token := strings.TrimSpace(strings.Replace(headerValues[0], "Bearer ", "", 1)) 60 60 + 61 61 + validMethods := jwt.WithValidMethods([]string{ES256, ES256K}) 62 62 + 63 63 + keyfunc := func(token *jwt.Token) (interface{}, error) { 64 64 + // return token, nil 65 65 + did := syntax.DID(token.Claims.(jwt.MapClaims)["iss"].(string)) 66 66 + identity, err := directory.LookupDID(r.Context(), did) 67 67 + if err != nil { 68 68 + return nil, fmt.Errorf("unable to resolve did %s: %s", did, err) 69 69 + } 70 70 + key, err := identity.PublicKey() 71 71 + if err != nil { 72 72 + return nil, fmt.Errorf("signing key not found for did %s: %s", did, err) 73 73 + } 74 74 + return key, nil 75 75 + } 76 76 + 77 77 + parsedToken, err := jwt.ParseWithClaims(token, jwt.MapClaims{}, keyfunc, validMethods) 78 78 + if err != nil { 79 79 + return "", fmt.Errorf("invalid token: %s", err) 80 80 + } 81 81 + 82 82 + claims, ok := parsedToken.Claims.(jwt.MapClaims) 83 83 + if !ok { 84 84 + return "", fmt.Errorf("token contained no claims") 85 85 + } 86 86 + 87 87 + issVal, ok := claims["iss"].(string) 88 88 + if !ok { 89 89 + return "", fmt.Errorf("iss claim missing") 90 90 + } 91 91 + 92 92 + return string(syntax.DID(issVal)), nil 93 93 + }

+6 -6

feed.go

reviewed

··· 16 16 } 17 17 } 18 18 19 19 - func (f *FeedGenerator) GetFeed(ctx context.Context, userDID, feed, cursor string, limit int) (*FeedReponse, error) { 19 19 + func (f *FeedGenerator) GetFeed(ctx context.Context, userDID, feed, cursor string, limit int) (FeedReponse, error) { 20 20 + resp := FeedReponse{} 21 21 + 20 22 f.mu.Lock() 21 23 defer f.mu.Unlock() 22 24 23 25 usersFeed, ok := f.posts[userDID] 24 26 if !ok { 25 25 - return nil, nil 27 27 + return resp, nil 26 28 } 27 29 28 30 feedItems := make([]FeedItem, 0, len(f.posts)) ··· 32 34 }) 33 35 } 34 36 35 35 - resp := &FeedReponse{ 36 36 - Feed: feedItems, 37 37 - Cursor: "", 38 38 - } 37 37 + resp.Feed = feedItems 38 38 + resp.Cursor = "" 39 39 40 40 return resp, nil 41 41 }

+2

go.mod

reviewed

··· 22 22 github.com/hashicorp/go-cleanhttp v0.5.2 // indirect 23 23 github.com/hashicorp/go-retryablehttp v0.7.5 // indirect 24 24 github.com/hashicorp/golang-lru v1.0.2 // indirect 25 25 + github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect 25 26 github.com/ipfs/bbloom v0.0.4 // indirect 26 27 github.com/ipfs/go-block-format v0.2.0 // indirect 27 28 github.com/ipfs/go-cid v0.4.1 // indirect ··· 65 66 golang.org/x/crypto v0.22.0 // indirect 66 67 golang.org/x/net v0.24.0 // indirect 67 68 golang.org/x/sys v0.22.0 // indirect 69 69 + golang.org/x/time v0.5.0 // indirect 68 70 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect 69 71 google.golang.org/protobuf v1.34.2 // indirect 70 72 lukechampine.com/blake3 v1.2.1 // indirect

+4

go.sum

reviewed

··· 45 45 github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= 46 46 github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= 47 47 github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= 48 48 + github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= 49 49 + github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= 48 50 github.com/ipfs/bbloom v0.0.4 h1:Gi+8EGJ2y5qiD5FbsbpX/TMNcJw8gSqr7eyjHa4Fhvs= 49 51 github.com/ipfs/bbloom v0.0.4/go.mod h1:cS9YprKXpoZ9lT0n/Mw/a6/aFV6DTjTLYHeA+gyqMG0= 50 52 github.com/ipfs/go-block-format v0.2.0 h1:ZqrkxBA2ICbDRbK8KJs/u0O3dlp6gmAuuXUJNiW1Ycs= ··· 213 215 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 214 216 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 215 217 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 218 218 + golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= 219 219 + golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= 216 220 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 217 221 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 218 222 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=

+1 -37

server.go

reviewed

··· 7 7 "log/slog" 8 8 "net/http" 9 9 "strconv" 10 10 - "strings" 11 11 - 12 12 - "github.com/bluesky-social/indigo/atproto/syntax" 13 13 - "github.com/golang-jwt/jwt/v5" 14 10 ) 15 11 16 12 type Feeder interface { 17 17 - GetFeed(ctx context.Context, userDID, feed, cursor string, limit int) (*FeedReponse, error) 13 13 + GetFeed(ctx context.Context, userDID, feed, cursor string, limit int) (FeedReponse, error) 18 14 } 19 15 20 16 type Server struct { ··· 190 186 191 187 w.Write(b) 192 188 } 193 193 - 194 194 - func getRequestUserDID(r *http.Request) (string, error) { 195 195 - headerValues := r.Header["Authorization"] 196 196 - 197 197 - if len(headerValues) != 1 { 198 198 - return "", fmt.Errorf("missing authorization header") 199 199 - } 200 200 - token := strings.TrimSpace(strings.Replace(headerValues[0], "Bearer ", "", 1)) 201 201 - 202 202 - validMethods := jwt.WithValidMethods([]string{ES256, ES256K}) 203 203 - 204 204 - keyfunc := func(token *jwt.Token) (interface{}, error) { 205 205 - return token, nil 206 206 - } 207 207 - 208 208 - parsedToken, err := jwt.ParseWithClaims(token, jwt.MapClaims{}, keyfunc, validMethods) 209 209 - if err != nil { 210 210 - return "", fmt.Errorf("invalid token: %s", err) 211 211 - } 212 212 - 213 213 - claims, ok := parsedToken.Claims.(jwt.MapClaims) 214 214 - if !ok { 215 215 - return "", fmt.Errorf("token contained no claims") 216 216 - } 217 217 - 218 218 - issVal, ok := claims["iss"].(string) 219 219 - if !ok { 220 220 - return "", fmt.Errorf("iss claim missing") 221 221 - } 222 222 - 223 223 - return string(syntax.DID(issVal)), nil 224 224 - }